diff --git a/LICENCE b/LICENCE index 173561904..e15d4f77f 100644 --- a/LICENCE +++ b/LICENCE @@ -307,7 +307,7 @@ OpenSSH contains no GPL code. ****************************************************************************/ The Blowfish cipher implementation is licensed by Niels Provis under - a 4-clause BSD license: + a 3-clause BSD license: * Blowfish - a fast block cipher designed by Bruce Schneier * @@ -322,10 +322,7 @@ OpenSSH contains no GPL code. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by Niels Provos. - * 4. The name of the author may not be used to endorse or promote products + * 3. The name of the author may not be used to endorse or promote products * derived from this software without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR diff --git a/openbsd-compat/bcrypt_pbkdf.c b/openbsd-compat/bcrypt_pbkdf.c index 62728d38f..021652312 100644 --- a/openbsd-compat/bcrypt_pbkdf.c +++ b/openbsd-compat/bcrypt_pbkdf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: bcrypt_pbkdf.c,v 1.13 2015/01/12 03:20:04 tedu Exp $ */ +/* $OpenBSD: bcrypt_pbkdf.c,v 1.16 2020/08/02 18:35:48 tb Exp $ */ /* * Copyright (c) 2013 Ted Unangst * @@ -48,7 +48,7 @@ * function with the following modifications: * 1. The input password and salt are preprocessed with SHA512. * 2. The output length is expanded to 256 bits. - * 3. Subsequently the magic string to be encrypted is lengthened and modified + * 3. Subsequently the magic string to be encrypted is lengthened and modifed * to "OxychromaticBlowfishSwatDynamite" * 4. The hash function is defined to perform 64 rounds of initial state * expansion. (More rounds are performed by iterating the hash.) @@ -69,10 +69,10 @@ #define BCRYPT_HASHSIZE (BCRYPT_WORDS * 4) static void -bcrypt_hash(u_int8_t *sha2pass, u_int8_t *sha2salt, u_int8_t *out) +bcrypt_hash(uint8_t *sha2pass, uint8_t *sha2salt, uint8_t *out) { blf_ctx state; - u_int8_t ciphertext[BCRYPT_HASHSIZE] = + uint8_t ciphertext[BCRYPT_HASHSIZE] = "OxychromaticBlowfishSwatDynamite"; uint32_t cdata[BCRYPT_WORDS]; int i; @@ -93,7 +93,7 @@ bcrypt_hash(u_int8_t *sha2pass, u_int8_t *sha2salt, u_int8_t *out) cdata[i] = Blowfish_stream2word(ciphertext, sizeof(ciphertext), &j); for (i = 0; i < 64; i++) - blf_enc(&state, cdata, sizeof(cdata) / (sizeof(uint64_t))); + blf_enc(&state, cdata, BCRYPT_WORDS / 2); /* copy out */ for (i = 0; i < BCRYPT_WORDS; i++) { @@ -110,40 +110,36 @@ bcrypt_hash(u_int8_t *sha2pass, u_int8_t *sha2salt, u_int8_t *out) } int -bcrypt_pbkdf(const char *pass, size_t passlen, const u_int8_t *salt, size_t saltlen, - u_int8_t *key, size_t keylen, unsigned int rounds) +bcrypt_pbkdf(const char *pass, size_t passlen, const uint8_t *salt, size_t saltlen, + uint8_t *key, size_t keylen, unsigned int rounds) { - u_int8_t sha2pass[SHA512_DIGEST_LENGTH]; - u_int8_t sha2salt[SHA512_DIGEST_LENGTH]; - u_int8_t out[BCRYPT_HASHSIZE]; - u_int8_t tmpout[BCRYPT_HASHSIZE]; - u_int8_t *countsalt; + uint8_t sha2pass[SHA512_DIGEST_LENGTH]; + uint8_t sha2salt[SHA512_DIGEST_LENGTH]; + uint8_t out[BCRYPT_HASHSIZE]; + uint8_t tmpout[BCRYPT_HASHSIZE]; + uint8_t countsalt[4]; size_t i, j, amt, stride; uint32_t count; size_t origkeylen = keylen; /* nothing crazy */ if (rounds < 1) - return -1; + goto bad; if (passlen == 0 || saltlen == 0 || keylen == 0 || - keylen > sizeof(out) * sizeof(out) || saltlen > 1<<20) - return -1; - if ((countsalt = calloc(1, saltlen + 4)) == NULL) - return -1; + keylen > sizeof(out) * sizeof(out)) + goto bad; stride = (keylen + sizeof(out) - 1) / sizeof(out); amt = (keylen + stride - 1) / stride; - memcpy(countsalt, salt, saltlen); - /* collapse password */ crypto_hash_sha512(sha2pass, pass, passlen); /* generate key, sizeof(out) at a time */ for (count = 1; keylen > 0; count++) { - countsalt[saltlen + 0] = (count >> 24) & 0xff; - countsalt[saltlen + 1] = (count >> 16) & 0xff; - countsalt[saltlen + 2] = (count >> 8) & 0xff; - countsalt[saltlen + 3] = count & 0xff; + countsalt[0] = (count >> 24) & 0xff; + countsalt[1] = (count >> 16) & 0xff; + countsalt[2] = (count >> 8) & 0xff; + countsalt[3] = count & 0xff; /* first round, salt is salt */ crypto_hash_sha512(sha2salt, countsalt, saltlen + 4); @@ -174,8 +170,13 @@ bcrypt_pbkdf(const char *pass, size_t passlen, const u_int8_t *salt, size_t salt /* zap */ explicit_bzero(out, sizeof(out)); - free(countsalt); + explicit_bzero(tmpout, sizeof(tmpout)); return 0; + +bad: + /* overwrite with random in case caller doesn't check return code */ + arc4random_buf(key, keylen); + return -1; } #endif /* HAVE_BCRYPT_PBKDF */ diff --git a/openbsd-compat/blf.h b/openbsd-compat/blf.h index f1ac5a5c2..5b8a73e55 100644 --- a/openbsd-compat/blf.h +++ b/openbsd-compat/blf.h @@ -1,4 +1,4 @@ -/* $OpenBSD: blf.h,v 1.7 2007/03/14 17:59:41 grunk Exp $ */ +/* $OpenBSD: blf.h,v 1.8 2021/11/29 01:04:45 djm Exp $ */ /* * Blowfish - a fast block cipher designed by Bruce Schneier * @@ -13,10 +13,7 @@ * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by Niels Provos. - * 4. The name of the author may not be used to endorse or promote products + * 3. The name of the author may not be used to endorse or promote products * derived from this software without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR diff --git a/openbsd-compat/blowfish.c b/openbsd-compat/blowfish.c index e10f7e7d9..bfeba47c0 100644 --- a/openbsd-compat/blowfish.c +++ b/openbsd-compat/blowfish.c @@ -1,4 +1,4 @@ -/* $OpenBSD: blowfish.c,v 1.18 2004/11/02 17:23:26 hshoexer Exp $ */ +/* $OpenBSD: blowfish.c,v 1.20 2021/11/29 01:04:45 djm Exp $ */ /* * Blowfish block cipher for OpenBSD * Copyright 1997 Niels Provos @@ -14,10 +14,7 @@ * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by Niels Provos. - * 4. The name of the author may not be used to endorse or promote products + * 3. The name of the author may not be used to endorse or promote products * derived from this software without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR diff --git a/openbsd-compat/openbsd-compat.h b/openbsd-compat/openbsd-compat.h index a7209ceb2..c202e1429 100644 --- a/openbsd-compat/openbsd-compat.h +++ b/openbsd-compat/openbsd-compat.h @@ -315,8 +315,8 @@ int timingsafe_bcmp(const void *, const void *, size_t); #endif #ifndef HAVE_BCRYPT_PBKDF -int bcrypt_pbkdf(const char *, size_t, const u_int8_t *, size_t, - u_int8_t *, size_t, unsigned int); +int bcrypt_pbkdf(const char *, size_t, const uint8_t *, size_t, + uint8_t *, size_t, unsigned int); #endif #ifndef HAVE_EXPLICIT_BZERO