git: 42875692d7c3 - main - dns/dnsdist: re-enable scrypt hashing

Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: Dave Cottlehuber <dch_at_FreeBSD.org>
Date: Thu, 03 Nov 2022 22:40:01 UTC
The branch main has been updated by dch:

URL: https://cgit.FreeBSD.org/ports/commit/?id=42875692d7c3ba04dad1852db3d2c9e4ce8656ba

commit 42875692d7c3ba04dad1852db3d2c9e4ce8656ba
Author:     Dave Cottlehuber <dch@FreeBSD.org>
AuthorDate: 2022-11-03 07:35:46 +0000
Commit:     Dave Cottlehuber <dch@FreeBSD.org>
CommitDate: 2022-11-03 22:38:52 +0000

    dns/dnsdist: re-enable scrypt hashing
    
    PR:             266722
---
 dns/dnsdist/files/patch-credentials.cc | 101 ---------------------------------
 1 file changed, 101 deletions(-)

diff --git a/dns/dnsdist/files/patch-credentials.cc b/dns/dnsdist/files/patch-credentials.cc
deleted file mode 100644
index 4d71e65ad7aa..000000000000
--- a/dns/dnsdist/files/patch-credentials.cc
+++ /dev/null
@@ -1,101 +0,0 @@
---- credentials.cc.orig	2021-11-23 18:39:17 UTC
-+++ credentials.cc
-@@ -28,7 +28,7 @@
- #include <sodium.h>
- #endif
- 
--#ifdef HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT
-+#if defined(HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT) && defined(EVP_PKEY_SCRYPT)
- #include <openssl/evp.h>
- #include <openssl/kdf.h>
- #include <openssl/rand.h>
-@@ -42,7 +42,7 @@
- #include "credentials.hh"
- #include "misc.hh"
- 
--#ifdef HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT
-+#if defined(HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT) && defined(EVP_PKEY_SCRYPT)
- static size_t const pwhash_max_size = 128U; /* maximum size of the output */
- static size_t const pwhash_output_size = 32U; /* size of the hashed output (before base64 encoding) */
- static unsigned int const pwhash_salt_size = 16U; /* size of the salt (before base64 encoding */
-@@ -95,7 +95,7 @@ void SensitiveData::clear()
- 
- static std::string hashPasswordInternal(const std::string& password, const std::string& salt, uint64_t workFactor, uint64_t parallelFactor, uint64_t blockSize)
- {
--#ifdef HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT
-+#if defined(HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT) && defined(EVP_PKEY_SCRYPT)
-   auto pctx = std::unique_ptr<EVP_PKEY_CTX, void (*)(EVP_PKEY_CTX*)>(EVP_PKEY_CTX_new_id(EVP_PKEY_SCRYPT, nullptr), EVP_PKEY_CTX_free);
-   if (!pctx) {
-     throw std::runtime_error("Error getting a scrypt context to hash the supplied password");
-@@ -142,7 +142,7 @@ static std::string hashPasswordInternal(const std::str
- 
- static std::string generateRandomSalt()
- {
--#ifdef HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT
-+#if defined(HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT) && defined(EVP_PKEY_SCRYPT)
-   /* generate a random salt */
-   std::string salt;
-   salt.resize(pwhash_salt_size);
-@@ -159,7 +159,7 @@ static std::string generateRandomSalt()
- 
- std::string hashPassword(const std::string& password, uint64_t workFactor, uint64_t parallelFactor, uint64_t blockSize)
- {
--#ifdef HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT
-+#if defined(HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT) && defined(EVP_PKEY_SCRYPT)
-   std::string result;
-   result.reserve(pwhash_max_size);
- 
-@@ -187,7 +187,7 @@ std::string hashPassword(const std::string& password, 
- 
- std::string hashPassword(const std::string& password)
- {
--#ifdef HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT
-+#if defined(HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT) && defined(EVP_PKEY_SCRYPT)
-   return hashPassword(password, CredentialsHolder::s_defaultWorkFactor, CredentialsHolder::s_defaultParallelFactor, CredentialsHolder::s_defaultBlockSize);
- #else
-   throw std::runtime_error("Hashing a password requires scrypt support in OpenSSL, and it is not available");
-@@ -196,7 +196,7 @@ std::string hashPassword(const std::string& password)
- 
- bool verifyPassword(const std::string& binaryHash, const std::string& salt, uint64_t workFactor, uint64_t parallelFactor, uint64_t blockSize, const std::string& binaryPassword)
- {
--#ifdef HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT
-+#if defined(HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT) && defined(EVP_PKEY_SCRYPT)
-   auto expected = hashPasswordInternal(binaryPassword, salt, workFactor, parallelFactor, blockSize);
-   return constantTimeStringEquals(expected, binaryHash);
- #else
-@@ -207,7 +207,7 @@ bool verifyPassword(const std::string& binaryHash, con
- /* parse a hashed password in PHC string format */
- static void parseHashed(const std::string& hash, std::string& salt, std::string& hashedPassword, uint64_t& workFactor, uint64_t& parallelFactor, uint64_t& blockSize)
- {
--#ifdef HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT
-+#if defined(HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT) && defined(EVP_PKEY_SCRYPT)
-   auto parametersEnd = hash.find('$', pwhash_prefix.size());
-   if (parametersEnd == std::string::npos || parametersEnd == hash.size()) {
-     throw std::runtime_error("Invalid hashed password format, no parameters");
-@@ -276,7 +276,7 @@ bool verifyPassword(const std::string& hash, const std
-     return false;
-   }
- 
--#ifdef HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT
-+#if defined(HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT) && defined(EVP_PKEY_SCRYPT)
-   std::string salt;
-   std::string hashedPassword;
-   uint64_t workFactor = 0;
-@@ -294,7 +294,7 @@ bool verifyPassword(const std::string& hash, const std
- 
- bool isPasswordHashed(const std::string& password)
- {
--#ifdef HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT
-+#if defined(HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT) && defined(EVP_PKEY_SCRYPT)
-   if (password.size() < pwhash_prefix_size || password.size() > pwhash_max_size) {
-     return false;
-   }
-@@ -389,7 +389,7 @@ bool CredentialsHolder::matches(const std::string& pas
- 
- bool CredentialsHolder::isHashingAvailable()
- {
--#ifdef HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT
-+#if defined(HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT) && defined(EVP_PKEY_SCRYPT)
-   return true;
- #else
-   return false;