X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=blobdiff_plain;f=apps%2Fpasswd.c;h=9ca25dd1da811fe44934e5e7cce3d4208973cadf;hp=6c1aed0f0b4910b4163dbce704fe3368bb3c5bc2;hb=9f9ab1dc667186c533454c87f70295fcb67b4e8a;hpb=cc244b371deb21351ec60426c4fa41386bb43316 diff --git a/apps/passwd.c b/apps/passwd.c index 6c1aed0f0b..9ca25dd1da 100644 --- a/apps/passwd.c +++ b/apps/passwd.c @@ -1,10 +1,10 @@ /* apps/passwd.c */ -#if defined NO_MD5 || defined CHARSET_EBCDIC +#if defined OPENSSL_NO_MD5 || defined CHARSET_EBCDIC # define NO_MD5CRYPT_1 #endif -#if !defined(NO_DES) || !defined(NO_MD5CRYPT_1) +#if !defined(OPENSSL_NO_DES) || !defined(NO_MD5CRYPT_1) #include #include @@ -15,8 +15,7 @@ #include #include #include - -#ifndef NO_DES +#ifndef OPENSSL_NO_DES # include #endif #ifndef NO_MD5CRYPT_1 @@ -50,6 +49,7 @@ static int do_passwd(int passed_salt, char **salt_p, char **salt_malloc_p, * -salt string - salt * -in file - read passwords from file * -stdin - read passwords from stdin + * -noverify - never verify when reading password from terminal * -quiet - no warnings * -table - format output as table * -reverse - switch table columns @@ -62,6 +62,7 @@ int MAIN(int argc, char **argv) int ret = 1; char *infile = NULL; int in_stdin = 0; + int in_noverify = 0; char *salt = NULL, *passwd = NULL, **passwds = NULL; char *salt_malloc = NULL, *passwd_malloc = NULL; size_t passwd_malloc_size = 0; @@ -77,10 +78,19 @@ int MAIN(int argc, char **argv) if (bio_err == NULL) if ((bio_err=BIO_new(BIO_s_file())) != NULL) BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT); + + if (!load_config(bio_err, NULL)) + goto err; out = BIO_new(BIO_s_file()); if (out == NULL) goto err; BIO_set_fp(out, stdout, BIO_NOCLOSE | BIO_FP_TEXT); +#ifdef OPENSSL_SYS_VMS + { + BIO *tmpbio = BIO_new(BIO_f_linebuffer()); + out = BIO_push(tmpbio, out); + } +#endif badopt = 0, opt_done = 0; i = 0; @@ -122,6 +132,8 @@ int MAIN(int argc, char **argv) else badopt = 1; } + else if (strcmp(argv[i], "-noverify") == 0) + in_noverify = 1; else if (strcmp(argv[i], "-quiet") == 0) quiet = 1; else if (strcmp(argv[i], "-table") == 0) @@ -147,7 +159,7 @@ int MAIN(int argc, char **argv) badopt = 1; /* reject unsupported algorithms */ -#ifdef NO_DES +#ifdef OPENSSL_NO_DES if (usecrypt) badopt = 1; #endif #ifdef NO_MD5CRYPT_1 @@ -158,7 +170,7 @@ int MAIN(int argc, char **argv) { BIO_printf(bio_err, "Usage: passwd [options] [passwords]\n"); BIO_printf(bio_err, "where options are\n"); -#ifndef NO_DES +#ifndef OPENSSL_NO_DES BIO_printf(bio_err, "-crypt standard Unix password algorithm (default)\n"); #endif #ifndef NO_MD5CRYPT_1 @@ -168,6 +180,7 @@ int MAIN(int argc, char **argv) BIO_printf(bio_err, "-salt string use provided salt\n"); BIO_printf(bio_err, "-in file read passwords from file\n"); BIO_printf(bio_err, "-stdin read passwords from stdin\n"); + BIO_printf(bio_err, "-noverify never verify when reading password from terminal\n"); BIO_printf(bio_err, "-quiet no warnings\n"); BIO_printf(bio_err, "-table format output as table\n"); BIO_printf(bio_err, "-reverse switch table columns\n"); @@ -216,7 +229,7 @@ int MAIN(int argc, char **argv) passwds = passwds_static; if (in == NULL) - if (EVP_read_pw_string(passwd_malloc, passwd_malloc_size, "Password: ", 0) != 0) + if (EVP_read_pw_string(passwd_malloc, passwd_malloc_size, "Password: ", !(passed_salt || in_noverify)) != 0) goto err; passwds[0] = passwd_malloc; } @@ -266,6 +279,7 @@ int MAIN(int argc, char **argv) } while (!done); } + ret = 0; err: ERR_print_errors(bio_err); @@ -276,8 +290,9 @@ err: if (in) BIO_free(in); if (out) - BIO_free(out); - EXIT(ret); + BIO_free_all(out); + apps_shutdown(); + OPENSSL_EXIT(ret); } @@ -297,8 +312,9 @@ static char *md5crypt(const char *passwd, const char *magic, const char *salt) static char out_buf[6 + 9 + 24 + 2]; /* "$apr1$..salt..$.......md5hash..........\0" */ unsigned char buf[MD5_DIGEST_LENGTH]; char *salt_out; - int n, i; - MD5_CTX md; + int n; + unsigned int i; + EVP_MD_CTX md,md2; size_t passwd_len, salt_len; passwd_len = strlen(passwd); @@ -309,53 +325,51 @@ static char *md5crypt(const char *passwd, const char *magic, const char *salt) strncat(out_buf, "$", 1); strncat(out_buf, salt, 8); assert(strlen(out_buf) <= 6 + 8); /* "$apr1$..salt.." */ - salt_out = out_buf + 6; + salt_out = out_buf + 2 + strlen(magic); salt_len = strlen(salt_out); assert(salt_len <= 8); - MD5_Init(&md); - MD5_Update(&md, passwd, passwd_len); - MD5_Update(&md, "$", 1); - MD5_Update(&md, magic, strlen(magic)); - MD5_Update(&md, "$", 1); - MD5_Update(&md, salt_out, salt_len); + EVP_MD_CTX_init(&md); + EVP_DigestInit_ex(&md,EVP_md5(), NULL); + EVP_DigestUpdate(&md, passwd, passwd_len); + EVP_DigestUpdate(&md, "$", 1); + EVP_DigestUpdate(&md, magic, strlen(magic)); + EVP_DigestUpdate(&md, "$", 1); + EVP_DigestUpdate(&md, salt_out, salt_len); - { - MD5_CTX md2; + EVP_MD_CTX_init(&md2); + EVP_DigestInit_ex(&md2,EVP_md5(), NULL); + EVP_DigestUpdate(&md2, passwd, passwd_len); + EVP_DigestUpdate(&md2, salt_out, salt_len); + EVP_DigestUpdate(&md2, passwd, passwd_len); + EVP_DigestFinal_ex(&md2, buf, NULL); - MD5_Init(&md2); - MD5_Update(&md2, passwd, passwd_len); - MD5_Update(&md2, salt_out, salt_len); - MD5_Update(&md2, passwd, passwd_len); - MD5_Final(buf, &md2); - } for (i = passwd_len; i > sizeof buf; i -= sizeof buf) - MD5_Update(&md, buf, sizeof buf); - MD5_Update(&md, buf, i); + EVP_DigestUpdate(&md, buf, sizeof buf); + EVP_DigestUpdate(&md, buf, i); n = passwd_len; while (n) { - MD5_Update(&md, (n & 1) ? "\0" : passwd, 1); + EVP_DigestUpdate(&md, (n & 1) ? "\0" : passwd, 1); n >>= 1; } - MD5_Final(buf, &md); + EVP_DigestFinal_ex(&md, buf, NULL); for (i = 0; i < 1000; i++) { - MD5_CTX md2; - - MD5_Init(&md2); - MD5_Update(&md2, (i & 1) ? (unsigned char *) passwd : buf, - (i & 1) ? passwd_len : sizeof buf); + EVP_DigestInit_ex(&md2,EVP_md5(), NULL); + EVP_DigestUpdate(&md2, (i & 1) ? (unsigned const char *) passwd : buf, + (i & 1) ? passwd_len : sizeof buf); if (i % 3) - MD5_Update(&md2, salt_out, salt_len); + EVP_DigestUpdate(&md2, salt_out, salt_len); if (i % 7) - MD5_Update(&md2, passwd, passwd_len); - MD5_Update(&md2, (i & 1) ? buf : (unsigned char *) passwd, - (i & 1) ? sizeof buf : passwd_len); - MD5_Final(buf, &md2); + EVP_DigestUpdate(&md2, passwd, passwd_len); + EVP_DigestUpdate(&md2, (i & 1) ? buf : (unsigned const char *) passwd, + (i & 1) ? sizeof buf : passwd_len); + EVP_DigestFinal_ex(&md2, buf, NULL); } + EVP_MD_CTX_cleanup(&md2); { /* transform buf into output string */ @@ -393,6 +407,7 @@ static char *md5crypt(const char *passwd, const char *magic, const char *salt) *output = 0; assert(strlen(out_buf) < sizeof(out_buf)); } + EVP_MD_CTX_cleanup(&md); return out_buf; } @@ -411,7 +426,7 @@ static int do_passwd(int passed_salt, char **salt_p, char **salt_malloc_p, /* first make sure we have a salt */ if (!passed_salt) { -#ifndef NO_DES +#ifndef OPENSSL_NO_DES if (usecrypt) { if (*salt_malloc_p == NULL) @@ -430,7 +445,7 @@ static int do_passwd(int passed_salt, char **salt_p, char **salt_malloc_p, * back to ASCII */ #endif } -#endif /* !NO_DES */ +#endif /* !OPENSSL_NO_DES */ #ifndef NO_MD5CRYPT_1 if (use1 || useapr1) @@ -459,15 +474,16 @@ static int do_passwd(int passed_salt, char **salt_p, char **salt_malloc_p, if ((strlen(passwd) > pw_maxlen)) { if (!quiet) - BIO_printf(bio_err, "Warning: truncating password to %u characters\n", pw_maxlen); + /* XXX: really we should know how to print a size_t, not cast it */ + BIO_printf(bio_err, "Warning: truncating password to %u characters\n", (unsigned)pw_maxlen); passwd[pw_maxlen] = 0; } assert(strlen(passwd) <= pw_maxlen); /* now compute password hash */ -#ifndef NO_DES +#ifndef OPENSSL_NO_DES if (usecrypt) - hash = des_crypt(passwd, *salt_p); + hash = DES_crypt(passwd, *salt_p); #endif #ifndef NO_MD5CRYPT_1 if (use1 || useapr1) @@ -491,6 +507,6 @@ err: int MAIN(int argc, char **argv) { fputs("Program not available.\n", stderr) - EXIT(1); + OPENSSL_EXIT(1); } #endif