pike.git / lib / modules / Crypto.pmod / Password.pmod

version» Context lines:

pike.git/lib/modules/Crypto.pmod/Password.pmod:152:    // Then try our implementations.    sscanf(hash, "$%s$%s$%s", scheme, string salt, string hash);    if( !salt || !hash ) return 0;    int rounds = UNDEFINED;    if (has_prefix(salt, "rounds=")) {    sscanf(salt, "rounds=%d", rounds);    sscanf(hash, "%s$%s", salt, hash);    }    switch(scheme) {    case "1": // crypt_md5 -  return Nettle.crypt_md5(password, salt) == [string(0..255)]hash; +  return Nettle.crypt_md5(password, salt) == [string(0..127)]hash;       case "2": // Blowfish (obsolete)    case "2a": // Blowfish (possibly weak)    case "2x": // Blowfish (weak)    case "2y": // Blowfish (stronger)    break;       case "3": // MD4 NT LANMANAGER (FreeBSD)    break;       // cf http://www.akkadia.org/drepper/SHA-crypt.txt    case "5": // SHA-256    return Crypto.SHA256.crypt_hash(password, salt, rounds) == -  [string(0..255)]hash; +  [string(0..127)]hash;   #if constant(Nettle.SHA512_Info)    case "6": // SHA-512    return Crypto.SHA512.crypt_hash(password, salt, rounds) == -  [string(0..255)]hash; +  [string(0..127)]hash;   #endif    }    break;    }    return 0;   }      //! Generate a hash of @[password] suitable for @[verify()].   //!   //! @param password
pike.git/lib/modules/Crypto.pmod/Password.pmod:258:   //! of @[Nettle] that Pike has been compiled with.   //!   //! @note   //! This function was added in Pike 7.8.755.   //!   //! @seealso   //! @[verify()], @[predef::crypt()], @[Nettle.crypt_md5()],   //! @[Nettle.HashInfo()->crypt_hash()]   string hash(string password, string|void scheme, int|void rounds)   { -  function(string, string, int:string) crypt_hash; +  function(string, string, int:string(0..255)) crypt_hash;    int salt_size = 16;    int default_rounds = 5000;    -  string render_crypt_hash(string scheme, string salt, -  string hash, int rounds) +  // FIXME: salt is string(0..255) since constant strings aren't set +  // to the correct type. +  +  string(0..127) render_crypt_hash(string(0..127) scheme, string(0..255) salt, +  string(0..255) hash, int rounds)    {    if (rounds != default_rounds) {    salt = "rounds=" + rounds + "$" + salt;    }    -  return sprintf("$%s$%s$%s", scheme, salt, hash); +  // We claim this to be a string(0..127) string, even though we add +  // the string(0..256). It will however only be called with the +  // already base64 encoded hashes. +  return [string(0..127)]sprintf("$%s$%s$%s", scheme, salt, hash);    };    -  string render_ldap_hash(string scheme, string salt, -  string hash, int rounds) +  string(0..127) render_ldap_hash(string(0..255) scheme, string(0..255) salt, +  string(0..255) hash, int rounds)    {    if (scheme[0] != '{') scheme = "{" + scheme + "}"; -  return upper_case(scheme) + MIME.encode_base64(hash + salt); +  return [string(0..127)]upper_case(scheme) + MIME.encode_base64(hash + salt);    };    -  function(string, string, string, int:string) render_hash = render_crypt_hash; +  function(string(0..127), string(0..255), string(0..255), int:string(0..127)) render_hash = render_crypt_hash;       switch(lower_case(scheme)) {    case "crypt":    case "{crypt}":    case UNDEFINED:    // FALL_THROUGH   #if constant(Nettle.SHA512_Info)    case "6":    case "$6$":    crypt_hash = Crypto.SHA512.crypt_hash;
pike.git/lib/modules/Crypto.pmod/Password.pmod:340:    render_hash = render_ldap_hash;    break;       default:    error("Unsupported hashing scheme: %O\n", scheme);    }       if (!rounds) rounds = default_rounds;       // NB: The salt must be printable. -  string salt = +  string(0..127) salt =    MIME.encode_base64(Crypto.Random.random_string(salt_size))[..salt_size-1];    -  string hash = crypt_hash(password, salt, rounds); +  string(0..255) hash = crypt_hash(password, salt, rounds);    -  return render_hash(scheme, salt, hash, rounds); +  return render_hash([string(0..127)]scheme, salt, hash, rounds);   }