diff options
Diffstat (limited to 'lib/libc')
-rw-r--r-- | lib/libc/crypt/bcrypt.c | 41 |
1 files changed, 26 insertions, 15 deletions
diff --git a/lib/libc/crypt/bcrypt.c b/lib/libc/crypt/bcrypt.c index 7760ac7c0cb..d7af344b972 100644 --- a/lib/libc/crypt/bcrypt.c +++ b/lib/libc/crypt/bcrypt.c @@ -1,4 +1,4 @@ -/* $OpenBSD: bcrypt.c,v 1.36 2014/03/24 00:00:29 tedu Exp $ */ +/* $OpenBSD: bcrypt.c,v 1.37 2014/04/08 20:14:25 tedu Exp $ */ /* * Copyright (c) 2014 Ted Unangst <tedu@openbsd.org> @@ -52,8 +52,8 @@ char *bcrypt_gensalt(u_int8_t); -static void encode_base64(u_int8_t *, u_int8_t *, u_int16_t); -static void decode_base64(u_int8_t *, u_int16_t, u_int8_t *); +static int encode_base64(char *, const u_int8_t *, size_t); +static int decode_base64(u_int8_t *, size_t, const char *); /* * Generates a salt for this version of crypt. @@ -74,7 +74,7 @@ bcrypt_initsalt(int log_rounds, uint8_t *salt, size_t saltbuflen) log_rounds = 31; snprintf(salt, saltbuflen, "$2a$%2.2u$", log_rounds); - encode_base64((uint8_t *)salt + 7, csalt, sizeof(csalt)); + encode_base64(salt + 7, csalt, sizeof(csalt)); return 0; } @@ -141,7 +141,7 @@ bcrypt_hashpass(const char *key, const char *salt, char *encrypted, return -1; /* We dont want the base64 salt but the raw data */ - decode_base64(csalt, BCRYPT_MAXSALT, (u_int8_t *) salt); + decode_base64(csalt, BCRYPT_MAXSALT, salt); salt_len = BCRYPT_MAXSALT; if (minor <= 'a') key_len = (u_int8_t)(strlen(key) + (minor >= 'a' ? 1 : 0)); @@ -194,8 +194,8 @@ bcrypt_hashpass(const char *key, const char *salt, char *encrypted, snprintf(encrypted + i, 4, "%2.2u$", logr); - encode_base64((u_int8_t *) encrypted + i + 3, csalt, BCRYPT_MAXSALT); - encode_base64((u_int8_t *) encrypted + strlen(encrypted), ciphertext, + encode_base64(encrypted + i + 3, csalt, BCRYPT_MAXSALT); + encode_base64(encrypted + strlen(encrypted), ciphertext, 4 * BCRYPT_BLOCKS - 1); memset(&state, 0, sizeof(state)); memset(ciphertext, 0, sizeof(ciphertext)); @@ -260,19 +260,23 @@ const static u_int8_t index_64[128] = { }; #define CHAR64(c) ( (c) > 127 ? 255 : index_64[(c)]) -static void -decode_base64(u_int8_t *buffer, u_int16_t len, u_int8_t *data) +/* + * read buflen (after decoding) bytes of data from b64data + */ +static int +decode_base64(u_int8_t *buffer, size_t len, const char *b64data) { u_int8_t *bp = buffer; - u_int8_t *p = data; + const u_int8_t *p = b64data; u_int8_t c1, c2, c3, c4; + while (bp < buffer + len) { c1 = CHAR64(*p); c2 = CHAR64(*(p + 1)); /* Invalid data */ if (c1 == 255 || c2 == 255) - break; + return -1; *bp++ = (c1 << 2) | ((c2 & 0x30) >> 4); if (bp >= buffer + len) @@ -293,14 +297,20 @@ decode_base64(u_int8_t *buffer, u_int16_t len, u_int8_t *data) p += 4; } + return 0; } -static void -encode_base64(u_int8_t *buffer, u_int8_t *data, u_int16_t len) +/* + * Turn len bytes of data into base64 encoded data. + * This works without = padding. + */ +static int +encode_base64(char *b64buffer, const u_int8_t *data, size_t len) { - u_int8_t *bp = buffer; - u_int8_t *p = data; + u_int8_t *bp = b64buffer; + const u_int8_t *p = data; u_int8_t c1, c2; + while (p < data + len) { c1 = *p++; *bp++ = Base64Code[(c1 >> 2)]; @@ -323,6 +333,7 @@ encode_base64(u_int8_t *buffer, u_int8_t *data, u_int16_t len) *bp++ = Base64Code[c2 & 0x3f]; } *bp = '\0'; + return 0; } /* |