Commit 74c91447 authored by Milan Broz's avatar Milan Broz

Increase maximum allowed PBKDF memory limit.

And also fix physical memory trimming function
to really allow requested value.
parent 1ca439f4
......@@ -52,7 +52,7 @@
#define MAX_ERROR_LENGTH 512
#define MAX_PBKDF_THREADS 4
#define MAX_PBKDF_MEMORY 1024*1024 /* 1GiB */
#define MAX_PBKDF_MEMORY 4*1024*1024 /* 4GiB */
#define MIN_PBKDF2_ITERATIONS 1000 /* recommendation in NIST SP 800-132 */
#define at_least(a, b) ({ __typeof__(a) __at_least = (a); (__at_least >= (b))?__at_least:(b); })
......
......@@ -38,12 +38,12 @@ const struct crypt_pbkdf_type default_luks1 = {
.time_ms = DEFAULT_LUKS1_ITER_TIME
};
static uint32_t adjusted_pbkdf_memory(void)
static uint32_t adjusted_phys_memory(void)
{
uint64_t memory_kb = crypt_getphysmemory_kb();
/* Ignore bogus value */
if (memory_kb < (128 * 1024))
if (memory_kb < (128 * 1024) || memory_kb > UINT32_MAX)
return DEFAULT_LUKS2_MEMORY_KB;
/*
......@@ -52,10 +52,7 @@ static uint32_t adjusted_pbkdf_memory(void)
*/
memory_kb /= 2;
if (memory_kb < DEFAULT_LUKS2_MEMORY_KB)
return (uint32_t)memory_kb;
return DEFAULT_LUKS2_MEMORY_KB;
return memory_kb;
}
/*
......@@ -185,7 +182,7 @@ int init_pbkdf_type(struct crypt_device *cd,
}
if (cd_pbkdf->max_memory_kb) {
memory_kb = adjusted_pbkdf_memory();
memory_kb = adjusted_phys_memory();
if (cd_pbkdf->max_memory_kb > memory_kb) {
log_dbg("Not enough physical memory detected, "
"PBKDF max memory decreased from %dkB to %dkB.",
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment