Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

x/crypto/bcrypt: bcrypt.expensiveBlowfishSetup changes slice's underlying array #20425

Closed
magisterquis opened this issue May 19, 2017 · 2 comments

Comments

@magisterquis
Copy link

Please answer these questions before submitting your issue. Thanks!

What version of Go are you using (go version)?

go version go1.8.1 openbsd/amd64

What operating system and processor architecture are you using (go env)?

GOARCH="amd64"
GOBIN=""
GOEXE=""
GOHOSTARCH="amd64"
GOHOSTOS="openbsd"
GOOS="openbsd"
GOPATH="/home/stuart/go"
GORACE=""
GOROOT="/home/stuart/.go/1.8.1"
GOTOOLDIR="/home/stuart/.go/1.8.1/pkg/tool/openbsd_amd64"
GCCGO="gccgo"
CC="gcc"
GOGCCFLAGS="-fPIC -m64 -fmessage-length=0"
CXX="g++"
CGO_ENABLED="0"
PKG_CONFIG="pkg-config"
CGO_CFLAGS="-g -O2"
CGO_CPPFLAGS=""
CGO_CXXFLAGS="-g -O2"
CGO_FFLAGS="-g -O2"
CGO_LDFLAGS="-g -O2"

What did you do?

If possible, provide a recipe for reproducing the error.
A complete runnable program is good.
A link on play.golang.org is best.

package main

import (
        "log"

        "golang.org/x/crypto/bcrypt"
)

const HASH = "$2a$10$LK9XRuhNxHHCvjX3tdkRKei1QiCDUKrJRhZv7WWZPuQGRUM92rOUa"

func main() {
        a := []byte("passw0rd123456")
        password := a[:len(a)-6]
        token := a[len(a)-6:]

        log.Printf("Before: A:%q T:%q P:%q", a, token, password)
        if err := bcrypt.CompareHashAndPassword([]byte(HASH), password); nil != err {
                log.Fatalf("Hash mismatch")
        }

        log.Printf("After: A:%q T:%q P:%q", a, token, password)
}

Output:

2017/05/19 11:58:43 Before: A:"passw0rd123456" T:"123456" P:"passw0rd"
2017/05/19 11:58:43 After: A:"passw0rd\x0023456" T:"\x0023456" P:"passw0rd"

What did you expect to see?

I expected the value of token to be unchanged after the call to bcrypt.CompareAndHashPassword.

What did you see instead?

The first byte of token was changed. This seems to happen in the call to bcrypt.expensiveBlowfishSetup when it appends a null byte to password to be compatible with C implementations.

https://github.com/golang/crypto/blob/master/bcrypt/bcrypt.go#L216

Unfortunately this changes the slice's underlying array, which can have knock-on effects if other slices refer to the same array (as in my 2FA-derived example).

@gopherbot gopherbot added this to the Unreleased milestone May 19, 2017
@aead
Copy link
Contributor

aead commented May 20, 2017

I think this is unintended behavior and should be fixed.
Have send a CL

Thanks for the bug report @magisterquis.

@gopherbot
Copy link

CL https://golang.org/cl/43715 mentions this issue.

@golang golang locked and limited conversation to collaborators May 22, 2018
c-expert-zigbee pushed a commit to c-expert-zigbee/crypto_go that referenced this issue Mar 28, 2022
The bcrypt implementation must append a zero byte to the user provided key
to be compatible to C implementations.
This will change the user provided key if the slice has enough capacity to
hold the extra zero byte.

This change always allocates a new slice for the C-compatible key.

Fixes golang/go#20425

Change-Id: I8dc4e840c29711daabdabe58d83643cc0103cedd
Reviewed-on: https://go-review.googlesource.com/43715
Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
c-expert-zigbee pushed a commit to c-expert-zigbee/crypto_go that referenced this issue Mar 29, 2022
The bcrypt implementation must append a zero byte to the user provided key
to be compatible to C implementations.
This will change the user provided key if the slice has enough capacity to
hold the extra zero byte.

This change always allocates a new slice for the C-compatible key.

Fixes golang/go#20425

Change-Id: I8dc4e840c29711daabdabe58d83643cc0103cedd
Reviewed-on: https://go-review.googlesource.com/43715
Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
LewiGoddard pushed a commit to LewiGoddard/crypto that referenced this issue Feb 16, 2023
The bcrypt implementation must append a zero byte to the user provided key
to be compatible to C implementations.
This will change the user provided key if the slice has enough capacity to
hold the extra zero byte.

This change always allocates a new slice for the C-compatible key.

Fixes golang/go#20425

Change-Id: I8dc4e840c29711daabdabe58d83643cc0103cedd
Reviewed-on: https://go-review.googlesource.com/43715
Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
BiiChris pushed a commit to BiiChris/crypto that referenced this issue Sep 15, 2023
The bcrypt implementation must append a zero byte to the user provided key
to be compatible to C implementations.
This will change the user provided key if the slice has enough capacity to
hold the extra zero byte.

This change always allocates a new slice for the C-compatible key.

Fixes golang/go#20425

Change-Id: I8dc4e840c29711daabdabe58d83643cc0103cedd
Reviewed-on: https://go-review.googlesource.com/43715
Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Development

No branches or pull requests

3 participants