Attempt to find the root cause of the BCrypt memory leak.

Author: MHumm

Source/DECFormat.pas

@@ -1950,7 +1950,7 @@ class function TFormat_BCryptBSD.CharTableBinary: TBytes;
              $30, $31, $32, $33, $34, $35, $36, $37, $38, $39];
 end;
 
-class procedure TFormat_BCryptBSD.DoDecode(const Source; 
+class procedure TFormat_BCryptBSD.DoDecode(const Source;
                                            var Dest: TBytes;
                                            Size: Integer);
 const
@@ -1962,55 +1962,55 @@ class procedure TFormat_BCryptBSD.DoDecode(const Source;
         -1,  2,  3,  4,  5,  6,  7,  8,  9, 10, 11, 12, 13, 14, 15, 16,
         17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, -1, -1, -1, -1, -1,
         -1, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42,
-        43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, -1, -1, -1, -1, -1);  
+        43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, -1, -1, -1, -1, -1);
 
 var
-  Src : PByte;        
+  Src : PByte;
   c1, c2, c3, c4: Integer;
 
   function GetNextByte: integer;
   var
     b: UInt8;
   begin
     Result := -1;
-    if (Size > 0) then 
+    if (Size > 0) then
     begin
       b := Src^;
       Inc(Src);
       Dec(Size);
-      if (b < 128) then 
+      if (b < 128) then
         Result := BT[b];
     end;
-  end;        
+  end;
 
   procedure SetNextByte(b: Integer);
     {-Put next byte into pdest if LA<ldest, inc LA and pdest}
   begin
-    Dest := Dest + [byte(b and $ff)]
+    Dest := Dest + [byte(b and $ff)];
   end;
-    
+
 begin
   Src := @Source;
 
-  if (Src = nil) or (Size < 1) then 
+  if (Src = nil) or (Size < 1) then
     exit;
-  
-  while Size > 0 do 
+
+  while Size > 0 do
   begin
-    c1 := GetNextByte; 
+    c1 := GetNextByte;
     if (c1 < 0) then exit;
-    c2 := GetNextByte; 
+    c2 := GetNextByte;
     if (c2 < 0) then exit;
     SetNextByte(((c1 and $3f) shl 2) or (c2 shr 4));
 
-    c3 := GetNextByte; 
+    c3 := GetNextByte;
     if (c3 < 0) then exit;
     SetNextByte(((c2 and $0f) shl 4) or (c3 shr 2));
 
-    c4 := GetNextByte; 
+    c4 := GetNextByte;
     if (c4 < 0) then exit;
     SetNextByte(((c3 and $03) shl 6) or c4);
-  end;  
+  end;
 end;
 
 class procedure TFormat_BCryptBSD.DoEncode(const Source;

Source/DECHash.pas

@@ -5197,15 +5197,26 @@ class function THash_BCrypt.GetCryptHash(
                               Format         : TDECFormatClass): string;
 var
   Hash : THash_BCrypt;
+  B: TBytes;
 begin
   Hash := THash_BCrypt.Create;
   try
     Hash.Cost := StrToInt(string(Params));
     Hash.Salt := Salt;
 
     // BCrypt leaves off the $ in front of the actual password hash value
-    Result := TEncoding.ASCII.GetString(
-                Format.Encode(Hash.CalcBytes(TEncoding.UTF8.GetBytes(Password))));
+//    Result := TEncoding.ASCII.GetString(//Hash.CalcBytes(TEncoding.UTF8.GetBytes(Password)));
+//                Format.Encode(Hash.CalcBytes(TEncoding.UTF8.GetBytes(Password))));
+
+//    b:= TEncoding.UTF8.GetBytes(Password);
+
+//    b := Format.Encode([85, 126, 148, 243, 75, 242, 134, 232, 113, 154, 38, 190, 148, 172, 30, 22, 217, 94, 249, 248, 25, 222, 224]);
+    b := Hash.CalcBytes(b));
+
+
+    Result := TEncoding.ASCII.GetString(b);
+//               [85, 126, 148, 243, 75, 242, 134, 232, 113, 154, 38, 190, 148, 172, 30, 22, 217, 94, 249, 248, 25, 222, 224];
+//                //Hash.CalcBytes(TEncoding.UTF8.GetBytes(Password))));
   finally
     Hash.Free;
   end;
@@ -5309,7 +5320,7 @@ procedure THash_BCrypt.DoInit;
 procedure THash_BCrypt.DoTransform(Buffer: PUInt32Array);
 begin
   // Empty on purpose, as bcrypt needs to know the input length. Thus calculation
-  // is done directly in CalcBuffer.
+  // is done directly in method Calc.
 end;
 
 class function THash_BCrypt.MaxCost: UInt8;

Source/DECHashAuthentication.pas

@@ -792,7 +792,7 @@   TDECPasswordHash = class(TDECHashAuthentication)
     ///   128 bit has been specified.
     /// </exception>
     class function GetDigestInCryptFormat(
-                     const Password : RawByteString;
+                     const Password : string;
                      const Params   : string;
                      const Salt     : string;
                      SaltIsRaw      : Boolean;
@@ -1480,6 +1480,10 @@ procedure TDECPasswordHash.SetSalt(const Value: TBytes);
   if (Length(Value) < MinSaltLength) then
     raise EDECHashException.CreateFmt(sSaltValueTooShort, [MinSaltLength]);
 
+//// Angeblich verursacht das hier das Speicherleck?!
+//  SetLength(FSalt, Length(Value));
+//  if (Length(Value) > 0) then
+//    Move(Value[0], FSalt[0], Length(Value));
   FSalt := Value;
 end;
 
@@ -1551,7 +1555,7 @@ class function TDECPasswordHash.GetCryptHash(
 end;
 
 class function TDECPasswordHash.GetDigestInCryptFormat(
-                                  const Password : RawByteString;
+                                  const Password : string;
                                   const Params   : string;
                                   const Salt     : string;
                                   SaltIsRaw      : Boolean;
@@ -1569,12 +1573,19 @@ class function TDECPasswordHash.GetDigestInCryptFormat(
     if SaltIsRaw then
       SaltBytes := TEncoding.UTF8.GetBytes(Salt)
     else
-      SaltBytes := Format.Decode(TEncoding.UTF8.GetBytes(Salt));
+      SaltBytes := [20, 75, 61, 105, 26, 123, 78, 207, 57, 207, 115, 92, 127, 167, 167, 156]; //Format.Decode(TEncoding.UTF8.GetBytes(Salt));
+
+// Mal noch mehr mocken um einzugrenzen welche Nutzung von Salt das Leck verursacht
+//    Result := Result + GetCryptParams(Params, Format) +
+//                       GetCryptSalt(SaltBytes, Format) +
+//                       GetCryptHash(Password, Params, SaltBytes, Format);
 
     Result := Result + GetCryptParams(Params, Format) +
                        GetCryptSalt(SaltBytes, Format) +
                        GetCryptHash(Password, Params, SaltBytes, Format);
   end;
+
+  SetLength(SaltBytes, 0);
 end;
 
 end.

Unit Tests/Tests/TestDECHash.pas

@@ -672,7 +672,7 @@   TestTHash_BCrypt = class(THash_TestPasswordBase)
     type
       // Extract only the interesting parts
       TBCryptBSDTestData = record
-        Salt     : RawByteString;
+        Salt     : string;
         Cost     : UInt8;
       end;
 
@@ -6302,7 +6302,7 @@ function TestTHash_BCrypt.SplitTestVector(Vector: string): TBCryptBSDTestData;
 begin
   Parts := Vector.Split(['$'], TStringSplitOptions.ExcludeEmpty);
   Result.Cost := Copy(Parts[1], Low(Parts[1]), Length(Parts[1])).ToInteger;
-  Result.Salt := RawByteString(Copy(Parts[2], Low(Parts[2]), 22));
+  Result.Salt := Copy(Parts[2], Low(Parts[2]), 22);
 end;
 
 procedure TestTHash_BCrypt.TestBlockSize;
@@ -6365,11 +6365,12 @@   TPair = record
   i         : Integer;
   SplitData : TBCryptBSDTestData;
 begin
-  for i := Low(TestData) to High(TestData) do
+  for i := Low(TestData) to 1 do //High(TestData) do
   begin
     SplitData := SplitTestVector(TestData[i].bs);
+// Fix memory leaks we get
     Result := string(THash_BCrypt.GetDigestInCryptFormat(
-                                    RawByteString(Passwords[TestData[i].pn]),
+                                    Passwords[TestData[i].pn],
                                     SplitData.Cost.ToString,
                                     SplitData.Salt,
                                     False,