mirrors/qemu
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

crypto: remove bogus /= 2 for pbkdf iterations

Browse Source 
When calculating iterations for pbkdf of the key slot
data, we had a /= 2, which was copied from identical
code in cryptsetup. It was always unclear & undocumented
why cryptsetup had this division and it was recently
removed there, too.

Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
This commit is contained in:
Daniel P. Berrange 2016-09-07 13:17:07 +01:00
parent e74aabcffb
commit acd0dfd0c2
1 changed files with 0 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
crypto/block-luks.c
View File

@ -1170,10 +1170,6 @@ qcrypto_block_luks_create(QCryptoBlock *block,
/* iter_time was in millis, but count_iters reported for secs */ /* iter_time was in millis, but count_iters reported for secs */
iters = iters * luks_opts.iter_time / 1000; iters = iters * luks_opts.iter_time / 1000;
/* Why /= 2 ? That matches cryptsetup, but there's no
* explanation why they chose /= 2... */
iters /= 2;
if (iters > UINT32_MAX) { if (iters > UINT32_MAX) {
error_setg_errno(errp, ERANGE, error_setg_errno(errp, ERANGE,
"PBKDF iterations %llu larger than %u", "PBKDF iterations %llu larger than %u",