Overview

File libgcrypt-fips_PKBKDF_missing_step1.patch of Package libgcrypt

Index: libgcrypt-1.6.1/cipher/kdf.c
===================================================================
--- libgcrypt-1.6.1.orig/cipher/kdf.c	2014-01-29 10:48:38.000000000 +0100
+++ libgcrypt-1.6.1/cipher/kdf.c	2014-09-23 21:24:30.785609505 +0200
@@ -151,8 +151,10 @@ _gcry_kdf_pkdf2 (const void *passphrase,
 
   secmode = _gcry_is_secure (passphrase) || _gcry_is_secure (keybuffer);
 
-  /* We ignore step 1 from pksc5v2.1 which demands a check that dklen
-     is not larger that 0xffffffff * hlen.  */
+  /* Step 1 */
+  /* If dkLen > (2^32 - 1) * hLen, output "derived key too long" and stop. */
+  if (dklen > 4294967295U)
+    return GPG_ERR_INV_VALUE;
 
   /* Step 2 */
   l = ((dklen - 1)/ hlen) + 1;
openSUSE Build Service is sponsored by
Places