• Daniel P. Berrange's avatar
    crypto: use uint64_t for pbkdf iteration count parameters · 59b060be
    Daniel P. Berrange authored
    The qcrypto_pbkdf_count_iters method uses a 64 bit int
    but then checks its value against INT32_MAX before
    returning it. This bounds check is premature, because
    the calling code may well scale the iteration count
    by some value. It is thus better to return a 64-bit
    integer and let the caller do range checking.
    
    For consistency the qcrypto_pbkdf method is also changed
    to accept a 64bit int, though this is somewhat academic
    since nettle is limited to taking an 'int' while gcrypt
    is limited to taking a 'long int'.
    Reviewed-by: 's avatarEric Blake <eblake@redhat.com>
    Signed-off-by: 's avatarDaniel P. Berrange <berrange@redhat.com>
    59b060be
pbkdf-stub.c 1.49 KB