Closed guillaume86 closed 2 years ago
would you be able to create a PR that will work on all Versions of OPENSSL/LibreSSL?
I just fixed an easy to find bug (logic was inverted), it did fix my issue that's all I know sorry.
@guillaume86 can you please provide fixtures and how you detect the bug? because I'm not sure if the test missing this or something else is need.
Thanks, Josef
I can't do this right now but let me try again to explain:
https://github.com/Dexus/pem/blob/715e95db6128d01451d43890cd2cb835bc6440d2/lib/pem.js#L867-L882
In the first line, you try to extract a non encryted key, if it succeeds, you go into the first if case, which tries to decode the key with RSA, which do not work since the key is not encrypted. Now in the case of an RSA encrypted key, we enter in the last else case, you extract the RSA encrypted key, and returns it without decrypting it, which is also a problem. Hope this helps.
Can you please tell me on which openssl version you work? because its looks only for openssl 3 to match
Yes you're correct it's OpenSSL v3:
OpenSSL 3.0.1 14 Dec 2021 (Library: OpenSSL 3.0.1 14 Dec 2021)
this issue is invalid
Hi! ๐
Firstly, thanks for your work on this project! ๐
Today I used patch-package to patch
pem@1.14.4
for the project I'm working on.Here is the diff that solved my problem:
This issue body was partially generated by patch-package.