From d3ae2f07bdc1776c8877b4b47d0a60b779e3d5ce Mon Sep 17 00:00:00 2001
From: Bruno Pagani <bruno.n.pagani@gmail.com>
Date: Mon, 15 May 2017 20:22:48 +0200
Subject: [PATCH 1/2] deps/v8: add missing #include "unicode/normlzr.h"

* The following function from <unicode/normlzr.h> is used:
     normalize()

* Until ICU 59, <unicode/normlzr.h> is indirectly included, but this changed with the 59 release. Adding this header has been the right thing to do for many years, so it is backwards compatible and fix compilation with recent ICU.

Refs: https://github.com/nodejs/node/issues/13022
PR-URL: https://github.com/nodejs/node/pull/13040
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Myles Borins <myles.borins@gmail.com>
Reviewed-By: Gibson Fahnestock <gibfahn@gmail.com>
---
 deps/v8/include/v8-version.h        | 2 +-
 deps/v8/src/runtime/runtime-i18n.cc | 1 +
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/deps/v8/include/v8-version.h b/deps/v8/include/v8-version.h
index b76915cf317de3..2162538fda28f0 100644
--- a/deps/v8/include/v8-version.h
+++ b/deps/v8/include/v8-version.h
@@ -11,7 +11,7 @@
 #define V8_MAJOR_VERSION 5
 #define V8_MINOR_VERSION 1
 #define V8_BUILD_NUMBER 281
-#define V8_PATCH_LEVEL 101
+#define V8_PATCH_LEVEL 102
 
 // Use 1 for candidates and 0 otherwise.
 // (Boolean macro values are not supported by all preprocessors.)
diff --git a/deps/v8/src/runtime/runtime-i18n.cc b/deps/v8/src/runtime/runtime-i18n.cc
index 27f970bdb4b173..1eb1fea36d547f 100644
--- a/deps/v8/src/runtime/runtime-i18n.cc
+++ b/deps/v8/src/runtime/runtime-i18n.cc
@@ -24,6 +24,7 @@
 #include "unicode/dtfmtsym.h"
 #include "unicode/dtptngen.h"
 #include "unicode/locid.h"
+#include "unicode/normlzr.h"
 #include "unicode/numfmt.h"
 #include "unicode/numsys.h"
 #include "unicode/rbbi.h"

From aa392a1718fec1189f981f843e17d29df9ef7023 Mon Sep 17 00:00:00 2001
From: Ryan Kelly <ryan@rfk.id.au>
Date: Mon, 29 May 2017 14:20:04 +1000
Subject: [PATCH 2/2] crypto: clear err stack after ECDH::BufferToPoint

Functions that call `ECDH::BufferToPoint` were not clearing the
error stack on failure, so an invalid key could leave leftover
error state and cause subsequent (unrelated) signing operations
to fail.

PR-URL: https://github.com/nodejs/node/pull/13275
Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
---
 src/node_crypto.cc              |  4 ++++
 test/parallel/test-crypto-dh.js | 20 ++++++++++++++++++++
 2 files changed, 24 insertions(+)

diff --git a/src/node_crypto.cc b/src/node_crypto.cc
index db015339880d06..6e5db66313f61c 100644
--- a/src/node_crypto.cc
+++ b/src/node_crypto.cc
@@ -5011,6 +5011,8 @@ void ECDH::ComputeSecret(const FunctionCallbackInfo<Value>& args) {
   ECDH* ecdh;
   ASSIGN_OR_RETURN_UNWRAP(&ecdh, args.Holder());
 
+  MarkPopErrorOnReturn mark_pop_error_on_return;
+
   if (!ecdh->IsKeyPairValid())
     return env->ThrowError("Invalid key pair");
 
@@ -5160,6 +5162,8 @@ void ECDH::SetPublicKey(const FunctionCallbackInfo<Value>& args) {
 
   THROW_AND_RETURN_IF_NOT_BUFFER(args[0], "Public key");
 
+  MarkPopErrorOnReturn mark_pop_error_on_return;
+
   EC_POINT* pub = ecdh->BufferToPoint(Buffer::Data(args[0].As<Object>()),
                                       Buffer::Length(args[0].As<Object>()));
   if (pub == nullptr)
diff --git a/test/parallel/test-crypto-dh.js b/test/parallel/test-crypto-dh.js
index cfe896026f6af5..50b0b2d07b9aea 100644
--- a/test/parallel/test-crypto-dh.js
+++ b/test/parallel/test-crypto-dh.js
@@ -270,6 +270,26 @@ ecdh5.setPrivateKey(cafebabeKey, 'hex');
   assert.strictEqual(ecdh5.getPrivateKey('hex'), cafebabeKey);
 });
 
+// Use of invalid keys was not cleaning up ERR stack, and was causing
+// unexpected failure in subsequent signing operations.
+const ecdh6 = crypto.createECDH('prime256v1');
+const invalidKey = Buffer.alloc(65);
+invalidKey.fill('\0');
+ecdh6.generateKeys();
+assert.throws(() => {
+  ecdh6.computeSecret(invalidKey);
+}, /^Error: Failed to translate Buffer to a EC_POINT$/);
+// Check that signing operations are not impacted by the above error.
+const ecPrivateKey =
+  '-----BEGIN EC PRIVATE KEY-----\n' +
+  'MHcCAQEEIF+jnWY1D5kbVYDNvxxo/Y+ku2uJPDwS0r/VuPZQrjjVoAoGCCqGSM49\n' +
+  'AwEHoUQDQgAEurOxfSxmqIRYzJVagdZfMMSjRNNhB8i3mXyIMq704m2m52FdfKZ2\n' +
+  'pQhByd5eyj3lgZ7m7jbchtdgyOF8Io/1ng==\n' +
+  '-----END EC PRIVATE KEY-----';
+assert.doesNotThrow(() => {
+  crypto.createSign('SHA256').sign(ecPrivateKey);
+});
+
 // invalid test: curve argument is undefined
 assert.throws(() => {
   crypto.createECDH();