Skip to content

crypto: fix large DH generator validation#64092

Open
tniessen wants to merge 1 commit into
nodejs:mainfrom
tniessen:crypto-fix-dh-large-generator-validation
Open

crypto: fix large DH generator validation#64092
tniessen wants to merge 1 commit into
nodejs:mainfrom
tniessen:crypto-fix-dh-large-generator-validation

Conversation

@tniessen

@tniessen tniessen commented Jun 23, 2026

Copy link
Copy Markdown
Member

Unfortunately, std::optional<> implements operator< in such a way that this check will fail for very large generators. Since bn_g is unsigned, if its value does not fit into a single word, we can be certain that it is at least 2. By only checking the value if it does indeed fit into a word, the check correctly ignores very large generators.

@tniessen tniessen added the crypto Issues and PRs related to the crypto subsystem. label Jun 23, 2026
@nodejs-github-bot

nodejs-github-bot commented Jun 23, 2026

Copy link
Copy Markdown
Collaborator

Review requested:

  • @nodejs/crypto

@tniessen
crypto: fix large DH generator validation
4554682 
Unfortunately, `std::optional<>` implements `operator<` in such a way
that this check will fail for very large generators. Since `bn_g` is
unsigned, if its value does not fit into a single word, we can be
certain that it is at least 2. By only checking the value if it does
indeed fit into a word, the check correctly ignores very large
generators.

Signed-off-by: Tobias Nießen <tniessen@tnie.de>
@nodejs-github-bot nodejs-github-bot added c++ Issues and PRs that require attention from people who are familiar with C++. needs-ci PRs that need a full CI run. labels Jun 23, 2026
@tniessen tniessen force-pushed the crypto-fix-dh-large-generator-validation branch from 351925f to 4554682 Compare June 23, 2026 15:15
@panva panva added author ready PRs that have at least one approval, no pending requests for changes, and a CI started. request-ci Add this label to start a Jenkins CI on a PR. labels Jun 23, 2026
@github-actions github-actions Bot removed the request-ci Add this label to start a Jenkins CI on a PR. label Jun 23, 2026
@nodejs-github-bot

nodejs-github-bot commented Jun 23, 2026

Copy link
Copy Markdown
Collaborator

CI: https://ci.nodejs.org/job/node-test-pull-request/74384/

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@panva panva panva approved these changes

Assignees

No one assigned

Labels

author ready PRs that have at least one approval, no pending requests for changes, and a CI started. c++ Issues and PRs that require attention from people who are familiar with C++. crypto Issues and PRs related to the crypto subsystem. needs-ci PRs that need a full CI run.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@tniessen @nodejs-github-bot @panva