X-Git-Url: https://git.openssl.org/?p=openssl.git;a=blobdiff_plain;f=apps%2Fpasswd.c;h=ea27c18fb78c0dea4662f0dcf66bf5844e282c78;hp=4820f706cccce1f580b93c791a15acb435236bf1;hb=a303e9a6a8c3a942bbd8d871df7b81b7ec339ef9;hpb=a4c74e88e4bfce51cca22ed9d73d7d6bd96b4b87 diff --git a/apps/passwd.c b/apps/passwd.c index 4820f706cc..ea27c18fb7 100644 --- a/apps/passwd.c +++ b/apps/passwd.c @@ -1,5 +1,5 @@ /* - * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -65,12 +65,13 @@ typedef enum OPTION_choice { OPT_ERR = -1, OPT_EOF = 0, OPT_HELP, OPT_IN, OPT_NOVERIFY, OPT_QUIET, OPT_TABLE, OPT_REVERSE, OPT_APR1, - OPT_1, OPT_5, OPT_6, OPT_CRYPT, OPT_AIXMD5, OPT_SALT, OPT_STDIN + OPT_1, OPT_5, OPT_6, OPT_CRYPT, OPT_AIXMD5, OPT_SALT, OPT_STDIN, + OPT_R_ENUM } OPTION_CHOICE; const OPTIONS passwd_options[] = { {"help", OPT_HELP, '-', "Display this summary"}, - {"in", OPT_IN, '<', "Pead passwords from file"}, + {"in", OPT_IN, '<', "Read passwords from file"}, {"noverify", OPT_NOVERIFY, '-', "Never verify when reading password from terminal"}, {"quiet", OPT_QUIET, '-', "No warnings"}, @@ -90,6 +91,7 @@ const OPTIONS passwd_options[] = { # ifndef OPENSSL_NO_DES {"crypt", OPT_CRYPT, '-', "Standard Unix password algorithm (default)"}, # endif + OPT_R_OPTIONS, {NULL} }; @@ -100,9 +102,9 @@ int passwd_main(int argc, char **argv) char *salt_malloc = NULL, *passwd_malloc = NULL, *prog; OPTION_CHOICE o; int in_stdin = 0, pw_source_defined = 0; -#ifndef OPENSSL_NO_UI +# ifndef OPENSSL_NO_UI_CONSOLE int in_noverify = 0; -#endif +# endif int passed_salt = 0, quiet = 0, table = 0, reverse = 0; int ret = 1; passwd_modes mode = passwd_unset; @@ -129,9 +131,9 @@ int passwd_main(int argc, char **argv) pw_source_defined = 1; break; case OPT_NOVERIFY: -#ifndef OPENSSL_NO_UI +# ifndef OPENSSL_NO_UI_CONSOLE in_noverify = 1; -#endif +# endif break; case OPT_QUIET: quiet = 1; @@ -182,12 +184,16 @@ int passwd_main(int argc, char **argv) in_stdin = 1; pw_source_defined = 1; break; + case OPT_R_CASES: + if (!opt_rand(o)) + goto end; + break; } } argc = opt_num_rest(); argv = opt_rest(); - if (*argv) { + if (*argv != NULL) { if (pw_source_defined) goto opthelp; pw_source_defined = 1; @@ -240,26 +246,31 @@ int passwd_main(int argc, char **argv) } if ((in == NULL) && (passwds == NULL)) { + /* + * we use the following method to make sure what + * in the 'else' section is always compiled, to + * avoid rot of not-frequently-used code. + */ if (1) { -#ifndef OPENSSL_NO_UI +# ifndef OPENSSL_NO_UI_CONSOLE /* build a null-terminated list */ static char *passwds_static[2] = { NULL, NULL }; passwds = passwds_static; - if (in == NULL) + if (in == NULL) { if (EVP_read_pw_string (passwd_malloc, passwd_malloc_size, "Password: ", !(passed_salt || in_noverify)) != 0) goto end; + } passwds[0] = passwd_malloc; } else { -#endif +# endif BIO_printf(bio_err, "password required\n"); goto end; } } - if (in == NULL) { assert(passwds != NULL); assert(*passwds != NULL); @@ -269,11 +280,9 @@ int passwd_main(int argc, char **argv) if (!do_passwd(passed_salt, &salt, &salt_malloc, passwd, bio_out, quiet, table, reverse, pw_maxlen, mode)) goto end; - } - while (*passwds != NULL); - } else + } while (*passwds != NULL); + } else { /* in != NULL */ - { int done; assert(passwd != NULL); @@ -281,9 +290,9 @@ int passwd_main(int argc, char **argv) int r = BIO_gets(in, passwd, pw_maxlen + 1); if (r > 0) { char *c = (strchr(passwd, '\n')); - if (c != NULL) + if (c != NULL) { *c = 0; /* truncate at newline */ - else { + } else { /* ignore rest of line */ char trash[BUFSIZ]; do @@ -297,8 +306,7 @@ int passwd_main(int argc, char **argv) goto end; } done = (r <= 0); - } - while (!done); + } while (!done); } ret = 0; @@ -484,13 +492,13 @@ static char *shacrypt(const char *passwd, const char *magic, const char *salt) /* Prefix for optional rounds specification. */ static const char rounds_prefix[] = "rounds="; /* Maximum salt string length. */ -#define SALT_LEN_MAX 16 +# define SALT_LEN_MAX 16 /* Default number of rounds if not explicitly specified. */ -#define ROUNDS_DEFAULT 5000 +# define ROUNDS_DEFAULT 5000 /* Minimum number of rounds. */ -#define ROUNDS_MIN 1000 +# define ROUNDS_MIN 1000 /* Maximum number of rounds. */ -#define ROUNDS_MAX 999999999 +# define ROUNDS_MAX 999999999 /* "$6$rounds=$......salt......$...shahash(up to 86 chars)...\0" */ static char out_buf[3 + 17 + 17 + 86 + 1]; @@ -668,7 +676,7 @@ static char *shacrypt(const char *passwd, const char *magic, const char *salt) cp = out_buf + strlen(out_buf); *cp++ = '$'; -#define b64_from_24bit(B2, B1, B0, N) \ +# define b64_from_24bit(B2, B1, B0, N) \ do { \ unsigned int w = ((B2) << 16) | ((B1) << 8) | (B0); \ int i = (N); \ @@ -746,9 +754,8 @@ static int do_passwd(int passed_salt, char **salt_p, char **salt_malloc_p, if (!passed_salt) { # ifndef OPENSSL_NO_DES if (mode == passwd_crypt) { - if (*salt_malloc_p == NULL) { + if (*salt_malloc_p == NULL) *salt_p = *salt_malloc_p = app_malloc(3, "salt buffer"); - } if (RAND_bytes((unsigned char *)*salt_p, 2) <= 0) goto end; (*salt_p)[0] = cov_2char[(*salt_p)[0] & 0x3f]; /* 6 bits */ @@ -765,9 +772,8 @@ static int do_passwd(int passed_salt, char **salt_p, char **salt_malloc_p, if (mode == passwd_md5 || mode == passwd_apr1 || mode == passwd_aixmd5) { int i; - if (*salt_malloc_p == NULL) { + if (*salt_malloc_p == NULL) *salt_p = *salt_malloc_p = app_malloc(9, "salt buffer"); - } if (RAND_bytes((unsigned char *)*salt_p, 8) <= 0) goto end; @@ -781,9 +787,8 @@ static int do_passwd(int passed_salt, char **salt_p, char **salt_malloc_p, if (mode == passwd_sha256 || mode == passwd_sha512) { int i; - if (*salt_malloc_p == NULL) { + if (*salt_malloc_p == NULL) *salt_p = *salt_malloc_p = app_malloc(17, "salt buffer"); - } if (RAND_bytes((unsigned char *)*salt_p, 16) <= 0) goto end;