Skip to content

crypto: protect against string collisions #60392

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
wants to merge 2 commits into
base: main
Choose a base branch
from
Draft

crypto: protect against string collisions #60392

wants to merge 2 commits into from

Conversation

@ChALkeR
Copy link
Member

@ChALkeR ChALkeR commented Oct 24, 2025
edited
Loading

Includes #60384
Closes: #60267

This is a draft.
Feedback is welcome though

  1. Not sure if I caught all the places, conversion is scattered across different codepaths
  2. All validation is in JS land. Perhaps some native methods should have assertions
  3. This will throw synchronously - other input validation does the same though

@nodejs-github-bot
Copy link
Collaborator

Review requested:

  • @nodejs/crypto

@nodejs-github-bot nodejs-github-bot added lib / src Issues and PRs related to general changes in the lib or src directory. needs-ci PRs that need a full CI run. labels Oct 24, 2025
@panva panva added crypto Issues and PRs related to the crypto subsystem. semver-major PRs that contain breaking changes and should be released in the next major version. labels Oct 24, 2025
ChALkeR
ChALkeR commented Oct 24, 2025
View reviewed changes
lib/internal/crypto/util.js
validateStringWellFormed(val);
if (encoding === 'buffer')
encoding = 'utf8';
return Buffer.from(val, encoding);
Copy link
Member Author

@ChALkeR ChALkeR Oct 24, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This could also cause collisions on well-formed strings but encodings not capable of containing full Unicode
That should be addressed too

ChALkeR
ChALkeR commented Oct 24, 2025
View reviewed changes
lib/internal/crypto/util.js
validateStringWellFormed(buffer);
if (encoding === 'buffer')
encoding = 'utf8';
return Buffer.from(buffer, encoding);
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This could also cause collisions on well-formed strings but encodings not capable of containing full Unicode
That should be addressed too

ChALkeR
ChALkeR commented Oct 24, 2025
View reviewed changes
lib/internal/crypto/sig.js
Sign.prototype.update = function update(data, encoding) {
if (typeof data === 'string') {
validateEncoding(data, encoding);
validateStringWellFormed(data);
Copy link
Member Author

@ChALkeR ChALkeR Oct 24, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

see other comments about encoding, this might also need adjustments and/or a check on src/ side

ChALkeR
ChALkeR commented Oct 24, 2025
View reviewed changes
lib/internal/crypto/hash.js

if (typeof data === 'string') {
validateEncoding(data, encoding);
validateStringWellFormed(data);
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ditto about encoding

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

crypto Issues and PRs related to the crypto subsystem. lib / src Issues and PRs related to general changes in the lib or src directory. needs-ci PRs that need a full CI run. semver-major PRs that contain breaking changes and should be released in the next major version.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Equal hashes on non-equal JS strings are dangerous to the ecosystem

3 participants

@ChALkeR @nodejs-github-bot @panva