Version
v25.9.0
Platform
Linux 749dbb0e74fd 6.8.0-106-generic #106-Ubuntu SMP PREEMPT_DYNAMIC Fri Mar 6 07:58:08 UTC 2026 x86_64 x86_64 x86_64 GNU/Linux
Subsystem
crypto
What steps will reproduce the bug?
I'm working on a software-fault-injection testing library that injected a fault into the crypto bindings. Specifically a fault here:
|
return EVP_DigestUpdate(ctx_.get(), in.data, in.len) > 0; |
To reproduce this issue, change that code to always return false for simplicity; indicating a failed crypto hash update action.
Then execute the following JavaScript code:
const crypto = require('crypto');
const h = crypto.createHash('sha3-512');
h.write('hello');
//h.update('hello'); This line throws
h.end();If we were to use the update call, then it throws an exception.
However, the above code uses the write call. The write call returns true (which makes sense as the return value doesn't indicate success/failure). But I don't see an indication of an error: no exception, no error event emitted. It seems that the error is silently swallowed.
I did try using a callback for the write call:
const crypto = require('crypto');
const h = crypto.createHash('sha3-512');
h.write('hello', console.log);
h.end();and this just logs null. Also no indication of an error.
How often does it reproduce? Is there a required condition?
Consistently reproduces if false is returned from here:
|
return EVP_DigestUpdate(ctx_.get(), in.data, in.len) > 0; |
What is the expected behavior? Why is that the expected behavior?
I had expected an exception, a false return value, or an error event emitted somewhere but none of these things seem to happen.
I could be wrong though about my expectations and missing something.
What do you see instead?
The code runs to completion, and if checking the digest, it produces the same digest as if there was no data written to the Hash stream. This means that errors are silently swallowed and the wrong hash is produced.
Additional information
This issue was found using a hybrid static-dynamic analyzer I'm working on.
Version
v25.9.0
Platform
Subsystem
crypto
What steps will reproduce the bug?
I'm working on a software-fault-injection testing library that injected a fault into the crypto bindings. Specifically a fault here:
node/deps/ncrypto/ncrypto.cc
Line 4326 in a2aeb72
To reproduce this issue, change that code to always return false for simplicity; indicating a failed crypto hash update action.
Then execute the following JavaScript code:
If we were to use the update call, then it throws an exception.
However, the above code uses the write call. The write call returns true (which makes sense as the return value doesn't indicate success/failure). But I don't see an indication of an error: no exception, no error event emitted. It seems that the error is silently swallowed.
I did try using a callback for the write call:
and this just logs
null. Also no indication of an error.How often does it reproduce? Is there a required condition?
Consistently reproduces if false is returned from here:
node/deps/ncrypto/ncrypto.cc
Line 4326 in a2aeb72
What is the expected behavior? Why is that the expected behavior?
I had expected an exception, a false return value, or an error event emitted somewhere but none of these things seem to happen.
I could be wrong though about my expectations and missing something.
What do you see instead?
The code runs to completion, and if checking the digest, it produces the same digest as if there was no data written to the Hash stream. This means that errors are silently swallowed and the wrong hash is produced.
Additional information
This issue was found using a hybrid static-dynamic analyzer I'm working on.