diff options
author | Ted Unangst <tedu@cvs.openbsd.org> | 2014-03-23 23:25:06 +0000 |
---|---|---|
committer | Ted Unangst <tedu@cvs.openbsd.org> | 2014-03-23 23:25:06 +0000 |
commit | db91d1fc71927d9e81767957d6b11932cff16d64 (patch) | |
tree | 877d6394ff4e12840cbed368ec61fb1a21d63fcc | |
parent | 3d3b38e5701a64d805c57244bcce83b21e072230 (diff) |
some improvements suggested by djm.
use better constant for salt size.
always copy ":" to gerror, in case somebody is dumb enough to overwrite it
timingsafe_bcmp before somebody whines about strcmp
-rw-r--r-- | lib/libc/crypt/bcrypt.c | 10 |
1 files changed, 6 insertions, 4 deletions
diff --git a/lib/libc/crypt/bcrypt.c b/lib/libc/crypt/bcrypt.c index 7070cb73755..7d388cf2ea8 100644 --- a/lib/libc/crypt/bcrypt.c +++ b/lib/libc/crypt/bcrypt.c @@ -1,4 +1,4 @@ -/* $OpenBSD: bcrypt.c,v 1.33 2014/03/23 23:20:12 tedu Exp $ */ +/* $OpenBSD: bcrypt.c,v 1.34 2014/03/23 23:25:05 tedu Exp $ */ /* * Copyright (c) 2014 Ted Unangst <tedu@openbsd.org> @@ -228,7 +228,8 @@ bcrypt_checkpass(const char *pass, const char *goodhash) if (bcrypt_hashpass(pass, goodhash, hash, sizeof(hash)) != 0) return -1; - if (strcmp(hash, goodhash) != 0) + if (strlen(hash) != strlen(goodhash) || + timingsafe_bcmp(hash, goodhash, strlen(goodhash)) != 0) return -1; return 0; } @@ -327,7 +328,7 @@ encode_base64(u_int8_t *buffer, u_int8_t *data, u_int16_t len) char * bcrypt_gensalt(u_int8_t log_rounds) { - static char gsalt[7 + (BCRYPT_MAXSALT * 4 + 2) / 3 + 1]; + static char gsalt[BCRYPT_SALTSPACE]; bcrypt_initsalt(log_rounds, gsalt, sizeof(gsalt)); @@ -338,9 +339,10 @@ char * bcrypt(const char *pass, const char *salt) { static char gencrypted[_PASSWORD_LEN]; - static char gerror[] = ":"; + static char gerror[2]; /* How do I handle errors ? Return ':' */ + strlcpy(gerror, ":", sizeof(gerror)); if (bcrypt_hashpass(pass, salt, gencrypted, sizeof(gencrypted)) != 0) return gerror; |