forked from github/server
generate a good-ish salt
This commit is contained in:
parent
8d05f4cc25
commit
6c80bc52b5
1 changed files with 34 additions and 3 deletions
|
@ -2,23 +2,55 @@
|
||||||
#include "password.h"
|
#include "password.h"
|
||||||
|
|
||||||
#include <md5.h>
|
#include <md5.h>
|
||||||
|
#include <mtrand.h>
|
||||||
|
|
||||||
#include <assert.h>
|
#include <assert.h>
|
||||||
#include <string.h>
|
#include <string.h>
|
||||||
#include <stdio.h>
|
#include <stdio.h>
|
||||||
|
|
||||||
#define MAXSALTLEN 32 // maximum length in characters of any salt
|
#define MAXSALTLEN 32 // maximum length in characters of any salt
|
||||||
|
#define SALTLEN 8 // length of salts we generate
|
||||||
|
|
||||||
|
/* Table with characters for base64 transformation. */
|
||||||
|
static const char b64t[65] =
|
||||||
|
"./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
|
||||||
|
|
||||||
|
#define b64_from_24bit(B2, B1, B0, N) \
|
||||||
|
do { \
|
||||||
|
unsigned int w = ((B2) << 16) | ((B1) << 8) | (B0); \
|
||||||
|
int n = (N); \
|
||||||
|
while (n-- > 0 && buflen > 0) \
|
||||||
|
{ \
|
||||||
|
*cp++ = b64t[w & 0x3f]; \
|
||||||
|
--buflen; \
|
||||||
|
w >>= 6; \
|
||||||
|
} \
|
||||||
|
} while (0)
|
||||||
|
|
||||||
|
|
||||||
|
char *password_gensalt(void) {
|
||||||
|
static char salt[SALTLEN + 1];
|
||||||
|
char *cp = salt;
|
||||||
|
int buflen = SALTLEN;
|
||||||
|
while (buflen) {
|
||||||
|
unsigned long ul = genrand_int32();
|
||||||
|
b64_from_24bit(ul & 0xFF, (ul>>8)&0xff, (ul>>16)&0xFF, 4);
|
||||||
|
}
|
||||||
|
salt[SALTLEN] = 0;
|
||||||
|
return salt;
|
||||||
|
}
|
||||||
|
|
||||||
static const char * password_hash_i(const char * passwd, const char *salt, int algo, char *result, size_t len) {
|
static const char * password_hash_i(const char * passwd, const char *salt, int algo, char *result, size_t len) {
|
||||||
assert(passwd);
|
assert(passwd);
|
||||||
assert(salt);
|
if (!salt) {
|
||||||
|
salt = password_gensalt();
|
||||||
|
}
|
||||||
if (algo==PASSWORD_PLAIN) {
|
if (algo==PASSWORD_PLAIN) {
|
||||||
_snprintf(result, len, "$0$%s$%s", salt, passwd);
|
_snprintf(result, len, "$0$%s$%s", salt, passwd);
|
||||||
}
|
}
|
||||||
else if (algo == PASSWORD_MD5) {
|
else if (algo == PASSWORD_MD5) {
|
||||||
char * result = md5_crypt(passwd, salt);
|
char * result = md5_crypt(passwd, salt);
|
||||||
return result;
|
return result;
|
||||||
// _snprintf(result, len, "$1$%s$%s", salt, digest); // FIXME: need to build a hex string first!
|
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
return NULL;
|
return NULL;
|
||||||
|
@ -28,7 +60,6 @@ static const char * password_hash_i(const char * passwd, const char *salt, int a
|
||||||
|
|
||||||
const char * password_hash(const char * passwd, const char * salt, int algo) {
|
const char * password_hash(const char * passwd, const char * salt, int algo) {
|
||||||
static char result[64]; // TODO: static result buffers are bad mojo!
|
static char result[64]; // TODO: static result buffers are bad mojo!
|
||||||
if (!salt) salt = "saltyass"; // FIXME: generate a secure salt!
|
|
||||||
if (algo < 0) algo = PASSWORD_DEFAULT;
|
if (algo < 0) algo = PASSWORD_DEFAULT;
|
||||||
return password_hash_i(passwd, salt, algo, result, sizeof(result));
|
return password_hash_i(passwd, salt, algo, result, sizeof(result));
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue