Runtime-deprecate calling digest() on HMAC more than once · nodejs/node#62838

(11 留言) (6 反應) (0 負責人)JavaScript (117,218 star) (35,535 fork)batch import

cryptogood first issuesecurity

描述

(Upd: detected by the scanner behind @deepview-autofix)

Hash behavior is reasonable:

> hash = require('crypto').createHash('sha256').update('data')
> hash.digest()
<Buffer 3a 6e b0 79 0f 39 ac 87 c9 4f 38 56 b2 dd 2c 5d 11 0e 68 11 60 22 61 a9 a9 23 d3 bb 23 ad c8 b7>
> hash.digest()
Uncaught Error [ERR_CRYPTO_HASH_FINALIZED]: Digest already called
    at Hash.digest (node:internal/crypto/hash:155:11) {
  code: 'ERR_CRYPTO_HASH_FINALIZED'
}

But HMAC, on the other hand, returns empty buffers on further .digest() calls, likely for compat reasons:

> hmac = require('crypto').createHmac('sha256', 'key').update('data')
> hmac.digest()
<Buffer 50 31 fe 3d 98 9c 6d 15 37 a0 13 fa 6e 73 9d a2 34 63 fd ae c3 b7 01 37 d8 28 e3 6a ce 22 1b d0>
> hmac.digest()
<Buffer >

This is a footgun with potential security risks, and should be first runtime-deprecated, then removed if no breakage is detected.

貢獻者指南

技術棧: javascriptnodejs
領域: backendsecurity
議題類型: security
難度: 2
預計時間: 1-3 hours
活動狀態: fresh
清晰度: clear
前置要求: Node.js core development basicscrypto module internals
新手友善度: 60
研究方向: Examine the HMAC class implementation in Node.js crypto module (likely in lib/internal/crypto/hmac.js). Understand the current behavior where calling digest() multiple times returns an empty buffer. Then implement a runtime deprecation warning using process.emitWarning when digest() is called more than once, following Node.js deprecation guidelines (see doc/api/deprecations.md). Also add tests for the deprecation warning.