From c1d9b5b386d9a105b4e653baf8a29e86e02a361f Mon Sep 17 00:00:00 2001
From: Antoine du Hamel <duhamelantoine1995@gmail.com>
Date: Sat, 24 Apr 2021 18:02:05 +0200
Subject: [PATCH] crypto: fix scrypt keylen validation
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Fixes: https://github.com/nodejs/node/issues/38381

PR-URL: https://github.com/nodejs/node/pull/38385
Reviewed-By: Nitzan Uziely <linkgoron@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Juan José Arboleda <soyjuanarbol@gmail.com>
Reviewed-By: Zijian Liu <lxxyxzj@gmail.com>
Reviewed-By: Darshan Sen <raisinten@gmail.com>
---
 lib/internal/crypto/scrypt.js       | 3 ++-
 test/parallel/test-crypto-scrypt.js | 4 ++++
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/lib/internal/crypto/scrypt.js b/lib/internal/crypto/scrypt.js
index 458723df28ffca..45a04905bfd447 100644
--- a/lib/internal/crypto/scrypt.js
+++ b/lib/internal/crypto/scrypt.js
@@ -16,6 +16,7 @@ const {
 const {
   validateCallback,
   validateInteger,
+  validateInt32,
   validateUint32,
 } = require('internal/validators');
 
@@ -90,7 +91,7 @@ function check(password, salt, keylen, options) {
 
   password = getArrayBufferOrView(password, 'password');
   salt = getArrayBufferOrView(salt, 'salt');
-  validateUint32(keylen, 'keylen');
+  validateInt32(keylen, 'keylen', 0);
 
   let { N, r, p, maxmem } = defaults;
   if (options && options !== defaults) {
diff --git a/test/parallel/test-crypto-scrypt.js b/test/parallel/test-crypto-scrypt.js
index 9db69646bbfb0a..7b695a36f2b5a4 100644
--- a/test/parallel/test-crypto-scrypt.js
+++ b/test/parallel/test-crypto-scrypt.js
@@ -143,6 +143,10 @@ const badargs = [
     args: ['', '', -42],
     expected: { code: 'ERR_OUT_OF_RANGE', message: /"keylen"/ },
   },
+  {
+    args: ['', '', 2147485780],
+    expected: { code: 'ERR_OUT_OF_RANGE', message: /"keylen"/ },
+  },
 ];
 
 for (const options of good) {