passwd_md5,
passwd_apr1,
passwd_sha256,
- passwd_sha512
+ passwd_sha512,
+ passwd_aixmd5
} passwd_modes;
static int do_passwd(int passed_salt, char **salt_p, char **salt_malloc_p,
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
OPT_IN,
OPT_NOVERIFY, OPT_QUIET, OPT_TABLE, OPT_REVERSE, OPT_APR1,
- OPT_1, OPT_5, OPT_6, OPT_CRYPT, OPT_SALT, OPT_STDIN
+ OPT_1, OPT_5, OPT_6, OPT_CRYPT, OPT_AIXMD5, OPT_SALT, OPT_STDIN
} OPTION_CHOICE;
-OPTIONS passwd_options[] = {
+const OPTIONS passwd_options[] = {
{"help", OPT_HELP, '-', "Display this summary"},
{"in", OPT_IN, '<', "Pead passwords from file"},
{"noverify", OPT_NOVERIFY, '-',
# ifndef NO_MD5CRYPT_1
{"apr1", OPT_APR1, '-', "MD5-based password algorithm, Apache variant"},
{"1", OPT_1, '-', "MD5-based password algorithm"},
+ {"aixmd5", OPT_AIXMD5, '-', "AIX MD5-based password algorithm"},
# endif
# ifndef OPENSSL_NO_DES
{"crypt", OPT_CRYPT, '-', "Standard Unix password algorithm (default)"},
goto opthelp;
mode = passwd_apr1;
break;
+ case OPT_AIXMD5:
+ if (mode != passwd_unset)
+ goto opthelp;
+ mode = passwd_aixmd5;
+ break;
case OPT_CRYPT:
if (mode != passwd_unset)
goto opthelp;
goto opthelp;
# endif
# ifdef NO_MD5CRYPT_1
- if (mode == passwd_md5 || mode == passwd_apr1)
+ if (mode == passwd_md5 || mode == passwd_apr1 || mode == passwd_aixmd5)
goto opthelp;
# endif
# ifdef NO_SHACRYPT
size_t passwd_len, salt_len, magic_len;
passwd_len = strlen(passwd);
- out_buf[0] = '$';
- out_buf[1] = 0;
+
+ out_buf[0] = 0;
magic_len = strlen(magic);
- if (magic_len > 4) /* assert it's "1" or "apr1" */
- return NULL;
+ if (magic_len > 0) {
+ out_buf[0] = '$';
+ out_buf[1] = 0;
+
+ if (magic_len > 4) /* assert it's "1" or "apr1" */
+ return NULL;
+
+ OPENSSL_strlcat(out_buf, magic, sizeof out_buf);
+ OPENSSL_strlcat(out_buf, "$", sizeof out_buf);
+ }
- OPENSSL_strlcat(out_buf, magic, sizeof out_buf);
- OPENSSL_strlcat(out_buf, "$", sizeof out_buf);
OPENSSL_strlcat(out_buf, salt, sizeof out_buf);
if (strlen(out_buf) > 6 + 8) /* assert "$apr1$..salt.." */
return NULL;
- salt_out = out_buf + 2 + magic_len;
+ salt_out = out_buf;
+ if (magic_len > 0)
+ salt_out += 2 + magic_len;
salt_len = strlen(salt_out);
if (salt_len > 8)
md = EVP_MD_CTX_new();
if (md == NULL
|| !EVP_DigestInit_ex(md, EVP_md5(), NULL)
- || !EVP_DigestUpdate(md, passwd, passwd_len)
- || !EVP_DigestUpdate(md, "$", 1)
- || !EVP_DigestUpdate(md, magic, magic_len)
- || !EVP_DigestUpdate(md, "$", 1)
- || !EVP_DigestUpdate(md, salt_out, salt_len))
+ || !EVP_DigestUpdate(md, passwd, passwd_len))
+ goto err;
+
+ if (magic_len > 0)
+ if (!EVP_DigestUpdate(md, "$", 1)
+ || !EVP_DigestUpdate(md, magic, magic_len)
+ || !EVP_DigestUpdate(md, "$", 1))
+ goto err;
+
+ if (!EVP_DigestUpdate(md, salt_out, salt_len))
goto err;
md2 = EVP_MD_CTX_new();
OPENSSL_strlcat(out_buf, magic, sizeof out_buf);
OPENSSL_strlcat(out_buf, "$", sizeof out_buf);
if (rounds_custom) {
- char tmp_buf[7 + 9 + 1]; /* "rounds=999999999" */
- sprintf(tmp_buf, "rounds=%lu", rounds);
+ char tmp_buf[80]; /* "rounds=999999999" */
+ sprintf(tmp_buf, "rounds=%"OSSLzu, rounds);
OPENSSL_strlcat(out_buf, tmp_buf, sizeof out_buf);
OPENSSL_strlcat(out_buf, "$", sizeof out_buf);
}
# endif /* !OPENSSL_NO_DES */
# ifndef NO_MD5CRYPT_1
- if (mode == passwd_md5 || mode == passwd_apr1) {
+ if (mode == passwd_md5 || mode == passwd_apr1 || mode == passwd_aixmd5) {
int i;
if (*salt_malloc_p == NULL) {
# ifndef NO_MD5CRYPT_1
if (mode == passwd_md5 || mode == passwd_apr1)
hash = md5crypt(passwd, (mode == passwd_md5 ? "1" : "apr1"), *salt_p);
+ if (mode == passwd_aixmd5)
+ hash = md5crypt(passwd, "", *salt_p);
# endif
# ifndef NO_SHACRYPT
if (mode == passwd_sha256 || mode == passwd_sha512)