Bug 2097

Summary: if gensalt's log_rounds parameter is set to 31 it does 0 (ZERO) rounds!
Product: jBCrypt Reporter: Marcus Rathsfeld <rathsfeld>
Component: DefaultAssignee: Damien Miller <djm>
Status: CLOSED MOVED    
Severity: security    
Priority: P5    
Version: unspecified   
Hardware: All   
OS: All   

Description Marcus Rathsfeld 2013-05-02 19:14:24 AEST 
In the method crypt_raw you are calculating the rounds with:
int rounds = 1 << log_rounds;

Java's int is a signed type, meaning a 1 << 31 will cause it to flip to -2147483648

Hence this loop further down will not run at all:

for (i = 0; i < rounds; i++) {
			key(password);
			key(salt);
		}


rounds needs to be of type long if 31 is supposed to be a valid parameter!
Comment 1 Marcus Rathsfeld 2013-05-02 19:17:50 AEST 
Forgot something! The line needs to be

long rounds = 1l << log_rounds;
Comment 2 Damien Miller 2019-01-23 20:04:05 AEDT 
jBCrypt is not longer in this bugtracker
Comment 3 Damien Miller 2022-02-25 13:59:37 AEDT 
closing bugs resolved before openssh-8.9