2 files changed, 22 insertions, 16 deletions

diff --git a/src/passhash/bcrypt/bcrypt.cpp b/src/passhash/bcrypt/bcrypt.cpp
index bb2e9095a..eeb99399f 100644
--- a/src/passhash/bcrypt/bcrypt.cpp
+++ b/src/passhash/bcrypt/bcrypt.cpp
@@ -54,7 +54,7 @@ std::string bcrypt_base64_encode(const byte input[], size_t length)
    return b64;
    }
 
-MemoryVector<byte> bcrypt_base64_decode(std::string input)
+std::vector<byte> bcrypt_base64_decode(std::string input)
    {
    const byte OPENBSD_BASE64_SUB[256] = {
       0x00, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80,
@@ -84,11 +84,11 @@ MemoryVector<byte> bcrypt_base64_decode(std::string input)
    for(size_t i = 0; i != input.size(); ++i)
       input[i] = OPENBSD_BASE64_SUB[static_cast<byte>(input[i])];
 
-   return base64_decode(input);
+   return unlock(base64_decode(input));
    }
 
 std::string make_bcrypt(const std::string& pass,
-                        const MemoryRegion<byte>& salt,
+                        const std::vector<byte>& salt,
                         u16bit work_factor)
    {
    const byte magic[24] = {
@@ -97,14 +97,14 @@ std::string make_bcrypt(const std::string& pass,
       0x63, 0x72, 0x79, 0x44, 0x6F, 0x75, 0x62, 0x74
    };
 
-   MemoryVector<byte> ctext(magic, 24);
+   std::vector<byte> ctext(magic, magic + sizeof(magic));
 
    Blowfish blowfish;
 
    // Include the trailing NULL byte
    blowfish.eks_key_schedule(reinterpret_cast<const byte*>(pass.c_str()),
                              pass.length() + 1,
-                             salt,
+                             &salt[0],
                              work_factor);
 
    for(size_t i = 0; i != 64; ++i)
@@ -112,8 +112,13 @@ std::string make_bcrypt(const std::string& pass,
 
    std::string salt_b64 = bcrypt_base64_encode(&salt[0], salt.size());
 
-   return "$2a$" + to_string(work_factor, 2) + "$" + salt_b64.substr(0, 22) +
-             bcrypt_base64_encode(&ctext[0], ctext.size() - 1);
+   std::string work_factor_str = std::to_string(work_factor);
+   if(work_factor_str.length() == 1)
+      work_factor_str = "0" + work_factor_str;
+
+   return "$2a$" + work_factor_str +
+          "$" + salt_b64.substr(0, 22) +
+          bcrypt_base64_encode(&ctext[0], ctext.size() - 1);
    }
 
 }
@@ -122,7 +127,7 @@ std::string generate_bcrypt(const std::string& pass,
                             RandomNumberGenerator& rng,
                             u16bit work_factor)
    {
-   return make_bcrypt(pass, rng.random_vec(16), work_factor);
+   return make_bcrypt(pass, unlock(rng.random_vec(16)), work_factor);
    }
 
 bool check_bcrypt(const std::string& pass, const std::string& hash)
@@ -136,7 +141,7 @@ bool check_bcrypt(const std::string& pass, const std::string& hash)
 
    const u16bit workfactor = to_u32bit(hash.substr(4, 2));
 
-   MemoryVector<byte> salt = bcrypt_base64_decode(hash.substr(7, 22));
+   std::vector<byte> salt = bcrypt_base64_decode(hash.substr(7, 22));
 
    const std::string compare = make_bcrypt(pass, salt, workfactor);
 
diff --git a/src/passhash/passhash9/passhash9.cpp b/src/passhash/passhash9/passhash9.cpp
index e1e37da1e..af7ed761b 100644
--- a/src/passhash/passhash9/passhash9.cpp
+++ b/src/passhash/passhash9/passhash9.cpp
@@ -40,7 +40,7 @@ MessageAuthenticationCode* get_pbkdf_prf(byte alg_id)
       }
    catch(Algorithm_Not_Found) {}
 
-   return 0;
+   return nullptr;
    }
 
 }
@@ -53,17 +53,18 @@ std::string generate_passhash9(const std::string& pass,
    MessageAuthenticationCode* prf = get_pbkdf_prf(alg_id);
 
    if(!prf)
-      throw Invalid_Argument("Passhash9: Algorithm id " + to_string(alg_id) +
+      throw Invalid_Argument("Passhash9: Algorithm id " +
+                             std::to_string(alg_id) +
                              " is not defined");
 
    PKCS5_PBKDF2 kdf(prf); // takes ownership of pointer
 
-   SecureVector<byte> salt(SALT_BYTES);
+   secure_vector<byte> salt(SALT_BYTES);
    rng.randomize(&salt[0], salt.size());
 
    const size_t kdf_iterations = WORK_FACTOR_SCALE * work_factor;
 
-   SecureVector<byte> pbkdf2_output =
+   secure_vector<byte> pbkdf2_output =
       kdf.derive_key(PASSHASH9_PBKDF_OUTPUT_LEN,
                      pass,
                      &salt[0], salt.size(),
@@ -104,7 +105,7 @@ bool check_passhash9(const std::string& pass, const std::string& hash)
    pipe.write(hash.c_str() + MAGIC_PREFIX.size());
    pipe.end_msg();
 
-   SecureVector<byte> bin = pipe.read_all();
+   secure_vector<byte> bin = pipe.read_all();
 
    if(bin.size() != BINARY_LENGTH)
       return false;
@@ -119,12 +120,12 @@ bool check_passhash9(const std::string& pass, const std::string& hash)
 
    MessageAuthenticationCode* pbkdf_prf = get_pbkdf_prf(alg_id);
 
-   if(pbkdf_prf == 0)
+   if(!pbkdf_prf)
       return false; // unknown algorithm, reject
 
    PKCS5_PBKDF2 kdf(pbkdf_prf); // takes ownership of pointer
 
-   SecureVector<byte> cmp = kdf.derive_key(
+   secure_vector<byte> cmp = kdf.derive_key(
       PASSHASH9_PBKDF_OUTPUT_LEN,
       pass,
       &bin[ALGID_BYTES + WORKFACTOR_BYTES], SALT_BYTES,