1
0
mirror of https://git.tartarus.org/simon/putty.git synced 2025-07-02 03:52:49 -05:00

Fix determinism failures in cgtest.

Thanks to Pavel and his CI for pointing out what I'd forgotten: the
automated test of cmdgen.c expects that round-tripping a PPK file to
some other format and back will regenerate the identical file. Of
course, with a randomised salt in the new-look password hash, that
isn't true any more in normal usage.

Fixed by adding an option in the existing parameters structure to
provide a salt override. That shouldn't be used anywhere except
cgtest, but in cgtest, it restores the determinism we need.

Another potential (but not guaranteed) source of difference is the
automatic time-scaling of the Argon2 parameter choice. So I've turned
that off too, while I'm at it.
This commit is contained in:
Simon Tatham
2021-02-21 14:37:59 +00:00
parent 342972ee60
commit 8eb4cd5674
4 changed files with 30 additions and 1 deletions

View File

@ -1507,7 +1507,10 @@ strbuf *ppk_save_sb(ssh2_userkey *key, const char *passphrase,
/* Invent a salt for the password hash. */
strbuf *passphrase_salt = strbuf_new();
random_read(strbuf_append(passphrase_salt, 16), 16);
if (params.salt)
put_data(passphrase_salt, params.salt, params.saltlen);
else
random_read(strbuf_append(passphrase_salt, 16), 16);
cipher_mac_keys_blob = strbuf_new();
ssh2_ppk_derive_keys(3, ciphertype,