bcrypt-ruby 3.1.2 → 3.1.3

data/ext/mri/crypt_gensalt.c

@@ -1,111 +0,0 @@
-/*
- * Written by Solar Designer and placed in the public domain.
- * See crypt_blowfish.c for more information.
- *
- * This file contains salt generation functions for the traditional and
- * other common crypt(3) algorithms, except for bcrypt which is defined
- * entirely in crypt_blowfish.c.
- */
-
-#include <string.h>
-
-#include <errno.h>
-#ifndef __set_errno
-#define __set_errno(val) errno = (val)
-#endif
-
-#undef __CONST
-#ifdef __GNUC__
-#define __CONST __const
-#else
-#define __CONST
-#endif
-
-unsigned char _crypt_itoa64[64 + 1] =
-	"./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
-
-char *_crypt_gensalt_traditional_rn(unsigned long count,
-	__CONST char *input, int size, char *output, int output_size)
-{
-	if (size < 2 || output_size < 2 + 1 || (count && count != 25)) {
-		if (output_size > 0) output[0] = '\0';
-		__set_errno((output_size < 2 + 1) ? ERANGE : EINVAL);
-		return NULL;
-	}
-
-	output[0] = _crypt_itoa64[(unsigned int)input[0] & 0x3f];
-	output[1] = _crypt_itoa64[(unsigned int)input[1] & 0x3f];
-	output[2] = '\0';
-
-	return output;
-}
-
-char *_crypt_gensalt_extended_rn(unsigned long count,
-	__CONST char *input, int size, char *output, int output_size)
-{
-	unsigned long value;
-
-/* Even iteration counts make it easier to detect weak DES keys from a look
- * at the hash, so they should be avoided */
-	if (size < 3 || output_size < 1 + 4 + 4 + 1 ||
-	    (count && (count > 0xffffff || !(count & 1)))) {
-		if (output_size > 0) output[0] = '\0';
-		__set_errno((output_size < 1 + 4 + 4 + 1) ? ERANGE : EINVAL);
-		return NULL;
-	}
-
-	if (!count) count = 725;
-
-	output[0] = '_';
-	output[1] = _crypt_itoa64[count & 0x3f];
-	output[2] = _crypt_itoa64[(count >> 6) & 0x3f];
-	output[3] = _crypt_itoa64[(count >> 12) & 0x3f];
-	output[4] = _crypt_itoa64[(count >> 18) & 0x3f];
-	value = (unsigned long)(unsigned char)input[0] |
-		((unsigned long)(unsigned char)input[1] << 8) |
-		((unsigned long)(unsigned char)input[2] << 16);
-	output[5] = _crypt_itoa64[value & 0x3f];
-	output[6] = _crypt_itoa64[(value >> 6) & 0x3f];
-	output[7] = _crypt_itoa64[(value >> 12) & 0x3f];
-	output[8] = _crypt_itoa64[(value >> 18) & 0x3f];
-	output[9] = '\0';
-
-	return output;
-}
-
-char *_crypt_gensalt_md5_rn(unsigned long count,
-	__CONST char *input, int size, char *output, int output_size)
-{
-	unsigned long value;
-
-	if (size < 3 || output_size < 3 + 4 + 1 || (count && count != 1000)) {
-		if (output_size > 0) output[0] = '\0';
-		__set_errno((output_size < 3 + 4 + 1) ? ERANGE : EINVAL);
-		return NULL;
-	}
-
-	output[0] = '$';
-	output[1] = '1';
-	output[2] = '$';
-	value = (unsigned long)(unsigned char)input[0] |
-		((unsigned long)(unsigned char)input[1] << 8) |
-		((unsigned long)(unsigned char)input[2] << 16);
-	output[3] = _crypt_itoa64[value & 0x3f];
-	output[4] = _crypt_itoa64[(value >> 6) & 0x3f];
-	output[5] = _crypt_itoa64[(value >> 12) & 0x3f];
-	output[6] = _crypt_itoa64[(value >> 18) & 0x3f];
-	output[7] = '\0';
-
-	if (size >= 6 && output_size >= 3 + 4 + 4 + 1) {
-		value = (unsigned long)(unsigned char)input[3] |
-			((unsigned long)(unsigned char)input[4] << 8) |
-			((unsigned long)(unsigned char)input[5] << 16);
-		output[7] = _crypt_itoa64[value & 0x3f];
-		output[8] = _crypt_itoa64[(value >> 6) & 0x3f];
-		output[9] = _crypt_itoa64[(value >> 12) & 0x3f];
-		output[10] = _crypt_itoa64[(value >> 18) & 0x3f];
-		output[11] = '\0';
-	}
-
-	return output;
-}

data/ext/mri/ow-crypt.h

@@ -1,35 +0,0 @@
-/*
- * Written by Solar Designer and placed in the public domain.
- * See crypt_blowfish.c for more information.
- */
-
-#ifndef _OW_CRYPT_H
-#define _OW_CRYPT_H
-
-#undef __CONST
-#if defined __GNUC__
-#define __CONST __const
-#elif defined _MSC_VER
-#define __CONST const
-#else
-#endif
-
-#ifndef __SKIP_GNU
-extern char *crypt(__CONST char *key, __CONST char *setting);
-extern char *crypt_r(__CONST char *key, __CONST char *setting, void *data);
-#endif
-
-#ifndef __SKIP_OW
-extern char *crypt_rn(__CONST char *key, __CONST char *setting,
-	void *data, int size);
-extern char *crypt_ra(__CONST char *key, __CONST char *setting,
-	void **data, int *size);
-extern char *crypt_gensalt(__CONST char *prefix, unsigned long count,
-	__CONST char *input, int size);
-extern char *crypt_gensalt_rn(__CONST char *prefix, unsigned long count,
-	__CONST char *input, int size, char *output, int output_size);
-extern char *crypt_gensalt_ra(__CONST char *prefix, unsigned long count,
-	__CONST char *input, int size);
-#endif
-
-#endif

data/ext/mri/wrapper.c

@@ -1,262 +0,0 @@
-/*
- * Written by Solar Designer and placed in the public domain.
- * See crypt_blowfish.c for more information.
- */
-
-#include <stdlib.h>
-#include <string.h>
-
-#include <errno.h>
-#ifndef __set_errno
-#define __set_errno(val) errno = (val)
-#endif
-
-#ifdef TEST
-#include <stdio.h>
-#include <unistd.h>
-#include <signal.h>
-#include <time.h>
-#include <sys/time.h>
-#include <sys/times.h>
-#ifdef TEST_THREADS
-#include <pthread.h>
-#endif
-#endif
-
-#include <ruby.h>
-#ifdef HAVE_RUBY_UTIL_H
-#include <ruby/util.h>
-#else
-#include <util.h>
-#endif
-
-#define CRYPT_OUTPUT_SIZE		(7 + 22 + 31 + 1)
-#define CRYPT_GENSALT_OUTPUT_SIZE	(7 + 22 + 1)
-
-#if defined(__GLIBC__) && defined(_LIBC)
-#define __SKIP_GNU
-#endif
-#include "ow-crypt.h"
-
-extern char *_crypt_blowfish_rn(__CONST char *key, __CONST char *setting,
-	char *output, int size);
-extern char *_crypt_gensalt_blowfish_rn(unsigned long count,
-	__CONST char *input, int size, char *output, int output_size);
-
-extern unsigned char _crypt_itoa64[];
-extern char *_crypt_gensalt_traditional_rn(unsigned long count,
-	__CONST char *input, int size, char *output, int output_size);
-extern char *_crypt_gensalt_extended_rn(unsigned long count,
-	__CONST char *input, int size, char *output, int output_size);
-extern char *_crypt_gensalt_md5_rn(unsigned long count,
-	__CONST char *input, int size, char *output, int output_size);
-
-#if defined(__GLIBC__) && defined(_LIBC)
-/* crypt.h from glibc-crypt-2.1 will define struct crypt_data for us */
-#include "crypt.h"
-extern char *__md5_crypt_r(const char *key, const char *salt,
-	char *buffer, int buflen);
-/* crypt-entry.c needs to be patched to define __des_crypt_r rather than
- * __crypt_r, and not define crypt_r and crypt at all */
-extern char *__des_crypt_r(const char *key, const char *salt,
-	struct crypt_data *data);
-extern struct crypt_data _ufc_foobar;
-#endif
-
-static int _crypt_data_alloc(void **data, int *size, int need)
-{
-	void *updated;
-
-	if (*data && *size >= need) return 0;
-
-	updated = realloc(*data, need);
-
-	if (!updated) {
-#ifndef __GLIBC__
-		/* realloc(3) on glibc sets errno, so we don't need to bother */
-		__set_errno(ENOMEM);
-#endif
-		return -1;
-	}
-
-#if defined(__GLIBC__) && defined(_LIBC)
-	if (need >= sizeof(struct crypt_data))
-		((struct crypt_data *)updated)->initialized = 0;
-#endif
-
-	*data = updated;
-	*size = need;
-
-	return 0;
-}
-
-static char *_crypt_retval_magic(char *retval, __CONST char *setting,
-	char *output)
-{
-	if (retval) return retval;
-
-	output[0] = '*';
-	output[1] = '0';
-	output[2] = '\0';
-
-	if (setting[0] == '*' && setting[1] == '0')
-		output[1] = '1';
-
-	return output;
-}
-
-#if defined(__GLIBC__) && defined(_LIBC)
-/*
- * Applications may re-use the same instance of struct crypt_data without
- * resetting the initialized field in order to let crypt_r() skip some of
- * its initialization code.  Thus, it is important that our multiple hashing
- * algorithms either don't conflict with each other in their use of the
- * data area or reset the initialized field themselves whenever required.
- * Currently, the hashing algorithms simply have no conflicts: the first
- * field of struct crypt_data is the 128-byte large DES key schedule which
- * __des_crypt_r() calculates each time it is called while the two other
- * hashing algorithms use less than 128 bytes of the data area.
- */
-
-char *__crypt_rn(__const char *key, __const char *setting,
-	void *data, int size)
-{
-	if (setting[0] == '$' && setting[1] == '2')
-		return _crypt_blowfish_rn(key, setting, (char *)data, size);
-	if (setting[0] == '$' && setting[1] == '1')
-		return __md5_crypt_r(key, setting, (char *)data, size);
-	if (setting[0] == '$' || setting[0] == '_') {
-		__set_errno(EINVAL);
-		return NULL;
-	}
-	if (size >= sizeof(struct crypt_data))
-		return __des_crypt_r(key, setting, (struct crypt_data *)data);
-	__set_errno(ERANGE);
-	return NULL;
-}
-
-char *__crypt_ra(__const char *key, __const char *setting,
-	void **data, int *size)
-{
-	if (setting[0] == '$' && setting[1] == '2') {
-		if (_crypt_data_alloc(data, size, CRYPT_OUTPUT_SIZE))
-			return NULL;
-		return _crypt_blowfish_rn(key, setting, (char *)*data, *size);
-	}
-	if (setting[0] == '$' && setting[1] == '1') {
-		if (_crypt_data_alloc(data, size, CRYPT_OUTPUT_SIZE))
-			return NULL;
-		return __md5_crypt_r(key, setting, (char *)*data, *size);
-	}
-	if (setting[0] == '$' || setting[0] == '_') {
-		__set_errno(EINVAL);
-		return NULL;
-	}
-	if (_crypt_data_alloc(data, size, sizeof(struct crypt_data)))
-		return NULL;
-	return __des_crypt_r(key, setting, (struct crypt_data *)*data);
-}
-
-char *__crypt_r(__const char *key, __const char *setting,
-	struct crypt_data *data)
-{
-	return _crypt_retval_magic(
-		__crypt_rn(key, setting, data, sizeof(*data)),
-		setting, (char *)data);
-}
-
-char *__crypt(__const char *key, __const char *setting)
-{
-	return _crypt_retval_magic(
-		__crypt_rn(key, setting, &_ufc_foobar, sizeof(_ufc_foobar)),
-		setting, (char *)&_ufc_foobar);
-}
-#else
-char *crypt_rn(__CONST char *key, __CONST char *setting, void *data, int size)
-{
-	return _crypt_blowfish_rn(key, setting, (char *)data, size);
-}
-
-char *crypt_ra(__CONST char *key, __CONST char *setting,
-	void **data, int *size)
-{
-	if (_crypt_data_alloc(data, size, CRYPT_OUTPUT_SIZE))
-		return NULL;
-	return _crypt_blowfish_rn(key, setting, (char *)*data, *size);
-}
-
-char *crypt_r(__CONST char *key, __CONST char *setting, void *data)
-{
-	return _crypt_retval_magic(
-		crypt_rn(key, setting, data, CRYPT_OUTPUT_SIZE),
-		setting, (char *)data);
-}
-
-#define __crypt_gensalt_rn crypt_gensalt_rn
-#define __crypt_gensalt_ra crypt_gensalt_ra
-#define __crypt_gensalt crypt_gensalt
-#endif
-
-char *__crypt_gensalt_rn(__CONST char *prefix, unsigned long count,
-	__CONST char *input, int size, char *output, int output_size)
-{
-	char *(*use)(unsigned long count,
-		__CONST char *input, int size, char *output, int output_size);
-
-	/* This may be supported on some platforms in the future */
-	if (!input) {
-		__set_errno(EINVAL);
-		return NULL;
-	}
-
-	if (!strncmp(prefix, "$2a$", 4))
-		use = _crypt_gensalt_blowfish_rn;
-	else
-	if (!strncmp(prefix, "$1$", 3))
-		use = _crypt_gensalt_md5_rn;
-	else
-	if (prefix[0] == '_')
-		use = _crypt_gensalt_extended_rn;
-	else
-	if (!prefix[0] ||
-	    (prefix[0] && prefix[1] &&
-	    memchr(_crypt_itoa64, prefix[0], 64) &&
-	    memchr(_crypt_itoa64, prefix[1], 64)))
-		use = _crypt_gensalt_traditional_rn;
-	else {
-		__set_errno(EINVAL);
-		return NULL;
-	}
-
-	return use(count, input, size, output, output_size);
-}
-
-char *__crypt_gensalt_ra(__CONST char *prefix, unsigned long count,
-	__CONST char *input, int size)
-{
-	char output[CRYPT_GENSALT_OUTPUT_SIZE];
-	char *retval;
-
-	retval = __crypt_gensalt_rn(prefix, count,
-		input, size, output, sizeof(output));
-
-	if (retval) {
-		retval = ruby_strdup(retval);
-#ifndef __GLIBC__
-		/* strdup(3) on glibc sets errno, so we don't need to bother */
-		if (!retval)
-			__set_errno(ENOMEM);
-#endif
-	}
-
-	return retval;
-}
-
-char *__crypt_gensalt(__CONST char *prefix, unsigned long count,
-	__CONST char *input, int size)
-{
-	static char output[CRYPT_GENSALT_OUTPUT_SIZE];
-
-	return __crypt_gensalt_rn(prefix, count,
-		input, size, output, sizeof(output));
-}

data/lib/bcrypt/engine.rb

@@ -1,120 +0,0 @@
-module BCrypt
-  # A Ruby wrapper for the bcrypt() C extension calls and the Java calls.
-  class Engine
-    # The default computational expense parameter.
-    DEFAULT_COST    = 10
-    # The minimum cost supported by the algorithm.
-    MIN_COST        = 4
-    # Maximum possible size of bcrypt() salts.
-    MAX_SALT_LENGTH = 16
-
-    if RUBY_PLATFORM != "java"
-      # C-level routines which, if they don't get the right input, will crash the
-      # hell out of the Ruby process.
-      private_class_method :__bc_salt
-      private_class_method :__bc_crypt
-    end
-
-    @cost = nil
-
-    # Returns the cost factor that will be used if one is not specified when
-    # creating a password hash.  Defaults to DEFAULT_COST if not set.
-    def self.cost
-      @cost || DEFAULT_COST
-    end
-
-    # Set a default cost factor that will be used if one is not specified when
-    # creating a password hash.
-    #
-    # Example:
-    #
-    #   BCrypt::Engine::DEFAULT_COST            #=> 10
-    #   BCrypt::Password.create('secret').cost  #=> 10
-    #
-    #   BCrypt::Engine.cost = 8
-    #   BCrypt::Password.create('secret').cost  #=> 8
-    #
-    #   # cost can still be overridden as needed
-    #   BCrypt::Password.create('secret', :cost => 6).cost  #=> 6
-    def self.cost=(cost)
-      @cost = cost
-    end
-
-    # Given a secret and a valid salt (see BCrypt::Engine.generate_salt) calculates
-    # a bcrypt() password hash.
-    def self.hash_secret(secret, salt, cost = nil)
-      if valid_secret?(secret)
-        if valid_salt?(salt)
-          if cost.nil?
-            cost = autodetect_cost(salt)
-          end
-
-          if RUBY_PLATFORM == "java"
-            Java.bcrypt_jruby.BCrypt.hashpw(secret.to_s, salt.to_s)
-          else
-            __bc_crypt(secret.to_s, salt)
-          end
-        else
-          raise Errors::InvalidSalt.new("invalid salt")
-        end
-      else
-        raise Errors::InvalidSecret.new("invalid secret")
-      end
-    end
-
-    # Generates a random salt with a given computational cost.
-    def self.generate_salt(cost = self.cost)
-      cost = cost.to_i
-      if cost > 0
-        if cost < MIN_COST
-          cost = MIN_COST
-        end
-        if RUBY_PLATFORM == "java"
-          Java.bcrypt_jruby.BCrypt.gensalt(cost)
-        else
-          prefix = "$2a$05$CCCCCCCCCCCCCCCCCCCCC.E5YPO9kmyuRGyh0XouQYb4YMJKvyOeW"
-          __bc_salt(prefix, cost, OpenSSL::Random.random_bytes(MAX_SALT_LENGTH))
-        end
-      else
-        raise Errors::InvalidCost.new("cost must be numeric and > 0")
-      end
-    end
-
-    # Returns true if +salt+ is a valid bcrypt() salt, false if not.
-    def self.valid_salt?(salt)
-      !!(salt =~ /^\$[0-9a-z]{2,}\$[0-9]{2,}\$[A-Za-z0-9\.\/]{22,}$/)
-    end
-
-    # Returns true if +secret+ is a valid bcrypt() secret, false if not.
-    def self.valid_secret?(secret)
-      secret.respond_to?(:to_s)
-    end
-
-    # Returns the cost factor which will result in computation times less than +upper_time_limit_in_ms+.
-    #
-    # Example:
-    #
-    #   BCrypt::Engine.calibrate(200)  #=> 10
-    #   BCrypt::Engine.calibrate(1000) #=> 12
-    #
-    #   # should take less than 200ms
-    #   BCrypt::Password.create("woo", :cost => 10)
-    #
-    #   # should take less than 1000ms
-    #   BCrypt::Password.create("woo", :cost => 12)
-    def self.calibrate(upper_time_limit_in_ms)
-      40.times do |i|
-        start_time = Time.now
-        Password.create("testing testing", :cost => i+1)
-        end_time = Time.now - start_time
-        return i if end_time * 1_000 > upper_time_limit_in_ms
-      end
-    end
-
-    # Autodetects the cost from the salt string.
-    def self.autodetect_cost(salt)
-      salt[4..5].to_i
-    end
-  end
-
-end