htpasswd giving errors for work factor ≥ 18

[mhenry07]

Steps to reproduce:

• run this image's htpasswd with a work factor of 18 or higher
  • docker run --rm mhenry07/apache2-utils htpasswd -nbB -C 18 test password

Error message:

htpasswd: Unable to encode with bcrypt: Invalid argument

However, the following works with no problem (work factor of 4 to 17):

• docker run --rm mhenry07/apache2-utils htpasswd -nbB -C 17 test password

The htpasswd documentation claims that it supports work factors between 4 and 31, so it should support 18 to 31, but it's failing for some reason.

[mhenry07]

The documentation appears to be inconsistent with the source, and therefore it appears Apache's implementation of bcrypt does not currently support work factor/cost greater than 17. Therefore this issue won't be fixed for this Docker image without an upstream fix.

Details:

_crypt_gensalt_blowfish_rn in crypt_blowfish.c has a condition which returns an error if count > 17.

Call stack:

• mkrecord in htpasswd.c calls
• mkhash in passwd_common.c calls
• apr_bcrypt_encode in apr_passwd.c calls
• _crypt_gensalt_blowfish_rn in crypt_blowfish.c

[mhenry07]

Apache bug report: https://bz.apache.org/bugzilla/show_bug.cgi?id=62078