File libgcrypt-fips_PKBKDF_missing_step1.patch of Package libgcrypt.2574

Index: libgcrypt-1.6.1/cipher/kdf.c
===================================================================
--- libgcrypt-1.6.1.orig/cipher/kdf.c	2014-09-29 17:21:26.915174779 +0200
+++ libgcrypt-1.6.1/cipher/kdf.c	2014-10-01 18:05:12.881281604 +0200
@@ -126,20 +126,20 @@ _gcry_kdf_pkdf2 (const void *passphrase,
   gpg_err_code_t ec;
   gcry_md_hd_t md;
   int secmode;
-  unsigned int dklen = keysize;
+  unsigned long dklen = keysize;
   char *dk = keybuffer;
   unsigned int hlen;   /* Output length of the digest function.  */
-  unsigned int l;      /* Rounded up number of blocks.  */
+  unsigned long l;      /* Rounded up number of blocks.  */
   unsigned int r;      /* Number of octets in the last block.  */
   char *sbuf;          /* Malloced buffer to concatenate salt and iter
                           as well as space to hold TBUF and UBUF.  */
   char *tbuf;          /* Buffer for T; ptr into SBUF, size is HLEN. */
   char *ubuf;          /* Buffer for U; ptr into SBUF, size is HLEN. */
-  unsigned int lidx;   /* Current block number.  */
+  unsigned long lidx;   /* Current block number.  */
   unsigned long iter;  /* Current iteration number.  */
   unsigned int i;
 
-  /* NWe allow for a saltlen of 0 here to support scrypt.  It is not
+  /* We allow for a saltlen of 0 here to support scrypt.  It is not
      clear whether rfc2898 allows for this this, thus we do a test on
      saltlen > 0 only in gcry_kdf_derive.  */
   if (!salt || !iterations || !dklen)
@@ -151,8 +151,10 @@ _gcry_kdf_pkdf2 (const void *passphrase,
 
   secmode = _gcry_is_secure (passphrase) || _gcry_is_secure (keybuffer);
 
-  /* We ignore step 1 from pksc5v2.1 which demands a check that dklen
-     is not larger that 0xffffffff * hlen.  */
+  /* Step 1 */
+  /* If dkLen > (2^32 - 1) * hLen, output "derived key too long" and stop. */
+  if (dklen > 4294967295U)
+    return GPG_ERR_INV_VALUE;
 
   /* Step 2 */
   l = ((dklen - 1)/ hlen) + 1;