From a74a677eaf8a9a22a952f38a6ec8c06798585c79 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Bj=C3=B6rn=20Esser?= <besser82@fedoraproject.org>
Date: Tue, 30 Nov 2021 21:37:25 +0100
Subject: [PATCH] lib: Silently truncate rbytes after a maximum of 512 bits for
 yescrypt.

Likewise for gost-yescrypt and scrypt, as those hashing methods share
the same codebase.
---
 lib/crypt-gost-yescrypt.c | 4 ++++
 lib/crypt-scrypt.c        | 4 ++++
 lib/crypt-yescrypt.c      | 4 ++++
 3 files changed, 12 insertions(+)

diff --git a/lib/crypt-gost-yescrypt.c b/lib/crypt-gost-yescrypt.c
index 16f26a14..190ae94b 100644
--- a/lib/crypt-gost-yescrypt.c
+++ b/lib/crypt-gost-yescrypt.c
@@ -58,6 +58,10 @@ gensalt_gost_yescrypt_rn (unsigned long count,
                           const uint8_t *rbytes, size_t nrbytes,
                           uint8_t *output, size_t o_size)
 {
+  /* Up to 512 bits (64 bytes) of entropy for computing the salt portion
+     of the MCF-setting are supported.  */
+  nrbytes = (nrbytes > 64 ? 64 : nrbytes);
+
   if (o_size < 4 + 8 * 6 + BASE64_LEN (nrbytes) + 1 ||
       CRYPT_GENSALT_OUTPUT_SIZE < 4 + 8 * 6 + BASE64_LEN (nrbytes) + 1)
     {
diff --git a/lib/crypt-scrypt.c b/lib/crypt-scrypt.c
index 5cc4110b..7375c204 100644
--- a/lib/crypt-scrypt.c
+++ b/lib/crypt-scrypt.c
@@ -165,6 +165,10 @@ gensalt_scrypt_rn (unsigned long count,
                    const uint8_t *rbytes, size_t nrbytes,
                    uint8_t *output, size_t o_size)
 {
+  /* Up to 512 bits (64 bytes) of entropy for computing the salt portion
+     of the MCF-setting are supported.  */
+  nrbytes = (nrbytes > 64 ? 64 : nrbytes);
+
   if (o_size < 3 + 1 + 5 * 2 + BASE64_LEN (nrbytes) + 1 ||
       CRYPT_GENSALT_OUTPUT_SIZE < 3 + 1 + 5 * 2 + BASE64_LEN (nrbytes) + 1)
     {
diff --git a/lib/crypt-yescrypt.c b/lib/crypt-yescrypt.c
index 84b7f19a..2caa5677 100644
--- a/lib/crypt-yescrypt.c
+++ b/lib/crypt-yescrypt.c
@@ -106,6 +106,10 @@ gensalt_yescrypt_rn (unsigned long count,
                      const uint8_t *rbytes, size_t nrbytes,
                      uint8_t *output, size_t o_size)
 {
+  /* Up to 512 bits (64 bytes) of entropy for computing the salt portion
+     of the MCF-setting are supported.  */
+  nrbytes = (nrbytes > 64 ? 64 : nrbytes);
+
   if (o_size < 3 + 8 * 6 + 1 + BASE64_LEN (nrbytes) + 1 ||
       CRYPT_GENSALT_OUTPUT_SIZE < 3 + 8 * 6 + 1 + BASE64_LEN (nrbytes) + 1)
     {