lib/libssh
1
0
Fork 0
mirror of https://git.libssh.org/projects/libssh.git synced 2025-06-05 01:42:10 +03:00
Code

Don't allocate ssh_blf_ctx from stack in bcrypt_pbkdf

Browse Source 
to reduce the stack size requirement

Signed-off-by: Xiang Xiao <xiaoxiang@xiaomi.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Change-Id: I6a91250524786af3358b0fd0f05ba8e45f76d278
This commit is contained in:
Xiang Xiao 2021-05-11 15:50:38 +08:00 committed by Andreas Schneider
parent ef02e524df
commit c027585a50
1 changed files with 18 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
src/external/bcrypt_pbkdf.c vendored
View File

@ -63,9 +63,8 @@
#define BCRYPT_HASHSIZE (BCRYPT_BLOCKS * 4) #define BCRYPT_HASHSIZE (BCRYPT_BLOCKS * 4)
static void static void
bcrypt_hash(uint8_t *sha2pass, uint8_t *sha2salt, uint8_t *out) bcrypt_hash(ssh_blf_ctx *state, uint8_t *sha2pass, uint8_t *sha2salt, uint8_t *out)
{ {
ssh_blf_ctx state;
uint8_t ciphertext[BCRYPT_HASHSIZE] = uint8_t ciphertext[BCRYPT_HASHSIZE] =
"OxychromaticBlowfishSwatDynamite"; "OxychromaticBlowfishSwatDynamite";
uint32_t cdata[BCRYPT_BLOCKS]; uint32_t cdata[BCRYPT_BLOCKS];
@ -74,11 +73,11 @@ bcrypt_hash(uint8_t *sha2pass, uint8_t *sha2salt, uint8_t *out)
uint16_t shalen = SHA512_DIGEST_LENGTH; uint16_t shalen = SHA512_DIGEST_LENGTH;
/* key expansion */ /* key expansion */
Blowfish_initstate(&state); Blowfish_initstate(state);
Blowfish_expandstate(&state, sha2salt, shalen, sha2pass, shalen); Blowfish_expandstate(state, sha2salt, shalen, sha2pass, shalen);
for (i = 0; i < 64; i++) { for (i = 0; i < 64; i++) {
Blowfish_expand0state(&state, sha2salt, shalen); Blowfish_expand0state(state, sha2salt, shalen);
Blowfish_expand0state(&state, sha2pass, shalen); Blowfish_expand0state(state, sha2pass, shalen);
} }
/* encryption */ /* encryption */
@ -87,7 +86,7 @@ bcrypt_hash(uint8_t *sha2pass, uint8_t *sha2salt, uint8_t *out)
cdata[i] = Blowfish_stream2word(ciphertext, sizeof(ciphertext), cdata[i] = Blowfish_stream2word(ciphertext, sizeof(ciphertext),
&j); &j);
for (i = 0; i < 64; i++) for (i = 0; i < 64; i++)
ssh_blf_enc(&state, cdata, BCRYPT_BLOCKS/2); ssh_blf_enc(state, cdata, BCRYPT_BLOCKS/2);
/* copy out */ /* copy out */
for (i = 0; i < BCRYPT_BLOCKS; i++) { for (i = 0; i < BCRYPT_BLOCKS; i++) {
@ -100,7 +99,6 @@ bcrypt_hash(uint8_t *sha2pass, uint8_t *sha2salt, uint8_t *out)
/* zap */ /* zap */
explicit_bzero(ciphertext, sizeof(ciphertext)); explicit_bzero(ciphertext, sizeof(ciphertext));
explicit_bzero(cdata, sizeof(cdata)); explicit_bzero(cdata, sizeof(cdata));
ZERO_STRUCT(state);
} }
int int
@ -115,6 +113,7 @@ bcrypt_pbkdf(const char *pass, size_t passlen, const uint8_t *salt, size_t saltl
size_t i, j, amt, stride; size_t i, j, amt, stride;
uint32_t count; uint32_t count;
size_t origkeylen = keylen; size_t origkeylen = keylen;
ssh_blf_ctx *state;
SHA512CTX ctx; SHA512CTX ctx;
/* nothing crazy */ /* nothing crazy */
@ -130,6 +129,12 @@ bcrypt_pbkdf(const char *pass, size_t passlen, const uint8_t *salt, size_t saltl
memcpy(countsalt, salt, saltlen); memcpy(countsalt, salt, saltlen);
state = malloc(sizeof(*state));
if (state == NULL) {
free(countsalt);
return -1;
}
/* collapse password */ /* collapse password */
ctx = sha512_init(); ctx = sha512_init();
sha512_update(ctx, pass, passlen); sha512_update(ctx, pass, passlen);
@ -147,7 +152,7 @@ bcrypt_pbkdf(const char *pass, size_t passlen, const uint8_t *salt, size_t saltl
sha512_update(ctx, countsalt, saltlen + 4); sha512_update(ctx, countsalt, saltlen + 4);
sha512_final(sha2salt, ctx); sha512_final(sha2salt, ctx);
bcrypt_hash(sha2pass, sha2salt, tmpout); bcrypt_hash(state, sha2pass, sha2salt, tmpout);
memcpy(out, tmpout, sizeof(out)); memcpy(out, tmpout, sizeof(out));
for (i = 1; i < rounds; i++) { for (i = 1; i < rounds; i++) {
@ -155,7 +160,7 @@ bcrypt_pbkdf(const char *pass, size_t passlen, const uint8_t *salt, size_t saltl
ctx = sha512_init(); ctx = sha512_init();
sha512_update(ctx, tmpout, sizeof(tmpout)); sha512_update(ctx, tmpout, sizeof(tmpout));
sha512_final(sha2salt, ctx); sha512_final(sha2salt, ctx);
bcrypt_hash(sha2pass, sha2salt, tmpout); bcrypt_hash(state, sha2pass, sha2salt, tmpout);
for (j = 0; j < sizeof(out); j++) for (j = 0; j < sizeof(out); j++)
out[j] ^= tmpout[j]; out[j] ^= tmpout[j];
} }
@ -176,6 +181,9 @@ bcrypt_pbkdf(const char *pass, size_t passlen, const uint8_t *salt, size_t saltl
/* zap */ /* zap */
explicit_bzero(out, sizeof(out)); explicit_bzero(out, sizeof(out));
explicit_bzero(state, sizeof(*state));
free(state);
free(countsalt); free(countsalt);
return 0; return 0;