X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=blobdiff_plain;f=apps%2Fpasswd.c;h=4626eeb249613625a10852804ba7f84515223c58;hp=7ce40e058c4c2d30a090308cad376ddeda1c9ea4;hb=c6fec81b88131d08c1022504ccf6effa95497afb;hpb=48feaceb53fa6ae924e298b8eba0e247019313e4 diff --git a/apps/passwd.c b/apps/passwd.c index 7ce40e058c..4626eeb249 100644 --- a/apps/passwd.c +++ b/apps/passwd.c @@ -1,39 +1,29 @@ /* - * Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. * - * Licensed under the OpenSSL license (the "License"). You may not use + * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy * in the file LICENSE in the source distribution or at * https://www.openssl.org/source/license.html */ -#if defined OPENSSL_NO_MD5 || defined CHARSET_EBCDIC -# define NO_MD5CRYPT_1 -#endif - -#if defined OPENSSL_NO_SHA || defined CHARSET_EBCDIC -# define NO_SHACRYPT -#endif +/* We need to use some deprecated APIs */ +#define OPENSSL_SUPPRESS_DEPRECATED -#if !defined(OPENSSL_NO_DES) || !defined(NO_MD5CRYPT_1) || !defined(NO_SHACRYPT) +#include -# include +#include "apps.h" +#include "progs.h" -# include "apps.h" - -# include -# include -# include -# include -# ifndef OPENSSL_NO_DES -# include -# endif -# ifndef NO_MD5CRYPT_1 -# include -# endif -# ifndef NO_SHACRYPT -# include -# endif +#include +#include +#include +#include +#if !defined(OPENSSL_NO_DES) && !defined(OPENSSL_NO_DEPRECATED_3_0) +# include +#endif +#include +#include static unsigned const char cov_2char[64] = { /* from crypto/des/fcrypt.c */ @@ -47,6 +37,8 @@ static unsigned const char cov_2char[64] = { 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7A }; +static const char ascii_dollar[] = { 0x24, 0x00 }; + typedef enum { passwd_unset = 0, passwd_crypt, @@ -65,31 +57,42 @@ typedef enum OPTION_choice { OPT_ERR = -1, OPT_EOF = 0, OPT_HELP, OPT_IN, OPT_NOVERIFY, OPT_QUIET, OPT_TABLE, OPT_REVERSE, OPT_APR1, - OPT_1, OPT_5, OPT_6, OPT_CRYPT, OPT_AIXMD5, OPT_SALT, OPT_STDIN + OPT_1, OPT_5, OPT_6, OPT_CRYPT, OPT_AIXMD5, OPT_SALT, OPT_STDIN, + OPT_R_ENUM } OPTION_CHOICE; const OPTIONS passwd_options[] = { + {OPT_HELP_STR, 1, '-', "Usage: %s [options] [password]\n"}, + + OPT_SECTION("General"), {"help", OPT_HELP, '-', "Display this summary"}, + + OPT_SECTION("Input"), {"in", OPT_IN, '<', "Read passwords from file"}, {"noverify", OPT_NOVERIFY, '-', "Never verify when reading password from terminal"}, + {"stdin", OPT_STDIN, '-', "Read passwords from stdin"}, + + OPT_SECTION("Output"), {"quiet", OPT_QUIET, '-', "No warnings"}, {"table", OPT_TABLE, '-', "Format output as table"}, {"reverse", OPT_REVERSE, '-', "Switch table columns"}, + + OPT_SECTION("Cryptographic"), {"salt", OPT_SALT, 's', "Use provided salt"}, - {"stdin", OPT_STDIN, '-', "Read passwords from stdin"}, -# ifndef NO_SHACRYPT {"6", OPT_6, '-', "SHA512-based password algorithm"}, {"5", OPT_5, '-', "SHA256-based password algorithm"}, -# endif -# ifndef NO_MD5CRYPT_1 {"apr1", OPT_APR1, '-', "MD5-based password algorithm, Apache variant"}, {"1", OPT_1, '-', "MD5-based password algorithm"}, {"aixmd5", OPT_AIXMD5, '-', "AIX MD5-based password algorithm"}, -# endif -# ifndef OPENSSL_NO_DES +#if !defined(OPENSSL_NO_DES) && !defined(OPENSSL_NO_DEPRECATED_3_0) {"crypt", OPT_CRYPT, '-', "Standard Unix password algorithm (default)"}, -# endif +#endif + + OPT_R_OPTIONS, + + OPT_PARAMETERS(), + {"password", 0, 0, "Password text to digest (optional)"}, {NULL} }; @@ -100,9 +103,9 @@ int passwd_main(int argc, char **argv) char *salt_malloc = NULL, *passwd_malloc = NULL, *prog; OPTION_CHOICE o; int in_stdin = 0, pw_source_defined = 0; -# ifndef OPENSSL_NO_UI_CONSOLE +#ifndef OPENSSL_NO_UI_CONSOLE int in_noverify = 0; -# endif +#endif int passed_salt = 0, quiet = 0, table = 0, reverse = 0; int ret = 1; passwd_modes mode = passwd_unset; @@ -129,9 +132,9 @@ int passwd_main(int argc, char **argv) pw_source_defined = 1; break; case OPT_NOVERIFY: -# ifndef OPENSSL_NO_UI_CONSOLE +#ifndef OPENSSL_NO_UI_CONSOLE in_noverify = 1; -# endif +#endif break; case OPT_QUIET: quiet = 1; @@ -168,9 +171,11 @@ int passwd_main(int argc, char **argv) mode = passwd_aixmd5; break; case OPT_CRYPT: +#if !defined(OPENSSL_NO_DES) && !defined(OPENSSL_NO_DEPRECATED_3_0) if (mode != passwd_unset) goto opthelp; mode = passwd_crypt; +#endif break; case OPT_SALT: passed_salt = 1; @@ -182,6 +187,10 @@ int passwd_main(int argc, char **argv) in_stdin = 1; pw_source_defined = 1; break; + case OPT_R_CASES: + if (!opt_rand(o)) + goto end; + break; } } argc = opt_num_rest(); @@ -199,18 +208,10 @@ int passwd_main(int argc, char **argv) mode = passwd_crypt; } -# ifdef OPENSSL_NO_DES +#if defined(OPENSSL_NO_DES) || defined(OPENSSL_NO_DEPRECATED_3_0) if (mode == passwd_crypt) goto opthelp; -# endif -# ifdef NO_MD5CRYPT_1 - if (mode == passwd_md5 || mode == passwd_apr1 || mode == passwd_aixmd5) - goto opthelp; -# endif -# ifdef NO_SHACRYPT - if (mode == passwd_sha256 || mode == passwd_sha512) - goto opthelp; -# endif +#endif if (infile != NULL && in_stdin) { BIO_printf(bio_err, "%s: Can't combine -in and -stdin\n", prog); @@ -246,7 +247,7 @@ int passwd_main(int argc, char **argv) * avoid rot of not-frequently-used code. */ if (1) { -# ifndef OPENSSL_NO_UI_CONSOLE +#ifndef OPENSSL_NO_UI_CONSOLE /* build a null-terminated list */ static char *passwds_static[2] = { NULL, NULL }; @@ -259,7 +260,7 @@ int passwd_main(int argc, char **argv) } passwds[0] = passwd_malloc; } else { -# endif +#endif BIO_printf(bio_err, "password required\n"); goto end; } @@ -290,7 +291,7 @@ int passwd_main(int argc, char **argv) /* ignore rest of line */ char trash[BUFSIZ]; do - r = BIO_gets(in, trash, sizeof trash); + r = BIO_gets(in, trash, sizeof(trash)); while ((r > 0) && (!strchr(trash, '\n'))); } @@ -305,14 +306,15 @@ int passwd_main(int argc, char **argv) ret = 0; end: +#if 0 ERR_print_errors(bio_err); +#endif OPENSSL_free(salt_malloc); OPENSSL_free(passwd_malloc); BIO_free(in); - return (ret); + return ret; } -# ifndef NO_MD5CRYPT_1 /* * MD5-based password algorithm (should probably be available as a library * function; then the static buffer would not be acceptable). For magic @@ -327,6 +329,9 @@ static char *md5crypt(const char *passwd, const char *magic, const char *salt) /* "$apr1$..salt..$.......md5hash..........\0" */ static char out_buf[6 + 9 + 24 + 2]; unsigned char buf[MD5_DIGEST_LENGTH]; + char ascii_magic[5]; /* "apr1" plus '\0' */ + char ascii_salt[9]; /* Max 8 chars plus '\0' */ + char *ascii_passwd = NULL; char *salt_out; int n; unsigned int i; @@ -337,30 +342,48 @@ static char *md5crypt(const char *passwd, const char *magic, const char *salt) out_buf[0] = 0; magic_len = strlen(magic); + OPENSSL_strlcpy(ascii_magic, magic, sizeof(ascii_magic)); +#ifdef CHARSET_EBCDIC + if ((magic[0] & 0x80) != 0) /* High bit is 1 in EBCDIC alnums */ + ebcdic2ascii(ascii_magic, ascii_magic, magic_len); +#endif + + /* The salt gets truncated to 8 chars */ + OPENSSL_strlcpy(ascii_salt, salt, sizeof(ascii_salt)); + salt_len = strlen(ascii_salt); +#ifdef CHARSET_EBCDIC + ebcdic2ascii(ascii_salt, ascii_salt, salt_len); +#endif + +#ifdef CHARSET_EBCDIC + ascii_passwd = OPENSSL_strdup(passwd); + if (ascii_passwd == NULL) + return NULL; + ebcdic2ascii(ascii_passwd, ascii_passwd, passwd_len); + passwd = ascii_passwd; +#endif if (magic_len > 0) { - out_buf[0] = '$'; - out_buf[1] = 0; + OPENSSL_strlcat(out_buf, ascii_dollar, sizeof(out_buf)); if (magic_len > 4) /* assert it's "1" or "apr1" */ - return NULL; + goto err; - OPENSSL_strlcat(out_buf, magic, sizeof out_buf); - OPENSSL_strlcat(out_buf, "$", sizeof out_buf); + OPENSSL_strlcat(out_buf, ascii_magic, sizeof(out_buf)); + OPENSSL_strlcat(out_buf, ascii_dollar, sizeof(out_buf)); } - OPENSSL_strlcat(out_buf, salt, sizeof out_buf); + OPENSSL_strlcat(out_buf, ascii_salt, sizeof(out_buf)); if (strlen(out_buf) > 6 + 8) /* assert "$apr1$..salt.." */ - return NULL; + goto err; salt_out = out_buf; if (magic_len > 0) salt_out += 2 + magic_len; - salt_len = strlen(salt_out); if (salt_len > 8) - return NULL; + goto err; md = EVP_MD_CTX_new(); if (md == NULL @@ -369,25 +392,25 @@ static char *md5crypt(const char *passwd, const char *magic, const char *salt) goto err; if (magic_len > 0) - if (!EVP_DigestUpdate(md, "$", 1) - || !EVP_DigestUpdate(md, magic, magic_len) - || !EVP_DigestUpdate(md, "$", 1)) + if (!EVP_DigestUpdate(md, ascii_dollar, 1) + || !EVP_DigestUpdate(md, ascii_magic, magic_len) + || !EVP_DigestUpdate(md, ascii_dollar, 1)) goto err; - if (!EVP_DigestUpdate(md, salt_out, salt_len)) + if (!EVP_DigestUpdate(md, ascii_salt, salt_len)) goto err; md2 = EVP_MD_CTX_new(); if (md2 == NULL || !EVP_DigestInit_ex(md2, EVP_md5(), NULL) || !EVP_DigestUpdate(md2, passwd, passwd_len) - || !EVP_DigestUpdate(md2, salt_out, salt_len) + || !EVP_DigestUpdate(md2, ascii_salt, salt_len) || !EVP_DigestUpdate(md2, passwd, passwd_len) || !EVP_DigestFinal_ex(md2, buf, NULL)) goto err; - for (i = passwd_len; i > sizeof buf; i -= sizeof buf) { - if (!EVP_DigestUpdate(md, buf, sizeof buf)) + for (i = passwd_len; i > sizeof(buf); i -= sizeof(buf)) { + if (!EVP_DigestUpdate(md, buf, sizeof(buf))) goto err; } if (!EVP_DigestUpdate(md, buf, i)) @@ -407,10 +430,10 @@ static char *md5crypt(const char *passwd, const char *magic, const char *salt) goto err; if (!EVP_DigestUpdate(md2, (i & 1) ? (unsigned const char *)passwd : buf, - (i & 1) ? passwd_len : sizeof buf)) + (i & 1) ? passwd_len : sizeof(buf))) goto err; if (i % 3) { - if (!EVP_DigestUpdate(md2, salt_out, salt_len)) + if (!EVP_DigestUpdate(md2, ascii_salt, salt_len)) goto err; } if (i % 7) { @@ -419,7 +442,7 @@ static char *md5crypt(const char *passwd, const char *magic, const char *salt) } if (!EVP_DigestUpdate(md2, (i & 1) ? buf : (unsigned const char *)passwd, - (i & 1) ? sizeof buf : passwd_len)) + (i & 1) ? sizeof(buf) : passwd_len)) goto err; if (!EVP_DigestFinal_ex(md2, buf, NULL)) goto err; @@ -431,7 +454,7 @@ static char *md5crypt(const char *passwd, const char *magic, const char *salt) { /* transform buf into output string */ - unsigned char buf_perm[sizeof buf]; + unsigned char buf_perm[sizeof(buf)]; int dest, source; char *output; @@ -441,15 +464,15 @@ static char *md5crypt(const char *passwd, const char *magic, const char *salt) buf_perm[dest] = buf[source]; buf_perm[14] = buf[5]; buf_perm[15] = buf[11]; -# ifndef PEDANTIC /* Unfortunately, this generates a "no +# ifndef PEDANTIC /* Unfortunately, this generates a "no * effect" warning */ - assert(16 == sizeof buf_perm); -# endif + assert(16 == sizeof(buf_perm)); +# endif output = salt_out + salt_len; assert(output == out_buf + strlen(out_buf)); - *output++ = '$'; + *output++ = ascii_dollar[0]; for (i = 0; i < 15; i += 3) { *output++ = cov_2char[buf_perm[i + 2] & 0x3f]; @@ -464,18 +487,20 @@ static char *md5crypt(const char *passwd, const char *magic, const char *salt) *output++ = cov_2char[buf_perm[i] >> 6]; *output = 0; assert(strlen(out_buf) < sizeof(out_buf)); +#ifdef CHARSET_EBCDIC + ascii2ebcdic(out_buf, out_buf, strlen(out_buf)); +#endif } return out_buf; err: + OPENSSL_free(ascii_passwd); EVP_MD_CTX_free(md2); EVP_MD_CTX_free(md); return NULL; } -# endif -# ifndef NO_SHACRYPT /* * SHA based password algorithm, describe by Ulrich Drepper here: * https://www.akkadia.org/drepper/SHA-crypt.txt @@ -486,20 +511,22 @@ static char *shacrypt(const char *passwd, const char *magic, const char *salt) /* Prefix for optional rounds specification. */ static const char rounds_prefix[] = "rounds="; /* Maximum salt string length. */ -# define SALT_LEN_MAX 16 +# define SALT_LEN_MAX 16 /* Default number of rounds if not explicitly specified. */ -# define ROUNDS_DEFAULT 5000 +# define ROUNDS_DEFAULT 5000 /* Minimum number of rounds. */ -# define ROUNDS_MIN 1000 +# define ROUNDS_MIN 1000 /* Maximum number of rounds. */ -# define ROUNDS_MAX 999999999 +# define ROUNDS_MAX 999999999 /* "$6$rounds=$......salt......$...shahash(up to 86 chars)...\0" */ static char out_buf[3 + 17 + 17 + 86 + 1]; unsigned char buf[SHA512_DIGEST_LENGTH]; unsigned char temp_buf[SHA512_DIGEST_LENGTH]; size_t buf_size = 0; - char salt_copy[17]; /* Max 16 chars plus '\0' */ + char ascii_magic[2]; + char ascii_salt[17]; /* Max 16 chars plus '\0' */ + char *ascii_passwd = NULL; size_t n; EVP_MD_CTX *md = NULL, *md2 = NULL; const EVP_MD *sha = NULL; @@ -548,38 +575,60 @@ static char *shacrypt(const char *passwd, const char *magic, const char *salt) } } + OPENSSL_strlcpy(ascii_magic, magic, sizeof(ascii_magic)); +#ifdef CHARSET_EBCDIC + if ((magic[0] & 0x80) != 0) /* High bit is 1 in EBCDIC alnums */ + ebcdic2ascii(ascii_magic, ascii_magic, magic_len); +#endif + /* The salt gets truncated to 16 chars */ - OPENSSL_strlcpy(salt_copy, salt, sizeof salt_copy); - salt_len = strlen(salt_copy); + OPENSSL_strlcpy(ascii_salt, salt, sizeof(ascii_salt)); + salt_len = strlen(ascii_salt); +#ifdef CHARSET_EBCDIC + ebcdic2ascii(ascii_salt, ascii_salt, salt_len); +#endif + +#ifdef CHARSET_EBCDIC + ascii_passwd = OPENSSL_strdup(passwd); + if (ascii_passwd == NULL) + return NULL; + ebcdic2ascii(ascii_passwd, ascii_passwd, passwd_len); + passwd = ascii_passwd; +#endif out_buf[0] = 0; - OPENSSL_strlcat(out_buf, "$", sizeof out_buf); - OPENSSL_strlcat(out_buf, magic, sizeof out_buf); - OPENSSL_strlcat(out_buf, "$", sizeof out_buf); + OPENSSL_strlcat(out_buf, ascii_dollar, sizeof(out_buf)); + OPENSSL_strlcat(out_buf, ascii_magic, sizeof(out_buf)); + OPENSSL_strlcat(out_buf, ascii_dollar, sizeof(out_buf)); if (rounds_custom) { char tmp_buf[80]; /* "rounds=999999999" */ sprintf(tmp_buf, "rounds=%u", rounds); - OPENSSL_strlcat(out_buf, tmp_buf, sizeof out_buf); - OPENSSL_strlcat(out_buf, "$", sizeof out_buf); +#ifdef CHARSET_EBCDIC + /* In case we're really on a ASCII based platform and just pretend */ + if (tmp_buf[0] != 0x72) /* ASCII 'r' */ + ebcdic2ascii(tmp_buf, tmp_buf, strlen(tmp_buf)); +#endif + OPENSSL_strlcat(out_buf, tmp_buf, sizeof(out_buf)); + OPENSSL_strlcat(out_buf, ascii_dollar, sizeof(out_buf)); } - OPENSSL_strlcat(out_buf, salt_copy, sizeof out_buf); + OPENSSL_strlcat(out_buf, ascii_salt, sizeof(out_buf)); /* assert "$5$rounds=999999999$......salt......" */ if (strlen(out_buf) > 3 + 17 * rounds_custom + salt_len ) - return NULL; + goto err; md = EVP_MD_CTX_new(); if (md == NULL || !EVP_DigestInit_ex(md, sha, NULL) || !EVP_DigestUpdate(md, passwd, passwd_len) - || !EVP_DigestUpdate(md, salt_copy, salt_len)) + || !EVP_DigestUpdate(md, ascii_salt, salt_len)) goto err; md2 = EVP_MD_CTX_new(); if (md2 == NULL || !EVP_DigestInit_ex(md2, sha, NULL) || !EVP_DigestUpdate(md2, passwd, passwd_len) - || !EVP_DigestUpdate(md2, salt_copy, salt_len) + || !EVP_DigestUpdate(md2, ascii_salt, salt_len) || !EVP_DigestUpdate(md2, passwd, passwd_len) || !EVP_DigestFinal_ex(md2, buf, NULL)) goto err; @@ -624,7 +673,7 @@ static char *shacrypt(const char *passwd, const char *magic, const char *salt) goto err; for (n = 16 + buf[0]; n > 0; n--) - if (!EVP_DigestUpdate(md2, salt, salt_len)) + if (!EVP_DigestUpdate(md2, ascii_salt, salt_len)) goto err; if (!EVP_DigestFinal_ex(md2, temp_buf, NULL)) @@ -668,9 +717,9 @@ static char *shacrypt(const char *passwd, const char *magic, const char *salt) s_bytes = NULL; cp = out_buf + strlen(out_buf); - *cp++ = '$'; + *cp++ = ascii_dollar[0]; -# define b64_from_24bit(B2, B1, B0, N) \ +# define b64_from_24bit(B2, B1, B0, N) \ do { \ unsigned int w = ((B2) << 16) | ((B1) << 8) | (B0); \ int i = (N); \ @@ -681,7 +730,7 @@ static char *shacrypt(const char *passwd, const char *magic, const char *salt) } \ } while (0) - switch (*magic) { + switch (magic[0]) { case '5': b64_from_24bit (buf[0], buf[10], buf[20], 4); b64_from_24bit (buf[21], buf[1], buf[11], 4); @@ -723,6 +772,9 @@ static char *shacrypt(const char *passwd, const char *magic, const char *salt) goto err; } *cp = '\0'; +#ifdef CHARSET_EBCDIC + ascii2ebcdic(out_buf, out_buf, strlen(out_buf)); +#endif return out_buf; @@ -731,9 +783,9 @@ static char *shacrypt(const char *passwd, const char *magic, const char *salt) EVP_MD_CTX_free(md); OPENSSL_free(p_bytes); OPENSSL_free(s_bytes); + OPENSSL_free(ascii_passwd); return NULL; } -# endif static int do_passwd(int passed_salt, char **salt_p, char **salt_malloc_p, char *passwd, BIO *out, int quiet, int table, @@ -746,51 +798,34 @@ static int do_passwd(int passed_salt, char **salt_p, char **salt_malloc_p, /* first make sure we have a salt */ if (!passed_salt) { -# ifndef OPENSSL_NO_DES - if (mode == passwd_crypt) { - if (*salt_malloc_p == NULL) - *salt_p = *salt_malloc_p = app_malloc(3, "salt buffer"); - if (RAND_bytes((unsigned char *)*salt_p, 2) <= 0) - goto end; - (*salt_p)[0] = cov_2char[(*salt_p)[0] & 0x3f]; /* 6 bits */ - (*salt_p)[1] = cov_2char[(*salt_p)[1] & 0x3f]; /* 6 bits */ - (*salt_p)[2] = 0; -# ifdef CHARSET_EBCDIC - ascii2ebcdic(*salt_p, *salt_p, 2); /* des_crypt will convert back - * to ASCII */ -# endif - } -# endif /* !OPENSSL_NO_DES */ + size_t saltlen = 0; + size_t i; -# ifndef NO_MD5CRYPT_1 - if (mode == passwd_md5 || mode == passwd_apr1 || mode == passwd_aixmd5) { - int i; +#if !defined(OPENSSL_NO_DES) && !defined(OPENSSL_NO_DEPRECATED_3_0) + if (mode == passwd_crypt) + saltlen = 2; +#endif /* !OPENSSL_NO_DES */ - if (*salt_malloc_p == NULL) - *salt_p = *salt_malloc_p = app_malloc(9, "salt buffer"); - if (RAND_bytes((unsigned char *)*salt_p, 8) <= 0) - goto end; + if (mode == passwd_md5 || mode == passwd_apr1 || mode == passwd_aixmd5) + saltlen = 8; - for (i = 0; i < 8; i++) - (*salt_p)[i] = cov_2char[(*salt_p)[i] & 0x3f]; /* 6 bits */ - (*salt_p)[8] = 0; - } -# endif /* !NO_MD5CRYPT_1 */ + if (mode == passwd_sha256 || mode == passwd_sha512) + saltlen = 16; -# ifndef NO_SHACRYPT - if (mode == passwd_sha256 || mode == passwd_sha512) { - int i; + assert(saltlen != 0); - if (*salt_malloc_p == NULL) - *salt_p = *salt_malloc_p = app_malloc(17, "salt buffer"); - if (RAND_bytes((unsigned char *)*salt_p, 16) <= 0) - goto end; + if (*salt_malloc_p == NULL) + *salt_p = *salt_malloc_p = app_malloc(saltlen + 1, "salt buffer"); + if (RAND_bytes((unsigned char *)*salt_p, saltlen) <= 0) + goto end; - for (i = 0; i < 16; i++) - (*salt_p)[i] = cov_2char[(*salt_p)[i] & 0x3f]; /* 6 bits */ - (*salt_p)[16] = 0; - } -# endif /* !NO_SHACRYPT */ + for (i = 0; i < saltlen; i++) + (*salt_p)[i] = cov_2char[(*salt_p)[i] & 0x3f]; /* 6 bits */ + (*salt_p)[i] = 0; +# ifdef CHARSET_EBCDIC + /* The password encryption function will convert back to ASCII */ + ascii2ebcdic(*salt_p, *salt_p, saltlen); +# endif } assert(*salt_p != NULL); @@ -809,20 +844,16 @@ static int do_passwd(int passed_salt, char **salt_p, char **salt_malloc_p, assert(strlen(passwd) <= pw_maxlen); /* now compute password hash */ -# ifndef OPENSSL_NO_DES +#if !defined(OPENSSL_NO_DES) && !defined(OPENSSL_NO_DEPRECATED_3_0) if (mode == passwd_crypt) hash = DES_crypt(passwd, *salt_p); -# endif -# ifndef NO_MD5CRYPT_1 +#endif if (mode == passwd_md5 || mode == passwd_apr1) hash = md5crypt(passwd, (mode == passwd_md5 ? "1" : "apr1"), *salt_p); if (mode == passwd_aixmd5) hash = md5crypt(passwd, "", *salt_p); -# endif -# ifndef NO_SHACRYPT if (mode == passwd_sha256 || mode == passwd_sha512) hash = shacrypt(passwd, (mode == passwd_sha256 ? "5" : "6"), *salt_p); -# endif assert(hash != NULL); if (table && !reverse) @@ -836,11 +867,3 @@ static int do_passwd(int passed_salt, char **salt_p, char **salt_malloc_p, end: return 0; } -#else - -int passwd_main(int argc, char **argv) -{ - BIO_printf(bio_err, "Program not available.\n"); - return (1); -} -#endif