External Libraries: Update the phpass library to version 0.5.

desrosj · desrosj · commit 639e1b232b3c · 2021-05-25T18:46:39.000Z
This updates the phpass library from version `0.3` to the latest version of `0.5`. This is a minor update that includes some adjustments to be more friendly with newer versions of PHP. The changes made in [30466] have also been applied to the new version of the library. This should now be the only WordPress specific modification do this library. Props ayeshrajans, dd32, otto42, desrosj. Fixes #51549. git-svn-id: https://develop.svn.wordpress.org/trunk@51008 602fd350-edb4-49c9-b593-d223f7449a82
diff --git a/src/wp-includes/class-phpass.php b/src/wp-includes/class-phpass.php
@@ -3,16 +3,24 @@
  * Portable PHP password hashing framework.
  * @package phpass
  * @since 2.5.0
- * @version 0.3 / WordPress
+ * @version 0.5 / WordPress
  * @link https://www.openwall.com/phpass/
  */
 
+#
+# Portable PHP password hashing framework.
+#
+# Version 0.5 / WordPress.
 #
 # Written by Solar Designer <solar at openwall.com> in 2004-2006 and placed in
 # the public domain.  Revised in subsequent years, still public domain.
 #
 # There's absolutely no warranty.
 #
+# The homepage URL for this framework is:
+#
+#	http://www.openwall.com/phpass/
+#
 # Please be sure to update the Version line if you edit this file in any way.
 # It is suggested that you leave the main version number intact, but indicate
 # your project name (after the slash) and add your own revision information.
@@ -29,7 +37,7 @@
  * Portable PHP password hashing framework.
  *
  * @package phpass
- * @version 0.3 / WordPress
+ * @version 0.5 / WordPress
  * @link https://www.openwall.com/phpass/
  * @since 2.5.0
  */
@@ -39,10 +47,7 @@ class PasswordHash {
 	var $portable_hashes;
 	var $random_state;
 
-	/**
-	 * PHP5 constructor.
-	 */
-	function __construct( $iteration_count_log2, $portable_hashes )
+	function __construct($iteration_count_log2, $portable_hashes)
 	{
 		$this->itoa64 = './0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz';
 
@@ -52,20 +57,20 @@ function __construct( $iteration_count_log2, $portable_hashes )
 
 		$this->portable_hashes = $portable_hashes;
 
-		$this->random_state = microtime() . uniqid(rand(), TRUE); // removed getmypid() for compatibility reasons
+		$this->random_state = microtime();
+		if (function_exists('getmypid'))
+			$this->random_state .= getmypid();
 	}
 
-	/**
-	 * PHP4 constructor.
-	 */
-	public function PasswordHash( $iteration_count_log2, $portable_hashes ) {
-		self::__construct( $iteration_count_log2, $portable_hashes );
+	function PasswordHash($iteration_count_log2, $portable_hashes)
+	{
+		self::__construct($iteration_count_log2, $portable_hashes);
 	}
 
 	function get_random_bytes($count)
 	{
 		$output = '';
-		if ( @is_readable('/dev/urandom') &&
+		if (@is_readable('/dev/urandom') &&
 		    ($fh = @fopen('/dev/urandom', 'rb'))) {
 			$output = fread($fh, $count);
 			fclose($fh);
@@ -76,8 +81,7 @@ function get_random_bytes($count)
 			for ($i = 0; $i < $count; $i += 16) {
 				$this->random_state =
 				    md5(microtime() . $this->random_state);
-				$output .=
-				    pack('H*', md5($this->random_state));
+				$output .= md5($this->random_state, TRUE);
 			}
 			$output = substr($output, 0, $count);
 		}
@@ -121,12 +125,12 @@ function gensalt_private($input)
 	function crypt_private($password, $setting)
 	{
 		$output = '*0';
-		if (substr($setting, 0, 2) == $output)
+		if (substr($setting, 0, 2) === $output)
 			$output = '*1';
 
 		$id = substr($setting, 0, 3);
 		# We use "$P$", phpBB3 uses "$H$" for the same thing
-		if ($id != '$P$' && $id != '$H$')
+		if ($id !== '$P$' && $id !== '$H$')
 			return $output;
 
 		$count_log2 = strpos($this->itoa64, $setting[3]);
@@ -136,51 +140,26 @@ function crypt_private($password, $setting)
 		$count = 1 << $count_log2;
 
 		$salt = substr($setting, 4, 8);
-		if (strlen($salt) != 8)
+		if (strlen($salt) !== 8)
 			return $output;
 
-		# We're kind of forced to use MD5 here since it's the only
-		# cryptographic primitive available in all versions of PHP
-		# currently in use.  To implement our own low-level crypto
-		# in PHP would result in much worse performance and
+		# We were kind of forced to use MD5 here since it's the only
+		# cryptographic primitive that was available in all versions
+		# of PHP in use.  To implement our own low-level crypto in PHP
+		# would have resulted in much worse performance and
 		# consequently in lower iteration counts and hashes that are
 		# quicker to crack (by non-PHP code).
-		if (PHP_VERSION >= '5') {
-			$hash = md5($salt . $password, TRUE);
-			do {
-				$hash = md5($hash . $password, TRUE);
-			} while (--$count);
-		} else {
-			$hash = pack('H*', md5($salt . $password));
-			do {
-				$hash = pack('H*', md5($hash . $password));
-			} while (--$count);
-		}
+		$hash = md5($salt . $password, TRUE);
+		do {
+			$hash = md5($hash . $password, TRUE);
+		} while (--$count);
 
 		$output = substr($setting, 0, 12);
 		$output .= $this->encode64($hash, 16);
 
 		return $output;
 	}
 
-	function gensalt_extended($input)
-	{
-		$count_log2 = min($this->iteration_count_log2 + 8, 24);
-		# This should be odd to not reveal weak DES keys, and the
-		# maximum valid value is (2**24 - 1) which is odd anyway.
-		$count = (1 << $count_log2) - 1;
-
-		$output = '_';
-		$output .= $this->itoa64[$count & 0x3f];
-		$output .= $this->itoa64[($count >> 6) & 0x3f];
-		$output .= $this->itoa64[($count >> 12) & 0x3f];
-		$output .= $this->itoa64[($count >> 18) & 0x3f];
-
-		$output .= $this->encode64($input, 3);
-
-		return $output;
-	}
-
 	function gensalt_blowfish($input)
 	{
 		# This one needs to use a different order of characters and a
@@ -230,20 +209,11 @@ function HashPassword($password)
 
 		$random = '';
 
-		if (CRYPT_BLOWFISH == 1 && !$this->portable_hashes) {
+		if (CRYPT_BLOWFISH === 1 && !$this->portable_hashes) {
 			$random = $this->get_random_bytes(16);
 			$hash =
 			    crypt($password, $this->gensalt_blowfish($random));
-			if (strlen($hash) == 60)
-				return $hash;
-		}
-
-		if (CRYPT_EXT_DES == 1 && !$this->portable_hashes) {
-			if (strlen($random) < 3)
-				$random = $this->get_random_bytes(3);
-			$hash =
-			    crypt($password, $this->gensalt_extended($random));
-			if (strlen($hash) == 20)
+			if (strlen($hash) === 60)
 				return $hash;
 		}
 
@@ -252,7 +222,7 @@ function HashPassword($password)
 		$hash =
 		    $this->crypt_private($password,
 		    $this->gensalt_private($random));
-		if (strlen($hash) == 34)
+		if (strlen($hash) === 34)
 			return $hash;
 
 		# Returning '*' on error is safe here, but would _not_ be safe
@@ -268,9 +238,13 @@ function CheckPassword($password, $stored_hash)
 		}
 
 		$hash = $this->crypt_private($password, $stored_hash);
-		if ($hash[0] == '*')
+		if ($hash[0] === '*')
 			$hash = crypt($password, $stored_hash);
 
+		# This is not constant-time.  In order to keep the code simple,
+		# for timing safety we currently rely on the salts being
+		# unpredictable, which they are at least in the non-fallback
+		# cases (that is, when we use /dev/urandom and bcrypt).
 		return $hash === $stored_hash;
 	}
-}
+}
