diff options
| -rw-r--r-- | lib/libc/crypt/bcrypt.c | 44 | ||||
| -rw-r--r-- | lib/libc/shlib_version | 2 |
2 files changed, 33 insertions, 13 deletions
diff --git a/lib/libc/crypt/bcrypt.c b/lib/libc/crypt/bcrypt.c index f626c2f4538..0a0cca14a10 100644 --- a/lib/libc/crypt/bcrypt.c +++ b/lib/libc/crypt/bcrypt.c @@ -1,4 +1,4 @@ -/* $OpenBSD: bcrypt.c,v 1.5 1997/04/30 05:57:04 tholo Exp $ */ +/* $OpenBSD: bcrypt.c,v 1.6 1997/07/01 20:12:43 provos Exp $ */ /* * Copyright 1997 Niels Provos <provos@physnet.uni-hamburg.de> * All rights reserved. @@ -152,11 +152,12 @@ encode_salt(salt, csalt, clen, logr) { salt[0] = '$'; salt[1] = BCRYPT_VERSION; - salt[2] = '$'; + salt[2] = 'a'; + salt[3] = '$'; - snprintf(salt + 3, 4, "%2.2u$", logr); + snprintf(salt + 4, 4, "%2.2u$", logr); - encode_base64((u_int8_t *) salt + 6, csalt, clen); + encode_base64((u_int8_t *) salt + 7, csalt, clen); } /* Generates a salt for this version of crypt. Since versions may change. Keeping this here @@ -200,10 +201,11 @@ bcrypt(key, salt) blf_ctx state; u_int32_t rounds, i, k; u_int16_t j; - u_int8_t key_len, salt_len, logr; + u_int8_t key_len, salt_len, logr, minor; u_int8_t ciphertext[4 * BCRYPT_BLOCKS] = "OrpheanBeholderScryDoubt"; u_int8_t csalt[BCRYPT_MAXSALT]; u_int32_t cdata[BCRYPT_BLOCKS]; + /* Discard "$" identifier */ salt++; @@ -211,10 +213,25 @@ bcrypt(key, salt) /* How do I handle errors ? Return ':' */ return error; } + + /* Check for minor versions */ + if (salt[1] != '$') { + switch(salt[1]) { + case 'a': + /* 'ab' should not yield the same as 'abab' */ + minor = salt[1]; + salt++; + break; + default: + return error; + } + } else + minor = 0; + /* Discard version + "$" identifier */ salt += 2; - if (*(salt + 2) != '$') + if (salt[2] != '$') /* Out of sync with passwd entry */ return error; @@ -228,7 +245,7 @@ bcrypt(key, salt) /* We dont want the base64 salt but the raw data */ decode_base64(csalt, BCRYPT_MAXSALT, (u_int8_t *) salt); salt_len = BCRYPT_MAXSALT; - key_len = strlen(key); + key_len = strlen(key) + (minor >= 'a' ? 1 : 0); /* Setting up S-Boxes and Subkeys */ Blowfish_initstate(&state); @@ -259,13 +276,16 @@ bcrypt(key, salt) } - encrypted[0] = '$'; - encrypted[1] = BCRYPT_VERSION; - encrypted[2] = '$'; + i = 0; + encrypted[i++] = '$'; + encrypted[i++] = BCRYPT_VERSION; + if (minor) + encrypted[i++] = minor; + encrypted[i++] = '$'; - snprintf(encrypted + 3, 4, "%2.2u$", logr); + snprintf(encrypted + i, 4, "%2.2u$", logr); - encode_base64((u_int8_t *) encrypted + 6, csalt, BCRYPT_MAXSALT); + encode_base64((u_int8_t *) encrypted + i + 3, csalt, BCRYPT_MAXSALT); encode_base64((u_int8_t *) encrypted + strlen(encrypted), ciphertext, 4 * BCRYPT_BLOCKS); return encrypted; diff --git a/lib/libc/shlib_version b/lib/libc/shlib_version index 6b53f29f80a..712afbbad41 100644 --- a/lib/libc/shlib_version +++ b/lib/libc/shlib_version @@ -1,2 +1,2 @@ major=16 -minor=3 +minor=4 |