Skip to content
This repository was archived by the owner on Oct 23, 2020. It is now read-only.

Throw OperationError if PBKDF2 iterations is zero#29

Merged
tniessen merged 1 commit intonodejs:masterfrom
tniessen:pbkdf2-throw-operationerror-zero-iterations
Nov 21, 2019
Merged

Throw OperationError if PBKDF2 iterations is zero#29
tniessen merged 1 commit intonodejs:masterfrom
tniessen:pbkdf2-throw-operationerror-zero-iterations

Conversation

@tniessen
Copy link
Copy Markdown
Member

@tniessen tniessen commented Nov 21, 2019

Node.js accepts an iteration count of zero, but WebCrypto requires an OperationError. This fixes 468 WPTs.

@tniessen
Throw OperationError if PBKDF2 iterations is zero
a5e2906 
Node.js accepts an iteration count of zero, but WebCrypto requires an
OperationError.
bnoordhuis
bnoordhuis approved these changes Nov 21, 2019
View reviewed changes
Copy link
Copy Markdown
Member

@bnoordhuis bnoordhuis left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM FWIW. Would you say it's a good idea to make it an error in Node.js core too? I can't think of a single legitimate reason why you would want to perform zero iterations and plenty of why an input of 0 is probably an accident.

@tniessen
Copy link
Copy Markdown
Member Author

tniessen commented Nov 21, 2019

@bnoordhuis I think it would be a breaking change. But I tend to agree, and I considered going one step further and suggesting the change to OpenSSL. According to RFC 2898, zero is not a valid parameter, but I am not so sure about NIST SP 800-132. The latter does not seem to explicitely forbid setting iterations to zero.

@tniessen
Copy link
Copy Markdown
Member Author

tniessen commented Nov 21, 2019
edited
Loading

I just looked at OpenSSL, and the implementation in OpenSSL 1.1.1 seems to treat values <= 1 as 1. OpenSSL master, however, appears to forbid such inputs.

Experimentally confirmed: Setting the iteration count to zero in Node.js results in the same output as setting it to one.

I probably should have looked at the documentation first: "Any iter less than 1 is treated as a single iteration."

@tniessen tniessen mentioned this pull request Nov 21, 2019
Closed
4 tasks
@tniessen tniessen merged commit f97c0d1 into nodejs:master Nov 21, 2019
@tniessen tniessen deleted the pbkdf2-throw-operationerror-zero-iterations branch November 21, 2019 15:12
tniessen added a commit to tniessen/node that referenced this pull request Nov 24, 2019
@tniessen
crypto: forbid setting the PBKDF2 iter count to 0
a1ba429 
RFC 2898 does not permit an iteration count of zero, and OpenSSL 1.1.1
will treat it as one iteration internally.

Future OpenSSL versions will reject such inputs (already on master
branch), but until that happens, Node.js should manually reject them.

Refs: nodejs/webcrypto#29
addaleax pushed a commit to nodejs/node that referenced this pull request Nov 27, 2019
@tniessen @addaleax
crypto: forbid setting the PBKDF2 iter count to 0
10f5fa7 
RFC 2898 does not permit an iteration count of zero, and OpenSSL 1.1.1
will treat it as one iteration internally.

Future OpenSSL versions will reject such inputs (already on master
branch), but until that happens, Node.js should manually reject them.

Refs: nodejs/webcrypto#29

PR-URL: #30578
Reviewed-By: Colin Ihrig <[email protected]>
Reviewed-By: Luigi Pinca <[email protected]>
Reviewed-By: Ben Noordhuis <[email protected]>
Reviewed-By: David Carlier <[email protected]>
Reviewed-By: Anna Henningsen <[email protected]>
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

2 more reviewers

@bnoordhuis bnoordhuis bnoordhuis approved these changes

@cjihrig cjihrig cjihrig approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@tniessen @bnoordhuis @cjihrig