Fix OpenSSL < 2 crypto backend PBKDF2 possible iteration count overflow.

For OpenSSL2, we use PKCS5_PBKDF2_HMAC() function. Unfortunately, the iteration count is defined as signed integer (unlike unsigned in OpenSSL3 PARAMS KDF API). This can lead to overflow and decreasing of actual iterations count. In reality this can happen only if pbkdf-force-iterations is used. This patch add check to INT_MAX if linked to older OpenSSL and disallows such setting. Note, this is misconception in OpenSSL2 API, cryptsetup internally use uint32_t for iterations count. Reported by wangzhiqiang <wangzhiqiang95@huawei.com> in cryptsetup list.
2025-12-05 16:00:05 +01:00 · 2023-01-31 20:15:58 +01:00
parent 5ed0358f12
commit ace015a3e5
4 changed files with 21 additions and 2 deletions
--- a/lib/crypto_backend/crypto_backend.h
+++ b/lib/crypto_backend/crypto_backend.h
@@ -41,7 +41,8 @@ struct crypt_storage;
 int crypt_backend_init(bool fips);
 void crypt_backend_destroy(void);

-#define CRYPT_BACKEND_KERNEL (1 << 0)	/* Crypto uses kernel part, for benchmark */
+#define CRYPT_BACKEND_KERNEL     (1 << 0) /* Crypto uses kernel part, for benchmark */
+#define CRYPT_BACKEND_PBKDF2_INT (1 << 1) /* Iteration in PBKDF2 is signed int and can overflow */

 uint32_t crypt_backend_flags(void);
 const char *crypt_backend_version(void);