Project

General

Profile

Feature #4621 » bsdbf.diff

Patrick Domack, 2014-02-25 04:48 AM

View differences:

usr/src/cmd/initpkg/security/crypt.conf 2014-02-24 23:03:02.863447281 -0500
27 27

  
28 28
1	crypt_bsdmd5.so.1
29 29
2a	crypt_bsdbf.so.1
30
2b	crypt_bsdbf.so.1
30 31
md5	crypt_sunmd5.so.1
31 32
5	crypt_sha256.so.1
32 33
6	crypt_sha512.so.1
33
-- usr/src/lib/crypt_modules/bsdbf/bcrypt.c.orig	2014-02-24 22:43:32.551516559 -0500
34
++ usr/src/lib/crypt_modules/bsdbf/bcrypt.c	2014-02-24 23:17:04.087958572 -0500
......
189 189
	blf_ctx state;
190 190
	uint32_t rounds, i, k;
191 191
	uint16_t j;
192
	uint8_t key_len, salt_len, logr, minor;
192
	size_t key_len, 
193
	uint8_t salt_len, logr, minor;
193 194
	uint8_t ciphertext[4 * BCRYPT_BLOCKS] = "OrpheanBeholderScryDoubt";
194 195
	uint8_t csalt[BCRYPT_MAXSALT];
195 196
	uint32_t cdata[BCRYPT_BLOCKS];
......
205 206
	/* Check for minor versions */
206 207
	if (salt[1] != '$') {
207 208
		 switch (salt[1]) {
208
		 case 'a':
209
			 /* 'ab' should not yield the same as 'abab' */
209
		 case 'a': /* 'ab' should not yield the same as 'abab' */
210
		 case 'b': /* cap input length at 72 bytes */
210 211
			 minor = salt[1];
211 212
			 salt++;
212 213
			 break;
......
236 237
	/* We dont want the base64 salt but the raw data */
237 238
	decode_base64(csalt, BCRYPT_MAXSALT, (uint8_t *) salt);
238 239
	salt_len = BCRYPT_MAXSALT;
239
	key_len = strlen(key) + (minor >= 'a' ? 1 : 0);
240
	if (minor <= 'a')
241
		key_len = (uint8_t)(strlen(key) + (minor >= 'a' ? 1 : 0));
242
	else {
243
		/* strlen() returns a size_t, but the function calls
244
             	 * below result in implicit casts to a narrower integer
245
             	 * type, so cap key_len at the actual maximum supported
246
             	 * length here to avoid integer wraparound */
247
             	key_len = strlen(key);
248
             	if (key_len > 72)
249
             		key_len = 72;
250
		key_len++; /* include the NUL */
251
	}
240 252

  
241 253
	/* Setting up S-Boxes and Subkeys */
242 254
	Blowfish_initstate(&state);
(1-1/2)