mirror of
git://anongit.mindrot.org/openssh.git
synced 2024-12-24 19:02:06 +00:00
sync bcrypt-related files with OpenBSD
The main change is that Niels Provos kindly agreed to rescind the BSD license advertising clause, shifting them to the 3-term BSD license. This was the last thing in OpenSSH that used the advertising clause.
This commit is contained in:
parent
e8976d92a4
commit
158bf854e2
7
LICENCE
7
LICENCE
@ -307,7 +307,7 @@ OpenSSH contains no GPL code.
|
||||
****************************************************************************/
|
||||
|
||||
The Blowfish cipher implementation is licensed by Niels Provis under
|
||||
a 4-clause BSD license:
|
||||
a 3-clause BSD license:
|
||||
|
||||
* Blowfish - a fast block cipher designed by Bruce Schneier
|
||||
*
|
||||
@ -322,10 +322,7 @@ OpenSSH contains no GPL code.
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
* 3. All advertising materials mentioning features or use of this software
|
||||
* must display the following acknowledgement:
|
||||
* This product includes software developed by Niels Provos.
|
||||
* 4. The name of the author may not be used to endorse or promote products
|
||||
* 3. The name of the author may not be used to endorse or promote products
|
||||
* derived from this software without specific prior written permission.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: bcrypt_pbkdf.c,v 1.13 2015/01/12 03:20:04 tedu Exp $ */
|
||||
/* $OpenBSD: bcrypt_pbkdf.c,v 1.16 2020/08/02 18:35:48 tb Exp $ */
|
||||
/*
|
||||
* Copyright (c) 2013 Ted Unangst <tedu@openbsd.org>
|
||||
*
|
||||
@ -48,7 +48,7 @@
|
||||
* function with the following modifications:
|
||||
* 1. The input password and salt are preprocessed with SHA512.
|
||||
* 2. The output length is expanded to 256 bits.
|
||||
* 3. Subsequently the magic string to be encrypted is lengthened and modified
|
||||
* 3. Subsequently the magic string to be encrypted is lengthened and modifed
|
||||
* to "OxychromaticBlowfishSwatDynamite"
|
||||
* 4. The hash function is defined to perform 64 rounds of initial state
|
||||
* expansion. (More rounds are performed by iterating the hash.)
|
||||
@ -69,10 +69,10 @@
|
||||
#define BCRYPT_HASHSIZE (BCRYPT_WORDS * 4)
|
||||
|
||||
static void
|
||||
bcrypt_hash(u_int8_t *sha2pass, u_int8_t *sha2salt, u_int8_t *out)
|
||||
bcrypt_hash(uint8_t *sha2pass, uint8_t *sha2salt, uint8_t *out)
|
||||
{
|
||||
blf_ctx state;
|
||||
u_int8_t ciphertext[BCRYPT_HASHSIZE] =
|
||||
uint8_t ciphertext[BCRYPT_HASHSIZE] =
|
||||
"OxychromaticBlowfishSwatDynamite";
|
||||
uint32_t cdata[BCRYPT_WORDS];
|
||||
int i;
|
||||
@ -93,7 +93,7 @@ bcrypt_hash(u_int8_t *sha2pass, u_int8_t *sha2salt, u_int8_t *out)
|
||||
cdata[i] = Blowfish_stream2word(ciphertext, sizeof(ciphertext),
|
||||
&j);
|
||||
for (i = 0; i < 64; i++)
|
||||
blf_enc(&state, cdata, sizeof(cdata) / (sizeof(uint64_t)));
|
||||
blf_enc(&state, cdata, BCRYPT_WORDS / 2);
|
||||
|
||||
/* copy out */
|
||||
for (i = 0; i < BCRYPT_WORDS; i++) {
|
||||
@ -110,40 +110,36 @@ bcrypt_hash(u_int8_t *sha2pass, u_int8_t *sha2salt, u_int8_t *out)
|
||||
}
|
||||
|
||||
int
|
||||
bcrypt_pbkdf(const char *pass, size_t passlen, const u_int8_t *salt, size_t saltlen,
|
||||
u_int8_t *key, size_t keylen, unsigned int rounds)
|
||||
bcrypt_pbkdf(const char *pass, size_t passlen, const uint8_t *salt, size_t saltlen,
|
||||
uint8_t *key, size_t keylen, unsigned int rounds)
|
||||
{
|
||||
u_int8_t sha2pass[SHA512_DIGEST_LENGTH];
|
||||
u_int8_t sha2salt[SHA512_DIGEST_LENGTH];
|
||||
u_int8_t out[BCRYPT_HASHSIZE];
|
||||
u_int8_t tmpout[BCRYPT_HASHSIZE];
|
||||
u_int8_t *countsalt;
|
||||
uint8_t sha2pass[SHA512_DIGEST_LENGTH];
|
||||
uint8_t sha2salt[SHA512_DIGEST_LENGTH];
|
||||
uint8_t out[BCRYPT_HASHSIZE];
|
||||
uint8_t tmpout[BCRYPT_HASHSIZE];
|
||||
uint8_t countsalt[4];
|
||||
size_t i, j, amt, stride;
|
||||
uint32_t count;
|
||||
size_t origkeylen = keylen;
|
||||
|
||||
/* nothing crazy */
|
||||
if (rounds < 1)
|
||||
return -1;
|
||||
goto bad;
|
||||
if (passlen == 0 || saltlen == 0 || keylen == 0 ||
|
||||
keylen > sizeof(out) * sizeof(out) || saltlen > 1<<20)
|
||||
return -1;
|
||||
if ((countsalt = calloc(1, saltlen + 4)) == NULL)
|
||||
return -1;
|
||||
keylen > sizeof(out) * sizeof(out))
|
||||
goto bad;
|
||||
stride = (keylen + sizeof(out) - 1) / sizeof(out);
|
||||
amt = (keylen + stride - 1) / stride;
|
||||
|
||||
memcpy(countsalt, salt, saltlen);
|
||||
|
||||
/* collapse password */
|
||||
crypto_hash_sha512(sha2pass, pass, passlen);
|
||||
|
||||
/* generate key, sizeof(out) at a time */
|
||||
for (count = 1; keylen > 0; count++) {
|
||||
countsalt[saltlen + 0] = (count >> 24) & 0xff;
|
||||
countsalt[saltlen + 1] = (count >> 16) & 0xff;
|
||||
countsalt[saltlen + 2] = (count >> 8) & 0xff;
|
||||
countsalt[saltlen + 3] = count & 0xff;
|
||||
countsalt[0] = (count >> 24) & 0xff;
|
||||
countsalt[1] = (count >> 16) & 0xff;
|
||||
countsalt[2] = (count >> 8) & 0xff;
|
||||
countsalt[3] = count & 0xff;
|
||||
|
||||
/* first round, salt is salt */
|
||||
crypto_hash_sha512(sha2salt, countsalt, saltlen + 4);
|
||||
@ -174,8 +170,13 @@ bcrypt_pbkdf(const char *pass, size_t passlen, const u_int8_t *salt, size_t salt
|
||||
|
||||
/* zap */
|
||||
explicit_bzero(out, sizeof(out));
|
||||
free(countsalt);
|
||||
explicit_bzero(tmpout, sizeof(tmpout));
|
||||
|
||||
return 0;
|
||||
|
||||
bad:
|
||||
/* overwrite with random in case caller doesn't check return code */
|
||||
arc4random_buf(key, keylen);
|
||||
return -1;
|
||||
}
|
||||
#endif /* HAVE_BCRYPT_PBKDF */
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: blf.h,v 1.7 2007/03/14 17:59:41 grunk Exp $ */
|
||||
/* $OpenBSD: blf.h,v 1.8 2021/11/29 01:04:45 djm Exp $ */
|
||||
/*
|
||||
* Blowfish - a fast block cipher designed by Bruce Schneier
|
||||
*
|
||||
@ -13,10 +13,7 @@
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
* 3. All advertising materials mentioning features or use of this software
|
||||
* must display the following acknowledgement:
|
||||
* This product includes software developed by Niels Provos.
|
||||
* 4. The name of the author may not be used to endorse or promote products
|
||||
* 3. The name of the author may not be used to endorse or promote products
|
||||
* derived from this software without specific prior written permission.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: blowfish.c,v 1.18 2004/11/02 17:23:26 hshoexer Exp $ */
|
||||
/* $OpenBSD: blowfish.c,v 1.20 2021/11/29 01:04:45 djm Exp $ */
|
||||
/*
|
||||
* Blowfish block cipher for OpenBSD
|
||||
* Copyright 1997 Niels Provos <provos@physnet.uni-hamburg.de>
|
||||
@ -14,10 +14,7 @@
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
* 3. All advertising materials mentioning features or use of this software
|
||||
* must display the following acknowledgement:
|
||||
* This product includes software developed by Niels Provos.
|
||||
* 4. The name of the author may not be used to endorse or promote products
|
||||
* 3. The name of the author may not be used to endorse or promote products
|
||||
* derived from this software without specific prior written permission.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
|
||||
|
@ -315,8 +315,8 @@ int timingsafe_bcmp(const void *, const void *, size_t);
|
||||
#endif
|
||||
|
||||
#ifndef HAVE_BCRYPT_PBKDF
|
||||
int bcrypt_pbkdf(const char *, size_t, const u_int8_t *, size_t,
|
||||
u_int8_t *, size_t, unsigned int);
|
||||
int bcrypt_pbkdf(const char *, size_t, const uint8_t *, size_t,
|
||||
uint8_t *, size_t, unsigned int);
|
||||
#endif
|
||||
|
||||
#ifndef HAVE_EXPLICIT_BZERO
|
||||
|
Loading…
Reference in New Issue
Block a user