crypto: random value issues v15 #35722

panva · 2020-10-20T16:23:37Z

Version: v15.0.0
Platform: Darwin C02CX0K5MD6V 19.6.0 Darwin Kernel Version 19.6.0: Mon Aug 31 22:12:52 PDT 2020; root:xnu-6153.141.2~1/RELEASE_X86_64 x86_64
Subsystem: crypto

What steps will reproduce the bug?

const crypto = require('crypto')

console.log(crypto.randomFillSync(Buffer.allocUnsafe(16)));

How often does it reproduce? Is there a required condition?

What is the expected behavior?

Buffer gets logged with random values

What do you see instead?

Buffer gets logged with only zeroes

Additional information

targos · 2020-10-20T16:39:48Z

@nodejs/crypto

richardlau · 2020-10-20T16:59:08Z

Seems to fail on the current master branch (6b6bbfe) too.

Signed-off-by: James M Snell <jasnell@gmail.com> Fixes: nodejs#35722

ai · 2020-10-21T03:11:59Z

Potentially it can be a huge security issue.

Signed-off-by: James M Snell <jasnell@gmail.com> Fixes: #35722 PR-URL: #35723 Reviewed-By: Сковорода Никита Андреевич <chalkerx@gmail.com> Reviewed-By: Myles Borins <myles.borins@gmail.com> Reviewed-By: Evan Lucas <evanlucas@me.com> Reviewed-By: Anna Henningsen <anna@addaleax.net> Reviewed-By: Gireesh Punathil <gpunathi@in.ibm.com> Reviewed-By: Beth Griggs <bgriggs@redhat.com>

Notable changes: - **crypto**: fix regression on randomFillSync (James M Snell) (#35723) * This fixes issue #35722. - **doc**: add release key for Danielle Adams (Danielle Adams) (#35545) PR-URL: #35736

Notable changes: - **crypto**: fix regression on randomFillSync (James M Snell) (#35723) - This fixes issue #35722. - **deps**: upgrade npm to 7.0.3 (Ruy Adorno) (#35724) - **doc**: add release key for Danielle Adams (Danielle Adams) (#35545) PR-URL: #35736

nodejs/node#35722 has been released so re-enable testing on node 15

panva mentioned this issue Oct 20, 2020

crypto: fix regression on randomFillSync #35723

Closed

4 tasks

jasnell added a commit to jasnell/node that referenced this issue Oct 20, 2020

crypto: fix regression on randomFillSync

98cfdaf

Signed-off-by: James M Snell <jasnell@gmail.com> Fixes: nodejs#35722

richardlau mentioned this issue Oct 20, 2020

Buffer.allocUnsafe with randomFillSync is broken in Node.js 15.0.0 nodejs/help#3033

Closed

addaleax added crypto Issues and PRs related to the crypto subsystem. security Issues and PRs related to security. labels Oct 21, 2020

gireeshpunathil closed this as completed in 4cbcfae Oct 21, 2020

BethGriggs mentioned this issue Oct 21, 2020

v15.0.1 proposal #35736

Merged

achingbrain mentioned this issue Oct 21, 2020

Generated IDs are not unique on node 15 ai/nanoid#239

Closed

achingbrain mentioned this issue Oct 22, 2020

chore: re-enable node 15 ipfs/js-ipfs#3339

Merged

achingbrain added a commit to ipfs/js-ipfs that referenced this issue Oct 22, 2020

chore: re-enable node 15 (#3339)

66f2081

nodejs/node#35722 has been released so re-enable testing on node 15

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

crypto: random value issues v15 #35722

crypto: random value issues v15 #35722

panva commented Oct 20, 2020

targos commented Oct 20, 2020

richardlau commented Oct 20, 2020

ai commented Oct 21, 2020

crypto: random value issues v15 #35722

crypto: random value issues v15 #35722

Comments

panva commented Oct 20, 2020

What steps will reproduce the bug?

How often does it reproduce? Is there a required condition?

What is the expected behavior?

What do you see instead?

Additional information

targos commented Oct 20, 2020

richardlau commented Oct 20, 2020

ai commented Oct 21, 2020