1 |
|
|
/* $OpenBSD: passwd.c,v 1.8 2017/01/20 08:57:12 deraadt Exp $ */ |
2 |
|
|
|
3 |
|
|
#if defined OPENSSL_NO_MD5 |
4 |
|
|
#define NO_MD5CRYPT_1 |
5 |
|
|
#endif |
6 |
|
|
|
7 |
|
|
#if !defined(OPENSSL_NO_DES) || !defined(NO_MD5CRYPT_1) |
8 |
|
|
|
9 |
|
|
#include <assert.h> |
10 |
|
|
#include <string.h> |
11 |
|
|
|
12 |
|
|
#include "apps.h" |
13 |
|
|
|
14 |
|
|
#include <openssl/bio.h> |
15 |
|
|
#include <openssl/err.h> |
16 |
|
|
#include <openssl/evp.h> |
17 |
|
|
|
18 |
|
|
#ifndef OPENSSL_NO_DES |
19 |
|
|
#include <openssl/des.h> |
20 |
|
|
#endif |
21 |
|
|
|
22 |
|
|
#ifndef NO_MD5CRYPT_1 |
23 |
|
|
#include <openssl/md5.h> |
24 |
|
|
#endif |
25 |
|
|
|
26 |
|
|
static unsigned const char cov_2char[64] = { |
27 |
|
|
/* from crypto/des/fcrypt.c */ |
28 |
|
|
0x2E, 0x2F, 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, |
29 |
|
|
0x36, 0x37, 0x38, 0x39, 0x41, 0x42, 0x43, 0x44, |
30 |
|
|
0x45, 0x46, 0x47, 0x48, 0x49, 0x4A, 0x4B, 0x4C, |
31 |
|
|
0x4D, 0x4E, 0x4F, 0x50, 0x51, 0x52, 0x53, 0x54, |
32 |
|
|
0x55, 0x56, 0x57, 0x58, 0x59, 0x5A, 0x61, 0x62, |
33 |
|
|
0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6A, |
34 |
|
|
0x6B, 0x6C, 0x6D, 0x6E, 0x6F, 0x70, 0x71, 0x72, |
35 |
|
|
0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7A |
36 |
|
|
}; |
37 |
|
|
|
38 |
|
|
static int |
39 |
|
|
do_passwd(int passed_salt, char **salt_p, char **salt_malloc_p, |
40 |
|
|
char *passwd, BIO * out, int quiet, int table, int reverse, |
41 |
|
|
size_t pw_maxlen, int usecrypt, int use1, int useapr1); |
42 |
|
|
|
43 |
|
|
static struct { |
44 |
|
|
char *infile; |
45 |
|
|
int in_stdin; |
46 |
|
|
int noverify; |
47 |
|
|
int quiet; |
48 |
|
|
int reverse; |
49 |
|
|
char *salt; |
50 |
|
|
int table; |
51 |
|
|
int use1; |
52 |
|
|
int useapr1; |
53 |
|
|
int usecrypt; |
54 |
|
|
} passwd_config; |
55 |
|
|
|
56 |
|
|
static struct option passwd_options[] = { |
57 |
|
|
#ifndef NO_MD5CRYPT_1 |
58 |
|
|
{ |
59 |
|
|
.name = "1", |
60 |
|
|
.desc = "Use MD5 based BSD password algorithm 1", |
61 |
|
|
.type = OPTION_FLAG, |
62 |
|
|
.opt.flag = &passwd_config.use1, |
63 |
|
|
}, |
64 |
|
|
{ |
65 |
|
|
.name = "apr1", |
66 |
|
|
.desc = "Use apr1 algorithm (Apache variant of BSD algorithm)", |
67 |
|
|
.type = OPTION_FLAG, |
68 |
|
|
.opt.flag = &passwd_config.useapr1, |
69 |
|
|
}, |
70 |
|
|
#endif |
71 |
|
|
#ifndef OPENSSL_NO_DES |
72 |
|
|
{ |
73 |
|
|
.name = "crypt", |
74 |
|
|
.desc = "Use crypt algorithm (default)", |
75 |
|
|
.type = OPTION_FLAG, |
76 |
|
|
.opt.flag = &passwd_config.usecrypt, |
77 |
|
|
}, |
78 |
|
|
#endif |
79 |
|
|
{ |
80 |
|
|
.name = "in", |
81 |
|
|
.argname = "file", |
82 |
|
|
.desc = "Read passwords from specified file", |
83 |
|
|
.type = OPTION_ARG, |
84 |
|
|
.opt.arg = &passwd_config.infile, |
85 |
|
|
}, |
86 |
|
|
{ |
87 |
|
|
.name = "noverify", |
88 |
|
|
.desc = "Do not verify password", |
89 |
|
|
.type = OPTION_FLAG, |
90 |
|
|
.opt.flag = &passwd_config.noverify, |
91 |
|
|
}, |
92 |
|
|
{ |
93 |
|
|
.name = "quiet", |
94 |
|
|
.desc = "Do not output warnings", |
95 |
|
|
.type = OPTION_FLAG, |
96 |
|
|
.opt.flag = &passwd_config.quiet, |
97 |
|
|
}, |
98 |
|
|
{ |
99 |
|
|
.name = "reverse", |
100 |
|
|
.desc = "Reverse table columns (requires -table)", |
101 |
|
|
.type = OPTION_FLAG, |
102 |
|
|
.opt.flag = &passwd_config.reverse, |
103 |
|
|
}, |
104 |
|
|
{ |
105 |
|
|
.name = "salt", |
106 |
|
|
.argname = "string", |
107 |
|
|
.desc = "Use specified salt", |
108 |
|
|
.type = OPTION_ARG, |
109 |
|
|
.opt.arg = &passwd_config.salt, |
110 |
|
|
}, |
111 |
|
|
{ |
112 |
|
|
.name = "stdin", |
113 |
|
|
.desc = "Read passwords from stdin", |
114 |
|
|
.type = OPTION_FLAG, |
115 |
|
|
.opt.flag = &passwd_config.in_stdin, |
116 |
|
|
}, |
117 |
|
|
{ |
118 |
|
|
.name = "table", |
119 |
|
|
.desc = "Output cleartext and hashed passwords (tab separated)", |
120 |
|
|
.type = OPTION_FLAG, |
121 |
|
|
.opt.flag = &passwd_config.table, |
122 |
|
|
}, |
123 |
|
|
{ NULL }, |
124 |
|
|
}; |
125 |
|
|
|
126 |
|
|
static void |
127 |
|
|
passwd_usage(void) |
128 |
|
|
{ |
129 |
|
8 |
fprintf(stderr, "usage: passwd [-1 | -apr1 | -crypt] [-in file] " |
130 |
|
|
"[-noverify] [-quiet]\n" |
131 |
|
|
" [-reverse] [-salt string] [-stdin] [-table] [password]\n\n"); |
132 |
|
4 |
options_usage(passwd_options); |
133 |
|
4 |
} |
134 |
|
|
|
135 |
|
|
int |
136 |
|
|
passwd_main(int argc, char **argv) |
137 |
|
|
{ |
138 |
|
|
char *passwd = NULL, **passwds = NULL; |
139 |
|
32 |
char *salt_malloc = NULL, *passwd_malloc = NULL; |
140 |
|
|
size_t passwd_malloc_size = 0; |
141 |
|
|
BIO *in = NULL, *out = NULL; |
142 |
|
|
int badopt = 0; |
143 |
|
|
int passed_salt = 0; |
144 |
|
|
size_t pw_maxlen = 0; |
145 |
|
16 |
int argsused; |
146 |
|
|
int ret = 1; |
147 |
|
|
|
148 |
✓✗ |
16 |
if (single_execution) { |
149 |
✗✓ |
16 |
if (pledge("stdio cpath wpath rpath tty flock", NULL) == -1) { |
150 |
|
|
perror("pledge"); |
151 |
|
|
exit(1); |
152 |
|
|
} |
153 |
|
|
} |
154 |
|
|
|
155 |
|
16 |
memset(&passwd_config, 0, sizeof(passwd_config)); |
156 |
|
|
|
157 |
✓✓ |
16 |
if (options_parse(argc, argv, passwd_options, NULL, &argsused) != 0) { |
158 |
|
4 |
passwd_usage(); |
159 |
|
4 |
goto err; |
160 |
|
|
} |
161 |
|
|
|
162 |
✗✓ |
12 |
if (argsused < argc) |
163 |
|
|
passwds = &argv[argsused]; |
164 |
✗✓ |
12 |
if (passwd_config.salt != NULL) |
165 |
|
|
passed_salt = 1; |
166 |
|
|
|
167 |
✗✓ |
24 |
if (!passwd_config.usecrypt && !passwd_config.use1 && |
168 |
|
12 |
!passwd_config.useapr1) |
169 |
|
|
passwd_config.usecrypt = 1; /* use default */ |
170 |
✗✓ |
36 |
if (passwd_config.usecrypt + passwd_config.use1 + |
171 |
|
24 |
passwd_config.useapr1 > 1) |
172 |
|
|
badopt = 1; /* conflicting options */ |
173 |
|
|
|
174 |
|
|
/* Reject unsupported algorithms */ |
175 |
|
|
#ifdef OPENSSL_NO_DES |
176 |
|
|
if (passwd_config.usecrypt) |
177 |
|
|
badopt = 1; |
178 |
|
|
#endif |
179 |
|
|
#ifdef NO_MD5CRYPT_1 |
180 |
|
|
if (passwd_config.use1 || passwd_config.useapr1) |
181 |
|
|
badopt = 1; |
182 |
|
|
#endif |
183 |
|
|
|
184 |
✗✓ |
12 |
if (badopt) { |
185 |
|
|
passwd_usage(); |
186 |
|
|
goto err; |
187 |
|
|
} |
188 |
|
|
|
189 |
✓✗ |
12 |
if ((out = BIO_new(BIO_s_file())) == NULL) |
190 |
|
|
goto err; |
191 |
|
12 |
BIO_set_fp(out, stdout, BIO_NOCLOSE | BIO_FP_TEXT); |
192 |
|
|
|
193 |
✓✗ |
12 |
if (passwd_config.infile != NULL || passwd_config.in_stdin) { |
194 |
✓✗ |
12 |
if ((in = BIO_new(BIO_s_file())) == NULL) |
195 |
|
|
goto err; |
196 |
✗✓ |
12 |
if (passwd_config.infile != NULL) { |
197 |
|
|
assert(passwd_config.in_stdin == 0); |
198 |
|
|
if (BIO_read_filename(in, passwd_config.infile) <= 0) |
199 |
|
|
goto err; |
200 |
|
|
} else { |
201 |
✗✓ |
12 |
assert(passwd_config.in_stdin); |
202 |
|
12 |
BIO_set_fp(in, stdin, BIO_NOCLOSE); |
203 |
|
|
} |
204 |
|
|
} |
205 |
✓✓ |
12 |
if (passwd_config.usecrypt) |
206 |
|
4 |
pw_maxlen = 8; |
207 |
✓✗ |
8 |
else if (passwd_config.use1 || passwd_config.useapr1) |
208 |
|
8 |
pw_maxlen = 256;/* arbitrary limit, should be enough for most |
209 |
|
|
* passwords */ |
210 |
|
|
|
211 |
✓✗ |
12 |
if (passwds == NULL) { |
212 |
|
|
/* no passwords on the command line */ |
213 |
|
|
|
214 |
|
12 |
passwd_malloc_size = pw_maxlen + 2; |
215 |
|
|
/* longer than necessary so that we can warn about truncation */ |
216 |
|
12 |
passwd = passwd_malloc = malloc(passwd_malloc_size); |
217 |
✓✗ |
12 |
if (passwd_malloc == NULL) |
218 |
|
|
goto err; |
219 |
|
|
} |
220 |
✗✓ |
12 |
if (in == NULL && passwds == NULL) { |
221 |
|
|
/* build a null-terminated list */ |
222 |
|
|
static char *passwds_static[2] = {NULL, NULL}; |
223 |
|
|
|
224 |
|
|
passwds = passwds_static; |
225 |
|
|
if (in == NULL) |
226 |
|
|
if (EVP_read_pw_string(passwd_malloc, |
227 |
|
|
passwd_malloc_size, "Password: ", |
228 |
|
|
!(passed_salt || passwd_config.noverify)) != 0) |
229 |
|
|
goto err; |
230 |
|
|
passwds[0] = passwd_malloc; |
231 |
|
|
} |
232 |
✗✓ |
12 |
if (in == NULL) { |
233 |
|
|
assert(passwds != NULL); |
234 |
|
|
assert(*passwds != NULL); |
235 |
|
|
|
236 |
|
|
do { /* loop over list of passwords */ |
237 |
|
|
passwd = *passwds++; |
238 |
|
|
if (!do_passwd(passed_salt, &passwd_config.salt, |
239 |
|
|
&salt_malloc, passwd, out, passwd_config.quiet, |
240 |
|
|
passwd_config.table, passwd_config.reverse, |
241 |
|
|
pw_maxlen, passwd_config.usecrypt, |
242 |
|
|
passwd_config.use1, passwd_config.useapr1)) |
243 |
|
|
goto err; |
244 |
|
|
} while (*passwds != NULL); |
245 |
|
|
} else { |
246 |
|
|
int done; |
247 |
|
|
|
248 |
✗✓ |
12 |
assert(passwd != NULL); |
249 |
|
12 |
do { |
250 |
|
24 |
int r = BIO_gets(in, passwd, pw_maxlen + 1); |
251 |
✓✓ |
24 |
if (r > 0) { |
252 |
|
12 |
char *c = (strchr(passwd, '\n')); |
253 |
✓✓ |
12 |
if (c != NULL) |
254 |
|
8 |
*c = 0; /* truncate at newline */ |
255 |
|
|
else { |
256 |
|
|
/* ignore rest of line */ |
257 |
|
4 |
char trash[BUFSIZ]; |
258 |
|
4 |
do |
259 |
✗✓ |
8 |
r = BIO_gets(in, trash, sizeof trash); |
260 |
✓✗ |
8 |
while ((r > 0) && (!strchr(trash, '\n'))); |
261 |
|
4 |
} |
262 |
|
|
|
263 |
✗✓ |
12 |
if (!do_passwd(passed_salt, &passwd_config.salt, |
264 |
|
|
&salt_malloc, passwd, out, |
265 |
|
12 |
passwd_config.quiet, passwd_config.table, |
266 |
|
12 |
passwd_config.reverse, pw_maxlen, |
267 |
|
12 |
passwd_config.usecrypt, passwd_config.use1, |
268 |
|
12 |
passwd_config.useapr1)) |
269 |
|
|
goto err; |
270 |
✓✗ |
12 |
} |
271 |
|
24 |
done = (r <= 0); |
272 |
✓✗✓✓
|
48 |
} while (!done); |
273 |
✓✓✓ |
12 |
} |
274 |
|
12 |
ret = 0; |
275 |
|
|
|
276 |
|
|
err: |
277 |
|
16 |
ERR_print_errors(bio_err); |
278 |
|
|
|
279 |
|
16 |
free(salt_malloc); |
280 |
|
16 |
free(passwd_malloc); |
281 |
|
|
|
282 |
|
16 |
BIO_free(in); |
283 |
|
16 |
BIO_free_all(out); |
284 |
|
|
|
285 |
|
16 |
return (ret); |
286 |
|
16 |
} |
287 |
|
|
|
288 |
|
|
|
289 |
|
|
#ifndef NO_MD5CRYPT_1 |
290 |
|
|
/* MD5-based password algorithm (should probably be available as a library |
291 |
|
|
* function; then the static buffer would not be acceptable). |
292 |
|
|
* For magic string "1", this should be compatible to the MD5-based BSD |
293 |
|
|
* password algorithm. |
294 |
|
|
* For 'magic' string "apr1", this is compatible to the MD5-based Apache |
295 |
|
|
* password algorithm. |
296 |
|
|
* (Apparently, the Apache password algorithm is identical except that the |
297 |
|
|
* 'magic' string was changed -- the laziest application of the NIH principle |
298 |
|
|
* I've ever encountered.) |
299 |
|
|
*/ |
300 |
|
|
static char * |
301 |
|
|
md5crypt(const char *passwd, const char *magic, const char *salt) |
302 |
|
|
{ |
303 |
|
|
static char out_buf[6 + 9 + 24 + 2]; /* "$apr1$..salt..$.......md5h |
304 |
|
|
* ash..........\0" */ |
305 |
|
16 |
unsigned char buf[MD5_DIGEST_LENGTH]; |
306 |
|
|
char *salt_out; |
307 |
|
|
int n; |
308 |
|
|
unsigned int i; |
309 |
|
8 |
EVP_MD_CTX md, md2; |
310 |
|
|
size_t passwd_len, salt_len; |
311 |
|
|
|
312 |
|
8 |
passwd_len = strlen(passwd); |
313 |
|
8 |
out_buf[0] = '$'; |
314 |
|
8 |
out_buf[1] = 0; |
315 |
✗✓ |
8 |
assert(strlen(magic) <= 4); /* "1" or "apr1" */ |
316 |
|
8 |
strlcat(out_buf, magic, sizeof(out_buf)); |
317 |
|
8 |
strlcat(out_buf, "$", sizeof(out_buf)); |
318 |
|
8 |
strlcat(out_buf, salt, sizeof(out_buf)); |
319 |
✗✓ |
8 |
assert(strlen(out_buf) <= 6 + 8); /* "$apr1$..salt.." */ |
320 |
|
8 |
salt_out = out_buf + 2 + strlen(magic); |
321 |
|
8 |
salt_len = strlen(salt_out); |
322 |
✗✓ |
8 |
assert(salt_len <= 8); |
323 |
|
|
|
324 |
|
8 |
EVP_MD_CTX_init(&md); |
325 |
|
8 |
EVP_DigestInit_ex(&md, EVP_md5(), NULL); |
326 |
|
8 |
EVP_DigestUpdate(&md, passwd, passwd_len); |
327 |
|
8 |
EVP_DigestUpdate(&md, "$", 1); |
328 |
|
8 |
EVP_DigestUpdate(&md, magic, strlen(magic)); |
329 |
|
8 |
EVP_DigestUpdate(&md, "$", 1); |
330 |
|
8 |
EVP_DigestUpdate(&md, salt_out, salt_len); |
331 |
|
|
|
332 |
|
8 |
EVP_MD_CTX_init(&md2); |
333 |
|
8 |
EVP_DigestInit_ex(&md2, EVP_md5(), NULL); |
334 |
|
8 |
EVP_DigestUpdate(&md2, passwd, passwd_len); |
335 |
|
8 |
EVP_DigestUpdate(&md2, salt_out, salt_len); |
336 |
|
8 |
EVP_DigestUpdate(&md2, passwd, passwd_len); |
337 |
|
8 |
EVP_DigestFinal_ex(&md2, buf, NULL); |
338 |
|
|
|
339 |
✗✓ |
16 |
for (i = passwd_len; i > sizeof buf; i -= sizeof buf) |
340 |
|
|
EVP_DigestUpdate(&md, buf, sizeof buf); |
341 |
|
8 |
EVP_DigestUpdate(&md, buf, i); |
342 |
|
|
|
343 |
|
|
n = passwd_len; |
344 |
✓✓ |
80 |
while (n) { |
345 |
|
32 |
EVP_DigestUpdate(&md, (n & 1) ? "\0" : passwd, 1); |
346 |
|
32 |
n >>= 1; |
347 |
|
|
} |
348 |
|
8 |
EVP_DigestFinal_ex(&md, buf, NULL); |
349 |
|
|
|
350 |
✓✓ |
16016 |
for (i = 0; i < 1000; i++) { |
351 |
|
8000 |
EVP_DigestInit_ex(&md2, EVP_md5(), NULL); |
352 |
|
16000 |
EVP_DigestUpdate(&md2, (i & 1) ? (unsigned const char *) passwd : buf, |
353 |
|
8000 |
(i & 1) ? passwd_len : sizeof buf); |
354 |
✓✓ |
8000 |
if (i % 3) |
355 |
|
5328 |
EVP_DigestUpdate(&md2, salt_out, salt_len); |
356 |
✓✓ |
8000 |
if (i % 7) |
357 |
|
6856 |
EVP_DigestUpdate(&md2, passwd, passwd_len); |
358 |
|
16000 |
EVP_DigestUpdate(&md2, (i & 1) ? buf : (unsigned const char *) passwd, |
359 |
|
8000 |
(i & 1) ? sizeof buf : passwd_len); |
360 |
|
8000 |
EVP_DigestFinal_ex(&md2, buf, NULL); |
361 |
|
|
} |
362 |
|
8 |
EVP_MD_CTX_cleanup(&md2); |
363 |
|
|
|
364 |
|
|
{ |
365 |
|
|
/* transform buf into output string */ |
366 |
|
|
|
367 |
|
8 |
unsigned char buf_perm[sizeof buf]; |
368 |
|
|
int dest, source; |
369 |
|
|
char *output; |
370 |
|
|
|
371 |
|
|
/* silly output permutation */ |
372 |
✓✓ |
240 |
for (dest = 0, source = 0; dest < 14; dest++, source = (source + 6) % 17) |
373 |
|
112 |
buf_perm[dest] = buf[source]; |
374 |
|
8 |
buf_perm[14] = buf[5]; |
375 |
|
8 |
buf_perm[15] = buf[11]; |
376 |
|
|
assert(16 == sizeof buf_perm); |
377 |
|
|
|
378 |
|
8 |
output = salt_out + salt_len; |
379 |
✗✓ |
8 |
assert(output == out_buf + strlen(out_buf)); |
380 |
|
|
|
381 |
|
8 |
*output++ = '$'; |
382 |
|
|
|
383 |
✓✓ |
96 |
for (i = 0; i < 15; i += 3) { |
384 |
|
40 |
*output++ = cov_2char[buf_perm[i + 2] & 0x3f]; |
385 |
|
80 |
*output++ = cov_2char[((buf_perm[i + 1] & 0xf) << 2) | |
386 |
|
40 |
(buf_perm[i + 2] >> 6)]; |
387 |
|
80 |
*output++ = cov_2char[((buf_perm[i] & 3) << 4) | |
388 |
|
40 |
(buf_perm[i + 1] >> 4)]; |
389 |
|
40 |
*output++ = cov_2char[buf_perm[i] >> 2]; |
390 |
|
|
} |
391 |
✗✓ |
8 |
assert(i == 15); |
392 |
|
8 |
*output++ = cov_2char[buf_perm[i] & 0x3f]; |
393 |
|
8 |
*output++ = cov_2char[buf_perm[i] >> 6]; |
394 |
|
8 |
*output = 0; |
395 |
✗✓ |
8 |
assert(strlen(out_buf) < sizeof(out_buf)); |
396 |
|
8 |
} |
397 |
|
8 |
EVP_MD_CTX_cleanup(&md); |
398 |
|
|
|
399 |
|
8 |
return out_buf; |
400 |
|
8 |
} |
401 |
|
|
#endif |
402 |
|
|
|
403 |
|
|
|
404 |
|
|
static int |
405 |
|
|
do_passwd(int passed_salt, char **salt_p, char **salt_malloc_p, |
406 |
|
|
char *passwd, BIO * out, int quiet, int table, int reverse, |
407 |
|
|
size_t pw_maxlen, int usecrypt, int use1, int useapr1) |
408 |
|
|
{ |
409 |
|
|
char *hash = NULL; |
410 |
|
|
|
411 |
✗✓ |
24 |
assert(salt_p != NULL); |
412 |
✗✓ |
12 |
assert(salt_malloc_p != NULL); |
413 |
|
|
|
414 |
|
|
/* first make sure we have a salt */ |
415 |
✓✗ |
12 |
if (!passed_salt) { |
416 |
|
|
#ifndef OPENSSL_NO_DES |
417 |
✓✓ |
12 |
if (usecrypt) { |
418 |
✓✗ |
4 |
if (*salt_malloc_p == NULL) { |
419 |
|
4 |
*salt_p = *salt_malloc_p = malloc(3); |
420 |
✓✗ |
4 |
if (*salt_malloc_p == NULL) |
421 |
|
|
goto err; |
422 |
|
|
} |
423 |
|
4 |
arc4random_buf(*salt_p, 2); |
424 |
|
4 |
(*salt_p)[0] = cov_2char[(*salt_p)[0] & 0x3f]; /* 6 bits */ |
425 |
|
4 |
(*salt_p)[1] = cov_2char[(*salt_p)[1] & 0x3f]; /* 6 bits */ |
426 |
|
4 |
(*salt_p)[2] = 0; |
427 |
|
4 |
} |
428 |
|
|
#endif /* !OPENSSL_NO_DES */ |
429 |
|
|
|
430 |
|
|
#ifndef NO_MD5CRYPT_1 |
431 |
✓✓ |
12 |
if (use1 || useapr1) { |
432 |
|
|
int i; |
433 |
|
|
|
434 |
✓✗ |
8 |
if (*salt_malloc_p == NULL) { |
435 |
|
8 |
*salt_p = *salt_malloc_p = malloc(9); |
436 |
✗✓ |
8 |
if (*salt_malloc_p == NULL) |
437 |
|
|
goto err; |
438 |
|
|
} |
439 |
|
8 |
arc4random_buf(*salt_p, 8); |
440 |
|
|
|
441 |
✓✓ |
144 |
for (i = 0; i < 8; i++) |
442 |
|
64 |
(*salt_p)[i] = cov_2char[(*salt_p)[i] & 0x3f]; /* 6 bits */ |
443 |
|
8 |
(*salt_p)[8] = 0; |
444 |
✓✗✓ |
8 |
} |
445 |
|
|
#endif /* !NO_MD5CRYPT_1 */ |
446 |
|
|
} |
447 |
✗✓ |
12 |
assert(*salt_p != NULL); |
448 |
|
|
|
449 |
|
|
/* truncate password if necessary */ |
450 |
✗✓ |
12 |
if ((strlen(passwd) > pw_maxlen)) { |
451 |
|
|
if (!quiet) |
452 |
|
|
/* |
453 |
|
|
* XXX: really we should know how to print a size_t, |
454 |
|
|
* not cast it |
455 |
|
|
*/ |
456 |
|
|
BIO_printf(bio_err, "Warning: truncating password to %u characters\n", (unsigned) pw_maxlen); |
457 |
|
|
passwd[pw_maxlen] = 0; |
458 |
|
|
} |
459 |
✗✓ |
12 |
assert(strlen(passwd) <= pw_maxlen); |
460 |
|
|
|
461 |
|
|
/* now compute password hash */ |
462 |
|
|
#ifndef OPENSSL_NO_DES |
463 |
✓✓ |
12 |
if (usecrypt) |
464 |
|
4 |
hash = DES_crypt(passwd, *salt_p); |
465 |
|
|
#endif |
466 |
|
|
#ifndef NO_MD5CRYPT_1 |
467 |
✓✓ |
12 |
if (use1 || useapr1) |
468 |
|
8 |
hash = md5crypt(passwd, (use1 ? "1" : "apr1"), *salt_p); |
469 |
|
|
#endif |
470 |
✗✓ |
12 |
assert(hash != NULL); |
471 |
|
|
|
472 |
✗✓ |
12 |
if (table && !reverse) |
473 |
|
|
BIO_printf(out, "%s\t%s\n", passwd, hash); |
474 |
✗✓ |
12 |
else if (table && reverse) |
475 |
|
|
BIO_printf(out, "%s\t%s\n", hash, passwd); |
476 |
|
|
else |
477 |
|
12 |
BIO_printf(out, "%s\n", hash); |
478 |
|
12 |
return 1; |
479 |
|
|
|
480 |
|
|
err: |
481 |
|
|
return 0; |
482 |
|
12 |
} |
483 |
|
|
#else |
484 |
|
|
|
485 |
|
|
int |
486 |
|
|
passwd_main(int argc, char **argv) |
487 |
|
|
{ |
488 |
|
|
fputs("Program not available.\n", stderr) |
489 |
|
|
return (1); |
490 |
|
|
} |
491 |
|
|
#endif |