Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commit749a9e2

Browse files
committed
Add modern SHA-2 based password hashes to pgcrypto.
This adapts the publicly available reference implementation onhttps://www.akkadia.org/drepper/SHA-crypt.txt and adds the new hashalgorithms sha256crypt and sha512crypt to crypt() and gen_salt()respectively.Author: Bernd Helmle <mailings@oopsware.de>Reviewed-by: Japin Li <japinli@hotmail.com>Discussion:https://postgr.es/m/c763235a2757e2f5f9e3e27268b9028349cef659.camel@oopsware.de
1 parente33f233 commit749a9e2

File tree

9 files changed

+1114
-2
lines changed

9 files changed

+1114
-2
lines changed

‎contrib/pgcrypto/Makefile

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -11,6 +11,7 @@ OBJS = \
1111
crypt-des.o\
1212
crypt-gensalt.o\
1313
crypt-md5.o\
14+
crypt-sha.o\
1415
mbuf.o\
1516
openssl.o\
1617
pgcrypto.o\
@@ -43,7 +44,7 @@ REGRESS = init md5 sha1 hmac-md5 hmac-sha1 blowfish rijndael \
4344
sha2 des 3des cast5\
4445
crypt-des crypt-md5 crypt-blowfish crypt-xdes\
4546
pgp-armor pgp-decrypt pgp-encrypt pgp-encrypt-md5$(CF_PGP_TESTS)\
46-
pgp-pubkey-decrypt pgp-pubkey-encrypt pgp-info
47+
pgp-pubkey-decrypt pgp-pubkey-encrypt pgp-info crypt-shacrypt
4748

4849
ifdefUSE_PGXS
4950
PG_CONFIG = pg_config

‎contrib/pgcrypto/crypt-gensalt.c

Lines changed: 82 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -185,3 +185,85 @@ _crypt_gensalt_blowfish_rn(unsigned long count,
185185

186186
returnoutput;
187187
}
188+
189+
/*
190+
* Helper for _crypt_gensalt_sha256_rn and _crypt_gensalt_sha512_rn
191+
*/
192+
staticchar*
193+
_crypt_gensalt_sha(unsigned longcount,
194+
constchar*input,intsize,char*output,intoutput_size)
195+
{
196+
char*s_ptr=output;
197+
unsignedintresult_bufsize=PX_SHACRYPT_SALT_BUF_LEN;
198+
intrc;
199+
200+
/* output buffer must be allocated with PX_MAX_SALT_LEN bytes */
201+
if (PX_MAX_SALT_LEN<result_bufsize)
202+
ereport(ERROR,
203+
errcode(ERRCODE_SYNTAX_ERROR),
204+
errmsg("invalid size of salt"));
205+
206+
/*
207+
* Care must be taken to not exceed the buffer size allocated for the
208+
* input character buffer.
209+
*/
210+
if ((PX_SHACRYPT_SALT_MAX_LEN!=size)|| (output_size<size))
211+
ereport(ERROR,
212+
errcode(ERRCODE_INTERNAL_ERROR),
213+
errmsg("invalid length of salt buffer"));
214+
215+
/* Skip magic bytes, set by callers */
216+
s_ptr+=3;
217+
if ((rc=pg_snprintf(s_ptr,18,"rounds=%ld$",count)) <=0)
218+
ereport(ERROR,
219+
errcode(ERRCODE_INTERNAL_ERROR),
220+
errmsg("cannot format salt string"));
221+
222+
/* s_ptr should now be positioned at the start of the salt string */
223+
s_ptr+=rc;
224+
225+
/*
226+
* Normalize salt string
227+
*
228+
* size of input buffer was checked above to not exceed
229+
* PX_SHACRYPT_SALT_LEN_MAX.
230+
*/
231+
for (inti=0;i<size;i++)
232+
{
233+
*s_ptr=_crypt_itoa64[input[i]&0x3f];
234+
s_ptr++;
235+
}
236+
237+
/* We're done */
238+
returnoutput;
239+
}
240+
241+
/* gen_list->gen function for sha512 */
242+
char*
243+
_crypt_gensalt_sha512_rn(unsigned longcount,
244+
charconst*input,intsize,
245+
char*output,intoutput_size)
246+
{
247+
memset(output,0,output_size);
248+
/* set magic byte for sha512crypt */
249+
output[0]='$';
250+
output[1]='6';
251+
output[2]='$';
252+
253+
return_crypt_gensalt_sha(count,input,size,output,output_size);
254+
}
255+
256+
/* gen_list->gen function for sha256 */
257+
char*
258+
_crypt_gensalt_sha256_rn(unsigned longcount,
259+
constchar*input,intsize,
260+
char*output,intoutput_size)
261+
{
262+
memset(output,0,output_size);
263+
/* set magic byte for sha256crypt */
264+
output[0]='$';
265+
output[1]='5';
266+
output[2]='$';
267+
268+
return_crypt_gensalt_sha(count,input,size,output,output_size);
269+
}

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp