diff options
| author | Zack Weinberg <zackw@panix.com> | 2018-11-10 20:28:38 -0500 |
|---|---|---|
| committer | Zack Weinberg <zackw@panix.com> | 2018-11-10 20:28:38 -0500 |
| commit | ea4d762cab0649dcbdac2de19dcc49dcc89c009d (patch) | |
| tree | 00aaec93293e410afd15dda5f188be9e2226dd0d /Makefile.am | |
| parent | b7e29dcc2758ba6fba9a1f8ffe1fbe71a2f55935 (diff) | |
| download | libxcrypt-ea4d762cab0649dcbdac2de19dcc49dcc89c009d.tar.gz libxcrypt-ea4d762cab0649dcbdac2de19dcc49dcc89c009d.tar.bz2 libxcrypt-ea4d762cab0649dcbdac2de19dcc49dcc89c009d.zip | |
New test: crypt_gensalt should look only at the prefix.
For quite some time there’s been a chunk of code at the end of
test-gensalt.c labeled
/* FIXME: This test is a little too specific. It used to be in
test-bcrypt.c and I'm not sure what it's meant to be testing. */
I finally figured out what the point of this code is, which means I
can generalize it from $2a$-variant bcrypt to all hashing methods.
It’s testing that, when you supply a full setting string (or even a
full hashed passphrase) as the “prefix” argument to crypt_gensalt,
crypt_gensalt does not use any information from that string other than
the method-selection prefix. (For instance, if you give it "$2a$05"
but a cost of 12, you should get back a string beginning "$2a$12".)
I wasn’t expecting the generalized test to detect any bugs, because in
libxcrypt, individual hashing methods’ gensalt procedures don’t get to
see the “prefix” string at all. But it did! Turns out the salt
generation for NTHASH fails to NUL-terminate its output properly and
we never noticed till now (mostly because nobody uses that thing, I
hope). So that’s fixed and there’s extra code in the new test to make
sure we notice if the same mistake ever pops up again in the future.
Diffstat (limited to 'Makefile.am')
| -rw-r--r-- | Makefile.am | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/Makefile.am b/Makefile.am index fa41938..0eecf0f 100644 --- a/Makefile.am +++ b/Makefile.am @@ -180,6 +180,7 @@ check_PROGRAMS = \ test-crypt-pbkdf1-sha1 test-crypt-scrypt test-crypt-sha256 \ test-crypt-sha512 test-crypt-sunmd5 test-crypt-yescrypt \ test-byteorder test-badsalt test-badsetting test-gensalt \ + test-gensalt-extradata \ test-crypt-badargs test-short-outbuf test-compile-strong-alias \ test-getrandom-interface test-getrandom-fallbacks @@ -225,6 +226,7 @@ test_crypt_yescrypt_LDADD = crypt-common.lo libcrypt.la test_badsalt_LDADD = crypt-common.lo libcrypt.la test_badsetting_LDADD = crypt-common.lo libcrypt.la test_gensalt_LDADD = crypt-common.lo libcrypt.la +test_gensalt_extradata_LDADD = crypt-common.lo libcrypt.la test_checksalt_LDADD = crypt-common.lo libcrypt.la test_des_obsolete_LDADD = crypt-common.lo libcrypt.la test_des_obsolete_r_LDADD = crypt-common.lo libcrypt.la |