crypto: adjust types for getRandomValues

prevents Web Crypto API's getRandomValues from accepting DataView Fixes: #41480 Refs: https://www.w3.org/TR/WebCryptoAPI/#Crypto-method-getRandomValues PR-URL: #41481 Reviewed-By: Derek Lewis <DerekNonGeneric@inf.is> Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Zeyu Yang <himself65@outlook.com> Reviewed-By: Tobias Nießen <tniessen@tnie.de> Reviewed-By: James M Snell <jasnell@gmail.com>
nodejs · Jan 22, 2022 · b8de7aa · b8de7aa
1 parent 2f17004
commit b8de7aa
Show file tree

Hide file tree

Showing 3 changed files with 10 additions and 4 deletions.
diff --git a/doc/api/webcrypto.md b/doc/api/webcrypto.md
@@ -357,12 +357,15 @@ Provides access to the `SubtleCrypto` API.
 added: v15.0.0
 -->
 
-* `typedArray` {Buffer|TypedArray|DataView|ArrayBuffer}
-* Returns: {Buffer|TypedArray|DataView|ArrayBuffer} Returns `typedArray`.
+* `typedArray` {Buffer|TypedArray}
+* Returns: {Buffer|TypedArray}
 
 Generates cryptographically strong random values. The given `typedArray` is
 filled with random values, and a reference to `typedArray` is returned.
 
+The given `typedArray` must be an integer-based instance of {TypedArray},
+i.e. `Float32Array` and `Float64Array` are not accepted.
+
 An error will be thrown if the given `typedArray` is larger than 65,536 bytes.
 
 ### `crypto.randomUUID()`

diff --git a/lib/internal/crypto/random.js b/lib/internal/crypto/random.js
@@ -50,6 +50,7 @@ const {
 const {
   isArrayBufferView,
   isAnyArrayBuffer,
+  isTypedArray,
   isFloat32Array,
   isFloat64Array,
 } = require('internal/util/types');
@@ -307,7 +308,7 @@ function onJobDone(buf, callback, error) {
 // not allowed to exceed 65536 bytes, and can only
 // be an integer-type TypedArray.
 function getRandomValues(data) {
-  if (!isArrayBufferView(data) ||
+  if (!isTypedArray(data) ||
       isFloat32Array(data) ||
       isFloat64Array(data)) {
     // Ordinarily this would be an ERR_INVALID_ARG_TYPE. However,

diff --git a/test/parallel/test-webcrypto-random.js b/test/parallel/test-webcrypto-random.js
@@ -13,6 +13,7 @@ const { getRandomValues } = require('crypto').webcrypto;
   undefined, null, '', 1, {}, [],
   new Float32Array(1),
   new Float64Array(1),
+  new DataView(new ArrayBuffer(1)),
 ].forEach((i) => {
   assert.throws(
     () => getRandomValues(i),
@@ -32,6 +33,7 @@ const intTypedConstructors = [
   Uint8Array,
   Uint16Array,
   Uint32Array,
+  Uint8ClampedArray,
   BigInt64Array,
   BigUint64Array,
 ];
@@ -47,7 +49,7 @@ for (const ctor of intTypedConstructors) {
 {
   const buf = new Uint16Array(10);
   const before = Buffer.from(buf).toString('hex');
-  getRandomValues(new DataView(buf.buffer));
+  getRandomValues(buf);
   const after = Buffer.from(buf).toString('hex');
   assert.notStrictEqual(before, after);
 }