Big thanks to Solar Designer who pointed out a bug in bcrypt

salt generation code. He also urged using better random source and making possible to choose using bcrypt and xdes rounds more easily. So, here's patch: * For all salt generation, use Solar Designer's own code. This is mostly due fact that his code is more fit for get_random_bytes() style interface. * New function: gen_salt(type, rounds). This lets specify iteration count for algorithm. * random.c: px_get_random_bytes() function. Supported randomness soure: /dev/urandom, OpenSSL PRNG, libc random() Default: /dev/urandom. * Draft description of C API for pgcrypto functions. New files: API, crypt-gensalt.c, random.c Marko Kreen
2025-07-28 23:42:10 +03:00 · 2001-09-23 04:12:44 +00:00
parent b75814aee3
commit ab56022864
13 changed files with 627 additions and 134 deletions
--- a/contrib/pgcrypto/crypt-blowfish.c
+++ b/contrib/pgcrypto/crypt-blowfish.c
@ -705,28 +705,3 @@ char *_crypt_blowfish_rn(__CONST char *key, __CONST char *setting,
 	return output;
 }

-char *_crypt_gensalt_blowfish_rn(unsigned long count,
-	__CONST char *input, int size, char *output, int output_size)
-{
-	if (size < 16 || output_size < 7 + 22 + 1 ||
-	    (count && (count < 4 || count > 31))) {
-		if (output_size > 0) output[0] = '\0';
-		__set_errno((output_size < 7 + 22 + 1) ? ERANGE : EINVAL);
-		return NULL;
-	}
-
-	if (!count) count = 5;
-
-	output[0] = '$';
-	output[1] = '2';
-	output[2] = 'a';
-	output[3] = '$';
-	output[4] = '0' + count / 10;
-	output[5] = '0' + count % 10;
-	output[6] = '$';
-
-	BF_encode(&output[7], (BF_word *)input, 16);
-	output[7 + 22] = '\0';
-
-	return output;
-}