Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Appearance settings

Commit 05bf817

Browse filesBrowse files
panvadanielleadams
panva
authored and
danielleadams
committed
crypto: fix webcrypto deriveBits validations
PR-URL: #44173 Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Tobias Nießen <tniessen@tnie.de>
1 parent 02bcf13 commit 05bf817
Copy full SHA for 05bf817

File tree

Expand file treeCollapse file tree

5 files changed

+23
-521
lines changed
Open diff view settings
Filter options
Expand file treeCollapse file tree

5 files changed

+23
-521
lines changed
Open diff view settings
Collapse file

‎lib/internal/crypto/hkdf.js‎

Copy file name to clipboardExpand all lines: lib/internal/crypto/hkdf.js
+3-1Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -142,7 +142,6 @@ function hkdfSync(hash, key, salt, info, length) {
142142
}
143143

144144
async function hkdfDeriveBits(algorithm, baseKey, length) {
145-
validateUint32(length, 'length');
146145
const { hash } = algorithm;
147146
const salt = getArrayBufferOrView(algorithm.salt, 'algorithm.salt');
148147
const info = getArrayBufferOrView(algorithm.info, 'algorithm.info');
@@ -153,6 +152,9 @@ async function hkdfDeriveBits(algorithm, baseKey, length) {
153152
if (length !== undefined) {
154153
if (length === 0)
155154
throw lazyDOMException('length cannot be zero', 'OperationError');
155+
if (length === null)
156+
throw lazyDOMException('length cannot be null', 'OperationError');
157+
validateUint32(length, 'length');
156158
if (length % 8) {
157159
throw lazyDOMException(
158160
'length must be a multiple of 8',
Collapse file

‎lib/internal/crypto/pbkdf2.js‎

Copy file name to clipboardExpand all lines: lib/internal/crypto/pbkdf2.js
+8-2Lines changed: 8 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -98,13 +98,16 @@ function check(password, salt, iterations, keylen, digest) {
9898
}
9999

100100
async function pbkdf2DeriveBits(algorithm, baseKey, length) {
101-
validateUint32(length, 'length');
102101
const { iterations } = algorithm;
103102
let { hash } = algorithm;
104103
const salt = getArrayBufferOrView(algorithm.salt, 'algorithm.salt');
105104
if (hash === undefined)
106105
throw new ERR_MISSING_OPTION('algorithm.hash');
107-
validateInteger(iterations, 'algorithm.iterations', 1);
106+
validateInteger(iterations, 'algorithm.iterations');
107+
if (iterations === 0)
108+
throw lazyDOMException(
109+
'iterations cannot be zero',
110+
'OperationError');
108111

109112
hash = normalizeHashName(hash.name);
110113

@@ -114,6 +117,9 @@ async function pbkdf2DeriveBits(algorithm, baseKey, length) {
114117
if (length !== undefined) {
115118
if (length === 0)
116119
throw lazyDOMException('length cannot be zero', 'OperationError');
120+
if (length === null)
121+
throw lazyDOMException('length cannot be null', 'OperationError');
122+
validateUint32(length, 'length');
117123
if (length % 8) {
118124
throw lazyDOMException(
119125
'length must be a multiple of 8',
Collapse file

‎test/parallel/test-webcrypto-derivebits-hkdf.js‎

Copy file name to clipboardExpand all lines: test/parallel/test-webcrypto-derivebits-hkdf.js
+6-3Lines changed: 6 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -259,15 +259,18 @@ async function testDeriveBitsBadLengths(
259259
return Promise.all([
260260
assert.rejects(
261261
subtle.deriveBits(algorithm, baseKeys[size], 0), {
262-
message: /length cannot be zero/
262+
message: /length cannot be zero/,
263+
name: 'OperationError',
263264
}),
264265
assert.rejects(
265266
subtle.deriveBits(algorithm, baseKeys[size], null), {
266-
code: 'ERR_INVALID_ARG_TYPE'
267+
message: 'length cannot be null',
268+
name: 'OperationError',
267269
}),
268270
assert.rejects(
269271
subtle.deriveBits(algorithm, baseKeys[size], 15), {
270-
message: /length must be a multiple of 8/
272+
message: /length must be a multiple of 8/,
273+
name: 'OperationError',
271274
}),
272275
]);
273276
}
Collapse file

‎test/pummel/test-webcrypto-derivebits-pbkdf2.js‎

Copy file name to clipboardExpand all lines: test/pummel/test-webcrypto-derivebits-pbkdf2.js
+6-3Lines changed: 6 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -448,15 +448,18 @@ async function testDeriveBitsBadLengths(
448448
return Promise.all([
449449
assert.rejects(
450450
subtle.deriveBits(algorithm, baseKeys[size], 0), {
451-
message: /length cannot be zero/
451+
message: /length cannot be zero/,
452+
name: 'OperationError',
452453
}),
453454
assert.rejects(
454455
subtle.deriveBits(algorithm, baseKeys[size], null), {
455-
code: 'ERR_INVALID_ARG_TYPE'
456+
message: 'length cannot be null',
457+
name: 'OperationError',
456458
}),
457459
assert.rejects(
458460
subtle.deriveBits(algorithm, baseKeys[size], 15), {
459-
message: /length must be a multiple of 8/
461+
message: /length must be a multiple of 8/,
462+
name: 'OperationError',
460463
}),
461464
]);
462465
}

0 commit comments

Comments
0 (0)
Morty Proxy This is a proxified and sanitized view of the page, visit original site.