tls: handle large RSA exponents in X.509 cert

tniessen · web-flow · commit 652d033fb769 · 2026-06-25T17:02:54.000Z
If the exponent does not fit into a single word, previous versions of Node.js would report an incorrect value or, recently, return `null`. Change `GetExponentString()` to handle arbitrarily large RSA public exponents properly. Signed-off-by: Tobias Nießen <tniessen@tnie.de> PR-URL: #64093 Refs: #63895 Reviewed-By: Filip Skokan <panva.ip@gmail.com> Reviewed-By: Anna Henningsen <anna@addaleax.net>
diff --git a/src/crypto/crypto_x509.cc b/src/crypto/crypto_x509.cc
@@ -689,12 +689,12 @@ MaybeLocal<Value> GetModulusString(Environment* env, const BIGNUM* n) {
 }
 
 MaybeLocal<Value> GetExponentString(Environment* env, const BIGNUM* e) {
-  auto exponent_word = BignumPointer::GetWord(e);
-  if (!exponent_word) return Null(env->isolate());
+  if (e == nullptr) return Null(env->isolate());
   auto bio = BIOPointer::NewMem();
   if (!bio) [[unlikely]]
     return {};
-  BIO_printf(bio.get(), "0x%" PRIx64, static_cast<uint64_t>(*exponent_word));
+  BIO_puts(bio.get(), "0x");
+  BN_print(bio.get(), e);
   return ToV8Value(env->context(), bio);
 }
 

Original file line number	Diff line number	Diff line change
`@@ -689,12 +689,12 @@ MaybeLocal<Value> GetModulusString(Environment* env, const BIGNUM* n) {`
`689`	`689`	`}`
`690`	`690`
`691`	`691`	`MaybeLocal<Value> GetExponentString(Environment* env, const BIGNUM* e) {`
`692`		`- auto exponent_word = BignumPointer::GetWord(e);`
`693`		`- if (!exponent_word) return Null(env->isolate());`
	`692`	`+ if (e == nullptr) return Null(env->isolate());`
`694`	`693`	`auto bio = BIOPointer::NewMem();`
`695`	`694`	`if (!bio) [[unlikely]]`
`696`	`695`	`return {};`
`697`		`- BIO_printf(bio.get(), "0x%" PRIx64, static_cast<uint64_t>(*exponent_word));`
	`696`	`+ BIO_puts(bio.get(), "0x");`
	`697`	`+ BN_print(bio.get(), e);`
`698`	`698`	`return ToV8Value(env->context(), bio);`
`699`	`699`	`}`
`700`	`700`