database/mariadb-connector-c
1
0
Fork 0
mirror of https://github.com/mariadb-corporation/mariadb-connector-c.git synced 2025-08-08 14:02:17 +03:00
Code Activity

Fix for bcrypt hash functions:

Browse Source 
Using a global crypt provider is not thread safe, so we need to load
provider via BCryptOpenProvider in ma_hash_new().
This commit is contained in:
Georg Richter
2023-08-23 16:18:50 +02:00
parent 5000bc790a
commit 4e3905c20a
3 changed files with 30 additions and 35 deletions
Download Patch File Download Diff File Expand all files Collapse all files

48
libmariadb/secure/win_crypt.c
View File

@@ -21,22 +21,19 @@
#include <ma_crypt.h> #include <ma_crypt.h>
#include <malloc.h> #include <malloc.h>
BCRYPT_ALG_HANDLE Sha256Prov= 0; static LPCWSTR ma_hash_get_algorithm(unsigned int alg)
BCRYPT_ALG_HANDLE Sha512Prov= 0;
BCRYPT_ALG_HANDLE RsaProv= 0;
static LPCWSTR ma_hash_get_algorithm(unsigned int alg, BCRYPT_ALG_HANDLE *algHdl)
{ {
switch(alg) switch(alg)
{ {
case MA_HASH_SHA1:
return BCRYPT_SHA1_ALGORITHM;
case MA_HASH_SHA256: case MA_HASH_SHA256:
*algHdl= Sha256Prov;
return BCRYPT_SHA256_ALGORITHM; return BCRYPT_SHA256_ALGORITHM;
case MA_HASH_SHA384:
return BCRYPT_SHA384_ALGORITHM;
case MA_HASH_SHA512: case MA_HASH_SHA512:
*algHdl= Sha512Prov;
return BCRYPT_SHA512_ALGORITHM; return BCRYPT_SHA512_ALGORITHM;
default: default:
*algHdl= 0;
return NULL; return NULL;
} }
} }
@@ -48,27 +45,40 @@ MA_HASH_CTX *ma_hash_new(unsigned int algorithm, MA_HASH_CTX *ctx)
LPCWSTR alg; LPCWSTR alg;
BCRYPT_ALG_HANDLE algHdl= 0; BCRYPT_ALG_HANDLE algHdl= 0;
alg= ma_hash_get_algorithm(algorithm, &algHdl); alg= ma_hash_get_algorithm(algorithm);
if (!alg || !algHdl) if (!alg)
return NULL; return NULL;
if (BCryptGetProperty(algHdl, BCRYPT_OBJECT_LENGTH,
(PBYTE)&cbObjSize, sizeof(DWORD),
&cbData, 0) < 0)
goto error;
if (!newctx) if (!newctx)
{ {
newctx= (MA_HASH_CTX *)calloc(1, sizeof(MA_HASH_CTX)); newctx= (MA_HASH_CTX *)calloc(1, sizeof(MA_HASH_CTX));
newctx->free_me= 1; newctx->free_me= 1;
} else {
char tmp_freeme= newctx->free_me;
BCRYPT_ALG_HANDLE tmp_alg= newctx->hAlg;
newctx->free_me= 0;
newctx->hAlg = 0;
ma_hash_free(newctx);
newctx->free_me= tmp_freeme;
newctx->hAlg= tmp_alg;
} }
else
memset(newctx, 0, sizeof(MA_HASH_CTX)); if (!newctx->hAlg)
if (BCryptOpenAlgorithmProvider(&newctx->hAlg, alg, NULL, 0))
goto error;
if (BCryptGetProperty(newctx->hAlg, BCRYPT_OBJECT_LENGTH,
(PBYTE)&cbObjSize, sizeof(DWORD),
&cbData, 0) < 0)
goto error;
newctx->hashObject= (PBYTE)malloc(cbObjSize); newctx->hashObject= (PBYTE)malloc(cbObjSize);
newctx->digest_len= (DWORD)ma_hash_digest_size(algorithm); newctx->digest_len= (DWORD)ma_hash_digest_size(algorithm);
BCryptCreateHash(algHdl, &newctx->hHash, newctx->hashObject, cbObjSize, NULL, 0, 0); BCryptCreateHash(newctx->hAlg, &newctx->hHash, newctx->hashObject, cbObjSize, NULL, 0, 0);
return newctx; return newctx;
error: error:
@@ -85,6 +95,8 @@ void ma_hash_free(MA_HASH_CTX *ctx)
BCryptDestroyHash(ctx->hHash); BCryptDestroyHash(ctx->hHash);
if (ctx->hashObject) if (ctx->hashObject)
free(ctx->hashObject); free(ctx->hashObject);
if (ctx->hAlg)
BCryptCloseAlgorithmProvider(ctx->hAlg, 0);
if (ctx->free_me) if (ctx->free_me)
free(ctx); free(ctx);
} }

10
plugins/auth/caching_sha2_pw.c
View File

@@ -52,8 +52,6 @@
#include <wincrypt.h> #include <wincrypt.h>
#include <bcrypt.h> #include <bcrypt.h>
extern BCRYPT_ALG_HANDLE RsaProv;
extern BCRYPT_ALG_HANDLE Sha256Prov;
#endif #endif
#include <ma_crypt.h> #include <ma_crypt.h>
@@ -460,10 +458,6 @@ static int auth_caching_sha2_init(char *unused1 __attribute__((unused)),
int unused3 __attribute__((unused)), int unused3 __attribute__((unused)),
va_list unused4 __attribute__((unused))) va_list unused4 __attribute__((unused)))
{ {
#if defined(HAVE_WINCRYPT)
BCryptOpenAlgorithmProvider(&Sha256Prov, BCRYPT_SHA256_ALGORITHM, NULL, 0);
BCryptOpenAlgorithmProvider(&RsaProv, BCRYPT_RSA_ALGORITHM, NULL, 0);
#endif
return 0; return 0;
} }
/* }}} */ /* }}} */
@@ -471,10 +465,6 @@ static int auth_caching_sha2_init(char *unused1 __attribute__((unused)),
/* {{{ auth_caching_sha2_deinit */ /* {{{ auth_caching_sha2_deinit */
static int auth_caching_sha2_deinit(void) static int auth_caching_sha2_deinit(void)
{ {
#if defined(HAVE_WINCRYPT)
BCryptCloseAlgorithmProvider(Sha256Prov, 0);
BCryptCloseAlgorithmProvider(RsaProv, 0);
#endif
return 0; return 0;
} }
/* }}} */ /* }}} */

7
plugins/auth/ed25519.c
View File

@@ -45,7 +45,6 @@
#include <windows.h> #include <windows.h>
#include <wincrypt.h> #include <wincrypt.h>
#include <bcrypt.h> #include <bcrypt.h>
extern BCRYPT_ALG_HANDLE Sha512Prov;
#elif defined(HAVE_OPENSSL) #elif defined(HAVE_OPENSSL)
#include <openssl/rsa.h> #include <openssl/rsa.h>
#include <openssl/pem.h> #include <openssl/pem.h>
@@ -123,9 +122,6 @@ static int auth_ed25519_init(char *unused1 __attribute__((unused)),
int unused3 __attribute__((unused)), int unused3 __attribute__((unused)),
va_list unused4 __attribute__((unused))) va_list unused4 __attribute__((unused)))
{ {
#if defined(HAVE_WINCRYPT)
BCryptOpenAlgorithmProvider(&Sha512Prov, BCRYPT_SHA512_ALGORITHM, NULL, 0);
#endif
return 0; return 0;
} }
/* }}} */ /* }}} */
@@ -133,9 +129,6 @@ static int auth_ed25519_init(char *unused1 __attribute__((unused)),
/* {{{ auth_ed25519_deinit */ /* {{{ auth_ed25519_deinit */
static int auth_ed25519_deinit(void) static int auth_ed25519_deinit(void)
{ {
#if defined(HAVE_WINCRYPT)
BCryptCloseAlgorithmProvider(Sha512Prov, 0);
#endif
return 0; return 0;
} }
/* }}} */ /* }}} */