From be173648460b1252521ddb874369d244e8d65949 Mon Sep 17 00:00:00 2001 From: Kristaps Dz Date: Sat, 10 Aug 2024 14:10:19 -0700 Subject: [PATCH] Full crypt_newpass compat. This adds two depending parts: _PASSWORD_LEN for Linux and timingsafe_bcmp for others. The compat embeds bcrypt() and the bcrypt_newhash() functions, but does not expose them. It also fixes the strndup regression not to raise a warning on Linux and an incorrect definition of _GNU_SOURCE instead of _XOPEN_SOURCE to expose crypt() from unistd instead of crypt.h on Linux. --- Makefile | 2 + Makefile.regen | 5 +- compat_crypt_newhash.c | 35 +++--------- compat_timingsafe_bcmp.c | 74 +++++++++++++++++++++++++ compats.c | 111 ++++++++++++++++++++++++++++---------- configure | 19 +++++++ configure.in | 19 +++++++ regress/PASSWORD_LEN.c | 13 +++++ regress/crypt_newhash.c | 4 +- regress/strndup.c | 6 --- regress/timingsafe_bcmp.c | 16 ++++++ test-PASSWORD_LEN.c | 13 +++++ test-crypt.c | 2 +- test-crypt_newhash.c | 3 +- test-timingsafe_bcmp.c | 12 +++++ tests.c | 34 ++++++++++-- 16 files changed, 296 insertions(+), 72 deletions(-) create mode 100644 compat_timingsafe_bcmp.c create mode 100644 regress/PASSWORD_LEN.c create mode 100644 regress/timingsafe_bcmp.c create mode 100644 test-PASSWORD_LEN.c create mode 100644 test-timingsafe_bcmp.c diff --git a/Makefile b/Makefile index a112d8a..9f1094a 100644 --- a/Makefile +++ b/Makefile @@ -23,6 +23,7 @@ REGRESS_NODEP = regress/blowfish \ regress/minor \ regress/mkfifoat \ regress/mknodat \ + regress/PASSWORD_LEN \ regress/PATH_MAX \ regress/pledge \ regress/reallocarray \ @@ -37,6 +38,7 @@ REGRESS_NODEP = regress/blowfish \ regress/sys_queue \ regress/systrace \ regress/termios \ + regress/timingsafe_bcmp \ regress/unveil \ regress/WAIT_ANY REGRESS = $(REGRESS_B64) \ diff --git a/Makefile.regen b/Makefile.regen index 1b6c4cd..3a041cd 100644 --- a/Makefile.regen +++ b/Makefile.regen @@ -24,7 +24,8 @@ COMPATS = compat_blowfish.c \ compat_strlcpy.c \ compat_strndup.c \ compat_strnlen.c \ - compat_strtonum.c + compat_strtonum.c \ + compat_timingsafe_bcmp.c TESTS = test-__progname.c \ test-arc4random.c \ test-blowfish.c \ @@ -48,6 +49,7 @@ TESTS = test-__progname.c \ test-mkfifoat.c \ test-mknodat.c \ test-osbyteorder_h.c \ + test-PASSWORD_LEN.c \ test-PATH_MAX.c \ test-pledge.c \ test-program_invocation_short_name.c \ @@ -74,6 +76,7 @@ TESTS = test-__progname.c \ test-sys_sysmacros_h.c \ test-sys_tree.c \ test-termios.c \ + test-timingsafe_bcmp.c \ test-unveil.c \ test-WAIT_ANY.c diff --git a/compat_crypt_newhash.c b/compat_crypt_newhash.c index e02a11b..597e8f4 100644 --- a/compat_crypt_newhash.c +++ b/compat_crypt_newhash.c @@ -39,6 +39,7 @@ #include #include #include +#include #include #include #include @@ -63,7 +64,7 @@ static int decode_base64(u_int8_t *, size_t, const char *); * Generates a salt for this version of crypt. */ static int -bcrypt_initsalt(int log_rounds, uint8_t *salt, size_t saltbuflen) +bcrypt_initsalt(int log_rounds, char *salt, size_t saltbuflen) { uint8_t csalt[BCRYPT_MAXSALT]; @@ -202,7 +203,7 @@ bcrypt_hashpass(const char *key, const char *salt, char *encrypted, /* * user friendly functions */ -int +static int bcrypt_newhash(const char *pass, int log_rounds, char *hash, size_t hashlen) { char salt[BCRYPT_SALTSPACE]; @@ -298,7 +299,7 @@ static int decode_base64(u_int8_t *buffer, size_t len, const char *b64data) { u_int8_t *bp = buffer; - const u_int8_t *p = b64data; + const u_int8_t *p = (const u_int8_t *)b64data; u_int8_t c1, c2, c3, c4; while (bp < buffer + len) { @@ -340,7 +341,7 @@ decode_base64(u_int8_t *buffer, size_t len, const char *b64data) static int encode_base64(char *b64buffer, const u_int8_t *data, size_t len) { - u_int8_t *bp = b64buffer; + u_int8_t *bp = (u_int8_t *)b64buffer; const u_int8_t *p = data; u_int8_t c1, c2; @@ -369,30 +370,6 @@ encode_base64(char *b64buffer, const u_int8_t *data, size_t len) return 0; } -/* - * classic interface - */ -static char * -bcrypt_gensalt(u_int8_t log_rounds) -{ - static char gsalt[BCRYPT_SALTSPACE]; - - bcrypt_initsalt(log_rounds, gsalt, sizeof(gsalt)); - - return gsalt; -} - -static char * -bcrypt(const char *pass, const char *salt) -{ - static char gencrypted[BCRYPT_HASHSPACE]; - - if (bcrypt_hashpass(pass, salt, gencrypted, sizeof(gencrypted)) != 0) - return NULL; - - return gencrypted; -} - int crypt_checkpass(const char *pass, const char *goodhash) { @@ -429,7 +406,7 @@ crypt_newhash(const char *pass, const char *pref, char *hash, size_t hashlen) const char *errstr; const char *choices[] = { "blowfish", "bcrypt" }; size_t maxchoice = sizeof(choices) / sizeof(choices[0]); - int i; + size_t i; int rounds; if (pref == NULL) diff --git a/compat_timingsafe_bcmp.c b/compat_timingsafe_bcmp.c new file mode 100644 index 0000000..50e5c31 --- /dev/null +++ b/compat_timingsafe_bcmp.c @@ -0,0 +1,74 @@ + +/* $OpenBSD: timingsafe_bcmp.c,v 1.3 2015/08/31 02:53:57 guenther Exp $ */ +/* + * Copyright (c) 2010 Damien Miller. All rights reserved. + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +int +timingsafe_bcmp(const void *b1, const void *b2, size_t n) +{ + const unsigned char *p1 = b1, *p2 = b2; + int ret = 0; + + for (; n > 0; n--) + ret |= *p1++ ^ *p2++; + return (ret != 0); +} + +/* $OpenBSD: timingsafe_memcmp.c,v 1.2 2015/08/31 02:53:57 guenther Exp $ */ +/* + * Copyright (c) 2014 Google Inc. + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include + +int +timingsafe_memcmp(const void *b1, const void *b2, size_t len) +{ + const unsigned char *p1 = b1, *p2 = b2; + size_t i; + int res = 0, done = 0; + + for (i = 0; i < len; i++) { + /* lt is -1 if p1[i] < p2[i]; else 0. */ + int lt = (p1[i] - p2[i]) >> CHAR_BIT; + + /* gt is -1 if p1[i] > p2[i]; else 0. */ + int gt = (p2[i] - p1[i]) >> CHAR_BIT; + + /* cmp is 1 if p1[i] > p2[i]; -1 if p1[i] < p2[i]; else 0. */ + int cmp = lt - gt; + + /* set res = cmp if !done. */ + res |= cmp & ~done; + + /* set done if p1[i] != p2[i]. */ + done |= lt | gt; + } + + return (res); +} diff --git a/compats.c b/compats.c index b7208a9..f8c69a7 100644 --- a/compats.c +++ b/compats.c @@ -670,6 +670,7 @@ blf_cbc_decrypt(blf_ctx *c, u_int8_t *iva, u_int8_t *data, u_int32_t len) #include #include #include +#include #include #include #include @@ -694,7 +695,7 @@ static int decode_base64(u_int8_t *, size_t, const char *); * Generates a salt for this version of crypt. */ static int -bcrypt_initsalt(int log_rounds, uint8_t *salt, size_t saltbuflen) +bcrypt_initsalt(int log_rounds, char *salt, size_t saltbuflen) { uint8_t csalt[BCRYPT_MAXSALT]; @@ -833,7 +834,7 @@ bcrypt_hashpass(const char *key, const char *salt, char *encrypted, /* * user friendly functions */ -int +static int bcrypt_newhash(const char *pass, int log_rounds, char *hash, size_t hashlen) { char salt[BCRYPT_SALTSPACE]; @@ -929,7 +930,7 @@ static int decode_base64(u_int8_t *buffer, size_t len, const char *b64data) { u_int8_t *bp = buffer; - const u_int8_t *p = b64data; + const u_int8_t *p = (const u_int8_t *)b64data; u_int8_t c1, c2, c3, c4; while (bp < buffer + len) { @@ -971,7 +972,7 @@ decode_base64(u_int8_t *buffer, size_t len, const char *b64data) static int encode_base64(char *b64buffer, const u_int8_t *data, size_t len) { - u_int8_t *bp = b64buffer; + u_int8_t *bp = (u_int8_t *)b64buffer; const u_int8_t *p = data; u_int8_t c1, c2; @@ -1000,30 +1001,6 @@ encode_base64(char *b64buffer, const u_int8_t *data, size_t len) return 0; } -/* - * classic interface - */ -static char * -bcrypt_gensalt(u_int8_t log_rounds) -{ - static char gsalt[BCRYPT_SALTSPACE]; - - bcrypt_initsalt(log_rounds, gsalt, sizeof(gsalt)); - - return gsalt; -} - -static char * -bcrypt(const char *pass, const char *salt) -{ - static char gencrypted[BCRYPT_HASHSPACE]; - - if (bcrypt_hashpass(pass, salt, gencrypted, sizeof(gencrypted)) != 0) - return NULL; - - return gencrypted; -} - int crypt_checkpass(const char *pass, const char *goodhash) { @@ -1060,7 +1037,7 @@ crypt_newhash(const char *pass, const char *pref, char *hash, size_t hashlen) const char *errstr; const char *choices[] = { "blowfish", "bcrypt" }; size_t maxchoice = sizeof(choices) / sizeof(choices[0]); - int i; + size_t i; int rounds; if (pref == NULL) @@ -5280,3 +5257,79 @@ strtonum(const char *numstr, long long minval, long long maxval, return (ll); } #endif /* !HAVE_STRTONUM */ +#if !HAVE_TIMINGSAFE_BCMP + +/* $OpenBSD: timingsafe_bcmp.c,v 1.3 2015/08/31 02:53:57 guenther Exp $ */ +/* + * Copyright (c) 2010 Damien Miller. All rights reserved. + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +int +timingsafe_bcmp(const void *b1, const void *b2, size_t n) +{ + const unsigned char *p1 = b1, *p2 = b2; + int ret = 0; + + for (; n > 0; n--) + ret |= *p1++ ^ *p2++; + return (ret != 0); +} + +/* $OpenBSD: timingsafe_memcmp.c,v 1.2 2015/08/31 02:53:57 guenther Exp $ */ +/* + * Copyright (c) 2014 Google Inc. + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include + +int +timingsafe_memcmp(const void *b1, const void *b2, size_t len) +{ + const unsigned char *p1 = b1, *p2 = b2; + size_t i; + int res = 0, done = 0; + + for (i = 0; i < len; i++) { + /* lt is -1 if p1[i] < p2[i]; else 0. */ + int lt = (p1[i] - p2[i]) >> CHAR_BIT; + + /* gt is -1 if p1[i] > p2[i]; else 0. */ + int gt = (p2[i] - p1[i]) >> CHAR_BIT; + + /* cmp is 1 if p1[i] > p2[i]; -1 if p1[i] < p2[i]; else 0. */ + int cmp = lt - gt; + + /* set res = cmp if !done. */ + res |= cmp & ~done; + + /* set done if p1[i] != p2[i]. */ + done |= lt | gt; + } + + return (res); +} +#endif /* !HAVE_TIMINGSAFE_BCMP */ diff --git a/configure b/configure index dcd28dd..570ba1f 100755 --- a/configure +++ b/configure @@ -237,6 +237,7 @@ HAVE_MEMSET_S= HAVE_MKFIFOAT= HAVE_MKNODAT= HAVE_OSBYTEORDER_H= +HAVE_PASSWORD_LEN= HAVE_PATH_MAX= HAVE_PLEDGE= HAVE_PROGRAM_INVOCATION_SHORT_NAME= @@ -264,6 +265,7 @@ HAVE_SYS_SYSMACROS= HAVE_SYS_TREE= HAVE_SYSTRACE=0 HAVE_TERMIOS= +HAVE_TIMINGSAFE_BCMP= HAVE_UNVEIL= HAVE_WAIT_ANY= HAVE___PROGNAME= @@ -409,6 +411,7 @@ runtest memset_s MEMSET_S || true runtest mkfifoat MKFIFOAT || true runtest mknodat MKNODAT || true runtest osbyteorder_h OSBYTEORDER_H || true +runtest PASSWORD_LEN PASSWORD_LEN || true runtest PATH_MAX PATH_MAX || true runtest pledge PLEDGE || true runtest program_invocation_short_name PROGRAM_INVOCATION_SHORT_NAME || true @@ -435,6 +438,7 @@ runtest sys_sysmacros_h SYS_SYSMACROS_H || true runtest sys_queue SYS_QUEUE || true runtest sys_tree SYS_TREE || true runtest termios TERMIOS || true +runtest timingsafe_bcmp TIMINGSAFE_BCMP || true runtest unveil UNVEIL || true runtest WAIT_ANY WAIT_ANY || true runtest __progname __PROGNAME || true @@ -542,6 +546,11 @@ then echo fi +if [ ${HAVE_PASSWORD_LEN} -eq 0 ] +then + echo "#define _PASSWORD_LEN (128) /* pwd.h */" + echo +fi if [ ${HAVE_INFTIM} -eq 0 ] then @@ -574,6 +583,7 @@ cat << __HEREDOC__ #define HAVE_MKFIFOAT ${HAVE_MKFIFOAT} #define HAVE_MKNODAT ${HAVE_MKNODAT} #define HAVE_OSBYTEORDER_H ${HAVE_OSBYTEORDER_H} +#define HAVE_PASSWORD_LEN ${HAVE_PASSWORD_LEN} #define HAVE_PATH_MAX ${HAVE_PATH_MAX} #define HAVE_PLEDGE ${HAVE_PLEDGE} #define HAVE_PROGRAM_INVOCATION_SHORT_NAME ${HAVE_PROGRAM_INVOCATION_SHORT_NAME} @@ -602,6 +612,7 @@ cat << __HEREDOC__ #define HAVE_SYSTRACE ${HAVE_SYSTRACE} #define HAVE_UNVEIL ${HAVE_UNVEIL} #define HAVE_TERMIOS ${HAVE_TERMIOS} +#define HAVE_TIMINGSAFE_BCMP ${HAVE_TIMINGSAFE_BCMP} #define HAVE_WAIT_ANY ${HAVE_WAIT_ANY} #define HAVE___PROGNAME ${HAVE___PROGNAME} @@ -2541,6 +2552,14 @@ void blf_cbc_decrypt(blf_ctx *, u_int8_t *, u_int8_t *, u_int32_t); __HEREDOC__ fi +if [ ${HAVE_TIMINGSAFE_BCMP} -eq 0 ]; then + cat << __HEREDOC__ +int timingsafe_bcmp(const void *, const void *, size_t); +int timingsafe_memcmp(const void *, const void *, size_t); + +__HEREDOC__ +fi + cat << __HEREDOC__ #endif /*!OCONFIGURE_CONFIG_H*/ __HEREDOC__ diff --git a/configure.in b/configure.in index 74a994d..41106bc 100644 --- a/configure.in +++ b/configure.in @@ -237,6 +237,7 @@ HAVE_MEMSET_S= HAVE_MKFIFOAT= HAVE_MKNODAT= HAVE_OSBYTEORDER_H= +HAVE_PASSWORD_LEN= HAVE_PATH_MAX= HAVE_PLEDGE= HAVE_PROGRAM_INVOCATION_SHORT_NAME= @@ -264,6 +265,7 @@ HAVE_SYS_SYSMACROS= HAVE_SYS_TREE= HAVE_SYSTRACE=0 HAVE_TERMIOS= +HAVE_TIMINGSAFE_BCMP= HAVE_UNVEIL= HAVE_WAIT_ANY= HAVE___PROGNAME= @@ -409,6 +411,7 @@ runtest memset_s MEMSET_S || true runtest mkfifoat MKFIFOAT || true runtest mknodat MKNODAT || true runtest osbyteorder_h OSBYTEORDER_H || true +runtest PASSWORD_LEN PASSWORD_LEN || true runtest PATH_MAX PATH_MAX || true runtest pledge PLEDGE || true runtest program_invocation_short_name PROGRAM_INVOCATION_SHORT_NAME || true @@ -435,6 +438,7 @@ runtest sys_sysmacros_h SYS_SYSMACROS_H || true runtest sys_queue SYS_QUEUE || true runtest sys_tree SYS_TREE || true runtest termios TERMIOS || true +runtest timingsafe_bcmp TIMINGSAFE_BCMP || true runtest unveil UNVEIL || true runtest WAIT_ANY WAIT_ANY || true runtest __progname __PROGNAME || true @@ -542,6 +546,11 @@ then echo fi +if [ ${HAVE_PASSWORD_LEN} -eq 0 ] +then + echo "#define _PASSWORD_LEN (128) /* pwd.h */" + echo +fi if [ ${HAVE_INFTIM} -eq 0 ] then @@ -574,6 +583,7 @@ cat << __HEREDOC__ #define HAVE_MKFIFOAT ${HAVE_MKFIFOAT} #define HAVE_MKNODAT ${HAVE_MKNODAT} #define HAVE_OSBYTEORDER_H ${HAVE_OSBYTEORDER_H} +#define HAVE_PASSWORD_LEN ${HAVE_PASSWORD_LEN} #define HAVE_PATH_MAX ${HAVE_PATH_MAX} #define HAVE_PLEDGE ${HAVE_PLEDGE} #define HAVE_PROGRAM_INVOCATION_SHORT_NAME ${HAVE_PROGRAM_INVOCATION_SHORT_NAME} @@ -602,6 +612,7 @@ cat << __HEREDOC__ #define HAVE_SYSTRACE ${HAVE_SYSTRACE} #define HAVE_UNVEIL ${HAVE_UNVEIL} #define HAVE_TERMIOS ${HAVE_TERMIOS} +#define HAVE_TIMINGSAFE_BCMP ${HAVE_TIMINGSAFE_BCMP} #define HAVE_WAIT_ANY ${HAVE_WAIT_ANY} #define HAVE___PROGNAME ${HAVE___PROGNAME} @@ -1183,6 +1194,14 @@ void blf_cbc_decrypt(blf_ctx *, u_int8_t *, u_int8_t *, u_int32_t); __HEREDOC__ fi +if [ ${HAVE_TIMINGSAFE_BCMP} -eq 0 ]; then + cat << __HEREDOC__ +int timingsafe_bcmp(const void *, const void *, size_t); +int timingsafe_memcmp(const void *, const void *, size_t); + +__HEREDOC__ +fi + cat << __HEREDOC__ #endif /*!OCONFIGURE_CONFIG_H*/ __HEREDOC__ diff --git a/regress/PASSWORD_LEN.c b/regress/PASSWORD_LEN.c new file mode 100644 index 0000000..4bbea6e --- /dev/null +++ b/regress/PASSWORD_LEN.c @@ -0,0 +1,13 @@ +#include "../config.h" + +#include + +int +main(void) +{ +#ifdef _PASSWORD_LEN + return 0; +#else + return 1; +#endif +} diff --git a/regress/crypt_newhash.c b/regress/crypt_newhash.c index cae5639..4627b33 100644 --- a/regress/crypt_newhash.c +++ b/regress/crypt_newhash.c @@ -1,6 +1,8 @@ #include "../config.h" -#include /* _PASSWORD_LEN */ +#if HAVE_PASSWORD_LEN +# include /* _PASSWORD_LEN */ +#endif #include int diff --git a/regress/strndup.c b/regress/strndup.c index 06d5b66..4987cbf 100644 --- a/regress/strndup.c +++ b/regress/strndup.c @@ -15,11 +15,5 @@ main(void) if (strcmp(buf, "ab")) return 1; - buf = strndup("ab", 4); - if (buf == NULL) - return 1; - if (strcmp(buf, "ab")) - return 1; - return 0; } diff --git a/regress/timingsafe_bcmp.c b/regress/timingsafe_bcmp.c new file mode 100644 index 0000000..0a42b0d --- /dev/null +++ b/regress/timingsafe_bcmp.c @@ -0,0 +1,16 @@ +#include "../config.h" + +#if HAVE_TIMINGSAFE_BCMP +# include +#endif + +int main(void) +{ + const char *a = "foo", *b = "bar"; + + if (timingsafe_bcmp(a, b, 2) == 0 || + timingsafe_memcmp(a, b, 2) == 0) + return 1; + + return 0; +} diff --git a/test-PASSWORD_LEN.c b/test-PASSWORD_LEN.c new file mode 100644 index 0000000..0d4f161 --- /dev/null +++ b/test-PASSWORD_LEN.c @@ -0,0 +1,13 @@ +/* + * Linux doesn't have this. + */ + +#include +#include + +int +main(void) +{ + printf("_PASSWORD_LEN is defined to be %ld\n", (long)_PASSWORD_LEN); + return 0; +} diff --git a/test-crypt.c b/test-crypt.c index db0330f..4345aa7 100644 --- a/test-crypt.c +++ b/test-crypt.c @@ -1,6 +1,6 @@ #if defined(__linux__) || defined(__wasi__) -# define _GNU_SOURCE /* old glibc */ # define _DEFAULT_SOURCE /* new glibc */ +# define _XOPEN_SOURCE /* old glibc */ #endif #if defined(__sun) # ifndef _XOPEN_SOURCE /* SunOS already defines */ diff --git a/test-crypt_newhash.c b/test-crypt_newhash.c index 14debb8..0245003 100644 --- a/test-crypt_newhash.c +++ b/test-crypt_newhash.c @@ -1,11 +1,10 @@ -#include /* _PASSWORD_LEN */ #include int main(void) { const char *v = "password"; - char hash[_PASSWORD_LEN]; + char hash[128]; if (crypt_newhash(v, "bcrypt,a", hash, sizeof(hash)) == -1) return 1; diff --git a/test-timingsafe_bcmp.c b/test-timingsafe_bcmp.c new file mode 100644 index 0000000..653997f --- /dev/null +++ b/test-timingsafe_bcmp.c @@ -0,0 +1,12 @@ +#include + +int main(void) +{ + const char *a = "foo", *b = "bar"; + + if (timingsafe_bcmp(a, b, 2) && + timingsafe_memcmp(a, b, 2)) + return 1; + + return 0; +} diff --git a/tests.c b/tests.c index 843f544..d46862b 100644 --- a/tests.c +++ b/tests.c @@ -86,8 +86,8 @@ main(void) #endif /* TEST_CAPSICUM */ #if TEST_CRYPT #if defined(__linux__) || defined(__wasi__) -# define _GNU_SOURCE /* old glibc */ # define _DEFAULT_SOURCE /* new glibc */ +# define _XOPEN_SOURCE /* old glibc */ #endif #if defined(__sun) # ifndef _XOPEN_SOURCE /* SunOS already defines */ @@ -109,14 +109,13 @@ int main(void) } #endif /* TEST_CRYPT */ #if TEST_CRYPT_NEWHASH -#include /* _PASSWORD_LEN */ #include int main(void) { const char *v = "password"; - char hash[_PASSWORD_LEN]; + char hash[128]; if (crypt_newhash(v, "bcrypt,a", hash, sizeof(hash)) == -1) return 1; @@ -389,6 +388,21 @@ main(void) return !OSSwapHostToLittleInt32(23); } #endif /* TEST_OSBYTEORDER_H */ +#if TEST_PASSWORD_LEN +/* + * Linux doesn't have this. + */ + +#include +#include + +int +main(void) +{ + printf("_PASSWORD_LEN is defined to be %ld\n", (long)_PASSWORD_LEN); + return 0; +} +#endif /* TEST_PASSWORD_LEN */ #if TEST_PATH_MAX /* * POSIX allows PATH_MAX to not be defined, see @@ -792,6 +806,20 @@ main(void) return size.ws_col; } #endif /* TEST_TERMIOS */ +#if TEST_TIMINGSAFE_BCMP +#include + +int main(void) +{ + const char *a = "foo", *b = "bar"; + + if (timingsafe_bcmp(a, b, 2) && + timingsafe_memcmp(a, b, 2)) + return 1; + + return 0; +} +#endif /* TEST_TIMINGSAFE_BCMP */ #if TEST_UNVEIL #include