Reject iterationCount == 0 when parsing PBKDF2-params.
Previously a value of 0 would be accepted and intepreted as equivalent to 1. This contradicts RFC 2898 which defines: iterationCount INTEGER (1..MAX), BUG=https://crbug.com/534961 Change-Id: I89623980f99fde3ca3780880d311955d3f6fe0b5 Reviewed-on: https://boringssl-review.googlesource.com/5971 Reviewed-by: David Benjamin <davidben@chromium.org> Reviewed-by: Adam Langley <agl@google.com>
This commit is contained in:
parent
20c0e90d11
commit
1aec2cbad2
@ -356,7 +356,7 @@ static int PKCS5_v2_PBKDF2_keyivgen(EVP_CIPHER_CTX *ctx,
|
|||||||
goto err;
|
goto err;
|
||||||
}
|
}
|
||||||
long iterations = ASN1_INTEGER_get(pbkdf2param->iter);
|
long iterations = ASN1_INTEGER_get(pbkdf2param->iter);
|
||||||
if (iterations < 0 || iterations > UINT_MAX) {
|
if (iterations <= 0 || iterations > UINT_MAX) {
|
||||||
OPENSSL_PUT_ERROR(PKCS8, PKCS8_R_BAD_ITERATION_COUNT);
|
OPENSSL_PUT_ERROR(PKCS8, PKCS8_R_BAD_ITERATION_COUNT);
|
||||||
goto err;
|
goto err;
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user