SHA1 passwords: initialize the context before salting

author Jeffrey Hutzelman <jhutz@cmu.edu>

Tue, 15 Jan 2008 03:34:08 +0000 (22:34 -0500)

committer H. Peter Anvin <hpa@zytor.com>

Tue, 15 Jan 2008 03:34:08 +0000 (22:34 -0500)
author Jeffrey Hutzelman <jhutz@cmu.edu>
Tue, 15 Jan 2008 03:34:08 +0000 (22:34 -0500)
committer H. Peter Anvin <hpa@zytor.com>
Tue, 15 Jan 2008 03:34:08 +0000 (22:34 -0500)
diff --git a/com32/modules/menumain.c b/com32/modules/menumain.c

index 8c8b91e..fad49a2 100644 (file)
--- a/com32/modules/menumain.c
+++ b/com32/modules/menumain.c
@@ -299,6 +299,8 @@ static int passwd_compare_sha1(const char *passwd, const char *entry)
    SHA1_CTX ctx;
    unsigned char sha1[20], pwdsha1[20];
  
+  SHA1Init(&ctx);
+
    if ( (p = strchr(passwd+3, '$')) ) {
      SHA1Update(&ctx, (void *)passwd+3, p-(passwd+3));
      p++;
@@ -306,8 +308,6 @@ static int passwd_compare_sha1(const char *passwd, const char *entry)
      p = passwd+3;              /* Assume no salt */
    }
  
-  SHA1Init(&ctx);
-
    SHA1Update(&ctx, (void *)entry, strlen(entry));
    SHA1Final(sha1, &ctx);
author	Jeffrey Hutzelman <jhutz@cmu.edu>
	Tue, 15 Jan 2008 03:34:08 +0000 (22:34 -0500)
committer	H. Peter Anvin <hpa@zytor.com>
	Tue, 15 Jan 2008 03:34:08 +0000 (22:34 -0500)