OSSForks/node
1
0
Fork 0
mirror of https://github.com/zebrajr/node.git synced 2026-01-15 12:15:26 +00:00
Code Issues Actions 8 Packages Projects Releases Wiki Activity
Files
master
node/test/sequential/test-crypto-timing-safe-equal-fast.js
Joyee Cheung c9578dc557 crypto: fix argument validation in crypto.timingSafeEqual fast path 
A regression introduced by
0136bb0ee8
made it possible for the fast path to be hit with non-array-buffer
arguments despite that the fast paths could only deal with array
buffer arguments, so that it can crash with invalid arguments
once crypto.timingSafeEqual is optimized instead of throwing
validation errors as usual. This adds validation to the fast path
so that it throws correctly.

PR-URL: https://github.com/nodejs/node/pull/60538
Fixes: https://github.com/nodejs/node/issues/60537
Refs: https://github.com/nodejs-private/node-private/pull/749
Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
2025-11-03 22:18:51 +00:00

41 lines
1.3 KiB
JavaScript
Raw Permalink Blame History

// Test v8 fast path for crypto.timingSafeEqual works correctly.
// Flags: --expose-internals --allow-natives-syntax
'use strict';
const common = require('../common');
if (!common.hasCrypto)
common.skip('missing crypto');
const assert = require('assert');
const crypto = require('crypto');
// V8 Fast API
const foo = Buffer.from('foo');
const bar = Buffer.from('bar');
const longer = Buffer.from('longer');
function testFastPath(buf1, buf2) {
return crypto.timingSafeEqual(buf1, buf2);
}
eval('%PrepareFunctionForOptimization(testFastPath)');
assert.strictEqual(testFastPath(foo, bar), false);
eval('%OptimizeFunctionOnNextCall(testFastPath)');
assert.strictEqual(testFastPath(foo, bar), false);
assert.strictEqual(testFastPath(foo, foo), true);
assert.throws(() => testFastPath(foo, longer), {
code: 'ERR_CRYPTO_TIMING_SAFE_EQUAL_LENGTH',
});
assert.throws(() => testFastPath(foo, ''), {
code: 'ERR_INVALID_ARG_TYPE',
});
assert.throws(() => testFastPath('', ''), {
code: 'ERR_INVALID_ARG_TYPE',
});
if (common.isDebug) {
const { internalBinding } = require('internal/test/binding');
const { getV8FastApiCallCount } = internalBinding('debug');
assert.strictEqual(getV8FastApiCallCount('crypto.timingSafeEqual.ok'), 2);
assert.strictEqual(getV8FastApiCallCount('crypto.timingSafeEqual.error'), 3);
}
Reference in New Issue View Git Blame Copy Permalink