mirror of
https://gitlab.com/cryptsetup/cryptsetup.git
synced 2025-12-07 00:40:01 +01:00
ace015a3e5
For OpenSSL2, we use PKCS5_PBKDF2_HMAC() function. Unfortunately, the iteration count is defined as signed integer (unlike unsigned in OpenSSL3 PARAMS KDF API). This can lead to overflow and decreasing of actual iterations count. In reality this can happen only if pbkdf-force-iterations is used. This patch add check to INT_MAX if linked to older OpenSSL and disallows such setting. Note, this is misconception in OpenSSL2 API, cryptsetup internally use uint32_t for iterations count. Reported by wangzhiqiang <wangzhiqiang95@huawei.com> in cryptsetup list.
18 KiB
18 KiB