Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

crypto: random value issues v15 #35722

Closed
panva opened this issue Oct 20, 2020 · 3 comments
Closed

crypto: random value issues v15 #35722

panva opened this issue Oct 20, 2020 · 3 comments
Labels
crypto Issues and PRs related to the crypto subsystem. security Issues and PRs related to security.

Comments

@panva
Copy link
Member

panva commented Oct 20, 2020

  • Version: v15.0.0
  • Platform: Darwin C02CX0K5MD6V 19.6.0 Darwin Kernel Version 19.6.0: Mon Aug 31 22:12:52 PDT 2020; root:xnu-6153.141.2~1/RELEASE_X86_64 x86_64
  • Subsystem: crypto

What steps will reproduce the bug?

const crypto = require('crypto')

console.log(crypto.randomFillSync(Buffer.allocUnsafe(16)));

How often does it reproduce? Is there a required condition?

What is the expected behavior?

Buffer gets logged with random values

What do you see instead?

Buffer gets logged with only zeroes

Additional information

Screenshot 2020-10-20 at 18 19 54

@targos
Copy link
Member

targos commented Oct 20, 2020

@nodejs/crypto

@richardlau
Copy link
Member

Seems to fail on the current master branch (6b6bbfe) too.

@ai
Copy link

ai commented Oct 21, 2020

Potentially it can be a huge security issue.

@addaleax addaleax added crypto Issues and PRs related to the crypto subsystem. security Issues and PRs related to security. labels Oct 21, 2020
BethGriggs pushed a commit that referenced this issue Oct 21, 2020
Signed-off-by: James M Snell <[email protected]>

Fixes: #35722
PR-URL: #35723
Reviewed-By: Сковорода Никита Андреевич <[email protected]>
Reviewed-By: Myles Borins <[email protected]>
Reviewed-By: Evan Lucas <[email protected]>
Reviewed-By: Anna Henningsen <[email protected]>
Reviewed-By: Gireesh Punathil <[email protected]>
Reviewed-By: Beth Griggs <[email protected]>
BethGriggs added a commit that referenced this issue Oct 21, 2020
Notable changes:

- **crypto**: fix regression on randomFillSync (James M Snell)
  (#35723)
  * This fixes issue #35722.
- **doc**: add release key for Danielle Adams (Danielle Adams)
  (#35545)

PR-URL: #35736
BethGriggs added a commit that referenced this issue Oct 21, 2020
Notable changes:

- **crypto**: fix regression on randomFillSync (James M Snell)
  (#35723)
  - This fixes issue #35722.
- **deps**: upgrade npm to 7.0.3 (Ruy Adorno)
  (#35724)
- **doc**: add release key for Danielle Adams (Danielle Adams)
  (#35545)

PR-URL: #35736
BethGriggs added a commit that referenced this issue Oct 21, 2020
Notable changes:

- **crypto**: fix regression on randomFillSync (James M Snell)
  (#35723)
  - This fixes issue #35722.
- **deps**: upgrade npm to 7.0.3 (Ruy Adorno)
  (#35724)
- **doc**: add release key for Danielle Adams (Danielle Adams)
  (#35545)

PR-URL: #35736
BethGriggs added a commit that referenced this issue Oct 21, 2020
Notable changes:

- **crypto**: fix regression on randomFillSync (James M Snell)
  (#35723)
  - This fixes issue #35722.
- **deps**: upgrade npm to 7.0.3 (Ruy Adorno)
  (#35724)
- **doc**: add release key for Danielle Adams (Danielle Adams)
  (#35545)

PR-URL: #35736
achingbrain added a commit to ipfs/js-ipfs that referenced this issue Oct 22, 2020
nodejs/node#35722 has been released so re-enable testing on node 15
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
crypto Issues and PRs related to the crypto subsystem. security Issues and PRs related to security.
Projects
None yet
Development

No branches or pull requests

6 participants
@ai @panva @addaleax @targos @richardlau and others