summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorTed Unangst <tedu@cvs.openbsd.org>2014-03-23 23:25:06 +0000
committerTed Unangst <tedu@cvs.openbsd.org>2014-03-23 23:25:06 +0000
commitdb91d1fc71927d9e81767957d6b11932cff16d64 (patch)
tree877d6394ff4e12840cbed368ec61fb1a21d63fcc
parent3d3b38e5701a64d805c57244bcce83b21e072230 (diff)
some improvements suggested by djm.
use better constant for salt size. always copy ":" to gerror, in case somebody is dumb enough to overwrite it timingsafe_bcmp before somebody whines about strcmp
-rw-r--r--lib/libc/crypt/bcrypt.c10
1 files changed, 6 insertions, 4 deletions
diff --git a/lib/libc/crypt/bcrypt.c b/lib/libc/crypt/bcrypt.c
index 7070cb73755..7d388cf2ea8 100644
--- a/lib/libc/crypt/bcrypt.c
+++ b/lib/libc/crypt/bcrypt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: bcrypt.c,v 1.33 2014/03/23 23:20:12 tedu Exp $ */
+/* $OpenBSD: bcrypt.c,v 1.34 2014/03/23 23:25:05 tedu Exp $ */
/*
* Copyright (c) 2014 Ted Unangst <tedu@openbsd.org>
@@ -228,7 +228,8 @@ bcrypt_checkpass(const char *pass, const char *goodhash)
if (bcrypt_hashpass(pass, goodhash, hash, sizeof(hash)) != 0)
return -1;
- if (strcmp(hash, goodhash) != 0)
+ if (strlen(hash) != strlen(goodhash) ||
+ timingsafe_bcmp(hash, goodhash, strlen(goodhash)) != 0)
return -1;
return 0;
}
@@ -327,7 +328,7 @@ encode_base64(u_int8_t *buffer, u_int8_t *data, u_int16_t len)
char *
bcrypt_gensalt(u_int8_t log_rounds)
{
- static char gsalt[7 + (BCRYPT_MAXSALT * 4 + 2) / 3 + 1];
+ static char gsalt[BCRYPT_SALTSPACE];
bcrypt_initsalt(log_rounds, gsalt, sizeof(gsalt));
@@ -338,9 +339,10 @@ char *
bcrypt(const char *pass, const char *salt)
{
static char gencrypted[_PASSWORD_LEN];
- static char gerror[] = ":";
+ static char gerror[2];
/* How do I handle errors ? Return ':' */
+ strlcpy(gerror, ":", sizeof(gerror));
if (bcrypt_hashpass(pass, salt, gencrypted, sizeof(gencrypted)) != 0)
return gerror;