| commit | b57151ac0366d3fb14318a55b0fc943134f7f80b | |
| author | Daniel P. Berrangé <berrange@redhat.com> | |
| Mon, 5 Sep 2022 12:52:29 +0000 (5 13:52 +0100) | ||
| committer | Daniel P. Berrangé <berrange@redhat.com> | |
| Thu, 27 Oct 2022 11:55:27 +0000 (27 12:55 +0100) | ||
| tree | e6ad50a737c72eec296eecba510827d320d98bdc | treesnapshot (tar.gz zip) |
| parent | c5f6962801b868b02fbaf01861f64783470d3d2a | commitdiff |
crypto: check that LUKS PBKDF2 iterations count is non-zero
Both the master key and key slot passphrases are run through the PBKDF2
algorithm. The iterations count is expected to be generally very large
(many 10's or 100's of 1000s). It is hard to define a low level cutoff,
but we can certainly say that iterations count should be non-zero. A
zero count likely indicates an initialization mistake so reject it.
Reviewed-by: Richard W.M. Jones <rjones@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Both the master key and key slot passphrases are run through the PBKDF2
algorithm. The iterations count is expected to be generally very large
(many 10's or 100's of 1000s). It is hard to define a low level cutoff,
but we can certainly say that iterations count should be non-zero. A
zero count likely indicates an initialization mistake so reject it.
Reviewed-by: Richard W.M. Jones <rjones@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
| crypto/block-luks.c | diffblobblamehistory |