There is a signedness bug in Openwall gen_salt code that pgcrypto uses.

This makes the salt space for md5 and xdes algorithms a lot smaller than
it should be.

Marko Kreen

contrib/pgcrypto/crypt-gensalt.c

@@ -62,9 +62,9 @@ _crypt_gensalt_extended_rn(unsigned long count,
 	output[2] = _crypt_itoa64[(count >> 6) & 0x3f];
 	output[3] = _crypt_itoa64[(count >> 12) & 0x3f];
 	output[4] = _crypt_itoa64[(count >> 18) & 0x3f];
-	value = (unsigned long) input[0] |
-		((unsigned long) input[1] << 8) |
-		((unsigned long) input[2] << 16);
+	value = (unsigned long)(unsigned char) input[0] |
+		((unsigned long)(unsigned char) input[1] << 8) |
+		((unsigned long)(unsigned char) input[2] << 16);
 	output[5] = _crypt_itoa64[value & 0x3f];
 	output[6] = _crypt_itoa64[(value >> 6) & 0x3f];
 	output[7] = _crypt_itoa64[(value >> 12) & 0x3f];
@@ -90,9 +90,9 @@ _crypt_gensalt_md5_rn(unsigned long count,
 	output[0] = '$';
 	output[1] = '1';
 	output[2] = '$';
-	value = (unsigned long) input[0] |
-		((unsigned long) input[1] << 8) |
-		((unsigned long) input[2] << 16);
+	value = (unsigned long)(unsigned char) input[0] |
+		((unsigned long)(unsigned char) input[1] << 8) |
+		((unsigned long)(unsigned char) input[2] << 16);
 	output[3] = _crypt_itoa64[value & 0x3f];
 	output[4] = _crypt_itoa64[(value >> 6) & 0x3f];
 	output[5] = _crypt_itoa64[(value >> 12) & 0x3f];
@@ -101,9 +101,9 @@ _crypt_gensalt_md5_rn(unsigned long count,
 
 	if (size >= 6 && output_size >= 3 + 4 + 4 + 1)
 	{
-		value = (unsigned long) input[3] |
-			((unsigned long) input[4] << 8) |
-			((unsigned long) input[5] << 16);
+		value = (unsigned long)(unsigned char) input[3] |
+			((unsigned long)(unsigned char) input[4] << 8) |
+			((unsigned long)(unsigned char) input[5] << 16);
 		output[7] = _crypt_itoa64[value & 0x3f];
 		output[8] = _crypt_itoa64[(value >> 6) & 0x3f];
 		output[9] = _crypt_itoa64[(value >> 12) & 0x3f];