diff options
Diffstat (limited to 'crypto/openssl/apps/passwd.c')
| -rw-r--r-- | crypto/openssl/apps/passwd.c | 101 |
1 files changed, 64 insertions, 37 deletions
diff --git a/crypto/openssl/apps/passwd.c b/crypto/openssl/apps/passwd.c index c7e21d2..6851a99 100644 --- a/crypto/openssl/apps/passwd.c +++ b/crypto/openssl/apps/passwd.c @@ -1,10 +1,10 @@ /* apps/passwd.c */ #if defined NO_MD5 || defined CHARSET_EBCDIC -# define NO_APR1 +# define NO_MD5CRYPT_1 #endif -#if !defined(NO_DES) || !defined(NO_APR1) +#if !defined(NO_DES) || !defined(NO_MD5CRYPT_1) #include <assert.h> #include <string.h> @@ -19,7 +19,7 @@ #ifndef NO_DES # include <openssl/des.h> #endif -#ifndef NO_APR1 +#ifndef NO_MD5CRYPT_1 # include <openssl/md5.h> #endif @@ -42,10 +42,11 @@ static unsigned const char cov_2char[64]={ static int do_passwd(int passed_salt, char **salt_p, char **salt_malloc_p, char *passwd, BIO *out, int quiet, int table, int reverse, - size_t pw_maxlen, int usecrypt, int useapr1); + size_t pw_maxlen, int usecrypt, int use1, int useapr1); -/* -crypt - standard Unix password algorithm (default, only choice) - * -apr1 - MD5-based password algorithm +/* -crypt - standard Unix password algorithm (default) + * -1 - MD5-based password algorithm + * -apr1 - MD5-based password algorithm, Apache variant * -salt string - salt * -in file - read passwords from file * -stdin - read passwords from stdin @@ -63,11 +64,12 @@ int MAIN(int argc, char **argv) int in_stdin = 0; char *salt = NULL, *passwd = NULL, **passwds = NULL; char *salt_malloc = NULL, *passwd_malloc = NULL; + size_t passwd_malloc_size = 0; int pw_source_defined = 0; BIO *in = NULL, *out = NULL; int i, badopt, opt_done; int passed_salt = 0, quiet = 0, table = 0, reverse = 0; - int usecrypt = 0, useapr1 = 0; + int usecrypt = 0, use1 = 0, useapr1 = 0; size_t pw_maxlen = 0; apps_startup(); @@ -79,6 +81,12 @@ int MAIN(int argc, char **argv) if (out == NULL) goto err; BIO_set_fp(out, stdout, BIO_NOCLOSE | BIO_FP_TEXT); +#ifdef VMS + { + BIO *tmpbio = BIO_new(BIO_f_linebuffer()); + out = BIO_push(tmpbio, out); + } +#endif badopt = 0, opt_done = 0; i = 0; @@ -86,6 +94,8 @@ int MAIN(int argc, char **argv) { if (strcmp(argv[i], "-crypt") == 0) usecrypt = 1; + else if (strcmp(argv[i], "-1") == 0) + use1 = 1; else if (strcmp(argv[i], "-apr1") == 0) useapr1 = 1; else if (strcmp(argv[i], "-salt") == 0) @@ -137,17 +147,17 @@ int MAIN(int argc, char **argv) badopt = 1; } - if (!usecrypt && !useapr1) /* use default */ + if (!usecrypt && !use1 && !useapr1) /* use default */ usecrypt = 1; - if (usecrypt + useapr1 > 1) /* conflict */ + if (usecrypt + use1 + useapr1 > 1) /* conflict */ badopt = 1; /* reject unsupported algorithms */ #ifdef NO_DES if (usecrypt) badopt = 1; #endif -#ifdef NO_APR1 - if (useapr1) badopt = 1; +#ifdef NO_MD5CRYPT_1 + if (use1 || useapr1) badopt = 1; #endif if (badopt) @@ -157,8 +167,9 @@ int MAIN(int argc, char **argv) #ifndef NO_DES BIO_printf(bio_err, "-crypt standard Unix password algorithm (default)\n"); #endif -#ifndef NO_APR1 - BIO_printf(bio_err, "-apr1 MD5-based password algorithm\n"); +#ifndef NO_MD5CRYPT_1 + BIO_printf(bio_err, "-1 MD5-based password algorithm\n"); + BIO_printf(bio_err, "-apr1 MD5-based password algorithm, Apache variant\n"); #endif BIO_printf(bio_err, "-salt string use provided salt\n"); BIO_printf(bio_err, "-in file read passwords from file\n"); @@ -190,13 +201,16 @@ int MAIN(int argc, char **argv) if (usecrypt) pw_maxlen = 8; - else if (useapr1) + else if (use1 || useapr1) pw_maxlen = 256; /* arbitrary limit, should be enough for most passwords */ if (passwds == NULL) { /* no passwords on the command line */ - passwd = passwd_malloc = Malloc(pw_maxlen + 1); + + passwd_malloc_size = pw_maxlen + 2; + /* longer than necessary so that we can warn about truncation */ + passwd = passwd_malloc = OPENSSL_malloc(passwd_malloc_size); if (passwd_malloc == NULL) goto err; } @@ -208,7 +222,7 @@ int MAIN(int argc, char **argv) passwds = passwds_static; if (in == NULL) - if (EVP_read_pw_string(passwd_malloc, pw_maxlen + 1, "Password: ", 0) != 0) + if (EVP_read_pw_string(passwd_malloc, passwd_malloc_size, "Password: ", 0) != 0) goto err; passwds[0] = passwd_malloc; } @@ -222,7 +236,7 @@ int MAIN(int argc, char **argv) { passwd = *passwds++; if (!do_passwd(passed_salt, &salt, &salt_malloc, passwd, out, - quiet, table, reverse, pw_maxlen, usecrypt, useapr1)) + quiet, table, reverse, pw_maxlen, usecrypt, use1, useapr1)) goto err; } while (*passwds != NULL); @@ -251,7 +265,7 @@ int MAIN(int argc, char **argv) } if (!do_passwd(passed_salt, &salt, &salt_malloc, passwd, out, - quiet, table, reverse, pw_maxlen, usecrypt, useapr1)) + quiet, table, reverse, pw_maxlen, usecrypt, use1, useapr1)) goto err; } done = (r <= 0); @@ -262,22 +276,29 @@ int MAIN(int argc, char **argv) err: ERR_print_errors(bio_err); if (salt_malloc) - Free(salt_malloc); + OPENSSL_free(salt_malloc); if (passwd_malloc) - Free(passwd_malloc); + OPENSSL_free(passwd_malloc); if (in) BIO_free(in); if (out) - BIO_free(out); + BIO_free_all(out); EXIT(ret); } -#ifndef NO_APR1 -/* MD5-based password algorithm compatible to the one found in Apache - * (should probably be available as a library function; - * then the static buffer would not be acceptable) */ -static char *apr1_crypt(const char *passwd, const char *salt) +#ifndef NO_MD5CRYPT_1 +/* MD5-based password algorithm (should probably be available as a library + * function; then the static buffer would not be acceptable). + * For magic string "1", this should be compatible to the MD5-based BSD + * password algorithm. + * For 'magic' string "apr1", this is compatible to the MD5-based Apache + * password algorithm. + * (Apparently, the Apache password algorithm is identical except that the + * 'magic' string was changed -- the laziest application of the NIH principle + * I've ever encountered.) + */ +static char *md5crypt(const char *passwd, const char *magic, const char *salt) { static char out_buf[6 + 9 + 24 + 2]; /* "$apr1$..salt..$.......md5hash..........\0" */ unsigned char buf[MD5_DIGEST_LENGTH]; @@ -287,7 +308,11 @@ static char *apr1_crypt(const char *passwd, const char *salt) size_t passwd_len, salt_len; passwd_len = strlen(passwd); - strcpy(out_buf, "$apr1$"); + out_buf[0] = '$'; + out_buf[1] = 0; + assert(strlen(magic) <= 4); /* "1" or "apr1" */ + strncat(out_buf, magic, 4); + strncat(out_buf, "$", 1); strncat(out_buf, salt, 8); assert(strlen(out_buf) <= 6 + 8); /* "$apr1$..salt.." */ salt_out = out_buf + 6; @@ -296,7 +321,9 @@ static char *apr1_crypt(const char *passwd, const char *salt) MD5_Init(&md); MD5_Update(&md, passwd, passwd_len); - MD5_Update(&md, "$apr1$", 6); + MD5_Update(&md, "$", 1); + MD5_Update(&md, magic, strlen(magic)); + MD5_Update(&md, "$", 1); MD5_Update(&md, salt_out, salt_len); { @@ -380,7 +407,7 @@ static char *apr1_crypt(const char *passwd, const char *salt) static int do_passwd(int passed_salt, char **salt_p, char **salt_malloc_p, char *passwd, BIO *out, int quiet, int table, int reverse, - size_t pw_maxlen, int usecrypt, int useapr1) + size_t pw_maxlen, int usecrypt, int use1, int useapr1) { char *hash = NULL; @@ -395,7 +422,7 @@ static int do_passwd(int passed_salt, char **salt_p, char **salt_malloc_p, { if (*salt_malloc_p == NULL) { - *salt_p = *salt_malloc_p = Malloc(3); + *salt_p = *salt_malloc_p = OPENSSL_malloc(3); if (*salt_malloc_p == NULL) goto err; } @@ -411,14 +438,14 @@ static int do_passwd(int passed_salt, char **salt_p, char **salt_malloc_p, } #endif /* !NO_DES */ -#ifndef NO_APR1 - if (useapr1) +#ifndef NO_MD5CRYPT_1 + if (use1 || useapr1) { int i; if (*salt_malloc_p == NULL) { - *salt_p = *salt_malloc_p = Malloc(9); + *salt_p = *salt_malloc_p = OPENSSL_malloc(9); if (*salt_malloc_p == NULL) goto err; } @@ -429,7 +456,7 @@ static int do_passwd(int passed_salt, char **salt_p, char **salt_malloc_p, (*salt_p)[i] = cov_2char[(*salt_p)[i] & 0x3f]; /* 6 bits */ (*salt_p)[8] = 0; } -#endif /* !NO_APR1 */ +#endif /* !NO_MD5CRYPT_1 */ } assert(*salt_p != NULL); @@ -448,9 +475,9 @@ static int do_passwd(int passed_salt, char **salt_p, char **salt_malloc_p, if (usecrypt) hash = des_crypt(passwd, *salt_p); #endif -#ifndef NO_APR1 - if (useapr1) - hash = apr1_crypt(passwd, *salt_p); +#ifndef NO_MD5CRYPT_1 + if (use1 || useapr1) + hash = md5crypt(passwd, (use1 ? "1" : "apr1"), *salt_p); #endif assert(hash != NULL); |
