/* apps/passwd.c */
-#if defined NO_MD5 || defined CHARSET_EBCDIC
+#if defined OPENSSL_NO_MD5 || defined CHARSET_EBCDIC
# define NO_MD5CRYPT_1
#endif
-#if !defined(NO_DES) || !defined(NO_MD5CRYPT_1)
+#if !defined(OPENSSL_NO_DES) || !defined(NO_MD5CRYPT_1)
#include <assert.h>
#include <string.h>
#include <openssl/evp.h>
#include <openssl/rand.h>
-#ifndef NO_DES
+#ifndef OPENSSL_NO_DES
# include <openssl/des.h>
#endif
#ifndef NO_MD5CRYPT_1
char *passwd, BIO *out, int quiet, int table, int reverse,
size_t pw_maxlen, int usecrypt, int use1, int useapr1);
-/* -crypt - standard Unix password algorithm (default, only choice)
+/* -crypt - standard Unix password algorithm (default)
* -1 - MD5-based password algorithm
* -apr1 - MD5-based password algorithm, Apache variant
* -salt string - salt
* -in file - read passwords from file
* -stdin - read passwords from stdin
+ * -noverify - never verify when reading password from terminal
* -quiet - no warnings
* -table - format output as table
* -reverse - switch table columns
int ret = 1;
char *infile = NULL;
int in_stdin = 0;
+ int in_noverify = 0;
char *salt = NULL, *passwd = NULL, **passwds = NULL;
char *salt_malloc = NULL, *passwd_malloc = NULL;
size_t passwd_malloc_size = 0;
if (out == NULL)
goto err;
BIO_set_fp(out, stdout, BIO_NOCLOSE | BIO_FP_TEXT);
+#ifdef OPENSSL_SYS_VMS
+ {
+ BIO *tmpbio = BIO_new(BIO_f_linebuffer());
+ out = BIO_push(tmpbio, out);
+ }
+#endif
badopt = 0, opt_done = 0;
i = 0;
else
badopt = 1;
}
+ else if (strcmp(argv[i], "-noverify") == 0)
+ in_noverify = 1;
else if (strcmp(argv[i], "-quiet") == 0)
quiet = 1;
else if (strcmp(argv[i], "-table") == 0)
badopt = 1;
/* reject unsupported algorithms */
-#ifdef NO_DES
+#ifdef OPENSSL_NO_DES
if (usecrypt) badopt = 1;
#endif
#ifdef NO_MD5CRYPT_1
{
BIO_printf(bio_err, "Usage: passwd [options] [passwords]\n");
BIO_printf(bio_err, "where options are\n");
-#ifndef NO_DES
+#ifndef OPENSSL_NO_DES
BIO_printf(bio_err, "-crypt standard Unix password algorithm (default)\n");
#endif
#ifndef NO_MD5CRYPT_1
BIO_printf(bio_err, "-salt string use provided salt\n");
BIO_printf(bio_err, "-in file read passwords from file\n");
BIO_printf(bio_err, "-stdin read passwords from stdin\n");
+ BIO_printf(bio_err, "-noverify never verify when reading password from terminal\n");
BIO_printf(bio_err, "-quiet no warnings\n");
BIO_printf(bio_err, "-table format output as table\n");
BIO_printf(bio_err, "-reverse switch table columns\n");
passwds = passwds_static;
if (in == NULL)
- if (EVP_read_pw_string(passwd_malloc, passwd_malloc_size, "Password: ", 0) != 0)
+ if (EVP_read_pw_string(passwd_malloc, passwd_malloc_size, "Password: ", !(passed_salt || in_noverify)) != 0)
goto err;
passwds[0] = passwd_malloc;
}
if (in)
BIO_free(in);
if (out)
- BIO_free(out);
+ BIO_free_all(out);
EXIT(ret);
}
strncat(out_buf, "$", 1);
strncat(out_buf, salt, 8);
assert(strlen(out_buf) <= 6 + 8); /* "$apr1$..salt.." */
- salt_out = out_buf + 6;
+ salt_out = out_buf + 2 + strlen(magic);
salt_len = strlen(salt_out);
assert(salt_len <= 8);
/* first make sure we have a salt */
if (!passed_salt)
{
-#ifndef NO_DES
+#ifndef OPENSSL_NO_DES
if (usecrypt)
{
if (*salt_malloc_p == NULL)
* back to ASCII */
#endif
}
-#endif /* !NO_DES */
+#endif /* !OPENSSL_NO_DES */
#ifndef NO_MD5CRYPT_1
if (use1 || useapr1)
assert(strlen(passwd) <= pw_maxlen);
/* now compute password hash */
-#ifndef NO_DES
+#ifndef OPENSSL_NO_DES
if (usecrypt)
hash = des_crypt(passwd, *salt_p);
#endif