Don't bother verifying hashes whose length is >= crypto_pwhash_STRBYTES

This commit is contained in:
Frank Denis 2017-09-06 20:26:36 +02:00
parent 7cc4825231
commit e8828eef79

View File

@ -9,6 +9,7 @@
#include "argon2-core.h" #include "argon2-core.h"
#include "argon2-encoding.h" #include "argon2-encoding.h"
#include "argon2.h" #include "argon2.h"
#include "crypto_pwhash.h"
#include "crypto_pwhash_argon2i.h" #include "crypto_pwhash_argon2i.h"
#include "crypto_pwhash_argon2id.h" #include "crypto_pwhash_argon2id.h"
#include "randombytes.h" #include "randombytes.h"
@ -216,22 +217,22 @@ crypto_pwhash_argon2i_str_verify(const char str[crypto_pwhash_argon2i_STRBYTES],
} }
static int static int
crypto_pwhash_argon2_str_needs_rehash(const char *str, _needs_rehash(const char *str, unsigned long long opslimit, size_t memlimit,
unsigned long long opslimit, int type)
size_t memlimit, int type)
{ {
unsigned char *fodder; unsigned char *fodder;
argon2_context ctx; argon2_context ctx;
size_t fodder_len; size_t fodder_len;
int ret = -1; int ret = -1;
fodder_len = strlen(str);
memlimit /= 1024U; memlimit /= 1024U;
if (opslimit > UINT32_MAX || memlimit > UINT32_MAX) { if (opslimit > UINT32_MAX || memlimit > UINT32_MAX ||
fodder_len >= crypto_pwhash_STRBYTES) {
errno = EINVAL; errno = EINVAL;
return -1; return -1;
} }
memset(&ctx, 0, sizeof ctx); memset(&ctx, 0, sizeof ctx);
fodder_len = strlen(str);
if ((fodder = (unsigned char *) calloc(fodder_len, 1U)) == NULL) { if ((fodder = (unsigned char *) calloc(fodder_len, 1U)) == NULL) {
return -1; return -1;
} }
@ -257,12 +258,12 @@ int
crypto_pwhash_argon2i_str_needs_rehash(const char str[crypto_pwhash_argon2i_STRBYTES], crypto_pwhash_argon2i_str_needs_rehash(const char str[crypto_pwhash_argon2i_STRBYTES],
unsigned long long opslimit, size_t memlimit) unsigned long long opslimit, size_t memlimit)
{ {
return crypto_pwhash_argon2_str_needs_rehash(str, opslimit, memlimit, Argon2_i); return _needs_rehash(str, opslimit, memlimit, Argon2_i);
} }
int int
crypto_pwhash_argon2id_str_needs_rehash(const char str[crypto_pwhash_argon2id_STRBYTES], crypto_pwhash_argon2id_str_needs_rehash(const char str[crypto_pwhash_argon2id_STRBYTES],
unsigned long long opslimit, size_t memlimit) unsigned long long opslimit, size_t memlimit)
{ {
return crypto_pwhash_argon2_str_needs_rehash(str, opslimit, memlimit, Argon2_id); return _needs_rehash(str, opslimit, memlimit, Argon2_id);
} }