[openssh-commits] [openssh] 01/01: previous commit broke bcrypt_pbkdf()

git+noreply at mindrot.org git+noreply at mindrot.org
Mon Nov 29 14:11:54 AEDT 2021 

This is an automated email from the git hooks/post-receive script.

djm pushed a commit to branch master
in repository openssh.

commit e6e7d2654a13ba10141da7b42ea683ea4eeb1f38
Author: Damien Miller <djm at mindrot.org>
Date:   Mon Nov 29 14:11:03 2021 +1100

    previous commit broke bcrypt_pbkdf()
    
    Accidentally reverted part of the conversion to use SHA512 from SUPERCOP
    instead of OpenBSD-style libc SHA512.
---
 openbsd-compat/bcrypt_pbkdf.c | 19 +++++++++++++------
 1 file changed, 13 insertions(+), 6 deletions(-)

diff --git a/openbsd-compat/bcrypt_pbkdf.c b/openbsd-compat/bcrypt_pbkdf.c
index 02165231..95b150f8 100644
--- a/openbsd-compat/bcrypt_pbkdf.c
+++ b/openbsd-compat/bcrypt_pbkdf.c
@@ -17,6 +17,8 @@
 
 /* OPENBSD ORIGINAL: lib/libutil/bcrypt_pbkdf.c */
 
+/* This version has been modified to use SHA512 from SUPERCOP */
+
 #include "includes.h"
 
 #ifndef HAVE_BCRYPT_PBKDF
@@ -117,7 +119,7 @@ bcrypt_pbkdf(const char *pass, size_t passlen, const uint8_t *salt, size_t saltl
 	uint8_t sha2salt[SHA512_DIGEST_LENGTH];
 	uint8_t out[BCRYPT_HASHSIZE];
 	uint8_t tmpout[BCRYPT_HASHSIZE];
-	uint8_t countsalt[4];
+	uint8_t *countsalt;
 	size_t i, j, amt, stride;
 	uint32_t count;
 	size_t origkeylen = keylen;
@@ -126,20 +128,24 @@ bcrypt_pbkdf(const char *pass, size_t passlen, const uint8_t *salt, size_t saltl
 	if (rounds < 1)
 		goto bad;
 	if (passlen == 0 || saltlen == 0 || keylen == 0 ||
-	    keylen > sizeof(out) * sizeof(out))
+	    keylen > sizeof(out) * sizeof(out) || saltlen > 1<<20)
+		goto bad;
+	if ((countsalt = calloc(1, saltlen + 4)) == NULL)
 		goto bad;
 	stride = (keylen + sizeof(out) - 1) / sizeof(out);
 	amt = (keylen + stride - 1) / stride;
 
+	memcpy(countsalt, salt, saltlen);
+
 	/* collapse password */
 	crypto_hash_sha512(sha2pass, pass, passlen);
 
 	/* generate key, sizeof(out) at a time */
 	for (count = 1; keylen > 0; count++) {
-		countsalt[0] = (count >> 24) & 0xff;
-		countsalt[1] = (count >> 16) & 0xff;
-		countsalt[2] = (count >> 8) & 0xff;
-		countsalt[3] = count & 0xff;
+		countsalt[saltlen + 0] = (count >> 24) & 0xff;
+		countsalt[saltlen + 1] = (count >> 16) & 0xff;
+		countsalt[saltlen + 2] = (count >> 8) & 0xff;
+		countsalt[saltlen + 3] = count & 0xff;
 
 		/* first round, salt is salt */
 		crypto_hash_sha512(sha2salt, countsalt, saltlen + 4);
@@ -169,6 +175,7 @@ bcrypt_pbkdf(const char *pass, size_t passlen, const uint8_t *salt, size_t saltl
 	}
 
 	/* zap */
+	freezero(countsalt, saltlen + 4);
 	explicit_bzero(out, sizeof(out));
 	explicit_bzero(tmpout, sizeof(tmpout));
 

-- 
To stop receiving notification emails like this one, please contact
djm at mindrot.org.

More information about the openssh-commits mailing list