Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

crypto: remove INT_MAX restriction in randomBytes #47559

Merged
merged 1 commit into from
Apr 17, 2023
Merged

crypto: remove INT_MAX restriction in randomBytes #47559

merged 1 commit into from
Apr 17, 2023

Conversation

tniessen
Copy link
Member

This restriction was due to an implementation detail in CSPRNG(). Now that CSPRNG() properly handles lengths exceeding INT_MAX, remove this artificial restriction.

Refs: #47515

@tniessen
crypto: remove INT_MAX restriction in randomBytes
3d7f4ee 
This restriction was due to an implementation detail in CSPRNG(). Now
that CSPRNG() properly handles lengths exceeding INT_MAX, remove this
artificial restriction.

Refs: nodejs#47515
@tniessen tniessen added crypto Issues and PRs related to the crypto subsystem. c++ Issues and PRs that require attention from people who are familiar with C++. blocked PRs that are blocked by other issues or PRs. labels Apr 14, 2023
@nodejs-github-bot
Copy link
Collaborator

Review requested:

  • @nodejs/crypto

@nodejs-github-bot nodejs-github-bot added the needs-ci PRs that need a full CI run. label Apr 14, 2023
@tniessen

This comment was marked as outdated.

Sign in to view
@bnoordhuis
Copy link
Member

So... on the one hand I feel arbitrary limitations are bad. On the other hand, there isn't ever a good reason to request so much random data. It's more likely the result of buggy code than really wanting to grab gigabytes of randomness.

Bugs like that are also angle for resource exhaustion bugs (thread pool starvation in this case) so ceteris paribus rather than increasing the limit I suggest lowering it.

@tniessen
Copy link
Member Author

That's a valid point, but if someone wants to introduce an explicit smaller limit (and for a different reason), I think that should be a separate discussion/change, especially considering that it would be semver-major.

@bnoordhuis
Copy link
Member

Fair enough.

@tniessen tniessen added author ready PRs that have at least one approval, no pending requests for changes, and a CI started. request-ci Add this label to start a Jenkins CI on a PR. and removed blocked PRs that are blocked by other issues or PRs. labels Apr 15, 2023
@github-actions github-actions bot removed the request-ci Add this label to start a Jenkins CI on a PR. label Apr 15, 2023
@nodejs-github-bot

This comment was marked as outdated.

Sign in to view
@nodejs-github-bot

This comment was marked as outdated.

Sign in to view
@nodejs-github-bot

This comment was marked as outdated.

Sign in to view
@nodejs-github-bot
Copy link
Collaborator

CI: https://ci.nodejs.org/job/node-test-pull-request/51301/

@panva panva added the commit-queue Add this label to land a pull request using GitHub Actions. label Apr 17, 2023
@nodejs-github-bot nodejs-github-bot removed the commit-queue Add this label to land a pull request using GitHub Actions. label Apr 17, 2023
@nodejs-github-bot nodejs-github-bot merged commit b342a1b into nodejs:main Apr 17, 2023
@nodejs-github-bot
Copy link
Collaborator

Landed in b342a1b

@github-actions github-actions bot mentioned this pull request Apr 18, 2023
Open
35 tasks
targos pushed a commit that referenced this pull request May 2, 2023
@tniessen @targos
crypto: remove INT_MAX restriction in randomBytes
420feb4 
This restriction was due to an implementation detail in CSPRNG(). Now
that CSPRNG() properly handles lengths exceeding INT_MAX, remove this
artificial restriction.

Refs: #47515
PR-URL: #47559
Reviewed-By: Yagiz Nizipli <yagiz@nizipli.com>
Reviewed-By: Filip Skokan <panva.ip@gmail.com>
@targos targos mentioned this pull request May 2, 2023
Merged
danielleadams pushed a commit that referenced this pull request Jul 6, 2023
@tniessen @danielleadams
crypto: remove INT_MAX restriction in randomBytes
a97a6f5 
This restriction was due to an implementation detail in CSPRNG(). Now
that CSPRNG() properly handles lengths exceeding INT_MAX, remove this
artificial restriction.

Refs: #47515
PR-URL: #47559
Reviewed-By: Yagiz Nizipli <yagiz@nizipli.com>
Reviewed-By: Filip Skokan <panva.ip@gmail.com>
MoLow pushed a commit to MoLow/node that referenced this pull request Jul 6, 2023
@tniessen @MoLow
crypto: remove INT_MAX restriction in randomBytes
e2292f9 
This restriction was due to an implementation detail in CSPRNG(). Now
that CSPRNG() properly handles lengths exceeding INT_MAX, remove this
artificial restriction.

Refs: nodejs#47515
PR-URL: nodejs#47559
Reviewed-By: Yagiz Nizipli <yagiz@nizipli.com>
Reviewed-By: Filip Skokan <panva.ip@gmail.com>
@danielleadams danielleadams mentioned this pull request Jul 10, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@anonrig anonrig anonrig approved these changes

@panva panva panva approved these changes

Assignees
No one assigned
Labels
author ready PRs that have at least one approval, no pending requests for changes, and a CI started. c++ Issues and PRs that require attention from people who are familiar with C++. crypto Issues and PRs related to the crypto subsystem. needs-ci PRs that need a full CI run.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@tniessen @nodejs-github-bot @bnoordhuis @panva @anonrig