* https://www.openssl.org/source/license.html
*/
-/* We need to use some deprecated APIs */
-#define OPENSSL_SUPPRESS_DEPRECATED
-
#include <string.h>
#include "apps.h"
typedef enum {
passwd_unset = 0,
- passwd_crypt,
passwd_md5,
passwd_apr1,
passwd_sha256,
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
OPT_IN,
OPT_NOVERIFY, OPT_QUIET, OPT_TABLE, OPT_REVERSE, OPT_APR1,
- OPT_1, OPT_5, OPT_6, OPT_CRYPT, OPT_AIXMD5, OPT_SALT, OPT_STDIN,
+ OPT_1, OPT_5, OPT_6, OPT_AIXMD5, OPT_SALT, OPT_STDIN,
OPT_R_ENUM, OPT_PROV_ENUM
} OPTION_CHOICE;
{"apr1", OPT_APR1, '-', "MD5-based password algorithm, Apache variant"},
{"1", OPT_1, '-', "MD5-based password algorithm"},
{"aixmd5", OPT_AIXMD5, '-', "AIX MD5-based password algorithm"},
-#if !defined(OPENSSL_NO_DES) && !defined(OPENSSL_NO_DEPRECATED_3_0)
- {"crypt", OPT_CRYPT, '-', "Standard Unix password algorithm (default)"},
-#endif
OPT_R_OPTIONS,
OPT_PROV_OPTIONS,
goto opthelp;
mode = passwd_aixmd5;
break;
- case OPT_CRYPT:
-#if !defined(OPENSSL_NO_DES) && !defined(OPENSSL_NO_DEPRECATED_3_0)
- if (mode != passwd_unset)
- goto opthelp;
- mode = passwd_crypt;
-#endif
- break;
case OPT_SALT:
passed_salt = 1;
salt = opt_arg();
if (mode == passwd_unset) {
/* use default */
- mode = passwd_crypt;
+ mode = passwd_md5;
}
-#if defined(OPENSSL_NO_DES) || defined(OPENSSL_NO_DEPRECATED_3_0)
- if (mode == passwd_crypt)
- goto opthelp;
-#endif
-
if (infile != NULL && in_stdin) {
BIO_printf(bio_err, "%s: Can't combine -in and -stdin\n", prog);
goto end;
goto end;
}
- if (mode == passwd_crypt)
- pw_maxlen = 8;
-
if (passwds == NULL) {
/* no passwords on the command line */
size_t saltlen = 0;
size_t i;
-#if !defined(OPENSSL_NO_DES) && !defined(OPENSSL_NO_DEPRECATED_3_0)
- if (mode == passwd_crypt)
- saltlen = 2;
-#endif /* !OPENSSL_NO_DES */
-
if (mode == passwd_md5 || mode == passwd_apr1 || mode == passwd_aixmd5)
saltlen = 8;
assert(strlen(passwd) <= pw_maxlen);
/* now compute password hash */
-#if !defined(OPENSSL_NO_DES) && !defined(OPENSSL_NO_DEPRECATED_3_0)
- if (mode == passwd_crypt)
- hash = DES_crypt(passwd, *salt_p);
-#endif
if (mode == passwd_md5 || mode == passwd_apr1)
hash = md5crypt(passwd, (mode == passwd_md5 ? "1" : "apr1"), *salt_p);
if (mode == passwd_aixmd5)
B<openssl passwd>
[B<-help>]
-[B<-crypt>]
[B<-1>]
[B<-apr1>]
[B<-aixmd5>]
run-time or the hash of each password in a list. The password list is
taken from the named file for option B<-in>, from stdin for
option B<-stdin>, or from the command line, or from the terminal otherwise.
-The Unix standard algorithm B<-crypt> and the MD5-based BSD password
-algorithm B<-1>, its Apache variant B<-apr1>, and its AIX variant are
-available.
+The MD5-based BSD password algorithm B<-1>, its Apache variant B<-apr1>,
+and its AIX variant are available.
=head1 OPTIONS
Print out a usage message.
-=item B<-crypt>
-
-Use the B<crypt> algorithm (default).
-
=item B<-1>
-Use the MD5 based BSD password algorithm B<1>.
+Use the MD5 based BSD password algorithm B<1> (default).
=item B<-apr1>
=head1 EXAMPLES
- % openssl passwd -crypt -salt xx password
- xxj31ZMTZzkVA
-
% openssl passwd -1 -salt xxxxxxxx password
$1$xxxxxxxx$UYCIxa628.9qXjpQCjM4a.
% openssl passwd -aixmd5 -salt xxxxxxxx password
xxxxxxxx$8Oaipk/GPKhC64w/YVeFD/
+=head1 HISTORY
+
+The B<-crypt> option was removed in OpenSSL 3.0.
+
=head1 COPYRIGHT
Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved.
expected => '$6$rounds=1000$roundstoolow$kUMsbe306n21p9R.FRkW3IGn.S9NPN0x50YhH1xhLsPuWGsUSklZt58jaTfF4ZEQpyUNGc0dqbpBYYBaHHrsX.' }
);
-plan tests => (disabled("des") || disabled('deprecated-3.0') ? 9 : 11) + scalar @sha_tests;
+plan tests => 9 + scalar @sha_tests;
-ok(compare1stline_re([qw{openssl passwd password}], '^.{13}\R$'),
- 'crypt password with random salt')
- if !disabled("des") && !disabled('deprecated-3.0');
ok(compare1stline_re([qw{openssl passwd -1 password}], '^\$1\$.{8}\$.{22}\R$'),
'BSD style MD5 password with random salt');
ok(compare1stline_re([qw{openssl passwd -apr1 password}], '^\$apr1\$.{8}\$.{22}\R$'),
ok(compare1stline_re([qw{openssl passwd -6 password}], '^\$6\$.{16}\$.{86}\R$'),
'Apache SHA512 password with random salt');
-ok(compare1stline([qw{openssl passwd -salt xx password}], 'xxj31ZMTZzkVA'),
- 'crypt password with salt xx')
- if !disabled("des") && !disabled('deprecated-3.0');
ok(compare1stline([qw{openssl passwd -salt xxxxxxxx -1 password}], '$1$xxxxxxxx$UYCIxa628.9qXjpQCjM4a.'),
'BSD style MD5 password with salt xxxxxxxx');
ok(compare1stline([qw{openssl passwd -salt xxxxxxxx -apr1 password}], '$apr1$xxxxxxxx$dxHfLAsjHkDRmG83UXe8K0'),