From ea493c18b262b082c310542533d369914b367111 Mon Sep 17 00:00:00 2001 From: James M Snell Date: Fri, 3 Jan 2025 15:22:12 -0800 Subject: [PATCH] crypto: make generatePrime/checkPrime interruptible The `generatePrime` and `checkPrime` functions in the `crypto` module are only somewhat interruptible. This change makes it possible to interrupt these more reliably. Note that generating overly large primes can still take a long time and may not be interruptible as this mechanism relies on a callback to check for stopping conditions but OpenSSL may perform a long running operation without calling the callback right away. Fixes: /~https://github.com/nodejs/node/issues/56449 PR-URL: /~https://github.com/nodejs/node/pull/56460 Reviewed-By: Yagiz Nizipli Reviewed-By: Antoine du Hamel --- doc/api/crypto.md | 14 +++++++++++ src/crypto/crypto_random.cc | 40 ++++++++++++++++++++++-------- test/parallel/test-crypto-prime.js | 16 ++++++++++++ 3 files changed, 59 insertions(+), 11 deletions(-) diff --git a/doc/api/crypto.md b/doc/api/crypto.md index 9c073f7c99bb3f..2f11a947d0b98e 100644 --- a/doc/api/crypto.md +++ b/doc/api/crypto.md @@ -3940,6 +3940,13 @@ By default, the prime is encoded as a big-endian sequence of octets in an {ArrayBuffer}. If the `bigint` option is `true`, then a {bigint} is provided. +The `size` of the prime will have a direct impact on how long it takes to +generate the prime. The larger the size, the longer it will take. Because +we use OpenSSL's `BN_generate_prime_ex` function, which provides only +minimal control over our ability to interrupt the generation process, +it is not recommended to generate overly large primes, as doing so may make +the process unresponsive. + ### `crypto.generatePrimeSync(size[, options])`