diff --git a/src/wp-includes/class-phpass.php b/src/wp-includes/class-phpass.php index 8fcab44ad1..2d03f361ba 100644 --- a/src/wp-includes/class-phpass.php +++ b/src/wp-includes/class-phpass.php @@ -3,16 +3,24 @@ * Portable PHP password hashing framework. * @package phpass * @since 2.5.0 - * @version 0.3 / WordPress + * @version 0.5 / WordPress * @link https://www.openwall.com/phpass/ */ +# +# Portable PHP password hashing framework. +# +# Version 0.5 / WordPress. # # Written by Solar Designer in 2004-2006 and placed in # the public domain. Revised in subsequent years, still public domain. # # There's absolutely no warranty. # +# The homepage URL for this framework is: +# +# http://www.openwall.com/phpass/ +# # Please be sure to update the Version line if you edit this file in any way. # It is suggested that you leave the main version number intact, but indicate # your project name (after the slash) and add your own revision information. @@ -29,7 +37,7 @@ * Portable PHP password hashing framework. * * @package phpass - * @version 0.3 / WordPress + * @version 0.5 / WordPress * @link https://www.openwall.com/phpass/ * @since 2.5.0 */ @@ -52,20 +60,23 @@ function __construct( $iteration_count_log2, $portable_hashes ) $this->portable_hashes = $portable_hashes; - $this->random_state = microtime() . uniqid(rand(), TRUE); // removed getmypid() for compatibility reasons + $this->random_state = microtime(); + if (function_exists('getmypid')) + $this->random_state .= getmypid(); } /** * PHP4 constructor. */ - public function PasswordHash( $iteration_count_log2, $portable_hashes ) { - self::__construct( $iteration_count_log2, $portable_hashes ); + function PasswordHash($iteration_count_log2, $portable_hashes) + { + self::__construct($iteration_count_log2, $portable_hashes); } function get_random_bytes($count) { $output = ''; - if ( @is_readable('/dev/urandom') && + if (@is_readable('/dev/urandom') && ($fh = @fopen('/dev/urandom', 'rb'))) { $output = fread($fh, $count); fclose($fh); @@ -76,8 +87,7 @@ function get_random_bytes($count) for ($i = 0; $i < $count; $i += 16) { $this->random_state = md5(microtime() . $this->random_state); - $output .= - pack('H*', md5($this->random_state)); + $output .= md5($this->random_state, TRUE); } $output = substr($output, 0, $count); } @@ -121,12 +131,12 @@ function gensalt_private($input) function crypt_private($password, $setting) { $output = '*0'; - if (substr($setting, 0, 2) == $output) + if (substr($setting, 0, 2) === $output) $output = '*1'; $id = substr($setting, 0, 3); # We use "$P$", phpBB3 uses "$H$" for the same thing - if ($id != '$P$' && $id != '$H$') + if ($id !== '$P$' && $id !== '$H$') return $output; $count_log2 = strpos($this->itoa64, $setting[3]); @@ -136,26 +146,19 @@ function crypt_private($password, $setting) $count = 1 << $count_log2; $salt = substr($setting, 4, 8); - if (strlen($salt) != 8) + if (strlen($salt) !== 8) return $output; - # We're kind of forced to use MD5 here since it's the only - # cryptographic primitive available in all versions of PHP - # currently in use. To implement our own low-level crypto - # in PHP would result in much worse performance and + # We were kind of forced to use MD5 here since it's the only + # cryptographic primitive that was available in all versions + # of PHP in use. To implement our own low-level crypto in PHP + # would have resulted in much worse performance and # consequently in lower iteration counts and hashes that are # quicker to crack (by non-PHP code). - if (PHP_VERSION >= '5') { - $hash = md5($salt . $password, TRUE); - do { - $hash = md5($hash . $password, TRUE); - } while (--$count); - } else { - $hash = pack('H*', md5($salt . $password)); - do { - $hash = pack('H*', md5($hash . $password)); - } while (--$count); - } + $hash = md5($salt . $password, TRUE); + do { + $hash = md5($hash . $password, TRUE); + } while (--$count); $output = substr($setting, 0, 12); $output .= $this->encode64($hash, 16); @@ -163,24 +166,6 @@ function crypt_private($password, $setting) return $output; } - function gensalt_extended($input) - { - $count_log2 = min($this->iteration_count_log2 + 8, 24); - # This should be odd to not reveal weak DES keys, and the - # maximum valid value is (2**24 - 1) which is odd anyway. - $count = (1 << $count_log2) - 1; - - $output = '_'; - $output .= $this->itoa64[$count & 0x3f]; - $output .= $this->itoa64[($count >> 6) & 0x3f]; - $output .= $this->itoa64[($count >> 12) & 0x3f]; - $output .= $this->itoa64[($count >> 18) & 0x3f]; - - $output .= $this->encode64($input, 3); - - return $output; - } - function gensalt_blowfish($input) { # This one needs to use a different order of characters and a @@ -230,20 +215,11 @@ function HashPassword($password) $random = ''; - if (CRYPT_BLOWFISH == 1 && !$this->portable_hashes) { + if (CRYPT_BLOWFISH === 1 && !$this->portable_hashes) { $random = $this->get_random_bytes(16); $hash = crypt($password, $this->gensalt_blowfish($random)); - if (strlen($hash) == 60) - return $hash; - } - - if (CRYPT_EXT_DES == 1 && !$this->portable_hashes) { - if (strlen($random) < 3) - $random = $this->get_random_bytes(3); - $hash = - crypt($password, $this->gensalt_extended($random)); - if (strlen($hash) == 20) + if (strlen($hash) === 60) return $hash; } @@ -252,7 +228,7 @@ function HashPassword($password) $hash = $this->crypt_private($password, $this->gensalt_private($random)); - if (strlen($hash) == 34) + if (strlen($hash) === 34) return $hash; # Returning '*' on error is safe here, but would _not_ be safe @@ -268,9 +244,13 @@ function CheckPassword($password, $stored_hash) } $hash = $this->crypt_private($password, $stored_hash); - if ($hash[0] == '*') + if ($hash[0] === '*') $hash = crypt($password, $stored_hash); + # This is not constant-time. In order to keep the code simple, + # for timing safety we currently rely on the salts being + # unpredictable, which they are at least in the non-fallback + # cases (that is, when we use /dev/urandom and bcrypt). return $hash === $stored_hash; } -} \ No newline at end of file +}