diff options
| author | Björn Esser <besser82@fedoraproject.org> | 2021-11-30 21:37:25 +0100 |
|---|---|---|
| committer | Björn Esser <besser82@fedoraproject.org> | 2021-11-30 22:00:52 +0100 |
| commit | a74a677eaf8a9a22a952f38a6ec8c06798585c79 (patch) | |
| tree | fa6cc90fed264182da61fe2ea93d0ae752e7ebf4 | |
| parent | c50b731f83bc4c3cf90804ffe188a157e2c83f62 (diff) | |
| download | libxcrypt-a74a677eaf8a9a22a952f38a6ec8c06798585c79.tar.gz libxcrypt-a74a677eaf8a9a22a952f38a6ec8c06798585c79.tar.bz2 libxcrypt-a74a677eaf8a9a22a952f38a6ec8c06798585c79.zip | |
lib: Silently truncate rbytes after a maximum of 512 bits for yescrypt.
Likewise for gost-yescrypt and scrypt, as those hashing methods share
the same codebase.
| -rw-r--r-- | lib/crypt-gost-yescrypt.c | 4 | ||||
| -rw-r--r-- | lib/crypt-scrypt.c | 4 | ||||
| -rw-r--r-- | lib/crypt-yescrypt.c | 4 |
3 files changed, 12 insertions, 0 deletions
diff --git a/lib/crypt-gost-yescrypt.c b/lib/crypt-gost-yescrypt.c index 16f26a1..190ae94 100644 --- a/lib/crypt-gost-yescrypt.c +++ b/lib/crypt-gost-yescrypt.c @@ -58,6 +58,10 @@ gensalt_gost_yescrypt_rn (unsigned long count, const uint8_t *rbytes, size_t nrbytes, uint8_t *output, size_t o_size) { + /* Up to 512 bits (64 bytes) of entropy for computing the salt portion + of the MCF-setting are supported. */ + nrbytes = (nrbytes > 64 ? 64 : nrbytes); + if (o_size < 4 + 8 * 6 + BASE64_LEN (nrbytes) + 1 || CRYPT_GENSALT_OUTPUT_SIZE < 4 + 8 * 6 + BASE64_LEN (nrbytes) + 1) { diff --git a/lib/crypt-scrypt.c b/lib/crypt-scrypt.c index 5cc4110..7375c20 100644 --- a/lib/crypt-scrypt.c +++ b/lib/crypt-scrypt.c @@ -165,6 +165,10 @@ gensalt_scrypt_rn (unsigned long count, const uint8_t *rbytes, size_t nrbytes, uint8_t *output, size_t o_size) { + /* Up to 512 bits (64 bytes) of entropy for computing the salt portion + of the MCF-setting are supported. */ + nrbytes = (nrbytes > 64 ? 64 : nrbytes); + if (o_size < 3 + 1 + 5 * 2 + BASE64_LEN (nrbytes) + 1 || CRYPT_GENSALT_OUTPUT_SIZE < 3 + 1 + 5 * 2 + BASE64_LEN (nrbytes) + 1) { diff --git a/lib/crypt-yescrypt.c b/lib/crypt-yescrypt.c index 84b7f19..2caa567 100644 --- a/lib/crypt-yescrypt.c +++ b/lib/crypt-yescrypt.c @@ -106,6 +106,10 @@ gensalt_yescrypt_rn (unsigned long count, const uint8_t *rbytes, size_t nrbytes, uint8_t *output, size_t o_size) { + /* Up to 512 bits (64 bytes) of entropy for computing the salt portion + of the MCF-setting are supported. */ + nrbytes = (nrbytes > 64 ? 64 : nrbytes); + if (o_size < 3 + 8 * 6 + 1 + BASE64_LEN (nrbytes) + 1 || CRYPT_GENSALT_OUTPUT_SIZE < 3 + 8 * 6 + 1 + BASE64_LEN (nrbytes) + 1) { |