crypto_pwhash() crashes when `opslimit` is 1 or 2

Question

crypto_pwhash() crashes when `opslimit` is 1 or 2

CindyZhouYH opened this issue 3 years ago · comments

According to the documentation:

opslimit must be between crypto_pwhash_OPSLIMIT_MIN and crypto_pwhash_OPSLIMIT_MAX

I set it to 1, which seems to meet the requirements, but the function returns a none zero value. The same happens when opslimit is 2. Normal results can be obtained when opslimit is greater than or equal to 3.

Are there any special restrictions on this function?

Frank Denis · Answer 1 · Fri Nov 05 2021 18:42:56 GMT+0800 (China Standard Time)

#include <sodium.h>
#include <stdio.h>

int
main(void)
{
    char          hex[32 + 1];
    unsigned char out[16];
    unsigned char salt[crypto_pwhash_SALTBYTES] = { 0 };

    if (sodium_init() != 0) {
        return 1;
    }
    printf("opslimit_min=%llu\n", crypto_pwhash_opslimit_min());
    if (crypto_pwhash(out, sizeof out, "password", sizeof "password" - 1, salt,
                      crypto_pwhash_OPSLIMIT_MIN, crypto_pwhash_MEMLIMIT_MIN,
                      crypto_pwhash_ALG_DEFAULT) != 0) {
        return 1;
    }
    puts(sodium_bin2hex(hex, sizeof hex, out, sizeof out));
    return 0;
}

$ zig cc test.c -lsodium
$ ./a.out

opslimit_min=1
a833aa2e95ef6f83eded7a75761e0dff

crypto_pwhash_OPSLIMIT_* are for the default hash function. If you are using another one, other limits may apply.

The minimum output length is also crypto_pwhash_BYTES_MIN.