Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

src: fix CSPRNG when length exceeds INT_MAX #47515

Merged
merged 1 commit into from
Apr 15, 2023
Merged

src: fix CSPRNG when length exceeds INT_MAX #47515

merged 1 commit into from
Apr 15, 2023

Conversation

tniessen
Copy link
Member

CSPRNG implicitly casts the size_t length argument to a signed int when calling RAND_bytes(), which leaves it up to the caller to ensure that the length argument actually fits into such a signed int. However, not all call sites explicitly ensure that, which could lead to subtle bugs.

In OpenSSL 3, use RAND_bytes_ex() instead, which does not require casting the length to a signed int.

In OpenSSL 1.1.1, RAND_bytes_ex() is not supported, thus we have to process blocks of size INT_MAX one by one.

@tniessen
src: fix CSPRNG when length exceeds INT_MAX
0ae6971 
CSPRNG implicitly casts the size_t length argument to a signed int when
calling RAND_bytes(), which leaves it up to the caller to ensure that
the length argument actually fits into such a signed int. However, not
all call sites explicitly ensure that, which could lead to subtle bugs.

In OpenSSL 3, use RAND_bytes_ex() instead, which does not require
casting the length to a signed int.

In OpenSSL 1.1.1, RAND_bytes_ex() is not supported, thus we have to
process blocks of size INT_MAX one by one.
@tniessen tniessen added crypto Issues and PRs related to the crypto subsystem. c++ Issues and PRs that require attention from people who are familiar with C++. openssl Issues and PRs related to the OpenSSL dependency. security Issues and PRs related to security. labels Apr 11, 2023
@nodejs-github-bot
Copy link
Collaborator

Review requested:

  • @nodejs/crypto

@nodejs-github-bot nodejs-github-bot added the needs-ci PRs that need a full CI run. label Apr 11, 2023
bnoordhuis
bnoordhuis reviewed Apr 11, 2023
View reviewed changes
Copy link
Member

@bnoordhuis bnoordhuis left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I could live with just returning {false} instead of complicating the code with a retry loop. There's simply no valid use case for requesting that much random data.

@tniessen
Copy link
Member Author

@bnoordhuis The added complexity only exists in the OpenSSL 1.1.1 section, which will be removed in about half a year. Until then, it ensures that the behavior is consistent across OpenSSL 3 / OpenSSL 1.1.1.

@bnoordhuis
Copy link
Member

It's your call. It's just that I wouldn't bend over backwards to accommodate a pathological edge case.

@tniessen tniessen added the request-ci Add this label to start a Jenkins CI on a PR. label Apr 12, 2023
@github-actions github-actions bot removed the request-ci Add this label to start a Jenkins CI on a PR. label Apr 12, 2023
@nodejs-github-bot

This comment was marked as outdated.

Sign in to view
@nodejs-github-bot

This comment was marked as outdated.

Sign in to view
@nodejs-github-bot

This comment was marked as outdated.

Sign in to view
@nodejs-github-bot
Copy link
Collaborator

CI: https://ci.nodejs.org/job/node-test-pull-request/51176/

@github-actions github-actions bot mentioned this pull request Apr 13, 2023
Open
36 tasks
@tniessen tniessen added the author ready PRs that have at least one approval, no pending requests for changes, and a CI started. label Apr 13, 2023
tniessen added a commit to tniessen/node that referenced this pull request Apr 14, 2023
@tniessen
crypto: remove INT_MAX restriction in randomBytes
3d7f4ee 
This restriction was due to an implementation detail in CSPRNG(). Now
that CSPRNG() properly handles lengths exceeding INT_MAX, remove this
artificial restriction.

Refs: nodejs#47515
@tniessen tniessen mentioned this pull request Apr 14, 2023
Merged
@tniessen tniessen added the commit-queue Add this label to land a pull request using GitHub Actions. label Apr 15, 2023
@nodejs-github-bot nodejs-github-bot removed the commit-queue Add this label to land a pull request using GitHub Actions. label Apr 15, 2023
@nodejs-github-bot nodejs-github-bot merged commit 8833099 into nodejs:main Apr 15, 2023
@nodejs-github-bot
Copy link
Collaborator

Landed in 8833099

nodejs-github-bot pushed a commit that referenced this pull request Apr 17, 2023
@tniessen
crypto: remove INT_MAX restriction in randomBytes
b342a1b 
This restriction was due to an implementation detail in CSPRNG(). Now
that CSPRNG() properly handles lengths exceeding INT_MAX, remove this
artificial restriction.

Refs: #47515
PR-URL: #47559
Reviewed-By: Yagiz Nizipli <yagiz@nizipli.com>
Reviewed-By: Filip Skokan <panva.ip@gmail.com>
targos pushed a commit that referenced this pull request May 2, 2023
@tniessen @targos
src: fix CSPRNG when length exceeds INT_MAX
57e7ed7 
CSPRNG implicitly casts the size_t length argument to a signed int when
calling RAND_bytes(), which leaves it up to the caller to ensure that
the length argument actually fits into such a signed int. However, not
all call sites explicitly ensure that, which could lead to subtle bugs.

In OpenSSL 3, use RAND_bytes_ex() instead, which does not require
casting the length to a signed int.

In OpenSSL 1.1.1, RAND_bytes_ex() is not supported, thus we have to
process blocks of size INT_MAX one by one.

PR-URL: #47515
Reviewed-By: Richard Lau <rlau@redhat.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
targos pushed a commit that referenced this pull request May 2, 2023
@tniessen @targos
crypto: remove INT_MAX restriction in randomBytes
420feb4 
This restriction was due to an implementation detail in CSPRNG(). Now
that CSPRNG() properly handles lengths exceeding INT_MAX, remove this
artificial restriction.

Refs: #47515
PR-URL: #47559
Reviewed-By: Yagiz Nizipli <yagiz@nizipli.com>
Reviewed-By: Filip Skokan <panva.ip@gmail.com>
@targos targos mentioned this pull request May 2, 2023
Merged
tniessen added a commit to tniessen/node that referenced this pull request May 18, 2023
@tniessen
src: remove INT_MAX asserts in SecretKeyGenTraits
68d7197 
Now that CSPRNG() does not silently fail when the length exceeds
INT_MAX anymore, there is no need for the two relevant assertions
in SecretKeyGenTraits anymore.

Refs: nodejs#47515
@tniessen tniessen mentioned this pull request May 18, 2023
Merged
nodejs-github-bot pushed a commit that referenced this pull request May 24, 2023
@tniessen
src: remove INT_MAX asserts in SecretKeyGenTraits
c3b84f1 
Now that CSPRNG() does not silently fail when the length exceeds
INT_MAX anymore, there is no need for the two relevant assertions
in SecretKeyGenTraits anymore.

Refs: #47515
PR-URL: #48053
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Filip Skokan <panva.ip@gmail.com>
targos pushed a commit that referenced this pull request May 30, 2023
@tniessen @targos
src: remove INT_MAX asserts in SecretKeyGenTraits
45c3782 
Now that CSPRNG() does not silently fail when the length exceeds
INT_MAX anymore, there is no need for the two relevant assertions
in SecretKeyGenTraits anymore.

Refs: #47515
PR-URL: #48053
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Filip Skokan <panva.ip@gmail.com>
danielleadams pushed a commit that referenced this pull request Jul 6, 2023
@tniessen @danielleadams
src: fix CSPRNG when length exceeds INT_MAX
09fa460 
CSPRNG implicitly casts the size_t length argument to a signed int when
calling RAND_bytes(), which leaves it up to the caller to ensure that
the length argument actually fits into such a signed int. However, not
all call sites explicitly ensure that, which could lead to subtle bugs.

In OpenSSL 3, use RAND_bytes_ex() instead, which does not require
casting the length to a signed int.

In OpenSSL 1.1.1, RAND_bytes_ex() is not supported, thus we have to
process blocks of size INT_MAX one by one.

PR-URL: #47515
Reviewed-By: Richard Lau <rlau@redhat.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
danielleadams pushed a commit that referenced this pull request Jul 6, 2023
@tniessen @danielleadams
crypto: remove INT_MAX restriction in randomBytes
a97a6f5 
This restriction was due to an implementation detail in CSPRNG(). Now
that CSPRNG() properly handles lengths exceeding INT_MAX, remove this
artificial restriction.

Refs: #47515
PR-URL: #47559
Reviewed-By: Yagiz Nizipli <yagiz@nizipli.com>
Reviewed-By: Filip Skokan <panva.ip@gmail.com>
MoLow pushed a commit to MoLow/node that referenced this pull request Jul 6, 2023
@tniessen @MoLow
src: fix CSPRNG when length exceeds INT_MAX
3840bb5 
CSPRNG implicitly casts the size_t length argument to a signed int when
calling RAND_bytes(), which leaves it up to the caller to ensure that
the length argument actually fits into such a signed int. However, not
all call sites explicitly ensure that, which could lead to subtle bugs.

In OpenSSL 3, use RAND_bytes_ex() instead, which does not require
casting the length to a signed int.

In OpenSSL 1.1.1, RAND_bytes_ex() is not supported, thus we have to
process blocks of size INT_MAX one by one.

PR-URL: nodejs#47515
Reviewed-By: Richard Lau <rlau@redhat.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
MoLow pushed a commit to MoLow/node that referenced this pull request Jul 6, 2023
@tniessen @MoLow
crypto: remove INT_MAX restriction in randomBytes
e2292f9 
This restriction was due to an implementation detail in CSPRNG(). Now
that CSPRNG() properly handles lengths exceeding INT_MAX, remove this
artificial restriction.

Refs: nodejs#47515
PR-URL: nodejs#47559
Reviewed-By: Yagiz Nizipli <yagiz@nizipli.com>
Reviewed-By: Filip Skokan <panva.ip@gmail.com>
@danielleadams danielleadams mentioned this pull request Jul 10, 2023
Merged
Ceres6 pushed a commit to Ceres6/node that referenced this pull request Aug 14, 2023
@tniessen @Ceres6
src: remove INT_MAX asserts in SecretKeyGenTraits
adb3d49 
Now that CSPRNG() does not silently fail when the length exceeds
INT_MAX anymore, there is no need for the two relevant assertions
in SecretKeyGenTraits anymore.

Refs: nodejs#47515
PR-URL: nodejs#48053
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Filip Skokan <panva.ip@gmail.com>
Ceres6 pushed a commit to Ceres6/node that referenced this pull request Aug 14, 2023
@tniessen @Ceres6
src: remove INT_MAX asserts in SecretKeyGenTraits
6964f63 
Now that CSPRNG() does not silently fail when the length exceeds
INT_MAX anymore, there is no need for the two relevant assertions
in SecretKeyGenTraits anymore.

Refs: nodejs#47515
PR-URL: nodejs#48053
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Filip Skokan <panva.ip@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bnoordhuis bnoordhuis bnoordhuis left review comments

@jasnell jasnell jasnell approved these changes

@richardlau richardlau richardlau approved these changes

Assignees
No one assigned
Labels
author ready PRs that have at least one approval, no pending requests for changes, and a CI started. c++ Issues and PRs that require attention from people who are familiar with C++. crypto Issues and PRs related to the crypto subsystem. needs-ci PRs that need a full CI run. openssl Issues and PRs related to the OpenSSL dependency. security Issues and PRs related to security.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@tniessen @nodejs-github-bot @bnoordhuis @jasnell @richardlau