test implementation of bcrypt out of process, to assess issue #694

bin/browserid

@@ -207,12 +207,8 @@ db.open(config.get('database'), function (error) {
     // some test users
     if (process.env['CREATE_TEST_USERS']) {
       logger.warn("creating test users... this can take a while...");
-      bcrypt.gen_salt(config.get('bcrypt_work_factor'), function (err, salt) {
-        if (err) {
-          logger.error("error creating test users - bcrypt salt gen: " + err);
-          process.exit(1);
-        }
-        bcrypt.encrypt("THE PASSWORD", salt, function(err, hash) {
+      require('../lib/bcrypt').encrypt(
+        config.get('bcrypt_work_factor'), "THE PASSWORD", function(err, hash) {
           if (err) {
             logger.error("error creating test users - bcrypt encrypt pass: " + err);
             process.exit(1);
@@ -227,7 +223,6 @@ db.open(config.get('database'), function (error) {
             });
           }
         });
-      });
     }
   });
 });

lib/bcrypt-compute.js

+const bcrypt = require('bcrypt');
+
+process.on('message', function(m) {
+  if (m.op === 'encrypt') {
+    var r = bcrypt.encrypt_sync(m.pass, bcrypt.gen_salt_sync(m.factor));
+    process.send({r:r});
+  } else if (m.op === 'compare') {
+    var r = bcrypt.compare_sync(m.pass, m.hash);
+    process.send({r:r});
+  }
+});

lib/bcrypt.js

+const
+computecluster = require('compute-cluster'),
+logger = require('../lib/logging.js').logger;
+
+var cc = new computecluster({
+  module: path.join(__dirname, "bcrypt-compute.js"),
+  max_backlog: 100000
+});
+
+cc.on('error', function(e) {
+  logger.error("error detected in bcrypt computation process!  fatal: " + e.toString());
+  setTimeout(function() { process.exit(1); }, 0);
+}).on('info', function(msg) {
+  logger.info("(compute cluster): " + msg);
+}).on('debug', function(msg) {
+  logger.debug("(compute cluster): " + msg);
+});
+
+exports.encrypt = function(workFactor, password, cb) {
+  cc.enqueue({
+    op: 'encrypt',
+    factor: workFactor,
+    pass: password
+  }, function(err, r) {
+    cb(err, r ? r.r : undefined);
+  });
+};
+
+exports.compare = function(pass, hash, cb) {
+  cc.enqueue({
+    op: 'compare',
+    pass: pass,
+    hash: hash
+  }, function(err, r) {
+    cb(err, r ? r.r : undefined);
+  })
+};
+
+exports.get_rounds = function(hash) {
+  return bcrypt.get_rounds(hash);
+};
\ No newline at end of file

lib/wsapi.js

@@ -22,8 +22,8 @@ url = require('url'),
 fs = require('fs'),
 path = require('path'),
 validate = require('./validate'),
-bcrypt = require('bcrypt'),
 statsd = require('./statsd');
+bcrypt = require('./bcrypt');
 
 const COOKIE_SECRET = secrets.hydrateSecret('browserid_cookie', config.get('var_path'));
 const COOKIE_KEY = 'browserid_state';
@@ -56,25 +56,10 @@ function isAuthed(req) {
 
 function bcryptPassword(password, cb) {
   var startTime = new Date();
-  var bcryptWorkFactor = config.get('bcrypt_work_factor');
-
-  bcrypt.gen_salt(bcryptWorkFactor, function (err, salt) {
-    if (err) {
-      var msg = "error generating salt with bcrypt: " + err;
-      logger.error(msg);
-      return cb(msg);
-    }
-    bcrypt.encrypt(password, salt, function(err, hash) {
-      var reqTime = new Date - startTime;
-      statsd.timing('bcrypt.encrypt_time', reqTime);
-
-      if (err) {
-        var msg = "error generating password hash with bcrypt: " + err;
-        logger.error(msg);
-        return cb(msg);
-      }
-      return cb(undefined, hash);
-    });
+  bcrypt.encrypt(config.get('bcrypt_work_factor'), password, function() {
+    var reqTime = new Date - startTime;
+    statsd.timing('bcrypt.encrypt_time', reqTime);
+    cb.apply(null, arguments);
   });
 };
 

lib/wsapi/authenticate_user.js

@@ -3,7 +3,7 @@ db = require('../db.js'),
 wsapi = require('../wsapi.js'),
 httputils = require('../httputils'),
 logger = require('../logging.js').logger,
-bcrypt = require('bcrypt'),
+bcrypt = require('../bcrypt'),
 http = require('http'),
 https = require('https'),
 querystring = require('querystring'),

lib/wsapi/update_password.js

@@ -3,7 +3,7 @@ db = require('../db.js'),
 wsapi = require('../wsapi.js'),
 httputils = require('../httputils'),
 logger = require('../logging.js').logger,
-bcrypt = require('bcrypt');
+bcrypt = require('../bcrypt');
 
 exports.method = 'post';
 exports.writes_db = true;