otp_crypto: reject zero iterations in PBKDF2

petermm · ampcode-com · petermm · commit 5dcd891e82ab · 2026-03-21T15:03:42.000+01:00
PBKDF2 with zero iterations would silently produce weak/empty output. Explicitly reject iterations == 0 with a clear error message. Amp-Thread-ID: https://ampcode.com/threads/T-019d108a-c8e4-72f4-924c-997ffe14adac Co-authored-by: Amp <amp@ampcode.com>
diff --git a/src/libAtomVM/otp_crypto.c b/src/libAtomVM/otp_crypto.c
@@ -3534,6 +3534,11 @@ static term nif_crypto_pbkdf2_hmac(Context *ctx, int argc, term argv[])
         goto cleanup;
     }
     uint32_t iterations = term_to_uint32(iterations_term);
+    if (UNLIKELY(iterations == 0)) {
+        result
+            = make_crypto_error(__FILE__, __LINE__, "Iterations must be a positive integer", ctx);
+        goto cleanup;
+    }
 
     term key_len_term = argv[4];
     if (UNLIKELY(!term_is_pos_int(key_len_term))) {
