Updating lib/libcrypt
Change-Id: I4dc5ca7c86abc5295ffc57386a14dd1d790fd489
This commit is contained in:
parent
e8235bc09a
commit
f5435c74b7
|
@ -1,8 +1,6 @@
|
||||||
# $NetBSD: Makefile,v 1.24 2012/08/10 04:30:47 joerg Exp $
|
# $NetBSD: Makefile,v 1.24 2012/08/10 04:30:47 joerg Exp $
|
||||||
|
|
||||||
USE_SHLIBDIR= yes
|
USE_SHLIBDIR= yes
|
||||||
#LSC MINIX Until the library gets updated
|
|
||||||
NOGCCERROR=yes
|
|
||||||
|
|
||||||
LIB= crypt
|
LIB= crypt
|
||||||
|
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
/* $NetBSD: bcrypt.c,v 1.9 2006/10/27 19:39:11 drochner Exp $ */
|
/* $NetBSD: bcrypt.c,v 1.17 2012/08/30 12:16:49 drochner Exp $ */
|
||||||
/* $OpenBSD: bcrypt.c,v 1.16 2002/02/19 19:39:36 millert Exp $ */
|
/* $OpenBSD: bcrypt.c,v 1.16 2002/02/19 19:39:36 millert Exp $ */
|
||||||
|
|
||||||
/*
|
/*
|
||||||
|
@ -46,7 +46,7 @@
|
||||||
*
|
*
|
||||||
*/
|
*/
|
||||||
#include <sys/cdefs.h>
|
#include <sys/cdefs.h>
|
||||||
__RCSID("$NetBSD: bcrypt.c,v 1.9 2006/10/27 19:39:11 drochner Exp $");
|
__RCSID("$NetBSD: bcrypt.c,v 1.17 2012/08/30 12:16:49 drochner Exp $");
|
||||||
|
|
||||||
#include <stdio.h>
|
#include <stdio.h>
|
||||||
#include <stdlib.h>
|
#include <stdlib.h>
|
||||||
|
@ -66,7 +66,7 @@ __RCSID("$NetBSD: bcrypt.c,v 1.9 2006/10/27 19:39:11 drochner Exp $");
|
||||||
|
|
||||||
#define BCRYPT_VERSION '2'
|
#define BCRYPT_VERSION '2'
|
||||||
#define BCRYPT_MAXSALT 16 /* Precomputation is just so nice */
|
#define BCRYPT_MAXSALT 16 /* Precomputation is just so nice */
|
||||||
#define BCRYPT_MAXSALTLEN (BCRYPT_MAXSALT * 4 / 3 + 1)
|
#define BCRYPT_MAXSALTLEN (7 + (BCRYPT_MAXSALT * 4 + 2) / 3 + 1)
|
||||||
#define BCRYPT_BLOCKS 6 /* Ciphertext blocks */
|
#define BCRYPT_BLOCKS 6 /* Ciphertext blocks */
|
||||||
#define BCRYPT_MINROUNDS 16 /* we have log2(rounds) in salt */
|
#define BCRYPT_MINROUNDS 16 /* we have log2(rounds) in salt */
|
||||||
|
|
||||||
|
@ -77,7 +77,6 @@ static void decode_base64(u_int8_t *, u_int16_t, const u_int8_t *);
|
||||||
char *__bcrypt(const char *, const char *); /* XXX */
|
char *__bcrypt(const char *, const char *); /* XXX */
|
||||||
|
|
||||||
static char encrypted[_PASSWORD_LEN];
|
static char encrypted[_PASSWORD_LEN];
|
||||||
static char error[] = ":";
|
|
||||||
|
|
||||||
static const u_int8_t Base64Code[] =
|
static const u_int8_t Base64Code[] =
|
||||||
"./ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789";
|
"./ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789";
|
||||||
|
@ -175,13 +174,10 @@ __gensalt_blowfish(char *salt, size_t saltlen, const char *option)
|
||||||
if (errno == ERANGE && nrounds == ULONG_MAX)
|
if (errno == ERANGE && nrounds == ULONG_MAX)
|
||||||
return -1;
|
return -1;
|
||||||
|
|
||||||
if (nrounds > 255) {
|
|
||||||
errno = EINVAL;
|
|
||||||
return -1;
|
|
||||||
}
|
|
||||||
|
|
||||||
if (nrounds < 4)
|
if (nrounds < 4)
|
||||||
nrounds = 4;
|
nrounds = 4;
|
||||||
|
else if (nrounds > 31)
|
||||||
|
nrounds = 31;
|
||||||
|
|
||||||
for (i = 0; i < BCRYPT_MAXSALT; i++) {
|
for (i = 0; i < BCRYPT_MAXSALT; i++) {
|
||||||
if (i % 4 == 0)
|
if (i % 4 == 0)
|
||||||
|
@ -214,9 +210,7 @@ bcrypt_gensalt(u_int8_t log_rounds)
|
||||||
i.e. $2$04$iwouldntknowwhattosayetKdJ6iFtacBqJdKe6aW7ou */
|
i.e. $2$04$iwouldntknowwhattosayetKdJ6iFtacBqJdKe6aW7ou */
|
||||||
|
|
||||||
char *
|
char *
|
||||||
__bcrypt(key, salt)
|
__bcrypt(const char *key, const char *salt)
|
||||||
const char *key;
|
|
||||||
const char *salt;
|
|
||||||
{
|
{
|
||||||
blf_ctx state;
|
blf_ctx state;
|
||||||
u_int32_t rounds, i, k;
|
u_int32_t rounds, i, k;
|
||||||
|
@ -225,26 +219,26 @@ __bcrypt(key, salt)
|
||||||
u_int8_t ciphertext[4 * BCRYPT_BLOCKS] = "OrpheanBeholderScryDoubt";
|
u_int8_t ciphertext[4 * BCRYPT_BLOCKS] = "OrpheanBeholderScryDoubt";
|
||||||
u_int8_t csalt[BCRYPT_MAXSALT];
|
u_int8_t csalt[BCRYPT_MAXSALT];
|
||||||
u_int32_t cdata[BCRYPT_BLOCKS];
|
u_int32_t cdata[BCRYPT_BLOCKS];
|
||||||
|
int n;
|
||||||
|
size_t len;
|
||||||
|
|
||||||
/* Discard "$" identifier */
|
/* Discard "$" identifier */
|
||||||
salt++;
|
salt++;
|
||||||
|
|
||||||
if (*salt > BCRYPT_VERSION) {
|
if (*salt > BCRYPT_VERSION)
|
||||||
/* How do I handle errors ? Return ':' */
|
return NULL;
|
||||||
return error;
|
|
||||||
}
|
|
||||||
|
|
||||||
/* Check for minor versions */
|
/* Check for minor versions */
|
||||||
if (salt[1] != '$') {
|
if (salt[1] != '$') {
|
||||||
switch (salt[1]) {
|
switch (salt[1]) {
|
||||||
case 'a':
|
case 'a':
|
||||||
/* 'ab' should not yield the same as 'abab' */
|
/* 'ab' should not yield the same as 'abab' */
|
||||||
minor = salt[1];
|
minor = salt[1];
|
||||||
salt++;
|
salt++;
|
||||||
break;
|
break;
|
||||||
default:
|
default:
|
||||||
return error;
|
return NULL;
|
||||||
}
|
}
|
||||||
} else
|
} else
|
||||||
minor = 0;
|
minor = 0;
|
||||||
|
|
||||||
|
@ -253,22 +247,31 @@ __bcrypt(key, salt)
|
||||||
|
|
||||||
if (salt[2] != '$')
|
if (salt[2] != '$')
|
||||||
/* Out of sync with passwd entry */
|
/* Out of sync with passwd entry */
|
||||||
return error;
|
return NULL;
|
||||||
|
|
||||||
/* Computer power doesn't increase linear, 2^x should be fine */
|
/* Computer power doesn't increase linear, 2^x should be fine */
|
||||||
if ((rounds = (u_int32_t) 1 << (logr = atoi(salt))) < BCRYPT_MINROUNDS)
|
n = atoi(salt);
|
||||||
return error;
|
if (n > 31 || n < 0)
|
||||||
|
return NULL;
|
||||||
|
logr = (u_int8_t)n;
|
||||||
|
if ((rounds = (u_int32_t) 1 << logr) < BCRYPT_MINROUNDS)
|
||||||
|
return NULL;
|
||||||
|
|
||||||
/* Discard num rounds + "$" identifier */
|
/* Discard num rounds + "$" identifier */
|
||||||
salt += 3;
|
salt += 3;
|
||||||
|
|
||||||
if (strlen(salt) * 3 / 4 < BCRYPT_MAXSALT)
|
if (strlen(salt) * 3 / 4 < BCRYPT_MAXSALT)
|
||||||
return error;
|
return NULL;
|
||||||
|
|
||||||
/* We dont want the base64 salt but the raw data */
|
/* We dont want the base64 salt but the raw data */
|
||||||
decode_base64(csalt, BCRYPT_MAXSALT, (const u_int8_t *)salt);
|
decode_base64(csalt, BCRYPT_MAXSALT, (const u_int8_t *)salt);
|
||||||
salt_len = BCRYPT_MAXSALT;
|
salt_len = BCRYPT_MAXSALT;
|
||||||
key_len = strlen(key) + (minor >= 'a' ? 1 : 0);
|
len = strlen(key);
|
||||||
|
if (len > 72)
|
||||||
|
key_len = 72;
|
||||||
|
else
|
||||||
|
key_len = (uint8_t)len;
|
||||||
|
key_len += minor >= 'a' ? 1 : 0;
|
||||||
|
|
||||||
/* Setting up S-Boxes and Subkeys */
|
/* Setting up S-Boxes and Subkeys */
|
||||||
Blowfish_initstate(&state);
|
Blowfish_initstate(&state);
|
||||||
|
@ -311,6 +314,7 @@ __bcrypt(key, salt)
|
||||||
encode_base64((u_int8_t *) encrypted + i + 3, csalt, BCRYPT_MAXSALT);
|
encode_base64((u_int8_t *) encrypted + i + 3, csalt, BCRYPT_MAXSALT);
|
||||||
encode_base64((u_int8_t *) encrypted + strlen(encrypted), ciphertext,
|
encode_base64((u_int8_t *) encrypted + strlen(encrypted), ciphertext,
|
||||||
4 * BCRYPT_BLOCKS - 1);
|
4 * BCRYPT_BLOCKS - 1);
|
||||||
|
__explicit_bzero(&state, sizeof(state));
|
||||||
return encrypted;
|
return encrypted;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
/* $NetBSD: crypt-sha1.c,v 1.3 2006/10/27 18:22:56 drochner Exp $ */
|
/* $NetBSD: crypt-sha1.c,v 1.5 2012/08/30 12:16:49 drochner Exp $ */
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Copyright (c) 2004, Juniper Networks, Inc.
|
* Copyright (c) 2004, Juniper Networks, Inc.
|
||||||
|
@ -31,7 +31,7 @@
|
||||||
|
|
||||||
#include <sys/cdefs.h>
|
#include <sys/cdefs.h>
|
||||||
#if !defined(lint)
|
#if !defined(lint)
|
||||||
__RCSID("$NetBSD: crypt-sha1.c,v 1.3 2006/10/27 18:22:56 drochner Exp $");
|
__RCSID("$NetBSD: crypt-sha1.c,v 1.5 2012/08/30 12:16:49 drochner Exp $");
|
||||||
#endif /* not lint */
|
#endif /* not lint */
|
||||||
|
|
||||||
#include <stdlib.h>
|
#include <stdlib.h>
|
||||||
|
@ -122,7 +122,7 @@ __crypt_sha1 (const char *pw, const char *salt)
|
||||||
static unsigned char hmac_buf[SHA1_SIZE];
|
static unsigned char hmac_buf[SHA1_SIZE];
|
||||||
static char passwd[(2 * sizeof(SHA1_MAGIC)) +
|
static char passwd[(2 * sizeof(SHA1_MAGIC)) +
|
||||||
CRYPT_SHA1_SALT_LENGTH + SHA1_SIZE];
|
CRYPT_SHA1_SALT_LENGTH + SHA1_SIZE];
|
||||||
char *sp;
|
const char *sp;
|
||||||
char *ep;
|
char *ep;
|
||||||
unsigned long ul;
|
unsigned long ul;
|
||||||
int sl;
|
int sl;
|
||||||
|
@ -136,26 +136,25 @@ __crypt_sha1 (const char *pw, const char *salt)
|
||||||
* $<tag>$<iterations>$salt[$]
|
* $<tag>$<iterations>$salt[$]
|
||||||
* If it does not start with $ we use our default iterations.
|
* If it does not start with $ we use our default iterations.
|
||||||
*/
|
*/
|
||||||
sp = __UNCONST(salt);
|
|
||||||
|
|
||||||
/* If it starts with the magic string, then skip that */
|
/* If it starts with the magic string, then skip that */
|
||||||
if (!strncmp(sp, magic, strlen(magic))) {
|
if (!strncmp(salt, magic, strlen(magic))) {
|
||||||
sp += strlen(magic);
|
salt += strlen(magic);
|
||||||
/* and get the iteration count */
|
/* and get the iteration count */
|
||||||
iterations = strtoul(sp, &ep, 10);
|
iterations = strtoul(salt, &ep, 10);
|
||||||
if (*ep != '$')
|
if (*ep != '$')
|
||||||
return NULL; /* invalid input */
|
return NULL; /* invalid input */
|
||||||
sp = ep + 1; /* skip over the '$' */
|
salt = ep + 1; /* skip over the '$' */
|
||||||
} else {
|
} else {
|
||||||
iterations = __crypt_sha1_iterations(0);
|
iterations = __crypt_sha1_iterations(0);
|
||||||
}
|
}
|
||||||
|
|
||||||
/* It stops at the next '$', max CRYPT_SHA1_ITERATIONS chars */
|
/* It stops at the next '$', max CRYPT_SHA1_ITERATIONS chars */
|
||||||
for (ep = sp; *ep && *ep != '$' && ep < (sp + CRYPT_SHA1_ITERATIONS); ep++)
|
for (sp = salt; *sp && *sp != '$' && sp < (salt + CRYPT_SHA1_ITERATIONS); sp++)
|
||||||
continue;
|
continue;
|
||||||
|
|
||||||
/* Get the length of the actual salt */
|
/* Get the length of the actual salt */
|
||||||
sl = ep - sp;
|
sl = sp - salt;
|
||||||
pl = strlen(pw);
|
pl = strlen(pw);
|
||||||
|
|
||||||
/*
|
/*
|
||||||
|
@ -163,18 +162,17 @@ __crypt_sha1 (const char *pw, const char *salt)
|
||||||
* Prime the pump with <salt><magic><iterations>
|
* Prime the pump with <salt><magic><iterations>
|
||||||
*/
|
*/
|
||||||
dl = snprintf(passwd, sizeof (passwd), "%.*s%s%u",
|
dl = snprintf(passwd, sizeof (passwd), "%.*s%s%u",
|
||||||
sl, sp, magic, iterations);
|
sl, salt, magic, iterations);
|
||||||
/*
|
/*
|
||||||
* Then hmac using <pw> as key, and repeat...
|
* Then hmac using <pw> as key, and repeat...
|
||||||
*/
|
*/
|
||||||
ep = __UNCONST(pw); /* keep gcc happy */
|
__hmac_sha1(passwd, dl, pw, pl, hmac_buf);
|
||||||
__hmac_sha1(passwd, dl, ep, pl, hmac_buf);
|
|
||||||
for (i = 1; i < iterations; i++) {
|
for (i = 1; i < iterations; i++) {
|
||||||
__hmac_sha1(hmac_buf, SHA1_SIZE, ep, pl, hmac_buf);
|
__hmac_sha1(hmac_buf, SHA1_SIZE, pw, pl, hmac_buf);
|
||||||
}
|
}
|
||||||
/* Now output... */
|
/* Now output... */
|
||||||
pl = snprintf(passwd, sizeof(passwd), "%s%u$%.*s$",
|
pl = snprintf(passwd, sizeof(passwd), "%s%u$%.*s$",
|
||||||
magic, iterations, sl, sp);
|
magic, iterations, sl, salt);
|
||||||
ep = passwd + pl;
|
ep = passwd + pl;
|
||||||
|
|
||||||
/* Every 3 bytes of hash gives 24 bits which is 4 base64 chars */
|
/* Every 3 bytes of hash gives 24 bits which is 4 base64 chars */
|
||||||
|
@ -192,7 +190,7 @@ __crypt_sha1 (const char *pw, const char *salt)
|
||||||
*ep = '\0';
|
*ep = '\0';
|
||||||
|
|
||||||
/* Don't leave anything around in vm they could use. */
|
/* Don't leave anything around in vm they could use. */
|
||||||
memset(hmac_buf, 0, sizeof hmac_buf);
|
__explicit_bzero(hmac_buf, sizeof hmac_buf);
|
||||||
|
|
||||||
return passwd;
|
return passwd;
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
.\" $NetBSD: crypt.3,v 1.20 2005/09/05 03:37:15 hubertf Exp $
|
.\" $NetBSD: crypt.3,v 1.27 2012/03/23 18:08:35 njoly Exp $
|
||||||
.\"
|
.\"
|
||||||
.\" Copyright (c) 1989, 1991, 1993
|
.\" Copyright (c) 1989, 1991, 1993
|
||||||
.\" The Regents of the University of California. All rights reserved.
|
.\" The Regents of the University of California. All rights reserved.
|
||||||
|
@ -29,7 +29,7 @@
|
||||||
.\"
|
.\"
|
||||||
.\" @(#)crypt.3 8.2 (Berkeley) 12/11/93
|
.\" @(#)crypt.3 8.2 (Berkeley) 12/11/93
|
||||||
.\"
|
.\"
|
||||||
.Dd September 4, 2005
|
.Dd January 1, 2012
|
||||||
.Dt CRYPT 3
|
.Dt CRYPT 3
|
||||||
.Os
|
.Os
|
||||||
.Sh NAME
|
.Sh NAME
|
||||||
|
@ -43,8 +43,8 @@
|
||||||
.Lb libcrypt
|
.Lb libcrypt
|
||||||
.Sh SYNOPSIS
|
.Sh SYNOPSIS
|
||||||
.In unistd.h
|
.In unistd.h
|
||||||
.Ft char
|
.Ft "char *"
|
||||||
.Fn *crypt "const char *key" "const char *setting"
|
.Fn crypt "const char *key" "const char *setting"
|
||||||
.Ft int
|
.Ft int
|
||||||
.Fn encrypt "char *block" "int flag"
|
.Fn encrypt "char *block" "int flag"
|
||||||
.Ft int
|
.Ft int
|
||||||
|
@ -137,7 +137,7 @@ of the
|
||||||
followed by the encoded 64-bit encryption.
|
followed by the encoded 64-bit encryption.
|
||||||
.Pp
|
.Pp
|
||||||
For compatibility with historical versions of
|
For compatibility with historical versions of
|
||||||
.Xr crypt 3 ,
|
.Fn crypt ,
|
||||||
the
|
the
|
||||||
.Ar setting
|
.Ar setting
|
||||||
may consist of 2 bytes of salt, encoded as above, in which case an
|
may consist of 2 bytes of salt, encoded as above, in which case an
|
||||||
|
@ -244,7 +244,9 @@ for interpretation.
|
||||||
.Ss "Blowfish" crypt
|
.Ss "Blowfish" crypt
|
||||||
The
|
The
|
||||||
.Tn Blowfish
|
.Tn Blowfish
|
||||||
version of crypt has 128 bits of
|
version of
|
||||||
|
.Fn crypt
|
||||||
|
has 128 bits of
|
||||||
.Fa salt
|
.Fa salt
|
||||||
in order to make building dictionaries of common passwords space consuming.
|
in order to make building dictionaries of common passwords space consuming.
|
||||||
The initial state of the
|
The initial state of the
|
||||||
|
@ -281,7 +283,49 @@ for interpretation.
|
||||||
.Sh RETURN VALUES
|
.Sh RETURN VALUES
|
||||||
The function
|
The function
|
||||||
.Fn crypt
|
.Fn crypt
|
||||||
returns a pointer to the encrypted value on success and NULL on failure.
|
returns a pointer to the encrypted value on success.
|
||||||
|
.Pp
|
||||||
|
The behavior of
|
||||||
|
.Fn crypt
|
||||||
|
on errors isn't well standardized.
|
||||||
|
Some implementations simply can't fail (unless the process dies, in which
|
||||||
|
case they obviously can't return), others return
|
||||||
|
.Dv NULL
|
||||||
|
or a fixed string.
|
||||||
|
Most implementations don't set
|
||||||
|
.Va errno ,
|
||||||
|
but some do.
|
||||||
|
.St -susv2
|
||||||
|
specifies
|
||||||
|
only returning
|
||||||
|
.Dv NULL
|
||||||
|
and setting
|
||||||
|
.Va errno
|
||||||
|
as a valid behavior, and defines
|
||||||
|
only one possible error
|
||||||
|
.Er ( ENOSYS ,
|
||||||
|
.Dq "The functionality is not supported on this implementation." )
|
||||||
|
Unfortunately, most existing applications aren't prepared to handle
|
||||||
|
.Dv NULL
|
||||||
|
returns from
|
||||||
|
.Fn crypt .
|
||||||
|
The description below corresponds to this implementation of
|
||||||
|
.Fn crypt
|
||||||
|
only.
|
||||||
|
The behavior may change to match standards, other implementations or existing
|
||||||
|
applications.
|
||||||
|
.Pp
|
||||||
|
.Fn crypt
|
||||||
|
may only fail (and return) when passed an invalid or unsupported
|
||||||
|
.Fa setting ,
|
||||||
|
in which case it returns a pointer to a magic string that is shorter than 13
|
||||||
|
characters and is guaranteed to differ from
|
||||||
|
.Fa setting .
|
||||||
|
This behavior is safe for older applications which assume that
|
||||||
|
.Fn crypt
|
||||||
|
can't fail, when both setting new passwords and authenticating against
|
||||||
|
existing password hashes.
|
||||||
|
.Pp
|
||||||
The functions
|
The functions
|
||||||
.Fn setkey ,
|
.Fn setkey ,
|
||||||
.Fn encrypt ,
|
.Fn encrypt ,
|
||||||
|
@ -352,3 +396,12 @@ a pointer to that object.
|
||||||
Subsequent calls to
|
Subsequent calls to
|
||||||
.Fn crypt
|
.Fn crypt
|
||||||
will modify the same object.
|
will modify the same object.
|
||||||
|
.Pp
|
||||||
|
Before
|
||||||
|
.Nx 6.0
|
||||||
|
.Fn crypt
|
||||||
|
returned either
|
||||||
|
.Dv NULL
|
||||||
|
or
|
||||||
|
.Dv \&:
|
||||||
|
on error.
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
/* $NetBSD: crypt.c,v 1.28 2009/05/01 00:28:17 perry Exp $ */
|
/* $NetBSD: crypt.c,v 1.33 2011/12/28 03:13:09 christos Exp $ */
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Copyright (c) 1989, 1993
|
* Copyright (c) 1989, 1993
|
||||||
|
@ -37,7 +37,7 @@
|
||||||
#if 0
|
#if 0
|
||||||
static char sccsid[] = "@(#)crypt.c 8.1.1.1 (Berkeley) 8/18/93";
|
static char sccsid[] = "@(#)crypt.c 8.1.1.1 (Berkeley) 8/18/93";
|
||||||
#else
|
#else
|
||||||
__RCSID("$NetBSD: crypt.c,v 1.28 2009/05/01 00:28:17 perry Exp $");
|
__RCSID("$NetBSD: crypt.c,v 1.33 2011/12/28 03:13:09 christos Exp $");
|
||||||
#endif
|
#endif
|
||||||
#endif /* not lint */
|
#endif /* not lint */
|
||||||
|
|
||||||
|
@ -445,8 +445,6 @@ static const unsigned char itoa64[] = /* 0..63 => ascii-64 */
|
||||||
/* ===== Tables that are initialized at run time ==================== */
|
/* ===== Tables that are initialized at run time ==================== */
|
||||||
|
|
||||||
|
|
||||||
static unsigned char a64toi[128]; /* ascii-64 => 0..63 */
|
|
||||||
|
|
||||||
/* Initial key schedule permutation */
|
/* Initial key schedule permutation */
|
||||||
static C_block PC1ROT[64/CHUNKBITS][1<<CHUNKBITS];
|
static C_block PC1ROT[64/CHUNKBITS][1<<CHUNKBITS];
|
||||||
|
|
||||||
|
@ -469,13 +467,42 @@ static C_block CF6464[64/CHUNKBITS][1<<CHUNKBITS];
|
||||||
static C_block constdatablock; /* encryption constant */
|
static C_block constdatablock; /* encryption constant */
|
||||||
static char cryptresult[1+4+4+11+1]; /* encrypted result */
|
static char cryptresult[1+4+4+11+1]; /* encrypted result */
|
||||||
|
|
||||||
|
/*
|
||||||
|
* We match the behavior of UFC-crypt on systems where "char" is signed by
|
||||||
|
* default (the majority), regardless of char's signedness on our system.
|
||||||
|
*/
|
||||||
|
static inline int
|
||||||
|
ascii_to_bin(char ch)
|
||||||
|
{
|
||||||
|
signed char sch = ch;
|
||||||
|
int retval;
|
||||||
|
|
||||||
|
if (sch >= 'a')
|
||||||
|
retval = sch - ('a' - 38);
|
||||||
|
else if (sch >= 'A')
|
||||||
|
retval = sch - ('A' - 12);
|
||||||
|
else
|
||||||
|
retval = sch - '.';
|
||||||
|
|
||||||
|
return retval & 0x3f;
|
||||||
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
* When we choose to "support" invalid salts, nevertheless disallow those
|
||||||
|
* containing characters that would violate the passwd file format.
|
||||||
|
*/
|
||||||
|
static inline int
|
||||||
|
ascii_is_unsafe(char ch)
|
||||||
|
{
|
||||||
|
return !ch || ch == '\n' || ch == ':';
|
||||||
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Return a pointer to static data consisting of the "setting"
|
* Return a pointer to static data consisting of the "setting"
|
||||||
* followed by an encryption produced by the "key" and "setting".
|
* followed by an encryption produced by the "key" and "setting".
|
||||||
*/
|
*/
|
||||||
char *
|
static char *
|
||||||
crypt(const char *key, const char *setting)
|
__crypt(const char *key, const char *setting)
|
||||||
{
|
{
|
||||||
char *encp;
|
char *encp;
|
||||||
int32_t i;
|
int32_t i;
|
||||||
|
@ -502,7 +529,7 @@ crypt(const char *key, const char *setting)
|
||||||
key++;
|
key++;
|
||||||
keyblock.b[i] = t;
|
keyblock.b[i] = t;
|
||||||
}
|
}
|
||||||
if (des_setkey((char *)keyblock.b)) /* also initializes "a64toi" */
|
if (des_setkey((char *)keyblock.b))
|
||||||
return (NULL);
|
return (NULL);
|
||||||
|
|
||||||
encp = &cryptresult[0];
|
encp = &cryptresult[0];
|
||||||
|
@ -529,11 +556,14 @@ crypt(const char *key, const char *setting)
|
||||||
/* get iteration count */
|
/* get iteration count */
|
||||||
num_iter = 0;
|
num_iter = 0;
|
||||||
for (i = 4; --i >= 0; ) {
|
for (i = 4; --i >= 0; ) {
|
||||||
if ((t = (unsigned char)setting[i]) == '\0')
|
int value = ascii_to_bin(setting[i]);
|
||||||
t = '.';
|
if (itoa64[value] != setting[i])
|
||||||
encp[i] = t;
|
return NULL;
|
||||||
num_iter = (num_iter<<6) | a64toi[t];
|
encp[i] = setting[i];
|
||||||
|
num_iter = (num_iter << 6) | value;
|
||||||
}
|
}
|
||||||
|
if (num_iter == 0)
|
||||||
|
return NULL;
|
||||||
setting += 4;
|
setting += 4;
|
||||||
encp += 4;
|
encp += 4;
|
||||||
salt_size = 4;
|
salt_size = 4;
|
||||||
|
@ -541,14 +571,17 @@ crypt(const char *key, const char *setting)
|
||||||
default:
|
default:
|
||||||
num_iter = 25;
|
num_iter = 25;
|
||||||
salt_size = 2;
|
salt_size = 2;
|
||||||
|
if (ascii_is_unsafe(setting[0]) || ascii_is_unsafe(setting[1]))
|
||||||
|
return NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
salt = 0;
|
salt = 0;
|
||||||
for (i = salt_size; --i >= 0; ) {
|
for (i = salt_size; --i >= 0; ) {
|
||||||
if ((t = (unsigned char)setting[i]) == '\0')
|
int value = ascii_to_bin(setting[i]);
|
||||||
t = '.';
|
if (salt_size > 2 && itoa64[value] != setting[i])
|
||||||
encp[i] = t;
|
return NULL;
|
||||||
salt = (salt<<6) | a64toi[t];
|
encp[i] = setting[i];
|
||||||
|
salt = (salt << 6) | value;
|
||||||
}
|
}
|
||||||
encp += salt_size;
|
encp += salt_size;
|
||||||
if (des_cipher((char *)(void *)&constdatablock,
|
if (des_cipher((char *)(void *)&constdatablock,
|
||||||
|
@ -580,6 +613,15 @@ crypt(const char *key, const char *setting)
|
||||||
return (cryptresult);
|
return (cryptresult);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
char *
|
||||||
|
crypt(const char *key, const char *salt)
|
||||||
|
{
|
||||||
|
char *res = __crypt(key, salt);
|
||||||
|
if (res)
|
||||||
|
return res;
|
||||||
|
/* How do I handle errors ? Return "*0" or "*1" */
|
||||||
|
return __UNCONST(salt[0] == '*' && salt[1] == '0' ? "*1" : "*0");
|
||||||
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* The Key Schedule, filled in by des_setkey() or setkey().
|
* The Key Schedule, filled in by des_setkey() or setkey().
|
||||||
|
@ -750,12 +792,6 @@ init_des(void)
|
||||||
int tableno;
|
int tableno;
|
||||||
static unsigned char perm[64], tmp32[32]; /* "static" for speed */
|
static unsigned char perm[64], tmp32[32]; /* "static" for speed */
|
||||||
|
|
||||||
/*
|
|
||||||
* table that converts chars "./0-9A-Za-z"to integers 0-63.
|
|
||||||
*/
|
|
||||||
for (i = 0; i < 64; i++)
|
|
||||||
a64toi[itoa64[i]] = i;
|
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* PC1ROT - bit reverse, then PC1, then Rotate, then PC2.
|
* PC1ROT - bit reverse, then PC1, then Rotate, then PC2.
|
||||||
*/
|
*/
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
/* $NetBSD: hmac.c,v 1.2 2009/01/18 12:15:27 lukem Exp $ */
|
/* $NetBSD: hmac.c,v 1.3 2011/05/16 10:39:12 drochner Exp $ */
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Copyright (c) 2004, Juniper Networks, Inc.
|
* Copyright (c) 2004, Juniper Networks, Inc.
|
||||||
|
@ -42,7 +42,7 @@
|
||||||
*/
|
*/
|
||||||
#include <sys/cdefs.h>
|
#include <sys/cdefs.h>
|
||||||
#if !defined(lint)
|
#if !defined(lint)
|
||||||
__RCSID("$NetBSD: hmac.c,v 1.2 2009/01/18 12:15:27 lukem Exp $");
|
__RCSID("$NetBSD: hmac.c,v 1.3 2011/05/16 10:39:12 drochner Exp $");
|
||||||
#endif /* not lint */
|
#endif /* not lint */
|
||||||
|
|
||||||
#include <stdlib.h>
|
#include <stdlib.h>
|
||||||
|
@ -70,9 +70,9 @@ HMAC_FUNC (const unsigned char *text, size_t text_len,
|
||||||
{
|
{
|
||||||
HASH_CTX context;
|
HASH_CTX context;
|
||||||
/* Inner padding key XOR'd with ipad */
|
/* Inner padding key XOR'd with ipad */
|
||||||
unsigned char k_ipad[HMAC_BLOCKSZ + 1];
|
unsigned char k_ipad[HMAC_BLOCKSZ];
|
||||||
/* Outer padding key XOR'd with opad */
|
/* Outer padding key XOR'd with opad */
|
||||||
unsigned char k_opad[HMAC_BLOCKSZ + 1];
|
unsigned char k_opad[HMAC_BLOCKSZ];
|
||||||
/* HASH(key) if needed */
|
/* HASH(key) if needed */
|
||||||
unsigned char tk[HASH_LENGTH];
|
unsigned char tk[HASH_LENGTH];
|
||||||
size_t i;
|
size_t i;
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
/* $NetBSD: md5crypt.c,v 1.9 2007/01/17 23:24:22 hubertf Exp $ */
|
/* $NetBSD: md5crypt.c,v 1.12 2012/08/30 12:16:49 drochner Exp $ */
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* ----------------------------------------------------------------------------
|
* ----------------------------------------------------------------------------
|
||||||
|
@ -15,38 +15,22 @@
|
||||||
|
|
||||||
#include <sys/cdefs.h>
|
#include <sys/cdefs.h>
|
||||||
#if !defined(lint)
|
#if !defined(lint)
|
||||||
__RCSID("$NetBSD: md5crypt.c,v 1.9 2007/01/17 23:24:22 hubertf Exp $");
|
__RCSID("$NetBSD: md5crypt.c,v 1.12 2012/08/30 12:16:49 drochner Exp $");
|
||||||
#endif /* not lint */
|
#endif /* not lint */
|
||||||
|
|
||||||
/*
|
|
||||||
* NOTE: We are also built for inclusion in libcrypto; when built for that
|
|
||||||
* environment, use the libcrypto versions of the MD5 routines, so save
|
|
||||||
* having to pull two versions into the same program.
|
|
||||||
*/
|
|
||||||
|
|
||||||
#include <unistd.h>
|
#include <unistd.h>
|
||||||
#include <stdio.h>
|
#include <stdio.h>
|
||||||
#include <string.h>
|
#include <string.h>
|
||||||
#ifdef libcrypto
|
|
||||||
#include <openssl/md5.h>
|
|
||||||
#else
|
|
||||||
#include <md5.h>
|
#include <md5.h>
|
||||||
#endif
|
|
||||||
|
|
||||||
#include "crypt.h"
|
#include "crypt.h"
|
||||||
|
|
||||||
#define MD5_MAGIC "$1$"
|
#define MD5_MAGIC "$1$"
|
||||||
#define MD5_MAGIC_LEN 3
|
#define MD5_MAGIC_LEN 3
|
||||||
|
|
||||||
#ifdef libcrypto
|
|
||||||
#define INIT(x) MD5_Init((x))
|
|
||||||
#define UPDATE(x, b, l) MD5_Update((x), (b), (l))
|
|
||||||
#define FINAL(v, x) MD5_Final((v), (x))
|
|
||||||
#else
|
|
||||||
#define INIT(x) MD5Init((x))
|
#define INIT(x) MD5Init((x))
|
||||||
#define UPDATE(x, b, l) MD5Update((x), (b), (l))
|
#define UPDATE(x, b, l) MD5Update((x), (b), (l))
|
||||||
#define FINAL(v, x) MD5Final((v), (x))
|
#define FINAL(v, x) MD5Final((v), (x))
|
||||||
#endif
|
|
||||||
|
|
||||||
|
|
||||||
/*
|
/*
|
||||||
|
@ -117,6 +101,8 @@ __md5crypt(const char *pw, const char *salt)
|
||||||
|
|
||||||
FINAL(final, &ctx);
|
FINAL(final, &ctx);
|
||||||
|
|
||||||
|
/* memset(&ctx, 0, sizeof(ctx)); done by MD5Final() */
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* And now, just to make sure things don't run too fast. On a 60 MHz
|
* And now, just to make sure things don't run too fast. On a 60 MHz
|
||||||
* Pentium this takes 34 msec, so you would need 30 seconds to build
|
* Pentium this takes 34 msec, so you would need 30 seconds to build
|
||||||
|
@ -144,6 +130,8 @@ __md5crypt(const char *pw, const char *salt)
|
||||||
FINAL(final, &ctx1);
|
FINAL(final, &ctx1);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/* memset(&ctx1, 0, sizeof(ctx1)); done by MD5Final() */
|
||||||
|
|
||||||
p = passwd + sl + MD5_MAGIC_LEN + 1;
|
p = passwd + sl + MD5_MAGIC_LEN + 1;
|
||||||
|
|
||||||
l = (final[ 0]<<16) | (final[ 6]<<8) | final[12]; __crypt_to64(p,l,4); p += 4;
|
l = (final[ 0]<<16) | (final[ 6]<<8) | final[12]; __crypt_to64(p,l,4); p += 4;
|
||||||
|
@ -155,6 +143,6 @@ __md5crypt(const char *pw, const char *salt)
|
||||||
*p = '\0';
|
*p = '\0';
|
||||||
|
|
||||||
/* Don't leave anything around in vm they could use. */
|
/* Don't leave anything around in vm they could use. */
|
||||||
memset(final, 0, sizeof(final));
|
__explicit_bzero(final, sizeof(final));
|
||||||
return (passwd);
|
return (passwd);
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,2 +1,5 @@
|
||||||
|
# $NetBSD: shlib_version,v 1.6 2009/01/11 03:07:47 christos Exp $
|
||||||
|
# Remember to update distrib/sets/lists/base/shl.* when changing
|
||||||
|
#
|
||||||
major=0
|
major=0
|
||||||
minor=0
|
minor=0
|
||||||
|
|
|
@ -55,7 +55,7 @@
|
||||||
2012/10/17 12:00:00,lib/csu
|
2012/10/17 12:00:00,lib/csu
|
||||||
2012/10/17 12:00:00,lib/libbz2
|
2012/10/17 12:00:00,lib/libbz2
|
||||||
2012/10/17 12:00:00,lib/libc
|
2012/10/17 12:00:00,lib/libc
|
||||||
2009/05/01 00:28:17,lib/libcrypt
|
2012/10/17 12:00:00,lib/libcrypt
|
||||||
2012/10/17 12:00:00,lib/libcurses
|
2012/10/17 12:00:00,lib/libcurses
|
||||||
2012/10/17 12:00:00,lib/libm
|
2012/10/17 12:00:00,lib/libm
|
||||||
2011/09/30 22:08:19,lib/libprop
|
2011/09/30 22:08:19,lib/libprop
|
||||||
|
|
Loading…
Reference in a new issue