kris/boringssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Reject iterationCount == 0 when parsing PBKDF2-params.

Browse Source 
Previously a value of 0 would be accepted and intepreted as equivalent
to 1. This contradicts RFC 2898 which defines:

     iterationCount INTEGER (1..MAX),

BUG=https://crbug.com/534961

Change-Id: I89623980f99fde3ca3780880d311955d3f6fe0b5
Reviewed-on: https://boringssl-review.googlesource.com/5971
Reviewed-by: David Benjamin <davidben@chromium.org>
Reviewed-by: Adam Langley <agl@google.com>
This commit is contained in:
Eric Roman 2015-09-22 16:40:43 -07:00 committed by Adam Langley
parent 20c0e90d11
commit 1aec2cbad2
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
crypto/pkcs8/p5_pbev2.c
View File

@ -356,7 +356,7 @@ static int PKCS5_v2_PBKDF2_keyivgen(EVP_CIPHER_CTX *ctx,
goto err;
}
long iterations = ASN1_INTEGER_get(pbkdf2param->iter);
if (iterations < 0 || iterations > UINT_MAX) {
if (iterations <= 0 || iterations > UINT_MAX) {
OPENSSL_PUT_ERROR(PKCS8, PKCS8_R_BAD_ITERATION_COUNT);
goto err;
}