-
Notifications
You must be signed in to change notification settings - Fork 30.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
crypto: PBKDF2 works with int
not ssize_t
#5397
Conversation
Change types of all PBKDF2 params to `int` as they are `int` in `evp.h`. Check that `raw_keylen` fits into `int` before passing it to OpenSSL. Fix: nodejs#5396
cc @nodejs/crypto R = @bnoordhuis or @shigeki |
ACK. |
LGTM if CI is fine. |
@shigeki I'm afraid that CI is down 😢 (please pardon my terrible sense of humor). |
crypto.pbkdf2('password', 'salt', 1, 4073741824, 'sha256', common.fail); | ||
}, function(err) { | ||
return err instanceof Error && err.message === 'Bad key length'; | ||
}); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You can condense the check callback to just /Bad key length/
.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ack.
LGTM with a suggestion. |
@bnoordhuis I took some courage and changed the rest of "Bad key length" occurrences. Hopefully this is OK to you. |
CI is unhappy with the change. Looks like I will need to study this a bit more than I thought. |
keylen = args[3]->NumberValue(); | ||
if (keylen < 0 || isnan(keylen) || isinf(keylen)) { | ||
raw_keylen = args[3]->NumberValue(); | ||
if (raw_keylen < 0.0 || isnan(raw_keylen) || isinf(raw_keylen)) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You should probably write this as:
if (!std::isfinite(raw_keylen) || raw_keylen < 0 || raw_keylen > INT_MAX) {
// ...
}
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ack.
CI is green, the commit goes in. Landed in da3f425, thank you everyone! |
Change types of all PBKDF2 params to `int` as they are `int` in `evp.h`. Check that `raw_keylen` fits into `int` before passing it to OpenSSL. Fix: #5396 PR-URL: #5397 Reviewed-By: Shigeki Ohtsu <ohtsu@iij.ad.jp> Reviewed-By: Ben Noorhduis <info@bnoordhuis.nl> Conflicts: test/parallel/test-crypto-pbkdf2.js
Pull Request check-list
Please make sure to review and check all of these items:
make -j8 test
(UNIX) orvcbuild test nosign
(Windows) pass withthis change (including linting)?
test (or a benchmark) included?
existing APIs, or introduces new ones)?
NOTE: these things are not required to open a PR and can be done afterwards /
while the PR is open.
Affected core subsystem(s)
Please provide affected core subsystem(s) (like buffer, cluster, crypto, etc)
Description of change
Change types of all PBKDF2 params to
int
as they areint
inevp.h
.Check that
raw_keylen
fits intoint
before passing it to OpenSSL.Fix: #5396