diff options
author | Tobias Nießen <tniessen@tnie.de> | 2018-10-09 09:36:46 +1100 |
---|---|---|
committer | Michaël Zasso <targos@protonmail.com> | 2019-10-01 14:39:10 +0200 |
commit | 588b388181b2884a3f7197c462227ce05c4c2358 (patch) | |
tree | 6e7f7358b49ba392af92e3b7099e47ffd949d52c | |
parent | 6579b1a547455320bcecf00645f5623b7ccecac7 (diff) | |
download | node-new-588b388181b2884a3f7197c462227ce05c4c2358.tar.gz |
crypto: use byteLength in timingSafeEqual
PR-URL: https://github.com/nodejs/node/pull/29657
Co-authored-by: ZaneHannanAU <ZaneHannanAU@users.noreply.github.com>
Co-authored-by: Rich Trott <rtrott@gmail.com>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Minwoo Jung <minwoo@nodesource.com>
-rw-r--r-- | lib/internal/crypto/util.js | 2 | ||||
-rw-r--r-- | lib/internal/errors.js | 2 | ||||
-rw-r--r-- | test/sequential/test-crypto-timing-safe-equal.js | 16 |
3 files changed, 17 insertions, 3 deletions
diff --git a/lib/internal/crypto/util.js b/lib/internal/crypto/util.js index ddef1a163c..544d44669a 100644 --- a/lib/internal/crypto/util.js +++ b/lib/internal/crypto/util.js @@ -78,7 +78,7 @@ function timingSafeEqual(buf1, buf2) { throw new ERR_INVALID_ARG_TYPE('buf2', ['Buffer', 'TypedArray', 'DataView'], buf2); } - if (buf1.length !== buf2.length) { + if (buf1.byteLength !== buf2.byteLength) { throw new ERR_CRYPTO_TIMING_SAFE_EQUAL_LENGTH(); } return _timingSafeEqual(buf1, buf2); diff --git a/lib/internal/errors.js b/lib/internal/errors.js index eff688e6f5..8412c710c9 100644 --- a/lib/internal/errors.js +++ b/lib/internal/errors.js @@ -750,7 +750,7 @@ E('ERR_CRYPTO_SCRYPT_NOT_SUPPORTED', 'Scrypt algorithm not supported', Error); // Switch to TypeError. The current implementation does not seem right. E('ERR_CRYPTO_SIGN_KEY_REQUIRED', 'No key provided to sign', Error); E('ERR_CRYPTO_TIMING_SAFE_EQUAL_LENGTH', - 'Input buffers must have the same length', RangeError); + 'Input buffers must have the same byte length', RangeError); E('ERR_DNS_SET_SERVERS_FAILED', 'c-ares failed to set servers: "%s" [%s]', Error); E('ERR_DOMAIN_CALLBACK_NOT_AVAILABLE', diff --git a/test/sequential/test-crypto-timing-safe-equal.js b/test/sequential/test-crypto-timing-safe-equal.js index dcebef29d7..75385e5f88 100644 --- a/test/sequential/test-crypto-timing-safe-equal.js +++ b/test/sequential/test-crypto-timing-safe-equal.js @@ -18,12 +18,26 @@ assert.strictEqual( false ); +{ + // Test TypedArrays with different lengths but equal byteLengths. + const buf = crypto.randomBytes(16).buffer; + const a1 = new Uint8Array(buf); + const a2 = new Uint16Array(buf); + const a3 = new Uint32Array(buf); + + for (const left of [a1, a2, a3]) { + for (const right of [a1, a2, a3]) { + assert.strictEqual(crypto.timingSafeEqual(left, right), true); + } + } +} + common.expectsError( () => crypto.timingSafeEqual(Buffer.from([1, 2, 3]), Buffer.from([1, 2])), { code: 'ERR_CRYPTO_TIMING_SAFE_EQUAL_LENGTH', type: RangeError, - message: 'Input buffers must have the same length' + message: 'Input buffers must have the same byte length' } ); |