From de659cdc2e4164d468d7035b74f7fd5dbeccf0cf Mon Sep 17 00:00:00 2001
From: Adam Langley <agl@google.com>
Date: Tue, 27 Oct 2015 16:18:51 -0700
Subject: [PATCH] Fix PKCS#8 on 32-bit systems.

The previous commit fixed a signed/unsigned warning but, on 32-bit
systems, long is only 32 bits, so the fix was incorrect there.

Change-Id: I6afe340164de0e176c7f710fcdd095b2a4cddee4
---
 crypto/pkcs8/p5_pbev2.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/crypto/pkcs8/p5_pbev2.c b/crypto/pkcs8/p5_pbev2.c
index 5ccee40c..fec0d86d 100644
--- a/crypto/pkcs8/p5_pbev2.c
+++ b/crypto/pkcs8/p5_pbev2.c
@@ -356,7 +356,8 @@ static int PKCS5_v2_PBKDF2_keyivgen(EVP_CIPHER_CTX *ctx,
     goto err;
   }
   long iterations = ASN1_INTEGER_get(pbkdf2param->iter);
-  if (iterations <= 0 || iterations > (long) UINT_MAX) {
+  if (iterations <= 0 ||
+      (sizeof(long) > sizeof(unsigned) && iterations > (long)UINT_MAX)) {
     OPENSSL_PUT_ERROR(PKCS8, PKCS8_R_BAD_ITERATION_COUNT);
     goto err;
   }