Browse Source

remove md5crypt.

while changing things, add a crypt_checkpass wrapper that handles most of
the edge cases. (not quite ready for production, though.)
ok deraadt
OPENBSD_5_6
tedu 10 years ago
parent
commit
5d44aecec4
5 changed files with 65 additions and 195 deletions
  1. +3
    -3
      src/lib/libc/crypt/Makefile.inc
  2. +4
    -27
      src/lib/libc/crypt/crypt.3
  3. +4
    -5
      src/lib/libc/crypt/crypt.c
  4. +54
    -0
      src/lib/libc/crypt/cryptutil.c
  5. +0
    -160
      src/lib/libc/crypt/md5crypt.c

+ 3
- 3
src/lib/libc/crypt/Makefile.inc View File

@ -1,12 +1,12 @@
# $OpenBSD: Makefile.inc,v 1.19 2013/10/21 20:33:23 deraadt Exp $
# $OpenBSD: Makefile.inc,v 1.20 2014/05/12 19:13:14 tedu Exp $
.PATH: ${LIBCSRCDIR}/arch/${MACHINE_CPU}/crypt ${LIBCSRCDIR}/crypt
SRCS+= crypt.c crypt2.c md5crypt.c arc4random.c blowfish.c bcrypt.c
SRCS+= crypt.c crypt2.c cryptutil.c arc4random.c blowfish.c bcrypt.c
MAN+= crypt.3 blowfish.3 arc4random.3
MLINKS+=crypt.3 encrypt.3 crypt.3 setkey.3 crypt.3 des_cipher.3
MLINKS+=crypt.3 bcrypt_gensalt.3 crypt.3 bcrypt.3 crypt.3 md5crypt.3
MLINKS+=crypt.3 bcrypt_gensalt.3 crypt.3 bcrypt.3
MLINKS+=crypt.3 des_setkey.3 blowfish.3 blf_key.3 blowfish.3 blf_enc.3
MLINKS+=blowfish.3 blf_dec.3 blowfish.3 blf_ecb_encrypt.3
MLINKS+=blowfish.3 blf_ecb_decrypt.3 blowfish.3 blf_cbc_encrypt.3


+ 4
- 27
src/lib/libc/crypt/crypt.3 View File

@ -1,4 +1,4 @@
.\" $OpenBSD: crypt.3,v 1.34 2014/03/19 02:34:45 tedu Exp $
.\" $OpenBSD: crypt.3,v 1.35 2014/05/12 19:13:14 tedu Exp $
.\"
.\" FreeSec: libcrypt
.\"
@ -31,7 +31,7 @@
.\"
.\" Manual page, using -mandoc macros
.\"
.Dd $Mdocdate: March 19 2014 $
.Dd $Mdocdate: May 12 2014 $
.Dt CRYPT 3
.Os
.Sh NAME
@ -41,8 +41,7 @@
.Nm des_setkey ,
.Nm des_cipher ,
.Nm bcrypt_gensalt ,
.Nm bcrypt ,
.Nm md5crypt
.Nm bcrypt
.Nd password hashing
.Sh SYNOPSIS
.In stdlib.h
@ -63,8 +62,6 @@
.Fn bcrypt_gensalt "u_int8_t log_rounds"
.Ft char *
.Fn bcrypt "const char *key" "const char *salt"
.Ft char *
.Fn md5crypt "const char *key" "const char *salt"
.Sh DESCRIPTION
The
.Fn crypt
@ -88,9 +85,7 @@ If it begins
with a string character
.Pq Ql $
and a number then a different algorithm is used depending on the number.
At the moment a
.Ql $1
chooses MD5 hashing and a
At the moment
.Ql $2
chooses Blowfish hashing; see below for more information.
.Ss Extended crypt
@ -113,24 +108,6 @@ This allows 24 bits for both
.Fa count
and
.Fa salt .
.Ss "MD5" crypt
For
.Tn MD5
crypt the version number,
.Fa salt
and the hashed password are separated by the
.Ql $
character.
The maximum length of a password is limited by
the length counter of the MD5 context, which is about
2**64.
A valid MD5 password entry looks like this:
.Pp
.Dq $1$caeiHQwX$hsKqOjrFRRN6K32OWkCBf1 .
.Pp
The whole MD5 password string is passed as
.Fa setting
for interpretation.
.Ss "Blowfish" crypt
The
.Tn Blowfish


+ 4
- 5
src/lib/libc/crypt/crypt.c View File

@ -1,4 +1,4 @@
/* $OpenBSD: crypt.c,v 1.20 2005/08/08 08:05:33 espie Exp $ */
/* $OpenBSD: crypt.c,v 1.21 2014/05/12 19:13:14 tedu Exp $ */
/*
* FreeSec: libcrypt
@ -576,15 +576,14 @@ crypt(const char *key, const char *setting)
u_int32_t count, salt, l, r0, r1, keybuf[2];
u_char *p, *q;
static u_char output[21];
extern char *md5crypt(const char *, const char *);
extern char *bcrypt(const char *, const char *);
if (setting[0] == '$') {
switch (setting[1]) {
case '1':
return (md5crypt(key, setting));
default:
case '2':
return bcrypt(key, setting);
default:
return (NULL);
}
}


+ 54
- 0
src/lib/libc/crypt/cryptutil.c View File

@ -0,0 +1,54 @@
/* $OpenBSD: cryptutil.c,v 1.1 2014/05/12 19:13:14 tedu Exp $ */
/*
* Copyright (c) 2014 Ted Unangst <tedu@openbsd.org>
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
#include <stdlib.h>
#include <unistd.h>
#include <string.h>
#include <pwd.h>
#include <errno.h>
int
crypt_checkpass(const char *pass, const char *goodhash)
{
char dummy[_PASSWORD_LEN];
char *res;
if (goodhash == NULL) {
/* fake it */
bcrypt_newhash(pass, 8, dummy, sizeof(dummy));
goto fail;
}
/* empty password */
if (strlen(goodhash) == 0 && strlen(pass) == 0)
return 0;
if (goodhash[0] == '$' && goodhash[1] == '2') {
return bcrypt_checkpass(pass, goodhash);
}
/* have to do it the hard way */
res = crypt(pass, goodhash);
if (strlen(res) != strlen(goodhash) ||
timingsafe_bcmp(res, goodhash, strlen(goodhash)) != 0) {
goto fail;
}
return 0;
fail:
errno = EACCES;
return -1;
}

+ 0
- 160
src/lib/libc/crypt/md5crypt.c View File

@ -1,160 +0,0 @@
/* $OpenBSD: md5crypt.c,v 1.17 2014/04/03 15:55:29 beck Exp $ */
/*
* Copyright (c) 2000 Poul-Henning Kamp <phk@FreeBSD.org>
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
/*
* If we meet some day, and you think this stuff is worth it, you
* can buy me a beer in return. Poul-Henning Kamp
*/
#include <unistd.h>
#include <stdio.h>
#include <string.h>
#include <md5.h>
#include <string.h>
static unsigned char itoa64[] = /* 0 ... 63 => ascii - 64 */
"./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
static void to64(char *, u_int32_t, int);
static void
to64(char *s, u_int32_t v, int n)
{
while (--n >= 0) {
*s++ = itoa64[v&0x3f];
v >>= 6;
}
}
/*
* UNIX password
*
* Use MD5 for what it is best at...
*/
char *md5crypt(const char *pw, const char *salt);
char *
md5crypt(const char *pw, const char *salt)
{
/*
* This string is the magic for this algorithm.
* Having it this way, we can get better later on.
*/
static unsigned char *magic = (unsigned char *)"$1$";
static char passwd[120], *p;
static const unsigned char *sp,*ep;
unsigned char final[16];
int sl,pl,i;
MD5_CTX ctx,ctx1;
u_int32_t l;
/* Refine the salt first */
sp = (const unsigned char *)salt;
/* If it starts with the magic string, then skip that */
if(!strncmp((const char *)sp,(const char *)magic,strlen((const char *)magic)))
sp += strlen((const char *)magic);
/* It stops at the first '$', max 8 chars */
for(ep=sp;*ep && *ep != '$' && ep < (sp+8);ep++)
continue;
/* get the length of the true salt */
sl = ep - sp;
MD5Init(&ctx);
/* The password first, since that is what is most unknown */
MD5Update(&ctx,(const unsigned char *)pw,strlen(pw));
/* Then our magic string */
MD5Update(&ctx,magic,strlen((const char *)magic));
/* Then the raw salt */
MD5Update(&ctx,sp,sl);
/* Then just as many characters of the MD5(pw,salt,pw) */
MD5Init(&ctx1);
MD5Update(&ctx1,(const unsigned char *)pw,strlen(pw));
MD5Update(&ctx1,sp,sl);
MD5Update(&ctx1,(const unsigned char *)pw,strlen(pw));
MD5Final(final,&ctx1);
for(pl = strlen(pw); pl > 0; pl -= 16)
MD5Update(&ctx,final,pl>16 ? 16 : pl);
/* Don't leave anything around in vm they could use. */
memset(final,0,sizeof final);
/* Then something really weird... */
for (i = strlen(pw); i ; i >>= 1)
if(i&1)
MD5Update(&ctx, final, 1);
else
MD5Update(&ctx, (const unsigned char *)pw, 1);
/* Now make the output string */
snprintf(passwd, sizeof(passwd), "%s%.*s$", (char *)magic,
sl, (const char *)sp);
MD5Final(final,&ctx);
/*
* And now, just to make sure things don't run too fast
* On a 60 MHz Pentium this takes 34 msec, so you would
* need 30 seconds to build a 1000 entry dictionary...
* On a modern machine, with possible GPU optimization,
* this will run a lot faster than that.
*/
for(i=0;i<1000;i++) {
MD5Init(&ctx1);
if(i & 1)
MD5Update(&ctx1,(const unsigned char *)pw,strlen(pw));
else
MD5Update(&ctx1,final,16);
if(i % 3)
MD5Update(&ctx1,sp,sl);
if(i % 7)
MD5Update(&ctx1,(const unsigned char *)pw,strlen(pw));
if(i & 1)
MD5Update(&ctx1,final,16);
else
MD5Update(&ctx1,(const unsigned char *)pw,strlen(pw));
MD5Final(final,&ctx1);
}
p = passwd + strlen(passwd);
l = (final[ 0]<<16) | (final[ 6]<<8) | final[12]; to64(p,l,4); p += 4;
l = (final[ 1]<<16) | (final[ 7]<<8) | final[13]; to64(p,l,4); p += 4;
l = (final[ 2]<<16) | (final[ 8]<<8) | final[14]; to64(p,l,4); p += 4;
l = (final[ 3]<<16) | (final[ 9]<<8) | final[15]; to64(p,l,4); p += 4;
l = (final[ 4]<<16) | (final[10]<<8) | final[ 5]; to64(p,l,4); p += 4;
l = final[11] ; to64(p,l,2); p += 2;
*p = '\0';
/* Don't leave anything around in vm they could use. */
memset(final, 0, sizeof final);
return passwd;
}

Loading…
Cancel
Save