Index: head/include/unistd.h =================================================================== --- head/include/unistd.h (revision 303919) +++ head/include/unistd.h (revision 303920) @@ -1,592 +1,599 @@ /*- * Copyright (c) 1991, 1993, 1994 * The Regents of the University of California. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. Neither the name of the University nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * * @(#)unistd.h 8.12 (Berkeley) 4/27/95 * $FreeBSD$ */ #ifndef _UNISTD_H_ #define _UNISTD_H_ #include #include /* XXX adds too much pollution. */ #include #include #include #ifndef _GID_T_DECLARED typedef __gid_t gid_t; #define _GID_T_DECLARED #endif #ifndef _OFF_T_DECLARED typedef __off_t off_t; #define _OFF_T_DECLARED #endif #ifndef _PID_T_DECLARED typedef __pid_t pid_t; #define _PID_T_DECLARED #endif #ifndef _SIZE_T_DECLARED typedef __size_t size_t; #define _SIZE_T_DECLARED #endif #ifndef _SSIZE_T_DECLARED typedef __ssize_t ssize_t; #define _SSIZE_T_DECLARED #endif #ifndef _UID_T_DECLARED typedef __uid_t uid_t; #define _UID_T_DECLARED #endif #ifndef _USECONDS_T_DECLARED typedef __useconds_t useconds_t; #define _USECONDS_T_DECLARED #endif #define STDIN_FILENO 0 /* standard input file descriptor */ #define STDOUT_FILENO 1 /* standard output file descriptor */ #define STDERR_FILENO 2 /* standard error file descriptor */ #if __XSI_VISIBLE || __POSIX_VISIBLE >= 200112 #define F_ULOCK 0 /* unlock locked section */ #define F_LOCK 1 /* lock a section for exclusive use */ #define F_TLOCK 2 /* test and lock a section for exclusive use */ #define F_TEST 3 /* test a section for locks by other procs */ #endif /* * POSIX options and option groups we unconditionally do or don't * implement. This list includes those options which are exclusively * implemented (or not) in user mode. Please keep this list in * alphabetical order. * * Anything which is defined as zero below **must** have an * implementation for the corresponding sysconf() which is able to * determine conclusively whether or not the feature is supported. * Anything which is defined as other than -1 below **must** have * complete headers, types, and function declarations as specified by * the POSIX standard; however, if the relevant sysconf() function * returns -1, the functions may be stubbed out. */ #define _POSIX_BARRIERS 200112L #define _POSIX_CPUTIME 200112L #define _POSIX_READER_WRITER_LOCKS 200112L #define _POSIX_REGEXP 1 #define _POSIX_SHELL 1 #define _POSIX_SPAWN 200112L #define _POSIX_SPIN_LOCKS 200112L #define _POSIX_THREAD_ATTR_STACKADDR 200112L #define _POSIX_THREAD_ATTR_STACKSIZE 200112L #define _POSIX_THREAD_CPUTIME 200112L #define _POSIX_THREAD_PRIO_INHERIT 200112L #define _POSIX_THREAD_PRIO_PROTECT 200112L #define _POSIX_THREAD_PRIORITY_SCHEDULING 200112L #define _POSIX_THREAD_PROCESS_SHARED 200112L #define _POSIX_THREAD_SAFE_FUNCTIONS -1 #define _POSIX_THREAD_SPORADIC_SERVER -1 #define _POSIX_THREADS 200112L #define _POSIX_TRACE -1 #define _POSIX_TRACE_EVENT_FILTER -1 #define _POSIX_TRACE_INHERIT -1 #define _POSIX_TRACE_LOG -1 #define _POSIX2_C_BIND 200112L /* mandatory */ #define _POSIX2_C_DEV -1 /* need c99 utility */ #define _POSIX2_CHAR_TERM 1 #define _POSIX2_FORT_DEV -1 /* need fort77 utility */ #define _POSIX2_FORT_RUN 200112L #define _POSIX2_LOCALEDEF -1 #define _POSIX2_PBS -1 #define _POSIX2_PBS_ACCOUNTING -1 #define _POSIX2_PBS_CHECKPOINT -1 #define _POSIX2_PBS_LOCATE -1 #define _POSIX2_PBS_MESSAGE -1 #define _POSIX2_PBS_TRACK -1 #define _POSIX2_SW_DEV -1 /* XXX ??? */ #define _POSIX2_UPE 200112L #define _V6_ILP32_OFF32 -1 #define _V6_ILP32_OFFBIG 0 #define _V6_LP64_OFF64 0 #define _V6_LPBIG_OFFBIG -1 #if __XSI_VISIBLE #define _XOPEN_CRYPT -1 /* XXX ??? */ #define _XOPEN_ENH_I18N -1 /* mandatory in XSI */ #define _XOPEN_LEGACY -1 #define _XOPEN_REALTIME -1 #define _XOPEN_REALTIME_THREADS -1 #define _XOPEN_UNIX -1 #endif /* Define the POSIX.2 version we target for compliance. */ #define _POSIX2_VERSION 199212L /* * POSIX-style system configuration variable accessors (for the * sysconf function). The kernel does not directly implement the * sysconf() interface; rather, a C library stub translates references * to sysconf() into calls to sysctl() using a giant switch statement. * Those that are marked `user' are implemented entirely in the C * library and never query the kernel. pathconf() is implemented * directly by the kernel so those are not defined here. */ #define _SC_ARG_MAX 1 #define _SC_CHILD_MAX 2 #define _SC_CLK_TCK 3 #define _SC_NGROUPS_MAX 4 #define _SC_OPEN_MAX 5 #define _SC_JOB_CONTROL 6 #define _SC_SAVED_IDS 7 #define _SC_VERSION 8 #define _SC_BC_BASE_MAX 9 /* user */ #define _SC_BC_DIM_MAX 10 /* user */ #define _SC_BC_SCALE_MAX 11 /* user */ #define _SC_BC_STRING_MAX 12 /* user */ #define _SC_COLL_WEIGHTS_MAX 13 /* user */ #define _SC_EXPR_NEST_MAX 14 /* user */ #define _SC_LINE_MAX 15 /* user */ #define _SC_RE_DUP_MAX 16 /* user */ #define _SC_2_VERSION 17 /* user */ #define _SC_2_C_BIND 18 /* user */ #define _SC_2_C_DEV 19 /* user */ #define _SC_2_CHAR_TERM 20 /* user */ #define _SC_2_FORT_DEV 21 /* user */ #define _SC_2_FORT_RUN 22 /* user */ #define _SC_2_LOCALEDEF 23 /* user */ #define _SC_2_SW_DEV 24 /* user */ #define _SC_2_UPE 25 /* user */ #define _SC_STREAM_MAX 26 /* user */ #define _SC_TZNAME_MAX 27 /* user */ #if __POSIX_VISIBLE >= 199309 #define _SC_ASYNCHRONOUS_IO 28 #define _SC_MAPPED_FILES 29 #define _SC_MEMLOCK 30 #define _SC_MEMLOCK_RANGE 31 #define _SC_MEMORY_PROTECTION 32 #define _SC_MESSAGE_PASSING 33 #define _SC_PRIORITIZED_IO 34 #define _SC_PRIORITY_SCHEDULING 35 #define _SC_REALTIME_SIGNALS 36 #define _SC_SEMAPHORES 37 #define _SC_FSYNC 38 #define _SC_SHARED_MEMORY_OBJECTS 39 #define _SC_SYNCHRONIZED_IO 40 #define _SC_TIMERS 41 #define _SC_AIO_LISTIO_MAX 42 #define _SC_AIO_MAX 43 #define _SC_AIO_PRIO_DELTA_MAX 44 #define _SC_DELAYTIMER_MAX 45 #define _SC_MQ_OPEN_MAX 46 #define _SC_PAGESIZE 47 #define _SC_RTSIG_MAX 48 #define _SC_SEM_NSEMS_MAX 49 #define _SC_SEM_VALUE_MAX 50 #define _SC_SIGQUEUE_MAX 51 #define _SC_TIMER_MAX 52 #endif #if __POSIX_VISIBLE >= 200112 #define _SC_2_PBS 59 /* user */ #define _SC_2_PBS_ACCOUNTING 60 /* user */ #define _SC_2_PBS_CHECKPOINT 61 /* user */ #define _SC_2_PBS_LOCATE 62 /* user */ #define _SC_2_PBS_MESSAGE 63 /* user */ #define _SC_2_PBS_TRACK 64 /* user */ #define _SC_ADVISORY_INFO 65 #define _SC_BARRIERS 66 /* user */ #define _SC_CLOCK_SELECTION 67 #define _SC_CPUTIME 68 #define _SC_FILE_LOCKING 69 #define _SC_GETGR_R_SIZE_MAX 70 /* user */ #define _SC_GETPW_R_SIZE_MAX 71 /* user */ #define _SC_HOST_NAME_MAX 72 #define _SC_LOGIN_NAME_MAX 73 #define _SC_MONOTONIC_CLOCK 74 #define _SC_MQ_PRIO_MAX 75 #define _SC_READER_WRITER_LOCKS 76 /* user */ #define _SC_REGEXP 77 /* user */ #define _SC_SHELL 78 /* user */ #define _SC_SPAWN 79 /* user */ #define _SC_SPIN_LOCKS 80 /* user */ #define _SC_SPORADIC_SERVER 81 #define _SC_THREAD_ATTR_STACKADDR 82 /* user */ #define _SC_THREAD_ATTR_STACKSIZE 83 /* user */ #define _SC_THREAD_CPUTIME 84 /* user */ #define _SC_THREAD_DESTRUCTOR_ITERATIONS 85 /* user */ #define _SC_THREAD_KEYS_MAX 86 /* user */ #define _SC_THREAD_PRIO_INHERIT 87 /* user */ #define _SC_THREAD_PRIO_PROTECT 88 /* user */ #define _SC_THREAD_PRIORITY_SCHEDULING 89 /* user */ #define _SC_THREAD_PROCESS_SHARED 90 /* user */ #define _SC_THREAD_SAFE_FUNCTIONS 91 /* user */ #define _SC_THREAD_SPORADIC_SERVER 92 /* user */ #define _SC_THREAD_STACK_MIN 93 /* user */ #define _SC_THREAD_THREADS_MAX 94 /* user */ #define _SC_TIMEOUTS 95 /* user */ #define _SC_THREADS 96 /* user */ #define _SC_TRACE 97 /* user */ #define _SC_TRACE_EVENT_FILTER 98 /* user */ #define _SC_TRACE_INHERIT 99 /* user */ #define _SC_TRACE_LOG 100 /* user */ #define _SC_TTY_NAME_MAX 101 /* user */ #define _SC_TYPED_MEMORY_OBJECTS 102 #define _SC_V6_ILP32_OFF32 103 /* user */ #define _SC_V6_ILP32_OFFBIG 104 /* user */ #define _SC_V6_LP64_OFF64 105 /* user */ #define _SC_V6_LPBIG_OFFBIG 106 /* user */ #define _SC_IPV6 118 #define _SC_RAW_SOCKETS 119 #define _SC_SYMLOOP_MAX 120 #endif #if __XSI_VISIBLE #define _SC_ATEXIT_MAX 107 /* user */ #define _SC_IOV_MAX 56 #define _SC_PAGE_SIZE _SC_PAGESIZE #define _SC_XOPEN_CRYPT 108 /* user */ #define _SC_XOPEN_ENH_I18N 109 /* user */ #define _SC_XOPEN_LEGACY 110 /* user */ #define _SC_XOPEN_REALTIME 111 #define _SC_XOPEN_REALTIME_THREADS 112 #define _SC_XOPEN_SHM 113 #define _SC_XOPEN_STREAMS 114 #define _SC_XOPEN_UNIX 115 #define _SC_XOPEN_VERSION 116 #define _SC_XOPEN_XCU_VERSION 117 /* user */ #endif #if __BSD_VISIBLE #define _SC_NPROCESSORS_CONF 57 #define _SC_NPROCESSORS_ONLN 58 #define _SC_CPUSET_SIZE 122 #endif /* Extensions found in Solaris and Linux. */ #define _SC_PHYS_PAGES 121 /* Keys for the confstr(3) function. */ #if __POSIX_VISIBLE >= 199209 #define _CS_PATH 1 /* default value of PATH */ #endif #if __POSIX_VISIBLE >= 200112 #define _CS_POSIX_V6_ILP32_OFF32_CFLAGS 2 #define _CS_POSIX_V6_ILP32_OFF32_LDFLAGS 3 #define _CS_POSIX_V6_ILP32_OFF32_LIBS 4 #define _CS_POSIX_V6_ILP32_OFFBIG_CFLAGS 5 #define _CS_POSIX_V6_ILP32_OFFBIG_LDFLAGS 6 #define _CS_POSIX_V6_ILP32_OFFBIG_LIBS 7 #define _CS_POSIX_V6_LP64_OFF64_CFLAGS 8 #define _CS_POSIX_V6_LP64_OFF64_LDFLAGS 9 #define _CS_POSIX_V6_LP64_OFF64_LIBS 10 #define _CS_POSIX_V6_LPBIG_OFFBIG_CFLAGS 11 #define _CS_POSIX_V6_LPBIG_OFFBIG_LDFLAGS 12 #define _CS_POSIX_V6_LPBIG_OFFBIG_LIBS 13 #define _CS_POSIX_V6_WIDTH_RESTRICTED_ENVS 14 #endif __BEGIN_DECLS /* 1003.1-1990 */ void _exit(int) __dead2; int access(const char *, int); unsigned int alarm(unsigned int); int chdir(const char *); int chown(const char *, uid_t, gid_t); int close(int); void closefrom(int); int dup(int); int dup2(int, int); int execl(const char *, const char *, ...) __null_sentinel; int execle(const char *, const char *, ...); int execlp(const char *, const char *, ...) __null_sentinel; int execv(const char *, char * const *); int execve(const char *, char * const *, char * const *); int execvp(const char *, char * const *); pid_t fork(void); long fpathconf(int, int); char *getcwd(char *, size_t); gid_t getegid(void); uid_t geteuid(void); gid_t getgid(void); int getgroups(int, gid_t []); char *getlogin(void); pid_t getpgrp(void); pid_t getpid(void); pid_t getppid(void); uid_t getuid(void); int isatty(int); int link(const char *, const char *); #ifndef _LSEEK_DECLARED #define _LSEEK_DECLARED off_t lseek(int, off_t, int); #endif long pathconf(const char *, int); int pause(void); int pipe(int *); ssize_t read(int, void *, size_t); int rmdir(const char *); int setgid(gid_t); int setpgid(pid_t, pid_t); pid_t setsid(void); int setuid(uid_t); unsigned int sleep(unsigned int); long sysconf(int); pid_t tcgetpgrp(int); int tcsetpgrp(int, pid_t); char *ttyname(int); int ttyname_r(int, char *, size_t); int unlink(const char *); ssize_t write(int, const void *, size_t); /* 1003.2-1992 */ #if __POSIX_VISIBLE >= 199209 || __XSI_VISIBLE size_t confstr(int, char *, size_t); #ifndef _GETOPT_DECLARED #define _GETOPT_DECLARED int getopt(int, char * const [], const char *); extern char *optarg; /* getopt(3) external variables */ extern int optind, opterr, optopt; #endif /* _GETOPT_DECLARED */ #endif /* ISO/IEC 9945-1: 1996 */ #if __POSIX_VISIBLE >= 199506 || __XSI_VISIBLE int fsync(int); /* * ftruncate() was in the POSIX Realtime Extension (it's used for shared * memory), but truncate() was not. */ #ifndef _FTRUNCATE_DECLARED #define _FTRUNCATE_DECLARED int ftruncate(int, off_t); #endif #endif #if __POSIX_VISIBLE >= 199506 int getlogin_r(char *, int); #endif /* 1003.1-2001 */ #if __POSIX_VISIBLE >= 200112 || __XSI_VISIBLE int fchown(int, uid_t, gid_t); ssize_t readlink(const char * __restrict, char * __restrict, size_t); #endif #if __POSIX_VISIBLE >= 200112 int gethostname(char *, size_t); int setegid(gid_t); int seteuid(uid_t); #endif /* 1003.1-2008 */ #if __POSIX_VISIBLE >= 200809 || __XSI_VISIBLE int getsid(pid_t _pid); int fchdir(int); int getpgid(pid_t _pid); int lchown(const char *, uid_t, gid_t); ssize_t pread(int, void *, size_t, off_t); ssize_t pwrite(int, const void *, size_t, off_t); /* See comment at ftruncate() above. */ #ifndef _TRUNCATE_DECLARED #define _TRUNCATE_DECLARED int truncate(const char *, off_t); #endif #endif /* __POSIX_VISIBLE >= 200809 || __XSI_VISIBLE */ #if __POSIX_VISIBLE >= 200809 int faccessat(int, const char *, int, int); int fchownat(int, const char *, uid_t, gid_t, int); int fexecve(int, char *const [], char *const []); int linkat(int, const char *, int, const char *, int); ssize_t readlinkat(int, const char * __restrict, char * __restrict, size_t); int symlinkat(const char *, int, const char *); int unlinkat(int, const char *, int); #endif /* __POSIX_VISIBLE >= 200809 */ /* * symlink() was originally in POSIX.1a, which was withdrawn after * being overtaken by events (1003.1-2001). It was in XPG4.2, and of * course has been in BSD since 4.2. */ #if __POSIX_VISIBLE >= 200112 || __XSI_VISIBLE >= 402 int symlink(const char * __restrict, const char * __restrict); #endif /* X/Open System Interfaces */ #if __XSI_VISIBLE char *crypt(const char *, const char *); /* char *ctermid(char *); */ /* XXX ??? */ int encrypt(char *, int); long gethostid(void); int lockf(int, int, off_t); int nice(int); int setregid(gid_t, gid_t); int setreuid(uid_t, uid_t); #ifndef _SWAB_DECLARED #define _SWAB_DECLARED void swab(const void * __restrict, void * __restrict, ssize_t); #endif /* _SWAB_DECLARED */ void sync(void); #endif /* __XSI_VISIBLE */ #if (__XSI_VISIBLE && __XSI_VISIBLE <= 500) || __BSD_VISIBLE int brk(const void *); int chroot(const char *); int getdtablesize(void); int getpagesize(void) __pure2; char *getpass(const char *); void *sbrk(intptr_t); #endif #if (__XSI_VISIBLE && __XSI_VISIBLE <= 600) || __BSD_VISIBLE char *getwd(char *); /* obsoleted by getcwd() */ useconds_t ualarm(useconds_t, useconds_t); int usleep(useconds_t); pid_t vfork(void) __returns_twice; #endif #if __BSD_VISIBLE struct timeval; /* select(2) */ + +struct crypt_data { + int initialized; /* For compatibility with glibc. */ + char __buf[256]; /* Buffer returned by crypt_r(). */ +}; + int acct(const char *); int async_daemon(void); int check_utility_compat(const char *); const char * crypt_get_format(void); +char *crypt_r(const char *, const char *, struct crypt_data *); int crypt_set_format(const char *); int des_cipher(const char *, char *, long, int); int des_setkey(const char *key); int dup3(int, int, int); int eaccess(const char *, int); void endusershell(void); int exect(const char *, char * const *, char * const *); int execvP(const char *, const char *, char * const *); int feature_present(const char *); char *fflagstostr(u_long); int getdomainname(char *, int); int getgrouplist(const char *, gid_t, gid_t *, int *); int getloginclass(char *, size_t); mode_t getmode(const void *, mode_t); int getosreldate(void); int getpeereid(int, uid_t *, gid_t *); int getresgid(gid_t *, gid_t *, gid_t *); int getresuid(uid_t *, uid_t *, uid_t *); char *getusershell(void); int initgroups(const char *, gid_t); int iruserok(unsigned long, int, const char *, const char *); int iruserok_sa(const void *, int, int, const char *, const char *); int issetugid(void); void __FreeBSD_libc_enter_restricted_mode(void); long lpathconf(const char *, int); #ifndef _MKDTEMP_DECLARED char *mkdtemp(char *); #define _MKDTEMP_DECLARED #endif #ifndef _MKNOD_DECLARED int mknod(const char *, mode_t, dev_t); #define _MKNOD_DECLARED #endif #ifndef _MKSTEMP_DECLARED int mkstemp(char *); #define _MKSTEMP_DECLARED #endif int mkstemps(char *, int); #ifndef _MKTEMP_DECLARED char *mktemp(char *); #define _MKTEMP_DECLARED #endif int nfssvc(int, void *); int nlm_syscall(int, int, int, char **); int pipe2(int *, int); int profil(char *, size_t, vm_offset_t, int); int rcmd(char **, int, const char *, const char *, const char *, int *); int rcmd_af(char **, int, const char *, const char *, const char *, int *, int); int rcmdsh(char **, int, const char *, const char *, const char *, const char *); char *re_comp(const char *); int re_exec(const char *); int reboot(int); int revoke(const char *); pid_t rfork(int); pid_t rfork_thread(int, void *, int (*)(void *), void *); int rresvport(int *); int rresvport_af(int *, int); int ruserok(const char *, int, const char *, const char *); #if __BSD_VISIBLE #ifndef _SELECT_DECLARED #define _SELECT_DECLARED int select(int, fd_set *, fd_set *, fd_set *, struct timeval *); #endif #endif int setdomainname(const char *, int); int setgroups(int, const gid_t *); void sethostid(long); int sethostname(const char *, int); #ifndef _SETKEY_DECLARED int setkey(const char *); #define _SETKEY_DECLARED #endif int setlogin(const char *); int setloginclass(const char *); void *setmode(const char *); int setpgrp(pid_t, pid_t); /* obsoleted by setpgid() */ void setproctitle(const char *_fmt, ...) __printf0like(1, 2); int setresgid(gid_t, gid_t, gid_t); int setresuid(uid_t, uid_t, uid_t); int setrgid(gid_t); int setruid(uid_t); void setusershell(void); int strtofflags(char **, u_long *, u_long *); int swapon(const char *); int swapoff(const char *); int syscall(int, ...); off_t __syscall(quad_t, ...); int undelete(const char *); int unwhiteout(const char *); void *valloc(size_t); /* obsoleted by malloc() */ #ifndef _OPTRESET_DECLARED #define _OPTRESET_DECLARED extern int optreset; /* getopt(3) external variable */ #endif #endif /* __BSD_VISIBLE */ __END_DECLS #endif /* !_UNISTD_H_ */ Index: head/lib/libcrypt/Makefile =================================================================== --- head/lib/libcrypt/Makefile (revision 303919) +++ head/lib/libcrypt/Makefile (revision 303920) @@ -1,50 +1,51 @@ # # $FreeBSD$ # PACKAGE=lib${LIB} SHLIBDIR?= /lib .include SHLIB_MAJOR= 5 LIB= crypt .PATH: ${.CURDIR}/../libmd ${.CURDIR}/../../sys/crypto/sha2 SRCS= crypt.c misc.c \ crypt-md5.c md5c.c \ crypt-nthash.c md4c.c \ crypt-sha256.c sha256c.c \ crypt-sha512.c sha512c.c MAN= crypt.3 -MLINKS= crypt.3 crypt_get_format.3 crypt.3 crypt_set_format.3 +MLINKS= crypt.3 crypt_get_format.3 crypt.3 crypt_r.3 \ + crypt.3 crypt_set_format.3 CFLAGS+= -I${.CURDIR}/../libmd -I${.CURDIR}/../libutil \ -I${.CURDIR}/../../sys/crypto/sha2 # Pull in the strong crypto, if it is present. .if exists(${.CURDIR}/../../secure/lib/libcrypt) && ${MK_CRYPT} != "no" .PATH: ${.CURDIR}/../../secure/lib/libcrypt SRCS+= crypt-des.c crypt-blowfish.c blowfish.c CFLAGS+= -I${.CURDIR} -DHAS_DES -DHAS_BLOWFISH .endif .for sym in MD4Init MD4Final MD4Update MD4Pad \ MD5Init MD5Final MD5Update MD5Pad \ SHA256_Init SHA256_Final SHA256_Update \ SHA512_224_Init SHA512_224_Final SHA512_224_Update \ SHA512_256_Init SHA512_256_Final SHA512_256_Update \ SHA384_Init SHA384_Final SHA384_Update \ SHA512_Init SHA512_Final SHA512_Update CFLAGS+= -D${sym}=__${sym} .endfor WARNS?= 2 PRECIOUSLIB= .if ${MK_TESTS} != "no" SUBDIR+= tests .endif .include .include Index: head/lib/libcrypt/crypt-md5.c =================================================================== --- head/lib/libcrypt/crypt-md5.c (revision 303919) +++ head/lib/libcrypt/crypt-md5.c (revision 303920) @@ -1,153 +1,147 @@ /*- * Copyright (c) 2003 Poul-Henning Kamp * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ #include __FBSDID("$FreeBSD$"); #include #include #include #include #include #include #include "crypt.h" /* * UNIX password */ -char * -crypt_md5(const char *pw, const char *salt) +int +crypt_md5(const char *pw, const char *salt, char *buffer) { MD5_CTX ctx,ctx1; unsigned long l; int sl, pl; u_int i; u_char final[MD5_SIZE]; - static const char *sp, *ep; - static char passwd[120], *p; + const char *ep; static const char *magic = "$1$"; - /* Refine the Salt first */ - sp = salt; + /* If the salt starts with the magic string, skip that. */ + if (!strncmp(salt, magic, strlen(magic))) + salt += strlen(magic); - /* If it starts with the magic string, then skip that */ - if(!strncmp(sp, magic, strlen(magic))) - sp += strlen(magic); - /* It stops at the first '$', max 8 chars */ - for(ep = sp; *ep && *ep != '$' && ep < (sp + 8); ep++) + for (ep = salt; *ep && *ep != '$' && ep < salt + 8; ep++) continue; /* get the length of the true salt */ - sl = ep - sp; + sl = ep - salt; MD5Init(&ctx); /* The password first, since that is what is most unknown */ MD5Update(&ctx, (const u_char *)pw, strlen(pw)); /* Then our magic string */ MD5Update(&ctx, (const u_char *)magic, strlen(magic)); /* Then the raw salt */ - MD5Update(&ctx, (const u_char *)sp, (u_int)sl); + MD5Update(&ctx, (const u_char *)salt, (u_int)sl); /* Then just as many characters of the MD5(pw,salt,pw) */ MD5Init(&ctx1); MD5Update(&ctx1, (const u_char *)pw, strlen(pw)); - MD5Update(&ctx1, (const u_char *)sp, (u_int)sl); + MD5Update(&ctx1, (const u_char *)salt, (u_int)sl); MD5Update(&ctx1, (const u_char *)pw, strlen(pw)); MD5Final(final, &ctx1); for(pl = (int)strlen(pw); pl > 0; pl -= MD5_SIZE) MD5Update(&ctx, (const u_char *)final, (u_int)(pl > MD5_SIZE ? MD5_SIZE : pl)); /* Don't leave anything around in vm they could use. */ memset(final, 0, sizeof(final)); /* Then something really weird... */ for (i = strlen(pw); i; i >>= 1) if(i & 1) MD5Update(&ctx, (const u_char *)final, 1); else MD5Update(&ctx, (const u_char *)pw, 1); /* Now make the output string */ - strcpy(passwd, magic); - strncat(passwd, sp, (u_int)sl); - strcat(passwd, "$"); + buffer = stpcpy(buffer, magic); + buffer = stpncpy(buffer, salt, (u_int)sl); + *buffer++ = '$'; MD5Final(final, &ctx); /* * and now, just to make sure things don't run too fast * On a 60 Mhz Pentium this takes 34 msec, so you would * need 30 seconds to build a 1000 entry dictionary... */ for(i = 0; i < 1000; i++) { MD5Init(&ctx1); if(i & 1) MD5Update(&ctx1, (const u_char *)pw, strlen(pw)); else MD5Update(&ctx1, (const u_char *)final, MD5_SIZE); if(i % 3) - MD5Update(&ctx1, (const u_char *)sp, (u_int)sl); + MD5Update(&ctx1, (const u_char *)salt, (u_int)sl); if(i % 7) MD5Update(&ctx1, (const u_char *)pw, strlen(pw)); if(i & 1) MD5Update(&ctx1, (const u_char *)final, MD5_SIZE); else MD5Update(&ctx1, (const u_char *)pw, strlen(pw)); MD5Final(final, &ctx1); } - p = passwd + strlen(passwd); - l = (final[ 0]<<16) | (final[ 6]<<8) | final[12]; - _crypt_to64(p, l, 4); p += 4; + _crypt_to64(buffer, l, 4); buffer += 4; l = (final[ 1]<<16) | (final[ 7]<<8) | final[13]; - _crypt_to64(p, l, 4); p += 4; + _crypt_to64(buffer, l, 4); buffer += 4; l = (final[ 2]<<16) | (final[ 8]<<8) | final[14]; - _crypt_to64(p, l, 4); p += 4; + _crypt_to64(buffer, l, 4); buffer += 4; l = (final[ 3]<<16) | (final[ 9]<<8) | final[15]; - _crypt_to64(p, l, 4); p += 4; + _crypt_to64(buffer, l, 4); buffer += 4; l = (final[ 4]<<16) | (final[10]<<8) | final[ 5]; - _crypt_to64(p, l, 4); p += 4; + _crypt_to64(buffer, l, 4); buffer += 4; l = final[11]; - _crypt_to64(p, l, 2); p += 2; - *p = '\0'; + _crypt_to64(buffer, l, 2); buffer += 2; + *buffer = '\0'; /* Don't leave anything around in vm they could use. */ memset(final, 0, sizeof(final)); - return (passwd); + return (0); } Index: head/lib/libcrypt/crypt-nthash.c =================================================================== --- head/lib/libcrypt/crypt-nthash.c (revision 303919) +++ head/lib/libcrypt/crypt-nthash.c (revision 303920) @@ -1,88 +1,81 @@ /*- * Copyright (c) 2003 Michael Bretterklieber * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ #include __FBSDID("$FreeBSD$"); #include #include #include #include #include #include #include #include #include #include "crypt.h" /* * NT HASH = md4(str2unicode(pw)) */ /* ARGSUSED */ -char * -crypt_nthash(const char *pw, const char *salt __unused) +int +crypt_nthash(const char *pw, const char *salt __unused, char *buffer) { size_t unipwLen; - int i, j; - static char hexconvtab[] = "0123456789abcdef"; + int i; + static const char hexconvtab[] = "0123456789abcdef"; static const char *magic = "$3$"; - static char passwd[120]; u_int16_t unipw[128]; - char final[MD4_SIZE*2 + 1]; u_char hash[MD4_SIZE]; const char *s; MD4_CTX ctx; bzero(unipw, sizeof(unipw)); /* convert to unicode (thanx Archie) */ unipwLen = 0; for (s = pw; unipwLen < sizeof(unipw) / 2 && *s; s++) unipw[unipwLen++] = htons(*s << 8); /* Compute MD4 of Unicode password */ MD4Init(&ctx); MD4Update(&ctx, (u_char *)unipw, unipwLen*sizeof(u_int16_t)); MD4Final(hash, &ctx); - - for (i = j = 0; i < MD4_SIZE; i++) { - final[j++] = hexconvtab[hash[i] >> 4]; - final[j++] = hexconvtab[hash[i] & 15]; + + buffer = stpcpy(buffer, magic); + *buffer++ = '$'; + for (i = 0; i < MD4_SIZE; i++) { + *buffer++ = hexconvtab[hash[i] >> 4]; + *buffer++ = hexconvtab[hash[i] & 15]; } - final[j] = '\0'; + *buffer = '\0'; - strcpy(passwd, magic); - strcat(passwd, "$"); - strncat(passwd, final, MD4_SIZE*2); - - /* Don't leave anything around in vm they could use. */ - memset(final, 0, sizeof(final)); - - return (passwd); + return (0); } Index: head/lib/libcrypt/crypt-sha256.c =================================================================== --- head/lib/libcrypt/crypt-sha256.c (revision 303919) +++ head/lib/libcrypt/crypt-sha256.c (revision 303920) @@ -1,477 +1,431 @@ /* * Copyright (c) 2011 The FreeBSD Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ /* Based on: * SHA256-based Unix crypt implementation. Released into the Public Domain by * Ulrich Drepper . */ #include __FBSDID("$FreeBSD$"); #include #include #include #include #include #include #include #include #include #include #include "crypt.h" /* Define our magic string to mark salt for SHA256 "encryption" replacement. */ static const char sha256_salt_prefix[] = "$5$"; /* Prefix for optional rounds specification. */ static const char sha256_rounds_prefix[] = "rounds="; /* Maximum salt string length. */ #define SALT_LEN_MAX 16 /* Default number of rounds if not explicitly specified. */ #define ROUNDS_DEFAULT 5000 /* Minimum number of rounds. */ #define ROUNDS_MIN 1000 /* Maximum number of rounds. */ #define ROUNDS_MAX 999999999 -static char * -crypt_sha256_r(const char *key, const char *salt, char *buffer, int buflen) +int +crypt_sha256(const char *key, const char *salt, char *buffer) { u_long srounds; - int n; uint8_t alt_result[32], temp_result[32]; SHA256_CTX ctx, alt_ctx; size_t salt_len, key_len, cnt, rounds; char *cp, *copied_key, *copied_salt, *p_bytes, *s_bytes, *endp; const char *num; bool rounds_custom; copied_key = NULL; copied_salt = NULL; /* Default number of rounds. */ rounds = ROUNDS_DEFAULT; rounds_custom = false; /* Find beginning of salt string. The prefix should normally always * be present. Just in case it is not. */ if (strncmp(sha256_salt_prefix, salt, sizeof(sha256_salt_prefix) - 1) == 0) /* Skip salt prefix. */ salt += sizeof(sha256_salt_prefix) - 1; if (strncmp(salt, sha256_rounds_prefix, sizeof(sha256_rounds_prefix) - 1) == 0) { num = salt + sizeof(sha256_rounds_prefix) - 1; srounds = strtoul(num, &endp, 10); if (*endp == '$') { salt = endp + 1; rounds = MAX(ROUNDS_MIN, MIN(srounds, ROUNDS_MAX)); rounds_custom = true; } } salt_len = MIN(strcspn(salt, "$"), SALT_LEN_MAX); key_len = strlen(key); /* Prepare for the real work. */ SHA256_Init(&ctx); /* Add the key string. */ SHA256_Update(&ctx, key, key_len); /* The last part is the salt string. This must be at most 8 * characters and it ends at the first `$' character (for * compatibility with existing implementations). */ SHA256_Update(&ctx, salt, salt_len); /* Compute alternate SHA256 sum with input KEY, SALT, and KEY. The * final result will be added to the first context. */ SHA256_Init(&alt_ctx); /* Add key. */ SHA256_Update(&alt_ctx, key, key_len); /* Add salt. */ SHA256_Update(&alt_ctx, salt, salt_len); /* Add key again. */ SHA256_Update(&alt_ctx, key, key_len); /* Now get result of this (32 bytes) and add it to the other context. */ SHA256_Final(alt_result, &alt_ctx); /* Add for any character in the key one byte of the alternate sum. */ for (cnt = key_len; cnt > 32; cnt -= 32) SHA256_Update(&ctx, alt_result, 32); SHA256_Update(&ctx, alt_result, cnt); /* Take the binary representation of the length of the key and for * every 1 add the alternate sum, for every 0 the key. */ for (cnt = key_len; cnt > 0; cnt >>= 1) if ((cnt & 1) != 0) SHA256_Update(&ctx, alt_result, 32); else SHA256_Update(&ctx, key, key_len); /* Create intermediate result. */ SHA256_Final(alt_result, &ctx); /* Start computation of P byte sequence. */ SHA256_Init(&alt_ctx); /* For every character in the password add the entire password. */ for (cnt = 0; cnt < key_len; ++cnt) SHA256_Update(&alt_ctx, key, key_len); /* Finish the digest. */ SHA256_Final(temp_result, &alt_ctx); /* Create byte sequence P. */ cp = p_bytes = alloca(key_len); for (cnt = key_len; cnt >= 32; cnt -= 32) { memcpy(cp, temp_result, 32); cp += 32; } memcpy(cp, temp_result, cnt); /* Start computation of S byte sequence. */ SHA256_Init(&alt_ctx); /* For every character in the password add the entire password. */ for (cnt = 0; cnt < 16 + alt_result[0]; ++cnt) SHA256_Update(&alt_ctx, salt, salt_len); /* Finish the digest. */ SHA256_Final(temp_result, &alt_ctx); /* Create byte sequence S. */ cp = s_bytes = alloca(salt_len); for (cnt = salt_len; cnt >= 32; cnt -= 32) { memcpy(cp, temp_result, 32); cp += 32; } memcpy(cp, temp_result, cnt); /* Repeatedly run the collected hash value through SHA256 to burn CPU * cycles. */ for (cnt = 0; cnt < rounds; ++cnt) { /* New context. */ SHA256_Init(&ctx); /* Add key or last result. */ if ((cnt & 1) != 0) SHA256_Update(&ctx, p_bytes, key_len); else SHA256_Update(&ctx, alt_result, 32); /* Add salt for numbers not divisible by 3. */ if (cnt % 3 != 0) SHA256_Update(&ctx, s_bytes, salt_len); /* Add key for numbers not divisible by 7. */ if (cnt % 7 != 0) SHA256_Update(&ctx, p_bytes, key_len); /* Add key or last result. */ if ((cnt & 1) != 0) SHA256_Update(&ctx, alt_result, 32); else SHA256_Update(&ctx, p_bytes, key_len); /* Create intermediate result. */ SHA256_Final(alt_result, &ctx); } /* Now we can construct the result string. It consists of three * parts. */ - cp = stpncpy(buffer, sha256_salt_prefix, MAX(0, buflen)); - buflen -= sizeof(sha256_salt_prefix) - 1; + cp = stpcpy(buffer, sha256_salt_prefix); - if (rounds_custom) { - n = snprintf(cp, MAX(0, buflen), "%s%zu$", - sha256_rounds_prefix, rounds); + if (rounds_custom) + cp += sprintf(cp, "%s%zu$", sha256_rounds_prefix, rounds); - cp += n; - buflen -= n; - } + cp = stpncpy(cp, salt, salt_len); - cp = stpncpy(cp, salt, MIN((size_t)MAX(0, buflen), salt_len)); - buflen -= MIN((size_t)MAX(0, buflen), salt_len); + *cp++ = '$'; - if (buflen > 0) { - *cp++ = '$'; - --buflen; - } + b64_from_24bit(alt_result[0], alt_result[10], alt_result[20], 4, &cp); + b64_from_24bit(alt_result[21], alt_result[1], alt_result[11], 4, &cp); + b64_from_24bit(alt_result[12], alt_result[22], alt_result[2], 4, &cp); + b64_from_24bit(alt_result[3], alt_result[13], alt_result[23], 4, &cp); + b64_from_24bit(alt_result[24], alt_result[4], alt_result[14], 4, &cp); + b64_from_24bit(alt_result[15], alt_result[25], alt_result[5], 4, &cp); + b64_from_24bit(alt_result[6], alt_result[16], alt_result[26], 4, &cp); + b64_from_24bit(alt_result[27], alt_result[7], alt_result[17], 4, &cp); + b64_from_24bit(alt_result[18], alt_result[28], alt_result[8], 4, &cp); + b64_from_24bit(alt_result[9], alt_result[19], alt_result[29], 4, &cp); + b64_from_24bit(0, alt_result[31], alt_result[30], 3, &cp); + *cp = '\0'; /* Terminate the string. */ - b64_from_24bit(alt_result[0], alt_result[10], alt_result[20], 4, &buflen, &cp); - b64_from_24bit(alt_result[21], alt_result[1], alt_result[11], 4, &buflen, &cp); - b64_from_24bit(alt_result[12], alt_result[22], alt_result[2], 4, &buflen, &cp); - b64_from_24bit(alt_result[3], alt_result[13], alt_result[23], 4, &buflen, &cp); - b64_from_24bit(alt_result[24], alt_result[4], alt_result[14], 4, &buflen, &cp); - b64_from_24bit(alt_result[15], alt_result[25], alt_result[5], 4, &buflen, &cp); - b64_from_24bit(alt_result[6], alt_result[16], alt_result[26], 4, &buflen, &cp); - b64_from_24bit(alt_result[27], alt_result[7], alt_result[17], 4, &buflen, &cp); - b64_from_24bit(alt_result[18], alt_result[28], alt_result[8], 4, &buflen, &cp); - b64_from_24bit(alt_result[9], alt_result[19], alt_result[29], 4, &buflen, &cp); - b64_from_24bit(0, alt_result[31], alt_result[30], 3, &buflen, &cp); - if (buflen <= 0) { - errno = ERANGE; - buffer = NULL; - } - else - *cp = '\0'; /* Terminate the string. */ - /* Clear the buffer for the intermediate result so that people * attaching to processes or reading core dumps cannot get any * information. We do it in this way to clear correct_words[] inside * the SHA256 implementation as well. */ SHA256_Init(&ctx); SHA256_Final(alt_result, &ctx); memset(temp_result, '\0', sizeof(temp_result)); memset(p_bytes, '\0', key_len); memset(s_bytes, '\0', salt_len); memset(&ctx, '\0', sizeof(ctx)); memset(&alt_ctx, '\0', sizeof(alt_ctx)); if (copied_key != NULL) memset(copied_key, '\0', key_len); if (copied_salt != NULL) memset(copied_salt, '\0', salt_len); - return buffer; -} - -/* This entry point is equivalent to crypt(3). */ -char * -crypt_sha256(const char *key, const char *salt) -{ - /* We don't want to have an arbitrary limit in the size of the - * password. We can compute an upper bound for the size of the - * result in advance and so we can prepare the buffer we pass to - * `crypt_sha256_r'. */ - static char *buffer; - static int buflen; - int needed; - char *new_buffer; - - needed = (sizeof(sha256_salt_prefix) - 1 - + sizeof(sha256_rounds_prefix) + 9 + 1 - + strlen(salt) + 1 + 43 + 1); - - if (buflen < needed) { - new_buffer = (char *)realloc(buffer, needed); - - if (new_buffer == NULL) - return NULL; - - buffer = new_buffer; - buflen = needed; - } - - return crypt_sha256_r(key, salt, buffer, buflen); + return (0); } #ifdef TEST static const struct { const char *input; const char result[32]; } tests[] = { /* Test vectors from FIPS 180-2: appendix B.1. */ { "abc", "\xba\x78\x16\xbf\x8f\x01\xcf\xea\x41\x41\x40\xde\x5d\xae\x22\x23" "\xb0\x03\x61\xa3\x96\x17\x7a\x9c\xb4\x10\xff\x61\xf2\x00\x15\xad" }, /* Test vectors from FIPS 180-2: appendix B.2. */ { "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq", "\x24\x8d\x6a\x61\xd2\x06\x38\xb8\xe5\xc0\x26\x93\x0c\x3e\x60\x39" "\xa3\x3c\xe4\x59\x64\xff\x21\x67\xf6\xec\xed\xd4\x19\xdb\x06\xc1" }, /* Test vectors from the NESSIE project. */ { "", "\xe3\xb0\xc4\x42\x98\xfc\x1c\x14\x9a\xfb\xf4\xc8\x99\x6f\xb9\x24" "\x27\xae\x41\xe4\x64\x9b\x93\x4c\xa4\x95\x99\x1b\x78\x52\xb8\x55" }, { "a", "\xca\x97\x81\x12\xca\x1b\xbd\xca\xfa\xc2\x31\xb3\x9a\x23\xdc\x4d" "\xa7\x86\xef\xf8\x14\x7c\x4e\x72\xb9\x80\x77\x85\xaf\xee\x48\xbb" }, { "message digest", "\xf7\x84\x6f\x55\xcf\x23\xe1\x4e\xeb\xea\xb5\xb4\xe1\x55\x0c\xad" "\x5b\x50\x9e\x33\x48\xfb\xc4\xef\xa3\xa1\x41\x3d\x39\x3c\xb6\x50" }, { "abcdefghijklmnopqrstuvwxyz", "\x71\xc4\x80\xdf\x93\xd6\xae\x2f\x1e\xfa\xd1\x44\x7c\x66\xc9\x52" "\x5e\x31\x62\x18\xcf\x51\xfc\x8d\x9e\xd8\x32\xf2\xda\xf1\x8b\x73" }, { "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq", "\x24\x8d\x6a\x61\xd2\x06\x38\xb8\xe5\xc0\x26\x93\x0c\x3e\x60\x39" "\xa3\x3c\xe4\x59\x64\xff\x21\x67\xf6\xec\xed\xd4\x19\xdb\x06\xc1" }, { "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789", "\xdb\x4b\xfc\xbd\x4d\xa0\xcd\x85\xa6\x0c\x3c\x37\xd3\xfb\xd8\x80" "\x5c\x77\xf1\x5f\xc6\xb1\xfd\xfe\x61\x4e\xe0\xa7\xc8\xfd\xb4\xc0" }, { "123456789012345678901234567890123456789012345678901234567890" "12345678901234567890", "\xf3\x71\xbc\x4a\x31\x1f\x2b\x00\x9e\xef\x95\x2d\xd8\x3c\xa8\x0e" "\x2b\x60\x02\x6c\x8e\x93\x55\x92\xd0\xf9\xc3\x08\x45\x3c\x81\x3e" } }; #define ntests (sizeof (tests) / sizeof (tests[0])) static const struct { const char *salt; const char *input; const char *expected; } tests2[] = { { "$5$saltstring", "Hello world!", "$5$saltstring$5B8vYYiY.CVt1RlTTf8KbXBH3hsxY/GNooZaBBGWEc5" }, { "$5$rounds=10000$saltstringsaltstring", "Hello world!", "$5$rounds=10000$saltstringsaltst$3xv.VbSHBb41AL9AvLeujZkZRBAwqFMz2." "opqey6IcA" }, { "$5$rounds=5000$toolongsaltstring", "This is just a test", "$5$rounds=5000$toolongsaltstrin$Un/5jzAHMgOGZ5.mWJpuVolil07guHPvOW8" "mGRcvxa5" }, { "$5$rounds=1400$anotherlongsaltstring", "a very much longer text to encrypt. This one even stretches over more" "than one line.", "$5$rounds=1400$anotherlongsalts$Rx.j8H.h8HjEDGomFU8bDkXm3XIUnzyxf12" "oP84Bnq1" }, { "$5$rounds=77777$short", "we have a short salt string but not a short password", "$5$rounds=77777$short$JiO1O3ZpDAxGJeaDIuqCoEFysAe1mZNJRs3pw0KQRd/" }, { "$5$rounds=123456$asaltof16chars..", "a short string", "$5$rounds=123456$asaltof16chars..$gP3VQ/6X7UUEW3HkBn2w1/Ptq2jxPyzV/" "cZKmF/wJvD" }, { "$5$rounds=10$roundstoolow", "the minimum number is still observed", "$5$rounds=1000$roundstoolow$yfvwcWrQ8l/K0DAWyuPMDNHpIVlTQebY9l/gL97" "2bIC" }, }; #define ntests2 (sizeof (tests2) / sizeof (tests2[0])) int main(void) { SHA256_CTX ctx; uint8_t sum[32]; int result = 0; int i, cnt; for (cnt = 0; cnt < (int)ntests; ++cnt) { SHA256_Init(&ctx); SHA256_Update(&ctx, tests[cnt].input, strlen(tests[cnt].input)); SHA256_Final(sum, &ctx); if (memcmp(tests[cnt].result, sum, 32) != 0) { for (i = 0; i < 32; i++) printf("%02X", tests[cnt].result[i]); printf("\n"); for (i = 0; i < 32; i++) printf("%02X", sum[i]); printf("\n"); printf("test %d run %d failed\n", cnt, 1); result = 1; } SHA256_Init(&ctx); for (i = 0; tests[cnt].input[i] != '\0'; ++i) SHA256_Update(&ctx, &tests[cnt].input[i], 1); SHA256_Final(sum, &ctx); if (memcmp(tests[cnt].result, sum, 32) != 0) { for (i = 0; i < 32; i++) printf("%02X", tests[cnt].result[i]); printf("\n"); for (i = 0; i < 32; i++) printf("%02X", sum[i]); printf("\n"); printf("test %d run %d failed\n", cnt, 2); result = 1; } } /* Test vector from FIPS 180-2: appendix B.3. */ char buf[1000]; memset(buf, 'a', sizeof(buf)); SHA256_Init(&ctx); for (i = 0; i < 1000; ++i) SHA256_Update(&ctx, buf, sizeof(buf)); SHA256_Final(sum, &ctx); static const char expected[32] = "\xcd\xc7\x6e\x5c\x99\x14\xfb\x92\x81\xa1\xc7\xe2\x84\xd7\x3e\x67" "\xf1\x80\x9a\x48\xa4\x97\x20\x0e\x04\x6d\x39\xcc\xc7\x11\x2c\xd0"; if (memcmp(expected, sum, 32) != 0) { printf("test %d failed\n", cnt); result = 1; } for (cnt = 0; cnt < ntests2; ++cnt) { char *cp = crypt_sha256(tests2[cnt].input, tests2[cnt].salt); if (strcmp(cp, tests2[cnt].expected) != 0) { printf("test %d: expected \"%s\", got \"%s\"\n", cnt, tests2[cnt].expected, cp); result = 1; } } if (result == 0) puts("all tests OK"); return result; } #endif /* TEST */ Index: head/lib/libcrypt/crypt-sha512.c =================================================================== --- head/lib/libcrypt/crypt-sha512.c (revision 303919) +++ head/lib/libcrypt/crypt-sha512.c (revision 303920) @@ -1,500 +1,454 @@ /* * Copyright (c) 2011 The FreeBSD Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ /* Based on: * SHA512-based Unix crypt implementation. Released into the Public Domain by * Ulrich Drepper . */ #include __FBSDID("$FreeBSD$"); #include #include #include #include #include #include #include #include #include #include #include "crypt.h" /* Define our magic string to mark salt for SHA512 "encryption" replacement. */ static const char sha512_salt_prefix[] = "$6$"; /* Prefix for optional rounds specification. */ static const char sha512_rounds_prefix[] = "rounds="; /* Maximum salt string length. */ #define SALT_LEN_MAX 16 /* Default number of rounds if not explicitly specified. */ #define ROUNDS_DEFAULT 5000 /* Minimum number of rounds. */ #define ROUNDS_MIN 1000 /* Maximum number of rounds. */ #define ROUNDS_MAX 999999999 -static char * -crypt_sha512_r(const char *key, const char *salt, char *buffer, int buflen) +int +crypt_sha512(const char *key, const char *salt, char *buffer) { u_long srounds; - int n; uint8_t alt_result[64], temp_result[64]; SHA512_CTX ctx, alt_ctx; size_t salt_len, key_len, cnt, rounds; char *cp, *copied_key, *copied_salt, *p_bytes, *s_bytes, *endp; const char *num; bool rounds_custom; copied_key = NULL; copied_salt = NULL; /* Default number of rounds. */ rounds = ROUNDS_DEFAULT; rounds_custom = false; /* Find beginning of salt string. The prefix should normally always * be present. Just in case it is not. */ if (strncmp(sha512_salt_prefix, salt, sizeof(sha512_salt_prefix) - 1) == 0) /* Skip salt prefix. */ salt += sizeof(sha512_salt_prefix) - 1; if (strncmp(salt, sha512_rounds_prefix, sizeof(sha512_rounds_prefix) - 1) == 0) { num = salt + sizeof(sha512_rounds_prefix) - 1; srounds = strtoul(num, &endp, 10); if (*endp == '$') { salt = endp + 1; rounds = MAX(ROUNDS_MIN, MIN(srounds, ROUNDS_MAX)); rounds_custom = true; } } salt_len = MIN(strcspn(salt, "$"), SALT_LEN_MAX); key_len = strlen(key); /* Prepare for the real work. */ SHA512_Init(&ctx); /* Add the key string. */ SHA512_Update(&ctx, key, key_len); /* The last part is the salt string. This must be at most 8 * characters and it ends at the first `$' character (for * compatibility with existing implementations). */ SHA512_Update(&ctx, salt, salt_len); /* Compute alternate SHA512 sum with input KEY, SALT, and KEY. The * final result will be added to the first context. */ SHA512_Init(&alt_ctx); /* Add key. */ SHA512_Update(&alt_ctx, key, key_len); /* Add salt. */ SHA512_Update(&alt_ctx, salt, salt_len); /* Add key again. */ SHA512_Update(&alt_ctx, key, key_len); /* Now get result of this (64 bytes) and add it to the other context. */ SHA512_Final(alt_result, &alt_ctx); /* Add for any character in the key one byte of the alternate sum. */ for (cnt = key_len; cnt > 64; cnt -= 64) SHA512_Update(&ctx, alt_result, 64); SHA512_Update(&ctx, alt_result, cnt); /* Take the binary representation of the length of the key and for * every 1 add the alternate sum, for every 0 the key. */ for (cnt = key_len; cnt > 0; cnt >>= 1) if ((cnt & 1) != 0) SHA512_Update(&ctx, alt_result, 64); else SHA512_Update(&ctx, key, key_len); /* Create intermediate result. */ SHA512_Final(alt_result, &ctx); /* Start computation of P byte sequence. */ SHA512_Init(&alt_ctx); /* For every character in the password add the entire password. */ for (cnt = 0; cnt < key_len; ++cnt) SHA512_Update(&alt_ctx, key, key_len); /* Finish the digest. */ SHA512_Final(temp_result, &alt_ctx); /* Create byte sequence P. */ cp = p_bytes = alloca(key_len); for (cnt = key_len; cnt >= 64; cnt -= 64) { memcpy(cp, temp_result, 64); cp += 64; } memcpy(cp, temp_result, cnt); /* Start computation of S byte sequence. */ SHA512_Init(&alt_ctx); /* For every character in the password add the entire password. */ for (cnt = 0; cnt < 16 + alt_result[0]; ++cnt) SHA512_Update(&alt_ctx, salt, salt_len); /* Finish the digest. */ SHA512_Final(temp_result, &alt_ctx); /* Create byte sequence S. */ cp = s_bytes = alloca(salt_len); for (cnt = salt_len; cnt >= 64; cnt -= 64) { memcpy(cp, temp_result, 64); cp += 64; } memcpy(cp, temp_result, cnt); /* Repeatedly run the collected hash value through SHA512 to burn CPU * cycles. */ for (cnt = 0; cnt < rounds; ++cnt) { /* New context. */ SHA512_Init(&ctx); /* Add key or last result. */ if ((cnt & 1) != 0) SHA512_Update(&ctx, p_bytes, key_len); else SHA512_Update(&ctx, alt_result, 64); /* Add salt for numbers not divisible by 3. */ if (cnt % 3 != 0) SHA512_Update(&ctx, s_bytes, salt_len); /* Add key for numbers not divisible by 7. */ if (cnt % 7 != 0) SHA512_Update(&ctx, p_bytes, key_len); /* Add key or last result. */ if ((cnt & 1) != 0) SHA512_Update(&ctx, alt_result, 64); else SHA512_Update(&ctx, p_bytes, key_len); /* Create intermediate result. */ SHA512_Final(alt_result, &ctx); } /* Now we can construct the result string. It consists of three * parts. */ - cp = stpncpy(buffer, sha512_salt_prefix, MAX(0, buflen)); - buflen -= sizeof(sha512_salt_prefix) - 1; + cp = stpcpy(buffer, sha512_salt_prefix); - if (rounds_custom) { - n = snprintf(cp, MAX(0, buflen), "%s%zu$", - sha512_rounds_prefix, rounds); + if (rounds_custom) + cp += sprintf(cp, "%s%zu$", sha512_rounds_prefix, rounds); - cp += n; - buflen -= n; - } + cp = stpncpy(cp, salt, salt_len); - cp = stpncpy(cp, salt, MIN((size_t)MAX(0, buflen), salt_len)); - buflen -= MIN((size_t)MAX(0, buflen), salt_len); + *cp++ = '$'; - if (buflen > 0) { - *cp++ = '$'; - --buflen; - } + b64_from_24bit(alt_result[0], alt_result[21], alt_result[42], 4, &cp); + b64_from_24bit(alt_result[22], alt_result[43], alt_result[1], 4, &cp); + b64_from_24bit(alt_result[44], alt_result[2], alt_result[23], 4, &cp); + b64_from_24bit(alt_result[3], alt_result[24], alt_result[45], 4, &cp); + b64_from_24bit(alt_result[25], alt_result[46], alt_result[4], 4, &cp); + b64_from_24bit(alt_result[47], alt_result[5], alt_result[26], 4, &cp); + b64_from_24bit(alt_result[6], alt_result[27], alt_result[48], 4, &cp); + b64_from_24bit(alt_result[28], alt_result[49], alt_result[7], 4, &cp); + b64_from_24bit(alt_result[50], alt_result[8], alt_result[29], 4, &cp); + b64_from_24bit(alt_result[9], alt_result[30], alt_result[51], 4, &cp); + b64_from_24bit(alt_result[31], alt_result[52], alt_result[10], 4, &cp); + b64_from_24bit(alt_result[53], alt_result[11], alt_result[32], 4, &cp); + b64_from_24bit(alt_result[12], alt_result[33], alt_result[54], 4, &cp); + b64_from_24bit(alt_result[34], alt_result[55], alt_result[13], 4, &cp); + b64_from_24bit(alt_result[56], alt_result[14], alt_result[35], 4, &cp); + b64_from_24bit(alt_result[15], alt_result[36], alt_result[57], 4, &cp); + b64_from_24bit(alt_result[37], alt_result[58], alt_result[16], 4, &cp); + b64_from_24bit(alt_result[59], alt_result[17], alt_result[38], 4, &cp); + b64_from_24bit(alt_result[18], alt_result[39], alt_result[60], 4, &cp); + b64_from_24bit(alt_result[40], alt_result[61], alt_result[19], 4, &cp); + b64_from_24bit(alt_result[62], alt_result[20], alt_result[41], 4, &cp); + b64_from_24bit(0, 0, alt_result[63], 2, &cp); - b64_from_24bit(alt_result[0], alt_result[21], alt_result[42], 4, &buflen, &cp); - b64_from_24bit(alt_result[22], alt_result[43], alt_result[1], 4, &buflen, &cp); - b64_from_24bit(alt_result[44], alt_result[2], alt_result[23], 4, &buflen, &cp); - b64_from_24bit(alt_result[3], alt_result[24], alt_result[45], 4, &buflen, &cp); - b64_from_24bit(alt_result[25], alt_result[46], alt_result[4], 4, &buflen, &cp); - b64_from_24bit(alt_result[47], alt_result[5], alt_result[26], 4, &buflen, &cp); - b64_from_24bit(alt_result[6], alt_result[27], alt_result[48], 4, &buflen, &cp); - b64_from_24bit(alt_result[28], alt_result[49], alt_result[7], 4, &buflen, &cp); - b64_from_24bit(alt_result[50], alt_result[8], alt_result[29], 4, &buflen, &cp); - b64_from_24bit(alt_result[9], alt_result[30], alt_result[51], 4, &buflen, &cp); - b64_from_24bit(alt_result[31], alt_result[52], alt_result[10], 4, &buflen, &cp); - b64_from_24bit(alt_result[53], alt_result[11], alt_result[32], 4, &buflen, &cp); - b64_from_24bit(alt_result[12], alt_result[33], alt_result[54], 4, &buflen, &cp); - b64_from_24bit(alt_result[34], alt_result[55], alt_result[13], 4, &buflen, &cp); - b64_from_24bit(alt_result[56], alt_result[14], alt_result[35], 4, &buflen, &cp); - b64_from_24bit(alt_result[15], alt_result[36], alt_result[57], 4, &buflen, &cp); - b64_from_24bit(alt_result[37], alt_result[58], alt_result[16], 4, &buflen, &cp); - b64_from_24bit(alt_result[59], alt_result[17], alt_result[38], 4, &buflen, &cp); - b64_from_24bit(alt_result[18], alt_result[39], alt_result[60], 4, &buflen, &cp); - b64_from_24bit(alt_result[40], alt_result[61], alt_result[19], 4, &buflen, &cp); - b64_from_24bit(alt_result[62], alt_result[20], alt_result[41], 4, &buflen, &cp); - b64_from_24bit(0, 0, alt_result[63], 2, &buflen, &cp); + *cp = '\0'; /* Terminate the string. */ - if (buflen <= 0) { - errno = ERANGE; - buffer = NULL; - } - else - *cp = '\0'; /* Terminate the string. */ - /* Clear the buffer for the intermediate result so that people * attaching to processes or reading core dumps cannot get any * information. We do it in this way to clear correct_words[] inside * the SHA512 implementation as well. */ SHA512_Init(&ctx); SHA512_Final(alt_result, &ctx); memset(temp_result, '\0', sizeof(temp_result)); memset(p_bytes, '\0', key_len); memset(s_bytes, '\0', salt_len); memset(&ctx, '\0', sizeof(ctx)); memset(&alt_ctx, '\0', sizeof(alt_ctx)); if (copied_key != NULL) memset(copied_key, '\0', key_len); if (copied_salt != NULL) memset(copied_salt, '\0', salt_len); - return buffer; -} - -/* This entry point is equivalent to crypt(3). */ -char * -crypt_sha512(const char *key, const char *salt) -{ - /* We don't want to have an arbitrary limit in the size of the - * password. We can compute an upper bound for the size of the - * result in advance and so we can prepare the buffer we pass to - * `crypt_sha512_r'. */ - static char *buffer; - static int buflen; - int needed; - char *new_buffer; - - needed = (sizeof(sha512_salt_prefix) - 1 - + sizeof(sha512_rounds_prefix) + 9 + 1 - + strlen(salt) + 1 + 86 + 1); - - if (buflen < needed) { - new_buffer = (char *)realloc(buffer, needed); - - if (new_buffer == NULL) - return NULL; - - buffer = new_buffer; - buflen = needed; - } - - return crypt_sha512_r(key, salt, buffer, buflen); + return (0); } #ifdef TEST static const struct { const char *input; const char result[64]; } tests[] = { /* Test vectors from FIPS 180-2: appendix C.1. */ { "abc", "\xdd\xaf\x35\xa1\x93\x61\x7a\xba\xcc\x41\x73\x49\xae\x20\x41\x31" "\x12\xe6\xfa\x4e\x89\xa9\x7e\xa2\x0a\x9e\xee\xe6\x4b\x55\xd3\x9a" "\x21\x92\x99\x2a\x27\x4f\xc1\xa8\x36\xba\x3c\x23\xa3\xfe\xeb\xbd" "\x45\x4d\x44\x23\x64\x3c\xe8\x0e\x2a\x9a\xc9\x4f\xa5\x4c\xa4\x9f" }, /* Test vectors from FIPS 180-2: appendix C.2. */ { "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmn" "hijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu", "\x8e\x95\x9b\x75\xda\xe3\x13\xda\x8c\xf4\xf7\x28\x14\xfc\x14\x3f" "\x8f\x77\x79\xc6\xeb\x9f\x7f\xa1\x72\x99\xae\xad\xb6\x88\x90\x18" "\x50\x1d\x28\x9e\x49\x00\xf7\xe4\x33\x1b\x99\xde\xc4\xb5\x43\x3a" "\xc7\xd3\x29\xee\xb6\xdd\x26\x54\x5e\x96\xe5\x5b\x87\x4b\xe9\x09" }, /* Test vectors from the NESSIE project. */ { "", "\xcf\x83\xe1\x35\x7e\xef\xb8\xbd\xf1\x54\x28\x50\xd6\x6d\x80\x07" "\xd6\x20\xe4\x05\x0b\x57\x15\xdc\x83\xf4\xa9\x21\xd3\x6c\xe9\xce" "\x47\xd0\xd1\x3c\x5d\x85\xf2\xb0\xff\x83\x18\xd2\x87\x7e\xec\x2f" "\x63\xb9\x31\xbd\x47\x41\x7a\x81\xa5\x38\x32\x7a\xf9\x27\xda\x3e" }, { "a", "\x1f\x40\xfc\x92\xda\x24\x16\x94\x75\x09\x79\xee\x6c\xf5\x82\xf2" "\xd5\xd7\xd2\x8e\x18\x33\x5d\xe0\x5a\xbc\x54\xd0\x56\x0e\x0f\x53" "\x02\x86\x0c\x65\x2b\xf0\x8d\x56\x02\x52\xaa\x5e\x74\x21\x05\x46" "\xf3\x69\xfb\xbb\xce\x8c\x12\xcf\xc7\x95\x7b\x26\x52\xfe\x9a\x75" }, { "message digest", "\x10\x7d\xbf\x38\x9d\x9e\x9f\x71\xa3\xa9\x5f\x6c\x05\x5b\x92\x51" "\xbc\x52\x68\xc2\xbe\x16\xd6\xc1\x34\x92\xea\x45\xb0\x19\x9f\x33" "\x09\xe1\x64\x55\xab\x1e\x96\x11\x8e\x8a\x90\x5d\x55\x97\xb7\x20" "\x38\xdd\xb3\x72\xa8\x98\x26\x04\x6d\xe6\x66\x87\xbb\x42\x0e\x7c" }, { "abcdefghijklmnopqrstuvwxyz", "\x4d\xbf\xf8\x6c\xc2\xca\x1b\xae\x1e\x16\x46\x8a\x05\xcb\x98\x81" "\xc9\x7f\x17\x53\xbc\xe3\x61\x90\x34\x89\x8f\xaa\x1a\xab\xe4\x29" "\x95\x5a\x1b\xf8\xec\x48\x3d\x74\x21\xfe\x3c\x16\x46\x61\x3a\x59" "\xed\x54\x41\xfb\x0f\x32\x13\x89\xf7\x7f\x48\xa8\x79\xc7\xb1\xf1" }, { "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq", "\x20\x4a\x8f\xc6\xdd\xa8\x2f\x0a\x0c\xed\x7b\xeb\x8e\x08\xa4\x16" "\x57\xc1\x6e\xf4\x68\xb2\x28\xa8\x27\x9b\xe3\x31\xa7\x03\xc3\x35" "\x96\xfd\x15\xc1\x3b\x1b\x07\xf9\xaa\x1d\x3b\xea\x57\x78\x9c\xa0" "\x31\xad\x85\xc7\xa7\x1d\xd7\x03\x54\xec\x63\x12\x38\xca\x34\x45" }, { "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789", "\x1e\x07\xbe\x23\xc2\x6a\x86\xea\x37\xea\x81\x0c\x8e\xc7\x80\x93" "\x52\x51\x5a\x97\x0e\x92\x53\xc2\x6f\x53\x6c\xfc\x7a\x99\x96\xc4" "\x5c\x83\x70\x58\x3e\x0a\x78\xfa\x4a\x90\x04\x1d\x71\xa4\xce\xab" "\x74\x23\xf1\x9c\x71\xb9\xd5\xa3\xe0\x12\x49\xf0\xbe\xbd\x58\x94" }, { "123456789012345678901234567890123456789012345678901234567890" "12345678901234567890", "\x72\xec\x1e\xf1\x12\x4a\x45\xb0\x47\xe8\xb7\xc7\x5a\x93\x21\x95" "\x13\x5b\xb6\x1d\xe2\x4e\xc0\xd1\x91\x40\x42\x24\x6e\x0a\xec\x3a" "\x23\x54\xe0\x93\xd7\x6f\x30\x48\xb4\x56\x76\x43\x46\x90\x0c\xb1" "\x30\xd2\xa4\xfd\x5d\xd1\x6a\xbb\x5e\x30\xbc\xb8\x50\xde\xe8\x43" } }; #define ntests (sizeof (tests) / sizeof (tests[0])) static const struct { const char *salt; const char *input; const char *expected; } tests2[] = { { "$6$saltstring", "Hello world!", "$6$saltstring$svn8UoSVapNtMuq1ukKS4tPQd8iKwSMHWjl/O817G3uBnIFNjnQJu" "esI68u4OTLiBFdcbYEdFCoEOfaS35inz1" }, { "$6$rounds=10000$saltstringsaltstring", "Hello world!", "$6$rounds=10000$saltstringsaltst$OW1/O6BYHV6BcXZu8QVeXbDWra3Oeqh0sb" "HbbMCVNSnCM/UrjmM0Dp8vOuZeHBy/YTBmSK6H9qs/y3RnOaw5v." }, { "$6$rounds=5000$toolongsaltstring", "This is just a test", "$6$rounds=5000$toolongsaltstrin$lQ8jolhgVRVhY4b5pZKaysCLi0QBxGoNeKQ" "zQ3glMhwllF7oGDZxUhx1yxdYcz/e1JSbq3y6JMxxl8audkUEm0" }, { "$6$rounds=1400$anotherlongsaltstring", "a very much longer text to encrypt. This one even stretches over more" "than one line.", "$6$rounds=1400$anotherlongsalts$POfYwTEok97VWcjxIiSOjiykti.o/pQs.wP" "vMxQ6Fm7I6IoYN3CmLs66x9t0oSwbtEW7o7UmJEiDwGqd8p4ur1" }, { "$6$rounds=77777$short", "we have a short salt string but not a short password", "$6$rounds=77777$short$WuQyW2YR.hBNpjjRhpYD/ifIw05xdfeEyQoMxIXbkvr0g" "ge1a1x3yRULJ5CCaUeOxFmtlcGZelFl5CxtgfiAc0" }, { "$6$rounds=123456$asaltof16chars..", "a short string", "$6$rounds=123456$asaltof16chars..$BtCwjqMJGx5hrJhZywWvt0RLE8uZ4oPwc" "elCjmw2kSYu.Ec6ycULevoBK25fs2xXgMNrCzIMVcgEJAstJeonj1" }, { "$6$rounds=10$roundstoolow", "the minimum number is still observed", "$6$rounds=1000$roundstoolow$kUMsbe306n21p9R.FRkW3IGn.S9NPN0x50YhH1x" "hLsPuWGsUSklZt58jaTfF4ZEQpyUNGc0dqbpBYYBaHHrsX." }, }; #define ntests2 (sizeof (tests2) / sizeof (tests2[0])) int main(void) { SHA512_CTX ctx; uint8_t sum[64]; int result = 0; int i, cnt; for (cnt = 0; cnt < (int)ntests; ++cnt) { SHA512_Init(&ctx); SHA512_Update(&ctx, tests[cnt].input, strlen(tests[cnt].input)); SHA512_Final(sum, &ctx); if (memcmp(tests[cnt].result, sum, 64) != 0) { printf("test %d run %d failed\n", cnt, 1); result = 1; } SHA512_Init(&ctx); for (i = 0; tests[cnt].input[i] != '\0'; ++i) SHA512_Update(&ctx, &tests[cnt].input[i], 1); SHA512_Final(sum, &ctx); if (memcmp(tests[cnt].result, sum, 64) != 0) { printf("test %d run %d failed\n", cnt, 2); result = 1; } } /* Test vector from FIPS 180-2: appendix C.3. */ char buf[1000]; memset(buf, 'a', sizeof(buf)); SHA512_Init(&ctx); for (i = 0; i < 1000; ++i) SHA512_Update(&ctx, buf, sizeof(buf)); SHA512_Final(sum, &ctx); static const char expected[64] = "\xe7\x18\x48\x3d\x0c\xe7\x69\x64\x4e\x2e\x42\xc7\xbc\x15\xb4\x63" "\x8e\x1f\x98\xb1\x3b\x20\x44\x28\x56\x32\xa8\x03\xaf\xa9\x73\xeb" "\xde\x0f\xf2\x44\x87\x7e\xa6\x0a\x4c\xb0\x43\x2c\xe5\x77\xc3\x1b" "\xeb\x00\x9c\x5c\x2c\x49\xaa\x2e\x4e\xad\xb2\x17\xad\x8c\xc0\x9b"; if (memcmp(expected, sum, 64) != 0) { printf("test %d failed\n", cnt); result = 1; } for (cnt = 0; cnt < ntests2; ++cnt) { char *cp = crypt_sha512(tests2[cnt].input, tests2[cnt].salt); if (strcmp(cp, tests2[cnt].expected) != 0) { printf("test %d: expected \"%s\", got \"%s\"\n", cnt, tests2[cnt].expected, cp); result = 1; } } if (result == 0) puts("all tests OK"); return result; } #endif /* TEST */ Index: head/lib/libcrypt/crypt.3 =================================================================== --- head/lib/libcrypt/crypt.3 (revision 303919) +++ head/lib/libcrypt/crypt.3 (revision 303920) @@ -1,310 +1,327 @@ .\" FreeSec: libcrypt for NetBSD .\" .\" Copyright (c) 1994 David Burren .\" All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions .\" are met: .\" 1. Redistributions of source code must retain the above copyright .\" notice, this list of conditions and the following disclaimer. .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. .\" 4. Neither the name of the author nor the names of other contributors .\" may be used to endorse or promote products derived from this software .\" without specific prior written permission. .\" .\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE .\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" .\" $FreeBSD$ .\" -.Dd March 9, 2014 +.Dd August 10, 2016 .Dt CRYPT 3 .Os .Sh NAME .Nm crypt .Nd Trapdoor encryption .Sh LIBRARY .Lb libcrypt .Sh SYNOPSIS .In unistd.h .Ft char * .Fn crypt "const char *key" "const char *salt" +.Ft char * +.Fn crypt_r "const char *key" "const char *salt" "struct crypt_data *data" .Ft const char * .Fn crypt_get_format "void" .Ft int .Fn crypt_set_format "const char *string" .Sh DESCRIPTION The .Fn crypt function performs password hashing with additional code added to deter key search attempts. Different algorithms can be used to in the hash. .\" .\" NOTICE: .\" If you add more algorithms, make sure to update this list .\" and the default used for the Traditional format, below. .\" Currently these include the .Tn NBS .Tn Data Encryption Standard (DES) , .Tn MD5 hash, .Tn NT-Hash .Pq compatible with Microsoft's NT scheme and .Tn Blowfish . The algorithm used will depend upon the format of the Salt .Po following the Modular Crypt Format .Pq MCF .Pc , if .Tn DES and/or .Tn Blowfish is installed or not, and whether .Fn crypt_set_format has been called to change the default. .Pp The first argument to .Nm is the data to hash .Pq usually a password , in a .Dv NUL Ns -terminated string. The second is the salt, in one of three forms: .Pp .Bl -tag -width Traditional -compact -offset indent .It Extended If it begins with an underscore .Pq Dq _ then the .Tn DES Extended Format is used in interpreting both the key and the salt, as outlined below. .It Modular If it begins with the string .Dq $digit$ then the Modular Crypt Format is used, as outlined below. .It Traditional If neither of the above is true, it assumes the Traditional Format, using the entire string as the salt .Pq or the first portion . .El .Pp All routines are designed to be time-consuming. .Ss DES Extended Format: The .Ar key is divided into groups of 8 characters .Pq the last group is NUL-padded and the low-order 7 bits of each character .Pq 56 bits per group are used to form the .Tn DES key as follows: the first group of 56 bits becomes the initial .Tn DES key. For each additional group, the XOR of the encryption of the current .Tn DES key with itself and the group bits becomes the next .Tn DES key. .Pp The salt is a 9-character array consisting of an underscore followed by 4 bytes of iteration count and 4 bytes of salt. These are encoded as printable characters, 6 bits per character, least significant character first. The values 0 to 63 are encoded as .Dq ./0-9A-Za-z . This allows 24 bits for both .Fa count and .Fa salt . .Pp The .Fa salt introduces disorder in the .Tn DES algorithm in one of 16777216 or 4096 possible ways .Po i.e., with 24 or 12 bits: if bit .Em i of the .Ar salt is set, then bits .Em i and .Em i+24 are swapped in the .Tn DES E-box output .Pc . .Pp The .Tn DES key is used to encrypt a 64-bit constant using .Ar count iterations of .Tn DES . The value returned is a .Dv NUL Ns -terminated string, 20 or 13 bytes .Pq plus NUL in length, consisting of the .Ar salt followed by the encoded 64-bit encryption. .Ss Modular crypt: If the salt begins with the string .Fa $digit$ then the Modular Crypt Format is used. The .Fa digit represents which algorithm is used in encryption. Following the token is the actual salt to use in the encryption. The maximum length of the salt used depends upon the module. The salt must be terminated with the end of the string character .Pq NUL or a dollar sign. Any characters after the dollar sign are ignored. .Pp Currently supported algorithms are: .Pp .Bl -enum -compact -offset indent .It MD5 .It Blowfish .It NT-Hash .It (unused) .It SHA-256 .It SHA-512 .El .Pp Other crypt formats may be easily added. An example salt would be: .Bl -tag -width 6n -offset indent .It Cm "$4$thesalt$rest" .El .Ss Traditional crypt: The algorithm used will depend upon whether .Fn crypt_set_format has been called and whether a global default format has been specified. Unless a global default has been specified or .Fn crypt_set_format has set the format to something else, the built-in default format is used. This is currently .\" .\" NOTICE: Also make sure to update this .\" DES if it is available, or MD5 if not. .Pp How the salt is used will depend upon the algorithm for the hash. For best results, specify at least eight characters of salt. .Pp The .Fn crypt_get_format function returns a constant string that represents the name of the algorithm currently used. Valid values are .\" .\" NOTICE: Also make sure to update this, too, as well .\" .Ql des , .Ql blf , .Ql md5 , .Ql sha256 , .Ql sha512 and .Ql nth . .Pp The .Fn crypt_set_format function sets the default encoding format according to the supplied .Fa string . +.Pp +The +.Fn crypt_r +function behaves identically to +.Fn crypt , +except that the resulting string is stored in +.Fa data , +making it thread-safe. .Sh RETURN VALUES The .Fn crypt -function returns a pointer to the encrypted value on success, and NULL on +and +.Fn crypt_r +functions return a pointer to the encrypted value on success, and NULL on failure. Note: this is not a standard behaviour, AT&T .Fn crypt will always return a pointer to a string. .Pp The .Fn crypt_set_format function will return 1 if the supplied encoding format was valid. Otherwise, a value of 0 is returned. .Sh SEE ALSO .Xr login 1 , .Xr passwd 1 , .Xr getpass 3 , .Xr passwd 5 .Sh HISTORY A rotor-based .Fn crypt function appeared in .At v6 . The current style .Fn crypt first appeared in .At v7 . .Pp The .Tn DES section of the code (FreeSec 1.0) was developed outside the United States of America as an unencumbered replacement for the U.S.-only .Nx libcrypt encryption library. +.Pp +The +.Fn crypt_r +function was added in +.Fx 12.0 . .Sh AUTHORS .An -nosplit Originally written by .An David Burren Aq Mt davidb@werj.com.au , later additions and changes by .An Poul-Henning Kamp , .An Mark R V Murray , .An Michael Bretterklieber , .An Kris Kennaway , .An Brian Feldman , .An Paul Herman and .An Niels Provos . .Sh BUGS The .Fn crypt function returns a pointer to static data, and subsequent calls to .Fn crypt will modify the same data. Likewise, .Fn crypt_set_format modifies static data. .Pp The NT-hash scheme does not use a salt, and is not hard for a competent attacker to break. Its use is not recommended. Index: head/lib/libcrypt/crypt.c =================================================================== --- head/lib/libcrypt/crypt.c (revision 303919) +++ head/lib/libcrypt/crypt.c (revision 303920) @@ -1,123 +1,140 @@ /*- * Copyright (c) 1999 Mark Murray * Copyright (c) 2014 Dag-Erling Smørgrav * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY MARK MURRAY AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL MARK MURRAY OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ #include __FBSDID("$FreeBSD$"); #include #include #include #include #include "crypt.h" /* * List of supported crypt(3) formats. * * The default algorithm is the last entry in the list (second-to-last * array element since the last is a sentinel). The reason for placing * the default last rather than first is that DES needs to be at the * bottom for the algorithm guessing logic in crypt(3) to work correctly, * and it needs to be the default for backward compatibility. */ static const struct crypt_format { - const char *const name; - char *(*const func)(const char *, const char *); - const char *const magic; + const char *name; + int (*func)(const char *, const char *, char *); + const char *magic; } crypt_formats[] = { { "md5", crypt_md5, "$1$" }, #ifdef HAS_BLOWFISH { "blf", crypt_blowfish, "$2" }, #endif { "nth", crypt_nthash, "$3$" }, { "sha256", crypt_sha256, "$5$" }, { "sha512", crypt_sha512, "$6$" }, #ifdef HAS_DES { "des", crypt_des, "_" }, #endif /* sentinel */ { NULL, NULL, NULL } }; static const struct crypt_format *crypt_format = &crypt_formats[(sizeof crypt_formats / sizeof *crypt_formats) - 2]; #define DES_SALT_ALPHABET \ "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz" /* * Returns the name of the currently selected format. */ const char * crypt_get_format(void) { return (crypt_format->name); } /* * Selects the format to use for subsequent crypt(3) invocations. */ int crypt_set_format(const char *format) { const struct crypt_format *cf; for (cf = crypt_formats; cf->name != NULL; ++cf) { if (strcasecmp(cf->name, format) == 0) { crypt_format = cf; return (1); } } return (0); } /* * Hash the given password with the given salt. If the salt begins with a * magic string (e.g. "$6$" for sha512), the corresponding format is used; * otherwise, the currently selected format is used. */ char * -crypt(const char *passwd, const char *salt) +crypt_r(const char *passwd, const char *salt, struct crypt_data *data) { const struct crypt_format *cf; + int (*func)(const char *, const char *, char *); #ifdef HAS_DES int len; #endif for (cf = crypt_formats; cf->name != NULL; ++cf) - if (cf->magic != NULL && strstr(salt, cf->magic) == salt) - return (cf->func(passwd, salt)); + if (cf->magic != NULL && strstr(salt, cf->magic) == salt) { + func = cf->func; + goto match; + } #ifdef HAS_DES len = strlen(salt); - if ((len == 13 || len == 2) && strspn(salt, DES_SALT_ALPHABET) == len) - return (crypt_des(passwd, salt)); + if ((len == 13 || len == 2) && strspn(salt, DES_SALT_ALPHABET) == len) { + func = crypt_des; + goto match; + } #endif - return (crypt_format->func(passwd, salt)); + func = crypt_format->func; +match: + if (func(passwd, salt, data->__buf) != 0) + return (NULL); + return (data->__buf); +} + +char * +crypt(const char *passwd, const char *salt) +{ + static struct crypt_data data; + + return (crypt_r(passwd, salt, &data)); } Index: head/lib/libcrypt/crypt.h =================================================================== --- head/lib/libcrypt/crypt.h (revision 303919) +++ head/lib/libcrypt/crypt.h (revision 303920) @@ -1,43 +1,43 @@ /* LINTLIBRARY */ /* * Copyright (c) 1999 * Mark Murray. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY MARK MURRAY AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL MARK MURRAY OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * * $FreeBSD$ * */ /* magic sizes */ #define MD4_SIZE 16 #define MD5_SIZE 16 -char *crypt_des(const char *pw, const char *salt); -char *crypt_md5(const char *pw, const char *salt); -char *crypt_nthash(const char *pw, const char *salt); -char *crypt_blowfish(const char *pw, const char *salt); -char *crypt_sha256 (const char *pw, const char *salt); -char *crypt_sha512 (const char *pw, const char *salt); +int crypt_des(const char *pw, const char *salt, char *buf); +int crypt_md5(const char *pw, const char *salt, char *buf); +int crypt_nthash(const char *pw, const char *salt, char *buf); +int crypt_blowfish(const char *pw, const char *salt, char *buf); +int crypt_sha256 (const char *pw, const char *salt, char *buf); +int crypt_sha512 (const char *pw, const char *salt, char *buf); extern void _crypt_to64(char *s, u_long v, int n); -extern void b64_from_24bit(uint8_t B2, uint8_t B1, uint8_t B0, int n, int *buflen, char **cp); +extern void b64_from_24bit(uint8_t B2, uint8_t B1, uint8_t B0, int n, char **cp); Index: head/lib/libcrypt/misc.c =================================================================== --- head/lib/libcrypt/misc.c (revision 303919) +++ head/lib/libcrypt/misc.c (revision 303920) @@ -1,63 +1,61 @@ /* * Copyright (c) 1999 * University of California. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. Neither the name of the author nor the names of any co-contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY CONTRIBUTORS ``AS IS'' AND ANY EXPRESS * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL CONTRIBUTORS BE LIABLE FOR ANY * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER * IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN * IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include __FBSDID("$FreeBSD$"); #include #include "crypt.h" static char itoa64[] = /* 0 ... 63 => ascii - 64 */ "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"; void _crypt_to64(char *s, u_long v, int n) { while (--n >= 0) { *s++ = itoa64[v&0x3f]; v >>= 6; } } void -b64_from_24bit(uint8_t B2, uint8_t B1, uint8_t B0, int n, int *buflen, char **cp) +b64_from_24bit(uint8_t B2, uint8_t B1, uint8_t B0, int n, char **cp) { uint32_t w; int i; w = (B2 << 16) | (B1 << 8) | B0; for (i = 0; i < n; i++) { **cp = itoa64[w&0x3f]; (*cp)++; - if ((*buflen)-- < 0) - break; w >>= 6; } } Index: head/secure/lib/libcrypt/crypt-blowfish.c =================================================================== --- head/secure/lib/libcrypt/crypt-blowfish.c (revision 303919) +++ head/secure/lib/libcrypt/crypt-blowfish.c (revision 303920) @@ -1,328 +1,324 @@ /* $OpenBSD: bcrypt.c,v 1.29 2014/02/24 19:45:43 tedu Exp $ */ /* * Copyright 1997 Niels Provos * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. All advertising materials mentioning features or use of this software * must display the following acknowledgement: * This product includes software developed by Niels Provos. * 4. The name of the author may not be used to endorse or promote products * derived from this software without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include __FBSDID("$FreeBSD$"); /* This password hashing algorithm was designed by David Mazieres * and works as follows: * * 1. state := InitState () * 2. state := ExpandKey (state, salt, password) * 3. REPEAT rounds: * state := ExpandKey (state, 0, password) * state := ExpandKey (state, 0, salt) * 4. ctext := "OrpheanBeholderScryDoubt" * 5. REPEAT 64: * ctext := Encrypt_ECB (state, ctext); * 6. RETURN Concatenate (salt, ctext); * */ /* * FreeBSD implementation by Paul Herman * and updated by Xin Li */ #include #include #include #include #include #include "blowfish.h" #include "crypt.h" /* This implementation is adaptable to current computing power. * You can have up to 2^31 rounds which should be enough for some * time to come. */ #define BCRYPT_VERSION '2' #define BCRYPT_MAXSALT 16 /* Precomputation is just so nice */ #define BCRYPT_BLOCKS 6 /* Ciphertext blocks */ #define BCRYPT_MINLOGROUNDS 4 /* we have log2(rounds) in salt */ static void encode_base64(u_int8_t *, u_int8_t *, u_int16_t); static void decode_base64(u_int8_t *, u_int16_t, const u_int8_t *); -static char encrypted[_PASSWORD_LEN]; - const static u_int8_t Base64Code[] = "./ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789"; const static u_int8_t index_64[128] = { 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 0, 1, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 255, 255, 255, 255, 255, 255, 255, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 255, 255, 255, 255, 255, 255, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 255, 255, 255, 255, 255 }; #define CHAR64(c) ( (c) > 127 ? 255 : index_64[(c)]) static void decode_base64(u_int8_t *buffer, u_int16_t len, const u_int8_t *data) { u_int8_t *bp = buffer; const u_int8_t *p = data; u_int8_t c1, c2, c3, c4; while (bp < buffer + len) { c1 = CHAR64(*p); c2 = CHAR64(*(p + 1)); /* Invalid data */ if (c1 == 255 || c2 == 255) break; *bp++ = (c1 << 2) | ((c2 & 0x30) >> 4); if (bp >= buffer + len) break; c3 = CHAR64(*(p + 2)); if (c3 == 255) break; *bp++ = ((c2 & 0x0f) << 4) | ((c3 & 0x3c) >> 2); if (bp >= buffer + len) break; c4 = CHAR64(*(p + 3)); if (c4 == 255) break; *bp++ = ((c3 & 0x03) << 6) | c4; p += 4; } } /* We handle $Vers$log2(NumRounds)$salt+passwd$ i.e. $2$04$iwouldntknowwhattosayetKdJ6iFtacBqJdKe6aW7ou */ -char * -crypt_blowfish(const char *key, const char *salt) +int +crypt_blowfish(const char *key, const char *salt, char *buffer) { blf_ctx state; u_int32_t rounds, i, k; u_int16_t j; size_t key_len; u_int8_t salt_len, logr, minr; u_int8_t ciphertext[4 * BCRYPT_BLOCKS] = "OrpheanBeholderScryDoubt"; u_int8_t csalt[BCRYPT_MAXSALT]; u_int32_t cdata[BCRYPT_BLOCKS]; char arounds[3]; /* Defaults */ minr = 'b'; logr = BCRYPT_MINLOGROUNDS; rounds = 1U << logr; if (*salt == '$') { /* Discard "$" identifier */ salt++; - if (*salt > BCRYPT_VERSION) { - /* How do I handle errors ? Return NULL */ - return NULL; - } + if (*salt > BCRYPT_VERSION) + return (-1); /* Check for minor versions */ if (salt[1] != '$') { switch (salt[1]) { case 'a': /* 'ab' should not yield the same as 'abab' */ case 'b': /* cap input length at 72 bytes */ case 'y': /* same as 'b', for compatibility * with openwall crypt_blowfish */ minr = salt[1]; salt++; break; default: - return NULL; + return (-1); } } else minr = 0; /* Discard version + "$" identifier */ salt += 2; if (salt[2] != '$') /* Out of sync with passwd entry */ - return NULL; + return (-1); memcpy(arounds, salt, sizeof(arounds)); if (arounds[sizeof(arounds) - 1] != '$') - return NULL; + return (-1); arounds[sizeof(arounds) - 1] = 0; logr = strtonum(arounds, BCRYPT_MINLOGROUNDS, 31, NULL); if (logr == 0) - return NULL; + return (-1); /* Computer power doesn't increase linearly, 2^x should be fine */ rounds = 1U << logr; /* Discard num rounds + "$" identifier */ salt += 3; } if (strlen(salt) * 3 / 4 < BCRYPT_MAXSALT) - return NULL; + return (-1); /* We dont want the base64 salt but the raw data */ decode_base64(csalt, BCRYPT_MAXSALT, (const u_int8_t *) salt); salt_len = BCRYPT_MAXSALT; if (minr <= 'a') key_len = (u_int8_t)(strlen(key) + (minr >= 'a' ? 1 : 0)); else { /* strlen() returns a size_t, but the function calls * below result in implicit casts to a narrower integer * type, so cap key_len at the actual maximum supported * length here to avoid integer wraparound */ key_len = strlen(key); if (key_len > 72) key_len = 72; key_len++; /* include the NUL */ } /* Setting up S-Boxes and Subkeys */ Blowfish_initstate(&state); Blowfish_expandstate(&state, csalt, salt_len, (const u_int8_t *) key, key_len); for (k = 0; k < rounds; k++) { Blowfish_expand0state(&state, (const u_int8_t *) key, key_len); Blowfish_expand0state(&state, csalt, salt_len); } /* This can be precomputed later */ j = 0; for (i = 0; i < BCRYPT_BLOCKS; i++) cdata[i] = Blowfish_stream2word(ciphertext, 4 * BCRYPT_BLOCKS, &j); /* Now do the encryption */ for (k = 0; k < 64; k++) blf_enc(&state, cdata, BCRYPT_BLOCKS / 2); for (i = 0; i < BCRYPT_BLOCKS; i++) { ciphertext[4 * i + 3] = cdata[i] & 0xff; cdata[i] = cdata[i] >> 8; ciphertext[4 * i + 2] = cdata[i] & 0xff; cdata[i] = cdata[i] >> 8; ciphertext[4 * i + 1] = cdata[i] & 0xff; cdata[i] = cdata[i] >> 8; ciphertext[4 * i + 0] = cdata[i] & 0xff; } - i = 0; - encrypted[i++] = '$'; - encrypted[i++] = BCRYPT_VERSION; + *buffer++ = '$'; + *buffer++ = BCRYPT_VERSION; if (minr) - encrypted[i++] = minr; - encrypted[i++] = '$'; + *buffer++ = minr; + *buffer++ = '$'; - snprintf(encrypted + i, 4, "%2.2u$", logr); + snprintf(buffer, 4, "%2.2u$", logr); + buffer += 3; - encode_base64((u_int8_t *) encrypted + i + 3, csalt, BCRYPT_MAXSALT); - encode_base64((u_int8_t *) encrypted + strlen(encrypted), ciphertext, - 4 * BCRYPT_BLOCKS - 1); + encode_base64((u_int8_t *)buffer, csalt, BCRYPT_MAXSALT); + buffer += strlen(buffer); + encode_base64((u_int8_t *)buffer, ciphertext, 4 * BCRYPT_BLOCKS - 1); memset(&state, 0, sizeof(state)); memset(ciphertext, 0, sizeof(ciphertext)); memset(csalt, 0, sizeof(csalt)); memset(cdata, 0, sizeof(cdata)); - return encrypted; + return (0); } static void encode_base64(u_int8_t *buffer, u_int8_t *data, u_int16_t len) { u_int8_t *bp = buffer; u_int8_t *p = data; u_int8_t c1, c2; while (p < data + len) { c1 = *p++; *bp++ = Base64Code[(c1 >> 2)]; c1 = (c1 & 0x03) << 4; if (p >= data + len) { *bp++ = Base64Code[c1]; break; } c2 = *p++; c1 |= (c2 >> 4) & 0x0f; *bp++ = Base64Code[c1]; c1 = (c2 & 0x0f) << 2; if (p >= data + len) { *bp++ = Base64Code[c1]; break; } c2 = *p++; c1 |= (c2 >> 6) & 0x03; *bp++ = Base64Code[c1]; *bp++ = Base64Code[c2 & 0x3f]; } *bp = '\0'; } #if 0 void main() { char blubber[73]; char salt[100]; char *p; salt[0] = '$'; salt[1] = BCRYPT_VERSION; salt[2] = '$'; snprintf(salt + 3, 4, "%2.2u$", 5); printf("24 bytes of salt: "); fgets(salt + 6, sizeof(salt) - 6, stdin); salt[99] = 0; printf("72 bytes of password: "); fpurge(stdin); fgets(blubber, sizeof(blubber), stdin); blubber[72] = 0; p = crypt(blubber, salt); printf("Passwd entry: %s\n\n", p); p = bcrypt_gensalt(5); printf("Generated salt: %s\n", p); p = crypt(blubber, p); printf("Passwd entry: %s\n", p); } #endif Index: head/secure/lib/libcrypt/crypt-des.c =================================================================== --- head/secure/lib/libcrypt/crypt-des.c (revision 303919) +++ head/secure/lib/libcrypt/crypt-des.c (revision 303920) @@ -1,704 +1,691 @@ /* * FreeSec: libcrypt for NetBSD * * Copyright (c) 1994 David Burren * All rights reserved. * * Adapted for FreeBSD-2.0 by Geoffrey M. Rehmet * this file should now *only* export crypt(), in order to make * binaries of libcrypt exportable from the USA * * Adapted for FreeBSD-4.0 by Mark R V Murray * this file should now *only* export crypt_des(), in order to make * a module that can be optionally included in libcrypt. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. Neither the name of the author nor the names of other contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * * This is an original implementation of the DES and the crypt(3) interfaces * by David Burren . * * An excellent reference on the underlying algorithm (and related * algorithms) is: * * B. Schneier, Applied Cryptography: protocols, algorithms, * and source code in C, John Wiley & Sons, 1994. * * Note that in that book's description of DES the lookups for the initial, * pbox, and final permutations are inverted (this has been brought to the * attention of the author). A list of errata for this book has been * posted to the sci.crypt newsgroup by the author and is available for FTP. * * ARCHITECTURE ASSUMPTIONS: * It is assumed that the 8-byte arrays passed by reference can be * addressed as arrays of u_int32_t's (ie. the CPU is not picky about * alignment). */ #include __FBSDID("$FreeBSD$"); #include #include #include #include #include #include "crypt.h" /* We can't always assume gcc */ #if defined(__GNUC__) && !defined(lint) #define INLINE inline #else #define INLINE #endif static u_char IP[64] = { 58, 50, 42, 34, 26, 18, 10, 2, 60, 52, 44, 36, 28, 20, 12, 4, 62, 54, 46, 38, 30, 22, 14, 6, 64, 56, 48, 40, 32, 24, 16, 8, 57, 49, 41, 33, 25, 17, 9, 1, 59, 51, 43, 35, 27, 19, 11, 3, 61, 53, 45, 37, 29, 21, 13, 5, 63, 55, 47, 39, 31, 23, 15, 7 }; static u_char inv_key_perm[64]; static u_char key_perm[56] = { 57, 49, 41, 33, 25, 17, 9, 1, 58, 50, 42, 34, 26, 18, 10, 2, 59, 51, 43, 35, 27, 19, 11, 3, 60, 52, 44, 36, 63, 55, 47, 39, 31, 23, 15, 7, 62, 54, 46, 38, 30, 22, 14, 6, 61, 53, 45, 37, 29, 21, 13, 5, 28, 20, 12, 4 }; static u_char key_shifts[16] = { 1, 1, 2, 2, 2, 2, 2, 2, 1, 2, 2, 2, 2, 2, 2, 1 }; static u_char inv_comp_perm[56]; static u_char comp_perm[48] = { 14, 17, 11, 24, 1, 5, 3, 28, 15, 6, 21, 10, 23, 19, 12, 4, 26, 8, 16, 7, 27, 20, 13, 2, 41, 52, 31, 37, 47, 55, 30, 40, 51, 45, 33, 48, 44, 49, 39, 56, 34, 53, 46, 42, 50, 36, 29, 32 }; /* * No E box is used, as it's replaced by some ANDs, shifts, and ORs. */ static u_char u_sbox[8][64]; static u_char sbox[8][64] = { { 14, 4, 13, 1, 2, 15, 11, 8, 3, 10, 6, 12, 5, 9, 0, 7, 0, 15, 7, 4, 14, 2, 13, 1, 10, 6, 12, 11, 9, 5, 3, 8, 4, 1, 14, 8, 13, 6, 2, 11, 15, 12, 9, 7, 3, 10, 5, 0, 15, 12, 8, 2, 4, 9, 1, 7, 5, 11, 3, 14, 10, 0, 6, 13 }, { 15, 1, 8, 14, 6, 11, 3, 4, 9, 7, 2, 13, 12, 0, 5, 10, 3, 13, 4, 7, 15, 2, 8, 14, 12, 0, 1, 10, 6, 9, 11, 5, 0, 14, 7, 11, 10, 4, 13, 1, 5, 8, 12, 6, 9, 3, 2, 15, 13, 8, 10, 1, 3, 15, 4, 2, 11, 6, 7, 12, 0, 5, 14, 9 }, { 10, 0, 9, 14, 6, 3, 15, 5, 1, 13, 12, 7, 11, 4, 2, 8, 13, 7, 0, 9, 3, 4, 6, 10, 2, 8, 5, 14, 12, 11, 15, 1, 13, 6, 4, 9, 8, 15, 3, 0, 11, 1, 2, 12, 5, 10, 14, 7, 1, 10, 13, 0, 6, 9, 8, 7, 4, 15, 14, 3, 11, 5, 2, 12 }, { 7, 13, 14, 3, 0, 6, 9, 10, 1, 2, 8, 5, 11, 12, 4, 15, 13, 8, 11, 5, 6, 15, 0, 3, 4, 7, 2, 12, 1, 10, 14, 9, 10, 6, 9, 0, 12, 11, 7, 13, 15, 1, 3, 14, 5, 2, 8, 4, 3, 15, 0, 6, 10, 1, 13, 8, 9, 4, 5, 11, 12, 7, 2, 14 }, { 2, 12, 4, 1, 7, 10, 11, 6, 8, 5, 3, 15, 13, 0, 14, 9, 14, 11, 2, 12, 4, 7, 13, 1, 5, 0, 15, 10, 3, 9, 8, 6, 4, 2, 1, 11, 10, 13, 7, 8, 15, 9, 12, 5, 6, 3, 0, 14, 11, 8, 12, 7, 1, 14, 2, 13, 6, 15, 0, 9, 10, 4, 5, 3 }, { 12, 1, 10, 15, 9, 2, 6, 8, 0, 13, 3, 4, 14, 7, 5, 11, 10, 15, 4, 2, 7, 12, 9, 5, 6, 1, 13, 14, 0, 11, 3, 8, 9, 14, 15, 5, 2, 8, 12, 3, 7, 0, 4, 10, 1, 13, 11, 6, 4, 3, 2, 12, 9, 5, 15, 10, 11, 14, 1, 7, 6, 0, 8, 13 }, { 4, 11, 2, 14, 15, 0, 8, 13, 3, 12, 9, 7, 5, 10, 6, 1, 13, 0, 11, 7, 4, 9, 1, 10, 14, 3, 5, 12, 2, 15, 8, 6, 1, 4, 11, 13, 12, 3, 7, 14, 10, 15, 6, 8, 0, 5, 9, 2, 6, 11, 13, 8, 1, 4, 10, 7, 9, 5, 0, 15, 14, 2, 3, 12 }, { 13, 2, 8, 4, 6, 15, 11, 1, 10, 9, 3, 14, 5, 0, 12, 7, 1, 15, 13, 8, 10, 3, 7, 4, 12, 5, 6, 11, 0, 14, 9, 2, 7, 11, 4, 1, 9, 12, 14, 2, 0, 6, 10, 13, 15, 3, 5, 8, 2, 1, 14, 7, 4, 10, 8, 13, 15, 12, 9, 0, 3, 5, 6, 11 } }; static u_char un_pbox[32]; static u_char pbox[32] = { 16, 7, 20, 21, 29, 12, 28, 17, 1, 15, 23, 26, 5, 18, 31, 10, 2, 8, 24, 14, 32, 27, 3, 9, 19, 13, 30, 6, 22, 11, 4, 25 }; static u_int32_t bits32[32] = { 0x80000000, 0x40000000, 0x20000000, 0x10000000, 0x08000000, 0x04000000, 0x02000000, 0x01000000, 0x00800000, 0x00400000, 0x00200000, 0x00100000, 0x00080000, 0x00040000, 0x00020000, 0x00010000, 0x00008000, 0x00004000, 0x00002000, 0x00001000, 0x00000800, 0x00000400, 0x00000200, 0x00000100, 0x00000080, 0x00000040, 0x00000020, 0x00000010, 0x00000008, 0x00000004, 0x00000002, 0x00000001 }; static u_char bits8[8] = { 0x80, 0x40, 0x20, 0x10, 0x08, 0x04, 0x02, 0x01 }; static u_int32_t saltbits; static u_int32_t old_salt; static u_int32_t *bits28, *bits24; static u_char init_perm[64], final_perm[64]; static u_int32_t en_keysl[16], en_keysr[16]; static u_int32_t de_keysl[16], de_keysr[16]; static int des_initialised = 0; static u_char m_sbox[4][4096]; static u_int32_t psbox[4][256]; static u_int32_t ip_maskl[8][256], ip_maskr[8][256]; static u_int32_t fp_maskl[8][256], fp_maskr[8][256]; static u_int32_t key_perm_maskl[8][128], key_perm_maskr[8][128]; static u_int32_t comp_maskl[8][128], comp_maskr[8][128]; static u_int32_t old_rawkey0, old_rawkey1; static u_char ascii64[] = "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"; /* 0000000000111111111122222222223333333333444444444455555555556666 */ /* 0123456789012345678901234567890123456789012345678901234567890123 */ static INLINE int ascii_to_bin(char ch) { if (ch > 'z') return(0); if (ch >= 'a') return(ch - 'a' + 38); if (ch > 'Z') return(0); if (ch >= 'A') return(ch - 'A' + 12); if (ch > '9') return(0); if (ch >= '.') return(ch - '.'); return(0); } static void des_init(void) { int i, j, b, k, inbit, obit; u_int32_t *p, *il, *ir, *fl, *fr; old_rawkey0 = old_rawkey1 = 0L; saltbits = 0L; old_salt = 0L; bits24 = (bits28 = bits32 + 4) + 4; /* * Invert the S-boxes, reordering the input bits. */ for (i = 0; i < 8; i++) for (j = 0; j < 64; j++) { b = (j & 0x20) | ((j & 1) << 4) | ((j >> 1) & 0xf); u_sbox[i][j] = sbox[i][b]; } /* * Convert the inverted S-boxes into 4 arrays of 8 bits. * Each will handle 12 bits of the S-box input. */ for (b = 0; b < 4; b++) for (i = 0; i < 64; i++) for (j = 0; j < 64; j++) m_sbox[b][(i << 6) | j] = (u_char)((u_sbox[(b << 1)][i] << 4) | u_sbox[(b << 1) + 1][j]); /* * Set up the initial & final permutations into a useful form, and * initialise the inverted key permutation. */ for (i = 0; i < 64; i++) { init_perm[final_perm[i] = IP[i] - 1] = (u_char)i; inv_key_perm[i] = 255; } /* * Invert the key permutation and initialise the inverted key * compression permutation. */ for (i = 0; i < 56; i++) { inv_key_perm[key_perm[i] - 1] = (u_char)i; inv_comp_perm[i] = 255; } /* * Invert the key compression permutation. */ for (i = 0; i < 48; i++) { inv_comp_perm[comp_perm[i] - 1] = (u_char)i; } /* * Set up the OR-mask arrays for the initial and final permutations, * and for the key initial and compression permutations. */ for (k = 0; k < 8; k++) { for (i = 0; i < 256; i++) { *(il = &ip_maskl[k][i]) = 0L; *(ir = &ip_maskr[k][i]) = 0L; *(fl = &fp_maskl[k][i]) = 0L; *(fr = &fp_maskr[k][i]) = 0L; for (j = 0; j < 8; j++) { inbit = 8 * k + j; if (i & bits8[j]) { if ((obit = init_perm[inbit]) < 32) *il |= bits32[obit]; else *ir |= bits32[obit-32]; if ((obit = final_perm[inbit]) < 32) *fl |= bits32[obit]; else *fr |= bits32[obit - 32]; } } } for (i = 0; i < 128; i++) { *(il = &key_perm_maskl[k][i]) = 0L; *(ir = &key_perm_maskr[k][i]) = 0L; for (j = 0; j < 7; j++) { inbit = 8 * k + j; if (i & bits8[j + 1]) { if ((obit = inv_key_perm[inbit]) == 255) continue; if (obit < 28) *il |= bits28[obit]; else *ir |= bits28[obit - 28]; } } *(il = &comp_maskl[k][i]) = 0L; *(ir = &comp_maskr[k][i]) = 0L; for (j = 0; j < 7; j++) { inbit = 7 * k + j; if (i & bits8[j + 1]) { if ((obit=inv_comp_perm[inbit]) == 255) continue; if (obit < 24) *il |= bits24[obit]; else *ir |= bits24[obit - 24]; } } } } /* * Invert the P-box permutation, and convert into OR-masks for * handling the output of the S-box arrays setup above. */ for (i = 0; i < 32; i++) un_pbox[pbox[i] - 1] = (u_char)i; for (b = 0; b < 4; b++) for (i = 0; i < 256; i++) { *(p = &psbox[b][i]) = 0L; for (j = 0; j < 8; j++) { if (i & bits8[j]) *p |= bits32[un_pbox[8 * b + j]]; } } des_initialised = 1; } static void setup_salt(u_int32_t salt) { u_int32_t obit, saltbit; int i; if (salt == old_salt) return; old_salt = salt; saltbits = 0L; saltbit = 1; obit = 0x800000; for (i = 0; i < 24; i++) { if (salt & saltbit) saltbits |= obit; saltbit <<= 1; obit >>= 1; } } static int des_setkey(const char *key) { u_int32_t k0, k1, rawkey0, rawkey1; int shifts, round; if (!des_initialised) des_init(); rawkey0 = ntohl(*(const u_int32_t *) key); rawkey1 = ntohl(*(const u_int32_t *) (key + 4)); if ((rawkey0 | rawkey1) && rawkey0 == old_rawkey0 && rawkey1 == old_rawkey1) { /* * Already setup for this key. * This optimisation fails on a zero key (which is weak and * has bad parity anyway) in order to simplify the starting * conditions. */ return(0); } old_rawkey0 = rawkey0; old_rawkey1 = rawkey1; /* * Do key permutation and split into two 28-bit subkeys. */ k0 = key_perm_maskl[0][rawkey0 >> 25] | key_perm_maskl[1][(rawkey0 >> 17) & 0x7f] | key_perm_maskl[2][(rawkey0 >> 9) & 0x7f] | key_perm_maskl[3][(rawkey0 >> 1) & 0x7f] | key_perm_maskl[4][rawkey1 >> 25] | key_perm_maskl[5][(rawkey1 >> 17) & 0x7f] | key_perm_maskl[6][(rawkey1 >> 9) & 0x7f] | key_perm_maskl[7][(rawkey1 >> 1) & 0x7f]; k1 = key_perm_maskr[0][rawkey0 >> 25] | key_perm_maskr[1][(rawkey0 >> 17) & 0x7f] | key_perm_maskr[2][(rawkey0 >> 9) & 0x7f] | key_perm_maskr[3][(rawkey0 >> 1) & 0x7f] | key_perm_maskr[4][rawkey1 >> 25] | key_perm_maskr[5][(rawkey1 >> 17) & 0x7f] | key_perm_maskr[6][(rawkey1 >> 9) & 0x7f] | key_perm_maskr[7][(rawkey1 >> 1) & 0x7f]; /* * Rotate subkeys and do compression permutation. */ shifts = 0; for (round = 0; round < 16; round++) { u_int32_t t0, t1; shifts += key_shifts[round]; t0 = (k0 << shifts) | (k0 >> (28 - shifts)); t1 = (k1 << shifts) | (k1 >> (28 - shifts)); de_keysl[15 - round] = en_keysl[round] = comp_maskl[0][(t0 >> 21) & 0x7f] | comp_maskl[1][(t0 >> 14) & 0x7f] | comp_maskl[2][(t0 >> 7) & 0x7f] | comp_maskl[3][t0 & 0x7f] | comp_maskl[4][(t1 >> 21) & 0x7f] | comp_maskl[5][(t1 >> 14) & 0x7f] | comp_maskl[6][(t1 >> 7) & 0x7f] | comp_maskl[7][t1 & 0x7f]; de_keysr[15 - round] = en_keysr[round] = comp_maskr[0][(t0 >> 21) & 0x7f] | comp_maskr[1][(t0 >> 14) & 0x7f] | comp_maskr[2][(t0 >> 7) & 0x7f] | comp_maskr[3][t0 & 0x7f] | comp_maskr[4][(t1 >> 21) & 0x7f] | comp_maskr[5][(t1 >> 14) & 0x7f] | comp_maskr[6][(t1 >> 7) & 0x7f] | comp_maskr[7][t1 & 0x7f]; } return(0); } static int do_des( u_int32_t l_in, u_int32_t r_in, u_int32_t *l_out, u_int32_t *r_out, int count) { /* * l_in, r_in, l_out, and r_out are in pseudo-"big-endian" format. */ u_int32_t l, r, *kl, *kr, *kl1, *kr1; u_int32_t f, r48l, r48r; int round; if (count == 0) { return(1); } else if (count > 0) { /* * Encrypting */ kl1 = en_keysl; kr1 = en_keysr; } else { /* * Decrypting */ count = -count; kl1 = de_keysl; kr1 = de_keysr; } /* * Do initial permutation (IP). */ l = ip_maskl[0][l_in >> 24] | ip_maskl[1][(l_in >> 16) & 0xff] | ip_maskl[2][(l_in >> 8) & 0xff] | ip_maskl[3][l_in & 0xff] | ip_maskl[4][r_in >> 24] | ip_maskl[5][(r_in >> 16) & 0xff] | ip_maskl[6][(r_in >> 8) & 0xff] | ip_maskl[7][r_in & 0xff]; r = ip_maskr[0][l_in >> 24] | ip_maskr[1][(l_in >> 16) & 0xff] | ip_maskr[2][(l_in >> 8) & 0xff] | ip_maskr[3][l_in & 0xff] | ip_maskr[4][r_in >> 24] | ip_maskr[5][(r_in >> 16) & 0xff] | ip_maskr[6][(r_in >> 8) & 0xff] | ip_maskr[7][r_in & 0xff]; while (count--) { /* * Do each round. */ kl = kl1; kr = kr1; round = 16; while (round--) { /* * Expand R to 48 bits (simulate the E-box). */ r48l = ((r & 0x00000001) << 23) | ((r & 0xf8000000) >> 9) | ((r & 0x1f800000) >> 11) | ((r & 0x01f80000) >> 13) | ((r & 0x001f8000) >> 15); r48r = ((r & 0x0001f800) << 7) | ((r & 0x00001f80) << 5) | ((r & 0x000001f8) << 3) | ((r & 0x0000001f) << 1) | ((r & 0x80000000) >> 31); /* * Do salting for crypt() and friends, and * XOR with the permuted key. */ f = (r48l ^ r48r) & saltbits; r48l ^= f ^ *kl++; r48r ^= f ^ *kr++; /* * Do sbox lookups (which shrink it back to 32 bits) * and do the pbox permutation at the same time. */ f = psbox[0][m_sbox[0][r48l >> 12]] | psbox[1][m_sbox[1][r48l & 0xfff]] | psbox[2][m_sbox[2][r48r >> 12]] | psbox[3][m_sbox[3][r48r & 0xfff]]; /* * Now that we've permuted things, complete f(). */ f ^= l; l = r; r = f; } r = l; l = f; } /* * Do final permutation (inverse of IP). */ *l_out = fp_maskl[0][l >> 24] | fp_maskl[1][(l >> 16) & 0xff] | fp_maskl[2][(l >> 8) & 0xff] | fp_maskl[3][l & 0xff] | fp_maskl[4][r >> 24] | fp_maskl[5][(r >> 16) & 0xff] | fp_maskl[6][(r >> 8) & 0xff] | fp_maskl[7][r & 0xff]; *r_out = fp_maskr[0][l >> 24] | fp_maskr[1][(l >> 16) & 0xff] | fp_maskr[2][(l >> 8) & 0xff] | fp_maskr[3][l & 0xff] | fp_maskr[4][r >> 24] | fp_maskr[5][(r >> 16) & 0xff] | fp_maskr[6][(r >> 8) & 0xff] | fp_maskr[7][r & 0xff]; return(0); } static int des_cipher(const char *in, char *out, u_long salt, int count) { u_int32_t l_out, r_out, rawl, rawr; int retval; union { u_int32_t *ui32; const char *c; } trans; if (!des_initialised) des_init(); setup_salt(salt); trans.c = in; rawl = ntohl(*trans.ui32++); rawr = ntohl(*trans.ui32); retval = do_des(rawl, rawr, &l_out, &r_out, count); trans.c = out; *trans.ui32++ = htonl(l_out); *trans.ui32 = htonl(r_out); return(retval); } -char * -crypt_des(const char *key, const char *setting) +int +crypt_des(const char *key, const char *setting, char *buffer) { int i; u_int32_t count, salt, l, r0, r1, keybuf[2]; - u_char *p, *q; - static char output[21]; + u_char *q; if (!des_initialised) des_init(); /* * Copy the key, shifting each character up by one bit * and padding with zeros. */ q = (u_char *)keybuf; while (q - (u_char *)keybuf - 8) { *q++ = *key << 1; if (*key != '\0') key++; } if (des_setkey((char *)keybuf)) - return(NULL); + return (-1); if (*setting == _PASSWORD_EFMT1) { /* * "new"-style: * setting - underscore, 4 bytes of count, 4 bytes of salt * key - unlimited characters */ for (i = 1, count = 0L; i < 5; i++) count |= ascii_to_bin(setting[i]) << ((i - 1) * 6); for (i = 5, salt = 0L; i < 9; i++) salt |= ascii_to_bin(setting[i]) << ((i - 5) * 6); while (*key) { /* * Encrypt the key with itself. */ if (des_cipher((char *)keybuf, (char *)keybuf, 0L, 1)) - return(NULL); + return (-1); /* * And XOR with the next 8 characters of the key. */ q = (u_char *)keybuf; while (q - (u_char *)keybuf - 8 && *key) *q++ ^= *key++ << 1; if (des_setkey((char *)keybuf)) - return(NULL); + return (-1); } - strncpy(output, setting, 9); - - /* - * Double check that we weren't given a short setting. - * If we were, the above code will probably have created - * wierd values for count and salt, but we don't really care. - * Just make sure the output string doesn't have an extra - * NUL in it. - */ - output[9] = '\0'; - p = (u_char *)output + strlen(output); + buffer = stpncpy(buffer, setting, 9); } else { /* * "old"-style: * setting - 2 bytes of salt * key - up to 8 characters */ count = 25; salt = (ascii_to_bin(setting[1]) << 6) | ascii_to_bin(setting[0]); - output[0] = setting[0]; + *buffer++ = setting[0]; /* * If the encrypted password that the salt was extracted from * is only 1 character long, the salt will be corrupted. We * need to ensure that the output string doesn't have an extra * NUL in it! */ - output[1] = setting[1] ? setting[1] : output[0]; - - p = (u_char *)output + 2; + *buffer++ = setting[1] ? setting[1] : setting[0]; } setup_salt(salt); /* * Do it. */ if (do_des(0L, 0L, &r0, &r1, (int)count)) - return(NULL); + return (-1); /* * Now encode the result... */ l = (r0 >> 8); - *p++ = ascii64[(l >> 18) & 0x3f]; - *p++ = ascii64[(l >> 12) & 0x3f]; - *p++ = ascii64[(l >> 6) & 0x3f]; - *p++ = ascii64[l & 0x3f]; + *buffer++ = ascii64[(l >> 18) & 0x3f]; + *buffer++ = ascii64[(l >> 12) & 0x3f]; + *buffer++ = ascii64[(l >> 6) & 0x3f]; + *buffer++ = ascii64[l & 0x3f]; l = (r0 << 16) | ((r1 >> 16) & 0xffff); - *p++ = ascii64[(l >> 18) & 0x3f]; - *p++ = ascii64[(l >> 12) & 0x3f]; - *p++ = ascii64[(l >> 6) & 0x3f]; - *p++ = ascii64[l & 0x3f]; + *buffer++ = ascii64[(l >> 18) & 0x3f]; + *buffer++ = ascii64[(l >> 12) & 0x3f]; + *buffer++ = ascii64[(l >> 6) & 0x3f]; + *buffer++ = ascii64[l & 0x3f]; l = r1 << 2; - *p++ = ascii64[(l >> 12) & 0x3f]; - *p++ = ascii64[(l >> 6) & 0x3f]; - *p++ = ascii64[l & 0x3f]; - *p = 0; + *buffer++ = ascii64[(l >> 12) & 0x3f]; + *buffer++ = ascii64[(l >> 6) & 0x3f]; + *buffer++ = ascii64[l & 0x3f]; + *buffer = '\0'; - return(output); + return (0); }