diff options
| author | Zack Weinberg <zackw@panix.com> | 2017-10-03 17:53:56 -0400 |
|---|---|---|
| committer | Zack Weinberg <zackw@panix.com> | 2017-10-03 17:53:56 -0400 |
| commit | cbdf27e254b0a113f0bea87071177f083e3f2545 (patch) | |
| tree | 3711ae1ff6e1c25ae79f15404297f53d599a202e /test-gensalt.c | |
| parent | 85cac94a8de9e5f260c7ac38076c8e332e0fd63a (diff) | |
| download | libxcrypt-cbdf27e254b0a113f0bea87071177f083e3f2545.tar.gz libxcrypt-cbdf27e254b0a113f0bea87071177f083e3f2545.tar.bz2 libxcrypt-cbdf27e254b0a113f0bea87071177f083e3f2545.zip | |
Fix bugs in MD5, SHA256, and SHA512 setting-string generation.
Namely:
+ The SHA256 and SHA512 crypt algorithms accept up to 16 bytes of
salt, but crypt_gensalt* would only emit 4 or 8 bytes of salt, even
if more randomness was available.
+ MD5 does not have an adjustable number of rounds, but for
consistency with all the other algorithms, crypt_gensalt* should
accept a count parameter equal to either 0 or the actual fixed
number of rounds that it uses (1000).
+ For SHA256 and SHA512, compute the required output size up-front
rather than relying on snprintf and thus clobbering the buffer when
there might not have been enough space.
In addition, crypt-gensalt.c now only contains a helper function;
all of the gensalt_* algorithm entry points are moved to their
respective modules. (This is actually necessary in order to gain
access to some internal #defines for MD5/SHA256/SHA512.)
* crypt-gensalt.c (gensalt_sha_rn): No longer static.
Add more parameters: maxsalt, defcount, mincount, maxcount.
Compute minimum output length upfront and do not overwrite
the output buffer if there isn't enough space. Allow arbitrarily
long salt strings in the output (up to maxsalt).
(gensalt_des_trd_rn, gensalt_des_xbsd_rn): Move to crypt-des.c.
Use that file's base64 table ("ascii64" instead of "_xcrypt_itoa64").
(gensalt_md5_rn): Move to crypt-md5.c; replace body with a call to
gensalt_sha_rn.
(gensalt_sha256_rn): Move to crypt-sha256.c; add new parameters to
gensalt_sha_rn call.
(gensalt_sha256_rn): Move to crypt-sha512.c; add new parameters to
gensalt_sha_rn call.
* crypt-port.h: Add gensalt_sha_rn to renames list.
* crypt-private.h: Declare gensalt_sha_rn.
* test-gensalt.c: Expect 16-character salts from SHA-{256,512}.
Diffstat (limited to 'test-gensalt.c')
| -rw-r--r-- | test-gensalt.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/test-gensalt.c b/test-gensalt.c index f932cad..7742a60 100644 --- a/test-gensalt.c +++ b/test-gensalt.c @@ -25,8 +25,8 @@ static const struct testcase testcases[] = { { "_", 9 }, // BSDi extended DES { "$1$", 11 }, // MD5 #endif - { "$5$", 11 }, // SHA-2-256 - { "$6$", 11 }, // SHA-2-512 + { "$5$", 19 }, // SHA-2-256 + { "$6$", 19 }, // SHA-2-512 { "$2a$", 29 }, // bcrypt mode A { "$2b$", 29 }, // bcrypt mode B { "$2x$", 29 }, // bcrypt mode X |