2 files changed, 43 insertions, 5 deletions
diff --git a/src/lib/libc/crypt/bcrypt.c b/src/lib/libc/crypt/bcrypt.c
index 94758ca40b..abcbe138ca 100644
--- a/src/lib/libc/crypt/bcrypt.c
+++ b/src/lib/libc/crypt/bcrypt.c
@@ -1,4 +1,4 @@
-/*      $OpenBSD: bcrypt.c,v 1.46 2014/11/24 22:47:01 tedu Exp $        */
+/*      $OpenBSD: bcrypt.c,v 1.47 2014/12/30 10:27:24 tedu Exp $        */
 /*
 * Copyright (c) 2014 Ted Unangst <tedu@openbsd.org>
@@ -225,6 +225,38 @@ bcrypt_checkpass(const char *pass, const char *goodhash)
 }
 /*
+ * Measure this system's performance by measuring the time for 8 rounds.
+ * We are aiming for something that takes between 0.25 and 0.5 seconds.
+ */
+int
+bcrypt_autorounds(void)
+{
+        clock_t before, after;
+        int r = 8;
+        char buf[_PASSWORD_LEN];
+        int duration;
+        before = clock();
+        bcrypt_newhash("testpassword", r, buf, sizeof(buf));
+        after = clock();
+        duration = after - before;
+        /* too quick? slow it down. */
+        while (r < 16 && duration <= CLOCKS_PER_SEC / 4) {
+                r += 1;
+                duration *= 2;
+        }
+        /* too slow? speed it up. */
+        while (r > 4 && duration > CLOCKS_PER_SEC / 2) {
+                r -= 1;
+                duration /= 2;
+        }
+        return r;
+}
+/*
 * internal utilities
 */
 static const u_int8_t Base64Code[] =
diff --git a/src/lib/libc/crypt/cryptutil.c b/src/lib/libc/crypt/cryptutil.c
index f101240524..7e93dad3c8 100644
--- a/src/lib/libc/crypt/cryptutil.c
+++ b/src/lib/libc/crypt/cryptutil.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: cryptutil.c,v 1.6 2014/12/24 22:10:34 tedu Exp $ */
+/* $OpenBSD: cryptutil.c,v 1.7 2014/12/30 10:27:24 tedu Exp $ */
 /*
 * Copyright (c) 2014 Ted Unangst <tedu@openbsd.org>
 *
@@ -21,6 +21,8 @@
 #include <login_cap.h>
 #include <errno.h>
+int bcrypt_autorounds(void);
 int
 crypt_checkpass(const char *pass, const char *goodhash)
 {
@@ -64,9 +66,13 @@ crypt_newhash(const char *pass, const char *pref, char *hash, size_t hashlen)
                errno = EINVAL;
                goto err;
        }
-        rounds = strtonum(pref + 9, 4, 31, &errstr);
+        if (strcmp(pref + 9, "a") == 0) {
-        if (errstr)
+                rounds = bcrypt_autorounds();
-                goto err;
+        } else {
+                rounds = strtonum(pref + 9, 4, 31, &errstr);
+                if (errstr)
+                        goto err;
+        }
        rv = bcrypt_newhash(pass, rounds, hash, hashlen);
 err:

diff --git a/src/lib/libc/crypt/bcrypt.c b/src/lib/libc/crypt/bcrypt.c index 94758ca40b..abcbe138ca 100644 --- a/src/lib/libc/crypt/bcrypt.c +++ b/src/lib/libc/crypt/bcrypt.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: bcrypt.c,v 1.46 2014/11/24 22:47:01 tedu Exp $ */	1	/* $OpenBSD: bcrypt.c,v 1.47 2014/12/30 10:27:24 tedu Exp $ */
2		2
3	/*	3	/*
4	* Copyright (c) 2014 Ted Unangst <tedu@openbsd.org>	4	* Copyright (c) 2014 Ted Unangst <tedu@openbsd.org>
@@ -225,6 +225,38 @@ bcrypt_checkpass(const char pass, const char goodhash)
225	}	225	}
226		226
227	/*	227	/*
		228	* Measure this system's performance by measuring the time for 8 rounds.
		229	* We are aiming for something that takes between 0.25 and 0.5 seconds.
		230	*/
		231	int
		232	bcrypt_autorounds(void)
		233	{
		234	clock_t before, after;
		235	int r = 8;
		236	char buf[_PASSWORD_LEN];
		237	int duration;
		238
		239	before = clock();
		240	bcrypt_newhash("testpassword", r, buf, sizeof(buf));
		241	after = clock();
		242
		243	duration = after - before;
		244
		245	/* too quick? slow it down. */
		246	while (r < 16 && duration <= CLOCKS_PER_SEC / 4) {
		247	r += 1;
		248	duration *= 2;
		249	}
		250	/* too slow? speed it up. */
		251	while (r > 4 && duration > CLOCKS_PER_SEC / 2) {
		252	r -= 1;
		253	duration /= 2;
		254	}
		255
		256	return r;
		257	}
		258
		259	/*
228	* internal utilities	260	* internal utilities
229	*/	261	*/
230	static const u_int8_t Base64Code[] =	262	static const u_int8_t Base64Code[] =


diff --git a/src/lib/libc/crypt/cryptutil.c b/src/lib/libc/crypt/cryptutil.c index f101240524..7e93dad3c8 100644 --- a/src/lib/libc/crypt/cryptutil.c +++ b/src/lib/libc/crypt/cryptutil.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: cryptutil.c,v 1.6 2014/12/24 22:10:34 tedu Exp $ */	1	/* $OpenBSD: cryptutil.c,v 1.7 2014/12/30 10:27:24 tedu Exp $ */
2	/*	2	/*
3	* Copyright (c) 2014 Ted Unangst <tedu@openbsd.org>	3	* Copyright (c) 2014 Ted Unangst <tedu@openbsd.org>
4	*	4	*
@@ -21,6 +21,8 @@
21	#include <login_cap.h>	21	#include <login_cap.h>
22	#include <errno.h>	22	#include <errno.h>
23		23
		24	int bcrypt_autorounds(void);
		25
24	int	26	int
25	crypt_checkpass(const char pass, const char goodhash)	27	crypt_checkpass(const char pass, const char goodhash)
26	{	28	{
@@ -64,9 +66,13 @@ crypt_newhash(const char pass, const char pref, char *hash, size_t hashlen)
64	errno = EINVAL;	66	errno = EINVAL;
65	goto err;	67	goto err;
66	}	68	}
67	rounds = strtonum(pref + 9, 4, 31, &errstr);	69	if (strcmp(pref + 9, "a") == 0) {
68	if (errstr)	70	rounds = bcrypt_autorounds();
69	goto err;	71	} else {
		72	rounds = strtonum(pref + 9, 4, 31, &errstr);
		73	if (errstr)
		74	goto err;
		75	}
70	rv = bcrypt_newhash(pass, rounds, hash, hashlen);	76	rv = bcrypt_newhash(pass, rounds, hash, hashlen);
71		77
72	err:	78	err: