diff options
| author |   tedu <tedu@openbsd.org> | 2014-11-24 22:47:01 +0000 |
|---|---|---|
| committer | tedu <tedu@openbsd.org> | 2014-11-24 22:47:01 +0000 |
| commit | 5105d93695fb5fa4e4cfbb9ef81f06e7d4efbdf6 (patch) | |
| tree | f687b696f952f315b014b176bc2337585b7f2016 /lib/libc/crypt/bcrypt.c | |
| parent | Actually, the previous change didn't quite work on the SPARC T5-2. But if (diff) | |
| download | wireguard-openbsd-5105d93695fb5fa4e4cfbb9ef81f06e7d4efbdf6.tar.xz wireguard-openbsd-5105d93695fb5fa4e4cfbb9ef81f06e7d4efbdf6.zip | |
introduce a hashspace define and check that there's enough space to
write out a hash. also simplify writing out the hash.
Diffstat (limited to 'lib/libc/crypt/bcrypt.c')
| -rw-r--r-- | lib/libc/crypt/bcrypt.c | 25 |
1 files changed, 10 insertions, 15 deletions
diff --git a/lib/libc/crypt/bcrypt.c b/lib/libc/crypt/bcrypt.c index 9b0001de0f9..94758ca40bd 100644 --- a/lib/libc/crypt/bcrypt.c +++ b/lib/libc/crypt/bcrypt.c @@ -1,4 +1,4 @@ -/* $OpenBSD: bcrypt.c,v 1.45 2014/07/20 04:22:34 guenther Exp $ */ +/* $OpenBSD: bcrypt.c,v 1.46 2014/11/24 22:47:01 tedu Exp $ */ /* * Copyright (c) 2014 Ted Unangst <tedu@openbsd.org> @@ -50,6 +50,7 @@ #define BCRYPT_MINLOGROUNDS 4 /* we have log2(rounds) in salt */ #define BCRYPT_SALTSPACE (7 + (BCRYPT_MAXSALT * 4 + 2) / 3 + 1) +#define BCRYPT_HASHSPACE 61 char *bcrypt_gensalt(u_int8_t); @@ -96,6 +97,9 @@ bcrypt_hashpass(const char *key, const char *salt, char *encrypted, u_int8_t csalt[BCRYPT_MAXSALT]; u_int32_t cdata[BCRYPT_BLOCKS]; + if (encryptedlen < BCRYPT_HASHSPACE) + return -1; + /* Check and discard "$" identifier */ if (salt[0] != '$') return -1; @@ -177,17 +181,9 @@ bcrypt_hashpass(const char *key, const char *salt, char *encrypted, } - i = 0; - encrypted[i++] = '$'; - encrypted[i++] = BCRYPT_VERSION; - encrypted[i++] = minor; - encrypted[i++] = '$'; - - snprintf(encrypted + i, 4, "%2.2u$", logr); - - encode_base64(encrypted + i + 3, csalt, BCRYPT_MAXSALT); - encode_base64(encrypted + strlen(encrypted), ciphertext, - 4 * BCRYPT_BLOCKS - 1); + snprintf(encrypted, 8, "$2%c$%2.2u$", minor, logr); + encode_base64(encrypted + 7, csalt, BCRYPT_MAXSALT); + encode_base64(encrypted + 7 + 22, ciphertext, 4 * BCRYPT_BLOCKS - 1); explicit_bzero(&state, sizeof(state)); explicit_bzero(ciphertext, sizeof(ciphertext)); explicit_bzero(csalt, sizeof(csalt)); @@ -216,7 +212,7 @@ bcrypt_newhash(const char *pass, int log_rounds, char *hash, size_t hashlen) int bcrypt_checkpass(const char *pass, const char *goodhash) { - char hash[_PASSWORD_LEN]; + char hash[BCRYPT_HASHSPACE]; if (bcrypt_hashpass(pass, goodhash, hash, sizeof(hash)) != 0) return -1; @@ -345,7 +341,7 @@ bcrypt_gensalt(u_int8_t log_rounds) char * bcrypt(const char *pass, const char *salt) { - static char gencrypted[_PASSWORD_LEN]; + static char gencrypted[BCRYPT_HASHSPACE]; static char gerror[2]; /* How do I handle errors ? Return ':' */ @@ -355,4 +351,3 @@ bcrypt(const char *pass, const char *salt) return gencrypted; } - |