From 8ff81631875690938dc775fcc92b4c86cc89ea6d Mon Sep 17 00:00:00 2001 From: Peter Marschall Date: Tue, 7 Apr 2020 12:11:38 +0200 Subject: [PATCH] ITS#9206 contrib/passwd/argon2: consolidate libsodium implementation * use 'crypto_pwhash_str_alg(..., crypto_pwhash_ALG_ARGON2ID13)' to set the algorithm to Argon2. According to libsodium's documentation, the original 'crypto_pwhash_str()' only guarantees a "memory-hard, CPU-intensive hash function", but not necessarily Argon2. Although in released versions of libsodium Argon2 is the only implemented backend, this may chane in the future. * multiply the 'memory' parameter by 1024 to align it with the libargon2 implementation. The objective is to have consistent configuration in OpenLDAP's pw-argon2 module no matter what backend implementation is used. Signed-off-by: Peter Marschall --- contrib/slapd-modules/passwd/argon2/pw-argon2.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/contrib/slapd-modules/passwd/argon2/pw-argon2.c b/contrib/slapd-modules/passwd/argon2/pw-argon2.c index a39f852195..e273943c85 100644 --- a/contrib/slapd-modules/passwd/argon2/pw-argon2.c +++ b/contrib/slapd-modules/passwd/argon2/pw-argon2.c @@ -128,8 +128,9 @@ slapd_argon2_hash( AC_MEMCPY( hash->bv_val, scheme->bv_val, scheme->bv_len ); p += scheme->bv_len; - if ( crypto_pwhash_str( p, passwd->bv_val, passwd->bv_len, - iterations, memory ) == 0 ) { + if ( crypto_pwhash_str_alg( p, passwd->bv_val, passwd->bv_len, + iterations, memory * 1024, + crypto_pwhash_ALG_ARGON2ID13 ) == 0 ) { hash->bv_len = strlen( hash->bv_val ); rc = LUTIL_PASSWD_OK; } -- 2.47.3