| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
join_byte_values() wrappers
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
"native_string_types" aliases
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |\ |
|
| | |
| |
| |
| |
| | |
it's not actually supported by using(), and isn't needed for users
(issue 121)
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
now return a single unified InternalBackendError() class,
instead of AssertionError.
This change has a couple of parts:
* assert statements replaced with permanent checks,
since crypt() is unpredictable enough that we need to have this always on,
even if production runs code in "-O2" mode.
* added debug_only_repr() helper which allows including sensitive stuff
like salts & hash digests within error tracebacks -- will only do so
when global flag is enabled; and that's currently only set by unittest suite.
* added new InternalBackendError() exception class (a RuntimeError subclass);
which is raised instead of an AssertionError.
|
| | |
| |
| |
| |
| | |
before boolean; bool(NotImplemented) is deprecated as of python 3.9
(fixes issue 125)
|
| | |
| |
| |
| |
| |
| |
| |
| | |
so instead of assuming safe_crypt() can only take UTF8 under py3,
and anything under py2; code is now tied to "crypt_accepts_bytes"
flag which does quick capability-detection when module loads.
this updates the changes from rev 67c619208229
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
issues
which were causing it to fail to generate a hash.
bcrypt
------
* _norm_digest(): fixed some PasslibValueError()s being thrown by os_crypt
backend during UT fuzz verifier. These were due to non-UTF8 input
being provided to crypt.crypt()... even though secret itself was UTF8 safe!
This was because secret was being truncated/repeated as part of
various backend bug workarounds; and the truncate/repeat operations
weren't being done in manner that respected UTF8 character boundaries.
This has now been fixed via _require_valid_utf8_bytes flag
(which has been set for os_crypt backend), that enables
utf8-safe mode of operation.
utils
-----
* added utf8_truncate() and utf8_repeat_string() helpers, for bcrypt fixes above.
* simplified repeat_string() internals
|
| | |
| |
| |
| | |
since it's expected to be present (e.g. on OpenBSD) for backward compatibility.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
when encoding issue is found, to separate this from an unexpected error
when calling crypt.crypt() (these will still raise MissingBackendError).
also tweaked internal safe_verify() helper to catch errors thrown by
os_crypt backend (MissingBackendError would previously slip through,
causing spurious UT failures)
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
which makes os_crypt backend always fail, since crypt.crypt() can only be
made to handle UTF8 byte strings.
* replaced "\xA3" test vector with "\xD1\x91" (from same openwall source);
since the latter is valid UTF8.
* added new test vector to UT suite
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
due to a few interlocking issues.
passlib.utils: test_crypt() shouldn't accept hash=<bytes>,
because equality comparison with str will always fail under py3.
* test_crypt() now enforces hash=<unicode_or_str> as input.
it previously allowed hash=bytes, but equality comparison
with unicode (output by safe_crypt) would always return False
under python 3.
* bcrypt's TEST_HASH_2A constant was stored bytes, which was causing os_crypt
detection to fail due to test_crypt() bug above. changed to use native str.
sidewnote: this would have been caught by UTs, except for bug in
test_82_crypt_support() that was fixed in rev 43bae3f786b7.
|
| | |
| |
| |
| |
| | |
set explicit required=False only for digests that go away due to FIPS
(followup to rev 6ac4d1b31761 on issue 116)
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
on FIPS systems (issue 116).
* lookup_hash():
- moved all hash consturctor error checks / handling into HashInfo object,
which simplifies lookup_hash() internals
- [minor] added "required" kwd, inverse of the now-deprecated "return_unknown" kwd
- [minor] now caches unknown/unsupported HashInfo records.
* HashInfo:
- now catches ValueErrors thrown by hash constructor,
and special-cased detection of "disabled for fips" errors.
- stub instances now have constructor that throws UnknownHashError,
instead of being None. calling code should detect stub instances via
the new "not info.supported" instead of testing for "info.const is None".
* create_hex_digest() now defaults to creating handlers w/ mock hash func
when it's not present (e.g. due to FIPS). this should let them be imported;
and defer the errors until they're actually used.
* added _set_mock_fips_mode() and some helps to make lookup_hash()
fake a FIPS mode system (per traceback provided in issue comments).
used this to make some preliminary UTs for the digest & hasher changes above.
|
| | |
| |
| |
| | |
(fixes issue 114)
|
| | | |
|
| |\ \
| |/ |
|
| | | |
|
| | |
| |
| |
| |
| |
| | |
py26/33/34
(dict comprehensions and b"" % format directives both cause issues)
|
| | | |
|
| | | |
|
| |\ \
| |/ |
|
| | |
| |
| |
| |
| |
| |
| | |
* patch django_argon2 so it only uses type "I" (to match django's behavior)
* patch it's UTs so they don't try to access hasher.type_values,
which is only present on base hasher.
|
| | |
| |
| |
| |
| |
| | |
detection code;
along with some other notes
|
| |\ \
| |/ |
|
| | |
| |
| |
| | |
too old.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* updated requirements to latest version of argon2_cffi & argon2pure;
though internal code should work with older versions.
* reworked argon2 module internals to handle wider range of hash types;
and make default customizable via "type" kwd.
* added reference vectors for "D" and "ID" hashes
|
| | |
| |
| |
| |
| |
| | |
* UTs now has basic tests for parsehash() method
* argon2: excluded some settings kwd aliases from parsehash() call
|
| | |
| |
| |
| |
| |
| |
| |
| | |
per followup to original issue (https://bitbucket.org/ecollins/passlib/issues/88#comment-35296567)
it was pointed out that citation for 32 byte hash output was out of date,
and that argon2_cffi is correctly following the more up-to-date argon2 spec.
this restores the stable branch to the 1.7.1 policy of following argon2_cffi's defaults.
|
| | |
| |
| |
| | |
concat
|
