crypto: fix unsigned conversion of 4-byte RSA publicExponent

deepview-autofix · claude · ChALkeR · aduh95 · commit 16e8c2b54d57 · 2026-05-07T15:41:47.000+02:00
`bigIntArrayToUnsignedInt` used the signed `<<` operator, so when the most significant byte of a 4-byte input had its top bit set (e.g. `[0x80, 0x00, 0x00, 0x01]`) the result was a negative Int32 instead of the intended unsigned 32-bit value. This caused any RSA `publicExponent` exactly 4 bytes long with the top bit set to be parsed incorrectly. Coerce the final value with `>>> 0` and add a unit test. Assisted-by: Claude <noreply@anthropic.com> Co-Authored-By: Claude <noreply@anthropic.com> Co-Authored-By: DeepView Autofix <276251120+deepview-autofix@users.noreply.github.com> Co-Authored-By: Nikita Skovoroda <chalkerx@gmail.com> Signed-off-by: Nikita Skovoroda <chalkerx@gmail.com> PR-URL: #62839 Reviewed-By: Filip Skokan <panva.ip@gmail.com>
diff --git a/lib/internal/crypto/util.js b/lib/internal/crypto/util.js
@@ -684,7 +684,7 @@ function bigIntArrayToUnsignedInt(input) {
     result |= input[n] << 8 * n_reversed;
   }
 
-  return result;
+  return result >>> 0;
 }
 
 function bigIntArrayToUnsignedBigInt(input) {
diff --git a/test/parallel/test-webcrypto-util.js b/test/parallel/test-webcrypto-util.js
@@ -8,10 +8,29 @@ if (!common.hasCrypto)
 const assert = require('assert');
 
 const {
+  bigIntArrayToUnsignedInt,
   normalizeAlgorithm,
   validateKeyOps,
 } = require('internal/crypto/util');
 
+// bigIntArrayToUnsignedInt must return an unsigned 32-bit value even when
+// the most significant byte has its top bit set. Otherwise the signed `<<`
+// operator yields a negative Int32 for inputs like [0x80, 0x00, 0x00, 0x01].
+{
+  assert.strictEqual(
+    bigIntArrayToUnsignedInt(new Uint8Array([0x80, 0x00, 0x00, 0x01])),
+    0x80000001);
+  assert.strictEqual(
+    bigIntArrayToUnsignedInt(new Uint8Array([0xff, 0xff, 0xff, 0xff])),
+    0xffffffff);
+  assert.strictEqual(
+    bigIntArrayToUnsignedInt(new Uint8Array([1, 0, 1])),
+    65537);
+  assert.strictEqual(
+    bigIntArrayToUnsignedInt(new Uint8Array([1, 0, 0, 0, 0])),
+    undefined);
+}
+
 {
   // Check that normalizeAlgorithm does not mutate object inputs.
   const algorithm = { name: 'ECDSA', hash: 'SHA-256' };

Original file line number	Diff line number	Diff line change
`@@ -684,7 +684,7 @@ function bigIntArrayToUnsignedInt(input) {`
`684`	`684`	`result \|= input[n] << 8 * n_reversed;`
`685`	`685`	`}`
`686`	`686`
`687`		`- return result;`
	`687`	`+ return result >>> 0;`
`688`	`688`	`}`
`689`	`689`
`690`	`690`	`function bigIntArrayToUnsignedBigInt(input) {`