From f5202f7c1ec8a765f4d0325e56f6d89ca22bef28 Mon Sep 17 00:00:00 2001 From: Harishankar Date: Tue, 5 May 2020 15:52:15 +0530 Subject: [PATCH] Changed encryption to use OpenSSL crypto message digest Changed password encryption to use OpenSSL crypto message digest instead of using crypt function which is inconsistent across *nix and also deprecated --- Makefile | 4 ++-- wordblox.h | 58 +++++++++++++++++++++++++++++++++++++++++++++--------- 2 files changed, 51 insertions(+), 11 deletions(-) diff --git a/Makefile b/Makefile index 4936f00..34a60ab 100644 --- a/Makefile +++ b/Makefile @@ -1,8 +1,8 @@ all: wordblox wordblox_player wordblox: wordblox.c wordblox.h constantstrings.h - clang wordblox.c -lgd -lz -lcrypt -o wordblox + clang wordblox.c -lgd -lz -lcrypto -o wordblox wordblox_player: wordblox_player.c wordblox.h wordblox_resource.c wordblox.gresource.xml wordblox_player.glade constantstrings.h glib-compile-resources wordblox.gresource.xml --target wordblox_resource.c --generate-source - clang -rdynamic -lz -lgd -lcrypt -o wordblox_player wordblox_player.c -Wall `pkg-config --cflags --libs gtk+-3.0` + clang -rdynamic -lz -lgd -lcrypto -o wordblox_player wordblox_player.c -Wall `pkg-config --cflags --libs gtk+-3.0` diff --git a/wordblox.h b/wordblox.h index 2978e0d..b657986 100644 --- a/wordblox.h +++ b/wordblox.h @@ -9,6 +9,9 @@ #include #include #include +#include +#include +#include #include "constantstrings.h" #define MAX_PUZZLE_SIZE 25 @@ -68,6 +71,35 @@ typedef struct { int cur_col; } MainPlayerData; +/* compute the hash of a password */ +void digest_message(const unsigned char *message, + size_t message_len, unsigned char **digest, unsigned int *digest_len) +{ + EVP_MD_CTX *mdctx; + + if((mdctx = EVP_MD_CTX_new()) == NULL) + goto err; + + if(1 != EVP_DigestInit_ex(mdctx, EVP_sha256(), NULL)) + goto err; + + if(1 != EVP_DigestUpdate(mdctx, message, message_len)) + goto err; + + if((*digest = (unsigned char *) + OPENSSL_malloc(EVP_MD_size(EVP_sha256()))) == NULL) + goto err; + + if(1 != EVP_DigestFinal_ex(mdctx, *digest, digest_len)) + goto err; + + EVP_MD_CTX_free(mdctx); + return; +err: + EVP_MD_CTX_free(mdctx); + ERR_print_errors_fp(stderr); + exit (2); +} /* get a number from the user */ int get_num () @@ -86,11 +118,17 @@ bool verify_password (Puzzle *p, const char* password) return true; /* hash the user input password and compare it with the stored password */ - char* hashed_password = crypt (password, (const char *)p->salt); + unsigned char* hashed_password; + unsigned int len; + digest_message ((const unsigned char *)password, strlen(password), + &hashed_password, &len); - if (strcmp (p->hashed_password, hashed_password) == 0) + if (strcmp (p->hashed_password, (const char*) hashed_password) == 0) + { + OPENSSL_free (hashed_password); return true; - + } + OPENSSL_free (hashed_password); return false; } @@ -105,12 +143,14 @@ void set_puzzle_password (Puzzle *p, const char *password) } else { - srand (time(NULL)); - char salt[256]; - sprintf (salt, "puzzle%d", rand()%1000); - char* hashedpwd = crypt (password, (const char*)salt); - strcpy (p->hashed_password, hashedpwd); - strcpy (p->salt, salt); + + unsigned char* hashedpwd; + unsigned int len; + digest_message ((const unsigned char *)password, strlen(password), + &hashedpwd, &len); + strcpy (p->hashed_password, (const char *)hashedpwd); + strcpy (p->salt, "\0"); + OPENSSL_free (hashedpwd); } } -- 2.20.1