1 | #include <machine/rtems-bsd-user-space.h> |
---|
2 | |
---|
3 | /* |
---|
4 | * Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. |
---|
5 | * |
---|
6 | * Licensed under the OpenSSL license (the "License"). You may not use |
---|
7 | * this file except in compliance with the License. You can obtain a copy |
---|
8 | * in the file LICENSE in the source distribution or at |
---|
9 | * https://www.openssl.org/source/license.html |
---|
10 | */ |
---|
11 | |
---|
12 | #include <string.h> |
---|
13 | |
---|
14 | #include "apps.h" |
---|
15 | #include "progs.h" |
---|
16 | |
---|
17 | #include <openssl/bio.h> |
---|
18 | #include <openssl/err.h> |
---|
19 | #include <openssl/evp.h> |
---|
20 | #include <openssl/rand.h> |
---|
21 | #ifndef OPENSSL_NO_DES |
---|
22 | # include <openssl/des.h> |
---|
23 | #endif |
---|
24 | #include <openssl/md5.h> |
---|
25 | #include <openssl/sha.h> |
---|
26 | |
---|
27 | static unsigned const char cov_2char[64] = { |
---|
28 | /* from crypto/des/fcrypt.c */ |
---|
29 | 0x2E, 0x2F, 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, |
---|
30 | 0x36, 0x37, 0x38, 0x39, 0x41, 0x42, 0x43, 0x44, |
---|
31 | 0x45, 0x46, 0x47, 0x48, 0x49, 0x4A, 0x4B, 0x4C, |
---|
32 | 0x4D, 0x4E, 0x4F, 0x50, 0x51, 0x52, 0x53, 0x54, |
---|
33 | 0x55, 0x56, 0x57, 0x58, 0x59, 0x5A, 0x61, 0x62, |
---|
34 | 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6A, |
---|
35 | 0x6B, 0x6C, 0x6D, 0x6E, 0x6F, 0x70, 0x71, 0x72, |
---|
36 | 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7A |
---|
37 | }; |
---|
38 | |
---|
39 | static const char ascii_dollar[] = { 0x24, 0x00 }; |
---|
40 | |
---|
41 | typedef enum { |
---|
42 | passwd_unset = 0, |
---|
43 | passwd_crypt, |
---|
44 | passwd_md5, |
---|
45 | passwd_apr1, |
---|
46 | passwd_sha256, |
---|
47 | passwd_sha512, |
---|
48 | passwd_aixmd5 |
---|
49 | } passwd_modes; |
---|
50 | |
---|
51 | static int do_passwd(int passed_salt, char **salt_p, char **salt_malloc_p, |
---|
52 | char *passwd, BIO *out, int quiet, int table, |
---|
53 | int reverse, size_t pw_maxlen, passwd_modes mode); |
---|
54 | |
---|
55 | typedef enum OPTION_choice { |
---|
56 | OPT_ERR = -1, OPT_EOF = 0, OPT_HELP, |
---|
57 | OPT_IN, |
---|
58 | OPT_NOVERIFY, OPT_QUIET, OPT_TABLE, OPT_REVERSE, OPT_APR1, |
---|
59 | OPT_1, OPT_5, OPT_6, OPT_CRYPT, OPT_AIXMD5, OPT_SALT, OPT_STDIN, |
---|
60 | OPT_R_ENUM |
---|
61 | } OPTION_CHOICE; |
---|
62 | |
---|
63 | const OPTIONS passwd_options[] = { |
---|
64 | {"help", OPT_HELP, '-', "Display this summary"}, |
---|
65 | {"in", OPT_IN, '<', "Read passwords from file"}, |
---|
66 | {"noverify", OPT_NOVERIFY, '-', |
---|
67 | "Never verify when reading password from terminal"}, |
---|
68 | {"quiet", OPT_QUIET, '-', "No warnings"}, |
---|
69 | {"table", OPT_TABLE, '-', "Format output as table"}, |
---|
70 | {"reverse", OPT_REVERSE, '-', "Switch table columns"}, |
---|
71 | {"salt", OPT_SALT, 's', "Use provided salt"}, |
---|
72 | {"stdin", OPT_STDIN, '-', "Read passwords from stdin"}, |
---|
73 | {"6", OPT_6, '-', "SHA512-based password algorithm"}, |
---|
74 | {"5", OPT_5, '-', "SHA256-based password algorithm"}, |
---|
75 | {"apr1", OPT_APR1, '-', "MD5-based password algorithm, Apache variant"}, |
---|
76 | {"1", OPT_1, '-', "MD5-based password algorithm"}, |
---|
77 | {"aixmd5", OPT_AIXMD5, '-', "AIX MD5-based password algorithm"}, |
---|
78 | #ifndef OPENSSL_NO_DES |
---|
79 | {"crypt", OPT_CRYPT, '-', "Standard Unix password algorithm (default)"}, |
---|
80 | #endif |
---|
81 | OPT_R_OPTIONS, |
---|
82 | {NULL} |
---|
83 | }; |
---|
84 | |
---|
85 | int passwd_main(int argc, char **argv) |
---|
86 | { |
---|
87 | BIO *in = NULL; |
---|
88 | char *infile = NULL, *salt = NULL, *passwd = NULL, **passwds = NULL; |
---|
89 | char *salt_malloc = NULL, *passwd_malloc = NULL, *prog; |
---|
90 | OPTION_CHOICE o; |
---|
91 | int in_stdin = 0, pw_source_defined = 0; |
---|
92 | #ifndef OPENSSL_NO_UI_CONSOLE |
---|
93 | int in_noverify = 0; |
---|
94 | #endif |
---|
95 | int passed_salt = 0, quiet = 0, table = 0, reverse = 0; |
---|
96 | int ret = 1; |
---|
97 | passwd_modes mode = passwd_unset; |
---|
98 | size_t passwd_malloc_size = 0; |
---|
99 | size_t pw_maxlen = 256; /* arbitrary limit, should be enough for most |
---|
100 | * passwords */ |
---|
101 | |
---|
102 | prog = opt_init(argc, argv, passwd_options); |
---|
103 | while ((o = opt_next()) != OPT_EOF) { |
---|
104 | switch (o) { |
---|
105 | case OPT_EOF: |
---|
106 | case OPT_ERR: |
---|
107 | opthelp: |
---|
108 | BIO_printf(bio_err, "%s: Use -help for summary.\n", prog); |
---|
109 | goto end; |
---|
110 | case OPT_HELP: |
---|
111 | opt_help(passwd_options); |
---|
112 | ret = 0; |
---|
113 | goto end; |
---|
114 | case OPT_IN: |
---|
115 | if (pw_source_defined) |
---|
116 | goto opthelp; |
---|
117 | infile = opt_arg(); |
---|
118 | pw_source_defined = 1; |
---|
119 | break; |
---|
120 | case OPT_NOVERIFY: |
---|
121 | #ifndef OPENSSL_NO_UI_CONSOLE |
---|
122 | in_noverify = 1; |
---|
123 | #endif |
---|
124 | break; |
---|
125 | case OPT_QUIET: |
---|
126 | quiet = 1; |
---|
127 | break; |
---|
128 | case OPT_TABLE: |
---|
129 | table = 1; |
---|
130 | break; |
---|
131 | case OPT_REVERSE: |
---|
132 | reverse = 1; |
---|
133 | break; |
---|
134 | case OPT_1: |
---|
135 | if (mode != passwd_unset) |
---|
136 | goto opthelp; |
---|
137 | mode = passwd_md5; |
---|
138 | break; |
---|
139 | case OPT_5: |
---|
140 | if (mode != passwd_unset) |
---|
141 | goto opthelp; |
---|
142 | mode = passwd_sha256; |
---|
143 | break; |
---|
144 | case OPT_6: |
---|
145 | if (mode != passwd_unset) |
---|
146 | goto opthelp; |
---|
147 | mode = passwd_sha512; |
---|
148 | break; |
---|
149 | case OPT_APR1: |
---|
150 | if (mode != passwd_unset) |
---|
151 | goto opthelp; |
---|
152 | mode = passwd_apr1; |
---|
153 | break; |
---|
154 | case OPT_AIXMD5: |
---|
155 | if (mode != passwd_unset) |
---|
156 | goto opthelp; |
---|
157 | mode = passwd_aixmd5; |
---|
158 | break; |
---|
159 | case OPT_CRYPT: |
---|
160 | #ifndef OPENSSL_NO_DES |
---|
161 | if (mode != passwd_unset) |
---|
162 | goto opthelp; |
---|
163 | mode = passwd_crypt; |
---|
164 | #endif |
---|
165 | break; |
---|
166 | case OPT_SALT: |
---|
167 | passed_salt = 1; |
---|
168 | salt = opt_arg(); |
---|
169 | break; |
---|
170 | case OPT_STDIN: |
---|
171 | if (pw_source_defined) |
---|
172 | goto opthelp; |
---|
173 | in_stdin = 1; |
---|
174 | pw_source_defined = 1; |
---|
175 | break; |
---|
176 | case OPT_R_CASES: |
---|
177 | if (!opt_rand(o)) |
---|
178 | goto end; |
---|
179 | break; |
---|
180 | } |
---|
181 | } |
---|
182 | argc = opt_num_rest(); |
---|
183 | argv = opt_rest(); |
---|
184 | |
---|
185 | if (*argv != NULL) { |
---|
186 | if (pw_source_defined) |
---|
187 | goto opthelp; |
---|
188 | pw_source_defined = 1; |
---|
189 | passwds = argv; |
---|
190 | } |
---|
191 | |
---|
192 | if (mode == passwd_unset) { |
---|
193 | /* use default */ |
---|
194 | mode = passwd_crypt; |
---|
195 | } |
---|
196 | |
---|
197 | #ifdef OPENSSL_NO_DES |
---|
198 | if (mode == passwd_crypt) |
---|
199 | goto opthelp; |
---|
200 | #endif |
---|
201 | |
---|
202 | if (infile != NULL && in_stdin) { |
---|
203 | BIO_printf(bio_err, "%s: Can't combine -in and -stdin\n", prog); |
---|
204 | goto end; |
---|
205 | } |
---|
206 | |
---|
207 | if (infile != NULL || in_stdin) { |
---|
208 | /* |
---|
209 | * If in_stdin is true, we know that infile is NULL, and that |
---|
210 | * bio_open_default() will give us back an alias for stdin. |
---|
211 | */ |
---|
212 | in = bio_open_default(infile, 'r', FORMAT_TEXT); |
---|
213 | if (in == NULL) |
---|
214 | goto end; |
---|
215 | } |
---|
216 | |
---|
217 | if (mode == passwd_crypt) |
---|
218 | pw_maxlen = 8; |
---|
219 | |
---|
220 | if (passwds == NULL) { |
---|
221 | /* no passwords on the command line */ |
---|
222 | |
---|
223 | passwd_malloc_size = pw_maxlen + 2; |
---|
224 | /* longer than necessary so that we can warn about truncation */ |
---|
225 | passwd = passwd_malloc = |
---|
226 | app_malloc(passwd_malloc_size, "password buffer"); |
---|
227 | } |
---|
228 | |
---|
229 | if ((in == NULL) && (passwds == NULL)) { |
---|
230 | /* |
---|
231 | * we use the following method to make sure what |
---|
232 | * in the 'else' section is always compiled, to |
---|
233 | * avoid rot of not-frequently-used code. |
---|
234 | */ |
---|
235 | if (1) { |
---|
236 | #ifndef OPENSSL_NO_UI_CONSOLE |
---|
237 | /* build a null-terminated list */ |
---|
238 | static char *passwds_static[2] = { NULL, NULL }; |
---|
239 | |
---|
240 | passwds = passwds_static; |
---|
241 | if (in == NULL) { |
---|
242 | if (EVP_read_pw_string |
---|
243 | (passwd_malloc, passwd_malloc_size, "Password: ", |
---|
244 | !(passed_salt || in_noverify)) != 0) |
---|
245 | goto end; |
---|
246 | } |
---|
247 | passwds[0] = passwd_malloc; |
---|
248 | } else { |
---|
249 | #endif |
---|
250 | BIO_printf(bio_err, "password required\n"); |
---|
251 | goto end; |
---|
252 | } |
---|
253 | } |
---|
254 | |
---|
255 | if (in == NULL) { |
---|
256 | assert(passwds != NULL); |
---|
257 | assert(*passwds != NULL); |
---|
258 | |
---|
259 | do { /* loop over list of passwords */ |
---|
260 | passwd = *passwds++; |
---|
261 | if (!do_passwd(passed_salt, &salt, &salt_malloc, passwd, bio_out, |
---|
262 | quiet, table, reverse, pw_maxlen, mode)) |
---|
263 | goto end; |
---|
264 | } while (*passwds != NULL); |
---|
265 | } else { |
---|
266 | /* in != NULL */ |
---|
267 | int done; |
---|
268 | |
---|
269 | assert(passwd != NULL); |
---|
270 | do { |
---|
271 | int r = BIO_gets(in, passwd, pw_maxlen + 1); |
---|
272 | if (r > 0) { |
---|
273 | char *c = (strchr(passwd, '\n')); |
---|
274 | if (c != NULL) { |
---|
275 | *c = 0; /* truncate at newline */ |
---|
276 | } else { |
---|
277 | /* ignore rest of line */ |
---|
278 | char trash[BUFSIZ]; |
---|
279 | do |
---|
280 | r = BIO_gets(in, trash, sizeof(trash)); |
---|
281 | while ((r > 0) && (!strchr(trash, '\n'))); |
---|
282 | } |
---|
283 | |
---|
284 | if (!do_passwd |
---|
285 | (passed_salt, &salt, &salt_malloc, passwd, bio_out, quiet, |
---|
286 | table, reverse, pw_maxlen, mode)) |
---|
287 | goto end; |
---|
288 | } |
---|
289 | done = (r <= 0); |
---|
290 | } while (!done); |
---|
291 | } |
---|
292 | ret = 0; |
---|
293 | |
---|
294 | end: |
---|
295 | #if 0 |
---|
296 | ERR_print_errors(bio_err); |
---|
297 | #endif |
---|
298 | OPENSSL_free(salt_malloc); |
---|
299 | OPENSSL_free(passwd_malloc); |
---|
300 | BIO_free(in); |
---|
301 | return ret; |
---|
302 | } |
---|
303 | |
---|
304 | /* |
---|
305 | * MD5-based password algorithm (should probably be available as a library |
---|
306 | * function; then the static buffer would not be acceptable). For magic |
---|
307 | * string "1", this should be compatible to the MD5-based BSD password |
---|
308 | * algorithm. For 'magic' string "apr1", this is compatible to the MD5-based |
---|
309 | * Apache password algorithm. (Apparently, the Apache password algorithm is |
---|
310 | * identical except that the 'magic' string was changed -- the laziest |
---|
311 | * application of the NIH principle I've ever encountered.) |
---|
312 | */ |
---|
313 | static char *md5crypt(const char *passwd, const char *magic, const char *salt) |
---|
314 | { |
---|
315 | /* "$apr1$..salt..$.......md5hash..........\0" */ |
---|
316 | static char out_buf[6 + 9 + 24 + 2]; |
---|
317 | unsigned char buf[MD5_DIGEST_LENGTH]; |
---|
318 | char ascii_magic[5]; /* "apr1" plus '\0' */ |
---|
319 | char ascii_salt[9]; /* Max 8 chars plus '\0' */ |
---|
320 | char *ascii_passwd = NULL; |
---|
321 | char *salt_out; |
---|
322 | int n; |
---|
323 | unsigned int i; |
---|
324 | EVP_MD_CTX *md = NULL, *md2 = NULL; |
---|
325 | size_t passwd_len, salt_len, magic_len; |
---|
326 | |
---|
327 | passwd_len = strlen(passwd); |
---|
328 | |
---|
329 | out_buf[0] = 0; |
---|
330 | magic_len = strlen(magic); |
---|
331 | OPENSSL_strlcpy(ascii_magic, magic, sizeof(ascii_magic)); |
---|
332 | #ifdef CHARSET_EBCDIC |
---|
333 | if ((magic[0] & 0x80) != 0) /* High bit is 1 in EBCDIC alnums */ |
---|
334 | ebcdic2ascii(ascii_magic, ascii_magic, magic_len); |
---|
335 | #endif |
---|
336 | |
---|
337 | /* The salt gets truncated to 8 chars */ |
---|
338 | OPENSSL_strlcpy(ascii_salt, salt, sizeof(ascii_salt)); |
---|
339 | salt_len = strlen(ascii_salt); |
---|
340 | #ifdef CHARSET_EBCDIC |
---|
341 | ebcdic2ascii(ascii_salt, ascii_salt, salt_len); |
---|
342 | #endif |
---|
343 | |
---|
344 | #ifdef CHARSET_EBCDIC |
---|
345 | ascii_passwd = OPENSSL_strdup(passwd); |
---|
346 | if (ascii_passwd == NULL) |
---|
347 | return NULL; |
---|
348 | ebcdic2ascii(ascii_passwd, ascii_passwd, passwd_len); |
---|
349 | passwd = ascii_passwd; |
---|
350 | #endif |
---|
351 | |
---|
352 | if (magic_len > 0) { |
---|
353 | OPENSSL_strlcat(out_buf, ascii_dollar, sizeof(out_buf)); |
---|
354 | |
---|
355 | if (magic_len > 4) /* assert it's "1" or "apr1" */ |
---|
356 | goto err; |
---|
357 | |
---|
358 | OPENSSL_strlcat(out_buf, ascii_magic, sizeof(out_buf)); |
---|
359 | OPENSSL_strlcat(out_buf, ascii_dollar, sizeof(out_buf)); |
---|
360 | } |
---|
361 | |
---|
362 | OPENSSL_strlcat(out_buf, ascii_salt, sizeof(out_buf)); |
---|
363 | |
---|
364 | if (strlen(out_buf) > 6 + 8) /* assert "$apr1$..salt.." */ |
---|
365 | goto err; |
---|
366 | |
---|
367 | salt_out = out_buf; |
---|
368 | if (magic_len > 0) |
---|
369 | salt_out += 2 + magic_len; |
---|
370 | |
---|
371 | if (salt_len > 8) |
---|
372 | goto err; |
---|
373 | |
---|
374 | md = EVP_MD_CTX_new(); |
---|
375 | if (md == NULL |
---|
376 | || !EVP_DigestInit_ex(md, EVP_md5(), NULL) |
---|
377 | || !EVP_DigestUpdate(md, passwd, passwd_len)) |
---|
378 | goto err; |
---|
379 | |
---|
380 | if (magic_len > 0) |
---|
381 | if (!EVP_DigestUpdate(md, ascii_dollar, 1) |
---|
382 | || !EVP_DigestUpdate(md, ascii_magic, magic_len) |
---|
383 | || !EVP_DigestUpdate(md, ascii_dollar, 1)) |
---|
384 | goto err; |
---|
385 | |
---|
386 | if (!EVP_DigestUpdate(md, ascii_salt, salt_len)) |
---|
387 | goto err; |
---|
388 | |
---|
389 | md2 = EVP_MD_CTX_new(); |
---|
390 | if (md2 == NULL |
---|
391 | || !EVP_DigestInit_ex(md2, EVP_md5(), NULL) |
---|
392 | || !EVP_DigestUpdate(md2, passwd, passwd_len) |
---|
393 | || !EVP_DigestUpdate(md2, ascii_salt, salt_len) |
---|
394 | || !EVP_DigestUpdate(md2, passwd, passwd_len) |
---|
395 | || !EVP_DigestFinal_ex(md2, buf, NULL)) |
---|
396 | goto err; |
---|
397 | |
---|
398 | for (i = passwd_len; i > sizeof(buf); i -= sizeof(buf)) { |
---|
399 | if (!EVP_DigestUpdate(md, buf, sizeof(buf))) |
---|
400 | goto err; |
---|
401 | } |
---|
402 | if (!EVP_DigestUpdate(md, buf, i)) |
---|
403 | goto err; |
---|
404 | |
---|
405 | n = passwd_len; |
---|
406 | while (n) { |
---|
407 | if (!EVP_DigestUpdate(md, (n & 1) ? "\0" : passwd, 1)) |
---|
408 | goto err; |
---|
409 | n >>= 1; |
---|
410 | } |
---|
411 | if (!EVP_DigestFinal_ex(md, buf, NULL)) |
---|
412 | return NULL; |
---|
413 | |
---|
414 | for (i = 0; i < 1000; i++) { |
---|
415 | if (!EVP_DigestInit_ex(md2, EVP_md5(), NULL)) |
---|
416 | goto err; |
---|
417 | if (!EVP_DigestUpdate(md2, |
---|
418 | (i & 1) ? (unsigned const char *)passwd : buf, |
---|
419 | (i & 1) ? passwd_len : sizeof(buf))) |
---|
420 | goto err; |
---|
421 | if (i % 3) { |
---|
422 | if (!EVP_DigestUpdate(md2, ascii_salt, salt_len)) |
---|
423 | goto err; |
---|
424 | } |
---|
425 | if (i % 7) { |
---|
426 | if (!EVP_DigestUpdate(md2, passwd, passwd_len)) |
---|
427 | goto err; |
---|
428 | } |
---|
429 | if (!EVP_DigestUpdate(md2, |
---|
430 | (i & 1) ? buf : (unsigned const char *)passwd, |
---|
431 | (i & 1) ? sizeof(buf) : passwd_len)) |
---|
432 | goto err; |
---|
433 | if (!EVP_DigestFinal_ex(md2, buf, NULL)) |
---|
434 | goto err; |
---|
435 | } |
---|
436 | EVP_MD_CTX_free(md2); |
---|
437 | EVP_MD_CTX_free(md); |
---|
438 | md2 = NULL; |
---|
439 | md = NULL; |
---|
440 | |
---|
441 | { |
---|
442 | /* transform buf into output string */ |
---|
443 | unsigned char buf_perm[sizeof(buf)]; |
---|
444 | int dest, source; |
---|
445 | char *output; |
---|
446 | |
---|
447 | /* silly output permutation */ |
---|
448 | for (dest = 0, source = 0; dest < 14; |
---|
449 | dest++, source = (source + 6) % 17) |
---|
450 | buf_perm[dest] = buf[source]; |
---|
451 | buf_perm[14] = buf[5]; |
---|
452 | buf_perm[15] = buf[11]; |
---|
453 | # ifndef PEDANTIC /* Unfortunately, this generates a "no |
---|
454 | * effect" warning */ |
---|
455 | assert(16 == sizeof(buf_perm)); |
---|
456 | # endif |
---|
457 | |
---|
458 | output = salt_out + salt_len; |
---|
459 | assert(output == out_buf + strlen(out_buf)); |
---|
460 | |
---|
461 | *output++ = ascii_dollar[0]; |
---|
462 | |
---|
463 | for (i = 0; i < 15; i += 3) { |
---|
464 | *output++ = cov_2char[buf_perm[i + 2] & 0x3f]; |
---|
465 | *output++ = cov_2char[((buf_perm[i + 1] & 0xf) << 2) | |
---|
466 | (buf_perm[i + 2] >> 6)]; |
---|
467 | *output++ = cov_2char[((buf_perm[i] & 3) << 4) | |
---|
468 | (buf_perm[i + 1] >> 4)]; |
---|
469 | *output++ = cov_2char[buf_perm[i] >> 2]; |
---|
470 | } |
---|
471 | assert(i == 15); |
---|
472 | *output++ = cov_2char[buf_perm[i] & 0x3f]; |
---|
473 | *output++ = cov_2char[buf_perm[i] >> 6]; |
---|
474 | *output = 0; |
---|
475 | assert(strlen(out_buf) < sizeof(out_buf)); |
---|
476 | #ifdef CHARSET_EBCDIC |
---|
477 | ascii2ebcdic(out_buf, out_buf, strlen(out_buf)); |
---|
478 | #endif |
---|
479 | } |
---|
480 | |
---|
481 | return out_buf; |
---|
482 | |
---|
483 | err: |
---|
484 | OPENSSL_free(ascii_passwd); |
---|
485 | EVP_MD_CTX_free(md2); |
---|
486 | EVP_MD_CTX_free(md); |
---|
487 | return NULL; |
---|
488 | } |
---|
489 | |
---|
490 | /* |
---|
491 | * SHA based password algorithm, describe by Ulrich Drepper here: |
---|
492 | * https://www.akkadia.org/drepper/SHA-crypt.txt |
---|
493 | * (note that it's in the public domain) |
---|
494 | */ |
---|
495 | static char *shacrypt(const char *passwd, const char *magic, const char *salt) |
---|
496 | { |
---|
497 | /* Prefix for optional rounds specification. */ |
---|
498 | static const char rounds_prefix[] = "rounds="; |
---|
499 | /* Maximum salt string length. */ |
---|
500 | # define SALT_LEN_MAX 16 |
---|
501 | /* Default number of rounds if not explicitly specified. */ |
---|
502 | # define ROUNDS_DEFAULT 5000 |
---|
503 | /* Minimum number of rounds. */ |
---|
504 | # define ROUNDS_MIN 1000 |
---|
505 | /* Maximum number of rounds. */ |
---|
506 | # define ROUNDS_MAX 999999999 |
---|
507 | |
---|
508 | /* "$6$rounds=<N>$......salt......$...shahash(up to 86 chars)...\0" */ |
---|
509 | static char out_buf[3 + 17 + 17 + 86 + 1]; |
---|
510 | unsigned char buf[SHA512_DIGEST_LENGTH]; |
---|
511 | unsigned char temp_buf[SHA512_DIGEST_LENGTH]; |
---|
512 | size_t buf_size = 0; |
---|
513 | char ascii_magic[2]; |
---|
514 | char ascii_salt[17]; /* Max 16 chars plus '\0' */ |
---|
515 | char *ascii_passwd = NULL; |
---|
516 | size_t n; |
---|
517 | EVP_MD_CTX *md = NULL, *md2 = NULL; |
---|
518 | const EVP_MD *sha = NULL; |
---|
519 | size_t passwd_len, salt_len, magic_len; |
---|
520 | unsigned int rounds = 5000; /* Default */ |
---|
521 | char rounds_custom = 0; |
---|
522 | char *p_bytes = NULL; |
---|
523 | char *s_bytes = NULL; |
---|
524 | char *cp = NULL; |
---|
525 | |
---|
526 | passwd_len = strlen(passwd); |
---|
527 | magic_len = strlen(magic); |
---|
528 | |
---|
529 | /* assert it's "5" or "6" */ |
---|
530 | if (magic_len != 1) |
---|
531 | return NULL; |
---|
532 | |
---|
533 | switch (magic[0]) { |
---|
534 | case '5': |
---|
535 | sha = EVP_sha256(); |
---|
536 | buf_size = 32; |
---|
537 | break; |
---|
538 | case '6': |
---|
539 | sha = EVP_sha512(); |
---|
540 | buf_size = 64; |
---|
541 | break; |
---|
542 | default: |
---|
543 | return NULL; |
---|
544 | } |
---|
545 | |
---|
546 | if (strncmp(salt, rounds_prefix, sizeof(rounds_prefix) - 1) == 0) { |
---|
547 | const char *num = salt + sizeof(rounds_prefix) - 1; |
---|
548 | char *endp; |
---|
549 | unsigned long int srounds = strtoul (num, &endp, 10); |
---|
550 | if (*endp == '$') { |
---|
551 | salt = endp + 1; |
---|
552 | if (srounds > ROUNDS_MAX) |
---|
553 | rounds = ROUNDS_MAX; |
---|
554 | else if (srounds < ROUNDS_MIN) |
---|
555 | rounds = ROUNDS_MIN; |
---|
556 | else |
---|
557 | rounds = (unsigned int)srounds; |
---|
558 | rounds_custom = 1; |
---|
559 | } else { |
---|
560 | return NULL; |
---|
561 | } |
---|
562 | } |
---|
563 | |
---|
564 | OPENSSL_strlcpy(ascii_magic, magic, sizeof(ascii_magic)); |
---|
565 | #ifdef CHARSET_EBCDIC |
---|
566 | if ((magic[0] & 0x80) != 0) /* High bit is 1 in EBCDIC alnums */ |
---|
567 | ebcdic2ascii(ascii_magic, ascii_magic, magic_len); |
---|
568 | #endif |
---|
569 | |
---|
570 | /* The salt gets truncated to 16 chars */ |
---|
571 | OPENSSL_strlcpy(ascii_salt, salt, sizeof(ascii_salt)); |
---|
572 | salt_len = strlen(ascii_salt); |
---|
573 | #ifdef CHARSET_EBCDIC |
---|
574 | ebcdic2ascii(ascii_salt, ascii_salt, salt_len); |
---|
575 | #endif |
---|
576 | |
---|
577 | #ifdef CHARSET_EBCDIC |
---|
578 | ascii_passwd = OPENSSL_strdup(passwd); |
---|
579 | if (ascii_passwd == NULL) |
---|
580 | return NULL; |
---|
581 | ebcdic2ascii(ascii_passwd, ascii_passwd, passwd_len); |
---|
582 | passwd = ascii_passwd; |
---|
583 | #endif |
---|
584 | |
---|
585 | out_buf[0] = 0; |
---|
586 | OPENSSL_strlcat(out_buf, ascii_dollar, sizeof(out_buf)); |
---|
587 | OPENSSL_strlcat(out_buf, ascii_magic, sizeof(out_buf)); |
---|
588 | OPENSSL_strlcat(out_buf, ascii_dollar, sizeof(out_buf)); |
---|
589 | if (rounds_custom) { |
---|
590 | char tmp_buf[80]; /* "rounds=999999999" */ |
---|
591 | sprintf(tmp_buf, "rounds=%u", rounds); |
---|
592 | #ifdef CHARSET_EBCDIC |
---|
593 | /* In case we're really on a ASCII based platform and just pretend */ |
---|
594 | if (tmp_buf[0] != 0x72) /* ASCII 'r' */ |
---|
595 | ebcdic2ascii(tmp_buf, tmp_buf, strlen(tmp_buf)); |
---|
596 | #endif |
---|
597 | OPENSSL_strlcat(out_buf, tmp_buf, sizeof(out_buf)); |
---|
598 | OPENSSL_strlcat(out_buf, ascii_dollar, sizeof(out_buf)); |
---|
599 | } |
---|
600 | OPENSSL_strlcat(out_buf, ascii_salt, sizeof(out_buf)); |
---|
601 | |
---|
602 | /* assert "$5$rounds=999999999$......salt......" */ |
---|
603 | if (strlen(out_buf) > 3 + 17 * rounds_custom + salt_len ) |
---|
604 | goto err; |
---|
605 | |
---|
606 | md = EVP_MD_CTX_new(); |
---|
607 | if (md == NULL |
---|
608 | || !EVP_DigestInit_ex(md, sha, NULL) |
---|
609 | || !EVP_DigestUpdate(md, passwd, passwd_len) |
---|
610 | || !EVP_DigestUpdate(md, ascii_salt, salt_len)) |
---|
611 | goto err; |
---|
612 | |
---|
613 | md2 = EVP_MD_CTX_new(); |
---|
614 | if (md2 == NULL |
---|
615 | || !EVP_DigestInit_ex(md2, sha, NULL) |
---|
616 | || !EVP_DigestUpdate(md2, passwd, passwd_len) |
---|
617 | || !EVP_DigestUpdate(md2, ascii_salt, salt_len) |
---|
618 | || !EVP_DigestUpdate(md2, passwd, passwd_len) |
---|
619 | || !EVP_DigestFinal_ex(md2, buf, NULL)) |
---|
620 | goto err; |
---|
621 | |
---|
622 | for (n = passwd_len; n > buf_size; n -= buf_size) { |
---|
623 | if (!EVP_DigestUpdate(md, buf, buf_size)) |
---|
624 | goto err; |
---|
625 | } |
---|
626 | if (!EVP_DigestUpdate(md, buf, n)) |
---|
627 | goto err; |
---|
628 | |
---|
629 | n = passwd_len; |
---|
630 | while (n) { |
---|
631 | if (!EVP_DigestUpdate(md, |
---|
632 | (n & 1) ? buf : (unsigned const char *)passwd, |
---|
633 | (n & 1) ? buf_size : passwd_len)) |
---|
634 | goto err; |
---|
635 | n >>= 1; |
---|
636 | } |
---|
637 | if (!EVP_DigestFinal_ex(md, buf, NULL)) |
---|
638 | return NULL; |
---|
639 | |
---|
640 | /* P sequence */ |
---|
641 | if (!EVP_DigestInit_ex(md2, sha, NULL)) |
---|
642 | goto err; |
---|
643 | |
---|
644 | for (n = passwd_len; n > 0; n--) |
---|
645 | if (!EVP_DigestUpdate(md2, passwd, passwd_len)) |
---|
646 | goto err; |
---|
647 | |
---|
648 | if (!EVP_DigestFinal_ex(md2, temp_buf, NULL)) |
---|
649 | return NULL; |
---|
650 | |
---|
651 | if ((p_bytes = OPENSSL_zalloc(passwd_len)) == NULL) |
---|
652 | goto err; |
---|
653 | for (cp = p_bytes, n = passwd_len; n > buf_size; n -= buf_size, cp += buf_size) |
---|
654 | memcpy(cp, temp_buf, buf_size); |
---|
655 | memcpy(cp, temp_buf, n); |
---|
656 | |
---|
657 | /* S sequence */ |
---|
658 | if (!EVP_DigestInit_ex(md2, sha, NULL)) |
---|
659 | goto err; |
---|
660 | |
---|
661 | for (n = 16 + buf[0]; n > 0; n--) |
---|
662 | if (!EVP_DigestUpdate(md2, ascii_salt, salt_len)) |
---|
663 | goto err; |
---|
664 | |
---|
665 | if (!EVP_DigestFinal_ex(md2, temp_buf, NULL)) |
---|
666 | return NULL; |
---|
667 | |
---|
668 | if ((s_bytes = OPENSSL_zalloc(salt_len)) == NULL) |
---|
669 | goto err; |
---|
670 | for (cp = s_bytes, n = salt_len; n > buf_size; n -= buf_size, cp += buf_size) |
---|
671 | memcpy(cp, temp_buf, buf_size); |
---|
672 | memcpy(cp, temp_buf, n); |
---|
673 | |
---|
674 | for (n = 0; n < rounds; n++) { |
---|
675 | if (!EVP_DigestInit_ex(md2, sha, NULL)) |
---|
676 | goto err; |
---|
677 | if (!EVP_DigestUpdate(md2, |
---|
678 | (n & 1) ? (unsigned const char *)p_bytes : buf, |
---|
679 | (n & 1) ? passwd_len : buf_size)) |
---|
680 | goto err; |
---|
681 | if (n % 3) { |
---|
682 | if (!EVP_DigestUpdate(md2, s_bytes, salt_len)) |
---|
683 | goto err; |
---|
684 | } |
---|
685 | if (n % 7) { |
---|
686 | if (!EVP_DigestUpdate(md2, p_bytes, passwd_len)) |
---|
687 | goto err; |
---|
688 | } |
---|
689 | if (!EVP_DigestUpdate(md2, |
---|
690 | (n & 1) ? buf : (unsigned const char *)p_bytes, |
---|
691 | (n & 1) ? buf_size : passwd_len)) |
---|
692 | goto err; |
---|
693 | if (!EVP_DigestFinal_ex(md2, buf, NULL)) |
---|
694 | goto err; |
---|
695 | } |
---|
696 | EVP_MD_CTX_free(md2); |
---|
697 | EVP_MD_CTX_free(md); |
---|
698 | md2 = NULL; |
---|
699 | md = NULL; |
---|
700 | OPENSSL_free(p_bytes); |
---|
701 | OPENSSL_free(s_bytes); |
---|
702 | p_bytes = NULL; |
---|
703 | s_bytes = NULL; |
---|
704 | |
---|
705 | cp = out_buf + strlen(out_buf); |
---|
706 | *cp++ = ascii_dollar[0]; |
---|
707 | |
---|
708 | # define b64_from_24bit(B2, B1, B0, N) \ |
---|
709 | do { \ |
---|
710 | unsigned int w = ((B2) << 16) | ((B1) << 8) | (B0); \ |
---|
711 | int i = (N); \ |
---|
712 | while (i-- > 0) \ |
---|
713 | { \ |
---|
714 | *cp++ = cov_2char[w & 0x3f]; \ |
---|
715 | w >>= 6; \ |
---|
716 | } \ |
---|
717 | } while (0) |
---|
718 | |
---|
719 | switch (magic[0]) { |
---|
720 | case '5': |
---|
721 | b64_from_24bit (buf[0], buf[10], buf[20], 4); |
---|
722 | b64_from_24bit (buf[21], buf[1], buf[11], 4); |
---|
723 | b64_from_24bit (buf[12], buf[22], buf[2], 4); |
---|
724 | b64_from_24bit (buf[3], buf[13], buf[23], 4); |
---|
725 | b64_from_24bit (buf[24], buf[4], buf[14], 4); |
---|
726 | b64_from_24bit (buf[15], buf[25], buf[5], 4); |
---|
727 | b64_from_24bit (buf[6], buf[16], buf[26], 4); |
---|
728 | b64_from_24bit (buf[27], buf[7], buf[17], 4); |
---|
729 | b64_from_24bit (buf[18], buf[28], buf[8], 4); |
---|
730 | b64_from_24bit (buf[9], buf[19], buf[29], 4); |
---|
731 | b64_from_24bit (0, buf[31], buf[30], 3); |
---|
732 | break; |
---|
733 | case '6': |
---|
734 | b64_from_24bit (buf[0], buf[21], buf[42], 4); |
---|
735 | b64_from_24bit (buf[22], buf[43], buf[1], 4); |
---|
736 | b64_from_24bit (buf[44], buf[2], buf[23], 4); |
---|
737 | b64_from_24bit (buf[3], buf[24], buf[45], 4); |
---|
738 | b64_from_24bit (buf[25], buf[46], buf[4], 4); |
---|
739 | b64_from_24bit (buf[47], buf[5], buf[26], 4); |
---|
740 | b64_from_24bit (buf[6], buf[27], buf[48], 4); |
---|
741 | b64_from_24bit (buf[28], buf[49], buf[7], 4); |
---|
742 | b64_from_24bit (buf[50], buf[8], buf[29], 4); |
---|
743 | b64_from_24bit (buf[9], buf[30], buf[51], 4); |
---|
744 | b64_from_24bit (buf[31], buf[52], buf[10], 4); |
---|
745 | b64_from_24bit (buf[53], buf[11], buf[32], 4); |
---|
746 | b64_from_24bit (buf[12], buf[33], buf[54], 4); |
---|
747 | b64_from_24bit (buf[34], buf[55], buf[13], 4); |
---|
748 | b64_from_24bit (buf[56], buf[14], buf[35], 4); |
---|
749 | b64_from_24bit (buf[15], buf[36], buf[57], 4); |
---|
750 | b64_from_24bit (buf[37], buf[58], buf[16], 4); |
---|
751 | b64_from_24bit (buf[59], buf[17], buf[38], 4); |
---|
752 | b64_from_24bit (buf[18], buf[39], buf[60], 4); |
---|
753 | b64_from_24bit (buf[40], buf[61], buf[19], 4); |
---|
754 | b64_from_24bit (buf[62], buf[20], buf[41], 4); |
---|
755 | b64_from_24bit (0, 0, buf[63], 2); |
---|
756 | break; |
---|
757 | default: |
---|
758 | goto err; |
---|
759 | } |
---|
760 | *cp = '\0'; |
---|
761 | #ifdef CHARSET_EBCDIC |
---|
762 | ascii2ebcdic(out_buf, out_buf, strlen(out_buf)); |
---|
763 | #endif |
---|
764 | |
---|
765 | return out_buf; |
---|
766 | |
---|
767 | err: |
---|
768 | EVP_MD_CTX_free(md2); |
---|
769 | EVP_MD_CTX_free(md); |
---|
770 | OPENSSL_free(p_bytes); |
---|
771 | OPENSSL_free(s_bytes); |
---|
772 | OPENSSL_free(ascii_passwd); |
---|
773 | return NULL; |
---|
774 | } |
---|
775 | |
---|
776 | static int do_passwd(int passed_salt, char **salt_p, char **salt_malloc_p, |
---|
777 | char *passwd, BIO *out, int quiet, int table, |
---|
778 | int reverse, size_t pw_maxlen, passwd_modes mode) |
---|
779 | { |
---|
780 | char *hash = NULL; |
---|
781 | |
---|
782 | assert(salt_p != NULL); |
---|
783 | assert(salt_malloc_p != NULL); |
---|
784 | |
---|
785 | /* first make sure we have a salt */ |
---|
786 | if (!passed_salt) { |
---|
787 | size_t saltlen = 0; |
---|
788 | size_t i; |
---|
789 | |
---|
790 | #ifndef OPENSSL_NO_DES |
---|
791 | if (mode == passwd_crypt) |
---|
792 | saltlen = 2; |
---|
793 | #endif /* !OPENSSL_NO_DES */ |
---|
794 | |
---|
795 | if (mode == passwd_md5 || mode == passwd_apr1 || mode == passwd_aixmd5) |
---|
796 | saltlen = 8; |
---|
797 | |
---|
798 | if (mode == passwd_sha256 || mode == passwd_sha512) |
---|
799 | saltlen = 16; |
---|
800 | |
---|
801 | assert(saltlen != 0); |
---|
802 | |
---|
803 | if (*salt_malloc_p == NULL) |
---|
804 | *salt_p = *salt_malloc_p = app_malloc(saltlen + 1, "salt buffer"); |
---|
805 | if (RAND_bytes((unsigned char *)*salt_p, saltlen) <= 0) |
---|
806 | goto end; |
---|
807 | |
---|
808 | for (i = 0; i < saltlen; i++) |
---|
809 | (*salt_p)[i] = cov_2char[(*salt_p)[i] & 0x3f]; /* 6 bits */ |
---|
810 | (*salt_p)[i] = 0; |
---|
811 | # ifdef CHARSET_EBCDIC |
---|
812 | /* The password encryption funtion will convert back to ASCII */ |
---|
813 | ascii2ebcdic(*salt_p, *salt_p, saltlen); |
---|
814 | # endif |
---|
815 | } |
---|
816 | |
---|
817 | assert(*salt_p != NULL); |
---|
818 | |
---|
819 | /* truncate password if necessary */ |
---|
820 | if ((strlen(passwd) > pw_maxlen)) { |
---|
821 | if (!quiet) |
---|
822 | /* |
---|
823 | * XXX: really we should know how to print a size_t, not cast it |
---|
824 | */ |
---|
825 | BIO_printf(bio_err, |
---|
826 | "Warning: truncating password to %u characters\n", |
---|
827 | (unsigned)pw_maxlen); |
---|
828 | passwd[pw_maxlen] = 0; |
---|
829 | } |
---|
830 | assert(strlen(passwd) <= pw_maxlen); |
---|
831 | |
---|
832 | /* now compute password hash */ |
---|
833 | #ifndef OPENSSL_NO_DES |
---|
834 | if (mode == passwd_crypt) |
---|
835 | hash = DES_crypt(passwd, *salt_p); |
---|
836 | #endif |
---|
837 | if (mode == passwd_md5 || mode == passwd_apr1) |
---|
838 | hash = md5crypt(passwd, (mode == passwd_md5 ? "1" : "apr1"), *salt_p); |
---|
839 | if (mode == passwd_aixmd5) |
---|
840 | hash = md5crypt(passwd, "", *salt_p); |
---|
841 | if (mode == passwd_sha256 || mode == passwd_sha512) |
---|
842 | hash = shacrypt(passwd, (mode == passwd_sha256 ? "5" : "6"), *salt_p); |
---|
843 | assert(hash != NULL); |
---|
844 | |
---|
845 | if (table && !reverse) |
---|
846 | BIO_printf(out, "%s\t%s\n", passwd, hash); |
---|
847 | else if (table && reverse) |
---|
848 | BIO_printf(out, "%s\t%s\n", hash, passwd); |
---|
849 | else |
---|
850 | BIO_printf(out, "%s\n", hash); |
---|
851 | return 1; |
---|
852 | |
---|
853 | end: |
---|
854 | return 0; |
---|
855 | } |
---|