eessppeelllloo/cryptsetup
1
0
Fork 0
mirror of https://gitlab.com/cryptsetup/cryptsetup.git synced 2025-12-05 16:00:05 +01:00
Code Issues Packages Projects Releases Wiki Activity

Do not silently decrease PBKDF parallel cost (threads)

Browse Source 
The maximum parallel cost is set since the introduction of Argon2 to 4.

Do not silently decrease the value (if explicitly set by the option)
but fail instead.
This commit is contained in:
Milan Broz
2025-07-29 16:55:03 +02:00
committed by Ondrej Kozina
parent d77ece493d
commit 4a67af439e
3 changed files with 9 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
lib/utils_pbkdf.c
View File

@@ -169,6 +169,11 @@ int verify_pbkdf_params(struct crypt_device *cd,
log_err(cd, _("Requested maximum PBKDF memory cannot be zero."));
r = -EINVAL;
}
if (pbkdf->parallel_threads > pbkdf_limits.max_parallel) {
log_err(cd, _("Requested maximum PBKDF parallel cost is too high (maximum is %d)."),
pbkdf_limits.max_parallel);
r = -EINVAL;
}
if (!pbkdf->parallel_threads) {
log_err(cd, _("Requested PBKDF parallel threads cannot be zero."));
r = -EINVAL;
@@ -241,12 +246,6 @@ int init_pbkdf_type(struct crypt_device *cd,
cd_pbkdf->max_memory_kb = pbkdf->max_memory_kb;
cd_pbkdf->parallel_threads = pbkdf->parallel_threads;
if (cd_pbkdf->parallel_threads > pbkdf_limits.max_parallel) {
log_dbg(cd, "Maximum PBKDF threads is %d (requested %d).",
pbkdf_limits.max_parallel, cd_pbkdf->parallel_threads);
cd_pbkdf->parallel_threads = pbkdf_limits.max_parallel;
}
/* Do not limit threads by online CPUs if user forced values (no benchmark). */
if (cd_pbkdf->parallel_threads && !(cd_pbkdf->flags & CRYPT_PBKDF_NO_BENCHMARK)) {
cpus = crypt_cpusonline();