CVS commit: src/lib/libcrypt

Mon, 16 May 2011 03:46:06 -0700 

Module Name:    src
Committed By:   drochner
Date:           Mon May 16 10:45:56 UTC 2011

Modified Files:
        src/lib/libcrypt: bcrypt.c

Log Message:
-fix maximum length of salt (missing prefix, rounding error)
-clip number of rounds at 31 -- this is log2 of the real number,
 and anything larger would break exponentation
-catch possible atoi() error where log2(rounds) is parsed in the
 salt prefix
-zero crypto state on exit
from Open/FreeBSD


To generate a diff of this commit:
cvs rdiff -u -r1.9 -r1.10 src/lib/libcrypt/bcrypt.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


Modified files:

Index: src/lib/libcrypt/bcrypt.c
diff -u src/lib/libcrypt/bcrypt.c:1.9 src/lib/libcrypt/bcrypt.c:1.10
--- src/lib/libcrypt/bcrypt.c:1.9	Fri Oct 27 19:39:11 2006
+++ src/lib/libcrypt/bcrypt.c	Mon May 16 10:45:56 2011
@@ -1,4 +1,4 @@
-/*	$NetBSD: bcrypt.c,v 1.9 2006/10/27 19:39:11 drochner Exp $	*/
+/*	$NetBSD: bcrypt.c,v 1.10 2011/05/16 10:45:56 drochner Exp $	*/
 /*	$OpenBSD: bcrypt.c,v 1.16 2002/02/19 19:39:36 millert Exp $	*/
 
 /*
@@ -46,7 +46,7 @@
  *
  */
 #include <sys/cdefs.h>
-__RCSID("$NetBSD: bcrypt.c,v 1.9 2006/10/27 19:39:11 drochner Exp $");
+__RCSID("$NetBSD: bcrypt.c,v 1.10 2011/05/16 10:45:56 drochner Exp $");
 
 #include <stdio.h>
 #include <stdlib.h>
@@ -66,7 +66,7 @@
 
 #define BCRYPT_VERSION '2'
 #define BCRYPT_MAXSALT 16	/* Precomputation is just so nice */
-#define BCRYPT_MAXSALTLEN 	(BCRYPT_MAXSALT * 4 / 3 + 1)
+#define BCRYPT_MAXSALTLEN 	(7 + (BCRYPT_MAXSALT * 4 + 2) / 3 + 1)
 #define BCRYPT_BLOCKS 6		/* Ciphertext blocks */
 #define BCRYPT_MINROUNDS 16	/* we have log2(rounds) in salt */
 
@@ -175,13 +175,10 @@
 	if (errno == ERANGE && nrounds == ULONG_MAX)
 		return -1;
 
-	if (nrounds > 255) {
-		errno = EINVAL;
-		return -1;
-	}
-
 	if (nrounds < 4)
 		nrounds = 4;
+	else if (nrounds > 31)
+		nrounds = 31;
 
 	for (i = 0; i < BCRYPT_MAXSALT; i++) {
 		if (i % 4 == 0)
@@ -225,6 +222,7 @@
 	u_int8_t ciphertext[4 * BCRYPT_BLOCKS] = "OrpheanBeholderScryDoubt";
 	u_int8_t csalt[BCRYPT_MAXSALT];
 	u_int32_t cdata[BCRYPT_BLOCKS];
+	int n;
 
 	/* Discard "$" identifier */
 	salt++;
@@ -256,7 +254,11 @@
 		return error;
 
 	/* Computer power doesn't increase linear, 2^x should be fine */
-	if ((rounds = (u_int32_t) 1 << (logr = atoi(salt))) < BCRYPT_MINROUNDS)
+	n = atoi(salt);
+	if (n > 31 || n < 0)
+		return error;
+	logr = (u_int8_t)n;
+	if ((rounds = (u_int32_t) 1 << logr) < BCRYPT_MINROUNDS)
 		return error;
 
 	/* Discard num rounds + "$" identifier */
@@ -311,6 +313,7 @@
 	encode_base64((u_int8_t *) encrypted + i + 3, csalt, BCRYPT_MAXSALT);
 	encode_base64((u_int8_t *) encrypted + strlen(encrypted), ciphertext,
 	    4 * BCRYPT_BLOCKS - 1);
+	memset(&state, 0, sizeof(state));
 	return encrypted;
 }

Reply via email to