search

oven-sh / bun

Incredibly fast JavaScript runtime, bundler, test runner, and package manager – all in one
https://bun.sh
Other
74.49k stars 2.79k forks source link

Bun creates insecure ECDSA signatures with a deterministic output #6268

Open YPwn opened 1 year ago

YPwn commented 1 year ago

What version of Bun is running?

1.0.4+745b6b94ee56cad24d475799690cc9a89957d15b

What platform is your computer?

Darwin 21.6.0 x86_64 i386

What steps can reproduce the bug?

Create a new JS file with the following contents:

var privateKey = `-----BEGIN EC PRIVATE KEY-----
MIHbAgEBBEGoeehSLUuBzCPirMWKMBYYtSP7o/bBvF5G0nSGkmum3bO+zrec6PlM
IWozIdsCHV3jb0LSlDFQVycSY2gCXcNzRqAHBgUrgQQAI6GBiQOBhgAEAQvOf+u1
rzc6LEAAF8y9sUHlJCg/Ci/ANPQb2XjdLI0ULRoOpT5PBX3oVfWm5y9XHuRV9aUj
qQANgQG6THPz4p8zAYIAqA3g4D/hNUVYgxz3Hq1XLfSY/0X66Ld4T1jCKpCt1qgr
cGRzE9FhBzo+kN+D2VEl4EJu3oYVFwZPPBEc3tUC
-----END EC PRIVATE KEY-----
`;

var crypto = require("node:crypto");

let set = new Set();

for (let i = 0; i < 10; i++) {
    let sign = crypto.createSign("sha256");
    sign.write("some data to sign");
    sign.end();
    set.add(sign.sign(privateKey, "hex"));
}

if (set.size === 1) {
    console.error("Bugged!")
} else {
    console.log("Correct!");
}

Run in Node via node test.js and in Bun via bun test.js

What is the expected behavior?

Bun should show the Correct! output in the console like Node does.

What do you see instead?

Bun shows the Bugged! output in the console.

Additional information

When creating ECDSA signatures, deterministic output is frowned up due to insecurity. The k value should be random enough, however, this also means that the output signatures become non-deterministic.

It does not seem like Bun follows this advice at all, since the generated signature is always the same.

Jarred-Sumner commented 1 year ago

This is currently implemented using browserify-sign and not BoringSSL, we need to move it to use BoringSSL