lib: Silently truncate rbytes after a maximum of 512 bits for yescrypt.

besser82 · besser82 · commit a74a677eaf8a · 2021-11-30T22:00:52.000+01:00
Likewise for gost-yescrypt and scrypt, as those hashing methods share
the same codebase.
diff --git a/lib/crypt-gost-yescrypt.c b/lib/crypt-gost-yescrypt.c
@@ -58,6 +58,10 @@ gensalt_gost_yescrypt_rn (unsigned long count,
                           const uint8_t *rbytes, size_t nrbytes,
                           uint8_t *output, size_t o_size)
 {
+  /* Up to 512 bits (64 bytes) of entropy for computing the salt portion
+     of the MCF-setting are supported.  */
+  nrbytes = (nrbytes > 64 ? 64 : nrbytes);
+
   if (o_size < 4 + 8 * 6 + BASE64_LEN (nrbytes) + 1 ||
       CRYPT_GENSALT_OUTPUT_SIZE < 4 + 8 * 6 + BASE64_LEN (nrbytes) + 1)
     {
diff --git a/lib/crypt-scrypt.c b/lib/crypt-scrypt.c
@@ -165,6 +165,10 @@ gensalt_scrypt_rn (unsigned long count,
                    const uint8_t *rbytes, size_t nrbytes,
                    uint8_t *output, size_t o_size)
 {
+  /* Up to 512 bits (64 bytes) of entropy for computing the salt portion
+     of the MCF-setting are supported.  */
+  nrbytes = (nrbytes > 64 ? 64 : nrbytes);
+
   if (o_size < 3 + 1 + 5 * 2 + BASE64_LEN (nrbytes) + 1 ||
       CRYPT_GENSALT_OUTPUT_SIZE < 3 + 1 + 5 * 2 + BASE64_LEN (nrbytes) + 1)
     {
diff --git a/lib/crypt-yescrypt.c b/lib/crypt-yescrypt.c
@@ -106,6 +106,10 @@ gensalt_yescrypt_rn (unsigned long count,
                      const uint8_t *rbytes, size_t nrbytes,
                      uint8_t *output, size_t o_size)
 {
+  /* Up to 512 bits (64 bytes) of entropy for computing the salt portion
+     of the MCF-setting are supported.  */
+  nrbytes = (nrbytes > 64 ? 64 : nrbytes);
+
   if (o_size < 3 + 8 * 6 + 1 + BASE64_LEN (nrbytes) + 1 ||
       CRYPT_GENSALT_OUTPUT_SIZE < 3 + 8 * 6 + 1 + BASE64_LEN (nrbytes) + 1)
     {

Original file line number	Diff line number	Diff line change
`@@ -58,6 +58,10 @@ gensalt_gost_yescrypt_rn (unsigned long count,`
`58`	`58`	`const uint8_t *rbytes, size_t nrbytes,`
`59`	`59`	`uint8_t *output, size_t o_size)`
`60`	`60`	`{`
	`61`	`+ /* Up to 512 bits (64 bytes) of entropy for computing the salt portion`
	`62`	`+ of the MCF-setting are supported. */`
	`63`	`+ nrbytes = (nrbytes > 64 ? 64 : nrbytes);`
	`64`	`+`
`61`	`65`	`if (o_size < 4 + 8 * 6 + BASE64_LEN (nrbytes) + 1 \|\|`
`62`	`66`	`CRYPT_GENSALT_OUTPUT_SIZE < 4 + 8 * 6 + BASE64_LEN (nrbytes) + 1)`
`63`	`67`	`{`
Original file line number	Diff line number	Diff line change
`@@ -165,6 +165,10 @@ gensalt_scrypt_rn (unsigned long count,`
`165`	`165`	`const uint8_t *rbytes, size_t nrbytes,`
`166`	`166`	`uint8_t *output, size_t o_size)`
`167`	`167`	`{`
	`168`	`+ /* Up to 512 bits (64 bytes) of entropy for computing the salt portion`
	`169`	`+ of the MCF-setting are supported. */`
	`170`	`+ nrbytes = (nrbytes > 64 ? 64 : nrbytes);`
	`171`	`+`
`168`	`172`	`if (o_size < 3 + 1 + 5 * 2 + BASE64_LEN (nrbytes) + 1 \|\|`
`169`	`173`	`CRYPT_GENSALT_OUTPUT_SIZE < 3 + 1 + 5 * 2 + BASE64_LEN (nrbytes) + 1)`
`170`	`174`	`{`
Original file line number	Diff line number	Diff line change
`@@ -106,6 +106,10 @@ gensalt_yescrypt_rn (unsigned long count,`
`106`	`106`	`const uint8_t *rbytes, size_t nrbytes,`
`107`	`107`	`uint8_t *output, size_t o_size)`
`108`	`108`	`{`
	`109`	`+ /* Up to 512 bits (64 bytes) of entropy for computing the salt portion`
	`110`	`+ of the MCF-setting are supported. */`
	`111`	`+ nrbytes = (nrbytes > 64 ? 64 : nrbytes);`
	`112`	`+`
`109`	`113`	`if (o_size < 3 + 8 * 6 + 1 + BASE64_LEN (nrbytes) + 1 \|\|`
`110`	`114`	`CRYPT_GENSALT_OUTPUT_SIZE < 3 + 8 * 6 + 1 + BASE64_LEN (nrbytes) + 1)`
`111`	`115`	`{`