Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

crypto: random value issues v15 #35722

Closed
panva opened this issue Oct 20, 2020 · 3 comments
Closed

crypto: random value issues v15 #35722

panva opened this issue Oct 20, 2020 · 3 comments
Labels
crypto Issues and PRs related to the crypto subsystem. security Issues and PRs related to security.

Comments

@panva
Copy link
Member

panva commented Oct 20, 2020

  • Version: v15.0.0
  • Platform: Darwin C02CX0K5MD6V 19.6.0 Darwin Kernel Version 19.6.0: Mon Aug 31 22:12:52 PDT 2020; root:xnu-6153.141.2~1/RELEASE_X86_64 x86_64
  • Subsystem: crypto

What steps will reproduce the bug?

const crypto = require('crypto')

console.log(crypto.randomFillSync(Buffer.allocUnsafe(16)));

How often does it reproduce? Is there a required condition?

What is the expected behavior?

Buffer gets logged with random values

What do you see instead?

Buffer gets logged with only zeroes

Additional information

Screenshot 2020-10-20 at 18 19 54
@targos
Copy link
Member

targos commented Oct 20, 2020

@nodejs/crypto

@richardlau
Copy link
Member

Seems to fail on the current master branch (6b6bbfe) too.

@panva panva mentioned this issue Oct 20, 2020
Closed
4 tasks
jasnell added a commit to jasnell/node that referenced this issue Oct 20, 2020
@jasnell
crypto: fix regression on randomFillSync
98cfdaf 
Signed-off-by: James M Snell <[email protected]>

Fixes: nodejs#35722
@richardlau richardlau mentioned this issue Oct 20, 2020
Closed
@ai
Copy link

ai commented Oct 21, 2020

Potentially it can be a huge security issue.

@addaleax addaleax added crypto Issues and PRs related to the crypto subsystem. security Issues and PRs related to security. labels Oct 21, 2020
BethGriggs pushed a commit that referenced this issue Oct 21, 2020
@jasnell @BethGriggs
crypto: fix regression on randomFillSync
f5acc2d 
Signed-off-by: James M Snell <[email protected]>

Fixes: #35722
PR-URL: #35723
Reviewed-By: Сковорода Никита Андреевич <[email protected]>
Reviewed-By: Myles Borins <[email protected]>
Reviewed-By: Evan Lucas <[email protected]>
Reviewed-By: Anna Henningsen <[email protected]>
Reviewed-By: Gireesh Punathil <[email protected]>
Reviewed-By: Beth Griggs <[email protected]>
@BethGriggs BethGriggs mentioned this issue Oct 21, 2020
Merged
BethGriggs added a commit that referenced this issue Oct 21, 2020
@BethGriggs
2020-10-21, Version 15.0.1 (Current)
f7abd6a 
Notable changes:

- **crypto**: fix regression on randomFillSync (James M Snell)
  (#35723)
  * This fixes issue #35722.
- **doc**: add release key for Danielle Adams (Danielle Adams)
  (#35545)

PR-URL: #35736
@achingbrain achingbrain mentioned this issue Oct 21, 2020
Closed
BethGriggs added a commit that referenced this issue Oct 21, 2020
@BethGriggs
2020-10-21, Version 15.0.1 (Current)
0c5dbc1 
Notable changes:

- **crypto**: fix regression on randomFillSync (James M Snell)
  (#35723)
  - This fixes issue #35722.
- **deps**: upgrade npm to 7.0.3 (Ruy Adorno)
  (#35724)
- **doc**: add release key for Danielle Adams (Danielle Adams)
  (#35545)

PR-URL: #35736
BethGriggs added a commit that referenced this issue Oct 21, 2020
@BethGriggs
2020-10-21, Version 15.0.1 (Current)
8451c4a 
Notable changes:

- **crypto**: fix regression on randomFillSync (James M Snell)
  (#35723)
  - This fixes issue #35722.
- **deps**: upgrade npm to 7.0.3 (Ruy Adorno)
  (#35724)
- **doc**: add release key for Danielle Adams (Danielle Adams)
  (#35545)

PR-URL: #35736
BethGriggs added a commit that referenced this issue Oct 21, 2020
@BethGriggs
2020-10-21, Version 15.0.1 (Current)
4d16554 
Notable changes:

- **crypto**: fix regression on randomFillSync (James M Snell)
  (#35723)
  - This fixes issue #35722.
- **deps**: upgrade npm to 7.0.3 (Ruy Adorno)
  (#35724)
- **doc**: add release key for Danielle Adams (Danielle Adams)
  (#35545)

PR-URL: #35736
@achingbrain achingbrain mentioned this issue Oct 22, 2020
Merged
achingbrain added a commit to ipfs/js-ipfs that referenced this issue Oct 22, 2020
@achingbrain
chore: re-enable node 15 (#3339)
66f2081 
nodejs/node#35722 has been released so re-enable testing on node 15
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
crypto Issues and PRs related to the crypto subsystem. security Issues and PRs related to security.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@ai @panva @addaleax @targos @richardlau and others