From 0694401da3b647b6089e5dd96e58f25530fd3b10 Mon Sep 17 00:00:00 2001 From: Ben Noordhuis Date: Fri, 10 Apr 2020 12:42:22 +0200 Subject: [PATCH] crypto: generator must be int32 in DiffieHellman() Validate the generator argument in `crypto.createDiffieHellman(key, g)`. When it's a number, it should be an int32. Fixes: https://github.com/nodejs/node/issues/32748 PR-URL: https://github.com/nodejs/node/pull/32739 Fixes: https://github.com/nodejs/node/issues/32738 Reviewed-By: Colin Ihrig Reviewed-By: Zeyu Yang Reviewed-By: Anna Henningsen Reviewed-By: James M Snell --- lib/internal/crypto/diffiehellman.js | 4 +++- test/parallel/test-crypto-dh.js | 7 +++++++ 2 files changed, 10 insertions(+), 1 deletion(-) diff --git a/lib/internal/crypto/diffiehellman.js b/lib/internal/crypto/diffiehellman.js index 70e4100d500ce9..8f86911757fe1f 100644 --- a/lib/internal/crypto/diffiehellman.js +++ b/lib/internal/crypto/diffiehellman.js @@ -77,7 +77,9 @@ function DiffieHellman(sizeOrKey, keyEncoding, generator, genEncoding) { if (!generator) generator = DH_GENERATOR; - else if (typeof generator !== 'number') + else if (typeof generator === 'number') + validateInt32(generator, 'generator'); + else generator = toBuf(generator, genEncoding); this[kHandle] = new _DiffieHellman(sizeOrKey, generator); diff --git a/test/parallel/test-crypto-dh.js b/test/parallel/test-crypto-dh.js index f5eddb8c88244b..e1c5db968329f3 100644 --- a/test/parallel/test-crypto-dh.js +++ b/test/parallel/test-crypto-dh.js @@ -30,6 +30,13 @@ assert.throws(() => crypto.createDiffieHellman(13.37), { 'It must be an integer. Received 13.37', }); +assert.throws(() => crypto.createDiffieHellman('abcdef', 13.37), { + code: 'ERR_OUT_OF_RANGE', + name: 'RangeError', + message: 'The value of "generator" is out of range. ' + + 'It must be an integer. Received 13.37', +}); + for (const bits of [-1, 0, 1]) { assert.throws(() => crypto.createDiffieHellman(bits), { code: 'ERR_OSSL_BN_BITS_TOO_SMALL',