lib: fix unsigned conversion of 4-byte RSA publicExponent

deepview-autofix · claude · ChALkeR · web-flow · commit 79992fe43673 · 2026-04-20T08:07:26.000+03:00
`bigIntArrayToUnsignedInt` used the signed `&lt;&lt;` operator, so when the
most significant byte of a 4-byte input had its top bit set (e.g.
`[0x80, 0x00, 0x00, 0x01]`) the result was a negative Int32 instead of
the intended unsigned 32-bit value. This caused any RSA `publicExponent`
exactly 4 bytes long with the top bit set to be parsed incorrectly.
Coerce the final value with `&gt;&gt;&gt; 0` and add a unit test.

Co-Authored-By: Claude &lt;noreply@anthropic.com&gt;
Co-Authored-By: DeepView Autofix &lt;276251120+deepview-autofix@users.noreply.github.com&gt;
Co-Authored-By: Nikita Skovoroda &lt;chalkerx@gmail.com&gt;
Signed-off-by: Nikita Skovoroda &lt;chalkerx@gmail.com&gt;
diff --git a/lib/internal/crypto/util.js b/lib/internal/crypto/util.js
@@ -696,7 +696,10 @@ function bigIntArrayToUnsignedInt(input) {
     result |= input[n] << 8 * n_reversed;
   }
 
-  return result;
+  // Coerce the result to an unsigned 32-bit integer. Without this, a most
+  // significant byte with the top bit set (e.g. [0x80, 0x00, 0x00, 0x01])
+  // would be returned as a negative Int32 because of the signed `<<` operator.
+  return result >>> 0;
 }
 
 function bigIntArrayToUnsignedBigInt(input) {
diff --git a/test/parallel/test-webcrypto-util.js b/test/parallel/test-webcrypto-util.js
@@ -8,9 +8,28 @@ if (!common.hasCrypto)
 const assert = require('assert');
 
 const {
+  bigIntArrayToUnsignedInt,
   normalizeAlgorithm,
 } = require('internal/crypto/util');
 
+// bigIntArrayToUnsignedInt must return an unsigned 32-bit value even when
+// the most significant byte has its top bit set. Otherwise the signed `<<`
+// operator yields a negative Int32 for inputs like [0x80, 0x00, 0x00, 0x01].
+{
+  assert.strictEqual(
+    bigIntArrayToUnsignedInt(new Uint8Array([0x80, 0x00, 0x00, 0x01])),
+    0x80000001);
+  assert.strictEqual(
+    bigIntArrayToUnsignedInt(new Uint8Array([0xff, 0xff, 0xff, 0xff])),
+    0xffffffff);
+  assert.strictEqual(
+    bigIntArrayToUnsignedInt(new Uint8Array([1, 0, 1])),
+    65537);
+  assert.strictEqual(
+    bigIntArrayToUnsignedInt(new Uint8Array([1, 0, 0, 0, 0])),
+    undefined);
+}
+
 {
   // Check that normalizeAlgorithm does not mutate object inputs.
   const algorithm = { name: 'ECDSA', hash: 'SHA-256' };

Original file line number	Diff line number	Diff line change
`@@ -696,7 +696,10 @@ function bigIntArrayToUnsignedInt(input) {`
`696`	`696`	`result \|= input[n] << 8 * n_reversed;`
`697`	`697`	`}`
`698`	`698`
`699`		`- return result;`
	`699`	`+ // Coerce the result to an unsigned 32-bit integer. Without this, a most`
	`700`	`+ // significant byte with the top bit set (e.g. [0x80, 0x00, 0x00, 0x01])`
	`701`	+ // would be returned as a negative Int32 because of the signed `<<` operator.
	`702`	`+ return result >>> 0;`
`700`	`703`	`}`
`701`	`704`
`702`	`705`	`function bigIntArrayToUnsignedBigInt(input) {`