Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Thu, 12 Jan 2017 15:06:58 +0100
From: Julien Ramseier <j.ramseier@...il.com>
To: musl@...ts.openwall.com
Subject: Re: [PATCH] crypt_blowfish: support $2b$ prefix


> Le 12 janv. 2017 à 05:14, Rich Felker <dalias@...c.org> a écrit :
> 
>> 
>> @@ -746,9 +749,11 @@ char *__crypt_blowfish(const char *key, const char *setting, char *output)
>> {
>> 	const char *test_key = "8b \xd0\xc1\xd2\xcf\xcc\xd8";
>> 	const char *test_setting = "$2a$00$abcdefghijklmnopqrstuu";
>> -	static const char test_hash[2][34] =
>> -		{"VUrPmXD6q/nVSSp7pNDhCR9071IfIRe\0\x55", /* $2x$ */
>> -		"i1D709vfamulimlGcq0qq3UvuUasvEa\0\x55"}; /* $2a$, $2y$ */
>> +	static const char *const test_hashes[2] = {
>> +		"i1D709vfamulimlGcq0qq3UvuUasvEa\0\x55", /* 'a', 'b', 'y' */
>> +		"VUrPmXD6q/nVSSp7pNDhCR9071IfIRe\0\x55", /* 'x' */
>> +	};
>> +	const char *test_hash = test_hashes[0];
> 
> Use of a 2d array rather than array of pointers is intentional. It
> allows everything to be in read-only shared memory in
> position-independent code (libc.so or static-pie).
> 
>> 	char *retval;
>> 	const char *p;
>> 	int ok;
>> @@ -768,8 +773,11 @@ char *__crypt_blowfish(const char *key, const char *setting, char *output)
>>  * detected by the self-test.
>>  */
>> 	memcpy(buf.s, test_setting, sizeof(buf.s));
>> -	if (retval)
>> +	if (retval) {
>> +		unsigned int flags = flags_by_subtype[setting[2] - 'a'];
>> +		test_hash = test_hashes[flags & 1];
>> 		buf.s[2] = setting[2];
>> +	}
>> 	memset(buf.o, 0x55, sizeof(buf.o));
>> 	buf.o[sizeof(buf.o) - 1] = 0;
>> 	p = BF_crypt(test_key, buf.s, buf.o, 1);
>> @@ -777,7 +785,7 @@ char *__crypt_blowfish(const char *key, const char *setting, char *output)
>> 	ok = (p == buf.o &&
>> 	    !memcmp(p, buf.s, 7 + 22) &&
>> 	    !memcmp(p + (7 + 22),
>> -	    test_hash[buf.s[2] & 1],
>> +	    test_hash,
>> 	    31 + 1 + 1 + 1));
>> 
>> 	{
> 
> Is there any concrete improvement being made here?
> 

No improvements per se, but needed to select the correct test hash when using
the 'b' setting.

Here's v2 patch which now uses a 2D array as you suggested.


Download attachment "crypt_blowfish-V2.patch" of type "application/octet-stream" (3919 bytes)




Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.