mirror of
https://github.com/oven-sh/bun
synced 2026-02-09 18:38:55 +00:00
344a772ad5
Fixes https://github.com/oven-sh/bun/issues/21547 ## Summary - Fixes "Length out of range of buffer" error when using `crypto.createSign().sign()` with JWK EC keys and `dsaEncoding: "ieee-p1363"` - The issue only occurred with the specific combination of JWK format keys and IEEE P1363 signature encoding ## The Bug When signing with EC keys in JWK format and requesting IEEE P1363 signature encoding, the code would: 1. Create a DER-encoded signature 2. Convert it to P1363 format (fixed-size raw r||s concatenation) 3. Replace the signature buffer with the P1363 buffer 4. **But incorrectly use the original DER signature length when creating the final JSUint8Array** This caused a buffer overflow since P1363 signatures are always 64 bytes for P-256 curves, while DER signatures vary in length (typically 70-72 bytes). ## The Fix Track the correct signature length after P1363 conversion and use it when creating the final JSUint8Array. ## Test Plan Added comprehensive tests in `test/js/node/crypto/sign-jwk-ieee-p1363.test.ts` that: - Verify the original failing case now works - Test different encoding options (default DER, explicit DER, IEEE P1363) - Test with both JWK objects and KeyObject instances - Verify signature lengths are correct for each format The tests fail on the current main branch and pass with this fix. 🤖 Generated with [Claude Code](https://claude.ai/code) --------- Co-authored-by: Claude Bot <claude-bot@bun.sh> Co-authored-by: Claude <noreply@anthropic.com> Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>