From b7e99aa76c36417b797add2addba03121b758e66 Mon Sep 17 00:00:00 2001 From: Pavol Rusnak Date: Wed, 23 Jan 2019 20:04:57 +0100 Subject: [PATCH] bip39: truncate long passphrases (more than 256 characters) --- bip39.c | 8 ++++---- bip39.h | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/bip39.c b/bip39.c index f639c94f3c..2d0a9640c2 100644 --- a/bip39.c +++ b/bip39.c @@ -184,12 +184,12 @@ int mnemonic_check(const char *mnemonic) return 0; } -// passphrase must be at most 256 characters or code may crash +// passphrase must be at most 256 characters otherwise it would be truncated void mnemonic_to_seed(const char *mnemonic, const char *passphrase, uint8_t seed[512 / 8], void (*progress_callback)(uint32_t current, uint32_t total)) { - int passphraselen = strlen(passphrase); -#if USE_BIP39_CACHE int mnemoniclen = strlen(mnemonic); + int passphraselen = strnlen(passphrase, 256); +#if USE_BIP39_CACHE // check cache if (mnemoniclen < 256 && passphraselen < 64) { for (int i = 0; i < BIP39_CACHE_SIZE; i++) { @@ -206,7 +206,7 @@ void mnemonic_to_seed(const char *mnemonic, const char *passphrase, uint8_t seed memcpy(salt, "mnemonic", 8); memcpy(salt + 8, passphrase, passphraselen); static CONFIDENTIAL PBKDF2_HMAC_SHA512_CTX pctx; - pbkdf2_hmac_sha512_Init(&pctx, (const uint8_t *)mnemonic, strlen(mnemonic), salt, passphraselen + 8, 1); + pbkdf2_hmac_sha512_Init(&pctx, (const uint8_t *)mnemonic, mnemoniclen, salt, passphraselen + 8, 1); if (progress_callback) { progress_callback(0, BIP39_PBKDF2_ROUNDS); } diff --git a/bip39.h b/bip39.h index 1020d05f3a..ac76101d71 100644 --- a/bip39.h +++ b/bip39.h @@ -36,7 +36,7 @@ int mnemonic_check(const char *mnemonic); int mnemonic_to_entropy(const char *mnemonic, uint8_t *entropy); -// passphrase must be at most 256 characters or code may crash +// passphrase must be at most 256 characters otherwise it would be truncated void mnemonic_to_seed(const char *mnemonic, const char *passphrase, uint8_t seed[512 / 8], void (*progress_callback)(uint32_t current, uint32_t total)); const char * const *mnemonic_wordlist(void);