github/zot
1
0
Fork 0
mirror of https://github.com/project-zot/zot.git synced 2026-06-17 12:58:02 +08:00
Code Issues Packages Projects Releases Wiki Activity

fix: add support for sha256 and sha512 in htpasswd (#3497)

Browse Source 
feat: add support for sha256 and sha512 htpasswd formats

Fixes issue #3495

We currently support only bcrypt htpasswd hashes, however bcrypt is not
FIPS-140 approved since it uses Blowfish.

This PR adds support for sha256 and sha512 formats and enforces that
bcrypt be disabled when fips140 mode is enabled.

Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com>
This commit is contained in:
Ramkumar Chinchani
2025-11-09 05:28:29 -08:00
committed by GitHub
parent aaba362b4f
commit 04ae0a9409
26 changed files with 673 additions and 131 deletions
Download Patch File Download Diff File Expand all files Collapse all files
pkg/cli/client/client_test.go
+1 -1
View File
@@ -55,7 +55,7 @@ func TestTLSWithAuth(t *testing.T) {
username, seedUser := test.GenerateRandomString()
password, seedPass := test.GenerateRandomString()
htpasswdPath := test.MakeHtpasswdFileFromString(test.GetCredString(username, password))
htpasswdPath := test.MakeHtpasswdFileFromString(test.GetBcryptCredString(username, password))
defer os.Remove(htpasswdPath)
conf.HTTP.Auth = &config.AuthConfig{
pkg/cli/server/config_reloader_test.go
+1 -1
View File
@@ -31,7 +31,7 @@ func TestConfigReloader(t *testing.T) {
username := "alice"
password := "alice"
htpasswdPath := test.MakeHtpasswdFileFromString(test.GetCredString(username, password))
htpasswdPath := test.MakeHtpasswdFileFromString(test.GetBcryptCredString(username, password))
defer os.Remove(htpasswdPath)
defer os.Remove(logFile.Name()) // clean up