diff options
Diffstat (limited to 'cipher/kdf.c')
-rw-r--r-- | cipher/kdf.c | 11 |
1 files changed, 7 insertions, 4 deletions
diff --git a/cipher/kdf.c b/cipher/kdf.c index 831edd24..27f57896 100644 --- a/cipher/kdf.c +++ b/cipher/kdf.c @@ -125,7 +125,7 @@ _gcry_kdf_pkdf2 (const void *passphrase, size_t passphraselen, gpg_err_code_t ec; gcry_md_hd_t md; int secmode; - unsigned int dklen = keysize; + unsigned long dklen = keysize; char *dk = keybuffer; unsigned int hlen; /* Output length of the digest function. */ unsigned int l; /* Rounded up number of blocks. */ @@ -151,11 +151,14 @@ _gcry_kdf_pkdf2 (const void *passphrase, size_t passphraselen, secmode = _gcry_is_secure (passphrase) || _gcry_is_secure (keybuffer); /* Step 1 */ - /* If dkLen > (2^32 - 1) * hLen, output "derived key too long" and stop. - We use a stronger inequality. */ + /* If dkLen > (2^32 - 1) * hLen, output "derived key too long" and + * stop. We use a stronger inequality but only if our type can hold + * a larger value. */ - if (dklen > 4294967295U) +#if SIZEOF_UNSIGNED_LONG > 4 + if (dklen > 0xffffffffU) return GPG_ERR_INV_VALUE; +#endif /* Step 2 */ |