aboutsummaryrefslogtreecommitdiff
path: root/crypto/pbkdf.c
diff options
context:
space:
mode:
authorDaniel P. Berrange <berrange@redhat.com>2016-09-12 12:50:12 +0100
committerDaniel P. Berrange <berrange@redhat.com>2016-09-19 16:30:42 +0100
commit59b060be184aff59cfa101c937c8139e66f452f2 (patch)
tree13d4ef9afbe1339633ecb47b64794d6da8a2a525 /crypto/pbkdf.c
parent0f2fa73ba0ca19ebdaccf0d1785583d6601411b6 (diff)
downloadqemu-59b060be184aff59cfa101c937c8139e66f452f2.zip
qemu-59b060be184aff59cfa101c937c8139e66f452f2.tar.gz
qemu-59b060be184aff59cfa101c937c8139e66f452f2.tar.bz2
crypto: use uint64_t for pbkdf iteration count parameters
The qcrypto_pbkdf_count_iters method uses a 64 bit int but then checks its value against INT32_MAX before returning it. This bounds check is premature, because the calling code may well scale the iteration count by some value. It is thus better to return a 64-bit integer and let the caller do range checking. For consistency the qcrypto_pbkdf method is also changed to accept a 64bit int, though this is somewhat academic since nettle is limited to taking an 'int' while gcrypt is limited to taking a 'long int'. Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Diffstat (limited to 'crypto/pbkdf.c')
-rw-r--r--crypto/pbkdf.c16
1 files changed, 5 insertions, 11 deletions
diff --git a/crypto/pbkdf.c b/crypto/pbkdf.c
index 695cc35..929458b 100644
--- a/crypto/pbkdf.c
+++ b/crypto/pbkdf.c
@@ -62,13 +62,13 @@ static int qcrypto_pbkdf2_get_thread_cpu(unsigned long long *val_ms,
#endif
}
-int qcrypto_pbkdf2_count_iters(QCryptoHashAlgorithm hash,
- const uint8_t *key, size_t nkey,
- const uint8_t *salt, size_t nsalt,
- Error **errp)
+uint64_t qcrypto_pbkdf2_count_iters(QCryptoHashAlgorithm hash,
+ const uint8_t *key, size_t nkey,
+ const uint8_t *salt, size_t nsalt,
+ Error **errp)
{
uint8_t out[32];
- long long int iterations = (1 << 15);
+ uint64_t iterations = (1 << 15);
unsigned long long delta_ms, start_ms, end_ms;
while (1) {
@@ -100,11 +100,5 @@ int qcrypto_pbkdf2_count_iters(QCryptoHashAlgorithm hash,
iterations = iterations * 1000 / delta_ms;
- if (iterations > INT32_MAX) {
- error_setg(errp, "Iterations %lld too large for a 32-bit int",
- iterations);
- return -1;
- }
-
return iterations;
}