From d4260a20e5f6cb2a80a86f86007510caa933db31 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tobias=20Nie=C3=9Fen?= Date: Sun, 11 Sep 2022 00:21:14 +0200 Subject: [PATCH] crypto: restrict PBKDF2 args to signed int OpenSSL internally represents the output length and the iteration count as signed integers, which is why node's C++ implementation expects these arguments to fit into signed integers as well. The JavaScript validation logic, however, only requires the arguments to be unsigned 32-bit integers, which is a superset of non-negative (signed) 32-bit integers. Change the JavaScript validation to match the expectation within C++. Fixes: /~https://github.com/nodejs/node/issues/44570 PR-URL: /~https://github.com/nodejs/node/pull/44575 Reviewed-By: Filip Skokan Reviewed-By: Luigi Pinca Reviewed-By: Rich Trott Reviewed-By: Mohammed Keyvanzadeh Backport-PR-URL: /~https://github.com/nodejs/node/pull/44872 --- lib/internal/crypto/pbkdf2.js | 7 +++++-- test/parallel/test-crypto-pbkdf2.js | 4 ++-- 2 files changed, 7 insertions(+), 4 deletions(-) diff --git a/lib/internal/crypto/pbkdf2.js b/lib/internal/crypto/pbkdf2.js index 755126283c9abc..ce65c9b6ebb7bb 100644 --- a/lib/internal/crypto/pbkdf2.js +++ b/lib/internal/crypto/pbkdf2.js @@ -15,6 +15,7 @@ const { const { validateCallback, + validateInt32, validateInteger, validateString, validateUint32, @@ -91,8 +92,10 @@ function check(password, salt, iterations, keylen, digest) { password = getArrayBufferOrView(password, 'password'); salt = getArrayBufferOrView(salt, 'salt'); - validateUint32(iterations, 'iterations', true); - validateUint32(keylen, 'keylen'); + // OpenSSL uses a signed int to represent these values, so we are restricted + // to the 31-bit range here (which is plenty). + validateInt32(iterations, 'iterations', 1); + validateInt32(keylen, 'keylen', 0); return { password, salt, iterations, keylen, digest }; } diff --git a/test/parallel/test-crypto-pbkdf2.js b/test/parallel/test-crypto-pbkdf2.js index cfd173d20f4860..08af17212582b5 100644 --- a/test/parallel/test-crypto-pbkdf2.js +++ b/test/parallel/test-crypto-pbkdf2.js @@ -63,7 +63,7 @@ assert.throws( } ); -for (const iterations of [-1, 0]) { +for (const iterations of [-1, 0, 2147483648]) { assert.throws( () => crypto.pbkdf2Sync('password', 'salt', iterations, 20, 'sha1'), { @@ -98,7 +98,7 @@ for (const iterations of [-1, 0]) { }); }); -[-1, 4294967297].forEach((input) => { +[-1, 2147483648, 4294967296].forEach((input) => { assert.throws( () => { crypto.pbkdf2('password', 'salt', 1, input, 'sha256',