bcrypt-ruby 2.1.4-java → 3.0.0-java

Sign up to get free protection for your applications and to get access to all the features.
@@ -0,0 +1,111 @@
1
+ /*
2
+ * Written by Solar Designer and placed in the public domain.
3
+ * See crypt_blowfish.c for more information.
4
+ *
5
+ * This file contains salt generation functions for the traditional and
6
+ * other common crypt(3) algorithms, except for bcrypt which is defined
7
+ * entirely in crypt_blowfish.c.
8
+ */
9
+
10
+ #include <string.h>
11
+
12
+ #include <errno.h>
13
+ #ifndef __set_errno
14
+ #define __set_errno(val) errno = (val)
15
+ #endif
16
+
17
+ #undef __CONST
18
+ #ifdef __GNUC__
19
+ #define __CONST __const
20
+ #else
21
+ #define __CONST
22
+ #endif
23
+
24
+ unsigned char _crypt_itoa64[64 + 1] =
25
+ "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
26
+
27
+ char *_crypt_gensalt_traditional_rn(unsigned long count,
28
+ __CONST char *input, int size, char *output, int output_size)
29
+ {
30
+ if (size < 2 || output_size < 2 + 1 || (count && count != 25)) {
31
+ if (output_size > 0) output[0] = '\0';
32
+ __set_errno((output_size < 2 + 1) ? ERANGE : EINVAL);
33
+ return NULL;
34
+ }
35
+
36
+ output[0] = _crypt_itoa64[(unsigned int)input[0] & 0x3f];
37
+ output[1] = _crypt_itoa64[(unsigned int)input[1] & 0x3f];
38
+ output[2] = '\0';
39
+
40
+ return output;
41
+ }
42
+
43
+ char *_crypt_gensalt_extended_rn(unsigned long count,
44
+ __CONST char *input, int size, char *output, int output_size)
45
+ {
46
+ unsigned long value;
47
+
48
+ /* Even iteration counts make it easier to detect weak DES keys from a look
49
+ * at the hash, so they should be avoided */
50
+ if (size < 3 || output_size < 1 + 4 + 4 + 1 ||
51
+ (count && (count > 0xffffff || !(count & 1)))) {
52
+ if (output_size > 0) output[0] = '\0';
53
+ __set_errno((output_size < 1 + 4 + 4 + 1) ? ERANGE : EINVAL);
54
+ return NULL;
55
+ }
56
+
57
+ if (!count) count = 725;
58
+
59
+ output[0] = '_';
60
+ output[1] = _crypt_itoa64[count & 0x3f];
61
+ output[2] = _crypt_itoa64[(count >> 6) & 0x3f];
62
+ output[3] = _crypt_itoa64[(count >> 12) & 0x3f];
63
+ output[4] = _crypt_itoa64[(count >> 18) & 0x3f];
64
+ value = (unsigned long)(unsigned char)input[0] |
65
+ ((unsigned long)(unsigned char)input[1] << 8) |
66
+ ((unsigned long)(unsigned char)input[2] << 16);
67
+ output[5] = _crypt_itoa64[value & 0x3f];
68
+ output[6] = _crypt_itoa64[(value >> 6) & 0x3f];
69
+ output[7] = _crypt_itoa64[(value >> 12) & 0x3f];
70
+ output[8] = _crypt_itoa64[(value >> 18) & 0x3f];
71
+ output[9] = '\0';
72
+
73
+ return output;
74
+ }
75
+
76
+ char *_crypt_gensalt_md5_rn(unsigned long count,
77
+ __CONST char *input, int size, char *output, int output_size)
78
+ {
79
+ unsigned long value;
80
+
81
+ if (size < 3 || output_size < 3 + 4 + 1 || (count && count != 1000)) {
82
+ if (output_size > 0) output[0] = '\0';
83
+ __set_errno((output_size < 3 + 4 + 1) ? ERANGE : EINVAL);
84
+ return NULL;
85
+ }
86
+
87
+ output[0] = '$';
88
+ output[1] = '1';
89
+ output[2] = '$';
90
+ value = (unsigned long)(unsigned char)input[0] |
91
+ ((unsigned long)(unsigned char)input[1] << 8) |
92
+ ((unsigned long)(unsigned char)input[2] << 16);
93
+ output[3] = _crypt_itoa64[value & 0x3f];
94
+ output[4] = _crypt_itoa64[(value >> 6) & 0x3f];
95
+ output[5] = _crypt_itoa64[(value >> 12) & 0x3f];
96
+ output[6] = _crypt_itoa64[(value >> 18) & 0x3f];
97
+ output[7] = '\0';
98
+
99
+ if (size >= 6 && output_size >= 3 + 4 + 4 + 1) {
100
+ value = (unsigned long)(unsigned char)input[3] |
101
+ ((unsigned long)(unsigned char)input[4] << 8) |
102
+ ((unsigned long)(unsigned char)input[5] << 16);
103
+ output[7] = _crypt_itoa64[value & 0x3f];
104
+ output[8] = _crypt_itoa64[(value >> 6) & 0x3f];
105
+ output[9] = _crypt_itoa64[(value >> 12) & 0x3f];
106
+ output[10] = _crypt_itoa64[(value >> 18) & 0x3f];
107
+ output[11] = '\0';
108
+ }
109
+
110
+ return output;
111
+ }
data/ext/mri/extconf.rb CHANGED
@@ -9,9 +9,31 @@ if RUBY_PLATFORM == "java"
9
9
  f.puts "\t@true"
10
10
  end
11
11
  exit 0
12
+ elsif defined?(RUBY_ENGINE) && RUBY_ENGINE == "maglev"
13
+ # Maglev doesn't support C extensions, fall back to compiling an FFI usable
14
+ # library
15
+ File.open('Makefile', 'w') do |f|
16
+ f.puts <<-MAKEFILE
17
+ CFLAGS = -fPIC
18
+ OBJS = bcrypt.o blowfish.o
19
+ DLIB = bcrypt_ext.so
20
+ OS ?= $(strip $(shell uname -s | tr '[:upper:]' '[:lower:]'))
21
+ ifeq ($(OS),darwin)
22
+ DLIB = bcrypt_ext.dylib
23
+ CFLAGS += -dynamiclib
24
+ endif
25
+
26
+ all: $(OBJS)
27
+ cc -shared -o $(DLIB) $(OBJS)
28
+ install:
29
+ install $(DLIB) "../../lib/"
30
+ clean:
31
+ $(RM) $(OBJS) bcrypt_ext.so
32
+ MAKEFILE
33
+ end
34
+ exit 0
12
35
  else
13
36
  require "mkmf"
14
37
  dir_config("bcrypt_ext")
15
- CONFIG['CC'] << " -Wall "
16
38
  create_makefile("bcrypt_ext")
17
- end
39
+ end
@@ -0,0 +1,35 @@
1
+ /*
2
+ * Written by Solar Designer and placed in the public domain.
3
+ * See crypt_blowfish.c for more information.
4
+ */
5
+
6
+ #ifndef _OW_CRYPT_H
7
+ #define _OW_CRYPT_H
8
+
9
+ #undef __CONST
10
+ #if defined __GNUC__
11
+ #define __CONST __const
12
+ #elif defined _MSC_VER
13
+ #define __CONST const
14
+ #else
15
+ #endif
16
+
17
+ #ifndef __SKIP_GNU
18
+ extern char *crypt(__CONST char *key, __CONST char *setting);
19
+ extern char *crypt_r(__CONST char *key, __CONST char *setting, void *data);
20
+ #endif
21
+
22
+ #ifndef __SKIP_OW
23
+ extern char *crypt_rn(__CONST char *key, __CONST char *setting,
24
+ void *data, int size);
25
+ extern char *crypt_ra(__CONST char *key, __CONST char *setting,
26
+ void **data, int *size);
27
+ extern char *crypt_gensalt(__CONST char *prefix, unsigned long count,
28
+ __CONST char *input, int size);
29
+ extern char *crypt_gensalt_rn(__CONST char *prefix, unsigned long count,
30
+ __CONST char *input, int size, char *output, int output_size);
31
+ extern char *crypt_gensalt_ra(__CONST char *prefix, unsigned long count,
32
+ __CONST char *input, int size);
33
+ #endif
34
+
35
+ #endif
data/ext/mri/wrapper.c ADDED
@@ -0,0 +1,255 @@
1
+ /*
2
+ * Written by Solar Designer and placed in the public domain.
3
+ * See crypt_blowfish.c for more information.
4
+ */
5
+
6
+ #include <stdlib.h>
7
+ #include <string.h>
8
+
9
+ #include <errno.h>
10
+ #ifndef __set_errno
11
+ #define __set_errno(val) errno = (val)
12
+ #endif
13
+
14
+ #ifdef TEST
15
+ #include <stdio.h>
16
+ #include <unistd.h>
17
+ #include <signal.h>
18
+ #include <time.h>
19
+ #include <sys/time.h>
20
+ #include <sys/times.h>
21
+ #ifdef TEST_THREADS
22
+ #include <pthread.h>
23
+ #endif
24
+ #endif
25
+
26
+ #define CRYPT_OUTPUT_SIZE (7 + 22 + 31 + 1)
27
+ #define CRYPT_GENSALT_OUTPUT_SIZE (7 + 22 + 1)
28
+
29
+ #if defined(__GLIBC__) && defined(_LIBC)
30
+ #define __SKIP_GNU
31
+ #endif
32
+ #include "ow-crypt.h"
33
+
34
+ extern char *_crypt_blowfish_rn(__CONST char *key, __CONST char *setting,
35
+ char *output, int size);
36
+ extern char *_crypt_gensalt_blowfish_rn(unsigned long count,
37
+ __CONST char *input, int size, char *output, int output_size);
38
+
39
+ extern unsigned char _crypt_itoa64[];
40
+ extern char *_crypt_gensalt_traditional_rn(unsigned long count,
41
+ __CONST char *input, int size, char *output, int output_size);
42
+ extern char *_crypt_gensalt_extended_rn(unsigned long count,
43
+ __CONST char *input, int size, char *output, int output_size);
44
+ extern char *_crypt_gensalt_md5_rn(unsigned long count,
45
+ __CONST char *input, int size, char *output, int output_size);
46
+
47
+ #if defined(__GLIBC__) && defined(_LIBC)
48
+ /* crypt.h from glibc-crypt-2.1 will define struct crypt_data for us */
49
+ #include "crypt.h"
50
+ extern char *__md5_crypt_r(const char *key, const char *salt,
51
+ char *buffer, int buflen);
52
+ /* crypt-entry.c needs to be patched to define __des_crypt_r rather than
53
+ * __crypt_r, and not define crypt_r and crypt at all */
54
+ extern char *__des_crypt_r(const char *key, const char *salt,
55
+ struct crypt_data *data);
56
+ extern struct crypt_data _ufc_foobar;
57
+ #endif
58
+
59
+ static int _crypt_data_alloc(void **data, int *size, int need)
60
+ {
61
+ void *updated;
62
+
63
+ if (*data && *size >= need) return 0;
64
+
65
+ updated = realloc(*data, need);
66
+
67
+ if (!updated) {
68
+ #ifndef __GLIBC__
69
+ /* realloc(3) on glibc sets errno, so we don't need to bother */
70
+ __set_errno(ENOMEM);
71
+ #endif
72
+ return -1;
73
+ }
74
+
75
+ #if defined(__GLIBC__) && defined(_LIBC)
76
+ if (need >= sizeof(struct crypt_data))
77
+ ((struct crypt_data *)updated)->initialized = 0;
78
+ #endif
79
+
80
+ *data = updated;
81
+ *size = need;
82
+
83
+ return 0;
84
+ }
85
+
86
+ static char *_crypt_retval_magic(char *retval, __CONST char *setting,
87
+ char *output)
88
+ {
89
+ if (retval) return retval;
90
+
91
+ output[0] = '*';
92
+ output[1] = '0';
93
+ output[2] = '\0';
94
+
95
+ if (setting[0] == '*' && setting[1] == '0')
96
+ output[1] = '1';
97
+
98
+ return output;
99
+ }
100
+
101
+ #if defined(__GLIBC__) && defined(_LIBC)
102
+ /*
103
+ * Applications may re-use the same instance of struct crypt_data without
104
+ * resetting the initialized field in order to let crypt_r() skip some of
105
+ * its initialization code. Thus, it is important that our multiple hashing
106
+ * algorithms either don't conflict with each other in their use of the
107
+ * data area or reset the initialized field themselves whenever required.
108
+ * Currently, the hashing algorithms simply have no conflicts: the first
109
+ * field of struct crypt_data is the 128-byte large DES key schedule which
110
+ * __des_crypt_r() calculates each time it is called while the two other
111
+ * hashing algorithms use less than 128 bytes of the data area.
112
+ */
113
+
114
+ char *__crypt_rn(__const char *key, __const char *setting,
115
+ void *data, int size)
116
+ {
117
+ if (setting[0] == '$' && setting[1] == '2')
118
+ return _crypt_blowfish_rn(key, setting, (char *)data, size);
119
+ if (setting[0] == '$' && setting[1] == '1')
120
+ return __md5_crypt_r(key, setting, (char *)data, size);
121
+ if (setting[0] == '$' || setting[0] == '_') {
122
+ __set_errno(EINVAL);
123
+ return NULL;
124
+ }
125
+ if (size >= sizeof(struct crypt_data))
126
+ return __des_crypt_r(key, setting, (struct crypt_data *)data);
127
+ __set_errno(ERANGE);
128
+ return NULL;
129
+ }
130
+
131
+ char *__crypt_ra(__const char *key, __const char *setting,
132
+ void **data, int *size)
133
+ {
134
+ if (setting[0] == '$' && setting[1] == '2') {
135
+ if (_crypt_data_alloc(data, size, CRYPT_OUTPUT_SIZE))
136
+ return NULL;
137
+ return _crypt_blowfish_rn(key, setting, (char *)*data, *size);
138
+ }
139
+ if (setting[0] == '$' && setting[1] == '1') {
140
+ if (_crypt_data_alloc(data, size, CRYPT_OUTPUT_SIZE))
141
+ return NULL;
142
+ return __md5_crypt_r(key, setting, (char *)*data, *size);
143
+ }
144
+ if (setting[0] == '$' || setting[0] == '_') {
145
+ __set_errno(EINVAL);
146
+ return NULL;
147
+ }
148
+ if (_crypt_data_alloc(data, size, sizeof(struct crypt_data)))
149
+ return NULL;
150
+ return __des_crypt_r(key, setting, (struct crypt_data *)*data);
151
+ }
152
+
153
+ char *__crypt_r(__const char *key, __const char *setting,
154
+ struct crypt_data *data)
155
+ {
156
+ return _crypt_retval_magic(
157
+ __crypt_rn(key, setting, data, sizeof(*data)),
158
+ setting, (char *)data);
159
+ }
160
+
161
+ char *__crypt(__const char *key, __const char *setting)
162
+ {
163
+ return _crypt_retval_magic(
164
+ __crypt_rn(key, setting, &_ufc_foobar, sizeof(_ufc_foobar)),
165
+ setting, (char *)&_ufc_foobar);
166
+ }
167
+ #else
168
+ char *crypt_rn(__CONST char *key, __CONST char *setting, void *data, int size)
169
+ {
170
+ return _crypt_blowfish_rn(key, setting, (char *)data, size);
171
+ }
172
+
173
+ char *crypt_ra(__CONST char *key, __CONST char *setting,
174
+ void **data, int *size)
175
+ {
176
+ if (_crypt_data_alloc(data, size, CRYPT_OUTPUT_SIZE))
177
+ return NULL;
178
+ return _crypt_blowfish_rn(key, setting, (char *)*data, *size);
179
+ }
180
+
181
+ char *crypt_r(__CONST char *key, __CONST char *setting, void *data)
182
+ {
183
+ return _crypt_retval_magic(
184
+ crypt_rn(key, setting, data, CRYPT_OUTPUT_SIZE),
185
+ setting, (char *)data);
186
+ }
187
+
188
+ #define __crypt_gensalt_rn crypt_gensalt_rn
189
+ #define __crypt_gensalt_ra crypt_gensalt_ra
190
+ #define __crypt_gensalt crypt_gensalt
191
+ #endif
192
+
193
+ char *__crypt_gensalt_rn(__CONST char *prefix, unsigned long count,
194
+ __CONST char *input, int size, char *output, int output_size)
195
+ {
196
+ char *(*use)(unsigned long count,
197
+ __CONST char *input, int size, char *output, int output_size);
198
+
199
+ /* This may be supported on some platforms in the future */
200
+ if (!input) {
201
+ __set_errno(EINVAL);
202
+ return NULL;
203
+ }
204
+
205
+ if (!strncmp(prefix, "$2a$", 4))
206
+ use = _crypt_gensalt_blowfish_rn;
207
+ else
208
+ if (!strncmp(prefix, "$1$", 3))
209
+ use = _crypt_gensalt_md5_rn;
210
+ else
211
+ if (prefix[0] == '_')
212
+ use = _crypt_gensalt_extended_rn;
213
+ else
214
+ if (!prefix[0] ||
215
+ (prefix[0] && prefix[1] &&
216
+ memchr(_crypt_itoa64, prefix[0], 64) &&
217
+ memchr(_crypt_itoa64, prefix[1], 64)))
218
+ use = _crypt_gensalt_traditional_rn;
219
+ else {
220
+ __set_errno(EINVAL);
221
+ return NULL;
222
+ }
223
+
224
+ return use(count, input, size, output, output_size);
225
+ }
226
+
227
+ char *__crypt_gensalt_ra(__CONST char *prefix, unsigned long count,
228
+ __CONST char *input, int size)
229
+ {
230
+ char output[CRYPT_GENSALT_OUTPUT_SIZE];
231
+ char *retval;
232
+
233
+ retval = __crypt_gensalt_rn(prefix, count,
234
+ input, size, output, sizeof(output));
235
+
236
+ if (retval) {
237
+ retval = strdup(retval);
238
+ #ifndef __GLIBC__
239
+ /* strdup(3) on glibc sets errno, so we don't need to bother */
240
+ if (!retval)
241
+ __set_errno(ENOMEM);
242
+ #endif
243
+ }
244
+
245
+ return retval;
246
+ }
247
+
248
+ char *__crypt_gensalt(__CONST char *prefix, unsigned long count,
249
+ __CONST char *input, int size)
250
+ {
251
+ static char output[CRYPT_GENSALT_OUTPUT_SIZE];
252
+
253
+ return __crypt_gensalt_rn(prefix, count,
254
+ input, size, output, sizeof(output));
255
+ }
data/lib/bcrypt.rb CHANGED
@@ -6,7 +6,11 @@ else
6
6
  require "openssl"
7
7
  end
8
8
 
9
- require 'bcrypt_ext'
9
+ if defined?(RUBY_ENGINE) and RUBY_ENGINE == "maglev"
10
+ require 'bcrypt_engine'
11
+ else
12
+ require 'bcrypt_ext'
13
+ end
10
14
 
11
15
  # A Ruby library implementing OpenBSD's bcrypt()/crypt_blowfish algorithm for
12
16
  # hashing passwords.
@@ -46,7 +50,7 @@ module BCrypt
46
50
  if RUBY_PLATFORM == "java"
47
51
  Java.bcrypt_jruby.BCrypt.hashpw(secret.to_s, salt.to_s)
48
52
  else
49
- __bc_crypt(secret.to_s, salt, cost)
53
+ __bc_crypt(secret.to_s, salt)
50
54
  end
51
55
  else
52
56
  raise Errors::InvalidSalt.new("invalid salt")
@@ -66,7 +70,8 @@ module BCrypt
66
70
  if RUBY_PLATFORM == "java"
67
71
  Java.bcrypt_jruby.BCrypt.gensalt(cost)
68
72
  else
69
- __bc_salt(cost, OpenSSL::Random.random_bytes(MAX_SALT_LENGTH))
73
+ prefix = "$2a$05$CCCCCCCCCCCCCCCCCCCCC.E5YPO9kmyuRGyh0XouQYb4YMJKvyOeW"
74
+ __bc_salt(prefix, cost, OpenSSL::Random.random_bytes(MAX_SALT_LENGTH))
70
75
  end
71
76
  else
72
77
  raise Errors::InvalidCost.new("cost must be numeric and > 0")
@@ -75,7 +80,7 @@ module BCrypt
75
80
 
76
81
  # Returns true if +salt+ is a valid bcrypt() salt, false if not.
77
82
  def self.valid_salt?(salt)
78
- salt =~ /^\$[0-9a-z]{2,}\$[0-9]{2,}\$[A-Za-z0-9\.\/]{22,}$/
83
+ !!(salt =~ /^\$[0-9a-z]{2,}\$[0-9]{2,}\$[A-Za-z0-9\.\/]{22,}$/)
79
84
  end
80
85
 
81
86
  # Returns true if +secret+ is a valid bcrypt() secret, false if not.
@@ -183,7 +188,7 @@ module BCrypt
183
188
  #
184
189
  # Splits +h+ into version, cost, salt, and hash and returns them in that order.
185
190
  def split_hash(h)
186
- b, v, c, mash = h.split('$')
191
+ _, v, c, mash = h.split('$')
187
192
  return v, c.to_i, h[0, 29].to_str, mash[-31, 31].to_str
188
193
  end
189
194
  end