Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:54098 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 72202 invoked from network); 19 Jul 2011 23:37:24 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 19 Jul 2011 23:37:24 -0000 Authentication-Results: pb1.pair.com header.from=solar@openwall.com; sender-id=pass Authentication-Results: pb1.pair.com smtp.mail=solar@openwall.com; spf=pass; sender-id=pass Received-SPF: pass (pb1.pair.com: domain openwall.com designates 195.42.179.200 as permitted sender) X-PHP-List-Original-Sender: solar@openwall.com X-Host-Fingerprint: 195.42.179.200 mother.openwall.net Received: from [195.42.179.200] ([195.42.179.200:58050] helo=mother.openwall.net) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id AC/33-48320-235162E4 for ; Tue, 19 Jul 2011 19:37:23 -0400 Received: (qmail 21508 invoked from network); 19 Jul 2011 23:37:19 -0000 Received: from localhost (HELO pvt.openwall.com) (127.0.0.1) by localhost with SMTP; 19 Jul 2011 23:37:19 -0000 Received: by pvt.openwall.com (Postfix, from userid 503) id 640DF2FD2D; Wed, 20 Jul 2011 03:37:14 +0400 (MSD) Date: Wed, 20 Jul 2011 03:37:14 +0400 To: Pierre Joye Cc: PHP Internals List Message-ID: <20110719233714.GA28946@openwall.com> References: <20110717182616.GA17288@openwall.com> Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="9amGYk9869ThD9tj" Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.4.2.3i Subject: Re: [PHP-DEV] [PATCH] crypt_blowfish 1.2 From: solar@openwall.com (Solar Designer) --9amGYk9869ThD9tj Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Hi, On Mon, Jul 18, 2011 at 11:27:32PM +0200, Pierre Joye wrote: > Thanks for the patches, applied to all active branches. Thank you! > About the tests, it would be very good to have them ported as phpt. As > far as I remember I did that back then when I first ported it to php. No, your tests appear to be specific to PHP's peculiarities. The tests ported from crypt_blowfish's wrapper.c only appear in 5.4, from crypt_blowfish 1.1 - probably Stas ported them (thanks!) Anyway, attached are patches adding the tests from crypt_blowfish 1.2 to trunk, 5.4, and 5.3. These patches also fix a bug in crypt.c. I did not port tests of behavior on error, though. Some of these are redundant with other tests that you already have in other .phpt files, others would not fit in the existing array() format - would require a separate loop, which I was too lazy to add. The tests that I did not port are these (from my wrapper.c): {"*0", "", "$2a$03$CCCCCCCCCCCCCCCCCCCCC."}, {"*0", "", "$2a$32$CCCCCCCCCCCCCCCCCCCCC."}, {"*0", "", "$2z$05$CCCCCCCCCCCCCCCCCCCCC."}, {"*0", "", "$2`$05$CCCCCCCCCCCCCCCCCCCCC."}, {"*0", "", "$2{$05$CCCCCCCCCCCCCCCCCCCCC."}, {"*1", "", "*0"}, Alexander --9amGYk9869ThD9tj Content-Type: text/plain; charset=us-ascii Content-Disposition: attachment; filename="php-trunk-201107192230-crypt_blowfish-tests.diff" diff -urpN php-trunk-201107192230/ext/standard/crypt.c php-trunk-201107192230-crypt_blowfish-tests/ext/standard/crypt.c --- php-trunk-201107192230/ext/standard/crypt.c 2011-06-30 14:10:57 +0000 +++ php-trunk-201107192230-crypt_blowfish-tests/ext/standard/crypt.c 2011-07-19 23:08:19 +0000 @@ -240,7 +240,7 @@ PHP_FUNCTION(crypt) } else if ( salt[0] == '$' && salt[1] == '2' && - (salt[2] != 'a' && salt[2] != 'x') || + salt[2] >= 'a' && salt[2] <= 'z' && salt[3] == '$' && salt[4] >= '0' && salt[4] <= '3' && salt[5] >= '0' && salt[5] <= '9' && diff -urpN php-trunk-201107192230/ext/standard/tests/strings/crypt_blowfish.phpt php-trunk-201107192230-crypt_blowfish-tests/ext/standard/tests/strings/crypt_blowfish.phpt --- php-trunk-201107192230/ext/standard/tests/strings/crypt_blowfish.phpt 2011-06-30 14:10:57 +0000 +++ php-trunk-201107192230-crypt_blowfish-tests/ext/standard/tests/strings/crypt_blowfish.phpt 2011-07-19 23:01:56 +0000 @@ -15,13 +15,27 @@ $tests =array( array('$2a$05$XXXXXXXXXXXXXXXXXXXXXOAcXxm9kjPGEMsLznoKqmqw7tc8WCx4a', 'U*U*U'), array('$2a$05$abcdefghijklmnopqrstuu5s2v8.iXieOjg/.AySBTTZIIVFJeBui', '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789chars after 72 are ignored'), array('$2x$05$/OK.fbVrR/bpIqNJ5ianF.CE5elHaaO4EbggVDjb8P19RukzXSM3e', "\xa3"), + array('$2x$05$/OK.fbVrR/bpIqNJ5ianF.CE5elHaaO4EbggVDjb8P19RukzXSM3e', "\xff\xff\xa3"), + array('$2y$05$/OK.fbVrR/bpIqNJ5ianF.CE5elHaaO4EbggVDjb8P19RukzXSM3e', "\xff\xff\xa3"), + array('$2a$05$/OK.fbVrR/bpIqNJ5ianF.nqd1wy.pTMdcvrRWxyiGL2eMz.2a85.', "\xff\xff\xa3"), + array('$2y$05$/OK.fbVrR/bpIqNJ5ianF.Sa7shbm4.OzKpvFnX1pQLmQW96oUlCq', "\xa3"), array('$2a$05$/OK.fbVrR/bpIqNJ5ianF.Sa7shbm4.OzKpvFnX1pQLmQW96oUlCq', "\xa3"), + array('$2x$05$/OK.fbVrR/bpIqNJ5ianF.o./n25XVfn6oAPaUvHe.Csk4zRfsYPi', "1\xa3345"), + array('$2x$05$/OK.fbVrR/bpIqNJ5ianF.o./n25XVfn6oAPaUvHe.Csk4zRfsYPi', "\xff\xa3345"), + array('$2x$05$/OK.fbVrR/bpIqNJ5ianF.o./n25XVfn6oAPaUvHe.Csk4zRfsYPi', "\xff\xa334\xff\xff\xff\xa3345"), + array('$2y$05$/OK.fbVrR/bpIqNJ5ianF.o./n25XVfn6oAPaUvHe.Csk4zRfsYPi', "\xff\xa334\xff\xff\xff\xa3345"), + array('$2a$05$/OK.fbVrR/bpIqNJ5ianF.ZC1JEJ8Z4gPfpe1JOr/oyPXTWl9EFd.', "\xff\xa334\xff\xff\xff\xa3345"), + array('$2y$05$/OK.fbVrR/bpIqNJ5ianF.nRht2l/HRhr6zmCp9vYUvvsqynflf9e', "\xff\xa3345"), + array('$2a$05$/OK.fbVrR/bpIqNJ5ianF.nRht2l/HRhr6zmCp9vYUvvsqynflf9e', "\xff\xa3345"), + array('$2a$05$/OK.fbVrR/bpIqNJ5ianF.6IflQkJytoRVc1yuaNtHfiuq.FRlSIS', "\xa3ab"), + array('$2x$05$/OK.fbVrR/bpIqNJ5ianF.6IflQkJytoRVc1yuaNtHfiuq.FRlSIS', "\xa3ab"), + array('$2y$05$/OK.fbVrR/bpIqNJ5ianF.6IflQkJytoRVc1yuaNtHfiuq.FRlSIS', "\xa3ab"), array('$2x$05$6bNw2HLQYeqHYyBfLMsv/OiwqTymGIGzFsA4hOTWebfehXHNprcAS', "\xd1\x91"), array('$2x$05$6bNw2HLQYeqHYyBfLMsv/O9LIGgn8OMzuDoHfof8AQimSGfcSWxnS', "\xd0\xc1\xd2\xcf\xcc\xd8"), array('$2a$05$/OK.fbVrR/bpIqNJ5ianF.swQOIzjOiJ9GHEPuhEkvqrUyvWhEMx6', "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaachars after 72 are ignored as usual"), array('$2a$05$/OK.fbVrR/bpIqNJ5ianF.R9xrDjiycxMbQE2bp.vgqlYpW5wx2yy', "\xaa\x55\xaa\x55\xaa\x55\xaa\x55\xaa\x55\xaa\x55\xaa\x55\xaa\x55\xaa\x55\xaa\x55\xaa\x55\xaa\x55\xaa\x55\xaa\x55\xaa\x55\xaa\x55\xaa\x55\xaa\x55\xaa\x55\xaa\x55\xaa\x55\xaa\x55\xaa\x55\xaa\x55\xaa\x55\xaa\x55\xaa\x55\xaa\x55\xaa\x55\xaa\x55\xaa\x55\xaa\x55\xaa\x55\xaa\x55\xaa\x55\xaa\x55"), array('$2a$05$/OK.fbVrR/bpIqNJ5ianF.9tQZzcJfm3uj2NvJ/n5xkhpqLrMpWCe', "\x55\xaa\xff\x55\xaa\xff\x55\xaa\xff\x55\xaa\xff\x55\xaa\xff\x55\xaa\xff\x55\xaa\xff\x55\xaa\xff\x55\xaa\xff\x55\xaa\xff\x55\xaa\xff\x55\xaa\xff\x55\xaa\xff\x55\xaa\xff\x55\xaa\xff\x55\xaa\xff\x55\xaa\xff\x55\xaa\xff\x55\xaa\xff\x55\xaa\xff\x55\xaa\xff\x55\xaa\xff\x55\xaa\xff\x55\xaa\xff"), - array('$2a$05$CCCCCCCCCCCCCCCCCCCCC.7uG0VCzI2bS7j6ymqJi9CdcdxiRTWNy', ''), + array('$2a$05$CCCCCCCCCCCCCCCCCCCCC.7uG0VCzI2bS7j6ymqJi9CdcdxiRTWNy', ''), ); $i=0; @@ -47,4 +61,18 @@ foreach($tests as $test) { 8. OK 9. OK 10. OK -11. OK \ No newline at end of file +11. OK +12. OK +13. OK +14. OK +15. OK +16. OK +17. OK +18. OK +19. OK +20. OK +21. OK +22. OK +23. OK +24. OK +25. OK --9amGYk9869ThD9tj Content-Type: text/plain; charset=us-ascii Content-Disposition: attachment; filename="php5.4-201107192230-crypt_blowfish-tests.diff" diff -urpN php5.4-201107192230/ext/standard/crypt.c php5.4-201107192230-crypt_blowfish-tests/ext/standard/crypt.c --- php5.4-201107192230/ext/standard/crypt.c 2011-07-05 00:31:14 +0000 +++ php5.4-201107192230-crypt_blowfish-tests/ext/standard/crypt.c 2011-07-19 23:13:11 +0000 @@ -242,7 +242,7 @@ PHP_FUNCTION(crypt) } else if ( salt[0] == '$' && salt[1] == '2' && - (salt[2] != 'a' && salt[2] != 'x') || + salt[2] >= 'a' && salt[2] <= 'z' && salt[3] == '$' && salt[4] >= '0' && salt[4] <= '3' && salt[5] >= '0' && salt[5] <= '9' && diff -urpN php5.4-201107192230/ext/standard/tests/strings/crypt_blowfish.phpt php5.4-201107192230-crypt_blowfish-tests/ext/standard/tests/strings/crypt_blowfish.phpt --- php5.4-201107192230/ext/standard/tests/strings/crypt_blowfish.phpt 2011-06-30 14:14:23 +0000 +++ php5.4-201107192230-crypt_blowfish-tests/ext/standard/tests/strings/crypt_blowfish.phpt 2011-07-19 23:01:56 +0000 @@ -15,13 +15,27 @@ $tests =array( array('$2a$05$XXXXXXXXXXXXXXXXXXXXXOAcXxm9kjPGEMsLznoKqmqw7tc8WCx4a', 'U*U*U'), array('$2a$05$abcdefghijklmnopqrstuu5s2v8.iXieOjg/.AySBTTZIIVFJeBui', '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789chars after 72 are ignored'), array('$2x$05$/OK.fbVrR/bpIqNJ5ianF.CE5elHaaO4EbggVDjb8P19RukzXSM3e', "\xa3"), + array('$2x$05$/OK.fbVrR/bpIqNJ5ianF.CE5elHaaO4EbggVDjb8P19RukzXSM3e', "\xff\xff\xa3"), + array('$2y$05$/OK.fbVrR/bpIqNJ5ianF.CE5elHaaO4EbggVDjb8P19RukzXSM3e', "\xff\xff\xa3"), + array('$2a$05$/OK.fbVrR/bpIqNJ5ianF.nqd1wy.pTMdcvrRWxyiGL2eMz.2a85.', "\xff\xff\xa3"), + array('$2y$05$/OK.fbVrR/bpIqNJ5ianF.Sa7shbm4.OzKpvFnX1pQLmQW96oUlCq', "\xa3"), array('$2a$05$/OK.fbVrR/bpIqNJ5ianF.Sa7shbm4.OzKpvFnX1pQLmQW96oUlCq', "\xa3"), + array('$2x$05$/OK.fbVrR/bpIqNJ5ianF.o./n25XVfn6oAPaUvHe.Csk4zRfsYPi', "1\xa3345"), + array('$2x$05$/OK.fbVrR/bpIqNJ5ianF.o./n25XVfn6oAPaUvHe.Csk4zRfsYPi', "\xff\xa3345"), + array('$2x$05$/OK.fbVrR/bpIqNJ5ianF.o./n25XVfn6oAPaUvHe.Csk4zRfsYPi', "\xff\xa334\xff\xff\xff\xa3345"), + array('$2y$05$/OK.fbVrR/bpIqNJ5ianF.o./n25XVfn6oAPaUvHe.Csk4zRfsYPi', "\xff\xa334\xff\xff\xff\xa3345"), + array('$2a$05$/OK.fbVrR/bpIqNJ5ianF.ZC1JEJ8Z4gPfpe1JOr/oyPXTWl9EFd.', "\xff\xa334\xff\xff\xff\xa3345"), + array('$2y$05$/OK.fbVrR/bpIqNJ5ianF.nRht2l/HRhr6zmCp9vYUvvsqynflf9e', "\xff\xa3345"), + array('$2a$05$/OK.fbVrR/bpIqNJ5ianF.nRht2l/HRhr6zmCp9vYUvvsqynflf9e', "\xff\xa3345"), + array('$2a$05$/OK.fbVrR/bpIqNJ5ianF.6IflQkJytoRVc1yuaNtHfiuq.FRlSIS', "\xa3ab"), + array('$2x$05$/OK.fbVrR/bpIqNJ5ianF.6IflQkJytoRVc1yuaNtHfiuq.FRlSIS', "\xa3ab"), + array('$2y$05$/OK.fbVrR/bpIqNJ5ianF.6IflQkJytoRVc1yuaNtHfiuq.FRlSIS', "\xa3ab"), array('$2x$05$6bNw2HLQYeqHYyBfLMsv/OiwqTymGIGzFsA4hOTWebfehXHNprcAS', "\xd1\x91"), array('$2x$05$6bNw2HLQYeqHYyBfLMsv/O9LIGgn8OMzuDoHfof8AQimSGfcSWxnS', "\xd0\xc1\xd2\xcf\xcc\xd8"), array('$2a$05$/OK.fbVrR/bpIqNJ5ianF.swQOIzjOiJ9GHEPuhEkvqrUyvWhEMx6', "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaachars after 72 are ignored as usual"), array('$2a$05$/OK.fbVrR/bpIqNJ5ianF.R9xrDjiycxMbQE2bp.vgqlYpW5wx2yy', "\xaa\x55\xaa\x55\xaa\x55\xaa\x55\xaa\x55\xaa\x55\xaa\x55\xaa\x55\xaa\x55\xaa\x55\xaa\x55\xaa\x55\xaa\x55\xaa\x55\xaa\x55\xaa\x55\xaa\x55\xaa\x55\xaa\x55\xaa\x55\xaa\x55\xaa\x55\xaa\x55\xaa\x55\xaa\x55\xaa\x55\xaa\x55\xaa\x55\xaa\x55\xaa\x55\xaa\x55\xaa\x55\xaa\x55\xaa\x55\xaa\x55\xaa\x55"), array('$2a$05$/OK.fbVrR/bpIqNJ5ianF.9tQZzcJfm3uj2NvJ/n5xkhpqLrMpWCe', "\x55\xaa\xff\x55\xaa\xff\x55\xaa\xff\x55\xaa\xff\x55\xaa\xff\x55\xaa\xff\x55\xaa\xff\x55\xaa\xff\x55\xaa\xff\x55\xaa\xff\x55\xaa\xff\x55\xaa\xff\x55\xaa\xff\x55\xaa\xff\x55\xaa\xff\x55\xaa\xff\x55\xaa\xff\x55\xaa\xff\x55\xaa\xff\x55\xaa\xff\x55\xaa\xff\x55\xaa\xff\x55\xaa\xff\x55\xaa\xff"), - array('$2a$05$CCCCCCCCCCCCCCCCCCCCC.7uG0VCzI2bS7j6ymqJi9CdcdxiRTWNy', ''), + array('$2a$05$CCCCCCCCCCCCCCCCCCCCC.7uG0VCzI2bS7j6ymqJi9CdcdxiRTWNy', ''), ); $i=0; @@ -47,4 +61,18 @@ foreach($tests as $test) { 8. OK 9. OK 10. OK -11. OK \ No newline at end of file +11. OK +12. OK +13. OK +14. OK +15. OK +16. OK +17. OK +18. OK +19. OK +20. OK +21. OK +22. OK +23. OK +24. OK +25. OK --9amGYk9869ThD9tj Content-Type: text/plain; charset=us-ascii Content-Disposition: attachment; filename="php5.3-201107192230-crypt_blowfish-tests.diff" diff -urpN php5.3-201107192230/ext/standard/crypt.c php5.3-201107192230-crypt_blowfish-tests/ext/standard/crypt.c --- php5.3-201107192230/ext/standard/crypt.c 2011-07-05 00:30:34 +0000 +++ php5.3-201107192230-crypt_blowfish-tests/ext/standard/crypt.c 2011-07-19 23:16:53 +0000 @@ -242,7 +242,7 @@ PHP_FUNCTION(crypt) } else if ( salt[0] == '$' && salt[1] == '2' && - salt[2] == 'a' && + salt[2] >= 'a' && salt[2] <= 'z' && salt[3] == '$' && salt[4] >= '0' && salt[4] <= '3' && salt[5] >= '0' && salt[5] <= '9' && diff -urpN php5.3-201107192230/ext/standard/tests/strings/crypt_blowfish.phpt php5.3-201107192230-crypt_blowfish-tests/ext/standard/tests/strings/crypt_blowfish.phpt --- php5.3-201107192230/ext/standard/tests/strings/crypt_blowfish.phpt 1970-01-01 00:00:00 +0000 +++ php5.3-201107192230-crypt_blowfish-tests/ext/standard/tests/strings/crypt_blowfish.phpt 2011-07-19 23:01:56 +0000 @@ -0,0 +1,78 @@ +--TEST-- +Official blowfish tests (http://cvsweb.openwall.com/cgi/cvsweb.cgi/Owl/packages/glibc/crypt_blowfish/wrapper.c) +--SKIPIF-- + +--FILE-- + +--EXPECT-- +0. OK +1. OK +2. OK +3. OK +4. OK +5. OK +6. OK +7. OK +8. OK +9. OK +10. OK +11. OK +12. OK +13. OK +14. OK +15. OK +16. OK +17. OK +18. OK +19. OK +20. OK +21. OK +22. OK +23. OK +24. OK +25. OK --9amGYk9869ThD9tj--