go.crypto/blowfish: document that only 16 bytes of salt are used.

Also fix salt expansion code to fill the properly sized array,
since the following code never uses more than 4 uints.

Also remove unused expandedKey array.

R=golang-dev, agl
CC=golang-dev
https://golang.org/cl/6622050

blowfish/block.go

@@ -14,7 +14,7 @@ func ExpandKey(key []byte, c *Cipher) {
 	for i := 0; i < 18; i++ {
 		var d uint32
 		for k := 0; k < 4; k++ {
-			d = d<<8 | uint32(key[j])&0x000000FF
+			d = d<<8 | uint32(key[j])
 			j++
 			if j >= len(key) {
 				j = 0
@@ -53,26 +53,24 @@ func ExpandKey(key []byte, c *Cipher) {
 // and specializing it here is useful.
 func expandKeyWithSalt(key []byte, salt []byte, c *Cipher) {
 	j := 0
-	expandedKey := make([]uint32, 18)
 	for i := 0; i < 18; i++ {
 		var d uint32
 		for k := 0; k < 4; k++ {
-			d = d<<8 | uint32(key[j])&0x000000FF
+			d = d<<8 | uint32(key[j])
 			j++
 			if j >= len(key) {
 				j = 0
 			}
 		}
-		expandedKey[i] = d
 		c.p[i] ^= d
 	}
 
 	j = 0
-	expandedSalt := make([]uint32, 18)
-	for i := 0; i < 18; i++ {
+	var expandedSalt [4]uint32
+	for i := range expandedSalt {
 		var d uint32
 		for k := 0; k < 4; k++ {
-			d = d<<8 | uint32(salt[j])&0x000000FF
+			d = d<<8 | uint32(salt[j])
 			j++
 			if j >= len(salt) {
 				j = 0

blowfish/cipher.go

@@ -41,7 +41,7 @@ func NewCipher(key []byte) (*Cipher, error) {
 // NewSaltedCipher creates a returns a Cipher that folds a salt into its key
 // schedule. For most purposes, NewCipher, instead of NewSaltedCipher, is
 // sufficient and desirable. For bcrypt compatiblity, the key can be over 56
-// bytes.
+// bytes. Only the first 16 bytes of salt are used.
 func NewSaltedCipher(key, salt []byte) (*Cipher, error) {
 	var result Cipher
 	k := len(key)