2 files changed, 21 insertions, 29 deletions
diff --git a/openbsd-compat/Makefile.in b/openbsd-compat/Makefile.in
index 3866a5495..276646fa6 100644
--- a/openbsd-compat/Makefile.in
+++ b/openbsd-compat/Makefile.in
@@ -1,4 +1,4 @@
-# $Id: Makefile.in,v 1.53 2013/12/07 00:51:54 djm Exp $
+# $Id: Makefile.in,v 1.54 2013/12/07 01:37:54 djm Exp $
 sysconfdir=@sysconfdir@
 piddir=@piddir@
@@ -16,7 +16,7 @@ RANLIB=@RANLIB@
 INSTALL=@INSTALL@
 LDFLAGS=-L. @LDFLAGS@
-OPENBSD=base64.o basename.o bcrypt_pbkdf.o bindresvport.o blowfish.o daemon.o dirname.o fmt_scaled.o getcwd.o getgrouplist.o getopt_long.o getrrsetbyname.o glob.o inet_aton.o inet_ntoa.o inet_ntop.o mktemp.o pwcache.o readpassphrase.o realpath.o rresvport.o setenv.o setproctitle.o sha2.o sigact.o strlcat.o strlcpy.o strmode.o strnlen.o strptime.o strsep.o strtonum.o strtoll.o strtoul.o strtoull.o timingsafe_bcmp.o vis.o
+OPENBSD=base64.o basename.o bcrypt_pbkdf.o bindresvport.o blowfish.o daemon.o dirname.o fmt_scaled.o getcwd.o getgrouplist.o getopt_long.o getrrsetbyname.o glob.o inet_aton.o inet_ntoa.o inet_ntop.o mktemp.o pwcache.o readpassphrase.o realpath.o rresvport.o setenv.o setproctitle.o sha2.o sigact.o strlcat.o strlcpy.o strmode.o strnlen.o strptime.o strsep.o strtonum.o strtoll.o strtoul.o strtoull.o timingsafe_bcmp.o vis.o blowfish.o bcrypt_pbkdf.o
 COMPAT=arc4random.o bsd-asprintf.o bsd-closefrom.o bsd-cray.o bsd-cygwin_util.o bsd-getpeereid.o getrrsetbyname-ldns.o bsd-misc.o bsd-nextstep.o bsd-openpty.o bsd-poll.o bsd-setres_id.o bsd-snprintf.o bsd-statvfs.o bsd-waitpid.o fake-rfc2553.o openssl-compat.o xmmap.o xcrypt.o
diff --git a/openbsd-compat/bcrypt_pbkdf.c b/openbsd-compat/bcrypt_pbkdf.c
index 58bbfe15b..e0736feaf 100644
--- a/openbsd-compat/bcrypt_pbkdf.c
+++ b/openbsd-compat/bcrypt_pbkdf.c
@@ -24,18 +24,13 @@
 #include <stdlib.h>
 #include <string.h>
-#include <util.h>
 #ifdef HAVE_BLF_H
 # include <blf.h>
 #endif
-#ifdef HAVE_SHA256_UPDATE
-# ifdef HAVE_SHA2_H
+#include "crypto_api.h"
-#  include <sha2.h>
+#define SHA512_DIGEST_LENGTH crypto_hash_sha512_BYTES
-# elif defined(HAVE_CRYPTO_SHA2_H)
-#  include <crypto/sha2.h>
-# endif
-#endif
 /*
 * pkcs #5 pbkdf2 implementation using the "bcrypt" hash
@@ -109,12 +104,11 @@ int
 bcrypt_pbkdf(const char *pass, size_t passlen, const u_int8_t *salt, size_t saltlen,
    u_int8_t *key, size_t keylen, unsigned int rounds)
 {
-        SHA2_CTX ctx;
        u_int8_t sha2pass[SHA512_DIGEST_LENGTH];
        u_int8_t sha2salt[SHA512_DIGEST_LENGTH];
        u_int8_t out[BCRYPT_HASHSIZE];
        u_int8_t tmpout[BCRYPT_HASHSIZE];
-        u_int8_t countsalt[4];
+        u_int8_t *countsalt;
        size_t i, j, amt, stride;
        uint32_t count;
@@ -122,37 +116,34 @@ bcrypt_pbkdf(const char *pass, size_t passlen, const u_int8_t *salt, size_t salt
        if (rounds < 1)
                return -1;
        if (passlen == 0 || saltlen == 0 || keylen == 0 ||
-            keylen > sizeof(out) * sizeof(out))
+            keylen > sizeof(out) * sizeof(out) || saltlen > 1<<20)
+                return -1;
+        if ((countsalt = calloc(1, saltlen + 4)) == NULL)
                return -1;
        stride = (keylen + sizeof(out) - 1) / sizeof(out);
        amt = (keylen + stride - 1) / stride;
-        /* collapse password */
+        memcpy(countsalt, salt, saltlen);
-        SHA512Init(&ctx);
-        SHA512Update(&ctx, pass, passlen);
-        SHA512Final(sha2pass, &ctx);
+        /* collapse password */
+        crypto_hash_sha512(sha2pass, pass, passlen);
        /* generate key, sizeof(out) at a time */
        for (count = 1; keylen > 0; count++) {
-                countsalt[0] = (count >> 24) & 0xff;
+                countsalt[saltlen + 0] = (count >> 24) & 0xff;
-                countsalt[1] = (count >> 16) & 0xff;
+                countsalt[saltlen + 1] = (count >> 16) & 0xff;
-                countsalt[2] = (count >> 8) & 0xff;
+                countsalt[saltlen + 2] = (count >> 8) & 0xff;
-                countsalt[3] = count & 0xff;
+                countsalt[saltlen + 3] = count & 0xff;
                /* first round, salt is salt */
-                SHA512Init(&ctx);
+                crypto_hash_sha512(sha2salt, countsalt, saltlen + 4);
-                SHA512Update(&ctx, salt, saltlen);
-                SHA512Update(&ctx, countsalt, sizeof(countsalt));
-                SHA512Final(sha2salt, &ctx);
                bcrypt_hash(sha2pass, sha2salt, tmpout);
                memcpy(out, tmpout, sizeof(out));
                for (i = 1; i < rounds; i++) {
                        /* subsequent rounds, salt is previous output */
-                        SHA512Init(&ctx);
+                        crypto_hash_sha512(sha2salt, tmpout, sizeof(tmpout));
-                        SHA512Update(&ctx, tmpout, sizeof(tmpout));
-                        SHA512Final(sha2salt, &ctx);
                        bcrypt_hash(sha2pass, sha2salt, tmpout);
                        for (j = 0; j < sizeof(out); j++)
                                out[j] ^= tmpout[j];
@@ -168,8 +159,9 @@ bcrypt_pbkdf(const char *pass, size_t passlen, const u_int8_t *salt, size_t salt
        }
        /* zap */
-        memset(&ctx, 0, sizeof(ctx));
        memset(out, 0, sizeof(out));
+        memset(countsalt, 0, saltlen + 4);
+        free(countsalt);
        return 0;
 }

diff --git a/openbsd-compat/Makefile.in b/openbsd-compat/Makefile.in index 3866a5495..276646fa6 100644 --- a/openbsd-compat/Makefile.in +++ b/openbsd-compat/Makefile.in
@@ -1,4 +1,4 @@
1	# $Id: Makefile.in,v 1.53 2013/12/07 00:51:54 djm Exp $	1	# $Id: Makefile.in,v 1.54 2013/12/07 01:37:54 djm Exp $
2		2
3	sysconfdir=@sysconfdir@	3	sysconfdir=@sysconfdir@
4	piddir=@piddir@	4	piddir=@piddir@
@@ -16,7 +16,7 @@ RANLIB=@RANLIB@
16	INSTALL=@INSTALL@	16	INSTALL=@INSTALL@
17	LDFLAGS=-L. @LDFLAGS@	17	LDFLAGS=-L. @LDFLAGS@
18		18
19	OPENBSD=base64.o basename.o bcrypt_pbkdf.o bindresvport.o blowfish.o daemon.o dirname.o fmt_scaled.o getcwd.o getgrouplist.o getopt_long.o getrrsetbyname.o glob.o inet_aton.o inet_ntoa.o inet_ntop.o mktemp.o pwcache.o readpassphrase.o realpath.o rresvport.o setenv.o setproctitle.o sha2.o sigact.o strlcat.o strlcpy.o strmode.o strnlen.o strptime.o strsep.o strtonum.o strtoll.o strtoul.o strtoull.o timingsafe_bcmp.o vis.o	19	OPENBSD=base64.o basename.o bcrypt_pbkdf.o bindresvport.o blowfish.o daemon.o dirname.o fmt_scaled.o getcwd.o getgrouplist.o getopt_long.o getrrsetbyname.o glob.o inet_aton.o inet_ntoa.o inet_ntop.o mktemp.o pwcache.o readpassphrase.o realpath.o rresvport.o setenv.o setproctitle.o sha2.o sigact.o strlcat.o strlcpy.o strmode.o strnlen.o strptime.o strsep.o strtonum.o strtoll.o strtoul.o strtoull.o timingsafe_bcmp.o vis.o blowfish.o bcrypt_pbkdf.o
20		20
21	COMPAT=arc4random.o bsd-asprintf.o bsd-closefrom.o bsd-cray.o bsd-cygwin_util.o bsd-getpeereid.o getrrsetbyname-ldns.o bsd-misc.o bsd-nextstep.o bsd-openpty.o bsd-poll.o bsd-setres_id.o bsd-snprintf.o bsd-statvfs.o bsd-waitpid.o fake-rfc2553.o openssl-compat.o xmmap.o xcrypt.o	21	COMPAT=arc4random.o bsd-asprintf.o bsd-closefrom.o bsd-cray.o bsd-cygwin_util.o bsd-getpeereid.o getrrsetbyname-ldns.o bsd-misc.o bsd-nextstep.o bsd-openpty.o bsd-poll.o bsd-setres_id.o bsd-snprintf.o bsd-statvfs.o bsd-waitpid.o fake-rfc2553.o openssl-compat.o xmmap.o xcrypt.o
22		22


diff --git a/openbsd-compat/bcrypt_pbkdf.c b/openbsd-compat/bcrypt_pbkdf.c index 58bbfe15b..e0736feaf 100644 --- a/openbsd-compat/bcrypt_pbkdf.c +++ b/openbsd-compat/bcrypt_pbkdf.c
@@ -24,18 +24,13 @@
24		24
25	#include <stdlib.h>	25	#include <stdlib.h>
26	#include <string.h>	26	#include <string.h>
27	#include <util.h>
28		27
29	#ifdef HAVE_BLF_H	28	#ifdef HAVE_BLF_H
30	# include <blf.h>	29	# include <blf.h>
31	#endif	30	#endif
32	#ifdef HAVE_SHA256_UPDATE	31
33	# ifdef HAVE_SHA2_H	32	#include "crypto_api.h"
34	# include <sha2.h>	33	#define SHA512_DIGEST_LENGTH crypto_hash_sha512_BYTES
35	# elif defined(HAVE_CRYPTO_SHA2_H)
36	# include <crypto/sha2.h>
37	# endif
38	#endif
39		34
40	/*	35	/*
41	* pkcs #5 pbkdf2 implementation using the "bcrypt" hash	36	* pkcs #5 pbkdf2 implementation using the "bcrypt" hash
@@ -109,12 +104,11 @@ int
109	bcrypt_pbkdf(const char pass, size_t passlen, const u_int8_t salt, size_t saltlen,	104	bcrypt_pbkdf(const char pass, size_t passlen, const u_int8_t salt, size_t saltlen,
110	u_int8_t *key, size_t keylen, unsigned int rounds)	105	u_int8_t *key, size_t keylen, unsigned int rounds)
111	{	106	{
112	SHA2_CTX ctx;
113	u_int8_t sha2pass[SHA512_DIGEST_LENGTH];	107	u_int8_t sha2pass[SHA512_DIGEST_LENGTH];
114	u_int8_t sha2salt[SHA512_DIGEST_LENGTH];	108	u_int8_t sha2salt[SHA512_DIGEST_LENGTH];
115	u_int8_t out[BCRYPT_HASHSIZE];	109	u_int8_t out[BCRYPT_HASHSIZE];
116	u_int8_t tmpout[BCRYPT_HASHSIZE];	110	u_int8_t tmpout[BCRYPT_HASHSIZE];
117	u_int8_t countsalt[4];	111	u_int8_t *countsalt;
118	size_t i, j, amt, stride;	112	size_t i, j, amt, stride;
119	uint32_t count;	113	uint32_t count;
120		114
@@ -122,37 +116,34 @@ bcrypt_pbkdf(const char pass, size_t passlen, const u_int8_t salt, size_t salt
122	if (rounds < 1)	116	if (rounds < 1)
123	return -1;	117	return -1;
124	if (passlen == 0 \|\| saltlen == 0 \|\| keylen == 0 \|\|	118	if (passlen == 0 \|\| saltlen == 0 \|\| keylen == 0 \|\|
125	keylen > sizeof(out) * sizeof(out))	119	keylen > sizeof(out) * sizeof(out) \|\| saltlen > 1<<20)
		120	return -1;
		121	if ((countsalt = calloc(1, saltlen + 4)) == NULL)
126	return -1;	122	return -1;
127	stride = (keylen + sizeof(out) - 1) / sizeof(out);	123	stride = (keylen + sizeof(out) - 1) / sizeof(out);
128	amt = (keylen + stride - 1) / stride;	124	amt = (keylen + stride - 1) / stride;
129		125
130	/* collapse password */	126	memcpy(countsalt, salt, saltlen);
131	SHA512Init(&ctx);
132	SHA512Update(&ctx, pass, passlen);
133	SHA512Final(sha2pass, &ctx);
134		127
		128	/* collapse password */
		129	crypto_hash_sha512(sha2pass, pass, passlen);
135		130
136	/* generate key, sizeof(out) at a time */	131	/* generate key, sizeof(out) at a time */
137	for (count = 1; keylen > 0; count++) {	132	for (count = 1; keylen > 0; count++) {
138	countsalt[0] = (count >> 24) & 0xff;	133	countsalt[saltlen + 0] = (count >> 24) & 0xff;
139	countsalt[1] = (count >> 16) & 0xff;	134	countsalt[saltlen + 1] = (count >> 16) & 0xff;
140	countsalt[2] = (count >> 8) & 0xff;	135	countsalt[saltlen + 2] = (count >> 8) & 0xff;
141	countsalt[3] = count & 0xff;	136	countsalt[saltlen + 3] = count & 0xff;
142		137
143	/* first round, salt is salt */	138	/* first round, salt is salt */
144	SHA512Init(&ctx);	139	crypto_hash_sha512(sha2salt, countsalt, saltlen + 4);
145	SHA512Update(&ctx, salt, saltlen);	140
146	SHA512Update(&ctx, countsalt, sizeof(countsalt));
147	SHA512Final(sha2salt, &ctx);
148	bcrypt_hash(sha2pass, sha2salt, tmpout);	141	bcrypt_hash(sha2pass, sha2salt, tmpout);
149	memcpy(out, tmpout, sizeof(out));	142	memcpy(out, tmpout, sizeof(out));
150		143
151	for (i = 1; i < rounds; i++) {	144	for (i = 1; i < rounds; i++) {
152	/* subsequent rounds, salt is previous output */	145	/* subsequent rounds, salt is previous output */
153	SHA512Init(&ctx);	146	crypto_hash_sha512(sha2salt, tmpout, sizeof(tmpout));
154	SHA512Update(&ctx, tmpout, sizeof(tmpout));
155	SHA512Final(sha2salt, &ctx);
156	bcrypt_hash(sha2pass, sha2salt, tmpout);	147	bcrypt_hash(sha2pass, sha2salt, tmpout);
157	for (j = 0; j < sizeof(out); j++)	148	for (j = 0; j < sizeof(out); j++)
158	out[j] ^= tmpout[j];	149	out[j] ^= tmpout[j];
@@ -168,8 +159,9 @@ bcrypt_pbkdf(const char pass, size_t passlen, const u_int8_t salt, size_t salt
168	}	159	}
169		160
170	/* zap */	161	/* zap */
171	memset(&ctx, 0, sizeof(ctx));
172	memset(out, 0, sizeof(out));	162	memset(out, 0, sizeof(out));
		163	memset(countsalt, 0, saltlen + 4);
		164	free(countsalt);
173		165
174	return 0;	166	return 0;
175	}	167	}