1 /* 2 * Copyright 2000-2022 The OpenSSL Project Authors. All Rights Reserved. 3 * 4 * Licensed under the Apache License 2.0 (the "License"). You may not use 5 * this file except in compliance with the License. You can obtain a copy 6 * in the file LICENSE in the source distribution or at 7 * https://www.openssl.org/source/license.html 8 */ 9 10 #include <string.h> 11 12 #include "apps.h" 13 #include "progs.h" 14 15 #include <openssl/bio.h> 16 #include <openssl/err.h> 17 #include <openssl/evp.h> 18 #include <openssl/rand.h> 19 #if !defined(OPENSSL_NO_DES) && !defined(OPENSSL_NO_DEPRECATED_3_0) 20 # include <openssl/des.h> 21 #endif 22 #include <openssl/md5.h> 23 #include <openssl/sha.h> 24 25 static const unsigned char cov_2char[64] = { 26 /* from crypto/des/fcrypt.c */ 27 0x2E, 0x2F, 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 28 0x36, 0x37, 0x38, 0x39, 0x41, 0x42, 0x43, 0x44, 29 0x45, 0x46, 0x47, 0x48, 0x49, 0x4A, 0x4B, 0x4C, 30 0x4D, 0x4E, 0x4F, 0x50, 0x51, 0x52, 0x53, 0x54, 31 0x55, 0x56, 0x57, 0x58, 0x59, 0x5A, 0x61, 0x62, 32 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6A, 33 0x6B, 0x6C, 0x6D, 0x6E, 0x6F, 0x70, 0x71, 0x72, 34 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7A 35 }; 36 37 static const char ascii_dollar[] = { 0x24, 0x00 }; 38 39 typedef enum { 40 passwd_unset = 0, 41 passwd_md5, 42 passwd_apr1, 43 passwd_sha256, 44 passwd_sha512, 45 passwd_aixmd5 46 } passwd_modes; 47 48 static int do_passwd(int passed_salt, char **salt_p, char **salt_malloc_p, 49 char *passwd, BIO *out, int quiet, int table, 50 int reverse, size_t pw_maxlen, passwd_modes mode); 51 52 typedef enum OPTION_choice { 53 OPT_COMMON, 54 OPT_IN, 55 OPT_NOVERIFY, OPT_QUIET, OPT_TABLE, OPT_REVERSE, OPT_APR1, 56 OPT_1, OPT_5, OPT_6, OPT_AIXMD5, OPT_SALT, OPT_STDIN, 57 OPT_R_ENUM, OPT_PROV_ENUM 58 } OPTION_CHOICE; 59 60 const OPTIONS passwd_options[] = { 61 {OPT_HELP_STR, 1, '-', "Usage: %s [options] [password]\n"}, 62 63 OPT_SECTION("General"), 64 {"help", OPT_HELP, '-', "Display this summary"}, 65 66 OPT_SECTION("Input"), 67 {"in", OPT_IN, '<', "Read passwords from file"}, 68 {"noverify", OPT_NOVERIFY, '-', 69 "Never verify when reading password from terminal"}, 70 {"stdin", OPT_STDIN, '-', "Read passwords from stdin"}, 71 72 OPT_SECTION("Output"), 73 {"quiet", OPT_QUIET, '-', "No warnings"}, 74 {"table", OPT_TABLE, '-', "Format output as table"}, 75 {"reverse", OPT_REVERSE, '-', "Switch table columns"}, 76 77 OPT_SECTION("Cryptographic"), 78 {"salt", OPT_SALT, 's', "Use provided salt"}, 79 {"6", OPT_6, '-', "SHA512-based password algorithm"}, 80 {"5", OPT_5, '-', "SHA256-based password algorithm"}, 81 {"apr1", OPT_APR1, '-', "MD5-based password algorithm, Apache variant"}, 82 {"1", OPT_1, '-', "MD5-based password algorithm"}, 83 {"aixmd5", OPT_AIXMD5, '-', "AIX MD5-based password algorithm"}, 84 85 OPT_R_OPTIONS, 86 OPT_PROV_OPTIONS, 87 88 OPT_PARAMETERS(), 89 {"password", 0, 0, "Password text to digest (optional)"}, 90 {NULL} 91 }; 92 93 int passwd_main(int argc, char **argv) 94 { 95 BIO *in = NULL; 96 char *infile = NULL, *salt = NULL, *passwd = NULL, **passwds = NULL; 97 char *salt_malloc = NULL, *passwd_malloc = NULL, *prog; 98 OPTION_CHOICE o; 99 int in_stdin = 0, pw_source_defined = 0; 100 #ifndef OPENSSL_NO_UI_CONSOLE 101 int in_noverify = 0; 102 #endif 103 int passed_salt = 0, quiet = 0, table = 0, reverse = 0; 104 int ret = 1; 105 passwd_modes mode = passwd_unset; 106 size_t passwd_malloc_size = 0; 107 size_t pw_maxlen = 256; /* arbitrary limit, should be enough for most 108 * passwords */ 109 110 prog = opt_init(argc, argv, passwd_options); 111 while ((o = opt_next()) != OPT_EOF) { 112 switch (o) { 113 case OPT_EOF: 114 case OPT_ERR: 115 opthelp: 116 BIO_printf(bio_err, "%s: Use -help for summary.\n", prog); 117 goto end; 118 case OPT_HELP: 119 opt_help(passwd_options); 120 ret = 0; 121 goto end; 122 case OPT_IN: 123 if (pw_source_defined) 124 goto opthelp; 125 infile = opt_arg(); 126 pw_source_defined = 1; 127 break; 128 case OPT_NOVERIFY: 129 #ifndef OPENSSL_NO_UI_CONSOLE 130 in_noverify = 1; 131 #endif 132 break; 133 case OPT_QUIET: 134 quiet = 1; 135 break; 136 case OPT_TABLE: 137 table = 1; 138 break; 139 case OPT_REVERSE: 140 reverse = 1; 141 break; 142 case OPT_1: 143 if (mode != passwd_unset) 144 goto opthelp; 145 mode = passwd_md5; 146 break; 147 case OPT_5: 148 if (mode != passwd_unset) 149 goto opthelp; 150 mode = passwd_sha256; 151 break; 152 case OPT_6: 153 if (mode != passwd_unset) 154 goto opthelp; 155 mode = passwd_sha512; 156 break; 157 case OPT_APR1: 158 if (mode != passwd_unset) 159 goto opthelp; 160 mode = passwd_apr1; 161 break; 162 case OPT_AIXMD5: 163 if (mode != passwd_unset) 164 goto opthelp; 165 mode = passwd_aixmd5; 166 break; 167 case OPT_SALT: 168 passed_salt = 1; 169 salt = opt_arg(); 170 break; 171 case OPT_STDIN: 172 if (pw_source_defined) 173 goto opthelp; 174 in_stdin = 1; 175 pw_source_defined = 1; 176 break; 177 case OPT_R_CASES: 178 if (!opt_rand(o)) 179 goto end; 180 break; 181 case OPT_PROV_CASES: 182 if (!opt_provider(o)) 183 goto end; 184 break; 185 } 186 } 187 188 /* All remaining arguments are the password text */ 189 argc = opt_num_rest(); 190 argv = opt_rest(); 191 if (*argv != NULL) { 192 if (pw_source_defined) 193 goto opthelp; 194 pw_source_defined = 1; 195 passwds = argv; 196 } 197 198 if (!app_RAND_load()) 199 goto end; 200 201 if (mode == passwd_unset) { 202 /* use default */ 203 mode = passwd_md5; 204 } 205 206 if (infile != NULL && in_stdin) { 207 BIO_printf(bio_err, "%s: Can't combine -in and -stdin\n", prog); 208 goto end; 209 } 210 211 if (infile != NULL || in_stdin) { 212 /* 213 * If in_stdin is true, we know that infile is NULL, and that 214 * bio_open_default() will give us back an alias for stdin. 215 */ 216 in = bio_open_default(infile, 'r', FORMAT_TEXT); 217 if (in == NULL) 218 goto end; 219 } 220 221 if (passwds == NULL) { 222 /* no passwords on the command line */ 223 224 passwd_malloc_size = pw_maxlen + 2; 225 /* longer than necessary so that we can warn about truncation */ 226 passwd = passwd_malloc = 227 app_malloc(passwd_malloc_size, "password buffer"); 228 } 229 230 if ((in == NULL) && (passwds == NULL)) { 231 /* 232 * we use the following method to make sure what 233 * in the 'else' section is always compiled, to 234 * avoid rot of not-frequently-used code. 235 */ 236 if (1) { 237 #ifndef OPENSSL_NO_UI_CONSOLE 238 /* build a null-terminated list */ 239 static char *passwds_static[2] = { NULL, NULL }; 240 241 passwds = passwds_static; 242 if (in == NULL) { 243 if (EVP_read_pw_string 244 (passwd_malloc, passwd_malloc_size, "Password: ", 245 !(passed_salt || in_noverify)) != 0) 246 goto end; 247 } 248 passwds[0] = passwd_malloc; 249 } else { 250 #endif 251 BIO_printf(bio_err, "password required\n"); 252 goto end; 253 } 254 } 255 256 if (in == NULL) { 257 assert(passwds != NULL); 258 assert(*passwds != NULL); 259 260 do { /* loop over list of passwords */ 261 passwd = *passwds++; 262 if (!do_passwd(passed_salt, &salt, &salt_malloc, passwd, bio_out, 263 quiet, table, reverse, pw_maxlen, mode)) 264 goto end; 265 } while (*passwds != NULL); 266 } else { 267 /* in != NULL */ 268 int done; 269 270 assert(passwd != NULL); 271 do { 272 int r = BIO_gets(in, passwd, pw_maxlen + 1); 273 if (r > 0) { 274 char *c = (strchr(passwd, '\n')); 275 if (c != NULL) { 276 *c = 0; /* truncate at newline */ 277 } else { 278 /* ignore rest of line */ 279 char trash[BUFSIZ]; 280 do 281 r = BIO_gets(in, trash, sizeof(trash)); 282 while ((r > 0) && (!strchr(trash, '\n'))); 283 } 284 285 if (!do_passwd 286 (passed_salt, &salt, &salt_malloc, passwd, bio_out, quiet, 287 table, reverse, pw_maxlen, mode)) 288 goto end; 289 } 290 done = (r <= 0); 291 } while (!done); 292 } 293 ret = 0; 294 295 end: 296 #if 0 297 ERR_print_errors(bio_err); 298 #endif 299 OPENSSL_free(salt_malloc); 300 OPENSSL_free(passwd_malloc); 301 BIO_free(in); 302 return ret; 303 } 304 305 /* 306 * MD5-based password algorithm (should probably be available as a library 307 * function; then the static buffer would not be acceptable). For magic 308 * string "1", this should be compatible to the MD5-based BSD password 309 * algorithm. For 'magic' string "apr1", this is compatible to the MD5-based 310 * Apache password algorithm. (Apparently, the Apache password algorithm is 311 * identical except that the 'magic' string was changed -- the laziest 312 * application of the NIH principle I've ever encountered.) 313 */ 314 static char *md5crypt(const char *passwd, const char *magic, const char *salt) 315 { 316 /* "$apr1$..salt..$.......md5hash..........\0" */ 317 static char out_buf[6 + 9 + 24 + 2]; 318 unsigned char buf[MD5_DIGEST_LENGTH]; 319 char ascii_magic[5]; /* "apr1" plus '\0' */ 320 char ascii_salt[9]; /* Max 8 chars plus '\0' */ 321 char *ascii_passwd = NULL; 322 char *salt_out; 323 int n; 324 unsigned int i; 325 EVP_MD_CTX *md = NULL, *md2 = NULL; 326 size_t passwd_len, salt_len, magic_len; 327 328 passwd_len = strlen(passwd); 329 330 out_buf[0] = 0; 331 magic_len = strlen(magic); 332 OPENSSL_strlcpy(ascii_magic, magic, sizeof(ascii_magic)); 333 #ifdef CHARSET_EBCDIC 334 if ((magic[0] & 0x80) != 0) /* High bit is 1 in EBCDIC alnums */ 335 ebcdic2ascii(ascii_magic, ascii_magic, magic_len); 336 #endif 337 338 /* The salt gets truncated to 8 chars */ 339 OPENSSL_strlcpy(ascii_salt, salt, sizeof(ascii_salt)); 340 salt_len = strlen(ascii_salt); 341 #ifdef CHARSET_EBCDIC 342 ebcdic2ascii(ascii_salt, ascii_salt, salt_len); 343 #endif 344 345 #ifdef CHARSET_EBCDIC 346 ascii_passwd = OPENSSL_strdup(passwd); 347 if (ascii_passwd == NULL) 348 return NULL; 349 ebcdic2ascii(ascii_passwd, ascii_passwd, passwd_len); 350 passwd = ascii_passwd; 351 #endif 352 353 if (magic_len > 0) { 354 OPENSSL_strlcat(out_buf, ascii_dollar, sizeof(out_buf)); 355 356 if (magic_len > 4) /* assert it's "1" or "apr1" */ 357 goto err; 358 359 OPENSSL_strlcat(out_buf, ascii_magic, sizeof(out_buf)); 360 OPENSSL_strlcat(out_buf, ascii_dollar, sizeof(out_buf)); 361 } 362 363 OPENSSL_strlcat(out_buf, ascii_salt, sizeof(out_buf)); 364 365 if (strlen(out_buf) > 6 + 8) /* assert "$apr1$..salt.." */ 366 goto err; 367 368 salt_out = out_buf; 369 if (magic_len > 0) 370 salt_out += 2 + magic_len; 371 372 if (salt_len > 8) 373 goto err; 374 375 md = EVP_MD_CTX_new(); 376 if (md == NULL 377 || !EVP_DigestInit_ex(md, EVP_md5(), NULL) 378 || !EVP_DigestUpdate(md, passwd, passwd_len)) 379 goto err; 380 381 if (magic_len > 0) 382 if (!EVP_DigestUpdate(md, ascii_dollar, 1) 383 || !EVP_DigestUpdate(md, ascii_magic, magic_len) 384 || !EVP_DigestUpdate(md, ascii_dollar, 1)) 385 goto err; 386 387 if (!EVP_DigestUpdate(md, ascii_salt, salt_len)) 388 goto err; 389 390 md2 = EVP_MD_CTX_new(); 391 if (md2 == NULL 392 || !EVP_DigestInit_ex(md2, EVP_md5(), NULL) 393 || !EVP_DigestUpdate(md2, passwd, passwd_len) 394 || !EVP_DigestUpdate(md2, ascii_salt, salt_len) 395 || !EVP_DigestUpdate(md2, passwd, passwd_len) 396 || !EVP_DigestFinal_ex(md2, buf, NULL)) 397 goto err; 398 399 for (i = passwd_len; i > sizeof(buf); i -= sizeof(buf)) { 400 if (!EVP_DigestUpdate(md, buf, sizeof(buf))) 401 goto err; 402 } 403 if (!EVP_DigestUpdate(md, buf, i)) 404 goto err; 405 406 n = passwd_len; 407 while (n) { 408 if (!EVP_DigestUpdate(md, (n & 1) ? "\0" : passwd, 1)) 409 goto err; 410 n >>= 1; 411 } 412 if (!EVP_DigestFinal_ex(md, buf, NULL)) 413 goto err; 414 415 for (i = 0; i < 1000; i++) { 416 if (!EVP_DigestInit_ex(md2, EVP_md5(), NULL)) 417 goto err; 418 if (!EVP_DigestUpdate(md2, 419 (i & 1) ? (const unsigned char *)passwd : buf, 420 (i & 1) ? passwd_len : sizeof(buf))) 421 goto err; 422 if (i % 3) { 423 if (!EVP_DigestUpdate(md2, ascii_salt, salt_len)) 424 goto err; 425 } 426 if (i % 7) { 427 if (!EVP_DigestUpdate(md2, passwd, passwd_len)) 428 goto err; 429 } 430 if (!EVP_DigestUpdate(md2, 431 (i & 1) ? buf : (const unsigned char *)passwd, 432 (i & 1) ? sizeof(buf) : passwd_len)) 433 goto err; 434 if (!EVP_DigestFinal_ex(md2, buf, NULL)) 435 goto err; 436 } 437 EVP_MD_CTX_free(md2); 438 EVP_MD_CTX_free(md); 439 md2 = NULL; 440 md = NULL; 441 442 { 443 /* transform buf into output string */ 444 unsigned char buf_perm[sizeof(buf)]; 445 int dest, source; 446 char *output; 447 448 /* silly output permutation */ 449 for (dest = 0, source = 0; dest < 14; 450 dest++, source = (source + 6) % 17) 451 buf_perm[dest] = buf[source]; 452 buf_perm[14] = buf[5]; 453 buf_perm[15] = buf[11]; 454 # ifndef PEDANTIC /* Unfortunately, this generates a "no 455 * effect" warning */ 456 assert(16 == sizeof(buf_perm)); 457 # endif 458 459 output = salt_out + salt_len; 460 assert(output == out_buf + strlen(out_buf)); 461 462 *output++ = ascii_dollar[0]; 463 464 for (i = 0; i < 15; i += 3) { 465 *output++ = cov_2char[buf_perm[i + 2] & 0x3f]; 466 *output++ = cov_2char[((buf_perm[i + 1] & 0xf) << 2) | 467 (buf_perm[i + 2] >> 6)]; 468 *output++ = cov_2char[((buf_perm[i] & 3) << 4) | 469 (buf_perm[i + 1] >> 4)]; 470 *output++ = cov_2char[buf_perm[i] >> 2]; 471 } 472 assert(i == 15); 473 *output++ = cov_2char[buf_perm[i] & 0x3f]; 474 *output++ = cov_2char[buf_perm[i] >> 6]; 475 *output = 0; 476 assert(strlen(out_buf) < sizeof(out_buf)); 477 #ifdef CHARSET_EBCDIC 478 ascii2ebcdic(out_buf, out_buf, strlen(out_buf)); 479 #endif 480 } 481 482 return out_buf; 483 484 err: 485 OPENSSL_free(ascii_passwd); 486 EVP_MD_CTX_free(md2); 487 EVP_MD_CTX_free(md); 488 return NULL; 489 } 490 491 /* 492 * SHA based password algorithm, describe by Ulrich Drepper here: 493 * https://www.akkadia.org/drepper/SHA-crypt.txt 494 * (note that it's in the public domain) 495 */ 496 static char *shacrypt(const char *passwd, const char *magic, const char *salt) 497 { 498 /* Prefix for optional rounds specification. */ 499 static const char rounds_prefix[] = "rounds="; 500 /* Maximum salt string length. */ 501 # define SALT_LEN_MAX 16 502 /* Default number of rounds if not explicitly specified. */ 503 # define ROUNDS_DEFAULT 5000 504 /* Minimum number of rounds. */ 505 # define ROUNDS_MIN 1000 506 /* Maximum number of rounds. */ 507 # define ROUNDS_MAX 999999999 508 509 /* "$6$rounds=<N>$......salt......$...shahash(up to 86 chars)...\0" */ 510 static char out_buf[3 + 17 + 17 + 86 + 1]; 511 unsigned char buf[SHA512_DIGEST_LENGTH]; 512 unsigned char temp_buf[SHA512_DIGEST_LENGTH]; 513 size_t buf_size = 0; 514 char ascii_magic[2]; 515 char ascii_salt[17]; /* Max 16 chars plus '\0' */ 516 char *ascii_passwd = NULL; 517 size_t n; 518 EVP_MD_CTX *md = NULL, *md2 = NULL; 519 const EVP_MD *sha = NULL; 520 size_t passwd_len, salt_len, magic_len; 521 unsigned int rounds = ROUNDS_DEFAULT; /* Default */ 522 char rounds_custom = 0; 523 char *p_bytes = NULL; 524 char *s_bytes = NULL; 525 char *cp = NULL; 526 527 passwd_len = strlen(passwd); 528 magic_len = strlen(magic); 529 530 /* assert it's "5" or "6" */ 531 if (magic_len != 1) 532 return NULL; 533 534 switch (magic[0]) { 535 case '5': 536 sha = EVP_sha256(); 537 buf_size = 32; 538 break; 539 case '6': 540 sha = EVP_sha512(); 541 buf_size = 64; 542 break; 543 default: 544 return NULL; 545 } 546 547 if (strncmp(salt, rounds_prefix, sizeof(rounds_prefix) - 1) == 0) { 548 const char *num = salt + sizeof(rounds_prefix) - 1; 549 char *endp; 550 unsigned long int srounds = strtoul (num, &endp, 10); 551 if (*endp == '$') { 552 salt = endp + 1; 553 if (srounds > ROUNDS_MAX) 554 rounds = ROUNDS_MAX; 555 else if (srounds < ROUNDS_MIN) 556 rounds = ROUNDS_MIN; 557 else 558 rounds = (unsigned int)srounds; 559 rounds_custom = 1; 560 } else { 561 return NULL; 562 } 563 } 564 565 OPENSSL_strlcpy(ascii_magic, magic, sizeof(ascii_magic)); 566 #ifdef CHARSET_EBCDIC 567 if ((magic[0] & 0x80) != 0) /* High bit is 1 in EBCDIC alnums */ 568 ebcdic2ascii(ascii_magic, ascii_magic, magic_len); 569 #endif 570 571 /* The salt gets truncated to 16 chars */ 572 OPENSSL_strlcpy(ascii_salt, salt, sizeof(ascii_salt)); 573 salt_len = strlen(ascii_salt); 574 #ifdef CHARSET_EBCDIC 575 ebcdic2ascii(ascii_salt, ascii_salt, salt_len); 576 #endif 577 578 #ifdef CHARSET_EBCDIC 579 ascii_passwd = OPENSSL_strdup(passwd); 580 if (ascii_passwd == NULL) 581 return NULL; 582 ebcdic2ascii(ascii_passwd, ascii_passwd, passwd_len); 583 passwd = ascii_passwd; 584 #endif 585 586 out_buf[0] = 0; 587 OPENSSL_strlcat(out_buf, ascii_dollar, sizeof(out_buf)); 588 OPENSSL_strlcat(out_buf, ascii_magic, sizeof(out_buf)); 589 OPENSSL_strlcat(out_buf, ascii_dollar, sizeof(out_buf)); 590 if (rounds_custom) { 591 char tmp_buf[80]; /* "rounds=999999999" */ 592 593 BIO_snprintf(tmp_buf, sizeof(tmp_buf), "rounds=%u", rounds); 594 #ifdef CHARSET_EBCDIC 595 /* In case we're really on a ASCII based platform and just pretend */ 596 if (tmp_buf[0] != 0x72) /* ASCII 'r' */ 597 ebcdic2ascii(tmp_buf, tmp_buf, strlen(tmp_buf)); 598 #endif 599 OPENSSL_strlcat(out_buf, tmp_buf, sizeof(out_buf)); 600 OPENSSL_strlcat(out_buf, ascii_dollar, sizeof(out_buf)); 601 } 602 OPENSSL_strlcat(out_buf, ascii_salt, sizeof(out_buf)); 603 604 /* assert "$5$rounds=999999999$......salt......" */ 605 if (strlen(out_buf) > 3 + 17 * rounds_custom + salt_len ) 606 goto err; 607 608 md = EVP_MD_CTX_new(); 609 if (md == NULL 610 || !EVP_DigestInit_ex(md, sha, NULL) 611 || !EVP_DigestUpdate(md, passwd, passwd_len) 612 || !EVP_DigestUpdate(md, ascii_salt, salt_len)) 613 goto err; 614 615 md2 = EVP_MD_CTX_new(); 616 if (md2 == NULL 617 || !EVP_DigestInit_ex(md2, sha, NULL) 618 || !EVP_DigestUpdate(md2, passwd, passwd_len) 619 || !EVP_DigestUpdate(md2, ascii_salt, salt_len) 620 || !EVP_DigestUpdate(md2, passwd, passwd_len) 621 || !EVP_DigestFinal_ex(md2, buf, NULL)) 622 goto err; 623 624 for (n = passwd_len; n > buf_size; n -= buf_size) { 625 if (!EVP_DigestUpdate(md, buf, buf_size)) 626 goto err; 627 } 628 if (!EVP_DigestUpdate(md, buf, n)) 629 goto err; 630 631 n = passwd_len; 632 while (n) { 633 if (!EVP_DigestUpdate(md, 634 (n & 1) ? buf : (const unsigned char *)passwd, 635 (n & 1) ? buf_size : passwd_len)) 636 goto err; 637 n >>= 1; 638 } 639 if (!EVP_DigestFinal_ex(md, buf, NULL)) 640 goto err; 641 642 /* P sequence */ 643 if (!EVP_DigestInit_ex(md2, sha, NULL)) 644 goto err; 645 646 for (n = passwd_len; n > 0; n--) 647 if (!EVP_DigestUpdate(md2, passwd, passwd_len)) 648 goto err; 649 650 if (!EVP_DigestFinal_ex(md2, temp_buf, NULL)) 651 goto err; 652 653 if ((p_bytes = OPENSSL_zalloc(passwd_len)) == NULL) 654 goto err; 655 for (cp = p_bytes, n = passwd_len; n > buf_size; n -= buf_size, cp += buf_size) 656 memcpy(cp, temp_buf, buf_size); 657 memcpy(cp, temp_buf, n); 658 659 /* S sequence */ 660 if (!EVP_DigestInit_ex(md2, sha, NULL)) 661 goto err; 662 663 for (n = 16 + buf[0]; n > 0; n--) 664 if (!EVP_DigestUpdate(md2, ascii_salt, salt_len)) 665 goto err; 666 667 if (!EVP_DigestFinal_ex(md2, temp_buf, NULL)) 668 goto err; 669 670 if ((s_bytes = OPENSSL_zalloc(salt_len)) == NULL) 671 goto err; 672 for (cp = s_bytes, n = salt_len; n > buf_size; n -= buf_size, cp += buf_size) 673 memcpy(cp, temp_buf, buf_size); 674 memcpy(cp, temp_buf, n); 675 676 for (n = 0; n < rounds; n++) { 677 if (!EVP_DigestInit_ex(md2, sha, NULL)) 678 goto err; 679 if (!EVP_DigestUpdate(md2, 680 (n & 1) ? (const unsigned char *)p_bytes : buf, 681 (n & 1) ? passwd_len : buf_size)) 682 goto err; 683 if (n % 3) { 684 if (!EVP_DigestUpdate(md2, s_bytes, salt_len)) 685 goto err; 686 } 687 if (n % 7) { 688 if (!EVP_DigestUpdate(md2, p_bytes, passwd_len)) 689 goto err; 690 } 691 if (!EVP_DigestUpdate(md2, 692 (n & 1) ? buf : (const unsigned char *)p_bytes, 693 (n & 1) ? buf_size : passwd_len)) 694 goto err; 695 if (!EVP_DigestFinal_ex(md2, buf, NULL)) 696 goto err; 697 } 698 EVP_MD_CTX_free(md2); 699 EVP_MD_CTX_free(md); 700 md2 = NULL; 701 md = NULL; 702 OPENSSL_free(p_bytes); 703 OPENSSL_free(s_bytes); 704 p_bytes = NULL; 705 s_bytes = NULL; 706 707 cp = out_buf + strlen(out_buf); 708 *cp++ = ascii_dollar[0]; 709 710 # define b64_from_24bit(B2, B1, B0, N) \ 711 do { \ 712 unsigned int w = ((B2) << 16) | ((B1) << 8) | (B0); \ 713 int i = (N); \ 714 while (i-- > 0) \ 715 { \ 716 *cp++ = cov_2char[w & 0x3f]; \ 717 w >>= 6; \ 718 } \ 719 } while (0) 720 721 switch (magic[0]) { 722 case '5': 723 b64_from_24bit (buf[0], buf[10], buf[20], 4); 724 b64_from_24bit (buf[21], buf[1], buf[11], 4); 725 b64_from_24bit (buf[12], buf[22], buf[2], 4); 726 b64_from_24bit (buf[3], buf[13], buf[23], 4); 727 b64_from_24bit (buf[24], buf[4], buf[14], 4); 728 b64_from_24bit (buf[15], buf[25], buf[5], 4); 729 b64_from_24bit (buf[6], buf[16], buf[26], 4); 730 b64_from_24bit (buf[27], buf[7], buf[17], 4); 731 b64_from_24bit (buf[18], buf[28], buf[8], 4); 732 b64_from_24bit (buf[9], buf[19], buf[29], 4); 733 b64_from_24bit (0, buf[31], buf[30], 3); 734 break; 735 case '6': 736 b64_from_24bit (buf[0], buf[21], buf[42], 4); 737 b64_from_24bit (buf[22], buf[43], buf[1], 4); 738 b64_from_24bit (buf[44], buf[2], buf[23], 4); 739 b64_from_24bit (buf[3], buf[24], buf[45], 4); 740 b64_from_24bit (buf[25], buf[46], buf[4], 4); 741 b64_from_24bit (buf[47], buf[5], buf[26], 4); 742 b64_from_24bit (buf[6], buf[27], buf[48], 4); 743 b64_from_24bit (buf[28], buf[49], buf[7], 4); 744 b64_from_24bit (buf[50], buf[8], buf[29], 4); 745 b64_from_24bit (buf[9], buf[30], buf[51], 4); 746 b64_from_24bit (buf[31], buf[52], buf[10], 4); 747 b64_from_24bit (buf[53], buf[11], buf[32], 4); 748 b64_from_24bit (buf[12], buf[33], buf[54], 4); 749 b64_from_24bit (buf[34], buf[55], buf[13], 4); 750 b64_from_24bit (buf[56], buf[14], buf[35], 4); 751 b64_from_24bit (buf[15], buf[36], buf[57], 4); 752 b64_from_24bit (buf[37], buf[58], buf[16], 4); 753 b64_from_24bit (buf[59], buf[17], buf[38], 4); 754 b64_from_24bit (buf[18], buf[39], buf[60], 4); 755 b64_from_24bit (buf[40], buf[61], buf[19], 4); 756 b64_from_24bit (buf[62], buf[20], buf[41], 4); 757 b64_from_24bit (0, 0, buf[63], 2); 758 break; 759 default: 760 goto err; 761 } 762 *cp = '\0'; 763 #ifdef CHARSET_EBCDIC 764 ascii2ebcdic(out_buf, out_buf, strlen(out_buf)); 765 #endif 766 767 return out_buf; 768 769 err: 770 EVP_MD_CTX_free(md2); 771 EVP_MD_CTX_free(md); 772 OPENSSL_free(p_bytes); 773 OPENSSL_free(s_bytes); 774 OPENSSL_free(ascii_passwd); 775 return NULL; 776 } 777 778 static int do_passwd(int passed_salt, char **salt_p, char **salt_malloc_p, 779 char *passwd, BIO *out, int quiet, int table, 780 int reverse, size_t pw_maxlen, passwd_modes mode) 781 { 782 char *hash = NULL; 783 784 assert(salt_p != NULL); 785 assert(salt_malloc_p != NULL); 786 787 /* first make sure we have a salt */ 788 if (!passed_salt) { 789 size_t saltlen = 0; 790 size_t i; 791 792 if (mode == passwd_md5 || mode == passwd_apr1 || mode == passwd_aixmd5) 793 saltlen = 8; 794 795 if (mode == passwd_sha256 || mode == passwd_sha512) 796 saltlen = 16; 797 798 assert(saltlen != 0); 799 800 if (*salt_malloc_p == NULL) 801 *salt_p = *salt_malloc_p = app_malloc(saltlen + 1, "salt buffer"); 802 if (RAND_bytes((unsigned char *)*salt_p, saltlen) <= 0) 803 goto end; 804 805 for (i = 0; i < saltlen; i++) 806 (*salt_p)[i] = cov_2char[(*salt_p)[i] & 0x3f]; /* 6 bits */ 807 (*salt_p)[i] = 0; 808 # ifdef CHARSET_EBCDIC 809 /* The password encryption function will convert back to ASCII */ 810 ascii2ebcdic(*salt_p, *salt_p, saltlen); 811 # endif 812 } 813 814 assert(*salt_p != NULL); 815 816 /* truncate password if necessary */ 817 if ((strlen(passwd) > pw_maxlen)) { 818 if (!quiet) 819 /* 820 * XXX: really we should know how to print a size_t, not cast it 821 */ 822 BIO_printf(bio_err, 823 "Warning: truncating password to %u characters\n", 824 (unsigned)pw_maxlen); 825 passwd[pw_maxlen] = 0; 826 } 827 assert(strlen(passwd) <= pw_maxlen); 828 829 /* now compute password hash */ 830 if (mode == passwd_md5 || mode == passwd_apr1) 831 hash = md5crypt(passwd, (mode == passwd_md5 ? "1" : "apr1"), *salt_p); 832 if (mode == passwd_aixmd5) 833 hash = md5crypt(passwd, "", *salt_p); 834 if (mode == passwd_sha256 || mode == passwd_sha512) 835 hash = shacrypt(passwd, (mode == passwd_sha256 ? "5" : "6"), *salt_p); 836 assert(hash != NULL); 837 838 if (table && !reverse) 839 BIO_printf(out, "%s\t%s\n", passwd, hash); 840 else if (table && reverse) 841 BIO_printf(out, "%s\t%s\n", hash, passwd); 842 else 843 BIO_printf(out, "%s\n", hash); 844 return 1; 845 846 end: 847 return 0; 848 } 849