Page MenuHomeFreeBSD
Files F148640704

D7306.id18732.diff
No OneTemporary
Actions

D7306.id18732.diff
View Options

Index: include/unistd.h
===================================================================
--- include/unistd.h
+++ include/unistd.h
@@ -484,11 +484,18 @@
#if __BSD_VISIBLE
struct timeval; /* select(2) */
+
+struct crypt_data {
+ int initialized; /* For compatibility with glibc. */
+ char __buf[256]; /* Buffer returned by crypt_r(). */
+};
+
int acct(const char *);
int async_daemon(void);
int check_utility_compat(const char *);
const char *
crypt_get_format(void);
+char *crypt_r(const char *, const char *, struct crypt_data *);
int crypt_set_format(const char *);
int des_cipher(const char *, char *, long, int);
int des_setkey(const char *key);
Index: lib/libcrypt/Makefile
===================================================================
--- lib/libcrypt/Makefile
+++ lib/libcrypt/Makefile
@@ -17,7 +17,8 @@
crypt-sha256.c sha256c.c \
crypt-sha512.c sha512c.c
MAN= crypt.3
-MLINKS= crypt.3 crypt_get_format.3 crypt.3 crypt_set_format.3
+MLINKS= crypt.3 crypt_get_format.3 crypt.3 crypt_r.3 \
+ crypt.3 crypt_set_format.3
CFLAGS+= -I${.CURDIR}/../libmd -I${.CURDIR}/../libutil \
-I${.CURDIR}/../../sys/crypto/sha2
Index: lib/libcrypt/crypt-md5.c
===================================================================
--- lib/libcrypt/crypt-md5.c
+++ lib/libcrypt/crypt-md5.c
@@ -41,31 +41,27 @@
* UNIX password
*/
-char *
-crypt_md5(const char *pw, const char *salt)
+int
+crypt_md5(const char *pw, const char *salt, char *buffer)
{
MD5_CTX ctx,ctx1;
unsigned long l;
int sl, pl;
u_int i;
u_char final[MD5_SIZE];
- static const char *sp, *ep;
- static char passwd[120], *p;
+ const char *ep;
static const char *magic = "$1$";
- /* Refine the Salt first */
- sp = salt;
-
- /* If it starts with the magic string, then skip that */
- if(!strncmp(sp, magic, strlen(magic)))
- sp += strlen(magic);
+ /* If the salt starts with the magic string, skip that. */
+ if (!strncmp(salt, magic, strlen(magic)))
+ salt += strlen(magic);
/* It stops at the first '$', max 8 chars */
- for(ep = sp; *ep && *ep != '$' && ep < (sp + 8); ep++)
+ for (ep = salt; *ep && *ep != '$' && ep < (salt + 8); ep++)
continue;
/* get the length of the true salt */
- sl = ep - sp;
+ sl = ep - salt;
MD5Init(&ctx);
@@ -76,12 +72,12 @@
MD5Update(&ctx, (const u_char *)magic, strlen(magic));
/* Then the raw salt */
- MD5Update(&ctx, (const u_char *)sp, (u_int)sl);
+ MD5Update(&ctx, (const u_char *)salt, (u_int)sl);
/* Then just as many characters of the MD5(pw,salt,pw) */
MD5Init(&ctx1);
MD5Update(&ctx1, (const u_char *)pw, strlen(pw));
- MD5Update(&ctx1, (const u_char *)sp, (u_int)sl);
+ MD5Update(&ctx1, (const u_char *)salt, (u_int)sl);
MD5Update(&ctx1, (const u_char *)pw, strlen(pw));
MD5Final(final, &ctx1);
for(pl = (int)strlen(pw); pl > 0; pl -= MD5_SIZE)
@@ -99,9 +95,9 @@
MD5Update(&ctx, (const u_char *)pw, 1);
/* Now make the output string */
- strcpy(passwd, magic);
- strncat(passwd, sp, (u_int)sl);
- strcat(passwd, "$");
+ buffer = stpcpy(buffer, magic);
+ buffer = stpncpy(buffer, salt, (u_int)sl);
+ *buffer++ = '$';
MD5Final(final, &ctx);
@@ -118,7 +114,7 @@
MD5Update(&ctx1, (const u_char *)final, MD5_SIZE);
if(i % 3)
- MD5Update(&ctx1, (const u_char *)sp, (u_int)sl);
+ MD5Update(&ctx1, (const u_char *)salt, (u_int)sl);
if(i % 7)
MD5Update(&ctx1, (const u_char *)pw, strlen(pw));
@@ -130,24 +126,22 @@
MD5Final(final, &ctx1);
}
- p = passwd + strlen(passwd);
-
l = (final[ 0]<<16) | (final[ 6]<<8) | final[12];
- _crypt_to64(p, l, 4); p += 4;
+ _crypt_to64(buffer, l, 4); buffer += 4;
l = (final[ 1]<<16) | (final[ 7]<<8) | final[13];
- _crypt_to64(p, l, 4); p += 4;
+ _crypt_to64(buffer, l, 4); buffer += 4;
l = (final[ 2]<<16) | (final[ 8]<<8) | final[14];
- _crypt_to64(p, l, 4); p += 4;
+ _crypt_to64(buffer, l, 4); buffer += 4;
l = (final[ 3]<<16) | (final[ 9]<<8) | final[15];
- _crypt_to64(p, l, 4); p += 4;
+ _crypt_to64(buffer, l, 4); buffer += 4;
l = (final[ 4]<<16) | (final[10]<<8) | final[ 5];
- _crypt_to64(p, l, 4); p += 4;
+ _crypt_to64(buffer, l, 4); buffer += 4;
l = final[11];
- _crypt_to64(p, l, 2); p += 2;
- *p = '\0';
+ _crypt_to64(buffer, l, 2); buffer += 2;
+ *buffer = '\0';
/* Don't leave anything around in vm they could use. */
memset(final, 0, sizeof(final));
- return (passwd);
+ return (0);
}
Index: lib/libcrypt/crypt-nthash.c
===================================================================
--- lib/libcrypt/crypt-nthash.c
+++ lib/libcrypt/crypt-nthash.c
@@ -46,14 +46,13 @@
*/
/* ARGSUSED */
-char *
-crypt_nthash(const char *pw, const char *salt __unused)
+int
+crypt_nthash(const char *pw, const char *salt __unused, char *buffer)
{
size_t unipwLen;
int i, j;
- static char hexconvtab[] = "0123456789abcdef";
+ static const char hexconvtab[] = "0123456789abcdef";
static const char *magic = "$3$";
- static char passwd[120];
u_int16_t unipw[128];
char final[MD4_SIZE*2 + 1];
u_char hash[MD4_SIZE];
@@ -77,12 +76,13 @@
}
final[j] = '\0';
- strcpy(passwd, magic);
- strcat(passwd, "$");
- strncat(passwd, final, MD4_SIZE*2);
+ buffer = stpcpy(buffer, magic);
+ *buffer++ = '$';
+ buffer = stpncpy(buffer, final, MD4_SIZE * 2);
+ *buffer = '\0';
/* Don't leave anything around in vm they could use. */
memset(final, 0, sizeof(final));
- return (passwd);
+ return (0);
}
Index: lib/libcrypt/crypt-sha256.c
===================================================================
--- lib/libcrypt/crypt-sha256.c
+++ lib/libcrypt/crypt-sha256.c
@@ -59,11 +59,10 @@
/* Maximum number of rounds. */
#define ROUNDS_MAX 999999999
-static char *
-crypt_sha256_r(const char *key, const char *salt, char *buffer, int buflen)
+int
+crypt_sha256(const char *key, const char *salt, char *buffer)
{
u_long srounds;
- int n;
uint8_t alt_result[32], temp_result[32];
SHA256_CTX ctx, alt_ctx;
size_t salt_len, key_len, cnt, rounds;
@@ -210,42 +209,27 @@
/* Now we can construct the result string. It consists of three
* parts. */
- cp = stpncpy(buffer, sha256_salt_prefix, MAX(0, buflen));
- buflen -= sizeof(sha256_salt_prefix) - 1;
+ cp = stpcpy(buffer, sha256_salt_prefix);
- if (rounds_custom) {
- n = snprintf(cp, MAX(0, buflen), "%s%zu$",
- sha256_rounds_prefix, rounds);
+ if (rounds_custom)
+ cp += sprintf(cp, "%s%zu$", sha256_rounds_prefix, rounds);
- cp += n;
- buflen -= n;
- }
+ cp = stpncpy(cp, salt, salt_len);
- cp = stpncpy(cp, salt, MIN((size_t)MAX(0, buflen), salt_len));
- buflen -= MIN((size_t)MAX(0, buflen), salt_len);
+ *cp++ = '$';
- if (buflen > 0) {
- *cp++ = '$';
- --buflen;
- }
-
- b64_from_24bit(alt_result[0], alt_result[10], alt_result[20], 4, &buflen, &cp);
- b64_from_24bit(alt_result[21], alt_result[1], alt_result[11], 4, &buflen, &cp);
- b64_from_24bit(alt_result[12], alt_result[22], alt_result[2], 4, &buflen, &cp);
- b64_from_24bit(alt_result[3], alt_result[13], alt_result[23], 4, &buflen, &cp);
- b64_from_24bit(alt_result[24], alt_result[4], alt_result[14], 4, &buflen, &cp);
- b64_from_24bit(alt_result[15], alt_result[25], alt_result[5], 4, &buflen, &cp);
- b64_from_24bit(alt_result[6], alt_result[16], alt_result[26], 4, &buflen, &cp);
- b64_from_24bit(alt_result[27], alt_result[7], alt_result[17], 4, &buflen, &cp);
- b64_from_24bit(alt_result[18], alt_result[28], alt_result[8], 4, &buflen, &cp);
- b64_from_24bit(alt_result[9], alt_result[19], alt_result[29], 4, &buflen, &cp);
- b64_from_24bit(0, alt_result[31], alt_result[30], 3, &buflen, &cp);
- if (buflen <= 0) {
- errno = ERANGE;
- buffer = NULL;
- }
- else
- *cp = '\0'; /* Terminate the string. */
+ b64_from_24bit(alt_result[0], alt_result[10], alt_result[20], 4, &cp);
+ b64_from_24bit(alt_result[21], alt_result[1], alt_result[11], 4, &cp);
+ b64_from_24bit(alt_result[12], alt_result[22], alt_result[2], 4, &cp);
+ b64_from_24bit(alt_result[3], alt_result[13], alt_result[23], 4, &cp);
+ b64_from_24bit(alt_result[24], alt_result[4], alt_result[14], 4, &cp);
+ b64_from_24bit(alt_result[15], alt_result[25], alt_result[5], 4, &cp);
+ b64_from_24bit(alt_result[6], alt_result[16], alt_result[26], 4, &cp);
+ b64_from_24bit(alt_result[27], alt_result[7], alt_result[17], 4, &cp);
+ b64_from_24bit(alt_result[18], alt_result[28], alt_result[8], 4, &cp);
+ b64_from_24bit(alt_result[9], alt_result[19], alt_result[29], 4, &cp);
+ b64_from_24bit(0, alt_result[31], alt_result[30], 3, &cp);
+ *cp = '\0'; /* Terminate the string. */
/* Clear the buffer for the intermediate result so that people
* attaching to processes or reading core dumps cannot get any
@@ -263,37 +247,7 @@
if (copied_salt != NULL)
memset(copied_salt, '\0', salt_len);
- return buffer;
-}
-
-/* This entry point is equivalent to crypt(3). */
-char *
-crypt_sha256(const char *key, const char *salt)
-{
- /* We don't want to have an arbitrary limit in the size of the
- * password. We can compute an upper bound for the size of the
- * result in advance and so we can prepare the buffer we pass to
- * `crypt_sha256_r'. */
- static char *buffer;
- static int buflen;
- int needed;
- char *new_buffer;
-
- needed = (sizeof(sha256_salt_prefix) - 1
- + sizeof(sha256_rounds_prefix) + 9 + 1
- + strlen(salt) + 1 + 43 + 1);
-
- if (buflen < needed) {
- new_buffer = (char *)realloc(buffer, needed);
-
- if (new_buffer == NULL)
- return NULL;
-
- buffer = new_buffer;
- buflen = needed;
- }
-
- return crypt_sha256_r(key, salt, buffer, buflen);
+ return (0);
}
#ifdef TEST
Index: lib/libcrypt/crypt-sha512.c
===================================================================
--- lib/libcrypt/crypt-sha512.c
+++ lib/libcrypt/crypt-sha512.c
@@ -59,11 +59,10 @@
/* Maximum number of rounds. */
#define ROUNDS_MAX 999999999
-static char *
-crypt_sha512_r(const char *key, const char *salt, char *buffer, int buflen)
+int
+crypt_sha512(const char *key, const char *salt, char *buffer)
{
u_long srounds;
- int n;
uint8_t alt_result[64], temp_result[64];
SHA512_CTX ctx, alt_ctx;
size_t salt_len, key_len, cnt, rounds;
@@ -210,54 +209,39 @@
/* Now we can construct the result string. It consists of three
* parts. */
- cp = stpncpy(buffer, sha512_salt_prefix, MAX(0, buflen));
- buflen -= sizeof(sha512_salt_prefix) - 1;
+ cp = stpcpy(buffer, sha512_salt_prefix);
- if (rounds_custom) {
- n = snprintf(cp, MAX(0, buflen), "%s%zu$",
- sha512_rounds_prefix, rounds);
+ if (rounds_custom)
+ cp += sprintf(cp, "%s%zu$", sha512_rounds_prefix, rounds);
- cp += n;
- buflen -= n;
- }
+ cp = stpncpy(cp, salt, salt_len);
- cp = stpncpy(cp, salt, MIN((size_t)MAX(0, buflen), salt_len));
- buflen -= MIN((size_t)MAX(0, buflen), salt_len);
+ *cp++ = '$';
- if (buflen > 0) {
- *cp++ = '$';
- --buflen;
- }
+ b64_from_24bit(alt_result[0], alt_result[21], alt_result[42], 4, &cp);
+ b64_from_24bit(alt_result[22], alt_result[43], alt_result[1], 4, &cp);
+ b64_from_24bit(alt_result[44], alt_result[2], alt_result[23], 4, &cp);
+ b64_from_24bit(alt_result[3], alt_result[24], alt_result[45], 4, &cp);
+ b64_from_24bit(alt_result[25], alt_result[46], alt_result[4], 4, &cp);
+ b64_from_24bit(alt_result[47], alt_result[5], alt_result[26], 4, &cp);
+ b64_from_24bit(alt_result[6], alt_result[27], alt_result[48], 4, &cp);
+ b64_from_24bit(alt_result[28], alt_result[49], alt_result[7], 4, &cp);
+ b64_from_24bit(alt_result[50], alt_result[8], alt_result[29], 4, &cp);
+ b64_from_24bit(alt_result[9], alt_result[30], alt_result[51], 4, &cp);
+ b64_from_24bit(alt_result[31], alt_result[52], alt_result[10], 4, &cp);
+ b64_from_24bit(alt_result[53], alt_result[11], alt_result[32], 4, &cp);
+ b64_from_24bit(alt_result[12], alt_result[33], alt_result[54], 4, &cp);
+ b64_from_24bit(alt_result[34], alt_result[55], alt_result[13], 4, &cp);
+ b64_from_24bit(alt_result[56], alt_result[14], alt_result[35], 4, &cp);
+ b64_from_24bit(alt_result[15], alt_result[36], alt_result[57], 4, &cp);
+ b64_from_24bit(alt_result[37], alt_result[58], alt_result[16], 4, &cp);
+ b64_from_24bit(alt_result[59], alt_result[17], alt_result[38], 4, &cp);
+ b64_from_24bit(alt_result[18], alt_result[39], alt_result[60], 4, &cp);
+ b64_from_24bit(alt_result[40], alt_result[61], alt_result[19], 4, &cp);
+ b64_from_24bit(alt_result[62], alt_result[20], alt_result[41], 4, &cp);
+ b64_from_24bit(0, 0, alt_result[63], 2, &cp);
- b64_from_24bit(alt_result[0], alt_result[21], alt_result[42], 4, &buflen, &cp);
- b64_from_24bit(alt_result[22], alt_result[43], alt_result[1], 4, &buflen, &cp);
- b64_from_24bit(alt_result[44], alt_result[2], alt_result[23], 4, &buflen, &cp);
- b64_from_24bit(alt_result[3], alt_result[24], alt_result[45], 4, &buflen, &cp);
- b64_from_24bit(alt_result[25], alt_result[46], alt_result[4], 4, &buflen, &cp);
- b64_from_24bit(alt_result[47], alt_result[5], alt_result[26], 4, &buflen, &cp);
- b64_from_24bit(alt_result[6], alt_result[27], alt_result[48], 4, &buflen, &cp);
- b64_from_24bit(alt_result[28], alt_result[49], alt_result[7], 4, &buflen, &cp);
- b64_from_24bit(alt_result[50], alt_result[8], alt_result[29], 4, &buflen, &cp);
- b64_from_24bit(alt_result[9], alt_result[30], alt_result[51], 4, &buflen, &cp);
- b64_from_24bit(alt_result[31], alt_result[52], alt_result[10], 4, &buflen, &cp);
- b64_from_24bit(alt_result[53], alt_result[11], alt_result[32], 4, &buflen, &cp);
- b64_from_24bit(alt_result[12], alt_result[33], alt_result[54], 4, &buflen, &cp);
- b64_from_24bit(alt_result[34], alt_result[55], alt_result[13], 4, &buflen, &cp);
- b64_from_24bit(alt_result[56], alt_result[14], alt_result[35], 4, &buflen, &cp);
- b64_from_24bit(alt_result[15], alt_result[36], alt_result[57], 4, &buflen, &cp);
- b64_from_24bit(alt_result[37], alt_result[58], alt_result[16], 4, &buflen, &cp);
- b64_from_24bit(alt_result[59], alt_result[17], alt_result[38], 4, &buflen, &cp);
- b64_from_24bit(alt_result[18], alt_result[39], alt_result[60], 4, &buflen, &cp);
- b64_from_24bit(alt_result[40], alt_result[61], alt_result[19], 4, &buflen, &cp);
- b64_from_24bit(alt_result[62], alt_result[20], alt_result[41], 4, &buflen, &cp);
- b64_from_24bit(0, 0, alt_result[63], 2, &buflen, &cp);
-
- if (buflen <= 0) {
- errno = ERANGE;
- buffer = NULL;
- }
- else
- *cp = '\0'; /* Terminate the string. */
+ *cp = '\0'; /* Terminate the string. */
/* Clear the buffer for the intermediate result so that people
* attaching to processes or reading core dumps cannot get any
@@ -275,37 +259,7 @@
if (copied_salt != NULL)
memset(copied_salt, '\0', salt_len);
- return buffer;
-}
-
-/* This entry point is equivalent to crypt(3). */
-char *
-crypt_sha512(const char *key, const char *salt)
-{
- /* We don't want to have an arbitrary limit in the size of the
- * password. We can compute an upper bound for the size of the
- * result in advance and so we can prepare the buffer we pass to
- * `crypt_sha512_r'. */
- static char *buffer;
- static int buflen;
- int needed;
- char *new_buffer;
-
- needed = (sizeof(sha512_salt_prefix) - 1
- + sizeof(sha512_rounds_prefix) + 9 + 1
- + strlen(salt) + 1 + 86 + 1);
-
- if (buflen < needed) {
- new_buffer = (char *)realloc(buffer, needed);
-
- if (new_buffer == NULL)
- return NULL;
-
- buffer = new_buffer;
- buflen = needed;
- }
-
- return crypt_sha512_r(key, salt, buffer, buflen);
+ return (0);
}
#ifdef TEST
Index: lib/libcrypt/crypt.h
===================================================================
--- lib/libcrypt/crypt.h
+++ lib/libcrypt/crypt.h
@@ -32,12 +32,12 @@
#define MD4_SIZE 16
#define MD5_SIZE 16
-char *crypt_des(const char *pw, const char *salt);
-char *crypt_md5(const char *pw, const char *salt);
-char *crypt_nthash(const char *pw, const char *salt);
-char *crypt_blowfish(const char *pw, const char *salt);
-char *crypt_sha256 (const char *pw, const char *salt);
-char *crypt_sha512 (const char *pw, const char *salt);
+int crypt_des(const char *pw, const char *salt, char *buf);
+int crypt_md5(const char *pw, const char *salt, char *buf);
+int crypt_nthash(const char *pw, const char *salt, char *buf);
+int crypt_blowfish(const char *pw, const char *salt, char *buf);
+int crypt_sha256 (const char *pw, const char *salt, char *buf);
+int crypt_sha512 (const char *pw, const char *salt, char *buf);
extern void _crypt_to64(char *s, u_long v, int n);
-extern void b64_from_24bit(uint8_t B2, uint8_t B1, uint8_t B0, int n, int *buflen, char **cp);
+extern void b64_from_24bit(uint8_t B2, uint8_t B1, uint8_t B0, int n, char **cp);
Index: lib/libcrypt/crypt.3
===================================================================
--- lib/libcrypt/crypt.3
+++ lib/libcrypt/crypt.3
@@ -29,7 +29,7 @@
.\"
.\" $FreeBSD$
.\"
-.Dd March 9, 2014
+.Dd July 25, 2016
.Dt CRYPT 3
.Os
.Sh NAME
@@ -41,6 +41,8 @@
.In unistd.h
.Ft char *
.Fn crypt "const char *key" "const char *salt"
+.Ft char *
+.Fn crypt_r "const char *key" "const char *salt" "struct crypt_data *data"
.Ft const char *
.Fn crypt_get_format "void"
.Ft int
@@ -227,6 +229,14 @@
best results, specify at least eight characters of salt.
.Pp
The
+.Fn crypt_r
+function behaves identically to
+.Fn crypt ,
+except that the resulting string is stored in
+.Fa data ,
+making it thread-safe.
+.Pp
+The
.Fn crypt_get_format
function returns a constant string that represents the name of the
algorithm currently used.
@@ -249,7 +259,9 @@
.Sh RETURN VALUES
The
.Fn crypt
-function returns a pointer to the encrypted value on success, and NULL on
+and
+.Fn crypt_r
+functions return a pointer to the encrypted value on success, and NULL on
failure.
Note: this is not a standard behaviour, AT&T
.Fn crypt
@@ -280,6 +292,11 @@
States of America as an unencumbered replacement for the U.S.-only
.Nx
libcrypt encryption library.
+.Pp
+The
+.Fn crypt_r
+function was added in
+.Fx 12.0 .
.Sh AUTHORS
.An -nosplit
Originally written by
Index: lib/libcrypt/crypt.c
===================================================================
--- lib/libcrypt/crypt.c
+++ lib/libcrypt/crypt.c
@@ -46,9 +46,9 @@
* and it needs to be the default for backward compatibility.
*/
static const struct crypt_format {
- const char *const name;
- char *(*const func)(const char *, const char *);
- const char *const magic;
+ const char *name;
+ int (*func)(const char *, const char *, char *);
+ const char *magic;
} crypt_formats[] = {
{ "md5", crypt_md5, "$1$" },
#ifdef HAS_BLOWFISH
@@ -104,20 +104,37 @@
* otherwise, the currently selected format is used.
*/
char *
-crypt(const char *passwd, const char *salt)
+crypt_r(const char *passwd, const char *salt, struct crypt_data *data)
{
const struct crypt_format *cf;
+ int (*func)(const char *, const char *, char *);
#ifdef HAS_DES
int len;
#endif
for (cf = crypt_formats; cf->name != NULL; ++cf)
- if (cf->magic != NULL && strstr(salt, cf->magic) == salt)
- return (cf->func(passwd, salt));
+ if (cf->magic != NULL && strstr(salt, cf->magic) == salt) {
+ func = cf->func;
+ goto match;
+ }
#ifdef HAS_DES
len = strlen(salt);
- if ((len == 13 || len == 2) && strspn(salt, DES_SALT_ALPHABET) == len)
- return (crypt_des(passwd, salt));
+ if ((len == 13 || len == 2) && strspn(salt, DES_SALT_ALPHABET) == len) {
+ func = crypt_des;
+ goto match;
+ }
#endif
- return (crypt_format->func(passwd, salt));
+ func = crypt_format->func;
+match:
+ if (func(passwd, salt, data->__buf) != 0)
+ return (NULL);
+ return (data->__buf);
+}
+
+char *
+crypt(const char *passwd, const char *salt)
+{
+ static struct crypt_data data;
+
+ return (crypt_r(passwd, salt, &data));
}
Index: lib/libcrypt/misc.c
===================================================================
--- lib/libcrypt/misc.c
+++ lib/libcrypt/misc.c
@@ -47,7 +47,7 @@
}
void
-b64_from_24bit(uint8_t B2, uint8_t B1, uint8_t B0, int n, int *buflen, char **cp)
+b64_from_24bit(uint8_t B2, uint8_t B1, uint8_t B0, int n, char **cp)
{
uint32_t w;
int i;
@@ -56,8 +56,6 @@
for (i = 0; i < n; i++) {
**cp = itoa64[w&0x3f];
(*cp)++;
- if ((*buflen)-- < 0)
- break;
w >>= 6;
}
}
Index: secure/lib/libcrypt/crypt-blowfish.c
===================================================================
--- secure/lib/libcrypt/crypt-blowfish.c
+++ secure/lib/libcrypt/crypt-blowfish.c
@@ -75,8 +75,6 @@
static void encode_base64(u_int8_t *, u_int8_t *, u_int16_t);
static void decode_base64(u_int8_t *, u_int16_t, const u_int8_t *);
-static char encrypted[_PASSWORD_LEN];
-
const static u_int8_t Base64Code[] =
"./ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789";
@@ -135,8 +133,8 @@
/* We handle $Vers$log2(NumRounds)$salt+passwd$
i.e. $2$04$iwouldntknowwhattosayetKdJ6iFtacBqJdKe6aW7ou */
-char *
-crypt_blowfish(const char *key, const char *salt)
+int
+crypt_blowfish(const char *key, const char *salt, char *buffer)
{
blf_ctx state;
u_int32_t rounds, i, k;
@@ -157,10 +155,8 @@
/* Discard "$" identifier */
salt++;
- if (*salt > BCRYPT_VERSION) {
- /* How do I handle errors ? Return NULL */
- return NULL;
- }
+ if (*salt > BCRYPT_VERSION)
+ return (-1);
/* Check for minor versions */
if (salt[1] != '$') {
@@ -174,7 +170,7 @@
salt++;
break;
default:
- return NULL;
+ return (-1);
}
} else
minr = 0;
@@ -184,15 +180,15 @@
if (salt[2] != '$')
/* Out of sync with passwd entry */
- return NULL;
+ return (-1);
memcpy(arounds, salt, sizeof(arounds));
if (arounds[sizeof(arounds) - 1] != '$')
- return NULL;
+ return (-1);
arounds[sizeof(arounds) - 1] = 0;
logr = strtonum(arounds, BCRYPT_MINLOGROUNDS, 31, NULL);
if (logr == 0)
- return NULL;
+ return (-1);
/* Computer power doesn't increase linearly, 2^x should be fine */
rounds = 1U << logr;
@@ -201,7 +197,7 @@
}
if (strlen(salt) * 3 / 4 < BCRYPT_MAXSALT)
- return NULL;
+ return (-1);
/* We dont want the base64 salt but the raw data */
decode_base64(csalt, BCRYPT_MAXSALT, (const u_int8_t *) salt);
@@ -248,23 +244,23 @@
}
- i = 0;
- encrypted[i++] = '$';
- encrypted[i++] = BCRYPT_VERSION;
+ *buffer++ = '$';
+ *buffer++ = BCRYPT_VERSION;
if (minr)
- encrypted[i++] = minr;
- encrypted[i++] = '$';
+ *buffer++ = minr;
+ *buffer++ = '$';
- snprintf(encrypted + i, 4, "%2.2u$", logr);
+ snprintf(buffer, 4, "%2.2u$", logr);
+ buffer += 3;
- encode_base64((u_int8_t *) encrypted + i + 3, csalt, BCRYPT_MAXSALT);
- encode_base64((u_int8_t *) encrypted + strlen(encrypted), ciphertext,
- 4 * BCRYPT_BLOCKS - 1);
+ encode_base64((u_int8_t *)buffer, csalt, BCRYPT_MAXSALT);
+ buffer += strlen(buffer);
+ encode_base64((u_int8_t *)buffer, ciphertext, 4 * BCRYPT_BLOCKS - 1);
memset(&state, 0, sizeof(state));
memset(ciphertext, 0, sizeof(ciphertext));
memset(csalt, 0, sizeof(csalt));
memset(cdata, 0, sizeof(cdata));
- return encrypted;
+ return (0);
}
static void
Index: secure/lib/libcrypt/crypt-des.c
===================================================================
--- secure/lib/libcrypt/crypt-des.c
+++ secure/lib/libcrypt/crypt-des.c
@@ -588,13 +588,12 @@
return(retval);
}
-char *
-crypt_des(const char *key, const char *setting)
+int
+crypt_des(const char *key, const char *setting, char *buffer)
{
int i;
u_int32_t count, salt, l, r0, r1, keybuf[2];
- u_char *p, *q;
- static char output[21];
+ u_char *q;
if (!des_initialised)
des_init();
@@ -610,7 +609,7 @@
key++;
}
if (des_setkey((char *)keybuf))
- return(NULL);
+ return (-1);
if (*setting == _PASSWORD_EFMT1) {
/*
@@ -629,7 +628,7 @@
* Encrypt the key with itself.
*/
if (des_cipher((char *)keybuf, (char *)keybuf, 0L, 1))
- return(NULL);
+ return (-1);
/*
* And XOR with the next 8 characters of the key.
*/
@@ -638,19 +637,9 @@
*q++ ^= *key++ << 1;
if (des_setkey((char *)keybuf))
- return(NULL);
+ return (-1);
}
- strncpy(output, setting, 9);
-
- /*
- * Double check that we weren't given a short setting.
- * If we were, the above code will probably have created
- * wierd values for count and salt, but we don't really care.
- * Just make sure the output string doesn't have an extra
- * NUL in it.
- */
- output[9] = '\0';
- p = (u_char *)output + strlen(output);
+ buffer = stpncpy(buffer, setting, 9);
} else {
/*
* "old"-style:
@@ -662,43 +651,41 @@
salt = (ascii_to_bin(setting[1]) << 6)
| ascii_to_bin(setting[0]);
- output[0] = setting[0];
+ *buffer++ = setting[0];
/*
* If the encrypted password that the salt was extracted from
* is only 1 character long, the salt will be corrupted. We
* need to ensure that the output string doesn't have an extra
* NUL in it!
*/
- output[1] = setting[1] ? setting[1] : output[0];
-
- p = (u_char *)output + 2;
+ *buffer++ = setting[1] ? setting[1] : setting[0];
}
setup_salt(salt);
/*
* Do it.
*/
if (do_des(0L, 0L, &r0, &r1, (int)count))
- return(NULL);
+ return (-1);
/*
* Now encode the result...
*/
l = (r0 >> 8);
- *p++ = ascii64[(l >> 18) & 0x3f];
- *p++ = ascii64[(l >> 12) & 0x3f];
- *p++ = ascii64[(l >> 6) & 0x3f];
- *p++ = ascii64[l & 0x3f];
+ *buffer++ = ascii64[(l >> 18) & 0x3f];
+ *buffer++ = ascii64[(l >> 12) & 0x3f];
+ *buffer++ = ascii64[(l >> 6) & 0x3f];
+ *buffer++ = ascii64[l & 0x3f];
l = (r0 << 16) | ((r1 >> 16) & 0xffff);
- *p++ = ascii64[(l >> 18) & 0x3f];
- *p++ = ascii64[(l >> 12) & 0x3f];
- *p++ = ascii64[(l >> 6) & 0x3f];
- *p++ = ascii64[l & 0x3f];
+ *buffer++ = ascii64[(l >> 18) & 0x3f];
+ *buffer++ = ascii64[(l >> 12) & 0x3f];
+ *buffer++ = ascii64[(l >> 6) & 0x3f];
+ *buffer++ = ascii64[l & 0x3f];
l = r1 << 2;
- *p++ = ascii64[(l >> 12) & 0x3f];
- *p++ = ascii64[(l >> 6) & 0x3f];
- *p++ = ascii64[l & 0x3f];
- *p = 0;
+ *buffer++ = ascii64[(l >> 12) & 0x3f];
+ *buffer++ = ascii64[(l >> 6) & 0x3f];
+ *buffer++ = ascii64[l & 0x3f];
+ *buffer = '\0';
- return(output);
+ return (0);
}

File Metadata

Mime Type
text/plain
Expires
Fri, Mar 20, 7:37 AM (2 h, 51 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
30007817
Default Alt Text
D7306.id18732.diff (25 KB)

Event Timeline