diff options
Diffstat (limited to 'credentials.cc')
-rw-r--r-- | credentials.cc | 19 |
1 files changed, 10 insertions, 9 deletions
diff --git a/credentials.cc b/credentials.cc index 137f1b7..ec11732 100644 --- a/credentials.cc +++ b/credentials.cc @@ -40,6 +40,7 @@ #include <unistd.h> #include "base64.hh" +#include "dns_random.hh" #include "credentials.hh" #include "misc.hh" @@ -68,7 +69,7 @@ SensitiveData::SensitiveData(std::string&& data) : #endif } -SensitiveData& SensitiveData::operator=(SensitiveData&& rhs) +SensitiveData& SensitiveData::operator=(SensitiveData&& rhs) noexcept { d_data = std::move(rhs.d_data); rhs.clear(); @@ -96,7 +97,7 @@ void SensitiveData::clear() d_data.clear(); } -static std::string hashPasswordInternal(const std::string& password, const std::string& salt, uint64_t workFactor, uint64_t parallelFactor, uint64_t blockSize) +static std::string hashPasswordInternal([[maybe_unused]] const std::string& password, [[maybe_unused]] const std::string& salt, [[maybe_unused]] uint64_t workFactor, [[maybe_unused]] uint64_t parallelFactor, [[maybe_unused]] uint64_t blockSize) { #if !defined(DISABLE_HASHED_CREDENTIALS) && defined(HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT) auto pctx = std::unique_ptr<EVP_PKEY_CTX, void (*)(EVP_PKEY_CTX*)>(EVP_PKEY_CTX_new_id(EVP_PKEY_SCRYPT, nullptr), EVP_PKEY_CTX_free); @@ -165,7 +166,7 @@ static std::string generateRandomSalt() #endif } -std::string hashPassword(const std::string& password, uint64_t workFactor, uint64_t parallelFactor, uint64_t blockSize) +std::string hashPassword([[maybe_unused]] const std::string& password, [[maybe_unused]] uint64_t workFactor, [[maybe_unused]] uint64_t parallelFactor, [[maybe_unused]] uint64_t blockSize) { #if !defined(DISABLE_HASHED_CREDENTIALS) && defined(HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT) if (workFactor == 0) { @@ -197,7 +198,7 @@ std::string hashPassword(const std::string& password, uint64_t workFactor, uint6 #endif } -std::string hashPassword(const std::string& password) +std::string hashPassword([[maybe_unused]] const std::string& password) { #if !defined(DISABLE_HASHED_CREDENTIALS) && defined(HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT) return hashPassword(password, CredentialsHolder::s_defaultWorkFactor, CredentialsHolder::s_defaultParallelFactor, CredentialsHolder::s_defaultBlockSize); @@ -206,7 +207,7 @@ std::string hashPassword(const std::string& password) #endif } -bool verifyPassword(const std::string& binaryHash, const std::string& salt, uint64_t workFactor, uint64_t parallelFactor, uint64_t blockSize, const std::string& binaryPassword) +bool verifyPassword([[maybe_unused]] const std::string& binaryHash, [[maybe_unused]] const std::string& salt, [[maybe_unused]] uint64_t workFactor, [[maybe_unused]] uint64_t parallelFactor, [[maybe_unused]] uint64_t blockSize, [[maybe_unused]] const std::string& binaryPassword) { #if !defined(DISABLE_HASHED_CREDENTIALS) && defined(HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT) auto expected = hashPasswordInternal(binaryPassword, salt, workFactor, parallelFactor, blockSize); @@ -217,7 +218,7 @@ bool verifyPassword(const std::string& binaryHash, const std::string& salt, uint } /* parse a hashed password in PHC string format */ -static void parseHashed(const std::string& hash, std::string& salt, std::string& hashedPassword, uint64_t& workFactor, uint64_t& parallelFactor, uint64_t& blockSize) +static void parseHashed([[maybe_unused]] const std::string& hash, [[maybe_unused]] std::string& salt, [[maybe_unused]] std::string& hashedPassword, [[maybe_unused]] uint64_t& workFactor, [[maybe_unused]] uint64_t& parallelFactor, [[maybe_unused]] uint64_t& blockSize) { #if !defined(DISABLE_HASHED_CREDENTIALS) && defined(HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT) auto parametersEnd = hash.find('$', pwhash_prefix.size()); @@ -282,7 +283,7 @@ static void parseHashed(const std::string& hash, std::string& salt, std::string& #endif } -bool verifyPassword(const std::string& hash, const std::string& password) +bool verifyPassword(const std::string& hash, [[maybe_unused]] const std::string& password) { if (!isPasswordHashed(hash)) { return false; @@ -304,7 +305,7 @@ bool verifyPassword(const std::string& hash, const std::string& password) #endif } -bool isPasswordHashed(const std::string& password) +bool isPasswordHashed([[maybe_unused]] const std::string& password) { #if !defined(DISABLE_HASHED_CREDENTIALS) && defined(HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT) if (password.size() < pwhash_prefix_size || password.size() > pwhash_max_size) { @@ -373,7 +374,7 @@ CredentialsHolder::CredentialsHolder(std::string&& password, bool hashPlaintext) } if (!d_isHashed) { - d_fallbackHashPerturb = random(); + d_fallbackHashPerturb = dns_random_uint32(); d_fallbackHash = burtle(reinterpret_cast<const unsigned char*>(d_credentials.getString().data()), d_credentials.getString().size(), d_fallbackHashPerturb); } } |