diff options
author | Greg Hudson <ghudson@mit.edu> | 2013-11-15 23:38:15 -0500 |
---|---|---|
committer | Greg Hudson <ghudson@mit.edu> | 2013-11-15 23:38:15 -0500 |
commit | e08db4b3097e31c9fd42e870b641ad97155cab39 (patch) | |
tree | 1900095dc4a7942138a51ee5b21b659c919f08e4 /src | |
parent | 29e60c5b7ac0980606971afc6fd6028bcf0c7f0f (diff) | |
download | krb5-e08db4b3097e31c9fd42e870b641ad97155cab39.tar.gz krb5-e08db4b3097e31c9fd42e870b641ad97155cab39.tar.xz krb5-e08db4b3097e31c9fd42e870b641ad97155cab39.zip |
Remove a warning in AES string-to-key
On 32-bit platforms, the code to translate an iteration count of 0 to
2^32 can trigger a compiler warning. Since we will basically never
accept an iteration count that high (right now we reject anything
above 2^24), just reject it out of hand.
Diffstat (limited to 'src')
-rw-r--r-- | src/lib/crypto/krb/s2k_pbkdf2.c | 11 |
1 files changed, 4 insertions, 7 deletions
diff --git a/src/lib/crypto/krb/s2k_pbkdf2.c b/src/lib/crypto/krb/s2k_pbkdf2.c index e223911117..1808882d5f 100644 --- a/src/lib/crypto/krb/s2k_pbkdf2.c +++ b/src/lib/crypto/krb/s2k_pbkdf2.c @@ -122,14 +122,11 @@ pbkdf2_string_to_key(const struct krb5_keytypes *ktp, const krb5_data *string, unsigned char *p = (unsigned char *) params->data; if (params->length != 4) return KRB5_ERR_BAD_S2K_PARAMS; - /* The first two need casts in case 'int' is 16 bits. */ iter_count = load_32_be(p); - if (iter_count == 0) { - iter_count = (1UL << 16) << 16; - if (((iter_count >> 16) >> 16) != 1) - return KRB5_ERR_BAD_S2K_PARAMS; - } - if (!k5_allow_weak_pbkdf2iter && iter_count < def_iter_count) + /* Zero means 2^32, which is way above what we will accept. Also don't + * accept values less than the default, unless we're running tests. */ + if (iter_count == 0 || + (!k5_allow_weak_pbkdf2iter && iter_count < def_iter_count)) return KRB5_ERR_BAD_S2K_PARAMS; } else |