projects / platform / core / security / yaca.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: ca3d931)
Use size_t for PBKDF2 iterations param 14/78414/3
authorLukasz Pawelczyk <l.pawelczyk@samsung.com>
Tue, 5 Jul 2016 11:08:10 +0000 (13:08 +0200)
committerLukasz Pawelczyk <l.pawelczyk@samsung.com>
Tue, 5 Jul 2016 11:14:16 +0000 (13:14 +0200)
Also fix salt invalid param check.

Change-Id: Ib756041545a3aa606f9f44dc256a0ad70824ba3b

api/yaca/yaca_key.h patch | blob | history
src/key.c patch | blob | history

diff --git a/api/yaca/yaca_key.h b/api/yaca/yaca_key.h
index 89801ba..b6294ad 100644 (file)
--- a/api/yaca/yaca_key.h
+++ b/api/yaca/yaca_key.h
@@ -290,7 +290,7 @@ void yaca_key_destroy(yaca_key_h key);
 int yaca_key_derive_pbkdf2(const char *password,
                            const char *salt,
                            size_t salt_len,
-                           int iterations,
+                           size_t iterations,
                            yaca_digest_algorithm_e algo,
                            size_t key_bit_len,
                            yaca_key_h *key);
diff --git a/src/key.c b/src/key.c
index cd87042..b54f1c9 100644 (file)
--- a/src/key.c
+++ b/src/key.c
@@ -1246,7 +1246,7 @@ API void yaca_key_destroy(yaca_key_h key)
 API int yaca_key_derive_pbkdf2(const char *password,
                                const char *salt,
                                size_t salt_len,
-                               int iterations,
+                               size_t iterations,
                                yaca_digest_algorithm_e algo,
                                size_t key_bit_len,
                                yaca_key_h *key)
@@ -1256,13 +1256,17 @@ API int yaca_key_derive_pbkdf2(const char *password,
        size_t key_byte_len = key_bit_len / 8;
        int ret;
 
-       if (password == NULL || salt == NULL || salt_len == 0 ||
+       if (password == NULL ||
+           (salt == NULL && salt_len > 0) || (salt != NULL && salt_len == 0) ||
            iterations == 0 || key_bit_len == 0 || key == NULL)
                return YACA_ERROR_INVALID_PARAMETER;
 
        if (key_bit_len % 8) /* Key length must be multiple of 8-bits */
                return YACA_ERROR_INVALID_PARAMETER;
 
+       if (iterations > INT_MAX) /* OpenSSL limitation */
+               return YACA_ERROR_INVALID_PARAMETER;
+
        ret = digest_get_algorithm(algo, &md);
        if (ret != YACA_ERROR_NONE)
                return ret;
Domain: Security / Utilities;