Skip to content

crypto: fix size_t/int regression node_crypto#35132

Closed
jasnell wants to merge 1 commit intonodejs:masterfrom
jasnell:regression-31406
Closed

crypto: fix size_t/int regression node_crypto#35132
jasnell wants to merge 1 commit intonodejs:masterfrom
jasnell:regression-31406

Conversation

@jasnell
Copy link
Member

@jasnell jasnell commented Sep 9, 2020
edited
Loading

#31406 introduced a regression in Hash and Hmac update operations.

Haven't looked yet, but it's possible that this also affects other Stream-based crypto operations (e.g. sig, verify, etc) Definitely impacted... adding those to the changeset here.

/cc @addaleax @bnoordhuis

Checklist
  • make -j4 test (UNIX), or vcbuild test (Windows) passes
  • tests and/or benchmarks are included
  • commit message follows commit guidelines

@nodejs-github-bot
Copy link
Collaborator

nodejs-github-bot commented Sep 9, 2020

Review requested:

  • @nodejs/crypto

@nodejs-github-bot nodejs-github-bot added c++ Issues and PRs that require attention from people who are familiar with C++. crypto Issues and PRs related to the crypto subsystem. labels Sep 9, 2020
@jasnell jasnell added the request-ci Add this label to start a Jenkins CI on a PR. label Sep 9, 2020
@github-actions github-actions bot removed the request-ci Add this label to start a Jenkins CI on a PR. label Sep 9, 2020
@nodejs-github-bot
Copy link
Collaborator

nodejs-github-bot commented Sep 9, 2020

CI: https://ci.nodejs.org/job/node-test-pull-request/33116/

addaleax
addaleax approved these changes Sep 9, 2020
View reviewed changes
addaleax
addaleax reviewed Sep 9, 2020
View reviewed changes
@jasnell jasnell added the request-ci Add this label to start a Jenkins CI on a PR. label Sep 9, 2020
@github-actions github-actions bot removed the request-ci Add this label to start a Jenkins CI on a PR. label Sep 9, 2020
@jasnell
Copy link
Member Author

jasnell commented Sep 9, 2020

@addaleax ... Please take a look, I added changes for SignBase and PublicKeyCipher.

CipherBase also technically has a challenge here also but it doesn't segfault, the cipher update operation just fails with an error, so definitely less critical.

@nodejs-github-bot
Copy link
Collaborator

nodejs-github-bot commented Sep 9, 2020

CI: https://ci.nodejs.org/job/node-test-pull-request/33117/

addaleax
addaleax approved these changes Sep 9, 2020
View reviewed changes
Copy link
Member

@addaleax addaleax left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is there any reason not to update this for CipherBase as well, though? Semantically size_t should be the right type here

jasnell
jasnell commented Sep 9, 2020
View reviewed changes
@jasnell
Copy link
Member Author

jasnell commented Sep 9, 2020

Is there any reason not to update this for CipherBase as well, though? Semantically size_t should be the right type here

No, not really a good reason not to. We should add a similar size check tho.

@jasnell
crypto: fix regression in Hash, Hmac, SignBase, PublicKeyCipher
d6b4b8a 
nodejs#31406 introduced a regression in
`Hash`, `Hmac`, `SignBase`, and `PublicKeyCipher`

Signed-off-by: James M Snell <jasnell@gmail.com>
@jasnell
Copy link
Member Author

jasnell commented Sep 9, 2020

Ok @addaleax, added a fixup for CipherBase Update also.

@jasnell jasnell added the request-ci Add this label to start a Jenkins CI on a PR. label Sep 9, 2020
@jasnell jasnell changed the title crypto: fix regression in Hash and Hmac crypto: fix size_t/int regression node_crypto Sep 9, 2020
@github-actions github-actions bot removed the request-ci Add this label to start a Jenkins CI on a PR. label Sep 9, 2020
@nodejs-github-bot
Copy link
Collaborator

nodejs-github-bot commented Sep 9, 2020

CI: https://ci.nodejs.org/job/node-test-pull-request/33118/

@jasnell jasnell added the author ready PRs that have at least one approval, no pending requests for changes, and a CI started. label Sep 9, 2020
@jasnell jasnell mentioned this pull request Sep 9, 2020
Closed
4 tasks
@bnoordhuis
Copy link
Member

bnoordhuis commented Sep 10, 2020

I think it would be better to handle this right after the JS -> C++ transition. OpenSSL by and large uses ints for sizes and that's not something we can change. Concretely, I'd check like this:

void CryptoOp(const FunctionCallbackInfo<Value>& args) {
  // ...
  if (!args[0]->IsInt32()) {
    // throw TypeError
  }
  int32_t size = args[0]->Int32Value(context).FromJust();
  if (size < 0) {
    // throw TypeErorr or RangeError
  }
  // now either cast to size_t (because known-good range) or stick with int32_t
}

That way, code deeper down can safely assume sizes are in a known-good range.

With this PR, the range checking is too much all over the place, making it harder to get it right.

@bnoordhuis
Copy link
Member

bnoordhuis commented Sep 10, 2020

Forgot to mention: the alternative is to have Node.js transparently break up operations over ranges > INT_MAX into smaller ones but that's error prone, might not always be possible, and probably so exceedingly rare as to not be worth the effort.

@jasnell
Copy link
Member Author

jasnell commented Sep 10, 2020

With this PR, the range checking is too much all over the place, making it harder to get it right.

In a separate PR I'm making much more far reaching changes that should make it significantly easier to deal with moving forward. It does not yet centralize the type checking / length checking but that's something that can be done easily.

I am perfectly fine with an across-the-board restriction for all crypto operation lengths to be <= INT_MAX

Forgot to mention: the alternative is to have Node.js transparently break up operations over ranges > INT_MAX into smaller ones but that's error prone, might not always be possible, and probably so exceedingly rare as to not be worth the effort.

Yeah, I had considered this also and ruled it out for the same reason.

@bnoordhuis
Copy link
Member

bnoordhuis commented Sep 12, 2020

I am perfectly fine with an across-the-board restriction for all crypto operation lengths to be <= INT_MAX

I think that'd be best. @nodejs/crypto?

@jasnell
Copy link
Member Author

jasnell commented Sep 12, 2020

I'll work on that in the crypto refactor I'm doing and will get it backported for 14 and 12 also. Thanks Ben.

@jasnell
Copy link
Member Author

jasnell commented Oct 8, 2020

#35093 landed that includes these fixes

@jasnell jasnell closed this Oct 8, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@addaleax addaleax addaleax approved these changes

@tniessen tniessen tniessen approved these changes

@himself65 himself65 himself65 approved these changes

Assignees

No one assigned

Labels

author ready PRs that have at least one approval, no pending requests for changes, and a CI started. c++ Issues and PRs that require attention from people who are familiar with C++. crypto Issues and PRs related to the crypto subsystem.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

6 participants

@jasnell @nodejs-github-bot @bnoordhuis @addaleax @tniessen @himself65