highperfocused/bitcoin
1
0
Fork 0
mirror of https://github.com/bitcoin/bitcoin.git synced 2026-04-27 07:18:33 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge #14742: Properly generate salt in rpcauth.py

Browse Source 
6be7d14d24 Properly generate salt in rpcauth.py, update tests (Carl Dong)

Pull request description:

  Previously, when iterating over bytes of the generated salt to construct
  a hex string, only one character would be outputted when the byte is
  less than 0x10. Meaning that for a 16 byte salt, the hex string might be
  less than 32 characters and collisions would occur.

Tree-SHA512: 7038ecbbac846cd1851112396acd8a04475685f5b6f786e4e7316acba4a56cc711c275b7f52f0f2b6bc6cfdc0c0d9d39c3afeb2c0aff3a30fde516bf642fdf9f
This commit is contained in:
Wladimir J. van der Laan
2018-11-21 10:20:41 +01:00
parent 6b90a2a0e0 6be7d14d24
commit 267793af8b
2 changed files with 9 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
test/util/rpcauth-test.py
View File

@@ -24,8 +24,8 @@ class TestRPCAuth(unittest.TestCase):
self.rpcauth = importlib.import_module('rpcauth')
def test_generate_salt(self):
self.assertLessEqual(len(self.rpcauth.generate_salt()), 32)
self.assertGreaterEqual(len(self.rpcauth.generate_salt()), 16)
for i in range(16, 32 + 1):
self.assertEqual(len(self.rpcauth.generate_salt(i)), i * 2)
def test_generate_password(self):
password = self.rpcauth.generate_password()
@@ -34,7 +34,7 @@ class TestRPCAuth(unittest.TestCase):
self.assertEqual(expected_password, password)
def test_check_password_hmac(self):
salt = self.rpcauth.generate_salt()
salt = self.rpcauth.generate_salt(16)
password = self.rpcauth.generate_password()
password_hmac = self.rpcauth.password_to_hmac(salt, password)