From f5202f7c1ec8a765f4d0325e56f6d89ca22bef28 Mon Sep 17 00:00:00 2001
From: Harishankar <v.harishankar@gmail.com>
Date: Tue, 5 May 2020 15:52:15 +0530
Subject: [PATCH] Changed encryption to use OpenSSL crypto message digest
 Changed password encryption to use OpenSSL crypto message digest instead of
 using crypt function which is inconsistent across *nix and also deprecated

---
 Makefile   |  4 ++--
 wordblox.h | 58 +++++++++++++++++++++++++++++++++++++++++++++---------
 2 files changed, 51 insertions(+), 11 deletions(-)

diff --git a/Makefile b/Makefile
index 4936f00..34a60ab 100644
--- a/Makefile
+++ b/Makefile
@@ -1,8 +1,8 @@
 all:  wordblox wordblox_player
 
 wordblox: wordblox.c wordblox.h constantstrings.h
-	clang wordblox.c -lgd -lz -lcrypt -o wordblox
+	clang wordblox.c -lgd -lz -lcrypto -o wordblox
 
 wordblox_player: wordblox_player.c wordblox.h wordblox_resource.c wordblox.gresource.xml wordblox_player.glade constantstrings.h
 		glib-compile-resources wordblox.gresource.xml --target wordblox_resource.c --generate-source
-		clang -rdynamic -lz -lgd -lcrypt -o wordblox_player wordblox_player.c -Wall `pkg-config --cflags --libs gtk+-3.0`
+		clang -rdynamic -lz -lgd -lcrypto -o wordblox_player wordblox_player.c -Wall `pkg-config --cflags --libs gtk+-3.0`
diff --git a/wordblox.h b/wordblox.h
index 2978e0d..b657986 100644
--- a/wordblox.h
+++ b/wordblox.h
@@ -9,6 +9,9 @@
 #include <gdfontmb.h>
 #include <gdfontg.h>
 #include <zlib.h>
+#include <openssl/conf.h>
+#include <openssl/evp.h>
+#include <openssl/err.h>
 #include "constantstrings.h"
 
 #define MAX_PUZZLE_SIZE 25
@@ -68,6 +71,35 @@ typedef struct {
 	int cur_col;
 } MainPlayerData;
 
+/* compute the hash of a password */
+void digest_message(const unsigned char *message, 
+	size_t message_len, unsigned char **digest, unsigned int *digest_len)
+{
+	EVP_MD_CTX *mdctx;
+
+	if((mdctx = EVP_MD_CTX_new()) == NULL)
+		goto err;
+
+	if(1 != EVP_DigestInit_ex(mdctx, EVP_sha256(), NULL))
+		goto err;
+
+	if(1 != EVP_DigestUpdate(mdctx, message, message_len))
+		goto err;
+
+	if((*digest = (unsigned char *)
+		OPENSSL_malloc(EVP_MD_size(EVP_sha256()))) == NULL)
+		goto err;
+
+	if(1 != EVP_DigestFinal_ex(mdctx, *digest, digest_len))
+		goto err;
+
+	EVP_MD_CTX_free(mdctx);
+	return;
+err:
+	EVP_MD_CTX_free(mdctx);
+	ERR_print_errors_fp(stderr);	
+	exit (2);
+}
 
 /* get a number from the user */
 int get_num ()
@@ -86,11 +118,17 @@ bool verify_password (Puzzle *p, const char* password)
 		return true;
 		
 	/* hash the user input password and compare it with the stored password */
-	char* hashed_password = crypt (password, (const char *)p->salt);
+	unsigned char* hashed_password;
+	unsigned int len;
+	digest_message ((const unsigned char *)password, strlen(password),
+						&hashed_password, &len);
 	
-	if (strcmp (p->hashed_password, hashed_password) == 0)
+	if (strcmp (p->hashed_password, (const char*) hashed_password) == 0)
+	{
+		OPENSSL_free (hashed_password);
 		return true;
-		
+	}
+	OPENSSL_free (hashed_password);	
 	return false;
 }
 
@@ -105,12 +143,14 @@ void set_puzzle_password (Puzzle *p, const char *password)
 	}
 	else 
 	{
-		srand (time(NULL));
-		char salt[256];
-		sprintf (salt, "puzzle%d", rand()%1000);
-		char* hashedpwd = crypt (password, (const char*)salt);
-		strcpy (p->hashed_password, hashedpwd);
-		strcpy (p->salt, salt);
+
+		unsigned char* hashedpwd;
+		unsigned int len;
+		digest_message ((const unsigned char *)password, strlen(password),
+						&hashedpwd, &len);
+		strcpy (p->hashed_password, (const char *)hashedpwd);
+		strcpy (p->salt, "\0");
+		OPENSSL_free (hashedpwd);
 	}
 }
 
-- 
2.20.1