Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Possible regression with crypto.randomBytes(size, null) #16778

Closed
sehrope opened this issue Nov 5, 2017 · 4 comments
Closed

Possible regression with crypto.randomBytes(size, null) #16778

sehrope opened this issue Nov 5, 2017 · 4 comments
Labels
crypto Issues and PRs related to the crypto subsystem. question Issues that look for answers.

Comments

@sehrope
Copy link

sehrope commented Nov 5, 2017

The crypto.psuedoRandomBytes(...) and crypto.randomBytes(...) functions throw an ERR_INVALID_CALLBACK if the second parameter is null. In prior versions a null value for the second parameter would be treated the same as undefined causing the function to be invoked as if it had been invoked with just one parameter, i.e. crypto.randomBytes(size).

Reproduce via:

$ nvm use 8
Now using node v8.9.0 (npm v5.5.1)
$ node -e "console.log(require('crypto').randomBytes(4, null).toString('hex'))"
ef813d36

$ nvm use 9
Now using node v9.0.0 (npm v5.5.1)
$ node --version
v9.0.0
$ node -e "console.log(require('crypto').randomBytes(4, null).toString('hex'))"
internal/crypto/random.js:44
    throw new errors.TypeError('ERR_INVALID_CALLBACK');
    ^

TypeError [ERR_INVALID_CALLBACK]: Callback must be a function
    at Object.randomBytes (internal/crypto/random.js:44:11)
    at [eval]:1:31
    at ContextifyScript.Script.runInThisContext (vm.js:50:33)
    at Object.runInThisContext (vm.js:152:38)
    at Object.<anonymous> ([eval]-wrapper:6:22)
    at Module._compile (module.js:641:30)
    at evalScript (bootstrap_node.js:470:27)
    at startup (bootstrap_node.js:167:9)
    at bootstrap_node.js:613:3

#16454 introduced the parameter validation change that is causing this.

I'm not sure if this should be considered a regression as the function is being invoked with two arguments (i.e. null where a callback is expected) but I didn't see anything in the changelog about it though so not sure if it was overlooked.

@maclover7
Copy link
Contributor

cc @jasnell

@joyeecheung
Copy link
Member

joyeecheung commented Nov 5, 2017

Personally I don't think it's a regression because null has never been documented as a valid value for cb, but it worth mentioning in the change log, eventhough it's already semver-major.

@jasnell
Copy link
Member

jasnell commented Nov 5, 2017

Yeah I likely should have called that out in the notable changes because it is hidden. This was actually somewhat intentional to make the type validation tighter.

@mscdex mscdex added crypto Issues and PRs related to the crypto subsystem. question Issues that look for answers. labels Nov 5, 2017
@sehrope
Copy link
Author

sehrope commented Nov 5, 2017

Ok makes sense. I think calling it out explicitly in the changelog would be useful.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
crypto Issues and PRs related to the crypto subsystem. question Issues that look for answers.
Projects
None yet
Development

Successfully merging a pull request may close this issue.

5 participants