PBKDF2 hang (very long loop) if iterations == 0 #2088

guidovranken · 2019-08-30T19:03:07Z

#include <botan/pbkdf.h>
#include <botan/pwdhash.h>

#define CF_CHECK_NE(expr, res) if ( (expr) == (res) ) { goto end; }
int main(void)
{
    std::unique_ptr<::Botan::PasswordHashFamily> pwdhash_fam = nullptr;
    std::unique_ptr<::Botan::PasswordHash> pwdhash = nullptr;
    uint8_t out[1];
    char key[8] = { 0 };
    uint8_t salt[8] = { 0 };

    /* Initialize */
    {
        CF_CHECK_NE(pwdhash_fam = ::Botan::PasswordHashFamily::create("PBKDF2(SHA-256)"), nullptr);
        CF_CHECK_NE(pwdhash = pwdhash_fam->from_params(0), nullptr);
    }
    /* Process */
    {
        pwdhash->derive_key(
                out,
                1,
                key,
                sizeof(key),
                salt,
                sizeof(salt));
    }

end:
    return 0;
}

I think it might be more appropriate to throw an exception?

It would go into a very long loop. OpenSSL treats iterations==0 same as iterations==1 but this seems confusing. Instead just reject it. Unrelated, fix a divide by zero if asked to tune with 0 byte output. Closes GH #2088

randombit · 2019-08-31T14:54:01Z

Fixed now in #2090 thanks!

guidovranken · 2019-08-31T14:58:35Z

You're welcome

randombit added the bug label Aug 30, 2019

randombit mentioned this issue Aug 31, 2019

Fix PBKDF2 with zero iterations #2090

Merged

randombit closed this as completed Aug 31, 2019

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

PBKDF2 hang (very long loop) if iterations == 0 #2088

PBKDF2 hang (very long loop) if iterations == 0 #2088

guidovranken commented Aug 30, 2019

randombit commented Aug 31, 2019

guidovranken commented Aug 31, 2019

PBKDF2 hang (very long loop) if iterations == 0 #2088

PBKDF2 hang (very long loop) if iterations == 0 #2088

Comments

guidovranken commented Aug 30, 2019

randombit commented Aug 31, 2019

guidovranken commented Aug 31, 2019