Browse Source

Consistent length of encrypted password

(cherry picked from commit 376f4fa84ba8a2f28f3e46766f2f97be50faf3e7)

Source commit: e447aa7091e1e3979db99ec719b62a6f3924abd9
Martin Prikryl 4 years ago
parent
commit
c0c734ae89
1 changed files with 6 additions and 3 deletions
  1. 6 3
      source/core/Security.cpp

+ 6 - 3
source/core/Security.cpp

@@ -39,12 +39,10 @@ RawByteString EncryptPassword(UnicodeString UnicodePassword, UnicodeString Unico
   UTF8String Key = UnicodeKey;
 
   RawByteString Result("");
-  int Shift, Index;
+  int Index;
 
   if (!RandSeed) Randomize();
   Password = Key + Password;
-  Shift = (Password.Length() < PWALG_SIMPLE_MAXLEN) ?
-    (unsigned char)random(PWALG_SIMPLE_MAXLEN - Password.Length()) : 0;
   Result += SimpleEncryptChar((unsigned char)PWALG_SIMPLE_FLAG); // Flag
   int Len = Password.Length();
   if (Len > std::numeric_limits<unsigned char>::max())
@@ -58,6 +56,11 @@ RawByteString EncryptPassword(UnicodeString UnicodePassword, UnicodeString Unico
     Result += SimpleEncryptChar((unsigned char)PWALG_SIMPLE_INTERNAL);
     Result += SimpleEncryptChar((unsigned char)Len);
   }
+  int DataLen =
+    (Result.Length() / 2) +
+    1 + // Shift
+    Password.Length();
+  int Shift = (DataLen < PWALG_SIMPLE_MAXLEN) ? random(PWALG_SIMPLE_MAXLEN - DataLen) : 0;
   Result += SimpleEncryptChar((unsigned char)Shift);
   for (Index = 0; Index < Shift; Index++)
     Result += SimpleEncryptChar((unsigned char)random(256));