passwd.c@ 95000

Last change on this file since 95000 was 91772, checked in by vboxsync, 3 years ago
openssl-1.1.1l: Applied and adjusted our OpenSSL changes to 1.1.1l. bugref:10126
File size: 26.4 KB

Line
1	/*
2	* Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.
3	*
4	* Licensed under the OpenSSL license (the "License"). You may not use
5	* this file except in compliance with the License. You can obtain a copy
6	* in the file LICENSE in the source distribution or at
7	* https://www.openssl.org/source/license.html
8	*/
9
10	#include <string.h>
11
12	#include "apps.h"
13	#include "progs.h"
14
15	#include <openssl/bio.h>
16	#include <openssl/err.h>
17	#include <openssl/evp.h>
18	#include <openssl/rand.h>
19	#ifndef OPENSSL_NO_DES
20	# include <openssl/des.h>
21	#endif
22	#include <openssl/md5.h>
23	#include <openssl/sha.h>
24
25	static unsigned const char cov_2char[64] = {
26	/* from crypto/des/fcrypt.c */
27	0x2E, 0x2F, 0x30, 0x31, 0x32, 0x33, 0x34, 0x35,
28	0x36, 0x37, 0x38, 0x39, 0x41, 0x42, 0x43, 0x44,
29	0x45, 0x46, 0x47, 0x48, 0x49, 0x4A, 0x4B, 0x4C,
30	0x4D, 0x4E, 0x4F, 0x50, 0x51, 0x52, 0x53, 0x54,
31	0x55, 0x56, 0x57, 0x58, 0x59, 0x5A, 0x61, 0x62,
32	0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6A,
33	0x6B, 0x6C, 0x6D, 0x6E, 0x6F, 0x70, 0x71, 0x72,
34	0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7A
35	};
36
37	static const char ascii_dollar[] = { 0x24, 0x00 };
38
39	typedef enum {
40	passwd_unset = 0,
41	passwd_crypt,
42	passwd_md5,
43	passwd_apr1,
44	passwd_sha256,
45	passwd_sha512,
46	passwd_aixmd5
47	} passwd_modes;
48
49	static int do_passwd(int passed_salt, char salt_p, char salt_malloc_p,
50	char passwd, BIO out, int quiet, int table,
51	int reverse, size_t pw_maxlen, passwd_modes mode);
52
53	typedef enum OPTION_choice {
54	OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
55	OPT_IN,
56	OPT_NOVERIFY, OPT_QUIET, OPT_TABLE, OPT_REVERSE, OPT_APR1,
57	OPT_1, OPT_5, OPT_6, OPT_CRYPT, OPT_AIXMD5, OPT_SALT, OPT_STDIN,
58	OPT_R_ENUM
59	} OPTION_CHOICE;
60
61	const OPTIONS passwd_options[] = {
62	{"help", OPT_HELP, '-', "Display this summary"},
63	{"in", OPT_IN, '<', "Read passwords from file"},
64	{"noverify", OPT_NOVERIFY, '-',
65	"Never verify when reading password from terminal"},
66	{"quiet", OPT_QUIET, '-', "No warnings"},
67	{"table", OPT_TABLE, '-', "Format output as table"},
68	{"reverse", OPT_REVERSE, '-', "Switch table columns"},
69	{"salt", OPT_SALT, 's', "Use provided salt"},
70	{"stdin", OPT_STDIN, '-', "Read passwords from stdin"},
71	{"6", OPT_6, '-', "SHA512-based password algorithm"},
72	{"5", OPT_5, '-', "SHA256-based password algorithm"},
73	{"apr1", OPT_APR1, '-', "MD5-based password algorithm, Apache variant"},
74	{"1", OPT_1, '-', "MD5-based password algorithm"},
75	{"aixmd5", OPT_AIXMD5, '-', "AIX MD5-based password algorithm"},
76	#ifndef OPENSSL_NO_DES
77	{"crypt", OPT_CRYPT, '-', "Standard Unix password algorithm (default)"},
78	#endif
79	OPT_R_OPTIONS,
80	{NULL}
81	};
82
83	int passwd_main(int argc, char **argv)
84	{
85	BIO *in = NULL;
86	char infile = NULL, salt = NULL, passwd = NULL, *passwds = NULL;
87	char salt_malloc = NULL, passwd_malloc = NULL, *prog;
88	OPTION_CHOICE o;
89	int in_stdin = 0, pw_source_defined = 0;
90	#ifndef OPENSSL_NO_UI_CONSOLE
91	int in_noverify = 0;
92	#endif
93	int passed_salt = 0, quiet = 0, table = 0, reverse = 0;
94	int ret = 1;
95	passwd_modes mode = passwd_unset;
96	size_t passwd_malloc_size = 0;
97	size_t pw_maxlen = 256; /* arbitrary limit, should be enough for most
98	* passwords */
99
100	prog = opt_init(argc, argv, passwd_options);
101	while ((o = opt_next()) != OPT_EOF) {
102	switch (o) {
103	case OPT_EOF:
104	case OPT_ERR:
105	opthelp:
106	BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
107	goto end;
108	case OPT_HELP:
109	opt_help(passwd_options);
110	ret = 0;
111	goto end;
112	case OPT_IN:
113	if (pw_source_defined)
114	goto opthelp;
115	infile = opt_arg();
116	pw_source_defined = 1;
117	break;
118	case OPT_NOVERIFY:
119	#ifndef OPENSSL_NO_UI_CONSOLE
120	in_noverify = 1;
121	#endif
122	break;
123	case OPT_QUIET:
124	quiet = 1;
125	break;
126	case OPT_TABLE:
127	table = 1;
128	break;
129	case OPT_REVERSE:
130	reverse = 1;
131	break;
132	case OPT_1:
133	if (mode != passwd_unset)
134	goto opthelp;
135	mode = passwd_md5;
136	break;
137	case OPT_5:
138	if (mode != passwd_unset)
139	goto opthelp;
140	mode = passwd_sha256;
141	break;
142	case OPT_6:
143	if (mode != passwd_unset)
144	goto opthelp;
145	mode = passwd_sha512;
146	break;
147	case OPT_APR1:
148	if (mode != passwd_unset)
149	goto opthelp;
150	mode = passwd_apr1;
151	break;
152	case OPT_AIXMD5:
153	if (mode != passwd_unset)
154	goto opthelp;
155	mode = passwd_aixmd5;
156	break;
157	case OPT_CRYPT:
158	#ifndef OPENSSL_NO_DES
159	if (mode != passwd_unset)
160	goto opthelp;
161	mode = passwd_crypt;
162	#endif
163	break;
164	case OPT_SALT:
165	passed_salt = 1;
166	salt = opt_arg();
167	break;
168	case OPT_STDIN:
169	if (pw_source_defined)
170	goto opthelp;
171	in_stdin = 1;
172	pw_source_defined = 1;
173	break;
174	case OPT_R_CASES:
175	if (!opt_rand(o))
176	goto end;
177	break;
178	}
179	}
180	argc = opt_num_rest();
181	argv = opt_rest();
182
183	if (*argv != NULL) {
184	if (pw_source_defined)
185	goto opthelp;
186	pw_source_defined = 1;
187	passwds = argv;
188	}
189
190	if (mode == passwd_unset) {
191	/* use default */
192	mode = passwd_crypt;
193	}
194
195	#ifdef OPENSSL_NO_DES
196	if (mode == passwd_crypt)
197	goto opthelp;
198	#endif
199
200	if (infile != NULL && in_stdin) {
201	BIO_printf(bio_err, "%s: Can't combine -in and -stdin\n", prog);
202	goto end;
203	}
204
205	if (infile != NULL \|\| in_stdin) {
206	/*
207	* If in_stdin is true, we know that infile is NULL, and that
208	* bio_open_default() will give us back an alias for stdin.
209	*/
210	in = bio_open_default(infile, 'r', FORMAT_TEXT);
211	if (in == NULL)
212	goto end;
213	}
214
215	if (mode == passwd_crypt)
216	pw_maxlen = 8;
217
218	if (passwds == NULL) {
219	/* no passwords on the command line */
220
221	passwd_malloc_size = pw_maxlen + 2;
222	/* longer than necessary so that we can warn about truncation */
223	passwd = passwd_malloc =
224	app_malloc(passwd_malloc_size, "password buffer");
225	}
226
227	if ((in == NULL) && (passwds == NULL)) {
228	/*
229	* we use the following method to make sure what
230	* in the 'else' section is always compiled, to
231	* avoid rot of not-frequently-used code.
232	*/
233	if (1) {
234	#ifndef OPENSSL_NO_UI_CONSOLE
235	/* build a null-terminated list */
236	static char *passwds_static[2] = { NULL, NULL };
237
238	passwds = passwds_static;
239	if (in == NULL) {
240	if (EVP_read_pw_string
241	(passwd_malloc, passwd_malloc_size, "Password: ",
242	!(passed_salt \|\| in_noverify)) != 0)
243	goto end;
244	}
245	passwds[0] = passwd_malloc;
246	} else {
247	#endif
248	BIO_printf(bio_err, "password required\n");
249	goto end;
250	}
251	}
252
253	if (in == NULL) {
254	assert(passwds != NULL);
255	assert(*passwds != NULL);
256
257	do { /* loop over list of passwords */
258	passwd = *passwds++;
259	if (!do_passwd(passed_salt, &salt, &salt_malloc, passwd, bio_out,
260	quiet, table, reverse, pw_maxlen, mode))
261	goto end;
262	} while (*passwds != NULL);
263	} else {
264	/* in != NULL */
265	int done;
266
267	assert(passwd != NULL);
268	do {
269	int r = BIO_gets(in, passwd, pw_maxlen + 1);
270	if (r > 0) {
271	char *c = (strchr(passwd, '\n'));
272	if (c != NULL) {
273	c = 0; / truncate at newline */
274	} else {
275	/* ignore rest of line */
276	char trash[BUFSIZ];
277	do
278	r = BIO_gets(in, trash, sizeof(trash));
279	while ((r > 0) && (!strchr(trash, '\n')));
280	}
281
282	if (!do_passwd
283	(passed_salt, &salt, &salt_malloc, passwd, bio_out, quiet,
284	table, reverse, pw_maxlen, mode))
285	goto end;
286	}
287	done = (r <= 0);
288	} while (!done);
289	}
290	ret = 0;
291
292	end:
293	#if 0
294	ERR_print_errors(bio_err);
295	#endif
296	OPENSSL_free(salt_malloc);
297	OPENSSL_free(passwd_malloc);
298	BIO_free(in);
299	return ret;
300	}
301
302	/*
303	* MD5-based password algorithm (should probably be available as a library
304	* function; then the static buffer would not be acceptable). For magic
305	* string "1", this should be compatible to the MD5-based BSD password
306	* algorithm. For 'magic' string "apr1", this is compatible to the MD5-based
307	* Apache password algorithm. (Apparently, the Apache password algorithm is
308	* identical except that the 'magic' string was changed -- the laziest
309	* application of the NIH principle I've ever encountered.)
310	*/
311	static char md5crypt(const char passwd, const char magic, const char salt)
312	{
313	/* "$apr1$..salt..$.......md5hash..........\0" */
314	static char out_buf[6 + 9 + 24 + 2];
315	unsigned char buf[MD5_DIGEST_LENGTH];
316	char ascii_magic[5]; /* "apr1" plus '\0' */
317	char ascii_salt[9]; /* Max 8 chars plus '\0' */
318	char *ascii_passwd = NULL;
319	char *salt_out;
320	int n;
321	unsigned int i;
322	EVP_MD_CTX md = NULL, md2 = NULL;
323	size_t passwd_len, salt_len, magic_len;
324
325	passwd_len = strlen(passwd);
326
327	out_buf[0] = 0;
328	magic_len = strlen(magic);
329	OPENSSL_strlcpy(ascii_magic, magic, sizeof(ascii_magic));
330	#ifdef CHARSET_EBCDIC
331	if ((magic[0] & 0x80) != 0) /* High bit is 1 in EBCDIC alnums */
332	ebcdic2ascii(ascii_magic, ascii_magic, magic_len);
333	#endif
334
335	/* The salt gets truncated to 8 chars */
336	OPENSSL_strlcpy(ascii_salt, salt, sizeof(ascii_salt));
337	salt_len = strlen(ascii_salt);
338	#ifdef CHARSET_EBCDIC
339	ebcdic2ascii(ascii_salt, ascii_salt, salt_len);
340	#endif
341
342	#ifdef CHARSET_EBCDIC
343	ascii_passwd = OPENSSL_strdup(passwd);
344	if (ascii_passwd == NULL)
345	return NULL;
346	ebcdic2ascii(ascii_passwd, ascii_passwd, passwd_len);
347	passwd = ascii_passwd;
348	#endif
349
350	if (magic_len > 0) {
351	OPENSSL_strlcat(out_buf, ascii_dollar, sizeof(out_buf));
352
353	if (magic_len > 4) /* assert it's "1" or "apr1" */
354	goto err;
355
356	OPENSSL_strlcat(out_buf, ascii_magic, sizeof(out_buf));
357	OPENSSL_strlcat(out_buf, ascii_dollar, sizeof(out_buf));
358	}
359
360	OPENSSL_strlcat(out_buf, ascii_salt, sizeof(out_buf));
361
362	if (strlen(out_buf) > 6 + 8) /* assert "$apr1$..salt.." */
363	goto err;
364
365	salt_out = out_buf;
366	if (magic_len > 0)
367	salt_out += 2 + magic_len;
368
369	if (salt_len > 8)
370	goto err;
371
372	md = EVP_MD_CTX_new();
373	if (md == NULL
374	\|\| !EVP_DigestInit_ex(md, EVP_md5(), NULL)
375	\|\| !EVP_DigestUpdate(md, passwd, passwd_len))
376	goto err;
377
378	if (magic_len > 0)
379	if (!EVP_DigestUpdate(md, ascii_dollar, 1)
380	\|\| !EVP_DigestUpdate(md, ascii_magic, magic_len)
381	\|\| !EVP_DigestUpdate(md, ascii_dollar, 1))
382	goto err;
383
384	if (!EVP_DigestUpdate(md, ascii_salt, salt_len))
385	goto err;
386
387	md2 = EVP_MD_CTX_new();
388	if (md2 == NULL
389	\|\| !EVP_DigestInit_ex(md2, EVP_md5(), NULL)
390	\|\| !EVP_DigestUpdate(md2, passwd, passwd_len)
391	\|\| !EVP_DigestUpdate(md2, ascii_salt, salt_len)
392	\|\| !EVP_DigestUpdate(md2, passwd, passwd_len)
393	\|\| !EVP_DigestFinal_ex(md2, buf, NULL))
394	goto err;
395
396	for (i = passwd_len; i > sizeof(buf); i -= sizeof(buf)) {
397	if (!EVP_DigestUpdate(md, buf, sizeof(buf)))
398	goto err;
399	}
400	if (!EVP_DigestUpdate(md, buf, i))
401	goto err;
402
403	n = passwd_len;
404	while (n) {
405	if (!EVP_DigestUpdate(md, (n & 1) ? "\0" : passwd, 1))
406	goto err;
407	n >>= 1;
408	}
409	if (!EVP_DigestFinal_ex(md, buf, NULL))
410	return NULL;
411
412	for (i = 0; i < 1000; i++) {
413	if (!EVP_DigestInit_ex(md2, EVP_md5(), NULL))
414	goto err;
415	if (!EVP_DigestUpdate(md2,
416	(i & 1) ? (unsigned const char *)passwd : buf,
417	(i & 1) ? passwd_len : sizeof(buf)))
418	goto err;
419	if (i % 3) {
420	if (!EVP_DigestUpdate(md2, ascii_salt, salt_len))
421	goto err;
422	}
423	if (i % 7) {
424	if (!EVP_DigestUpdate(md2, passwd, passwd_len))
425	goto err;
426	}
427	if (!EVP_DigestUpdate(md2,
428	(i & 1) ? buf : (unsigned const char *)passwd,
429	(i & 1) ? sizeof(buf) : passwd_len))
430	goto err;
431	if (!EVP_DigestFinal_ex(md2, buf, NULL))
432	goto err;
433	}
434	EVP_MD_CTX_free(md2);
435	EVP_MD_CTX_free(md);
436	md2 = NULL;
437	md = NULL;
438
439	{
440	/* transform buf into output string */
441	unsigned char buf_perm[sizeof(buf)];
442	int dest, source;
443	char *output;
444
445	/* silly output permutation */
446	for (dest = 0, source = 0; dest < 14;
447	dest++, source = (source + 6) % 17)
448	buf_perm[dest] = buf[source];
449	buf_perm[14] = buf[5];
450	buf_perm[15] = buf[11];
451	# ifndef PEDANTIC /* Unfortunately, this generates a "no
452	* effect" warning */
453	assert(16 == sizeof(buf_perm));
454	# endif
455
456	output = salt_out + salt_len;
457	assert(output == out_buf + strlen(out_buf));
458
459	*output++ = ascii_dollar[0];
460
461	for (i = 0; i < 15; i += 3) {
462	*output++ = cov_2char[buf_perm[i + 2] & 0x3f];
463	*output++ = cov_2char[((buf_perm[i + 1] & 0xf) << 2) \|
464	(buf_perm[i + 2] >> 6)];
465	*output++ = cov_2char[((buf_perm[i] & 3) << 4) \|
466	(buf_perm[i + 1] >> 4)];
467	*output++ = cov_2char[buf_perm[i] >> 2];
468	}
469	assert(i == 15);
470	*output++ = cov_2char[buf_perm[i] & 0x3f];
471	*output++ = cov_2char[buf_perm[i] >> 6];
472	*output = 0;
473	assert(strlen(out_buf) < sizeof(out_buf));
474	#ifdef CHARSET_EBCDIC
475	ascii2ebcdic(out_buf, out_buf, strlen(out_buf));
476	#endif
477	}
478
479	return out_buf;
480
481	err:
482	OPENSSL_free(ascii_passwd);
483	EVP_MD_CTX_free(md2);
484	EVP_MD_CTX_free(md);
485	return NULL;
486	}
487
488	/*
489	* SHA based password algorithm, describe by Ulrich Drepper here:
490	* https://www.akkadia.org/drepper/SHA-crypt.txt
491	* (note that it's in the public domain)
492	*/
493	static char shacrypt(const char passwd, const char magic, const char salt)
494	{
495	/* Prefix for optional rounds specification. */
496	static const char rounds_prefix[] = "rounds=";
497	/* Maximum salt string length. */
498	# define SALT_LEN_MAX 16
499	/* Default number of rounds if not explicitly specified. */
500	# define ROUNDS_DEFAULT 5000
501	/* Minimum number of rounds. */
502	# define ROUNDS_MIN 1000
503	/* Maximum number of rounds. */
504	# define ROUNDS_MAX 999999999
505
506	/* "$6$rounds=<N>$......salt......$...shahash(up to 86 chars)...\0" */
507	static char out_buf[3 + 17 + 17 + 86 + 1];
508	unsigned char buf[SHA512_DIGEST_LENGTH];
509	unsigned char temp_buf[SHA512_DIGEST_LENGTH];
510	size_t buf_size = 0;
511	char ascii_magic[2];
512	char ascii_salt[17]; /* Max 16 chars plus '\0' */
513	char *ascii_passwd = NULL;
514	size_t n;
515	EVP_MD_CTX md = NULL, md2 = NULL;
516	const EVP_MD *sha = NULL;
517	size_t passwd_len, salt_len, magic_len;
518	unsigned int rounds = 5000; /* Default */
519	char rounds_custom = 0;
520	char *p_bytes = NULL;
521	char *s_bytes = NULL;
522	char *cp = NULL;
523
524	passwd_len = strlen(passwd);
525	magic_len = strlen(magic);
526
527	/* assert it's "5" or "6" */
528	if (magic_len != 1)
529	return NULL;
530
531	switch (magic[0]) {
532	case '5':
533	sha = EVP_sha256();
534	buf_size = 32;
535	break;
536	case '6':
537	sha = EVP_sha512();
538	buf_size = 64;
539	break;
540	default:
541	return NULL;
542	}
543
544	if (strncmp(salt, rounds_prefix, sizeof(rounds_prefix) - 1) == 0) {
545	const char *num = salt + sizeof(rounds_prefix) - 1;
546	char *endp;
547	unsigned long int srounds = strtoul (num, &endp, 10);
548	if (*endp == '$') {
549	salt = endp + 1;
550	if (srounds > ROUNDS_MAX)
551	rounds = ROUNDS_MAX;
552	else if (srounds < ROUNDS_MIN)
553	rounds = ROUNDS_MIN;
554	else
555	rounds = (unsigned int)srounds;
556	rounds_custom = 1;
557	} else {
558	return NULL;
559	}
560	}
561
562	OPENSSL_strlcpy(ascii_magic, magic, sizeof(ascii_magic));
563	#ifdef CHARSET_EBCDIC
564	if ((magic[0] & 0x80) != 0) /* High bit is 1 in EBCDIC alnums */
565	ebcdic2ascii(ascii_magic, ascii_magic, magic_len);
566	#endif
567
568	/* The salt gets truncated to 16 chars */
569	OPENSSL_strlcpy(ascii_salt, salt, sizeof(ascii_salt));
570	salt_len = strlen(ascii_salt);
571	#ifdef CHARSET_EBCDIC
572	ebcdic2ascii(ascii_salt, ascii_salt, salt_len);
573	#endif
574
575	#ifdef CHARSET_EBCDIC
576	ascii_passwd = OPENSSL_strdup(passwd);
577	if (ascii_passwd == NULL)
578	return NULL;
579	ebcdic2ascii(ascii_passwd, ascii_passwd, passwd_len);
580	passwd = ascii_passwd;
581	#endif
582
583	out_buf[0] = 0;
584	OPENSSL_strlcat(out_buf, ascii_dollar, sizeof(out_buf));
585	OPENSSL_strlcat(out_buf, ascii_magic, sizeof(out_buf));
586	OPENSSL_strlcat(out_buf, ascii_dollar, sizeof(out_buf));
587	if (rounds_custom) {
588	char tmp_buf[80]; /* "rounds=999999999" */
589	sprintf(tmp_buf, "rounds=%u", rounds);
590	#ifdef CHARSET_EBCDIC
591	/* In case we're really on a ASCII based platform and just pretend */
592	if (tmp_buf[0] != 0x72) /* ASCII 'r' */
593	ebcdic2ascii(tmp_buf, tmp_buf, strlen(tmp_buf));
594	#endif
595	OPENSSL_strlcat(out_buf, tmp_buf, sizeof(out_buf));
596	OPENSSL_strlcat(out_buf, ascii_dollar, sizeof(out_buf));
597	}
598	OPENSSL_strlcat(out_buf, ascii_salt, sizeof(out_buf));
599
600	/* assert "$5$rounds=999999999$......salt......" */
601	if (strlen(out_buf) > 3 + 17 * rounds_custom + salt_len )
602	goto err;
603
604	md = EVP_MD_CTX_new();
605	if (md == NULL
606	\|\| !EVP_DigestInit_ex(md, sha, NULL)
607	\|\| !EVP_DigestUpdate(md, passwd, passwd_len)
608	\|\| !EVP_DigestUpdate(md, ascii_salt, salt_len))
609	goto err;
610
611	md2 = EVP_MD_CTX_new();
612	if (md2 == NULL
613	\|\| !EVP_DigestInit_ex(md2, sha, NULL)
614	\|\| !EVP_DigestUpdate(md2, passwd, passwd_len)
615	\|\| !EVP_DigestUpdate(md2, ascii_salt, salt_len)
616	\|\| !EVP_DigestUpdate(md2, passwd, passwd_len)
617	\|\| !EVP_DigestFinal_ex(md2, buf, NULL))
618	goto err;
619
620	for (n = passwd_len; n > buf_size; n -= buf_size) {
621	if (!EVP_DigestUpdate(md, buf, buf_size))
622	goto err;
623	}
624	if (!EVP_DigestUpdate(md, buf, n))
625	goto err;
626
627	n = passwd_len;
628	while (n) {
629	if (!EVP_DigestUpdate(md,
630	(n & 1) ? buf : (unsigned const char *)passwd,
631	(n & 1) ? buf_size : passwd_len))
632	goto err;
633	n >>= 1;
634	}
635	if (!EVP_DigestFinal_ex(md, buf, NULL))
636	return NULL;
637
638	/* P sequence */
639	if (!EVP_DigestInit_ex(md2, sha, NULL))
640	goto err;
641
642	for (n = passwd_len; n > 0; n--)
643	if (!EVP_DigestUpdate(md2, passwd, passwd_len))
644	goto err;
645
646	if (!EVP_DigestFinal_ex(md2, temp_buf, NULL))
647	return NULL;
648
649	if ((p_bytes = OPENSSL_zalloc(passwd_len)) == NULL)
650	goto err;
651	for (cp = p_bytes, n = passwd_len; n > buf_size; n -= buf_size, cp += buf_size)
652	memcpy(cp, temp_buf, buf_size);
653	memcpy(cp, temp_buf, n);
654
655	/* S sequence */
656	if (!EVP_DigestInit_ex(md2, sha, NULL))
657	goto err;
658
659	for (n = 16 + buf[0]; n > 0; n--)
660	if (!EVP_DigestUpdate(md2, ascii_salt, salt_len))
661	goto err;
662
663	if (!EVP_DigestFinal_ex(md2, temp_buf, NULL))
664	return NULL;
665
666	if ((s_bytes = OPENSSL_zalloc(salt_len)) == NULL)
667	goto err;
668	for (cp = s_bytes, n = salt_len; n > buf_size; n -= buf_size, cp += buf_size)
669	memcpy(cp, temp_buf, buf_size);
670	memcpy(cp, temp_buf, n);
671
672	for (n = 0; n < rounds; n++) {
673	if (!EVP_DigestInit_ex(md2, sha, NULL))
674	goto err;
675	if (!EVP_DigestUpdate(md2,
676	(n & 1) ? (unsigned const char *)p_bytes : buf,
677	(n & 1) ? passwd_len : buf_size))
678	goto err;
679	if (n % 3) {
680	if (!EVP_DigestUpdate(md2, s_bytes, salt_len))
681	goto err;
682	}
683	if (n % 7) {
684	if (!EVP_DigestUpdate(md2, p_bytes, passwd_len))
685	goto err;
686	}
687	if (!EVP_DigestUpdate(md2,
688	(n & 1) ? buf : (unsigned const char *)p_bytes,
689	(n & 1) ? buf_size : passwd_len))
690	goto err;
691	if (!EVP_DigestFinal_ex(md2, buf, NULL))
692	goto err;
693	}
694	EVP_MD_CTX_free(md2);
695	EVP_MD_CTX_free(md);
696	md2 = NULL;
697	md = NULL;
698	OPENSSL_free(p_bytes);
699	OPENSSL_free(s_bytes);
700	p_bytes = NULL;
701	s_bytes = NULL;
702
703	cp = out_buf + strlen(out_buf);
704	*cp++ = ascii_dollar[0];
705
706	# define b64_from_24bit(B2, B1, B0, N) \
707	do { \
708	unsigned int w = ((B2) << 16) \| ((B1) << 8) \| (B0); \
709	int i = (N); \
710	while (i-- > 0) \
711	{ \
712	*cp++ = cov_2char[w & 0x3f]; \
713	w >>= 6; \
714	} \
715	} while (0)
716
717	switch (magic[0]) {
718	case '5':
719	b64_from_24bit (buf[0], buf[10], buf[20], 4);
720	b64_from_24bit (buf[21], buf[1], buf[11], 4);
721	b64_from_24bit (buf[12], buf[22], buf[2], 4);
722	b64_from_24bit (buf[3], buf[13], buf[23], 4);
723	b64_from_24bit (buf[24], buf[4], buf[14], 4);
724	b64_from_24bit (buf[15], buf[25], buf[5], 4);
725	b64_from_24bit (buf[6], buf[16], buf[26], 4);
726	b64_from_24bit (buf[27], buf[7], buf[17], 4);
727	b64_from_24bit (buf[18], buf[28], buf[8], 4);
728	b64_from_24bit (buf[9], buf[19], buf[29], 4);
729	b64_from_24bit (0, buf[31], buf[30], 3);
730	break;
731	case '6':
732	b64_from_24bit (buf[0], buf[21], buf[42], 4);
733	b64_from_24bit (buf[22], buf[43], buf[1], 4);
734	b64_from_24bit (buf[44], buf[2], buf[23], 4);
735	b64_from_24bit (buf[3], buf[24], buf[45], 4);
736	b64_from_24bit (buf[25], buf[46], buf[4], 4);
737	b64_from_24bit (buf[47], buf[5], buf[26], 4);
738	b64_from_24bit (buf[6], buf[27], buf[48], 4);
739	b64_from_24bit (buf[28], buf[49], buf[7], 4);
740	b64_from_24bit (buf[50], buf[8], buf[29], 4);
741	b64_from_24bit (buf[9], buf[30], buf[51], 4);
742	b64_from_24bit (buf[31], buf[52], buf[10], 4);
743	b64_from_24bit (buf[53], buf[11], buf[32], 4);
744	b64_from_24bit (buf[12], buf[33], buf[54], 4);
745	b64_from_24bit (buf[34], buf[55], buf[13], 4);
746	b64_from_24bit (buf[56], buf[14], buf[35], 4);
747	b64_from_24bit (buf[15], buf[36], buf[57], 4);
748	b64_from_24bit (buf[37], buf[58], buf[16], 4);
749	b64_from_24bit (buf[59], buf[17], buf[38], 4);
750	b64_from_24bit (buf[18], buf[39], buf[60], 4);
751	b64_from_24bit (buf[40], buf[61], buf[19], 4);
752	b64_from_24bit (buf[62], buf[20], buf[41], 4);
753	b64_from_24bit (0, 0, buf[63], 2);
754	break;
755	default:
756	goto err;
757	}
758	*cp = '\0';
759	#ifdef CHARSET_EBCDIC
760	ascii2ebcdic(out_buf, out_buf, strlen(out_buf));
761	#endif
762
763	return out_buf;
764
765	err:
766	EVP_MD_CTX_free(md2);
767	EVP_MD_CTX_free(md);
768	OPENSSL_free(p_bytes);
769	OPENSSL_free(s_bytes);
770	OPENSSL_free(ascii_passwd);
771	return NULL;
772	}
773
774	static int do_passwd(int passed_salt, char salt_p, char salt_malloc_p,
775	char passwd, BIO out, int quiet, int table,
776	int reverse, size_t pw_maxlen, passwd_modes mode)
777	{
778	char *hash = NULL;
779
780	assert(salt_p != NULL);
781	assert(salt_malloc_p != NULL);
782
783	/* first make sure we have a salt */
784	if (!passed_salt) {
785	size_t saltlen = 0;
786	size_t i;
787
788	#ifndef OPENSSL_NO_DES
789	if (mode == passwd_crypt)
790	saltlen = 2;
791	#endif /* !OPENSSL_NO_DES */
792
793	if (mode == passwd_md5 \|\| mode == passwd_apr1 \|\| mode == passwd_aixmd5)
794	saltlen = 8;
795
796	if (mode == passwd_sha256 \|\| mode == passwd_sha512)
797	saltlen = 16;
798
799	assert(saltlen != 0);
800
801	if (*salt_malloc_p == NULL)
802	salt_p = salt_malloc_p = app_malloc(saltlen + 1, "salt buffer");
803	if (RAND_bytes((unsigned char )salt_p, saltlen) <= 0)
804	goto end;
805
806	for (i = 0; i < saltlen; i++)
807	(salt_p)[i] = cov_2char[(salt_p)[i] & 0x3f]; /* 6 bits */
808	(*salt_p)[i] = 0;
809	# ifdef CHARSET_EBCDIC
810	/* The password encryption function will convert back to ASCII */
811	ascii2ebcdic(salt_p, salt_p, saltlen);
812	# endif
813	}
814
815	assert(*salt_p != NULL);
816
817	/* truncate password if necessary */
818	if ((strlen(passwd) > pw_maxlen)) {
819	if (!quiet)
820	/*
821	* XXX: really we should know how to print a size_t, not cast it
822	*/
823	BIO_printf(bio_err,
824	"Warning: truncating password to %u characters\n",
825	(unsigned)pw_maxlen);
826	passwd[pw_maxlen] = 0;
827	}
828	assert(strlen(passwd) <= pw_maxlen);
829
830	/* now compute password hash */
831	#ifndef OPENSSL_NO_DES
832	if (mode == passwd_crypt)
833	hash = DES_crypt(passwd, *salt_p);
834	#endif
835	if (mode == passwd_md5 \|\| mode == passwd_apr1)
836	hash = md5crypt(passwd, (mode == passwd_md5 ? "1" : "apr1"), *salt_p);
837	if (mode == passwd_aixmd5)
838	hash = md5crypt(passwd, "", *salt_p);
839	if (mode == passwd_sha256 \|\| mode == passwd_sha512)
840	hash = shacrypt(passwd, (mode == passwd_sha256 ? "5" : "6"), *salt_p);
841	assert(hash != NULL);
842
843	if (table && !reverse)
844	BIO_printf(out, "%s\t%s\n", passwd, hash);
845	else if (table && reverse)
846	BIO_printf(out, "%s\t%s\n", hash, passwd);
847	else
848	BIO_printf(out, "%s\n", hash);
849	return 1;
850
851	end:
852	return 0;
853	}

Note: See TracBrowser for help on using the repository browser.

source: vbox/trunk/src/libs/openssl-1.1.1l/apps/passwd.c@ 95000

Download in other formats: