Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP2:GA
libgcrypt.6072
libgcrypt-fips_PKBKDF_missing_step1.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File libgcrypt-fips_PKBKDF_missing_step1.patch of Package libgcrypt.6072
Index: libgcrypt-1.6.1/cipher/kdf.c =================================================================== --- libgcrypt-1.6.1.orig/cipher/kdf.c 2014-09-29 17:21:26.915174779 +0200 +++ libgcrypt-1.6.1/cipher/kdf.c 2014-10-01 18:05:12.881281604 +0200 @@ -126,20 +126,20 @@ _gcry_kdf_pkdf2 (const void *passphrase, gpg_err_code_t ec; gcry_md_hd_t md; int secmode; - unsigned int dklen = keysize; + unsigned long dklen = keysize; char *dk = keybuffer; unsigned int hlen; /* Output length of the digest function. */ - unsigned int l; /* Rounded up number of blocks. */ + unsigned long l; /* Rounded up number of blocks. */ unsigned int r; /* Number of octets in the last block. */ char *sbuf; /* Malloced buffer to concatenate salt and iter as well as space to hold TBUF and UBUF. */ char *tbuf; /* Buffer for T; ptr into SBUF, size is HLEN. */ char *ubuf; /* Buffer for U; ptr into SBUF, size is HLEN. */ - unsigned int lidx; /* Current block number. */ + unsigned long lidx; /* Current block number. */ unsigned long iter; /* Current iteration number. */ unsigned int i; - /* NWe allow for a saltlen of 0 here to support scrypt. It is not + /* We allow for a saltlen of 0 here to support scrypt. It is not clear whether rfc2898 allows for this this, thus we do a test on saltlen > 0 only in gcry_kdf_derive. */ if (!salt || !iterations || !dklen) @@ -151,8 +151,10 @@ _gcry_kdf_pkdf2 (const void *passphrase, secmode = _gcry_is_secure (passphrase) || _gcry_is_secure (keybuffer); - /* We ignore step 1 from pksc5v2.1 which demands a check that dklen - is not larger that 0xffffffff * hlen. */ + /* Step 1 */ + /* If dkLen > (2^32 - 1) * hLen, output "derived key too long" and stop. */ + if (dklen > 4294967295U) + return GPG_ERR_INV_VALUE; /* Step 2 */ l = ((dklen - 1)/ hlen) + 1;
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor