kevin/libsodium
1
Fork 0
mirror of https://github.com/jedisct1/libsodium.git synced 2024-12-20 02:25:14 -07:00
Code Releases Wiki Activity

Relax max sizes in argon2 decoding

Browse Source
This commit is contained in:
Frank Denis 2016-01-22 15:59:54 +01:00
parent 17248540e3
commit a814810a43
2 changed files with 6 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
src/libsodium/crypto_pwhash/argon2/argon2.c
View File

@ -177,13 +177,15 @@ int argon2_verify(const char *encoded, const void *pwd, const size_t pwdlen,
argon2_context ctx;
uint8_t *out;
int ret;
uint32_t encoded_len;
memset(&ctx, 0, sizeof ctx);
/* max values, to be updated in decode_string */
ctx.adlen = 512;
ctx.saltlen = 512;
ctx.outlen = 512;
encoded_len = strlen(encoded);
ctx.adlen = encoded_len;
ctx.saltlen = encoded_len;
ctx.outlen = encoded_len;
ctx.ad = (uint8_t *) malloc(ctx.adlen);
ctx.salt = (uint8_t *) malloc(ctx.saltlen);

1
src/libsodium/crypto_pwhash/argon2/argon2.h
View File

@ -240,6 +240,7 @@ int argon2_hash(const uint32_t t_cost, const uint32_t m_cost,
/**
* Verifies a password against an encoded string
* Encoded string is restricted as in validate_inputs()
* @param encoded String encoding parameters, salt, hash
* @param pwd Pointer to password
* @pre Returns ARGON2_OK if successful