px-crypt.h File Reference

This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Macros
#define	PX_MAX_CRYPT   128
#define	PX_MAX_SALT_LEN   128
#define	PX_XDES_ROUNDS   (29 * 25)
#define	PX_BF_ROUNDS   6
#define	PX_SHACRYPT_SALT_MAX_LEN   16
#define	PX_SHACRYPT_DIGEST_MAX_LEN   64
#define	PX_SHACRYPT_SALT_BUF_LEN   (3 + 7 + 10 + PX_SHACRYPT_SALT_MAX_LEN + 1)
#define	PX_SHACRYPT_BUF_LEN   (PX_SHACRYPT_SALT_BUF_LEN + 86 + 1)
#define	PX_SHACRYPT_ROUNDS_DEFAULT   5000
#define	PX_SHACRYPT_ROUNDS_MIN   1000
#define	PX_SHACRYPT_ROUNDS_MAX   999999999

Functions
char *	px_crypt (const char *psw, const char *salt, char *buf, unsigned len)
int	px_gen_salt (const char *salt_type, char *buf, int rounds)
char *	_crypt_gensalt_traditional_rn (unsigned long count, const char *input, int size, char *output, int output_size)
char *	_crypt_gensalt_extended_rn (unsigned long count, const char *input, int size, char *output, int output_size)
char *	_crypt_gensalt_md5_rn (unsigned long count, const char *input, int size, char *output, int output_size)
char *	_crypt_gensalt_blowfish_rn (unsigned long count, const char *input, int size, char *output, int output_size)
char *	_crypt_gensalt_sha256_rn (unsigned long count, const char *input, int size, char *output, int output_size)
char *	_crypt_gensalt_sha512_rn (unsigned long count, const char *input, int size, char *output, int output_size)
char *	_crypt_blowfish_rn (const char *key, const char *setting, char *output, int size)
char *	px_crypt_des (const char *key, const char *setting)
char *	px_crypt_md5 (const char *pw, const char *salt, char *passwd, unsigned dstlen)
char *	px_crypt_shacrypt (const char *pw, const char *salt, char *passwd, unsigned dstlen)

Macro Definition Documentation

PX_BF_ROUNDS

#define PX_BF_ROUNDS   6

Definition at line 46 of file px-crypt.h.

PX_MAX_CRYPT

#define PX_MAX_CRYPT   128

Definition at line 36 of file px-crypt.h.

PX_MAX_SALT_LEN

#define PX_MAX_SALT_LEN   128

Definition at line 39 of file px-crypt.h.

PX_SHACRYPT_BUF_LEN

#define PX_SHACRYPT_BUF_LEN   (PX_SHACRYPT_SALT_BUF_LEN + 86 + 1)

Definition at line 61 of file px-crypt.h.

PX_SHACRYPT_DIGEST_MAX_LEN

#define PX_SHACRYPT_DIGEST_MAX_LEN   64

Definition at line 52 of file px-crypt.h.

PX_SHACRYPT_ROUNDS_DEFAULT

#define PX_SHACRYPT_ROUNDS_DEFAULT   5000

Definition at line 64 of file px-crypt.h.

PX_SHACRYPT_ROUNDS_MAX

#define PX_SHACRYPT_ROUNDS_MAX   999999999

Definition at line 70 of file px-crypt.h.

PX_SHACRYPT_ROUNDS_MIN

#define PX_SHACRYPT_ROUNDS_MIN   1000

Definition at line 67 of file px-crypt.h.

PX_SHACRYPT_SALT_BUF_LEN

#define PX_SHACRYPT_SALT_BUF_LEN   (3 + 7 + 10 + PX_SHACRYPT_SALT_MAX_LEN + 1)

Definition at line 55 of file px-crypt.h.

PX_SHACRYPT_SALT_MAX_LEN

#define PX_SHACRYPT_SALT_MAX_LEN   16

Definition at line 49 of file px-crypt.h.

PX_XDES_ROUNDS

#define PX_XDES_ROUNDS   (29 * 25)

Definition at line 43 of file px-crypt.h.

Function Documentation

_crypt_blowfish_rn()

char * _crypt_blowfish_rn	(	const char *	key,
		const char *	setting,
		char *	output,
		int	size
	)

Definition at line 582 of file crypt-blowfish.c.

{
    struct
    {
        BF_ctx      ctx;
        BF_key      expanded_key;
        union
        {
            BF_word     salt[4];
            BF_word     output[6];
        }           binary;
    }           data;
    BF_word     L,
                R;
    BF_word     tmp1,
                tmp2,
                tmp3,
                tmp4;
    BF_word    *ptr;
    BF_word     count;
    int         i;
 
    if (size < 7 + 22 + 31 + 1)
        return NULL;
 
    /*
     * Blowfish salt value must be formatted as follows: "$2a$" or "$2x$", a
     * two digit cost parameter, "$", and 22 digits from the alphabet
     * "./0-9A-Za-z". -- from the PHP crypt docs. Apparently we enforce a few
     * more restrictions on the count in the salt as well.
     */
    if (strlen(setting) < 29)
        ereport(ERROR,
                (errcode(ERRCODE_INVALID_PARAMETER_VALUE),
                 errmsg("invalid salt")));
 
    if (setting[0] != '$' ||
        setting[1] != '2' ||
        (setting[2] != 'a' && setting[2] != 'x') ||
        setting[3] != '$' ||
        setting[4] < '0' || setting[4] > '3' ||
        setting[5] < '0' || setting[5] > '9' ||
        (setting[4] == '3' && setting[5] > '1') ||
        setting[6] != '$')
    {
        ereport(ERROR,
                (errcode(ERRCODE_INVALID_PARAMETER_VALUE),
                 errmsg("invalid salt")));
    }
 
    count = (BF_word) 1 << ((setting[4] - '0') * 10 + (setting[5] - '0'));
    if (count < 16 || BF_decode(data.binary.salt, &setting[7], 16))
    {
        px_memset(data.binary.salt, 0, sizeof(data.binary.salt));
        ereport(ERROR,
                (errcode(ERRCODE_INVALID_PARAMETER_VALUE),
                 errmsg("invalid salt")));
    }
    BF_swap(data.binary.salt, 4);
 
    BF_set_key(key, data.expanded_key, data.ctx.P, setting[2] == 'x');
 
    memcpy(data.ctx.S, BF_init_state.S, sizeof(data.ctx.S));
 
    L = R = 0;
    for (i = 0; i < BF_N + 2; i += 2)
    {
        L ^= data.binary.salt[i & 2];
        R ^= data.binary.salt[(i & 2) + 1];
        BF_ENCRYPT;
        data.ctx.P[i] = L;
        data.ctx.P[i + 1] = R;
    }
 
    ptr = data.ctx.S[0];
    do
    {
        ptr += 4;
        L ^= data.binary.salt[(BF_N + 2) & 3];
        R ^= data.binary.salt[(BF_N + 3) & 3];
        BF_ENCRYPT;
        *(ptr - 4) = L;
        *(ptr - 3) = R;
 
        L ^= data.binary.salt[(BF_N + 4) & 3];
        R ^= data.binary.salt[(BF_N + 5) & 3];
        BF_ENCRYPT;
        *(ptr - 2) = L;
        *(ptr - 1) = R;
    } while (ptr < &data.ctx.S[3][0xFF]);
 
    do
    {
        CHECK_FOR_INTERRUPTS();
 
        data.ctx.P[0] ^= data.expanded_key[0];
        data.ctx.P[1] ^= data.expanded_key[1];
        data.ctx.P[2] ^= data.expanded_key[2];
        data.ctx.P[3] ^= data.expanded_key[3];
        data.ctx.P[4] ^= data.expanded_key[4];
        data.ctx.P[5] ^= data.expanded_key[5];
        data.ctx.P[6] ^= data.expanded_key[6];
        data.ctx.P[7] ^= data.expanded_key[7];
        data.ctx.P[8] ^= data.expanded_key[8];
        data.ctx.P[9] ^= data.expanded_key[9];
        data.ctx.P[10] ^= data.expanded_key[10];
        data.ctx.P[11] ^= data.expanded_key[11];
        data.ctx.P[12] ^= data.expanded_key[12];
        data.ctx.P[13] ^= data.expanded_key[13];
        data.ctx.P[14] ^= data.expanded_key[14];
        data.ctx.P[15] ^= data.expanded_key[15];
        data.ctx.P[16] ^= data.expanded_key[16];
        data.ctx.P[17] ^= data.expanded_key[17];
 
        BF_body();
 
        tmp1 = data.binary.salt[0];
        tmp2 = data.binary.salt[1];
        tmp3 = data.binary.salt[2];
        tmp4 = data.binary.salt[3];
        data.ctx.P[0] ^= tmp1;
        data.ctx.P[1] ^= tmp2;
        data.ctx.P[2] ^= tmp3;
        data.ctx.P[3] ^= tmp4;
        data.ctx.P[4] ^= tmp1;
        data.ctx.P[5] ^= tmp2;
        data.ctx.P[6] ^= tmp3;
        data.ctx.P[7] ^= tmp4;
        data.ctx.P[8] ^= tmp1;
        data.ctx.P[9] ^= tmp2;
        data.ctx.P[10] ^= tmp3;
        data.ctx.P[11] ^= tmp4;
        data.ctx.P[12] ^= tmp1;
        data.ctx.P[13] ^= tmp2;
        data.ctx.P[14] ^= tmp3;
        data.ctx.P[15] ^= tmp4;
        data.ctx.P[16] ^= tmp1;
        data.ctx.P[17] ^= tmp2;
 
        BF_body();
    } while (--count);
 
    for (i = 0; i < 6; i += 2)
    {
        L = BF_magic_w[i];
        R = BF_magic_w[i + 1];
 
        count = 64;
        do
        {
            BF_ENCRYPT;
        } while (--count);
 
        data.binary.output[i] = L;
        data.binary.output[i + 1] = R;
    }
 
    memcpy(output, setting, 7 + 22 - 1);
    output[7 + 22 - 1] = BF_itoa64[(int)
                                   BF_atoi64[(int) setting[7 + 22 - 1] - 0x20] & 0x30];
 
/* This has to be bug-compatible with the original implementation, so
 * only encode 23 of the 24 bytes. :-) */
    BF_swap(data.binary.output, 6);
    BF_encode(&output[7 + 22], data.binary.output, 23);
    output[7 + 22 + 31] = '\0';
 
/* Overwrite the most obvious sensitive data we have on the stack. Note
 * that this does not guarantee there's no sensitive data left on the
 * stack and/or in registers; I'm not aware of portable code that does. */
    px_memset(&data, 0, sizeof(data));
 
    return output;
}

References BF_atoi64, BF_body, BF_decode(), BF_encode(), BF_ENCRYPT, BF_init_state, BF_itoa64, BF_magic_w, BF_N, BF_set_key(), BF_swap(), CHECK_FOR_INTERRUPTS, data, ereport, errcode(), errmsg(), ERROR, i, sort-test::key, output, px_memset(), R, and BF_ctx::S.

Referenced by run_crypt_bf().

_crypt_gensalt_blowfish_rn()

char * _crypt_gensalt_blowfish_rn	(	unsigned long	count,
		const char *	input,
		int	size,
		char *	output,
		int	output_size
	)

Definition at line 161 of file crypt-gensalt.c.

{
    if (size < 16 || output_size < 7 + 22 + 1 ||
        (count && (count < 4 || count > 31)))
    {
        if (output_size > 0)
            output[0] = '\0';
        return NULL;
    }
 
    if (!count)
        count = 5;
 
    output[0] = '$';
    output[1] = '2';
    output[2] = 'a';
    output[3] = '$';
    output[4] = '0' + count / 10;
    output[5] = '0' + count % 10;
    output[6] = '$';
 
    BF_encode(&output[7], (const BF_word *) input, 16);
    output[7 + 22] = '\0';
 
    return output;
}

References BF_encode(), input, and output.

_crypt_gensalt_extended_rn()

char * _crypt_gensalt_extended_rn	(	unsigned long	count,
		const char *	input,
		int	size,
		char *	output,
		int	output_size
	)

Definition at line 43 of file crypt-gensalt.c.

{
    unsigned long value;
 
/* Even iteration counts make it easier to detect weak DES keys from a look
 * at the hash, so they should be avoided */
    if (size < 3 || output_size < 1 + 4 + 4 + 1 ||
        (count && (count > 0xffffff || !(count & 1))))
    {
        if (output_size > 0)
            output[0] = '\0';
        return NULL;
    }
 
    if (!count)
        count = 725;
 
    output[0] = '_';
    output[1] = _crypt_itoa64[count & 0x3f];
    output[2] = _crypt_itoa64[(count >> 6) & 0x3f];
    output[3] = _crypt_itoa64[(count >> 12) & 0x3f];
    output[4] = _crypt_itoa64[(count >> 18) & 0x3f];
    value = (unsigned long) (unsigned char) input[0] |
        ((unsigned long) (unsigned char) input[1] << 8) |
        ((unsigned long) (unsigned char) input[2] << 16);
    output[5] = _crypt_itoa64[value & 0x3f];
    output[6] = _crypt_itoa64[(value >> 6) & 0x3f];
    output[7] = _crypt_itoa64[(value >> 12) & 0x3f];
    output[8] = _crypt_itoa64[(value >> 18) & 0x3f];
    output[9] = '\0';
 
    return output;
}

References _crypt_itoa64, input, output, and value.

_crypt_gensalt_md5_rn()

char * _crypt_gensalt_md5_rn	(	unsigned long	count,
		const char *	input,
		int	size,
		char *	output,
		int	output_size
	)

Definition at line 79 of file crypt-gensalt.c.

{
    unsigned long value;
 
    if (size < 3 || output_size < 3 + 4 + 1 || (count && count != 1000))
    {
        if (output_size > 0)
            output[0] = '\0';
        return NULL;
    }
 
    output[0] = '$';
    output[1] = '1';
    output[2] = '$';
    value = (unsigned long) (unsigned char) input[0] |
        ((unsigned long) (unsigned char) input[1] << 8) |
        ((unsigned long) (unsigned char) input[2] << 16);
    output[3] = _crypt_itoa64[value & 0x3f];
    output[4] = _crypt_itoa64[(value >> 6) & 0x3f];
    output[5] = _crypt_itoa64[(value >> 12) & 0x3f];
    output[6] = _crypt_itoa64[(value >> 18) & 0x3f];
    output[7] = '\0';
 
    if (size >= 6 && output_size >= 3 + 4 + 4 + 1)
    {
        value = (unsigned long) (unsigned char) input[3] |
            ((unsigned long) (unsigned char) input[4] << 8) |
            ((unsigned long) (unsigned char) input[5] << 16);
        output[7] = _crypt_itoa64[value & 0x3f];
        output[8] = _crypt_itoa64[(value >> 6) & 0x3f];
        output[9] = _crypt_itoa64[(value >> 12) & 0x3f];
        output[10] = _crypt_itoa64[(value >> 18) & 0x3f];
        output[11] = '\0';
    }
 
    return output;
}

References _crypt_itoa64, input, output, and value.

_crypt_gensalt_sha256_rn()

char * _crypt_gensalt_sha256_rn	(	unsigned long	count,
		const char *	input,
		int	size,
		char *	output,
		int	output_size
	)

Definition at line 258 of file crypt-gensalt.c.

{
    memset(output, 0, output_size);
    /* set magic byte for sha256crypt */
    output[0] = '$';
    output[1] = '5';
    output[2] = '$';
 
    return _crypt_gensalt_sha(count, input, size, output, output_size);
}

References _crypt_gensalt_sha(), input, and output.

_crypt_gensalt_sha512_rn()

char * _crypt_gensalt_sha512_rn	(	unsigned long	count,
		const char *	input,
		int	size,
		char *	output,
		int	output_size
	)

Definition at line 243 of file crypt-gensalt.c.

{
    memset(output, 0, output_size);
    /* set magic byte for sha512crypt */
    output[0] = '$';
    output[1] = '6';
    output[2] = '$';
 
    return _crypt_gensalt_sha(count, input, size, output, output_size);
}

References _crypt_gensalt_sha(), input, and output.

_crypt_gensalt_traditional_rn()

char * _crypt_gensalt_traditional_rn	(	unsigned long	count,
		const char *	input,
		int	size,
		char *	output,
		int	output_size
	)

Definition at line 25 of file crypt-gensalt.c.

{
    if (size < 2 || output_size < 2 + 1 || (count && count != 25))
    {
        if (output_size > 0)
            output[0] = '\0';
        return NULL;
    }
 
    output[0] = _crypt_itoa64[(unsigned int) input[0] & 0x3f];
    output[1] = _crypt_itoa64[(unsigned int) input[1] & 0x3f];
    output[2] = '\0';
 
    return output;
}

References _crypt_itoa64, input, and output.

px_crypt()

char * px_crypt	(	const char *	psw,
		const char *	salt,
		char *	buf,
		unsigned	len
	)

Definition at line 102 of file px-crypt.c.

{
    const struct px_crypt_algo *c;
 
    CheckBuiltinCryptoMode();
 
    for (c = px_crypt_list; c->id; c++)
    {
        if (!c->id_len)
            break;
        if (strncmp(salt, c->id, c->id_len) == 0)
            break;
    }
 
    if (c->crypt == NULL)
        return NULL;
 
    return c->crypt(psw, salt, buf, len);
}

References buf, CheckBuiltinCryptoMode(), px_crypt_algo::id, len, and px_crypt_list.

Referenced by pg_crypt().

px_crypt_des()

char * px_crypt_des	(	const char *	key,
		const char *	setting
	)

Definition at line 651 of file crypt-des.c.

{
    int         i;
    uint32      count,
                salt,
                l,
                r0,
                r1,
                keybuf[2];
    char       *p;
    uint8      *q;
    static char output[21];
 
    if (!des_initialised)
        des_init();
 
 
    /*
     * Copy the key, shifting each character up by one bit and padding with
     * zeros.
     */
    q = (uint8 *) keybuf;
    while (q - (uint8 *) keybuf - 8)
    {
        *q++ = *key << 1;
        if (*key != '\0')
            key++;
    }
    if (des_setkey((char *) keybuf))
        return NULL;
 
#ifndef DISABLE_XDES
    if (*setting == _PASSWORD_EFMT1)
    {
        /*
         * "new"-style: setting must be a 9-character (underscore, then 4
         * bytes of count, then 4 bytes of salt) string. See CRYPT(3) under
         * the "Extended crypt" heading for further details.
         *
         * Unlimited characters of the input key are used. This is known as
         * the "Extended crypt" DES method.
         *
         */
        if (strlen(setting) < 9)
            ereport(ERROR,
                    (errcode(ERRCODE_INVALID_PARAMETER_VALUE),
                     errmsg("invalid salt")));
 
        for (i = 1, count = 0L; i < 5; i++)
            count |= ascii_to_bin(setting[i]) << (i - 1) * 6;
 
        for (i = 5, salt = 0L; i < 9; i++)
            salt |= ascii_to_bin(setting[i]) << (i - 5) * 6;
 
        while (*key)
        {
            /*
             * Encrypt the key with itself.
             */
            if (des_cipher((char *) keybuf, (char *) keybuf, 0L, 1))
                return NULL;
 
            /*
             * And XOR with the next 8 characters of the key.
             */
            q = (uint8 *) keybuf;
            while (q - (uint8 *) keybuf - 8 && *key)
                *q++ ^= *key++ << 1;
 
            if (des_setkey((char *) keybuf))
                return NULL;
        }
        strlcpy(output, setting, 10);
 
        /*
         * Double check that we weren't given a short setting. If we were, the
         * above code will probably have created weird values for count and
         * salt, but we don't really care. Just make sure the output string
         * doesn't have an extra NUL in it.
         */
        p = output + strlen(output);
    }
    else
#endif                          /* !DISABLE_XDES */
    {
        /*
         * "old"-style: setting - 2 bytes of salt key - only up to the first 8
         * characters of the input key are used.
         */
        count = 25;
 
        if (strlen(setting) < 2)
            ereport(ERROR,
                    (errcode(ERRCODE_INVALID_PARAMETER_VALUE),
                     errmsg("invalid salt")));
 
        salt = (ascii_to_bin(setting[1]) << 6)
            | ascii_to_bin(setting[0]);
 
        output[0] = setting[0];
 
        /*
         * If the encrypted password that the salt was extracted from is only
         * 1 character long, the salt will be corrupted.  We need to ensure
         * that the output string doesn't have an extra NUL in it!
         */
        output[1] = setting[1] ? setting[1] : output[0];
 
        p = output + 2;
    }
    setup_salt(salt);
 
    /*
     * Do it.
     */
    if (do_des(0L, 0L, &r0, &r1, count))
        return NULL;
 
    /*
     * Now encode the result...
     */
    l = (r0 >> 8);
    *p++ = _crypt_a64[(l >> 18) & 0x3f];
    *p++ = _crypt_a64[(l >> 12) & 0x3f];
    *p++ = _crypt_a64[(l >> 6) & 0x3f];
    *p++ = _crypt_a64[l & 0x3f];
 
    l = (r0 << 16) | ((r1 >> 16) & 0xffff);
    *p++ = _crypt_a64[(l >> 18) & 0x3f];
    *p++ = _crypt_a64[(l >> 12) & 0x3f];
    *p++ = _crypt_a64[(l >> 6) & 0x3f];
    *p++ = _crypt_a64[l & 0x3f];
 
    l = r1 << 2;
    *p++ = _crypt_a64[(l >> 12) & 0x3f];
    *p++ = _crypt_a64[(l >> 6) & 0x3f];
    *p++ = _crypt_a64[l & 0x3f];
    *p = 0;
 
    return output;
}

References _crypt_a64, _PASSWORD_EFMT1, ascii_to_bin(), des_cipher(), des_init(), des_initialised, des_setkey(), do_des(), ereport, errcode(), errmsg(), ERROR, i, sort-test::key, output, setup_salt(), and strlcpy().

Referenced by run_crypt_des().

px_crypt_md5()

char * px_crypt_md5	(	const char *	pw,
		const char *	salt,
		char *	passwd,
		unsigned	dstlen
	)

Definition at line 34 of file crypt-md5.c.

{
    static const char *magic = "$1$";   /* This string is magic for this
                                         * algorithm. Having it this way, we
                                         * can get better later on */
    char       *p;
    const char *sp,
               *ep;
    unsigned char final[MD5_SIZE];
    int         sl,
                pl,
                i;
    PX_MD      *ctx,
               *ctx1;
    int         err;
    unsigned long l;
 
    if (!passwd || dstlen < 120)
        return NULL;
 
    /* Refine the Salt first */
    sp = salt;
 
    /* If it starts with the magic string, then skip that */
    if (strncmp(sp, magic, strlen(magic)) == 0)
        sp += strlen(magic);
 
    /* It stops at the first '$', max 8 chars */
    for (ep = sp; *ep && *ep != '$' && ep < (sp + 8); ep++)
        continue;
 
    /* get the length of the true salt */
    sl = ep - sp;
 
    /* we need two PX_MD objects */
    err = px_find_digest("md5", &ctx);
    if (err)
        return NULL;
    err = px_find_digest("md5", &ctx1);
    if (err)
    {
        /* this path is possible under low-memory circumstances */
        px_md_free(ctx);
        return NULL;
    }
 
    /* The password first, since that is what is most unknown */
    px_md_update(ctx, (const uint8 *) pw, strlen(pw));
 
    /* Then our magic string */
    px_md_update(ctx, (const uint8 *) magic, strlen(magic));
 
    /* Then the raw salt */
    px_md_update(ctx, (const uint8 *) sp, sl);
 
    /* Then just as many characters of the MD5(pw,salt,pw) */
    px_md_update(ctx1, (const uint8 *) pw, strlen(pw));
    px_md_update(ctx1, (const uint8 *) sp, sl);
    px_md_update(ctx1, (const uint8 *) pw, strlen(pw));
    px_md_finish(ctx1, final);
    for (pl = strlen(pw); pl > 0; pl -= MD5_SIZE)
        px_md_update(ctx, final, pl > MD5_SIZE ? MD5_SIZE : pl);
 
    /* Don't leave anything around in vm they could use. */
    px_memset(final, 0, sizeof final);
 
    /* Then something really weird... */
    for (i = strlen(pw); i; i >>= 1)
        if (i & 1)
            px_md_update(ctx, final, 1);
        else
            px_md_update(ctx, (const uint8 *) pw, 1);
 
    /* Now make the output string */
    strcpy(passwd, magic);
    strncat(passwd, sp, sl);
    strcat(passwd, "$");
 
    px_md_finish(ctx, final);
 
    /*
     * and now, just to make sure things don't run too fast On a 60 Mhz
     * Pentium this takes 34 msec, so you would need 30 seconds to build a
     * 1000 entry dictionary...
     */
    for (i = 0; i < 1000; i++)
    {
        px_md_reset(ctx1);
        if (i & 1)
            px_md_update(ctx1, (const uint8 *) pw, strlen(pw));
        else
            px_md_update(ctx1, final, MD5_SIZE);
 
        if (i % 3)
            px_md_update(ctx1, (const uint8 *) sp, sl);
 
        if (i % 7)
            px_md_update(ctx1, (const uint8 *) pw, strlen(pw));
 
        if (i & 1)
            px_md_update(ctx1, final, MD5_SIZE);
        else
            px_md_update(ctx1, (const uint8 *) pw, strlen(pw));
        px_md_finish(ctx1, final);
    }
 
    p = passwd + strlen(passwd);
 
    l = (final[0] << 16) | (final[6] << 8) | final[12];
    _crypt_to64(p, l, 4);
    p += 4;
    l = (final[1] << 16) | (final[7] << 8) | final[13];
    _crypt_to64(p, l, 4);
    p += 4;
    l = (final[2] << 16) | (final[8] << 8) | final[14];
    _crypt_to64(p, l, 4);
    p += 4;
    l = (final[3] << 16) | (final[9] << 8) | final[15];
    _crypt_to64(p, l, 4);
    p += 4;
    l = (final[4] << 16) | (final[10] << 8) | final[5];
    _crypt_to64(p, l, 4);
    p += 4;
    l = final[11];
    _crypt_to64(p, l, 2);
    p += 2;
    *p = '\0';
 
    /* Don't leave anything around in vm they could use. */
    px_memset(final, 0, sizeof final);
 
    px_md_free(ctx1);
    px_md_free(ctx);
 
    return passwd;
}

References _crypt_to64(), err(), i, MD5_SIZE, px_find_digest(), px_md_finish, px_md_free, px_md_reset, px_md_update, and px_memset().

Referenced by run_crypt_md5().

px_crypt_shacrypt()

char * px_crypt_shacrypt	(	const char *	pw,
		const char *	salt,
		char *	passwd,
		unsigned	dstlen
	)

Definition at line 69 of file crypt-sha.c.

{
    static const char rounds_prefix[] = "rounds=";
    static const char *magic_bytes[2] = {"$5$", "$6$"};
 
    /* Used to create the password hash string */
    StringInfo  out_buf = NULL;
 
    PGCRYPTO_SHA_t type = PGCRYPTO_SHA_UNKOWN;
    PX_MD      *digestA = NULL;
    PX_MD      *digestB = NULL;
    int         err;
 
    const char *dec_salt_binary;    /* pointer into the real salt string */
    StringInfo  decoded_salt = NULL;    /* decoded salt string */
    unsigned char sha_buf[PX_SHACRYPT_DIGEST_MAX_LEN];
 
    /* temporary buffer for digests */
    unsigned char sha_buf_tmp[PX_SHACRYPT_DIGEST_MAX_LEN];
    char        rounds_custom = 0;
    char       *p_bytes = NULL;
    char       *s_bytes = NULL;
    char       *cp = NULL;
    const char *fp = NULL;      /* intermediate pointer within salt string */
    const char *ep = NULL;      /* holds pointer to the end of the salt string */
    size_t      buf_size = 0;   /* buffer size for sha256crypt/sha512crypt */
    unsigned int block;         /* number of bytes processed */
    uint32      rounds = PX_SHACRYPT_ROUNDS_DEFAULT;
    unsigned int len,
                salt_len = 0;
 
    /* Sanity checks */
    if (!passwd)
        return NULL;
 
    if (pw == NULL)
        elog(ERROR, "null value for password rejected");
 
    if (salt == NULL)
        elog(ERROR, "null value for salt rejected");
 
    /*
     * Make sure result buffers are large enough.
     */
    if (dstlen < PX_SHACRYPT_BUF_LEN)
        elog(ERROR, "insufficient result buffer size to encrypt password");
 
    /* Init result buffer */
    out_buf = makeStringInfoExt(PX_SHACRYPT_BUF_LEN);
    decoded_salt = makeStringInfoExt(PX_SHACRYPT_SALT_MAX_LEN);
 
    /* Init contents of buffers properly */
    memset(&sha_buf, '\0', sizeof(sha_buf));
    memset(&sha_buf_tmp, '\0', sizeof(sha_buf_tmp));
 
    /*
     * Decode the salt string. We need to know how many rounds and which
     * digest we have to use to hash the password.
     */
    len = strlen(pw);
    dec_salt_binary = salt;
 
    /*
     * Analyze and prepare the salt string
     *
     * The magic string should be specified in the first three bytes of the
     * salt string.  Do some sanity checks first.
     */
    if (strlen(dec_salt_binary) < 3)
        ereport(ERROR,
                errcode(ERRCODE_INVALID_PARAMETER_VALUE),
                errmsg("invalid salt"));
 
    /*
     * Check format of magic bytes. These should define either 5=sha256crypt
     * or 6=sha512crypt in the second byte, enclosed by ascii dollar signs.
     */
    if ((dec_salt_binary[0] != '$') || (dec_salt_binary[2] != '$'))
        ereport(ERROR,
                errcode(ERRCODE_INVALID_PARAMETER_VALUE),
                errmsg("invalid format of salt"),
                errhint("magic byte format for shacrypt is either \"$5$\" or \"$6$\""));
 
    /*
     * Check magic byte for supported shacrypt digest.
     *
     * We're just interested in the very first 3 bytes of the salt string,
     * since this defines the digest length to use.
     */
    if (strncmp(dec_salt_binary, magic_bytes[0], strlen(magic_bytes[0])) == 0)
    {
        type = PGCRYPTO_SHA256CRYPT;
        dec_salt_binary += strlen(magic_bytes[0]);
    }
    else if (strncmp(dec_salt_binary, magic_bytes[1], strlen(magic_bytes[1])) == 0)
    {
        type = PGCRYPTO_SHA512CRYPT;
        dec_salt_binary += strlen(magic_bytes[1]);
    }
 
    /*
     * dec_salt_binary pointer is positioned after the magic bytes now
     *
     * We extract any options in the following code branch. The only optional
     * setting we need to take care of is the "rounds" option. Note that the
     * salt generator already checked for invalid settings before, but we need
     * to do it here again to protect against injection of wrong values when
     * called without the generator.
     *
     * If there is any garbage added after the magic byte and the options/salt
     * string, we don't treat this special: This is just absorbed as part of
     * the salt with up to PX_SHACRYPT_SALT_LEN_MAX.
     *
     * Unknown magic byte is handled further below.
     */
    if (strncmp(dec_salt_binary,
                rounds_prefix, sizeof(rounds_prefix) - 1) == 0)
    {
        const char *num = dec_salt_binary + sizeof(rounds_prefix) - 1;
        char       *endp;
        int         srounds = strtoint(num, &endp, 10);
 
        if (*endp != '$')
            ereport(ERROR,
                    errcode(ERRCODE_SYNTAX_ERROR),
                    errmsg("could not parse salt options"));
 
        dec_salt_binary = endp + 1;
 
        /*
         * We violate supported lower or upper bound of rounds, but in this
         * case we change this value to the supported lower or upper value. We
         * don't do this silently and print a NOTICE in such a case.
         *
         * Note that a salt string generated with gen_salt() would never
         * generated such a salt string, since it would error out.
         *
         * But Drepper's upstream reference implementation supports this when
         * passing the salt string directly, so we maintain compatibility.
         */
        if (srounds > PX_SHACRYPT_ROUNDS_MAX)
        {
            ereport(NOTICE,
                    errcode(ERRCODE_NUMERIC_VALUE_OUT_OF_RANGE),
                    errmsg("rounds=%d exceeds maximum supported value (%d), using %d instead",
                           srounds, PX_SHACRYPT_ROUNDS_MAX,
                           PX_SHACRYPT_ROUNDS_MAX));
            srounds = PX_SHACRYPT_ROUNDS_MAX;
        }
        else if (srounds < PX_SHACRYPT_ROUNDS_MIN)
        {
            ereport(NOTICE,
                    errcode(ERRCODE_NUMERIC_VALUE_OUT_OF_RANGE),
                    errmsg("rounds=%d is below supported value (%d), using %d instead",
                           srounds, PX_SHACRYPT_ROUNDS_MIN,
                           PX_SHACRYPT_ROUNDS_MIN));
            srounds = PX_SHACRYPT_ROUNDS_MIN;
        }
 
        rounds = (uint32) srounds;
        rounds_custom = 1;
    }
 
    /*
     * Choose the correct digest length and add the magic bytes to the result
     * buffer. Also handle possible invalid magic byte we've extracted above.
     */
    switch (type)
    {
        case PGCRYPTO_SHA256CRYPT:
            {
                /* Two PX_MD objects required */
                err = px_find_digest("sha256", &digestA);
                if (err)
                    goto error;
 
                err = px_find_digest("sha256", &digestB);
                if (err)
                    goto error;
 
                /* digest buffer length is 32 for sha256 */
                buf_size = 32;
 
                appendStringInfoString(out_buf, magic_bytes[0]);
                break;
            }
 
        case PGCRYPTO_SHA512CRYPT:
            {
                /* Two PX_MD objects required */
                err = px_find_digest("sha512", &digestA);
                if (err)
                    goto error;
 
                err = px_find_digest("sha512", &digestB);
                if (err)
                    goto error;
 
                buf_size = PX_SHACRYPT_DIGEST_MAX_LEN;
 
                appendStringInfoString(out_buf, magic_bytes[1]);
                break;
            }
 
        case PGCRYPTO_SHA_UNKOWN:
            elog(ERROR, "unknown crypt identifier \"%c\"", salt[1]);
    }
 
    if (rounds_custom > 0)
        appendStringInfo(out_buf, "rounds=%u$", rounds);
 
    /*
     * We need the real decoded salt string from salt input, this is every
     * character before the last '$' in the preamble. Append every compatible
     * character up to PX_SHACRYPT_SALT_MAX_LEN to the result buffer. Note
     * that depending on the input, there might be no '$' marker after the
     * salt, when there is no password hash attached at the end.
     *
     * We try hard to recognize mistakes, but since we might get an input
     * string which might also have the password hash after the salt string
     * section we give up as soon we reach the end of the input or if there
     * are any bytes consumed for the salt string until we reach the first '$'
     * marker thereafter.
     */
    for (ep = dec_salt_binary;
         *ep && ep < (dec_salt_binary + PX_SHACRYPT_SALT_MAX_LEN);
         ep++)
    {
        /*
         * Filter out any string which shouldn't be here.
         *
         * First check for accidentally embedded magic strings here. We don't
         * support '$' in salt strings anyways and seeing a magic byte trying
         * to identify shacrypt hashes might indicate that something went
         * wrong when generating this salt string. Note that we later check
         * for non-supported literals anyways, but any '$' here confuses us at
         * this point.
         */
        fp = strstr(dec_salt_binary, magic_bytes[0]);
        if (fp != NULL)
            elog(ERROR, "bogus magic byte found in salt string");
 
        fp = strstr(dec_salt_binary, magic_bytes[1]);
        if (fp != NULL)
            elog(ERROR, "bogus magic byte found in salt string");
 
        /*
         * This looks very strict, but we assume the caller did something
         * wrong when we see a "rounds=" option here.
         */
        fp = strstr(dec_salt_binary, rounds_prefix);
        if (fp != NULL)
            elog(ERROR, "invalid rounds option specified in salt string");
 
        if (*ep != '$')
        {
            if (strchr(_crypt_itoa64, *ep) != NULL)
                appendStringInfoCharMacro(decoded_salt, *ep);
            else
                ereport(ERROR,
                        errcode(ERRCODE_INVALID_PARAMETER_VALUE),
                        errmsg("invalid character in salt string: \"%.*s\"",
                               pg_mblen(ep), ep));
        }
        else
        {
            /*
             * We encountered a '$' marker. Check if we already absorbed some
             * bytes from input. If true, we are optimistic and terminate at
             * this stage. If not, we try further.
             *
             * If we already consumed enough bytes for the salt string,
             * everything that is after this marker is considered to be part
             * of an optionally specified password hash and ignored.
             */
            if (decoded_salt->len > 0)
                break;
        }
    }
 
    salt_len = decoded_salt->len;
    appendStringInfoString(out_buf, decoded_salt->data);
    elog(DEBUG1, "using salt \"%s\", salt len = %d, rounds = %u",
         decoded_salt->data, decoded_salt->len, rounds);
 
    /*
     * Sanity check: at this point the salt string buffer must not exceed
     * expected size.
     */
    if (out_buf->len > (3 + 17 * rounds_custom + salt_len))
        elog(ERROR, "unexpected length of salt string");
 
    /*-
     * 1. Start digest A
     * 2. Add the password string to digest A
     * 3. Add the salt to digest A
     */
    px_md_update(digestA, (const unsigned char *) pw, len);
    px_md_update(digestA, (const unsigned char *) decoded_salt->data, salt_len);
 
    /*-
     * 4. Create digest B
     * 5. Add password to digest B
     * 6. Add the salt string to digest B
     * 7. Add the password again to digest B
     * 8. Finalize digest B
     */
    px_md_update(digestB, (const unsigned char *) pw, len);
    px_md_update(digestB, (const unsigned char *) dec_salt_binary, salt_len);
    px_md_update(digestB, (const unsigned char *) pw, len);
    px_md_finish(digestB, sha_buf);
 
    /*
     * 9. For each block (excluding the NULL byte), add digest B to digest A.
     */
    for (block = len; block > buf_size; block -= buf_size)
        px_md_update(digestA, sha_buf, buf_size);
 
    /*-
     * 10. For the remaining N bytes of the password string, add the first N
     * bytes of digest B to A.
     */
    px_md_update(digestA, sha_buf, block);
 
    /*-
     * 11. For each bit of the binary representation of the length of the
     * password string up to and including the highest 1-digit, starting from
     * to lowest bit position (numeric value 1)
     *
     * a) for a 1-digit add digest B (sha_buf) to digest A
     * b) for a 0-digit add the password string
     */
    block = len;
    while (block)
    {
        px_md_update(digestA,
                     (block & 1) ? sha_buf : (const unsigned char *) pw,
                     (block & 1) ? buf_size : len);
 
        /* right shift to next byte */
        block >>= 1;
    }
 
    /* 12. Finalize digest A */
    px_md_finish(digestA, sha_buf);
 
    /* 13. Start digest DP */
    px_md_reset(digestB);
 
    /*-
     * 14 Add every byte of the password string (excluding trailing NULL)
     * to the digest DP
     */
    for (block = len; block > 0; block--)
        px_md_update(digestB, (const unsigned char *) pw, len);
 
    /* 15. Finalize digest DP */
    px_md_finish(digestB, sha_buf_tmp);
 
    /*-
     * 16. produce byte sequence P with same length as password.
     *     a) for each block of 32 or 64 bytes of length of the password
     *        string the entire digest DP is used
     *     b) for the remaining N (up to  31 or 63) bytes use the
     *        first N bytes of digest DP
     */
    if ((p_bytes = palloc0(len)) == NULL)
    {
        goto error;
    }
 
    /* N step of 16, copy over the bytes from password */
    for (cp = p_bytes, block = len; block > buf_size; block -= buf_size, cp += buf_size)
        memcpy(cp, sha_buf_tmp, buf_size);
    memcpy(cp, sha_buf_tmp, block);
 
    /*
     * 17. Start digest DS
     */
    px_md_reset(digestB);
 
    /*-
     * 18. Repeat the following 16+A[0] times, where A[0] represents the first
     *    byte in digest A interpreted as an 8-bit unsigned value
     *    add the salt to digest DS
     */
    for (block = 16 + sha_buf[0]; block > 0; block--)
        px_md_update(digestB, (const unsigned char *) dec_salt_binary, salt_len);
 
    /*
     * 19. Finalize digest DS
     */
    px_md_finish(digestB, sha_buf_tmp);
 
    /*-
     * 20. Produce byte sequence S of the same length as the salt string where
     *
     * a) for each block of 32 or 64 bytes of length of the salt string the
     *    entire digest DS is used
     *
     * b) for the remaining N (up to  31 or 63) bytes use the first N
     *    bytes of digest DS
     */
    if ((s_bytes = palloc0(salt_len)) == NULL)
        goto error;
 
    for (cp = s_bytes, block = salt_len; block > buf_size; block -= buf_size, cp += buf_size)
        memcpy(cp, sha_buf_tmp, buf_size);
    memcpy(cp, sha_buf_tmp, block);
 
    /* Make sure we don't leave something important behind */
    px_memset(&sha_buf_tmp, 0, sizeof sha_buf);
 
    /*-
     * 21. Repeat a loop according to the number specified in the rounds=<N>
     *     specification in the salt (or the default value if none is
     *     present).  Each round is numbered, starting with 0 and up to N-1.
     *
     *     The loop uses a digest as input.  In the first round it is the
     *     digest produced in step 12.  In the latter steps it is the digest
     *     produced in step 21.h of the previous round.  The following text
     *     uses the notation "digest A/B" to describe this behavior.
     */
    for (block = 0; block < rounds; block++)
    {
        /*
         * Make it possible to abort in case large values for "rounds" are
         * specified.
         */
        CHECK_FOR_INTERRUPTS();
 
        /* a) start digest B */
        px_md_reset(digestB);
 
        /*-
         * b) for odd round numbers add the byte sequence P to digest B
         * c) for even round numbers add digest A/B
         */
        px_md_update(digestB,
                     (block & 1) ? (const unsigned char *) p_bytes : sha_buf,
                     (block & 1) ? len : buf_size);
 
        /* d) for all round numbers not divisible by 3 add the byte sequence S */
        if ((block % 3) != 0)
            px_md_update(digestB, (const unsigned char *) s_bytes, salt_len);
 
        /* e) for all round numbers not divisible by 7 add the byte sequence P */
        if ((block % 7) != 0)
            px_md_update(digestB, (const unsigned char *) p_bytes, len);
 
        /*-
         * f) for odd round numbers add digest A/C
         * g) for even round numbers add the byte sequence P
         */
        px_md_update(digestB,
                     (block & 1) ? sha_buf : (const unsigned char *) p_bytes,
                     (block & 1) ? buf_size : len);
 
        /* h) finish digest C. */
        px_md_finish(digestB, sha_buf);
    }
 
    px_md_free(digestA);
    px_md_free(digestB);
 
    digestA = NULL;
    digestB = NULL;
 
    pfree(s_bytes);
    pfree(p_bytes);
 
    s_bytes = NULL;
    p_bytes = NULL;
 
    /* prepare final result buffer */
    appendStringInfoCharMacro(out_buf, '$');
 
#define b64_from_24bit(B2, B1, B0, N)                                    \
    do {                                                                 \
        unsigned int w = ((B2) << 16) | ((B1) << 8) | (B0);              \
        int     i = (N);                                                 \
        while (i-- > 0)                                                  \
        {                                                                \
            appendStringInfoCharMacro(out_buf, _crypt_itoa64[w & 0x3f]); \
            w >>= 6;                                                     \
        }                                                                \
    } while (0)
 
    switch (type)
    {
        case PGCRYPTO_SHA256CRYPT:
            {
                b64_from_24bit(sha_buf[0], sha_buf[10], sha_buf[20], 4);
                b64_from_24bit(sha_buf[21], sha_buf[1], sha_buf[11], 4);
                b64_from_24bit(sha_buf[12], sha_buf[22], sha_buf[2], 4);
                b64_from_24bit(sha_buf[3], sha_buf[13], sha_buf[23], 4);
                b64_from_24bit(sha_buf[24], sha_buf[4], sha_buf[14], 4);
                b64_from_24bit(sha_buf[15], sha_buf[25], sha_buf[5], 4);
                b64_from_24bit(sha_buf[6], sha_buf[16], sha_buf[26], 4);
                b64_from_24bit(sha_buf[27], sha_buf[7], sha_buf[17], 4);
                b64_from_24bit(sha_buf[18], sha_buf[28], sha_buf[8], 4);
                b64_from_24bit(sha_buf[9], sha_buf[19], sha_buf[29], 4);
                b64_from_24bit(0, sha_buf[31], sha_buf[30], 3);
 
                break;
            }
 
        case PGCRYPTO_SHA512CRYPT:
            {
                b64_from_24bit(sha_buf[0], sha_buf[21], sha_buf[42], 4);
                b64_from_24bit(sha_buf[22], sha_buf[43], sha_buf[1], 4);
                b64_from_24bit(sha_buf[44], sha_buf[2], sha_buf[23], 4);
                b64_from_24bit(sha_buf[3], sha_buf[24], sha_buf[45], 4);
                b64_from_24bit(sha_buf[25], sha_buf[46], sha_buf[4], 4);
                b64_from_24bit(sha_buf[47], sha_buf[5], sha_buf[26], 4);
                b64_from_24bit(sha_buf[6], sha_buf[27], sha_buf[48], 4);
                b64_from_24bit(sha_buf[28], sha_buf[49], sha_buf[7], 4);
                b64_from_24bit(sha_buf[50], sha_buf[8], sha_buf[29], 4);
                b64_from_24bit(sha_buf[9], sha_buf[30], sha_buf[51], 4);
                b64_from_24bit(sha_buf[31], sha_buf[52], sha_buf[10], 4);
                b64_from_24bit(sha_buf[53], sha_buf[11], sha_buf[32], 4);
                b64_from_24bit(sha_buf[12], sha_buf[33], sha_buf[54], 4);
                b64_from_24bit(sha_buf[34], sha_buf[55], sha_buf[13], 4);
                b64_from_24bit(sha_buf[56], sha_buf[14], sha_buf[35], 4);
                b64_from_24bit(sha_buf[15], sha_buf[36], sha_buf[57], 4);
                b64_from_24bit(sha_buf[37], sha_buf[58], sha_buf[16], 4);
                b64_from_24bit(sha_buf[59], sha_buf[17], sha_buf[38], 4);
                b64_from_24bit(sha_buf[18], sha_buf[39], sha_buf[60], 4);
                b64_from_24bit(sha_buf[40], sha_buf[61], sha_buf[19], 4);
                b64_from_24bit(sha_buf[62], sha_buf[20], sha_buf[41], 4);
                b64_from_24bit(0, 0, sha_buf[63], 2);
 
                break;
            }
 
        case PGCRYPTO_SHA_UNKOWN:
            /* we shouldn't land here ... */
            elog(ERROR, "unsupported digest length");
    }
 
    /*
     * Copy over result to specified buffer.
     *
     * The passwd character buffer should have at least PX_SHACRYPT_BUF_LEN
     * allocated, since we checked above if dstlen is smaller than
     * PX_SHACRYPT_BUF_LEN (which also includes the NULL byte).
     *
     * In that case we would have failed above already.
     */
    memcpy(passwd, out_buf->data, out_buf->len);
 
    /* make sure nothing important is left behind */
    px_memset(&sha_buf, 0, sizeof sha_buf);
    destroyStringInfo(out_buf);
    destroyStringInfo(decoded_salt);
 
    /* ...and we're done */
    return passwd;
 
error:
    if (digestA != NULL)
        px_md_free(digestA);
 
    if (digestB != NULL)
        px_md_free(digestB);
 
    destroyStringInfo(out_buf);
    destroyStringInfo(decoded_salt);
 
    ereport(ERROR,
            errcode(ERRCODE_INTERNAL_ERROR),
            errmsg("cannot create encrypted password"));
    return NULL;                /* keep compiler quiet */
}

References _crypt_itoa64, appendStringInfo(), appendStringInfoCharMacro, appendStringInfoString(), b64_from_24bit, CHECK_FOR_INTERRUPTS, StringInfoData::data, DEBUG1, destroyStringInfo(), elog, ereport, err(), errcode(), errhint(), errmsg(), ERROR, error(), StringInfoData::len, len, makeStringInfoExt(), NOTICE, palloc0(), pfree(), pg_mblen(), PGCRYPTO_SHA256CRYPT, PGCRYPTO_SHA512CRYPT, PGCRYPTO_SHA_UNKOWN, px_find_digest(), px_md_finish, px_md_free, px_md_reset, px_md_update, px_memset(), PX_SHACRYPT_BUF_LEN, PX_SHACRYPT_DIGEST_MAX_LEN, PX_SHACRYPT_ROUNDS_DEFAULT, PX_SHACRYPT_ROUNDS_MAX, PX_SHACRYPT_ROUNDS_MIN, PX_SHACRYPT_SALT_MAX_LEN, strtoint(), and type.

Referenced by run_crypt_sha().

px_gen_salt()

int px_gen_salt	(	const char *	salt_type,
		char *	buf,
		int	rounds
	)

Definition at line 156 of file px-crypt.c.

{
    struct generator *g;
    char       *p;
    char        rbuf[16];
 
    CheckBuiltinCryptoMode();
 
    for (g = gen_list; g->name; g++)
        if (pg_strcasecmp(g->name, salt_type) == 0)
            break;
 
    if (g->name == NULL)
        return PXE_UNKNOWN_SALT_ALGO;
 
    if (g->def_rounds)
    {
        if (rounds == 0)
            rounds = g->def_rounds;
 
        if (rounds < g->min_rounds || rounds > g->max_rounds)
            return PXE_BAD_SALT_ROUNDS;
    }
 
    if (!pg_strong_random(rbuf, g->input_len))
        return PXE_NO_RANDOM;
 
    p = g->gen(rounds, rbuf, g->input_len, buf, PX_MAX_SALT_LEN);
    px_memset(rbuf, 0, sizeof(rbuf));
 
    if (p == NULL)
        return PXE_BAD_SALT_ROUNDS;
 
    return strlen(p);
}

References buf, CheckBuiltinCryptoMode(), generator::def_rounds, generator::gen, gen_list, generator::input_len, generator::max_rounds, generator::min_rounds, generator::name, pg_strcasecmp(), pg_strong_random(), PX_MAX_SALT_LEN, px_memset(), PXE_BAD_SALT_ROUNDS, PXE_NO_RANDOM, and PXE_UNKNOWN_SALT_ALGO.

Referenced by pg_gen_salt(), and pg_gen_salt_rounds().