lib: Silently truncate rbytes after a maximum of 512 bits for yescrypt.

Likewise for gost-yescrypt and scrypt, as those hashing methods share the same codebase.
besser82 · Nov 30, 2021 · a74a677 · a74a677
1 parent c50b731
commit a74a677
Show file tree

Hide file tree

Showing 3 changed files with 12 additions and 0 deletions.
diff --git a/lib/crypt-gost-yescrypt.c b/lib/crypt-gost-yescrypt.c
@@ -58,6 +58,10 @@ gensalt_gost_yescrypt_rn (unsigned long count,
                           const uint8_t *rbytes, size_t nrbytes,
                           uint8_t *output, size_t o_size)
 {
+  /* Up to 512 bits (64 bytes) of entropy for computing the salt portion
+     of the MCF-setting are supported.  */
+  nrbytes = (nrbytes > 64 ? 64 : nrbytes);
+
   if (o_size < 4 + 8 * 6 + BASE64_LEN (nrbytes) + 1 ||
       CRYPT_GENSALT_OUTPUT_SIZE < 4 + 8 * 6 + BASE64_LEN (nrbytes) + 1)
     {

diff --git a/lib/crypt-scrypt.c b/lib/crypt-scrypt.c
@@ -165,6 +165,10 @@ gensalt_scrypt_rn (unsigned long count,
                    const uint8_t *rbytes, size_t nrbytes,
                    uint8_t *output, size_t o_size)
 {
+  /* Up to 512 bits (64 bytes) of entropy for computing the salt portion
+     of the MCF-setting are supported.  */
+  nrbytes = (nrbytes > 64 ? 64 : nrbytes);
+
   if (o_size < 3 + 1 + 5 * 2 + BASE64_LEN (nrbytes) + 1 ||
       CRYPT_GENSALT_OUTPUT_SIZE < 3 + 1 + 5 * 2 + BASE64_LEN (nrbytes) + 1)
     {

diff --git a/lib/crypt-yescrypt.c b/lib/crypt-yescrypt.c
@@ -106,6 +106,10 @@ gensalt_yescrypt_rn (unsigned long count,
                      const uint8_t *rbytes, size_t nrbytes,
                      uint8_t *output, size_t o_size)
 {
+  /* Up to 512 bits (64 bytes) of entropy for computing the salt portion
+     of the MCF-setting are supported.  */
+  nrbytes = (nrbytes > 64 ? 64 : nrbytes);
+
   if (o_size < 3 + 8 * 6 + 1 + BASE64_LEN (nrbytes) + 1 ||
       CRYPT_GENSALT_OUTPUT_SIZE < 3 + 8 * 6 + 1 + BASE64_LEN (nrbytes) + 1)
     {