TCRYPT format limits passphrase length to max. 64 characters so simply error in this case.
*/
struct crypt_params_tcrypt {
const char *passphrase; /**< passphrase to unlock header (input only) */
- size_t passphrase_size; /**< passphrase size (input only) */
+ size_t passphrase_size; /**< passphrase size (input only, max length is 64) */
const char **keyfiles; /**< keyfile paths to unlock header (input only) */
unsigned int keyfiles_count;/**< keyfiles count (input only) */
const char *hash_name; /**< hash function for PBKDF */
else
passphrase_size = params->passphrase_size;
+ if (params->passphrase_size > TCRYPT_KEY_POOL_LEN) {
+ log_err(cd, _("Maximum TCRYPT passphrase length (%d) exceeded.\n"),
+ TCRYPT_KEY_POOL_LEN);
+ return -EINVAL;
+ }
+
/* Calculate pool content from keyfiles */
for (i = 0; i < params->keyfiles_count; i++) {
r = TCRYPT_pool_keyfile(cd, pwd, params->keyfiles[i]);