| commit | 59b060be184aff59cfa101c937c8139e66f452f2 | |
| author | Daniel P. Berrange <berrange@redhat.com> | |
| Mon, 12 Sep 2016 11:50:12 +0000 (12 12:50 +0100) | ||
| committer | Daniel P. Berrange <berrange@redhat.com> | |
| Mon, 19 Sep 2016 15:30:42 +0000 (19 16:30 +0100) | ||
| tree | 13d4ef9afbe1339633ecb47b64794d6da8a2a525 | treesnapshot (tar.gz zip) |
| parent | 0f2fa73ba0ca19ebdaccf0d1785583d6601411b6 | commitdiff |
crypto: use uint64_t for pbkdf iteration count parameters
The qcrypto_pbkdf_count_iters method uses a 64 bit int
but then checks its value against INT32_MAX before
returning it. This bounds check is premature, because
the calling code may well scale the iteration count
by some value. It is thus better to return a 64-bit
integer and let the caller do range checking.
For consistency the qcrypto_pbkdf method is also changed
to accept a 64bit int, though this is somewhat academic
since nettle is limited to taking an 'int' while gcrypt
is limited to taking a 'long int'.
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
The qcrypto_pbkdf_count_iters method uses a 64 bit int
but then checks its value against INT32_MAX before
returning it. This bounds check is premature, because
the calling code may well scale the iteration count
by some value. It is thus better to return a 64-bit
integer and let the caller do range checking.
For consistency the qcrypto_pbkdf method is also changed
to accept a 64bit int, though this is somewhat academic
since nettle is limited to taking an 'int' while gcrypt
is limited to taking a 'long int'.
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>