diff options
| author | Jack Lloyd <[email protected]> | 2017-05-29 05:53:28 -0400 |
|---|---|---|
| committer | Jack Lloyd <[email protected]> | 2017-05-29 05:53:28 -0400 |
| commit | f1343ae9eceb3cc3aed1331a27b397f975ae84c3 (patch) | |
| tree | c89516fd8c5260053669a83410c61cc3516fd95e /src/lib/pbkdf/pgp_s2k | |
| parent | fd6e6d8ed957e081b03072661f632679035c317f (diff) | |
Avoid infinite loop in PGP-S2K
In simple mode (no salt) with an empty password the input buffer
is empty.
Add a check that salt is not empty if iterations > 1 since PGP
only has simple, salted, and iterated+salted modes.
Diffstat (limited to 'src/lib/pbkdf/pgp_s2k')
| -rw-r--r-- | src/lib/pbkdf/pgp_s2k/pgp_s2k.cpp | 16 |
1 files changed, 11 insertions, 5 deletions
diff --git a/src/lib/pbkdf/pgp_s2k/pgp_s2k.cpp b/src/lib/pbkdf/pgp_s2k/pgp_s2k.cpp index 7677c4e96..21edb6afc 100644 --- a/src/lib/pbkdf/pgp_s2k/pgp_s2k.cpp +++ b/src/lib/pbkdf/pgp_s2k/pgp_s2k.cpp @@ -80,6 +80,9 @@ size_t OpenPGP_S2K::pbkdf(uint8_t output_buf[], size_t output_len, if(iterations == 0 && msec.count() > 0) // FIXME throw Not_Implemented("OpenPGP_S2K does not implemented timed KDF"); + if(iterations > 1 && salt_len == 0) + throw Invalid_Argument("OpenPGP_S2K requires a salt in iterated mode"); + secure_vector<uint8_t> input_buf(salt_len + passphrase.size()); if(salt_len > 0) { @@ -107,12 +110,15 @@ size_t OpenPGP_S2K::pbkdf(uint8_t output_buf[], size_t output_len, m_hash->update(zero_padding); // The input is always fully processed even if iterations is very small - size_t left = std::max(iterations, input_buf.size()); - while(left > 0) + if(input_buf.empty() == false) { - const size_t input_to_take = std::min(left, input_buf.size()); - m_hash->update(input_buf.data(), input_to_take); - left -= input_to_take; + size_t left = std::max(iterations, input_buf.size()); + while(left > 0) + { + const size_t input_to_take = std::min(left, input_buf.size()); + m_hash->update(input_buf.data(), input_to_take); + left -= input_to_take; + } } m_hash->final(hash_buf.data()); |