Changes between 0.9.6 and 0.9.7 [xx XXX 2000]
+ *) In 'openssl passwd', verify passwords read from the terminal
+ unless the '-salt' option is used (which usually means that
+ verification would just waste user's time since the resulting
+ hash is going to be compared with some given password hash)
+ or the new '-noverify' option is used.
+
+ This is an incompatible change, but it does not affect
+ non-interactive use of 'openssl passwd' (passwords on the command
+ line, '-stdin' option, '-in ...' option) and thus should not
+ cause any problems.
+ [Bodo Moeller]
+
*) Remove all references to RSAref, since there's no more need for it.
[Richard Levitte]
* -salt string - salt
* -in file - read passwords from file
* -stdin - read passwords from stdin
+ * -noverify - never verify when reading password from terminal
* -quiet - no warnings
* -table - format output as table
* -reverse - switch table columns
int ret = 1;
char *infile = NULL;
int in_stdin = 0;
+ int in_noverify = 0;
char *salt = NULL, *passwd = NULL, **passwds = NULL;
char *salt_malloc = NULL, *passwd_malloc = NULL;
size_t passwd_malloc_size = 0;
else
badopt = 1;
}
+ else if (strcmp(argv[i], "-noverify") == 0)
+ in_noverify = 1;
else if (strcmp(argv[i], "-quiet") == 0)
quiet = 1;
else if (strcmp(argv[i], "-table") == 0)
BIO_printf(bio_err, "-salt string use provided salt\n");
BIO_printf(bio_err, "-in file read passwords from file\n");
BIO_printf(bio_err, "-stdin read passwords from stdin\n");
+ BIO_printf(bio_err, "-noverify never verify when reading password from terminal\n");
BIO_printf(bio_err, "-quiet no warnings\n");
BIO_printf(bio_err, "-table format output as table\n");
BIO_printf(bio_err, "-reverse switch table columns\n");
passwds = passwds_static;
if (in == NULL)
- if (EVP_read_pw_string(passwd_malloc, passwd_malloc_size, "Password: ", 0) != 0)
+ if (EVP_read_pw_string(passwd_malloc, passwd_malloc_size, "Password: ", !(passed_salt || in_noverify)) != 0)
goto err;
passwds[0] = passwd_malloc;
}
[B<-salt> I<string>]
[B<-in> I<file>]
[B<-stdin>]
+[B<-noverify>]
[B<-quiet>]
[B<-table>]
{I<password>}
The B<passwd> command computes the hash of a password typed at
run-time or the hash of each password in a list. The password list is
taken from the named file for option B<-in file>, from stdin for
-option B<-stdin>, and from the command line otherwise.
+option B<-stdin>, or from the command line, or from the terminal otherwise.
The Unix standard algorithm B<crypt> and the MD5-based BSD password
algorithm B<1> and its Apache variant B<apr1> are available.
=item B<-salt> I<string>
Use the specified salt.
+When reading a password from the terminal, this implies B<-noverify>.
=item B<-in> I<file>
Read passwords from B<stdin>.
+=item B<-noverify>
+
+Don't verify when reading a password from the terminal.
+
=item B<-quiet>
Don't output warnings when passwords given at the command line are truncated.
projects / openssl.git / commitdiff