You've already forked mariadb-connector-c
mirror of
https://github.com/mariadb-corporation/mariadb-connector-c.git
synced 2025-08-08 14:02:17 +03:00
Fix for bcrypt hash functions:
Using a global crypt provider is not thread safe, so we need to load provider via BCryptOpenProvider in ma_hash_new().
This commit is contained in:
Georg Richter
@@ -21,22 +21,19 @@
|
||||
#include <ma_crypt.h>
|
||||
#include <malloc.h>
|
||||
|
||||
BCRYPT_ALG_HANDLE Sha256Prov= 0;
|
||||
BCRYPT_ALG_HANDLE Sha512Prov= 0;
|
||||
BCRYPT_ALG_HANDLE RsaProv= 0;
|
||||
|
||||
static LPCWSTR ma_hash_get_algorithm(unsigned int alg, BCRYPT_ALG_HANDLE *algHdl)
|
||||
static LPCWSTR ma_hash_get_algorithm(unsigned int alg)
|
||||
{
|
||||
switch(alg)
|
||||
{
|
||||
case MA_HASH_SHA1:
|
||||
return BCRYPT_SHA1_ALGORITHM;
|
||||
case MA_HASH_SHA256:
|
||||
*algHdl= Sha256Prov;
|
||||
return BCRYPT_SHA256_ALGORITHM;
|
||||
case MA_HASH_SHA384:
|
||||
return BCRYPT_SHA384_ALGORITHM;
|
||||
case MA_HASH_SHA512:
|
||||
*algHdl= Sha512Prov;
|
||||
return BCRYPT_SHA512_ALGORITHM;
|
||||
default:
|
||||
*algHdl= 0;
|
||||
return NULL;
|
||||
}
|
||||
}
|
||||
@@ -48,27 +45,40 @@ MA_HASH_CTX *ma_hash_new(unsigned int algorithm, MA_HASH_CTX *ctx)
|
||||
LPCWSTR alg;
|
||||
BCRYPT_ALG_HANDLE algHdl= 0;
|
||||
|
||||
alg= ma_hash_get_algorithm(algorithm, &algHdl);
|
||||
alg= ma_hash_get_algorithm(algorithm);
|
||||
|
||||
if (!alg || !algHdl)
|
||||
if (!alg)
|
||||
return NULL;
|
||||
|
||||
if (BCryptGetProperty(algHdl, BCRYPT_OBJECT_LENGTH,
|
||||
(PBYTE)&cbObjSize, sizeof(DWORD),
|
||||
&cbData, 0) < 0)
|
||||
goto error;
|
||||
|
||||
if (!newctx)
|
||||
{
|
||||
newctx= (MA_HASH_CTX *)calloc(1, sizeof(MA_HASH_CTX));
|
||||
newctx->free_me= 1;
|
||||
} else {
|
||||
char tmp_freeme= newctx->free_me;
|
||||
BCRYPT_ALG_HANDLE tmp_alg= newctx->hAlg;
|
||||
|
||||
newctx->free_me= 0;
|
||||
newctx->hAlg = 0;
|
||||
|
||||
ma_hash_free(newctx);
|
||||
|
||||
newctx->free_me= tmp_freeme;
|
||||
newctx->hAlg= tmp_alg;
|
||||
}
|
||||
else
|
||||
memset(newctx, 0, sizeof(MA_HASH_CTX));
|
||||
|
||||
if (!newctx->hAlg)
|
||||
if (BCryptOpenAlgorithmProvider(&newctx->hAlg, alg, NULL, 0))
|
||||
goto error;
|
||||
|
||||
if (BCryptGetProperty(newctx->hAlg, BCRYPT_OBJECT_LENGTH,
|
||||
(PBYTE)&cbObjSize, sizeof(DWORD),
|
||||
&cbData, 0) < 0)
|
||||
goto error;
|
||||
|
||||
newctx->hashObject= (PBYTE)malloc(cbObjSize);
|
||||
newctx->digest_len= (DWORD)ma_hash_digest_size(algorithm);
|
||||
BCryptCreateHash(algHdl, &newctx->hHash, newctx->hashObject, cbObjSize, NULL, 0, 0);
|
||||
BCryptCreateHash(newctx->hAlg, &newctx->hHash, newctx->hashObject, cbObjSize, NULL, 0, 0);
|
||||
|
||||
return newctx;
|
||||
error:
|
||||
@@ -85,6 +95,8 @@ void ma_hash_free(MA_HASH_CTX *ctx)
|
||||
BCryptDestroyHash(ctx->hHash);
|
||||
if (ctx->hashObject)
|
||||
free(ctx->hashObject);
|
||||
if (ctx->hAlg)
|
||||
BCryptCloseAlgorithmProvider(ctx->hAlg, 0);
|
||||
if (ctx->free_me)
|
||||
free(ctx);
|
||||
}
|
||||
|
||||
@@ -52,8 +52,6 @@
|
||||
#include <wincrypt.h>
|
||||
#include <bcrypt.h>
|
||||
|
||||
extern BCRYPT_ALG_HANDLE RsaProv;
|
||||
extern BCRYPT_ALG_HANDLE Sha256Prov;
|
||||
#endif
|
||||
|
||||
#include <ma_crypt.h>
|
||||
@@ -460,10 +458,6 @@ static int auth_caching_sha2_init(char *unused1 __attribute__((unused)),
|
||||
int unused3 __attribute__((unused)),
|
||||
va_list unused4 __attribute__((unused)))
|
||||
{
|
||||
#if defined(HAVE_WINCRYPT)
|
||||
BCryptOpenAlgorithmProvider(&Sha256Prov, BCRYPT_SHA256_ALGORITHM, NULL, 0);
|
||||
BCryptOpenAlgorithmProvider(&RsaProv, BCRYPT_RSA_ALGORITHM, NULL, 0);
|
||||
#endif
|
||||
return 0;
|
||||
}
|
||||
/* }}} */
|
||||
@@ -471,10 +465,6 @@ static int auth_caching_sha2_init(char *unused1 __attribute__((unused)),
|
||||
/* {{{ auth_caching_sha2_deinit */
|
||||
static int auth_caching_sha2_deinit(void)
|
||||
{
|
||||
#if defined(HAVE_WINCRYPT)
|
||||
BCryptCloseAlgorithmProvider(Sha256Prov, 0);
|
||||
BCryptCloseAlgorithmProvider(RsaProv, 0);
|
||||
#endif
|
||||
return 0;
|
||||
}
|
||||
/* }}} */
|
||||
|
||||
@@ -45,7 +45,6 @@
|
||||
#include <windows.h>
|
||||
#include <wincrypt.h>
|
||||
#include <bcrypt.h>
|
||||
extern BCRYPT_ALG_HANDLE Sha512Prov;
|
||||
#elif defined(HAVE_OPENSSL)
|
||||
#include <openssl/rsa.h>
|
||||
#include <openssl/pem.h>
|
||||
@@ -123,9 +122,6 @@ static int auth_ed25519_init(char *unused1 __attribute__((unused)),
|
||||
int unused3 __attribute__((unused)),
|
||||
va_list unused4 __attribute__((unused)))
|
||||
{
|
||||
#if defined(HAVE_WINCRYPT)
|
||||
BCryptOpenAlgorithmProvider(&Sha512Prov, BCRYPT_SHA512_ALGORITHM, NULL, 0);
|
||||
#endif
|
||||
return 0;
|
||||
}
|
||||
/* }}} */
|
||||
@@ -133,9 +129,6 @@ static int auth_ed25519_init(char *unused1 __attribute__((unused)),
|
||||
/* {{{ auth_ed25519_deinit */
|
||||
static int auth_ed25519_deinit(void)
|
||||
{
|
||||
#if defined(HAVE_WINCRYPT)
|
||||
BCryptCloseAlgorithmProvider(Sha512Prov, 0);
|
||||
#endif
|
||||
return 0;
|
||||
}
|
||||
/* }}} */
|
||||
|
||||
Reference in New Issue
Block a user