Raise an error if PBKDF2 iteration count set to zero on check disabled in default...

author pohsingwu <pohsingwu@synology.com>

Fri, 9 May 2025 07:26:35 +0000 (15:26 +0800)

committer Pauli <ppzgs1@gmail.com>

Mon, 12 May 2025 23:15:52 +0000 (09:15 +1000)
author pohsingwu <pohsingwu@synology.com>
Fri, 9 May 2025 07:26:35 +0000 (15:26 +0800)
committer Pauli <ppzgs1@gmail.com>
Mon, 12 May 2025 23:15:52 +0000 (09:15 +1000)
diff --git a/providers/implementations/kdfs/pbkdf2.c b/providers/implementations/kdfs/pbkdf2.c

index 8b12647d8d8f0ec087d909046ff724ef22e657fe..6ec8e2f7656ce9948f50272c8004712a5b9402b3 100644 (file)
--- a/providers/implementations/kdfs/pbkdf2.c
+++ b/providers/implementations/kdfs/pbkdf2.c
@@ -242,6 +242,9 @@ static int lower_bound_check_passed(KDF_PBKDF2 *ctx, int saltlen, uint64_t iter,
              ERR_raise(ERR_LIB_PROV, error);
              return 0;
          }
+    } else if (iter < 1) {
+        ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_ITERATION_COUNT);
+        return 0;
      }
  #endif
  
diff --git a/test/recipes/30-test_evp_data/evpkdf_pbkdf2.txt b/test/recipes/30-test_evp_data/evpkdf_pbkdf2.txt

index b64091114b8381bc5584cda45875bff07a1b0003..3ec6697746678638901179b8e005103ba414da67 100644 (file)
--- a/test/recipes/30-test_evp_data/evpkdf_pbkdf2.txt
+++ b/test/recipes/30-test_evp_data/evpkdf_pbkdf2.txt
@@ -275,3 +275,12 @@ Ctrl.iter = iter:10
  Ctrl.digest = digest:sha1
  Result = KDF_CTRL_ERROR
  Reason = invalid iteration count
+
+Availablein = default
+KDF = PBKDF2
+Ctrl.pass = pass:password
+Ctrl.salt = salt:salt
+Ctrl.iter = iter:0
+Ctrl.digest = digest:sha1
+Result = KDF_CTRL_ERROR
+Reason = invalid iteration count
author	pohsingwu <pohsingwu@synology.com>
	Fri, 9 May 2025 07:26:35 +0000 (15:26 +0800)
committer	Pauli <ppzgs1@gmail.com>
	Mon, 12 May 2025 23:15:52 +0000 (09:15 +1000)
providers/implementations/kdfs/pbkdf2.c		patch \| blob \| blame \| history
test/recipes/30-test_evp_data/evpkdf_pbkdf2.txt		patch \| blob \| blame \| history