1
mirror of https://github.com/jedisct1/libsodium.git synced 2025-01-01 22:52:52 -07:00

Relax max sizes in argon2 decoding

This commit is contained in:
Frank Denis 2016-01-22 15:59:54 +01:00
parent 17248540e3
commit a814810a43
2 changed files with 6 additions and 3 deletions
src/libsodium/crypto_pwhash/argon2

View File

@ -177,13 +177,15 @@ int argon2_verify(const char *encoded, const void *pwd, const size_t pwdlen,
argon2_context ctx; argon2_context ctx;
uint8_t *out; uint8_t *out;
int ret; int ret;
uint32_t encoded_len;
memset(&ctx, 0, sizeof ctx); memset(&ctx, 0, sizeof ctx);
/* max values, to be updated in decode_string */ /* max values, to be updated in decode_string */
ctx.adlen = 512; encoded_len = strlen(encoded);
ctx.saltlen = 512; ctx.adlen = encoded_len;
ctx.outlen = 512; ctx.saltlen = encoded_len;
ctx.outlen = encoded_len;
ctx.ad = (uint8_t *) malloc(ctx.adlen); ctx.ad = (uint8_t *) malloc(ctx.adlen);
ctx.salt = (uint8_t *) malloc(ctx.saltlen); ctx.salt = (uint8_t *) malloc(ctx.saltlen);

View File

@ -240,6 +240,7 @@ int argon2_hash(const uint32_t t_cost, const uint32_t m_cost,
/** /**
* Verifies a password against an encoded string * Verifies a password against an encoded string
* Encoded string is restricted as in validate_inputs()
* @param encoded String encoding parameters, salt, hash * @param encoded String encoding parameters, salt, hash
* @param pwd Pointer to password * @param pwd Pointer to password
* @pre Returns ARGON2_OK if successful * @pre Returns ARGON2_OK if successful