1 /* 2 * Copyright 2000-2022 The OpenSSL Project Authors. All Rights Reserved. 3 * 4 * Licensed under the Apache License 2.0 (the "License"). You may not use 5 * this file except in compliance with the License. You can obtain a copy 6 * in the file LICENSE in the source distribution or at 7 * https://www.openssl.org/source/license.html 8 */ 9 10 #include <string.h> 11 12 #include "apps.h" 13 #include "progs.h" 14 15 #include <openssl/bio.h> 16 #include <openssl/err.h> 17 #include <openssl/evp.h> 18 #include <openssl/rand.h> 19 #if !defined(OPENSSL_NO_DES) && !defined(OPENSSL_NO_DEPRECATED_3_0) 20 # include <openssl/des.h> 21 #endif 22 #include <openssl/md5.h> 23 #include <openssl/sha.h> 24 25 static const unsigned char cov_2char[64] = { 26 /* from crypto/des/fcrypt.c */ 27 0x2E, 0x2F, 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 28 0x36, 0x37, 0x38, 0x39, 0x41, 0x42, 0x43, 0x44, 29 0x45, 0x46, 0x47, 0x48, 0x49, 0x4A, 0x4B, 0x4C, 30 0x4D, 0x4E, 0x4F, 0x50, 0x51, 0x52, 0x53, 0x54, 31 0x55, 0x56, 0x57, 0x58, 0x59, 0x5A, 0x61, 0x62, 32 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6A, 33 0x6B, 0x6C, 0x6D, 0x6E, 0x6F, 0x70, 0x71, 0x72, 34 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7A 35 }; 36 37 static const char ascii_dollar[] = { 0x24, 0x00 }; 38 39 typedef enum { 40 passwd_unset = 0, 41 passwd_md5, 42 passwd_apr1, 43 passwd_sha256, 44 passwd_sha512, 45 passwd_aixmd5 46 } passwd_modes; 47 48 static int do_passwd(int passed_salt, char **salt_p, char **salt_malloc_p, 49 char *passwd, BIO *out, int quiet, int table, 50 int reverse, size_t pw_maxlen, passwd_modes mode); 51 52 typedef enum OPTION_choice { 53 OPT_COMMON, 54 OPT_IN, 55 OPT_NOVERIFY, OPT_QUIET, OPT_TABLE, OPT_REVERSE, OPT_APR1, 56 OPT_1, OPT_5, OPT_6, OPT_AIXMD5, OPT_SALT, OPT_STDIN, 57 OPT_R_ENUM, OPT_PROV_ENUM 58 } OPTION_CHOICE; 59 60 const OPTIONS passwd_options[] = { 61 {OPT_HELP_STR, 1, '-', "Usage: %s [options] [password]\n"}, 62 63 OPT_SECTION("General"), 64 {"help", OPT_HELP, '-', "Display this summary"}, 65 66 OPT_SECTION("Input"), 67 {"in", OPT_IN, '<', "Read passwords from file"}, 68 {"noverify", OPT_NOVERIFY, '-', 69 "Never verify when reading password from terminal"}, 70 {"stdin", OPT_STDIN, '-', "Read passwords from stdin"}, 71 72 OPT_SECTION("Output"), 73 {"quiet", OPT_QUIET, '-', "No warnings"}, 74 {"table", OPT_TABLE, '-', "Format output as table"}, 75 {"reverse", OPT_REVERSE, '-', "Switch table columns"}, 76 77 OPT_SECTION("Cryptographic"), 78 {"salt", OPT_SALT, 's', "Use provided salt"}, 79 {"6", OPT_6, '-', "SHA512-based password algorithm"}, 80 {"5", OPT_5, '-', "SHA256-based password algorithm"}, 81 {"apr1", OPT_APR1, '-', "MD5-based password algorithm, Apache variant"}, 82 {"1", OPT_1, '-', "MD5-based password algorithm"}, 83 {"aixmd5", OPT_AIXMD5, '-', "AIX MD5-based password algorithm"}, 84 85 OPT_R_OPTIONS, 86 OPT_PROV_OPTIONS, 87 88 OPT_PARAMETERS(), 89 {"password", 0, 0, "Password text to digest (optional)"}, 90 {NULL} 91 }; 92 93 int passwd_main(int argc, char **argv) 94 { 95 BIO *in = NULL; 96 char *infile = NULL, *salt = NULL, *passwd = NULL, **passwds = NULL; 97 char *salt_malloc = NULL, *passwd_malloc = NULL, *prog; 98 OPTION_CHOICE o; 99 int in_stdin = 0, pw_source_defined = 0; 100 #ifndef OPENSSL_NO_UI_CONSOLE 101 int in_noverify = 0; 102 #endif 103 int passed_salt = 0, quiet = 0, table = 0, reverse = 0; 104 int ret = 1; 105 passwd_modes mode = passwd_unset; 106 size_t passwd_malloc_size = 0; 107 size_t pw_maxlen = 256; /* arbitrary limit, should be enough for most 108 * passwords */ 109 110 prog = opt_init(argc, argv, passwd_options); 111 while ((o = opt_next()) != OPT_EOF) { 112 switch (o) { 113 case OPT_EOF: 114 case OPT_ERR: 115 opthelp: 116 BIO_printf(bio_err, "%s: Use -help for summary.\n", prog); 117 goto end; 118 case OPT_HELP: 119 opt_help(passwd_options); 120 ret = 0; 121 goto end; 122 case OPT_IN: 123 if (pw_source_defined) 124 goto opthelp; 125 infile = opt_arg(); 126 pw_source_defined = 1; 127 break; 128 case OPT_NOVERIFY: 129 #ifndef OPENSSL_NO_UI_CONSOLE 130 in_noverify = 1; 131 #endif 132 break; 133 case OPT_QUIET: 134 quiet = 1; 135 break; 136 case OPT_TABLE: 137 table = 1; 138 break; 139 case OPT_REVERSE: 140 reverse = 1; 141 break; 142 case OPT_1: 143 if (mode != passwd_unset) 144 goto opthelp; 145 mode = passwd_md5; 146 break; 147 case OPT_5: 148 if (mode != passwd_unset) 149 goto opthelp; 150 mode = passwd_sha256; 151 break; 152 case OPT_6: 153 if (mode != passwd_unset) 154 goto opthelp; 155 mode = passwd_sha512; 156 break; 157 case OPT_APR1: 158 if (mode != passwd_unset) 159 goto opthelp; 160 mode = passwd_apr1; 161 break; 162 case OPT_AIXMD5: 163 if (mode != passwd_unset) 164 goto opthelp; 165 mode = passwd_aixmd5; 166 break; 167 case OPT_SALT: 168 passed_salt = 1; 169 salt = opt_arg(); 170 break; 171 case OPT_STDIN: 172 if (pw_source_defined) 173 goto opthelp; 174 in_stdin = 1; 175 pw_source_defined = 1; 176 break; 177 case OPT_R_CASES: 178 if (!opt_rand(o)) 179 goto end; 180 break; 181 case OPT_PROV_CASES: 182 if (!opt_provider(o)) 183 goto end; 184 break; 185 } 186 } 187 188 /* All remaining arguments are the password text */ 189 argc = opt_num_rest(); 190 argv = opt_rest(); 191 if (*argv != NULL) { 192 if (pw_source_defined) 193 goto opthelp; 194 pw_source_defined = 1; 195 passwds = argv; 196 } 197 198 if (!app_RAND_load()) 199 goto end; 200 201 if (mode == passwd_unset) { 202 /* use default */ 203 mode = passwd_md5; 204 } 205 206 if (infile != NULL && in_stdin) { 207 BIO_printf(bio_err, "%s: Can't combine -in and -stdin\n", prog); 208 goto end; 209 } 210 211 if (infile != NULL || in_stdin) { 212 /* 213 * If in_stdin is true, we know that infile is NULL, and that 214 * bio_open_default() will give us back an alias for stdin. 215 */ 216 in = bio_open_default(infile, 'r', FORMAT_TEXT); 217 if (in == NULL) 218 goto end; 219 } 220 221 if (passwds == NULL) { 222 /* no passwords on the command line */ 223 224 passwd_malloc_size = pw_maxlen + 2; 225 /* longer than necessary so that we can warn about truncation */ 226 passwd = passwd_malloc = 227 app_malloc(passwd_malloc_size, "password buffer"); 228 } 229 230 if ((in == NULL) && (passwds == NULL)) { 231 /* 232 * we use the following method to make sure what 233 * in the 'else' section is always compiled, to 234 * avoid rot of not-frequently-used code. 235 */ 236 if (1) { 237 #ifndef OPENSSL_NO_UI_CONSOLE 238 /* build a null-terminated list */ 239 static char *passwds_static[2] = { NULL, NULL }; 240 241 passwds = passwds_static; 242 if (in == NULL) { 243 if (EVP_read_pw_string 244 (passwd_malloc, passwd_malloc_size, "Password: ", 245 !(passed_salt || in_noverify)) != 0) 246 goto end; 247 } 248 passwds[0] = passwd_malloc; 249 } else { 250 #endif 251 BIO_printf(bio_err, "password required\n"); 252 goto end; 253 } 254 } 255 256 if (in == NULL) { 257 assert(passwds != NULL); 258 assert(*passwds != NULL); 259 260 do { /* loop over list of passwords */ 261 passwd = *passwds++; 262 if (!do_passwd(passed_salt, &salt, &salt_malloc, passwd, bio_out, 263 quiet, table, reverse, pw_maxlen, mode)) 264 goto end; 265 } while (*passwds != NULL); 266 } else { 267 /* in != NULL */ 268 int done; 269 270 assert(passwd != NULL); 271 do { 272 int r = BIO_gets(in, passwd, pw_maxlen + 1); 273 if (r > 0) { 274 char *c = (strchr(passwd, '\n')); 275 if (c != NULL) { 276 *c = 0; /* truncate at newline */ 277 } else { 278 /* ignore rest of line */ 279 char trash[BUFSIZ]; 280 do 281 r = BIO_gets(in, trash, sizeof(trash)); 282 while ((r > 0) && (!strchr(trash, '\n'))); 283 } 284 285 if (!do_passwd 286 (passed_salt, &salt, &salt_malloc, passwd, bio_out, quiet, 287 table, reverse, pw_maxlen, mode)) 288 goto end; 289 } 290 done = (r <= 0); 291 } while (!done); 292 } 293 ret = 0; 294 295 end: 296 #if 0 297 ERR_print_errors(bio_err); 298 #endif 299 OPENSSL_free(salt_malloc); 300 OPENSSL_free(passwd_malloc); 301 BIO_free(in); 302 return ret; 303 } 304 305 /* 306 * MD5-based password algorithm (should probably be available as a library 307 * function; then the static buffer would not be acceptable). For magic 308 * string "1", this should be compatible to the MD5-based BSD password 309 * algorithm. For 'magic' string "apr1", this is compatible to the MD5-based 310 * Apache password algorithm. (Apparently, the Apache password algorithm is 311 * identical except that the 'magic' string was changed -- the laziest 312 * application of the NIH principle I've ever encountered.) 313 */ 314 static char *md5crypt(const char *passwd, const char *magic, const char *salt) 315 { 316 /* "$apr1$..salt..$.......md5hash..........\0" */ 317 static char out_buf[6 + 9 + 24 + 2]; 318 unsigned char buf[MD5_DIGEST_LENGTH]; 319 char ascii_magic[5]; /* "apr1" plus '\0' */ 320 char ascii_salt[9]; /* Max 8 chars plus '\0' */ 321 char *ascii_passwd = NULL; 322 char *salt_out; 323 int n; 324 unsigned int i; 325 EVP_MD_CTX *md = NULL, *md2 = NULL; 326 size_t passwd_len, salt_len, magic_len; 327 328 passwd_len = strlen(passwd); 329 330 out_buf[0] = 0; 331 magic_len = strlen(magic); 332 OPENSSL_strlcpy(ascii_magic, magic, sizeof(ascii_magic)); 333 #ifdef CHARSET_EBCDIC 334 if ((magic[0] & 0x80) != 0) /* High bit is 1 in EBCDIC alnums */ 335 ebcdic2ascii(ascii_magic, ascii_magic, magic_len); 336 #endif 337 338 /* The salt gets truncated to 8 chars */ 339 OPENSSL_strlcpy(ascii_salt, salt, sizeof(ascii_salt)); 340 salt_len = strlen(ascii_salt); 341 #ifdef CHARSET_EBCDIC 342 ebcdic2ascii(ascii_salt, ascii_salt, salt_len); 343 #endif 344 345 #ifdef CHARSET_EBCDIC 346 ascii_passwd = OPENSSL_strdup(passwd); 347 if (ascii_passwd == NULL) 348 return NULL; 349 ebcdic2ascii(ascii_passwd, ascii_passwd, passwd_len); 350 passwd = ascii_passwd; 351 #endif 352 353 if (magic_len > 0) { 354 OPENSSL_strlcat(out_buf, ascii_dollar, sizeof(out_buf)); 355 356 if (magic_len > 4) /* assert it's "1" or "apr1" */ 357 goto err; 358 359 OPENSSL_strlcat(out_buf, ascii_magic, sizeof(out_buf)); 360 OPENSSL_strlcat(out_buf, ascii_dollar, sizeof(out_buf)); 361 } 362 363 OPENSSL_strlcat(out_buf, ascii_salt, sizeof(out_buf)); 364 365 if (strlen(out_buf) > 6 + 8) /* assert "$apr1$..salt.." */ 366 goto err; 367 368 salt_out = out_buf; 369 if (magic_len > 0) 370 salt_out += 2 + magic_len; 371 372 if (salt_len > 8) 373 goto err; 374 375 md = EVP_MD_CTX_new(); 376 if (md == NULL 377 || !EVP_DigestInit_ex(md, EVP_md5(), NULL) 378 || !EVP_DigestUpdate(md, passwd, passwd_len)) 379 goto err; 380 381 if (magic_len > 0) 382 if (!EVP_DigestUpdate(md, ascii_dollar, 1) 383 || !EVP_DigestUpdate(md, ascii_magic, magic_len) 384 || !EVP_DigestUpdate(md, ascii_dollar, 1)) 385 goto err; 386 387 if (!EVP_DigestUpdate(md, ascii_salt, salt_len)) 388 goto err; 389 390 md2 = EVP_MD_CTX_new(); 391 if (md2 == NULL 392 || !EVP_DigestInit_ex(md2, EVP_md5(), NULL) 393 || !EVP_DigestUpdate(md2, passwd, passwd_len) 394 || !EVP_DigestUpdate(md2, ascii_salt, salt_len) 395 || !EVP_DigestUpdate(md2, passwd, passwd_len) 396 || !EVP_DigestFinal_ex(md2, buf, NULL)) 397 goto err; 398 399 for (i = passwd_len; i > sizeof(buf); i -= sizeof(buf)) { 400 if (!EVP_DigestUpdate(md, buf, sizeof(buf))) 401 goto err; 402 } 403 if (!EVP_DigestUpdate(md, buf, i)) 404 goto err; 405 406 n = passwd_len; 407 while (n) { 408 if (!EVP_DigestUpdate(md, (n & 1) ? "\0" : passwd, 1)) 409 goto err; 410 n >>= 1; 411 } 412 if (!EVP_DigestFinal_ex(md, buf, NULL)) 413 goto err; 414 415 for (i = 0; i < 1000; i++) { 416 if (!EVP_DigestInit_ex(md2, EVP_md5(), NULL)) 417 goto err; 418 if (!EVP_DigestUpdate(md2, 419 (i & 1) ? (const unsigned char *)passwd : buf, 420 (i & 1) ? passwd_len : sizeof(buf))) 421 goto err; 422 if (i % 3) { 423 if (!EVP_DigestUpdate(md2, ascii_salt, salt_len)) 424 goto err; 425 } 426 if (i % 7) { 427 if (!EVP_DigestUpdate(md2, passwd, passwd_len)) 428 goto err; 429 } 430 if (!EVP_DigestUpdate(md2, 431 (i & 1) ? buf : (const unsigned char *)passwd, 432 (i & 1) ? sizeof(buf) : passwd_len)) 433 goto err; 434 if (!EVP_DigestFinal_ex(md2, buf, NULL)) 435 goto err; 436 } 437 EVP_MD_CTX_free(md2); 438 EVP_MD_CTX_free(md); 439 md2 = NULL; 440 md = NULL; 441 442 { 443 /* transform buf into output string */ 444 unsigned char buf_perm[sizeof(buf)]; 445 int dest, source; 446 char *output; 447 448 /* silly output permutation */ 449 for (dest = 0, source = 0; dest < 14; 450 dest++, source = (source + 6) % 17) 451 buf_perm[dest] = buf[source]; 452 buf_perm[14] = buf[5]; 453 buf_perm[15] = buf[11]; 454 # ifndef PEDANTIC /* Unfortunately, this generates a "no 455 * effect" warning */ 456 assert(16 == sizeof(buf_perm)); 457 # endif 458 459 output = salt_out + salt_len; 460 assert(output == out_buf + strlen(out_buf)); 461 462 *output++ = ascii_dollar[0]; 463 464 for (i = 0; i < 15; i += 3) { 465 *output++ = cov_2char[buf_perm[i + 2] & 0x3f]; 466 *output++ = cov_2char[((buf_perm[i + 1] & 0xf) << 2) | 467 (buf_perm[i + 2] >> 6)]; 468 *output++ = cov_2char[((buf_perm[i] & 3) << 4) | 469 (buf_perm[i + 1] >> 4)]; 470 *output++ = cov_2char[buf_perm[i] >> 2]; 471 } 472 assert(i == 15); 473 *output++ = cov_2char[buf_perm[i] & 0x3f]; 474 *output++ = cov_2char[buf_perm[i] >> 6]; 475 *output = 0; 476 assert(strlen(out_buf) < sizeof(out_buf)); 477 #ifdef CHARSET_EBCDIC 478 ascii2ebcdic(out_buf, out_buf, strlen(out_buf)); 479 #endif 480 } 481 482 return out_buf; 483 484 err: 485 OPENSSL_free(ascii_passwd); 486 EVP_MD_CTX_free(md2); 487 EVP_MD_CTX_free(md); 488 return NULL; 489 } 490 491 /* 492 * SHA based password algorithm, describe by Ulrich Drepper here: 493 * https://www.akkadia.org/drepper/SHA-crypt.txt 494 * (note that it's in the public domain) 495 */ 496 static char *shacrypt(const char *passwd, const char *magic, const char *salt) 497 { 498 /* Prefix for optional rounds specification. */ 499 static const char rounds_prefix[] = "rounds="; 500 /* Maximum salt string length. */ 501 # define SALT_LEN_MAX 16 502 /* Default number of rounds if not explicitly specified. */ 503 # define ROUNDS_DEFAULT 5000 504 /* Minimum number of rounds. */ 505 # define ROUNDS_MIN 1000 506 /* Maximum number of rounds. */ 507 # define ROUNDS_MAX 999999999 508 509 /* "$6$rounds=<N>$......salt......$...shahash(up to 86 chars)...\0" */ 510 static char out_buf[3 + 17 + 17 + 86 + 1]; 511 unsigned char buf[SHA512_DIGEST_LENGTH]; 512 unsigned char temp_buf[SHA512_DIGEST_LENGTH]; 513 size_t buf_size = 0; 514 char ascii_magic[2]; 515 char ascii_salt[17]; /* Max 16 chars plus '\0' */ 516 char *ascii_passwd = NULL; 517 size_t n; 518 EVP_MD_CTX *md = NULL, *md2 = NULL; 519 const EVP_MD *sha = NULL; 520 size_t passwd_len, salt_len, magic_len; 521 unsigned int rounds = ROUNDS_DEFAULT; /* Default */ 522 char rounds_custom = 0; 523 char *p_bytes = NULL; 524 char *s_bytes = NULL; 525 char *cp = NULL; 526 527 passwd_len = strlen(passwd); 528 magic_len = strlen(magic); 529 530 /* assert it's "5" or "6" */ 531 if (magic_len != 1) 532 return NULL; 533 534 switch (magic[0]) { 535 case '5': 536 sha = EVP_sha256(); 537 buf_size = 32; 538 break; 539 case '6': 540 sha = EVP_sha512(); 541 buf_size = 64; 542 break; 543 default: 544 return NULL; 545 } 546 547 if (strncmp(salt, rounds_prefix, sizeof(rounds_prefix) - 1) == 0) { 548 const char *num = salt + sizeof(rounds_prefix) - 1; 549 char *endp; 550 unsigned long int srounds = strtoul (num, &endp, 10); 551 if (*endp == '$') { 552 salt = endp + 1; 553 if (srounds > ROUNDS_MAX) 554 rounds = ROUNDS_MAX; 555 else if (srounds < ROUNDS_MIN) 556 rounds = ROUNDS_MIN; 557 else 558 rounds = (unsigned int)srounds; 559 rounds_custom = 1; 560 } else { 561 return NULL; 562 } 563 } 564 565 OPENSSL_strlcpy(ascii_magic, magic, sizeof(ascii_magic)); 566 #ifdef CHARSET_EBCDIC 567 if ((magic[0] & 0x80) != 0) /* High bit is 1 in EBCDIC alnums */ 568 ebcdic2ascii(ascii_magic, ascii_magic, magic_len); 569 #endif 570 571 /* The salt gets truncated to 16 chars */ 572 OPENSSL_strlcpy(ascii_salt, salt, sizeof(ascii_salt)); 573 salt_len = strlen(ascii_salt); 574 #ifdef CHARSET_EBCDIC 575 ebcdic2ascii(ascii_salt, ascii_salt, salt_len); 576 #endif 577 578 #ifdef CHARSET_EBCDIC 579 ascii_passwd = OPENSSL_strdup(passwd); 580 if (ascii_passwd == NULL) 581 return NULL; 582 ebcdic2ascii(ascii_passwd, ascii_passwd, passwd_len); 583 passwd = ascii_passwd; 584 #endif 585 586 out_buf[0] = 0; 587 OPENSSL_strlcat(out_buf, ascii_dollar, sizeof(out_buf)); 588 OPENSSL_strlcat(out_buf, ascii_magic, sizeof(out_buf)); 589 OPENSSL_strlcat(out_buf, ascii_dollar, sizeof(out_buf)); 590 if (rounds_custom) { 591 char tmp_buf[80]; /* "rounds=999999999" */ 592 sprintf(tmp_buf, "rounds=%u", rounds); 593 #ifdef CHARSET_EBCDIC 594 /* In case we're really on a ASCII based platform and just pretend */ 595 if (tmp_buf[0] != 0x72) /* ASCII 'r' */ 596 ebcdic2ascii(tmp_buf, tmp_buf, strlen(tmp_buf)); 597 #endif 598 OPENSSL_strlcat(out_buf, tmp_buf, sizeof(out_buf)); 599 OPENSSL_strlcat(out_buf, ascii_dollar, sizeof(out_buf)); 600 } 601 OPENSSL_strlcat(out_buf, ascii_salt, sizeof(out_buf)); 602 603 /* assert "$5$rounds=999999999$......salt......" */ 604 if (strlen(out_buf) > 3 + 17 * rounds_custom + salt_len ) 605 goto err; 606 607 md = EVP_MD_CTX_new(); 608 if (md == NULL 609 || !EVP_DigestInit_ex(md, sha, NULL) 610 || !EVP_DigestUpdate(md, passwd, passwd_len) 611 || !EVP_DigestUpdate(md, ascii_salt, salt_len)) 612 goto err; 613 614 md2 = EVP_MD_CTX_new(); 615 if (md2 == NULL 616 || !EVP_DigestInit_ex(md2, sha, NULL) 617 || !EVP_DigestUpdate(md2, passwd, passwd_len) 618 || !EVP_DigestUpdate(md2, ascii_salt, salt_len) 619 || !EVP_DigestUpdate(md2, passwd, passwd_len) 620 || !EVP_DigestFinal_ex(md2, buf, NULL)) 621 goto err; 622 623 for (n = passwd_len; n > buf_size; n -= buf_size) { 624 if (!EVP_DigestUpdate(md, buf, buf_size)) 625 goto err; 626 } 627 if (!EVP_DigestUpdate(md, buf, n)) 628 goto err; 629 630 n = passwd_len; 631 while (n) { 632 if (!EVP_DigestUpdate(md, 633 (n & 1) ? buf : (const unsigned char *)passwd, 634 (n & 1) ? buf_size : passwd_len)) 635 goto err; 636 n >>= 1; 637 } 638 if (!EVP_DigestFinal_ex(md, buf, NULL)) 639 goto err; 640 641 /* P sequence */ 642 if (!EVP_DigestInit_ex(md2, sha, NULL)) 643 goto err; 644 645 for (n = passwd_len; n > 0; n--) 646 if (!EVP_DigestUpdate(md2, passwd, passwd_len)) 647 goto err; 648 649 if (!EVP_DigestFinal_ex(md2, temp_buf, NULL)) 650 goto err; 651 652 if ((p_bytes = OPENSSL_zalloc(passwd_len)) == NULL) 653 goto err; 654 for (cp = p_bytes, n = passwd_len; n > buf_size; n -= buf_size, cp += buf_size) 655 memcpy(cp, temp_buf, buf_size); 656 memcpy(cp, temp_buf, n); 657 658 /* S sequence */ 659 if (!EVP_DigestInit_ex(md2, sha, NULL)) 660 goto err; 661 662 for (n = 16 + buf[0]; n > 0; n--) 663 if (!EVP_DigestUpdate(md2, ascii_salt, salt_len)) 664 goto err; 665 666 if (!EVP_DigestFinal_ex(md2, temp_buf, NULL)) 667 goto err; 668 669 if ((s_bytes = OPENSSL_zalloc(salt_len)) == NULL) 670 goto err; 671 for (cp = s_bytes, n = salt_len; n > buf_size; n -= buf_size, cp += buf_size) 672 memcpy(cp, temp_buf, buf_size); 673 memcpy(cp, temp_buf, n); 674 675 for (n = 0; n < rounds; n++) { 676 if (!EVP_DigestInit_ex(md2, sha, NULL)) 677 goto err; 678 if (!EVP_DigestUpdate(md2, 679 (n & 1) ? (const unsigned char *)p_bytes : buf, 680 (n & 1) ? passwd_len : buf_size)) 681 goto err; 682 if (n % 3) { 683 if (!EVP_DigestUpdate(md2, s_bytes, salt_len)) 684 goto err; 685 } 686 if (n % 7) { 687 if (!EVP_DigestUpdate(md2, p_bytes, passwd_len)) 688 goto err; 689 } 690 if (!EVP_DigestUpdate(md2, 691 (n & 1) ? buf : (const unsigned char *)p_bytes, 692 (n & 1) ? buf_size : passwd_len)) 693 goto err; 694 if (!EVP_DigestFinal_ex(md2, buf, NULL)) 695 goto err; 696 } 697 EVP_MD_CTX_free(md2); 698 EVP_MD_CTX_free(md); 699 md2 = NULL; 700 md = NULL; 701 OPENSSL_free(p_bytes); 702 OPENSSL_free(s_bytes); 703 p_bytes = NULL; 704 s_bytes = NULL; 705 706 cp = out_buf + strlen(out_buf); 707 *cp++ = ascii_dollar[0]; 708 709 # define b64_from_24bit(B2, B1, B0, N) \ 710 do { \ 711 unsigned int w = ((B2) << 16) | ((B1) << 8) | (B0); \ 712 int i = (N); \ 713 while (i-- > 0) \ 714 { \ 715 *cp++ = cov_2char[w & 0x3f]; \ 716 w >>= 6; \ 717 } \ 718 } while (0) 719 720 switch (magic[0]) { 721 case '5': 722 b64_from_24bit (buf[0], buf[10], buf[20], 4); 723 b64_from_24bit (buf[21], buf[1], buf[11], 4); 724 b64_from_24bit (buf[12], buf[22], buf[2], 4); 725 b64_from_24bit (buf[3], buf[13], buf[23], 4); 726 b64_from_24bit (buf[24], buf[4], buf[14], 4); 727 b64_from_24bit (buf[15], buf[25], buf[5], 4); 728 b64_from_24bit (buf[6], buf[16], buf[26], 4); 729 b64_from_24bit (buf[27], buf[7], buf[17], 4); 730 b64_from_24bit (buf[18], buf[28], buf[8], 4); 731 b64_from_24bit (buf[9], buf[19], buf[29], 4); 732 b64_from_24bit (0, buf[31], buf[30], 3); 733 break; 734 case '6': 735 b64_from_24bit (buf[0], buf[21], buf[42], 4); 736 b64_from_24bit (buf[22], buf[43], buf[1], 4); 737 b64_from_24bit (buf[44], buf[2], buf[23], 4); 738 b64_from_24bit (buf[3], buf[24], buf[45], 4); 739 b64_from_24bit (buf[25], buf[46], buf[4], 4); 740 b64_from_24bit (buf[47], buf[5], buf[26], 4); 741 b64_from_24bit (buf[6], buf[27], buf[48], 4); 742 b64_from_24bit (buf[28], buf[49], buf[7], 4); 743 b64_from_24bit (buf[50], buf[8], buf[29], 4); 744 b64_from_24bit (buf[9], buf[30], buf[51], 4); 745 b64_from_24bit (buf[31], buf[52], buf[10], 4); 746 b64_from_24bit (buf[53], buf[11], buf[32], 4); 747 b64_from_24bit (buf[12], buf[33], buf[54], 4); 748 b64_from_24bit (buf[34], buf[55], buf[13], 4); 749 b64_from_24bit (buf[56], buf[14], buf[35], 4); 750 b64_from_24bit (buf[15], buf[36], buf[57], 4); 751 b64_from_24bit (buf[37], buf[58], buf[16], 4); 752 b64_from_24bit (buf[59], buf[17], buf[38], 4); 753 b64_from_24bit (buf[18], buf[39], buf[60], 4); 754 b64_from_24bit (buf[40], buf[61], buf[19], 4); 755 b64_from_24bit (buf[62], buf[20], buf[41], 4); 756 b64_from_24bit (0, 0, buf[63], 2); 757 break; 758 default: 759 goto err; 760 } 761 *cp = '\0'; 762 #ifdef CHARSET_EBCDIC 763 ascii2ebcdic(out_buf, out_buf, strlen(out_buf)); 764 #endif 765 766 return out_buf; 767 768 err: 769 EVP_MD_CTX_free(md2); 770 EVP_MD_CTX_free(md); 771 OPENSSL_free(p_bytes); 772 OPENSSL_free(s_bytes); 773 OPENSSL_free(ascii_passwd); 774 return NULL; 775 } 776 777 static int do_passwd(int passed_salt, char **salt_p, char **salt_malloc_p, 778 char *passwd, BIO *out, int quiet, int table, 779 int reverse, size_t pw_maxlen, passwd_modes mode) 780 { 781 char *hash = NULL; 782 783 assert(salt_p != NULL); 784 assert(salt_malloc_p != NULL); 785 786 /* first make sure we have a salt */ 787 if (!passed_salt) { 788 size_t saltlen = 0; 789 size_t i; 790 791 if (mode == passwd_md5 || mode == passwd_apr1 || mode == passwd_aixmd5) 792 saltlen = 8; 793 794 if (mode == passwd_sha256 || mode == passwd_sha512) 795 saltlen = 16; 796 797 assert(saltlen != 0); 798 799 if (*salt_malloc_p == NULL) 800 *salt_p = *salt_malloc_p = app_malloc(saltlen + 1, "salt buffer"); 801 if (RAND_bytes((unsigned char *)*salt_p, saltlen) <= 0) 802 goto end; 803 804 for (i = 0; i < saltlen; i++) 805 (*salt_p)[i] = cov_2char[(*salt_p)[i] & 0x3f]; /* 6 bits */ 806 (*salt_p)[i] = 0; 807 # ifdef CHARSET_EBCDIC 808 /* The password encryption function will convert back to ASCII */ 809 ascii2ebcdic(*salt_p, *salt_p, saltlen); 810 # endif 811 } 812 813 assert(*salt_p != NULL); 814 815 /* truncate password if necessary */ 816 if ((strlen(passwd) > pw_maxlen)) { 817 if (!quiet) 818 /* 819 * XXX: really we should know how to print a size_t, not cast it 820 */ 821 BIO_printf(bio_err, 822 "Warning: truncating password to %u characters\n", 823 (unsigned)pw_maxlen); 824 passwd[pw_maxlen] = 0; 825 } 826 assert(strlen(passwd) <= pw_maxlen); 827 828 /* now compute password hash */ 829 if (mode == passwd_md5 || mode == passwd_apr1) 830 hash = md5crypt(passwd, (mode == passwd_md5 ? "1" : "apr1"), *salt_p); 831 if (mode == passwd_aixmd5) 832 hash = md5crypt(passwd, "", *salt_p); 833 if (mode == passwd_sha256 || mode == passwd_sha512) 834 hash = shacrypt(passwd, (mode == passwd_sha256 ? "5" : "6"), *salt_p); 835 assert(hash != NULL); 836 837 if (table && !reverse) 838 BIO_printf(out, "%s\t%s\n", passwd, hash); 839 else if (table && reverse) 840 BIO_printf(out, "%s\t%s\n", hash, passwd); 841 else 842 BIO_printf(out, "%s\n", hash); 843 return 1; 844 845 end: 846 return 0; 847 } 848