Fix OpenSSL < 2 crypto backend PBKDF2 possible iteration count overflow.

For OpenSSL2, we use PKCS5_PBKDF2_HMAC() function. Unfortunately, the iteration count is defined as signed integer (unlike unsigned in OpenSSL3 PARAMS KDF API). This can lead to overflow and decreasing of actual iterations count. In reality this can happen only if pbkdf-force-iterations is used. This patch add check to INT_MAX if linked to older OpenSSL and disallows such setting. Note, this is misconception in OpenSSL2 API, cryptsetup internally use uint32_t for iterations count. Reported by wangzhiqiang <wangzhiqiang95@huawei.com> in cryptsetup list.
2025-12-05 16:00:05 +01:00 · 2023-01-31 20:15:58 +01:00
parent 5ed0358f12
commit ace015a3e5
4 changed files with 21 additions and 2 deletions
--- a/lib/luks2/luks2_keyslot_luks2.c
+++ b/lib/luks2/luks2_keyslot_luks2.c
@@ -19,6 +19,7 @@
 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 */

+#include <limits.h>
 #include "luks2_internal.h"

 /* FIXME: move keyslot encryption to crypto backend */
@@ -264,6 +265,9 @@ static int luks2_keyslot_set_key(struct crypt_device *cd,
 			pbkdf.parallel_threads);
 	free(salt);
 	if (r < 0) {
+		if ((crypt_backend_flags() & CRYPT_BACKEND_PBKDF2_INT) &&
+		     pbkdf.iterations > INT_MAX)
+			log_err(cd, _("PBKDF2 iteration value overflow."));
 		crypt_free_volume_key(derived_key);
 		return r;
 	}