Define the deriveBits length parameter as optional

https://bugs.webkit.org/show_bug.cgi?id=276394 Reviewed by Youenn Fablet and Nitin Mahendru. The PR#345 [1] to the WebCryptoAPI spec defines now the 'length' parameter as optional, defaulting to 'null'. This change tries to solve a long-standing interoperability issue in the deriveBits operation. This patch implements the required changes in the IDL so that the 'length' parameter is declared as optional, with 'null' as default value when omitted. The affected algorithms (ECDH, HKDF, PBKDF2 and X25519) are adapted to the parameter's new type. The PR#43400 [2] defined tests for the new behavior of the afected algorithms, which they all pass now. [1] w3c/webcrypto#345 [2] web-platform-tests/wpt#43400 * LayoutTests/crypto/subtle/derive-bits-malformed-parameters-expected.txt: * LayoutTests/crypto/subtle/derive-bits-malformed-parameters.html: * LayoutTests/imported/w3c/web-platform-tests/WebCryptoAPI/derive_bits_keys/derived_bits_length.https.any-expected.txt: * LayoutTests/imported/w3c/web-platform-tests/WebCryptoAPI/derive_bits_keys/derived_bits_length.https.any.worker-expected.txt: * LayoutTests/imported/w3c/web-platform-tests/WebCryptoAPI/idlharness.https.any-expected.txt: * LayoutTests/imported/w3c/web-platform-tests/WebCryptoAPI/idlharness.https.any.worker-expected.txt: * Source/WebCore/crypto/CryptoAlgorithm.cpp: (WebCore::CryptoAlgorithm::deriveBits): * Source/WebCore/crypto/CryptoAlgorithm.h: * Source/WebCore/crypto/SubtleCrypto.cpp: (WebCore::SubtleCrypto::deriveKey): (WebCore::SubtleCrypto::deriveBits): * Source/WebCore/crypto/SubtleCrypto.h: * Source/WebCore/crypto/SubtleCrypto.idl: * Source/WebCore/crypto/algorithms/CryptoAlgorithmECDH.cpp: (WebCore::CryptoAlgorithmECDH::deriveBits): * Source/WebCore/crypto/algorithms/CryptoAlgorithmECDH.h: * Source/WebCore/crypto/algorithms/CryptoAlgorithmHKDF.cpp: (WebCore::CryptoAlgorithmHKDF::deriveBits): * Source/WebCore/crypto/algorithms/CryptoAlgorithmHKDF.h: * Source/WebCore/crypto/algorithms/CryptoAlgorithmPBKDF2.cpp: (WebCore::CryptoAlgorithmPBKDF2::deriveBits): * Source/WebCore/crypto/algorithms/CryptoAlgorithmPBKDF2.h: * Source/WebCore/crypto/algorithms/CryptoAlgorithmX25519.cpp: (WebCore::CryptoAlgorithmX25519::deriveBits): * Source/WebCore/crypto/algorithms/CryptoAlgorithmX25519.h:
javifernandez · Jul 22, 2024 · 3d5c213 · 3d5c213
1 parent 70b7f28
commit 3d5c213
Show file tree

Hide file tree

Showing 19 changed files with 34 additions and 36 deletions.
diff --git a/LayoutTests/crypto/subtle/derive-bits-malformed-parameters-expected.txt b/LayoutTests/crypto/subtle/derive-bits-malformed-parameters-expected.txt
@@ -5,7 +5,6 @@ On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE
 
 PASS crypto.subtle.deriveBits() rejected promise  with TypeError: Not enough arguments.
 PASS crypto.subtle.deriveBits(1) rejected promise  with TypeError: Not enough arguments.
-PASS crypto.subtle.deriveBits(1, 2) rejected promise  with TypeError: Not enough arguments.
 PASS crypto.subtle.deriveBits({ name:"ECDH", public:wrongKey }, wrongKey, 128) rejected promise  with InvalidAccessError: CryptoKey doesn't match AlgorithmIdentifier.
 PASS crypto.subtle.deriveBits({ name:"ECDH", public:wrongKey }, wrongKey, 128) rejected promise  with InvalidAccessError: CryptoKey doesn't support bits derivation.
 PASS successfullyParsed is true

diff --git a/LayoutTests/crypto/subtle/derive-bits-malformed-parameters.html b/LayoutTests/crypto/subtle/derive-bits-malformed-parameters.html
@@ -32,7 +32,6 @@
 // Not enough arguments.
 shouldReject('crypto.subtle.deriveBits()');
 shouldReject('crypto.subtle.deriveBits(1)');
-shouldReject('crypto.subtle.deriveBits(1, 2)');
 
 crypto.subtle.importKey("raw", rawKey, hmacImportParams, extractable, ["sign", "verify"]).then(function(result) {
     wrongKey = result;

diff --git a/...b-platform-tests/WebCryptoAPI/derive_bits_keys/derived_bits_length.https.any-expected.txt b/...b-platform-tests/WebCryptoAPI/derive_bits_keys/derived_bits_length.https.any-expected.txt
@@ -4,20 +4,20 @@ PASS HKDF derivation with 256 as 'length' parameter
 PASS HKDF derivation with 0 as 'length' parameter
 PASS HKDF derivation with null as 'length' parameter
 PASS HKDF derivation with undefined as 'length' parameter
-FAIL HKDF derivation with omitted as 'length' parameter assert_equals: deriveBits correctly threw OperationError: Not enough arguments expected "OperationError" but got "TypeError"
+PASS HKDF derivation with omitted as 'length' parameter
 PASS PBKDF2 derivation with 256 as 'length' parameter
 PASS PBKDF2 derivation with 0 as 'length' parameter
 PASS PBKDF2 derivation with null as 'length' parameter
 PASS PBKDF2 derivation with undefined as 'length' parameter
-FAIL PBKDF2 derivation with omitted as 'length' parameter assert_equals: deriveBits correctly threw OperationError: Not enough arguments expected "OperationError" but got "TypeError"
+PASS PBKDF2 derivation with omitted as 'length' parameter
 PASS ECDH derivation with 256 as 'length' parameter
 FAIL ECDH derivation with 0 as 'length' parameter assert_array_equals: Derived bits do not match the expected result. lengths differ, expected array object "" length 0, got object "87,31,26,232,151,28,227,35,250,17,131,137,203,95,65,196,59,61,181,161" length 32
 PASS ECDH derivation with null as 'length' parameter
 PASS ECDH derivation with undefined as 'length' parameter
-FAIL ECDH derivation with omitted as 'length' parameter promise_test: Unhandled rejection with value: object "TypeError: Not enough arguments"
+PASS ECDH derivation with omitted as 'length' parameter
 PASS X25519 derivation with 256 as 'length' parameter
 FAIL X25519 derivation with 0 as 'length' parameter assert_array_equals: Derived bits do not match the expected result. lengths differ, expected array object "" length 0, got object "63,245,136,2,149,247,97,118,8,143,137,228,61,254,190,126,161,149,0,8" length 32
 PASS X25519 derivation with null as 'length' parameter
 PASS X25519 derivation with undefined as 'length' parameter
-FAIL X25519 derivation with omitted as 'length' parameter promise_test: Unhandled rejection with value: object "TypeError: Not enough arguments"
+PASS X25519 derivation with omitted as 'length' parameter
 
diff --git a/...orm-tests/WebCryptoAPI/derive_bits_keys/derived_bits_length.https.any.worker-expected.txt b/...orm-tests/WebCryptoAPI/derive_bits_keys/derived_bits_length.https.any.worker-expected.txt
@@ -4,20 +4,20 @@ PASS HKDF derivation with 256 as 'length' parameter
 PASS HKDF derivation with 0 as 'length' parameter
 PASS HKDF derivation with null as 'length' parameter
 PASS HKDF derivation with undefined as 'length' parameter
-FAIL HKDF derivation with omitted as 'length' parameter assert_equals: deriveBits correctly threw OperationError: Not enough arguments expected "OperationError" but got "TypeError"
+PASS HKDF derivation with omitted as 'length' parameter
 PASS PBKDF2 derivation with 256 as 'length' parameter
 PASS PBKDF2 derivation with 0 as 'length' parameter
 PASS PBKDF2 derivation with null as 'length' parameter
 PASS PBKDF2 derivation with undefined as 'length' parameter
-FAIL PBKDF2 derivation with omitted as 'length' parameter assert_equals: deriveBits correctly threw OperationError: Not enough arguments expected "OperationError" but got "TypeError"
+PASS PBKDF2 derivation with omitted as 'length' parameter
 PASS ECDH derivation with 256 as 'length' parameter
 FAIL ECDH derivation with 0 as 'length' parameter assert_array_equals: Derived bits do not match the expected result. lengths differ, expected array object "" length 0, got object "87,31,26,232,151,28,227,35,250,17,131,137,203,95,65,196,59,61,181,161" length 32
 PASS ECDH derivation with null as 'length' parameter
 PASS ECDH derivation with undefined as 'length' parameter
-FAIL ECDH derivation with omitted as 'length' parameter promise_test: Unhandled rejection with value: object "TypeError: Not enough arguments"
+PASS ECDH derivation with omitted as 'length' parameter
 PASS X25519 derivation with 256 as 'length' parameter
 FAIL X25519 derivation with 0 as 'length' parameter assert_array_equals: Derived bits do not match the expected result. lengths differ, expected array object "" length 0, got object "63,245,136,2,149,247,97,118,8,143,137,228,61,254,190,126,161,149,0,8" length 32
 PASS X25519 derivation with null as 'length' parameter
 PASS X25519 derivation with undefined as 'length' parameter
-FAIL X25519 derivation with omitted as 'length' parameter promise_test: Unhandled rejection with value: object "TypeError: Not enough arguments"
+PASS X25519 derivation with omitted as 'length' parameter
 
diff --git a/LayoutTests/imported/w3c/web-platform-tests/WebCryptoAPI/idlharness.https.any-expected.txt b/LayoutTests/imported/w3c/web-platform-tests/WebCryptoAPI/idlharness.https.any-expected.txt
@@ -49,7 +49,7 @@ PASS SubtleCrypto interface: operation verify(AlgorithmIdentifier, CryptoKey, Bu
 PASS SubtleCrypto interface: operation digest(AlgorithmIdentifier, BufferSource)
 PASS SubtleCrypto interface: operation generateKey(AlgorithmIdentifier, boolean, sequence<KeyUsage>)
 PASS SubtleCrypto interface: operation deriveKey(AlgorithmIdentifier, CryptoKey, AlgorithmIdentifier, boolean, sequence<KeyUsage>)
-PASS SubtleCrypto interface: operation deriveBits(AlgorithmIdentifier, CryptoKey, unsigned long)
+FAIL SubtleCrypto interface: operation deriveBits(AlgorithmIdentifier, CryptoKey, unsigned long) assert_equals: property has wrong .length expected 3 but got 2
 PASS SubtleCrypto interface: operation importKey(KeyFormat, (BufferSource or JsonWebKey), AlgorithmIdentifier, boolean, sequence<KeyUsage>)
 PASS SubtleCrypto interface: operation exportKey(KeyFormat, CryptoKey)
 PASS SubtleCrypto interface: operation wrapKey(KeyFormat, CryptoKey, CryptoKey, AlgorithmIdentifier)

diff --git a/...sts/imported/w3c/web-platform-tests/WebCryptoAPI/idlharness.https.any.worker-expected.txt b/...sts/imported/w3c/web-platform-tests/WebCryptoAPI/idlharness.https.any.worker-expected.txt
@@ -49,7 +49,7 @@ PASS SubtleCrypto interface: operation verify(AlgorithmIdentifier, CryptoKey, Bu
 PASS SubtleCrypto interface: operation digest(AlgorithmIdentifier, BufferSource)
 PASS SubtleCrypto interface: operation generateKey(AlgorithmIdentifier, boolean, sequence<KeyUsage>)
 PASS SubtleCrypto interface: operation deriveKey(AlgorithmIdentifier, CryptoKey, AlgorithmIdentifier, boolean, sequence<KeyUsage>)
-PASS SubtleCrypto interface: operation deriveBits(AlgorithmIdentifier, CryptoKey, unsigned long)
+FAIL SubtleCrypto interface: operation deriveBits(AlgorithmIdentifier, CryptoKey, unsigned long) assert_equals: property has wrong .length expected 3 but got 2
 PASS SubtleCrypto interface: operation importKey(KeyFormat, (BufferSource or JsonWebKey), AlgorithmIdentifier, boolean, sequence<KeyUsage>)
 PASS SubtleCrypto interface: operation exportKey(KeyFormat, CryptoKey)
 PASS SubtleCrypto interface: operation wrapKey(KeyFormat, CryptoKey, CryptoKey, AlgorithmIdentifier)

diff --git a/Source/WebCore/crypto/CryptoAlgorithm.cpp b/Source/WebCore/crypto/CryptoAlgorithm.cpp
@@ -60,7 +60,7 @@ void CryptoAlgorithm::generateKey(const CryptoAlgorithmParameters&, bool, Crypto
     exceptionCallback(ExceptionCode::NotSupportedError);
 }
 
-void CryptoAlgorithm::deriveBits(const CryptoAlgorithmParameters&, Ref<CryptoKey>&&, size_t, VectorCallback&&, ExceptionCallback&& exceptionCallback, ScriptExecutionContext&, WorkQueue&)
+void CryptoAlgorithm::deriveBits(const CryptoAlgorithmParameters&, Ref<CryptoKey>&&, std::optional<size_t>, VectorCallback&&, ExceptionCallback&& exceptionCallback, ScriptExecutionContext&, WorkQueue&)
 {
     exceptionCallback(ExceptionCode::NotSupportedError);
 }

diff --git a/Source/WebCore/crypto/CryptoAlgorithm.h b/Source/WebCore/crypto/CryptoAlgorithm.h
@@ -68,7 +68,7 @@ class CryptoAlgorithm : public ThreadSafeRefCounted<CryptoAlgorithm> {
     virtual void verify(const CryptoAlgorithmParameters&, Ref<CryptoKey>&&, Vector<uint8_t>&& signature, Vector<uint8_t>&&, BoolCallback&&, ExceptionCallback&&, ScriptExecutionContext&, WorkQueue&);
     virtual void digest(Vector<uint8_t>&&, VectorCallback&&, ExceptionCallback&&, ScriptExecutionContext&, WorkQueue&);
     virtual void generateKey(const CryptoAlgorithmParameters&, bool extractable, CryptoKeyUsageBitmap, KeyOrKeyPairCallback&&, ExceptionCallback&&, ScriptExecutionContext&);
-    virtual void deriveBits(const CryptoAlgorithmParameters&, Ref<CryptoKey>&&, size_t length, VectorCallback&&, ExceptionCallback&&, ScriptExecutionContext&, WorkQueue&);
+    virtual void deriveBits(const CryptoAlgorithmParameters&, Ref<CryptoKey>&&, std::optional<size_t> length, VectorCallback&&, ExceptionCallback&&, ScriptExecutionContext&, WorkQueue&);
     // FIXME: https://bugs.webkit.org/show_bug.cgi?id=169262
     virtual void importKey(CryptoKeyFormat, KeyData&&, const CryptoAlgorithmParameters&, bool extractable, CryptoKeyUsageBitmap, KeyCallback&&, ExceptionCallback&&, UseCryptoKit);
     virtual void exportKey(CryptoKeyFormat, Ref<CryptoKey>&&, KeyDataCallback&&, ExceptionCallback&&, UseCryptoKit);

diff --git a/Source/WebCore/crypto/SubtleCrypto.cpp b/Source/WebCore/crypto/SubtleCrypto.cpp
@@ -936,7 +936,7 @@ void SubtleCrypto::deriveKey(JSC::JSGlobalObject& state, AlgorithmIdentifier&& a
         promise->reject(result.releaseException().code(), "Cannot get key length from derivedKeyType"_s);
         return;
     }
-    size_t length = result.releaseReturnValue();
+    std::optional<size_t> length = result.releaseReturnValue();
 
     auto importAlgorithm = CryptoAlgorithmRegistry::singleton().create(importParams->identifier);
     auto algorithm = CryptoAlgorithmRegistry::singleton().create(params->identifier);
@@ -972,7 +972,7 @@ void SubtleCrypto::deriveKey(JSC::JSGlobalObject& state, AlgorithmIdentifier&& a
     algorithm->deriveBits(*params, baseKey, length, WTFMove(callback), WTFMove(exceptionCallback), *scriptExecutionContext(), m_workQueue);
 }
 
-void SubtleCrypto::deriveBits(JSC::JSGlobalObject& state, AlgorithmIdentifier&& algorithmIdentifier, CryptoKey& baseKey, unsigned length, Ref<DeferredPromise>&& promise)
+void SubtleCrypto::deriveBits(JSC::JSGlobalObject& state, AlgorithmIdentifier&& algorithmIdentifier, CryptoKey& baseKey, std::optional<unsigned> length, Ref<DeferredPromise>&& promise)
 {
     auto paramsOrException = normalizeCryptoAlgorithmParameters(state, WTFMove(algorithmIdentifier), Operations::DeriveBits);
     if (paramsOrException.hasException()) {

diff --git a/Source/WebCore/crypto/SubtleCrypto.h b/Source/WebCore/crypto/SubtleCrypto.h
@@ -68,7 +68,7 @@ class SubtleCrypto : public ContextDestructionObserver, public RefCounted<Subtle
     void digest(JSC::JSGlobalObject&, AlgorithmIdentifier&&, BufferSource&& data, Ref<DeferredPromise>&&);
     void generateKey(JSC::JSGlobalObject&, AlgorithmIdentifier&&, bool extractable, Vector<CryptoKeyUsage>&& keyUsages, Ref<DeferredPromise>&&);
     void deriveKey(JSC::JSGlobalObject&, AlgorithmIdentifier&&, CryptoKey& baseKey, AlgorithmIdentifier&& derivedKeyType, bool extractable, Vector<CryptoKeyUsage>&&, Ref<DeferredPromise>&&);
-    void deriveBits(JSC::JSGlobalObject&, AlgorithmIdentifier&&, CryptoKey& baseKey, unsigned length, Ref<DeferredPromise>&&);
+    void deriveBits(JSC::JSGlobalObject&, AlgorithmIdentifier&&, CryptoKey& baseKey, std::optional<unsigned> length, Ref<DeferredPromise>&&);
     void importKey(JSC::JSGlobalObject&, KeyFormat, KeyDataVariant&&, AlgorithmIdentifier&&, bool extractable, Vector<CryptoKeyUsage>&&, Ref<DeferredPromise>&&);
     void exportKey(KeyFormat, CryptoKey&, Ref<DeferredPromise>&&);
     void wrapKey(JSC::JSGlobalObject&, KeyFormat, CryptoKey&, CryptoKey& wrappingKey, AlgorithmIdentifier&& wrapAlgorithm, Ref<DeferredPromise>&&);

diff --git a/Source/WebCore/crypto/SubtleCrypto.idl b/Source/WebCore/crypto/SubtleCrypto.idl
@@ -39,7 +39,7 @@ typedef (object or DOMString) AlgorithmIdentifier;
     [CallWith=CurrentGlobalObject] Promise<any> digest(AlgorithmIdentifier algorithm, BufferSource data);
     [CallWith=CurrentGlobalObject] Promise<any> generateKey(AlgorithmIdentifier algorithm, boolean extractable, sequence<CryptoKeyUsage> keyUsages);
     [CallWith=CurrentGlobalObject] Promise<any> deriveKey(AlgorithmIdentifier algorithm, CryptoKey baseKey, AlgorithmIdentifier derivedKeyType, boolean extractable, sequence<CryptoKeyUsage> keyUsages);
-    [CallWith=CurrentGlobalObject] Promise<ArrayBuffer> deriveBits(AlgorithmIdentifier algorithm, CryptoKey baseKey, unsigned long length);
+    [CallWith=CurrentGlobalObject] Promise<ArrayBuffer> deriveBits(AlgorithmIdentifier algorithm, CryptoKey baseKey, optional unsigned long? length = null);
     [CallWith=CurrentGlobalObject] Promise<CryptoKey> importKey(KeyFormat format, (BufferSource or JsonWebKey) keyData, AlgorithmIdentifier algorithm, boolean extractable, sequence<CryptoKeyUsage> keyUsages);
     Promise<any> exportKey(KeyFormat format, CryptoKey key);
     [CallWith=CurrentGlobalObject] Promise<any> wrapKey(KeyFormat format, CryptoKey key, CryptoKey wrappingKey, AlgorithmIdentifier wrapAlgorithm);

diff --git a/Source/WebCore/crypto/algorithms/CryptoAlgorithmECDH.cpp b/Source/WebCore/crypto/algorithms/CryptoAlgorithmECDH.cpp
@@ -66,7 +66,7 @@ void CryptoAlgorithmECDH::generateKey(const CryptoAlgorithmParameters& parameter
     callback(WTFMove(pair));
 }
 
-void CryptoAlgorithmECDH::deriveBits(const CryptoAlgorithmParameters& parameters, Ref<CryptoKey>&& baseKey, size_t length, VectorCallback&& callback, ExceptionCallback&& exceptionCallback, ScriptExecutionContext& context, WorkQueue& workQueue)
+void CryptoAlgorithmECDH::deriveBits(const CryptoAlgorithmParameters& parameters, Ref<CryptoKey>&& baseKey, std::optional<size_t> length, VectorCallback&& callback, ExceptionCallback&& exceptionCallback, ScriptExecutionContext& context, WorkQueue& workQueue)
 {
     auto& ecParameters = downcast<CryptoAlgorithmEcdhKeyDeriveParams>(parameters);
 
@@ -90,16 +90,16 @@ void CryptoAlgorithmECDH::deriveBits(const CryptoAlgorithmParameters& parameters
         return;
     }
 
-    auto unifiedCallback = [callback = WTFMove(callback), exceptionCallback = WTFMove(exceptionCallback)](std::optional<Vector<uint8_t>>&& derivedKey, size_t length) mutable {
+    auto unifiedCallback = [callback = WTFMove(callback), exceptionCallback = WTFMove(exceptionCallback)](std::optional<Vector<uint8_t>>&& derivedKey, std::optional<size_t> length) mutable {
         if (!derivedKey) {
             exceptionCallback(ExceptionCode::OperationError);
             return;
         }
-        if (!length) {
+        if (!length || !(*length)) {
             callback(WTFMove(*derivedKey));
             return;
         }
-        auto lengthInBytes = std::ceil(length / 8.);
+        auto lengthInBytes = std::ceil(*length / 8.);
         if (lengthInBytes > (*derivedKey).size()) {
             exceptionCallback(ExceptionCode::OperationError);
             return;

diff --git a/Source/WebCore/crypto/algorithms/CryptoAlgorithmECDH.h b/Source/WebCore/crypto/algorithms/CryptoAlgorithmECDH.h
@@ -45,7 +45,7 @@ class CryptoAlgorithmECDH final : public CryptoAlgorithm {
     CryptoAlgorithmIdentifier identifier() const final;
 
     void generateKey(const CryptoAlgorithmParameters&, bool extractable, CryptoKeyUsageBitmap, KeyOrKeyPairCallback&&, ExceptionCallback&&, ScriptExecutionContext&) final;
-    void deriveBits(const CryptoAlgorithmParameters&, Ref<CryptoKey>&&, size_t length, VectorCallback&&, ExceptionCallback&&, ScriptExecutionContext&, WorkQueue&) final;
+    void deriveBits(const CryptoAlgorithmParameters&, Ref<CryptoKey>&&, std::optional<size_t> length, VectorCallback&&, ExceptionCallback&&, ScriptExecutionContext&, WorkQueue&) final;
     void importKey(CryptoKeyFormat, KeyData&&, const CryptoAlgorithmParameters&, bool extractable, CryptoKeyUsageBitmap, KeyCallback&&, ExceptionCallback&&, UseCryptoKit) final;
     void exportKey(CryptoKeyFormat, Ref<CryptoKey>&&, KeyDataCallback&&, ExceptionCallback&&, UseCryptoKit) final;
 };

diff --git a/Source/WebCore/crypto/algorithms/CryptoAlgorithmHKDF.cpp b/Source/WebCore/crypto/algorithms/CryptoAlgorithmHKDF.cpp
@@ -44,17 +44,17 @@ CryptoAlgorithmIdentifier CryptoAlgorithmHKDF::identifier() const
     return s_identifier;
 }
 
-void CryptoAlgorithmHKDF::deriveBits(const CryptoAlgorithmParameters& parameters, Ref<CryptoKey>&& baseKey, size_t length, VectorCallback&& callback, ExceptionCallback&& exceptionCallback, ScriptExecutionContext& context, WorkQueue& workQueue)
+void CryptoAlgorithmHKDF::deriveBits(const CryptoAlgorithmParameters& parameters, Ref<CryptoKey>&& baseKey, std::optional<size_t> length, VectorCallback&& callback, ExceptionCallback&& exceptionCallback, ScriptExecutionContext& context, WorkQueue& workQueue)
 {
-    if (!length || length % 8) {
+    if (!length || !(*length) || *length % 8) {
         exceptionCallback(ExceptionCode::OperationError);
         return;
     }
 
     UseCryptoKit useCryptoKit = context.settingsValues().cryptoKitEnabled ? UseCryptoKit::Yes : UseCryptoKit::No;
     dispatchOperationInWorkQueue(workQueue, context, WTFMove(callback), WTFMove(exceptionCallback),
         [parameters = crossThreadCopy(downcast<CryptoAlgorithmHkdfParams>(parameters)), baseKey = WTFMove(baseKey), length, useCryptoKit] {
-            return platformDeriveBits(parameters, downcast<CryptoKeyRaw>(baseKey.get()), length, useCryptoKit);
+            return platformDeriveBits(parameters, downcast<CryptoKeyRaw>(baseKey.get()), *length, useCryptoKit);
         });
 }
 

diff --git a/Source/WebCore/crypto/algorithms/CryptoAlgorithmHKDF.h b/Source/WebCore/crypto/algorithms/CryptoAlgorithmHKDF.h
@@ -42,7 +42,7 @@ class CryptoAlgorithmHKDF final : public CryptoAlgorithm {
     CryptoAlgorithmHKDF() = default;
     CryptoAlgorithmIdentifier identifier() const final;
 
-    void deriveBits(const CryptoAlgorithmParameters&, Ref<CryptoKey>&&, size_t length, VectorCallback&&, ExceptionCallback&&, ScriptExecutionContext&, WorkQueue&) final;
+    void deriveBits(const CryptoAlgorithmParameters&, Ref<CryptoKey>&&, std::optional<size_t> length, VectorCallback&&, ExceptionCallback&&, ScriptExecutionContext&, WorkQueue&) final;
     void importKey(CryptoKeyFormat, KeyData&&, const CryptoAlgorithmParameters&, bool extractable, CryptoKeyUsageBitmap, KeyCallback&&, ExceptionCallback&&, UseCryptoKit = UseCryptoKit::No) final;
     ExceptionOr<size_t> getKeyLength(const CryptoAlgorithmParameters&) final;
 

diff --git a/Source/WebCore/crypto/algorithms/CryptoAlgorithmPBKDF2.cpp b/Source/WebCore/crypto/algorithms/CryptoAlgorithmPBKDF2.cpp
@@ -43,16 +43,16 @@ CryptoAlgorithmIdentifier CryptoAlgorithmPBKDF2::identifier() const
     return s_identifier;
 }
 
-void CryptoAlgorithmPBKDF2::deriveBits(const CryptoAlgorithmParameters& parameters, Ref<CryptoKey>&& baseKey, size_t length, VectorCallback&& callback, ExceptionCallback&& exceptionCallback, ScriptExecutionContext& context, WorkQueue& workQueue)
+void CryptoAlgorithmPBKDF2::deriveBits(const CryptoAlgorithmParameters& parameters, Ref<CryptoKey>&& baseKey, std::optional<size_t> length, VectorCallback&& callback, ExceptionCallback&& exceptionCallback, ScriptExecutionContext& context, WorkQueue& workQueue)
 {
-    if (!length || length % 8) {
+    if (!length || !(*length) || *length % 8) {
         exceptionCallback(ExceptionCode::OperationError);
         return;
     }
 
     dispatchOperationInWorkQueue(workQueue, context, WTFMove(callback), WTFMove(exceptionCallback),
         [parameters = crossThreadCopy(downcast<CryptoAlgorithmPbkdf2Params>(parameters)), baseKey = WTFMove(baseKey), length] {
-            return platformDeriveBits(parameters, downcast<CryptoKeyRaw>(baseKey.get()), length);
+            return platformDeriveBits(parameters, downcast<CryptoKeyRaw>(baseKey.get()), *length);
         });
 }
 

diff --git a/Source/WebCore/crypto/algorithms/CryptoAlgorithmPBKDF2.h b/Source/WebCore/crypto/algorithms/CryptoAlgorithmPBKDF2.h
@@ -42,7 +42,7 @@ class CryptoAlgorithmPBKDF2 final : public CryptoAlgorithm {
     CryptoAlgorithmPBKDF2() = default;
     CryptoAlgorithmIdentifier identifier() const final;
 
-    void deriveBits(const CryptoAlgorithmParameters&, Ref<CryptoKey>&&, size_t length, VectorCallback&&, ExceptionCallback&&, ScriptExecutionContext&, WorkQueue&) final;
+    void deriveBits(const CryptoAlgorithmParameters&, Ref<CryptoKey>&&, std::optional<size_t> length, VectorCallback&&, ExceptionCallback&&, ScriptExecutionContext&, WorkQueue&) final;
     void importKey(CryptoKeyFormat, KeyData&&, const CryptoAlgorithmParameters&, bool extractable, CryptoKeyUsageBitmap, KeyCallback&&, ExceptionCallback&&, UseCryptoKit = UseCryptoKit::No) final;
     ExceptionOr<size_t> getKeyLength(const CryptoAlgorithmParameters&) final;