Marc
/
server
forked from github/server
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

add some WIN32 workarounds, tests

This commit is contained in:
Enno Rehling 2018-09-26 18:43:30 +02:00
parent 21e54e0933
commit 3c50a4260b
3 changed files with 29 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
src/util/crypto/bcrypt.c
View File

@ -15,14 +15,21 @@
#include <sys/types.h> #include <sys/types.h>
#include <sys/stat.h> #include <sys/stat.h>
#include <fcntl.h> #include <fcntl.h>
#include <unistd.h>
#include <errno.h> #include <errno.h>
#ifdef WIN32
#include <windows.h>
#include <bcrypt.h>
#else
#include <unistd.h>
#endif
#include "bcrypt.h" #include "bcrypt.h"
#include "crypt_blowfish/ow-crypt.h" #include "crypt_blowfish/ow-crypt.h"
#define RANDBYTES (16) #define RANDBYTES (16)
#ifndef WIN32
static int try_close(int fd) static int try_close(int fd)
{ {
int ret; int ret;
@ -60,7 +67,7 @@ static int try_read(int fd, char *out, size_t count)
return 0; return 0;
} }
#endif
/* /*
* This is a best effort implementation. Nothing prevents a compiler from * This is a best effort implementation. Nothing prevents a compiler from
* optimizing this function and making it vulnerable to timing attacks, but * optimizing this function and making it vulnerable to timing attacks, but
@ -96,12 +103,15 @@ static int timing_safe_strcmp(const char *str1, const char *str2)
int bcrypt_gensalt(int factor, char salt[BCRYPT_HASHSIZE]) int bcrypt_gensalt(int factor, char salt[BCRYPT_HASHSIZE])
{ {
int fd;
char input[RANDBYTES]; char input[RANDBYTES];
int workf; int workf;
char *aux; char *aux;
fd = open("/dev/urandom", O_RDONLY); #ifdef WIN32
BCryptGenRandom(NULL, input, RANDBYTES, BCRYPT_USE_SYSTEM_PREFERRED_RNG);
#else
int fd;
fd = open("/dev/urandom", O_RDONLY);
if (fd == -1) if (fd == -1)
return 1; return 1;
@ -113,7 +123,7 @@ int bcrypt_gensalt(int factor, char salt[BCRYPT_HASHSIZE])
if (try_close(fd) != 0) if (try_close(fd) != 0)
return 3; return 3;
#endif
/* Generate salt. */ /* Generate salt. */
workf = (factor < 4 || factor > 31)?12:factor; workf = (factor < 4 || factor > 31)?12:factor;
aux = crypt_gensalt_rn("$2a$", workf, input, RANDBYTES, aux = crypt_gensalt_rn("$2a$", workf, input, RANDBYTES,

2
src/util/crypto/crypt_blowfish/crypt_blowfish.c
View File

@ -896,7 +896,7 @@ char *_crypt_gensalt_blowfish_rn(const char *prefix, unsigned long count,
output[1] = '2'; output[1] = '2';
output[2] = prefix[2]; output[2] = prefix[2];
output[3] = '$'; output[3] = '$';
output[4] = '0' + count / 10; output[4] = '0' + (char)count / 10;
output[5] = '0' + count % 10; output[5] = '0' + count % 10;
output[6] = '$'; output[6] = '$';

20
src/util/password.test.c
View File

@ -4,17 +4,23 @@
#include <string.h> #include <string.h>
static void test_passwords(CuTest *tc) { static void test_passwords(CuTest *tc) {
const char *hash, *expect; const char *hash;
expect = "password"; if (password_is_implemented(PASSWORD_BCRYPT)) {
hash = password_encode("password", PASSWORD_BCRYPT);
CuAssertPtrNotNull(tc, hash);
CuAssertIntEquals(tc, '$', hash[0]);
CuAssertIntEquals(tc, '2', hash[1]);
CuAssertIntEquals(tc, '$', hash[3]);
CuAssertIntEquals(tc, VERIFY_OK, password_verify(hash, "password"));
CuAssertIntEquals(tc, VERIFY_FAIL, password_verify(hash, "arseword"));
}
if (password_is_implemented(PASSWORD_PLAINTEXT)) { if (password_is_implemented(PASSWORD_PLAINTEXT)) {
hash = password_encode("password", PASSWORD_PLAINTEXT); hash = password_encode("password", PASSWORD_PLAINTEXT);
CuAssertPtrNotNull(tc, hash); CuAssertPtrNotNull(tc, hash);
CuAssertStrEquals(tc, hash, expect); CuAssertStrEquals(tc, hash, "password");
CuAssertIntEquals(tc, VERIFY_OK, password_verify(expect, "password")); CuAssertIntEquals(tc, VERIFY_OK, password_verify(hash, "password"));
CuAssertIntEquals(tc, VERIFY_FAIL, password_verify(expect, "arseword")); CuAssertIntEquals(tc, VERIFY_FAIL, password_verify(hash, "arseword"));
} else {
CuAssertIntEquals(tc, VERIFY_UNKNOWN, password_verify(expect, "password"));
} }
} }