[28051] in CVS-changelog-for-Kerberos-V5
krb5 commit: Remove a warning in AES string-to-key
daemon@ATHENA.MIT.EDU (Greg Hudson)
Sun Nov 17 12:28:25 2013
Date: Sun, 17 Nov 2013 12:28:16 -0500
From: Greg Hudson <ghudson@mit.edu>
Message-Id: <201311171728.rAHHSGuO013987@drugstore.mit.edu>
To: cvs-krb5@mit.edu
Reply-To: krbdev@mit.edu
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: cvs-krb5-bounces@mit.edu
https://github.com/krb5/krb5/commit/e08db4b3097e31c9fd42e870b641ad97155cab39
commit e08db4b3097e31c9fd42e870b641ad97155cab39
Author: Greg Hudson <ghudson@mit.edu>
Date: Fri Nov 15 23:38:15 2013 -0500
Remove a warning in AES string-to-key
On 32-bit platforms, the code to translate an iteration count of 0 to
2^32 can trigger a compiler warning. Since we will basically never
accept an iteration count that high (right now we reject anything
above 2^24), just reject it out of hand.
src/lib/crypto/krb/s2k_pbkdf2.c | 11 ++++-------
1 files changed, 4 insertions(+), 7 deletions(-)
diff --git a/src/lib/crypto/krb/s2k_pbkdf2.c b/src/lib/crypto/krb/s2k_pbkdf2.c
index e223911..1808882 100644
--- a/src/lib/crypto/krb/s2k_pbkdf2.c
+++ b/src/lib/crypto/krb/s2k_pbkdf2.c
@@ -122,14 +122,11 @@ pbkdf2_string_to_key(const struct krb5_keytypes *ktp, const krb5_data *string,
unsigned char *p = (unsigned char *) params->data;
if (params->length != 4)
return KRB5_ERR_BAD_S2K_PARAMS;
- /* The first two need casts in case 'int' is 16 bits. */
iter_count = load_32_be(p);
- if (iter_count == 0) {
- iter_count = (1UL << 16) << 16;
- if (((iter_count >> 16) >> 16) != 1)
- return KRB5_ERR_BAD_S2K_PARAMS;
- }
- if (!k5_allow_weak_pbkdf2iter && iter_count < def_iter_count)
+ /* Zero means 2^32, which is way above what we will accept. Also don't
+ * accept values less than the default, unless we're running tests. */
+ if (iter_count == 0 ||
+ (!k5_allow_weak_pbkdf2iter && iter_count < def_iter_count))
return KRB5_ERR_BAD_S2K_PARAMS;
} else
_______________________________________________
cvs-krb5 mailing list
cvs-krb5@mit.edu
https://mailman.mit.edu/mailman/listinfo/cvs-krb5
