"crypto/subtle"
"errors"
"fmt"
- "golang.org/x/crypto/blowfish"
"io"
"strconv"
+
+ "golang.org/x/crypto/blowfish"
)
const (
}
func expensiveBlowfishSetup(key []byte, cost uint32, salt []byte) (*blowfish.Cipher, error) {
-
csalt, err := base64Decode(salt)
if err != nil {
return nil, err
// Bug compatibility with C bcrypt implementations. They use the trailing
// NULL in the key string during expansion.
- ckey := append(key, 0)
+ // We copy the key to prevent changing the underlying array.
+ ckey := append(key[:len(key):len(key)], 0)
c, err := blowfish.NewSaltedCipher(ckey, csalt)
if err != nil {