crypto: decorate async crypto job errors with OpenSSL error details

panva · panva · commit 6be5eb00fcf3 · 2026-03-20T10:30:04.000+01:00
diff --git a/src/crypto/crypto_argon2.cc b/src/crypto/crypto_argon2.cc
@@ -124,7 +124,8 @@ Maybe<void> Argon2Traits::AdditionalConfig(
 bool Argon2Traits::DeriveBits(Environment* env,
                               const Argon2Config& config,
                               ByteSource* out,
-                              CryptoJobMode mode) {
+                              CryptoJobMode mode,
+                              CryptoErrorStore* errors) {
   // If the config.length is zero-length, just return an empty buffer.
   // It's useless, yes, but allowed via the API.
   if (config.keylen == 0) {
@@ -144,7 +145,10 @@ bool Argon2Traits::DeriveBits(Environment* env,
                             config.ad,
                             config.type);
 
-  if (!dp) return false;
+  if (!dp) {
+    errors->Insert(NodeCryptoError::ARGON2_FAILED);
+    return false;
+  }
   DCHECK(!dp.isSecure());
   *out = ByteSource::Allocated(dp.release());
   return true;
diff --git a/src/crypto/crypto_argon2.h b/src/crypto/crypto_argon2.h
@@ -59,7 +59,8 @@ struct Argon2Traits final {
   static bool DeriveBits(Environment* env,
                          const Argon2Config& config,
                          ByteSource* out,
-                         CryptoJobMode mode);
+                         CryptoJobMode mode,
+                         CryptoErrorStore* errors);
 
   static v8::MaybeLocal<v8::Value> EncodeOutput(Environment* env,
                                                 const Argon2Config& config,
diff --git a/src/crypto/crypto_dh.cc b/src/crypto/crypto_dh.cc
@@ -532,16 +532,11 @@ MaybeLocal<Value> DHBitsTraits::EncodeOutput(Environment* env,
 bool DHBitsTraits::DeriveBits(Environment* env,
                               const DHBitsConfig& params,
                               ByteSource* out,
-                              CryptoJobMode mode) {
+                              CryptoJobMode mode,
+                              CryptoErrorStore* errors) {
   auto dp = DHPointer::stateless(params.private_key.GetAsymmetricKey(),
                                  params.public_key.GetAsymmetricKey());
   if (!dp) {
-    bool can_throw = mode == CryptoJobMode::kCryptoJobSync;
-
-    if (can_throw) {
-      unsigned long err = ERR_get_error();  // NOLINT(runtime/int)
-      if (err) ThrowCryptoError(env, err, "diffieHellman failed");
-    }
     return false;
   }
 
diff --git a/src/crypto/crypto_dh.h b/src/crypto/crypto_dh.h
@@ -106,7 +106,8 @@ struct DHBitsTraits final {
   static bool DeriveBits(Environment* env,
                          const DHBitsConfig& params,
                          ByteSource* out_,
-                         CryptoJobMode mode);
+                         CryptoJobMode mode,
+                         CryptoErrorStore* errors);
 
   static v8::MaybeLocal<v8::Value> EncodeOutput(Environment* env,
                                                 const DHBitsConfig& params,
diff --git a/src/crypto/crypto_ec.cc b/src/crypto/crypto_ec.cc
@@ -435,7 +435,8 @@ Maybe<void> ECDHBitsTraits::AdditionalConfig(
 bool ECDHBitsTraits::DeriveBits(Environment* env,
                                 const ECDHBitsConfig& params,
                                 ByteSource* out,
-                                CryptoJobMode mode) {
+                                CryptoJobMode mode,
+                                CryptoErrorStore* errors) {
   size_t len = 0;
   const auto& m_privkey = params.private_.GetAsymmetricKey();
   const auto& m_pubkey = params.public_.GetAsymmetricKey();
@@ -466,8 +467,10 @@ bool ECDHBitsTraits::DeriveBits(Environment* env,
       const EC_KEY* public_key = m_pubkey;
 
       const auto group = ECKeyPointer::GetGroup(private_key);
-      if (group == nullptr)
+      if (group == nullptr) {
+        errors->Insert(NodeCryptoError::ECDH_FAILED);
         return false;
+      }
 
       CHECK(ECKeyPointer::Check(private_key));
       CHECK(ECKeyPointer::Check(public_key));
diff --git a/src/crypto/crypto_ec.h b/src/crypto/crypto_ec.h
@@ -80,7 +80,8 @@ struct ECDHBitsTraits final {
   static bool DeriveBits(Environment* env,
                          const ECDHBitsConfig& params,
                          ByteSource* out_,
-                         CryptoJobMode mode);
+                         CryptoJobMode mode,
+                         CryptoErrorStore* errors);
 
   static v8::MaybeLocal<v8::Value> EncodeOutput(Environment* env,
                                                 const ECDHBitsConfig& params,
diff --git a/src/crypto/crypto_hash.cc b/src/crypto/crypto_hash.cc
@@ -540,7 +540,8 @@ Maybe<void> HashTraits::AdditionalConfig(
 bool HashTraits::DeriveBits(Environment* env,
                             const HashConfig& params,
                             ByteSource* out,
-                            CryptoJobMode mode) {
+                            CryptoJobMode mode,
+                            CryptoErrorStore* errors) {
   auto ctx = EVPMDCtxPointer::New();
 
   if (!ctx.digestInit(params.digest) || !ctx.digestUpdate(params.in))
diff --git a/src/crypto/crypto_hash.h b/src/crypto/crypto_hash.h
@@ -73,7 +73,8 @@ struct HashTraits final {
   static bool DeriveBits(Environment* env,
                          const HashConfig& params,
                          ByteSource* out,
-                         CryptoJobMode mode);
+                         CryptoJobMode mode,
+                         CryptoErrorStore* errors);
 
   static v8::MaybeLocal<v8::Value> EncodeOutput(Environment* env,
                                                 const HashConfig& params,
diff --git a/src/crypto/crypto_hkdf.cc b/src/crypto/crypto_hkdf.cc
@@ -100,7 +100,8 @@ Maybe<void> HKDFTraits::AdditionalConfig(
 bool HKDFTraits::DeriveBits(Environment* env,
                             const HKDFConfig& params,
                             ByteSource* out,
-                            CryptoJobMode mode) {
+                            CryptoJobMode mode,
+                            CryptoErrorStore* errors) {
   auto dp = ncrypto::hkdf(params.digest,
                           ncrypto::Buffer<const unsigned char>{
                               .data = reinterpret_cast<const unsigned char*>(
@@ -116,7 +117,10 @@ bool HKDFTraits::DeriveBits(Environment* env,
                               .len = params.salt.size(),
                           },
                           params.length);
-  if (!dp) return false;
+  if (!dp) {
+    errors->Insert(NodeCryptoError::HKDF_FAILED);
+    return false;
+  }
 
   DCHECK(!dp.isSecure());
   *out = ByteSource::Allocated(dp.release());
diff --git a/src/crypto/crypto_hkdf.h b/src/crypto/crypto_hkdf.h
@@ -45,7 +45,8 @@ struct HKDFTraits final {
   static bool DeriveBits(Environment* env,
                          const HKDFConfig& params,
                          ByteSource* out,
-                         CryptoJobMode mode);
+                         CryptoJobMode mode,
+                         CryptoErrorStore* errors);
 
   static v8::MaybeLocal<v8::Value> EncodeOutput(Environment* env,
                                                 const HKDFConfig& params,
diff --git a/src/crypto/crypto_hmac.cc b/src/crypto/crypto_hmac.cc
@@ -231,7 +231,8 @@ Maybe<void> HmacTraits::AdditionalConfig(
 bool HmacTraits::DeriveBits(Environment* env,
                             const HmacConfig& params,
                             ByteSource* out,
-                            CryptoJobMode mode) {
+                            CryptoJobMode mode,
+                            CryptoErrorStore* errors) {
   auto ctx = HMACCtxPointer::New();
 
   ncrypto::Buffer<const void> key_buf{
diff --git a/src/crypto/crypto_hmac.h b/src/crypto/crypto_hmac.h
@@ -76,7 +76,8 @@ struct HmacTraits final {
   static bool DeriveBits(Environment* env,
                          const HmacConfig& params,
                          ByteSource* out,
-                         CryptoJobMode mode);
+                         CryptoJobMode mode,
+                         CryptoErrorStore* errors);
 
   static v8::MaybeLocal<v8::Value> EncodeOutput(Environment* env,
                                                 const HmacConfig& params,
diff --git a/src/crypto/crypto_kem.cc b/src/crypto/crypto_kem.cc
@@ -51,12 +51,12 @@ namespace {
 bool DoKEMEncapsulate(Environment* env,
                       const EVPKeyPointer& public_key,
                       ByteSource* out,
-                      CryptoJobMode mode) {
+                      CryptoJobMode mode,
+                      CryptoErrorStore* errors) {
   auto result = ncrypto::KEM::Encapsulate(public_key);
   if (!result) {
-    if (mode == kCryptoJobSync) {
-      THROW_ERR_CRYPTO_OPERATION_FAILED(env, "Failed to perform encapsulation");
-    }
+    errors->Insert(NodeCryptoError::ENCAPSULATION_FAILED);
+    errors->SetNodeErrorCode("ERR_CRYPTO_OPERATION_FAILED");
     return false;
   }
 
@@ -68,10 +68,8 @@ bool DoKEMEncapsulate(Environment* env,
 
   auto data = ncrypto::DataPointer::Alloc(total_len);
   if (!data) {
-    if (mode == kCryptoJobSync) {
-      THROW_ERR_CRYPTO_OPERATION_FAILED(env,
-                                        "Failed to allocate output buffer");
-    }
+    errors->Insert(NodeCryptoError::ALLOCATION_FAILED);
+    errors->SetNodeErrorCode("ERR_CRYPTO_OPERATION_FAILED");
     return false;
   }
 
@@ -97,14 +95,14 @@ bool DoKEMDecapsulate(Environment* env,
                       const EVPKeyPointer& private_key,
                       const ByteSource& ciphertext,
                       ByteSource* out,
-                      CryptoJobMode mode) {
+                      CryptoJobMode mode,
+                      CryptoErrorStore* errors) {
   ncrypto::Buffer<const void> ciphertext_buf{ciphertext.data(),
                                              ciphertext.size()};
   auto shared_key = ncrypto::KEM::Decapsulate(private_key, ciphertext_buf);
   if (!shared_key) {
-    if (mode == kCryptoJobSync) {
-      THROW_ERR_CRYPTO_OPERATION_FAILED(env, "Failed to perform decapsulation");
-    }
+    errors->Insert(NodeCryptoError::DECAPSULATION_FAILED);
+    errors->SetNodeErrorCode("ERR_CRYPTO_OPERATION_FAILED");
     return false;
   }
 
@@ -137,11 +135,12 @@ Maybe<void> KEMEncapsulateTraits::AdditionalConfig(
 bool KEMEncapsulateTraits::DeriveBits(Environment* env,
                                       const KEMConfiguration& params,
                                       ByteSource* out,
-                                      CryptoJobMode mode) {
+                                      CryptoJobMode mode,
+                                      CryptoErrorStore* errors) {
   Mutex::ScopedLock lock(params.key.mutex());
   const auto& public_key = params.key.GetAsymmetricKey();
 
-  return DoKEMEncapsulate(env, public_key, out, mode);
+  return DoKEMEncapsulate(env, public_key, out, mode, errors);
 }
 
 MaybeLocal<Value> KEMEncapsulateTraits::EncodeOutput(
@@ -218,11 +217,13 @@ Maybe<void> KEMDecapsulateTraits::AdditionalConfig(
 bool KEMDecapsulateTraits::DeriveBits(Environment* env,
                                       const KEMConfiguration& params,
                                       ByteSource* out,
-                                      CryptoJobMode mode) {
+                                      CryptoJobMode mode,
+                                      CryptoErrorStore* errors) {
   Mutex::ScopedLock lock(params.key.mutex());
   const auto& private_key = params.key.GetAsymmetricKey();
 
-  return DoKEMDecapsulate(env, private_key, params.ciphertext, out, mode);
+  return DoKEMDecapsulate(
+      env, private_key, params.ciphertext, out, mode, errors);
 }
 
 MaybeLocal<Value> KEMDecapsulateTraits::EncodeOutput(
diff --git a/src/crypto/crypto_kem.h b/src/crypto/crypto_kem.h
@@ -48,7 +48,8 @@ struct KEMEncapsulateTraits final {
   static bool DeriveBits(Environment* env,
                          const KEMConfiguration& params,
                          ByteSource* out,
-                         CryptoJobMode mode);
+                         CryptoJobMode mode,
+                         CryptoErrorStore* errors);
 
   static v8::MaybeLocal<v8::Value> EncodeOutput(Environment* env,
                                                 const KEMConfiguration& params,
@@ -71,7 +72,8 @@ struct KEMDecapsulateTraits final {
   static bool DeriveBits(Environment* env,
                          const KEMConfiguration& params,
                          ByteSource* out,
-                         CryptoJobMode mode);
+                         CryptoJobMode mode,
+                         CryptoErrorStore* errors);
 
   static v8::MaybeLocal<v8::Value> EncodeOutput(Environment* env,
                                                 const KEMConfiguration& params,
diff --git a/src/crypto/crypto_kmac.cc b/src/crypto/crypto_kmac.cc
@@ -122,7 +122,8 @@ Maybe<void> KmacTraits::AdditionalConfig(
 bool KmacTraits::DeriveBits(Environment* env,
                             const KmacConfig& params,
                             ByteSource* out,
-                            CryptoJobMode mode) {
+                            CryptoJobMode mode,
+                            CryptoErrorStore* errors) {
   if (params.length == 0) {
     *out = ByteSource();
     return true;
@@ -133,6 +134,7 @@ bool KmacTraits::DeriveBits(Environment* env,
   size_t key_size = params.key.GetSymmetricKeySize();
 
   if (key_size == 0) {
+    errors->Insert(NodeCryptoError::KMAC_FAILED);
     return false;
   }
 
diff --git a/src/crypto/crypto_kmac.h b/src/crypto/crypto_kmac.h
@@ -51,7 +51,8 @@ struct KmacTraits final {
   static bool DeriveBits(Environment* env,
                          const KmacConfig& params,
                          ByteSource* out,
-                         CryptoJobMode mode);
+                         CryptoJobMode mode,
+                         CryptoErrorStore* errors);
 
   static v8::MaybeLocal<v8::Value> EncodeOutput(Environment* env,
                                                 const KmacConfig& params,
diff --git a/src/crypto/crypto_pbkdf2.cc b/src/crypto/crypto_pbkdf2.cc
@@ -113,7 +113,8 @@ Maybe<void> PBKDF2Traits::AdditionalConfig(
 bool PBKDF2Traits::DeriveBits(Environment* env,
                               const PBKDF2Config& params,
                               ByteSource* out,
-                              CryptoJobMode mode) {
+                              CryptoJobMode mode,
+                              CryptoErrorStore* errors) {
   // Both pass and salt may be zero length here.
   auto dp = ncrypto::pbkdf2(params.digest,
                             ncrypto::Buffer<const char>{
@@ -127,7 +128,10 @@ bool PBKDF2Traits::DeriveBits(Environment* env,
                             params.iterations,
                             params.length);
 
-  if (!dp) return false;
+  if (!dp) {
+    errors->Insert(NodeCryptoError::PBKDF2_FAILED);
+    return false;
+  }
   DCHECK(!dp.isSecure());
   *out = ByteSource::Allocated(dp.release());
   return true;
diff --git a/src/crypto/crypto_pbkdf2.h b/src/crypto/crypto_pbkdf2.h
@@ -58,7 +58,8 @@ struct PBKDF2Traits final {
   static bool DeriveBits(Environment* env,
                          const PBKDF2Config& params,
                          ByteSource* out,
-                         CryptoJobMode mode);
+                         CryptoJobMode mode,
+                         CryptoErrorStore* errors);
 
   static v8::MaybeLocal<v8::Value> EncodeOutput(Environment* env,
                                                 const PBKDF2Config& params,
diff --git a/src/crypto/crypto_random.cc b/src/crypto/crypto_random.cc
@@ -68,7 +68,8 @@ Maybe<void> RandomBytesTraits::AdditionalConfig(
 bool RandomBytesTraits::DeriveBits(Environment* env,
                                    const RandomBytesConfig& params,
                                    ByteSource* unused,
-                                   CryptoJobMode mode) {
+                                   CryptoJobMode mode,
+                                   CryptoErrorStore* errors) {
   return ncrypto::CSPRNG(params.buffer, params.size);
 }
 
@@ -155,7 +156,8 @@ Maybe<void> RandomPrimeTraits::AdditionalConfig(
 bool RandomPrimeTraits::DeriveBits(Environment* env,
                                    const RandomPrimeConfig& params,
                                    ByteSource* unused,
-                                   CryptoJobMode mode) {
+                                   CryptoJobMode mode,
+                                   CryptoErrorStore* errors) {
   return params.prime.generate(
       BignumPointer::PrimeConfig{
           .bits = params.bits,
@@ -194,7 +196,8 @@ Maybe<void> CheckPrimeTraits::AdditionalConfig(
 bool CheckPrimeTraits::DeriveBits(Environment* env,
                                   const CheckPrimeConfig& params,
                                   ByteSource* out,
-                                  CryptoJobMode mode) {
+                                  CryptoJobMode mode,
+                                  CryptoErrorStore* errors) {
   int ret = params.candidate.isPrime(params.checks, getPrimeCheckCallback(env));
   if (ret < 0) [[unlikely]]
     return false;
diff --git a/src/crypto/crypto_random.h b/src/crypto/crypto_random.h
@@ -35,7 +35,8 @@ struct RandomBytesTraits final {
   static bool DeriveBits(Environment* env,
                          const RandomBytesConfig& params,
                          ByteSource* out_,
-                         CryptoJobMode mode);
+                         CryptoJobMode mode,
+                         CryptoErrorStore* errors);
 
   static v8::MaybeLocal<v8::Value> EncodeOutput(Environment* env,
                                                 const RandomBytesConfig& params,
@@ -70,7 +71,8 @@ struct RandomPrimeTraits final {
   static bool DeriveBits(Environment* env,
                          const RandomPrimeConfig& params,
                          ByteSource* out_,
-                         CryptoJobMode mode);
+                         CryptoJobMode mode,
+                         CryptoErrorStore* errors);
 
   static v8::MaybeLocal<v8::Value> EncodeOutput(Environment* env,
                                                 const RandomPrimeConfig& params,
@@ -104,7 +106,8 @@ struct CheckPrimeTraits final {
   static bool DeriveBits(Environment* env,
                          const CheckPrimeConfig& params,
                          ByteSource* out,
-                         CryptoJobMode mode);
+                         CryptoJobMode mode,
+                         CryptoErrorStore* errors);
 
   static v8::MaybeLocal<v8::Value> EncodeOutput(Environment* env,
                                                 const CheckPrimeConfig& params,
diff --git a/src/crypto/crypto_scrypt.cc b/src/crypto/crypto_scrypt.cc
diff --git a/src/crypto/crypto_scrypt.h b/src/crypto/crypto_scrypt.h
diff --git a/src/crypto/crypto_sig.cc b/src/crypto/crypto_sig.cc
diff --git a/src/crypto/crypto_sig.h b/src/crypto/crypto_sig.h
diff --git a/src/crypto/crypto_util.cc b/src/crypto/crypto_util.cc
diff --git a/src/crypto/crypto_util.h b/src/crypto/crypto_util.h
diff --git a/test/parallel/test-crypto-async-sign-verify.js b/test/parallel/test-crypto-async-sign-verify.js
diff --git a/test/parallel/test-crypto-dh-stateless-async.js b/test/parallel/test-crypto-dh-stateless-async.js
diff --git a/test/parallel/test-crypto-encap-decap.js b/test/parallel/test-crypto-encap-decap.js
diff --git a/test/parallel/test-crypto-job-error-parity.js b/test/parallel/test-crypto-job-error-parity.js
