****************************************************************************/
The Blowfish cipher implementation is licensed by Niels Provis under
- a 4-clause BSD license:
+ a 3-clause BSD license:
* Blowfish - a fast block cipher designed by Bruce Schneier
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * This product includes software developed by Niels Provos.
- * 4. The name of the author may not be used to endorse or promote products
+ * 3. The name of the author may not be used to endorse or promote products
* derived from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
-/* $OpenBSD: bcrypt_pbkdf.c,v 1.13 2015/01/12 03:20:04 tedu Exp $ */
+/* $OpenBSD: bcrypt_pbkdf.c,v 1.16 2020/08/02 18:35:48 tb Exp $ */
/*
* Copyright (c) 2013 Ted Unangst <tedu@openbsd.org>
*
* function with the following modifications:
* 1. The input password and salt are preprocessed with SHA512.
* 2. The output length is expanded to 256 bits.
- * 3. Subsequently the magic string to be encrypted is lengthened and modified
+ * 3. Subsequently the magic string to be encrypted is lengthened and modifed
* to "OxychromaticBlowfishSwatDynamite"
* 4. The hash function is defined to perform 64 rounds of initial state
* expansion. (More rounds are performed by iterating the hash.)
#define BCRYPT_HASHSIZE (BCRYPT_WORDS * 4)
static void
-bcrypt_hash(u_int8_t *sha2pass, u_int8_t *sha2salt, u_int8_t *out)
+bcrypt_hash(uint8_t *sha2pass, uint8_t *sha2salt, uint8_t *out)
{
blf_ctx state;
- u_int8_t ciphertext[BCRYPT_HASHSIZE] =
+ uint8_t ciphertext[BCRYPT_HASHSIZE] =
"OxychromaticBlowfishSwatDynamite";
uint32_t cdata[BCRYPT_WORDS];
int i;
cdata[i] = Blowfish_stream2word(ciphertext, sizeof(ciphertext),
&j);
for (i = 0; i < 64; i++)
- blf_enc(&state, cdata, sizeof(cdata) / (sizeof(uint64_t)));
+ blf_enc(&state, cdata, BCRYPT_WORDS / 2);
/* copy out */
for (i = 0; i < BCRYPT_WORDS; i++) {
}
int
-bcrypt_pbkdf(const char *pass, size_t passlen, const u_int8_t *salt, size_t saltlen,
- u_int8_t *key, size_t keylen, unsigned int rounds)
+bcrypt_pbkdf(const char *pass, size_t passlen, const uint8_t *salt, size_t saltlen,
+ uint8_t *key, size_t keylen, unsigned int rounds)
{
- u_int8_t sha2pass[SHA512_DIGEST_LENGTH];
- u_int8_t sha2salt[SHA512_DIGEST_LENGTH];
- u_int8_t out[BCRYPT_HASHSIZE];
- u_int8_t tmpout[BCRYPT_HASHSIZE];
- u_int8_t *countsalt;
+ uint8_t sha2pass[SHA512_DIGEST_LENGTH];
+ uint8_t sha2salt[SHA512_DIGEST_LENGTH];
+ uint8_t out[BCRYPT_HASHSIZE];
+ uint8_t tmpout[BCRYPT_HASHSIZE];
+ uint8_t countsalt[4];
size_t i, j, amt, stride;
uint32_t count;
size_t origkeylen = keylen;
/* nothing crazy */
if (rounds < 1)
- return -1;
+ goto bad;
if (passlen == 0 || saltlen == 0 || keylen == 0 ||
- keylen > sizeof(out) * sizeof(out) || saltlen > 1<<20)
- return -1;
- if ((countsalt = calloc(1, saltlen + 4)) == NULL)
- return -1;
+ keylen > sizeof(out) * sizeof(out))
+ goto bad;
stride = (keylen + sizeof(out) - 1) / sizeof(out);
amt = (keylen + stride - 1) / stride;
- memcpy(countsalt, salt, saltlen);
-
/* collapse password */
crypto_hash_sha512(sha2pass, pass, passlen);
/* generate key, sizeof(out) at a time */
for (count = 1; keylen > 0; count++) {
- countsalt[saltlen + 0] = (count >> 24) & 0xff;
- countsalt[saltlen + 1] = (count >> 16) & 0xff;
- countsalt[saltlen + 2] = (count >> 8) & 0xff;
- countsalt[saltlen + 3] = count & 0xff;
+ countsalt[0] = (count >> 24) & 0xff;
+ countsalt[1] = (count >> 16) & 0xff;
+ countsalt[2] = (count >> 8) & 0xff;
+ countsalt[3] = count & 0xff;
/* first round, salt is salt */
crypto_hash_sha512(sha2salt, countsalt, saltlen + 4);
/* zap */
explicit_bzero(out, sizeof(out));
- free(countsalt);
+ explicit_bzero(tmpout, sizeof(tmpout));
return 0;
+
+bad:
+ /* overwrite with random in case caller doesn't check return code */
+ arc4random_buf(key, keylen);
+ return -1;
}
#endif /* HAVE_BCRYPT_PBKDF */
-/* $OpenBSD: blf.h,v 1.7 2007/03/14 17:59:41 grunk Exp $ */
+/* $OpenBSD: blf.h,v 1.8 2021/11/29 01:04:45 djm Exp $ */
/*
* Blowfish - a fast block cipher designed by Bruce Schneier
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * This product includes software developed by Niels Provos.
- * 4. The name of the author may not be used to endorse or promote products
+ * 3. The name of the author may not be used to endorse or promote products
* derived from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
-/* $OpenBSD: blowfish.c,v 1.18 2004/11/02 17:23:26 hshoexer Exp $ */
+/* $OpenBSD: blowfish.c,v 1.20 2021/11/29 01:04:45 djm Exp $ */
/*
* Blowfish block cipher for OpenBSD
* Copyright 1997 Niels Provos <provos@physnet.uni-hamburg.de>
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * This product includes software developed by Niels Provos.
- * 4. The name of the author may not be used to endorse or promote products
+ * 3. The name of the author may not be used to endorse or promote products
* derived from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
projects / thirdparty / openssh-portable.git / commitdiff
