Changed encryption to use OpenSSL crypto message digest

Changed password encryption to use OpenSSL crypto message digest
instead of using crypt function which is inconsistent across *nix
and also deprecated

diff --git a/Makefile b/Makefile
index 4936f00..34a60ab 100644 (file)
--- a/Makefile
+++ b/Makefile
@@ -1,8 +1,8 @@
 all:  wordblox wordblox_player
 
 wordblox: wordblox.c wordblox.h constantstrings.h
-       clang wordblox.c -lgd -lz -lcrypt -o wordblox
+       clang wordblox.c -lgd -lz -lcrypto -o wordblox
 
 wordblox_player: wordblox_player.c wordblox.h wordblox_resource.c wordblox.gresource.xml wordblox_player.glade constantstrings.h
                glib-compile-resources wordblox.gresource.xml --target wordblox_resource.c --generate-source
-               clang -rdynamic -lz -lgd -lcrypt -o wordblox_player wordblox_player.c -Wall `pkg-config --cflags --libs gtk+-3.0`
+               clang -rdynamic -lz -lgd -lcrypto -o wordblox_player wordblox_player.c -Wall `pkg-config --cflags --libs gtk+-3.0`

diff --git a/wordblox.h b/wordblox.h
index 2978e0d..b657986 100644 (file)
--- a/wordblox.h
+++ b/wordblox.h
@@ -9,6 +9,9 @@
 #include <gdfontmb.h>
 #include <gdfontg.h>
 #include <zlib.h>
+#include <openssl/conf.h>
+#include <openssl/evp.h>
+#include <openssl/err.h>
 #include "constantstrings.h"
 
 #define MAX_PUZZLE_SIZE 25
@@ -68,6 +71,35 @@ typedef struct {
        int cur_col;
 } MainPlayerData;
 
+/* compute the hash of a password */
+void digest_message(const unsigned char *message, 
+       size_t message_len, unsigned char **digest, unsigned int *digest_len)
+{
+       EVP_MD_CTX *mdctx;
+
+       if((mdctx = EVP_MD_CTX_new()) == NULL)
+               goto err;
+
+       if(1 != EVP_DigestInit_ex(mdctx, EVP_sha256(), NULL))
+               goto err;
+
+       if(1 != EVP_DigestUpdate(mdctx, message, message_len))
+               goto err;
+
+       if((*digest = (unsigned char *)
+               OPENSSL_malloc(EVP_MD_size(EVP_sha256()))) == NULL)
+               goto err;
+
+       if(1 != EVP_DigestFinal_ex(mdctx, *digest, digest_len))
+               goto err;
+
+       EVP_MD_CTX_free(mdctx);
+       return;
+err:
+       EVP_MD_CTX_free(mdctx);
+       ERR_print_errors_fp(stderr);    
+       exit (2);
+}
 
 /* get a number from the user */
 int get_num ()
@@ -86,11 +118,17 @@ bool verify_password (Puzzle *p, const char* password)
                return true;
                
        /* hash the user input password and compare it with the stored password */
-       char* hashed_password = crypt (password, (const char *)p->salt);
+       unsigned char* hashed_password;
+       unsigned int len;
+       digest_message ((const unsigned char *)password, strlen(password),
+                                               &hashed_password, &len);
        
-       if (strcmp (p->hashed_password, hashed_password) == 0)
+       if (strcmp (p->hashed_password, (const char*) hashed_password) == 0)
+       {
+               OPENSSL_free (hashed_password);
                return true;
-               
+       }
+       OPENSSL_free (hashed_password); 
        return false;
 }
 
@@ -105,12 +143,14 @@ void set_puzzle_password (Puzzle *p, const char *password)
        }
        else 
        {
-               srand (time(NULL));
-               char salt[256];
-               sprintf (salt, "puzzle%d", rand()%1000);
-               char* hashedpwd = crypt (password, (const char*)salt);
-               strcpy (p->hashed_password, hashedpwd);
-               strcpy (p->salt, salt);
+
+               unsigned char* hashedpwd;
+               unsigned int len;
+               digest_message ((const unsigned char *)password, strlen(password),
+                                               &hashedpwd, &len);
+               strcpy (p->hashed_password, (const char *)hashedpwd);
+               strcpy (p->salt, "\0");
+               OPENSSL_free (hashedpwd);
        }
 }