diff options
Diffstat (limited to 'src/mongo/crypto')
-rw-r--r-- | src/mongo/crypto/mechanism_scram.cpp | 4 | ||||
-rw-r--r-- | src/mongo/crypto/mechanism_scram.h | 15 |
2 files changed, 15 insertions, 4 deletions
diff --git a/src/mongo/crypto/mechanism_scram.cpp b/src/mongo/crypto/mechanism_scram.cpp index df290cb6fa5..d0dc5965c99 100644 --- a/src/mongo/crypto/mechanism_scram.cpp +++ b/src/mongo/crypto/mechanism_scram.cpp @@ -202,6 +202,10 @@ bool verifyClientProof(StringData clientProof, StringData storedKey, StringData SHA1Block computedStoredKey = SHA1Block::computeHash(clientSignature.data(), clientSignature.size()); + if (storedKey.size() != computedStoredKey.size()) { + return false; + } + return consttimeMemEqual(reinterpret_cast<const unsigned char*>(storedKey.rawData()), computedStoredKey.data(), computedStoredKey.size()); diff --git a/src/mongo/crypto/mechanism_scram.h b/src/mongo/crypto/mechanism_scram.h index 97875394df1..25afe543bbb 100644 --- a/src/mongo/crypto/mechanism_scram.h +++ b/src/mongo/crypto/mechanism_scram.h @@ -54,15 +54,22 @@ const std::string serverKeyFieldName = "serverKey"; */ struct SCRAMPresecrets { SCRAMPresecrets(std::string hashedPassword, - std::vector<std::uint8_t> salt, - size_t iterationCount) + std::vector<std::uint8_t> salt_, + size_t iterationCount_) : hashedPassword(std::move(hashedPassword)), - salt(std::move(salt)), - iterationCount(iterationCount) {} + salt(std::move(salt_)), + iterationCount(iterationCount_) { + uassert(ErrorCodes::BadValue, + "Invalid salt for SCRAM mechanism", + salt.size() >= kSaltLengthMin); + } std::string hashedPassword; std::vector<std::uint8_t> salt; size_t iterationCount; + +private: + static const size_t kSaltLengthMin = 16; }; inline bool operator==(const SCRAMPresecrets& lhs, const SCRAMPresecrets& rhs) { |