Changeset View
Changeset View
Standalone View
Standalone View
b/cipher/kdf.c
Context not available. | |||||
unsigned long iter; /* Current iteration number. */ | unsigned long iter; /* Current iteration number. */ | ||||
unsigned int i; | unsigned int i; | ||||
/* NWe allow for a saltlen of 0 here to support scrypt. It is not | /* We allow for a saltlen of 0 here to support scrypt. It is not | ||||
clear whether rfc2898 allows for this this, thus we do a test on | clear whether rfc2898 allows for this this, thus we do a test on | ||||
saltlen > 0 only in gcry_kdf_derive. */ | saltlen > 0 only in gcry_kdf_derive. */ | ||||
if (!salt || !iterations || !dklen) | if (!salt || !iterations || !dklen) | ||||
Context not available. | |||||
secmode = _gcry_is_secure (passphrase) || _gcry_is_secure (keybuffer); | secmode = _gcry_is_secure (passphrase) || _gcry_is_secure (keybuffer); | ||||
/* We ignore step 1 from pksc5v2.1 which demands a check that dklen | /* Step 1 */ | ||||
is not larger that 0xffffffff * hlen. */ | /* If dkLen > (2^32 - 1) * hLen, output "derived key too long" and stop. | ||||
We use a stronger inequality. */ | |||||
if (dklen > 4294967295U) | |||||
return GPG_ERR_INV_VALUE; | |||||
/* Step 2 */ | /* Step 2 */ | ||||
l = ((dklen - 1)/ hlen) + 1; | l = ((dklen - 1)/ hlen) + 1; | ||||
Context not available. |