From: Felix Dörre <felix@dogcraft.de>
Date: Sat, 28 Feb 2015 22:10:48 +0000 (+0100)
Subject: Guard division by zero in SCrypt verification.
X-Git-Url: https://code.wpia.club/?p=gigi.git;a=commitdiff_plain;h=feb2865e64c20c40d1953f0d0cbc272a7723462e

Guard division by zero in SCrypt verification.
---

diff --git a/lib/scrypt/com/lambdaworks/crypto/SCrypt.java b/lib/scrypt/com/lambdaworks/crypto/SCrypt.java
index 9b212973..f2e97897 100644
--- a/lib/scrypt/com/lambdaworks/crypto/SCrypt.java
+++ b/lib/scrypt/com/lambdaworks/crypto/SCrypt.java
@@ -103,6 +103,12 @@ public class SCrypt {
         if (N < 2 || (N & (N - 1)) != 0) {
             throw new IllegalArgumentException("N must be a power of 2 greater than 1");
         }
+        if (r <= 0) {
+            throw new IllegalArgumentException("Parameter r zero or negative");
+        }
+        if (p <= 0) {
+            throw new IllegalArgumentException("Parameter p zero or negative");
+        }
 
         if (N > MAX_VALUE / 128 / r) {
             throw new IllegalArgumentException("Parameter N is too large");
diff --git a/lib/scrypt/com/lambdaworks/crypto/SCryptUtil.java b/lib/scrypt/com/lambdaworks/crypto/SCryptUtil.java
index 6d794000..808d69f4 100644
--- a/lib/scrypt/com/lambdaworks/crypto/SCryptUtil.java
+++ b/lib/scrypt/com/lambdaworks/crypto/SCryptUtil.java
@@ -89,6 +89,9 @@ public class SCryptUtil {
             int N = (int) Math.pow(2, params >> 16 & 0xffff);
             int r = (int) params >> 8 & 0xff;
             int p = (int) params & 0xff;
+            if (r == 0 || p == 0) {
+                return false;
+            }
 
             byte[] derived1 = SCrypt.scrypt(passwd.getBytes("UTF-8"), salt, N, r, p, 32);