PBKDF2 different results from Chrome/Edge

RESOLVED DUPLICATE of bug 1271350

Status

()

--
major
RESOLVED DUPLICATE of bug 1271350
2 years ago
2 years ago

People

(Reporter: mihaly.lengyel, Unassigned)

Tracking

46 Branch
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(Reporter)

Description

2 years ago
User Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.94 Safari/537.36

Steps to reproduce:

Running the code below doesn't give the same results as Chrome/Edge (with or without the .buffer):
window.crypto.subtle.importKey('raw',
	new Uint8Array([156, 19, 162, 59, 197, 138, 82, 190, 139, 180, 250, 26, 44, 189, 255, 1, 116, 114, 101, 115, 111, 114, 105, 116, 95, 100, 98, 95, 114, 101, 99, 111, 114, 100, 95, 105, 100]).buffer,
	{name: 'PBKDF2', hash: { name: 'SHA-256' } }, false, ['deriveBits'])
 .then(key => 
	window.crypto.subtle.deriveBits({ name: "PBKDF2", hash: { name: 'SHA-256'}, salt: new Uint8Array(0).buffer, iterations: 1 }, key, 256))
 .then(res => console.log(new Uint8Array(res)), rej => console.log(rej));


Actual results:

I didn't get the same results as in Chrome.


Expected results:

The same results I get in other browsers.
(Reporter)

Updated

2 years ago
Severity: normal → major

Updated

2 years ago
Component: Untriaged → Security
Product: Firefox → Core
This is the same as bug 1271350 - NSS is doing the wrong thing given a zero-length salt.
Status: UNCONFIRMED → RESOLVED
Last Resolved: 2 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 1271350
You need to log in before you can comment on or make changes to this bug.