1 files changed, 84 insertions, 78 deletions
diff --git a/md5crypt.c b/md5crypt.c
index ba98ccccc..e14d53ac1 100644
--- a/md5crypt.c
+++ b/md5crypt.c
@@ -1,159 +1,165 @@
 /*
 * ----------------------------------------------------------------------------
 * "THE BEER-WARE LICENSE" (Revision 42):
- * <phk@login.dknet.dk> wrote this file.  As long as you retain this notice you
+ * <phk@login.dknet.dk> wrote this file.  As long as you retain this 
- * can do whatever you want with this stuff. If we meet some day, and you think
+ * notice you can do whatever you want with this stuff. If we meet some 
- * this stuff is worth it, you can buy me a beer in return.   Poul-Henning Kamp
+ * day, and you think this stuff is worth it, you can buy me a beer in 
+ * return.   Poul-Henning Kamp
 * ----------------------------------------------------------------------------
 */
-/*
- * Ported from FreeBSD to Linux, only minimal changes.  --marekm
- */
-/*
- * Adapted from shadow-19990607 by Tudor Bosman, tudorb@jm.nu
- */
 #include "includes.h"
-RCSID("$Id: md5crypt.c,v 1.5 2001/02/09 01:55:36 djm Exp $");
 #if defined(HAVE_MD5_PASSWORDS) && !defined(HAVE_MD5_CRYPT)
 #include <openssl/md5.h>
-static unsigned char itoa64[] =         /* 0 ... 63 => ascii - 64 */
+RCSID("$Id: md5crypt.c,v 1.7 2003/05/30 06:58:23 dtucker Exp $");
-        "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
+/* 0 ... 63 => ascii - 64 */
+static unsigned char itoa64[] =
+    "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
-static char     *magic = "$1$"; /*
+static char *magic = "$1$";
-                                 * This string is magic for
-                                 * this algorithm.  Having
-                                 * it this way, we can get
-                                 * get better later on
-                                 */
-static void
+static char *
-to64(char *s, unsigned long v, int n)
+to64(unsigned long v, int n)
 {
+        static char buf[5];
+        char *s = buf;
+        if (n > 4)
+                return (NULL);
+        memset(buf, '\0', sizeof(buf));
        while (--n >= 0) {
                *s++ = itoa64[v&0x3f];
                v >>= 6;
        }
+        
+        return (buf);
 }
 int
 is_md5_salt(const char *salt)
 {
-        return (!strncmp(salt, magic, strlen(magic)));
+        return (strncmp(salt, magic, strlen(magic)) == 0);
 }
-/*
- * UNIX password
- *
- * Use MD5 for what it is best at...
- */
 char *
 md5_crypt(const char *pw, const char *salt)
 {
-        static char     passwd[120], *p;
+        static char passwd[120], salt_copy[9], *p;
-        static const char *sp,*ep;
+        static const char *sp, *ep;
-        unsigned char   final[16];
+        unsigned char final[16];
-        int sl,pl,i,j;
+        int sl, pl, i, j;
-        MD5_CTX ctx,ctx1;
+        MD5_CTX ctx, ctx1;
        unsigned long l;
        /* Refine the Salt first */
        sp = salt;
        /* If it starts with the magic string, then skip that */
-        if(!strncmp(sp,magic,strlen(magic)))
+        if(strncmp(sp, magic, strlen(magic)) == 0)
                sp += strlen(magic);
        /* It stops at the first '$', max 8 chars */
-        for(ep=sp;*ep && *ep != '$' && ep < (sp+8);ep++)
+        for (ep = sp; *ep != '$'; ep++) {
-                continue;
+                if (*ep == '\0' || ep >= (sp + 8))
+                        return (NULL);
+        }
        /* get the length of the true salt */
        sl = ep - sp;
+        /* Stash the salt */
+        memcpy(salt_copy, sp, sl);
+        salt_copy[sl] = '\0';
        MD5_Init(&ctx);
        /* The password first, since that is what is most unknown */
-        MD5_Update(&ctx,pw,strlen(pw));
+        MD5_Update(&ctx, pw, strlen(pw));
        /* Then our magic string */
-        MD5_Update(&ctx,magic,strlen(magic));
+        MD5_Update(&ctx, magic, strlen(magic));
        /* Then the raw salt */
-        MD5_Update(&ctx,sp,sl);
+        MD5_Update(&ctx, sp, sl);
-        /* Then just as many characters of the MD5(pw,salt,pw) */
+        /* Then just as many characters of the MD5(pw, salt, pw) */
        MD5_Init(&ctx1);
-        MD5_Update(&ctx1,pw,strlen(pw));
+        MD5_Update(&ctx1, pw, strlen(pw));
-        MD5_Update(&ctx1,sp,sl);
+        MD5_Update(&ctx1, sp, sl);
-        MD5_Update(&ctx1,pw,strlen(pw));
+        MD5_Update(&ctx1, pw, strlen(pw));
-        MD5_Final(final,&ctx1);
+        MD5_Final(final, &ctx1);
        for(pl = strlen(pw); pl > 0; pl -= 16)
-                MD5_Update(&ctx,final,pl>16 ? 16 : pl);
+                MD5_Update(&ctx, final, pl > 16 ? 16 : pl);
        /* Don't leave anything around in vm they could use. */
-        memset(final,0,sizeof final);
+        memset(final, '\0', sizeof final);
        /* Then something really weird... */
-        for (j=0,i = strlen(pw); i ; i >>= 1)
+        for (j = 0, i = strlen(pw); i != 0; i >>= 1)
-                if(i&1)
+                if (i & 1)
-                    MD5_Update(&ctx, final+j, 1);
+                        MD5_Update(&ctx, final + j, 1);
                else
-                    MD5_Update(&ctx, pw+j, 1);
+                        MD5_Update(&ctx, pw + j, 1);
        /* Now make the output string */
-        strcpy(passwd,magic);
+        snprintf(passwd, sizeof(passwd), "%s%s$", magic, salt_copy);
-        strncat(passwd,sp,sl);
-        strcat(passwd,"$");
-        MD5_Final(final,&ctx);
+        MD5_Final(final, &ctx);
        /*
         * and now, just to make sure things don't run too fast
         * On a 60 Mhz Pentium this takes 34 msec, so you would
         * need 30 seconds to build a 1000 entry dictionary...
         */
-        for(i=0;i<1000;i++) {
+        for(i = 0; i < 1000; i++) {
                MD5_Init(&ctx1);
-                if(i & 1)
+                if (i & 1)
-                        MD5_Update(&ctx1,pw,strlen(pw));
+                        MD5_Update(&ctx1, pw, strlen(pw));
                else
-                        MD5_Update(&ctx1,final,16);
+                        MD5_Update(&ctx1, final, 16);
-                if(i % 3)
+                if (i % 3)
-                        MD5_Update(&ctx1,sp,sl);
+                        MD5_Update(&ctx1, sp, sl);
-                if(i % 7)
+                if (i % 7)
-                        MD5_Update(&ctx1,pw,strlen(pw));
+                        MD5_Update(&ctx1, pw, strlen(pw));
-                if(i & 1)
+                if (i & 1)
-                        MD5_Update(&ctx1,final,16);
+                        MD5_Update(&ctx1, final, 16);
                else
-                        MD5_Update(&ctx1,pw,strlen(pw));
+                        MD5_Update(&ctx1, pw, strlen(pw));
-                MD5_Final(final,&ctx1);
+                MD5_Final(final, &ctx1);
        }
        p = passwd + strlen(passwd);
-        l = (final[ 0]<<16) | (final[ 6]<<8) | final[12]; to64(p,l,4); p += 4;
+        l = (final[ 0]<<16) | (final[ 6]<<8) | final[12];
-        l = (final[ 1]<<16) | (final[ 7]<<8) | final[13]; to64(p,l,4); p += 4;
+        strlcat(passwd, to64(l, 4), sizeof(passwd));
-        l = (final[ 2]<<16) | (final[ 8]<<8) | final[14]; to64(p,l,4); p += 4;
+        l = (final[ 1]<<16) | (final[ 7]<<8) | final[13];
-        l = (final[ 3]<<16) | (final[ 9]<<8) | final[15]; to64(p,l,4); p += 4;
+        strlcat(passwd, to64(l, 4), sizeof(passwd));
-        l = (final[ 4]<<16) | (final[10]<<8) | final[ 5]; to64(p,l,4); p += 4;
+        l = (final[ 2]<<16) | (final[ 8]<<8) | final[14];
-        l =                    final[11]                ; to64(p,l,2); p += 2;
+        strlcat(passwd, to64(l, 4), sizeof(passwd));
-        *p = '\0';
+        l = (final[ 3]<<16) | (final[ 9]<<8) | final[15];
+        strlcat(passwd, to64(l, 4), sizeof(passwd));
+        l = (final[ 4]<<16) | (final[10]<<8) | final[ 5];
+        strlcat(passwd, to64(l, 4), sizeof(passwd));
+        l =                    final[11]                ;
+        strlcat(passwd, to64(l, 2), sizeof(passwd));
        /* Don't leave anything around in vm they could use. */
-        memset(final,0,sizeof final);
+        memset(final, 0, sizeof(final));
+        memset(salt_copy, 0, sizeof(salt_copy));
+        memset(&ctx, 0, sizeof(ctx));
+        memset(&ctx1, 0, sizeof(ctx1));
+        (void)to64(0, 4);
-        return passwd;
+        return (passwd);
 }
 #endif /* defined(HAVE_MD5_PASSWORDS) && !defined(HAVE_MD5_CRYPT) */

diff --git a/md5crypt.c b/md5crypt.c index ba98ccccc..e14d53ac1 100644 --- a/md5crypt.c +++ b/md5crypt.c
@@ -1,159 +1,165 @@
1	/*	1	/*
2	* ----------------------------------------------------------------------------	2	* ----------------------------------------------------------------------------
3	* "THE BEER-WARE LICENSE" (Revision 42):	3	* "THE BEER-WARE LICENSE" (Revision 42):
4	* <phk@login.dknet.dk> wrote this file. As long as you retain this notice you	4	* <phk@login.dknet.dk> wrote this file. As long as you retain this
5	* can do whatever you want with this stuff. If we meet some day, and you think	5	* notice you can do whatever you want with this stuff. If we meet some
6	* this stuff is worth it, you can buy me a beer in return. Poul-Henning Kamp	6	* day, and you think this stuff is worth it, you can buy me a beer in
		7	* return. Poul-Henning Kamp
7	* ----------------------------------------------------------------------------	8	* ----------------------------------------------------------------------------
8	*/	9	*/
9		10
10	/*
11	* Ported from FreeBSD to Linux, only minimal changes. --marekm
12	*/
13
14	/*
15	* Adapted from shadow-19990607 by Tudor Bosman, tudorb@jm.nu
16	*/
17
18	#include "includes.h"	11	#include "includes.h"
19		12
20	RCSID("$Id: md5crypt.c,v 1.5 2001/02/09 01:55:36 djm Exp $");
21
22	#if defined(HAVE_MD5_PASSWORDS) && !defined(HAVE_MD5_CRYPT)	13	#if defined(HAVE_MD5_PASSWORDS) && !defined(HAVE_MD5_CRYPT)
23
24	#include <openssl/md5.h>	14	#include <openssl/md5.h>
25		15
26	static unsigned char itoa64[] = /* 0 ... 63 => ascii - 64 */	16	RCSID("$Id: md5crypt.c,v 1.7 2003/05/30 06:58:23 dtucker Exp $");
27	"./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";	17
		18	/* 0 ... 63 => ascii - 64 */
		19	static unsigned char itoa64[] =
		20	"./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
28		21
29	static char magic = "$1$"; /	22	static char *magic = "$1$";
30	* This string is magic for
31	* this algorithm. Having
32	* it this way, we can get
33	* get better later on
34	*/
35		23
36	static void	24	static char *
37	to64(char *s, unsigned long v, int n)	25	to64(unsigned long v, int n)
38	{	26	{
		27	static char buf[5];
		28	char *s = buf;
		29
		30	if (n > 4)
		31	return (NULL);
		32
		33	memset(buf, '\0', sizeof(buf));
39	while (--n >= 0) {	34	while (--n >= 0) {
40	*s++ = itoa64[v&0x3f];	35	*s++ = itoa64[v&0x3f];
41	v >>= 6;	36	v >>= 6;
42	}	37	}
		38
		39	return (buf);
43	}	40	}
44		41
45	int	42	int
46	is_md5_salt(const char *salt)	43	is_md5_salt(const char *salt)
47	{	44	{
48	return (!strncmp(salt, magic, strlen(magic)));	45	return (strncmp(salt, magic, strlen(magic)) == 0);
49	}	46	}
50		47
51	/*
52	* UNIX password
53	*
54	* Use MD5 for what it is best at...
55	*/
56
57	char *	48	char *
58	md5_crypt(const char pw, const char salt)	49	md5_crypt(const char pw, const char salt)
59	{	50	{
60	static char passwd[120], *p;	51	static char passwd[120], salt_copy[9], *p;
61	static const char sp,ep;	52	static const char sp, ep;
62	unsigned char final[16];	53	unsigned char final[16];
63	int sl,pl,i,j;	54	int sl, pl, i, j;
64	MD5_CTX ctx,ctx1;	55	MD5_CTX ctx, ctx1;
65	unsigned long l;	56	unsigned long l;
66		57
67	/* Refine the Salt first */	58	/* Refine the Salt first */
68	sp = salt;	59	sp = salt;
69		60
70	/* If it starts with the magic string, then skip that */	61	/* If it starts with the magic string, then skip that */
71	if(!strncmp(sp,magic,strlen(magic)))	62	if(strncmp(sp, magic, strlen(magic)) == 0)
72	sp += strlen(magic);	63	sp += strlen(magic);
73		64
74	/* It stops at the first '$', max 8 chars */	65	/* It stops at the first '$', max 8 chars */
75	for(ep=sp;ep && ep != '$' && ep < (sp+8);ep++)	66	for (ep = sp; *ep != '$'; ep++) {
76	continue;	67	if (*ep == '\0' \|\| ep >= (sp + 8))
		68	return (NULL);
		69	}
77		70
78	/* get the length of the true salt */	71	/* get the length of the true salt */
79	sl = ep - sp;	72	sl = ep - sp;
80		73
		74	/* Stash the salt */
		75	memcpy(salt_copy, sp, sl);
		76	salt_copy[sl] = '\0';
		77
81	MD5_Init(&ctx);	78	MD5_Init(&ctx);
82		79
83	/* The password first, since that is what is most unknown */	80	/* The password first, since that is what is most unknown */
84	MD5_Update(&ctx,pw,strlen(pw));	81	MD5_Update(&ctx, pw, strlen(pw));
85		82
86	/* Then our magic string */	83	/* Then our magic string */
87	MD5_Update(&ctx,magic,strlen(magic));	84	MD5_Update(&ctx, magic, strlen(magic));
88		85
89	/* Then the raw salt */	86	/* Then the raw salt */
90	MD5_Update(&ctx,sp,sl);	87	MD5_Update(&ctx, sp, sl);
91		88
92	/* Then just as many characters of the MD5(pw,salt,pw) */	89	/* Then just as many characters of the MD5(pw, salt, pw) */
93	MD5_Init(&ctx1);	90	MD5_Init(&ctx1);
94	MD5_Update(&ctx1,pw,strlen(pw));	91	MD5_Update(&ctx1, pw, strlen(pw));
95	MD5_Update(&ctx1,sp,sl);	92	MD5_Update(&ctx1, sp, sl);
96	MD5_Update(&ctx1,pw,strlen(pw));	93	MD5_Update(&ctx1, pw, strlen(pw));
97	MD5_Final(final,&ctx1);	94	MD5_Final(final, &ctx1);
		95
98	for(pl = strlen(pw); pl > 0; pl -= 16)	96	for(pl = strlen(pw); pl > 0; pl -= 16)
99	MD5_Update(&ctx,final,pl>16 ? 16 : pl);	97	MD5_Update(&ctx, final, pl > 16 ? 16 : pl);
100		98
101	/* Don't leave anything around in vm they could use. */	99	/* Don't leave anything around in vm they could use. */
102	memset(final,0,sizeof final);	100	memset(final, '\0', sizeof final);
103		101
104	/* Then something really weird... */	102	/* Then something really weird... */
105	for (j=0,i = strlen(pw); i ; i >>= 1)	103	for (j = 0, i = strlen(pw); i != 0; i >>= 1)
106	if(i&1)	104	if (i & 1)
107	MD5_Update(&ctx, final+j, 1);	105	MD5_Update(&ctx, final + j, 1);
108	else	106	else
109	MD5_Update(&ctx, pw+j, 1);	107	MD5_Update(&ctx, pw + j, 1);
110		108
111	/* Now make the output string */	109	/* Now make the output string */
112	strcpy(passwd,magic);	110	snprintf(passwd, sizeof(passwd), "%s%s$", magic, salt_copy);
113	strncat(passwd,sp,sl);
114	strcat(passwd,"$");
115		111
116	MD5_Final(final,&ctx);	112	MD5_Final(final, &ctx);
117		113
118	/*	114	/*
119	* and now, just to make sure things don't run too fast	115	* and now, just to make sure things don't run too fast
120	* On a 60 Mhz Pentium this takes 34 msec, so you would	116	* On a 60 Mhz Pentium this takes 34 msec, so you would
121	* need 30 seconds to build a 1000 entry dictionary...	117	* need 30 seconds to build a 1000 entry dictionary...
122	*/	118	*/
123	for(i=0;i<1000;i++) {	119	for(i = 0; i < 1000; i++) {
124	MD5_Init(&ctx1);	120	MD5_Init(&ctx1);
125	if(i & 1)	121	if (i & 1)
126	MD5_Update(&ctx1,pw,strlen(pw));	122	MD5_Update(&ctx1, pw, strlen(pw));
127	else	123	else
128	MD5_Update(&ctx1,final,16);	124	MD5_Update(&ctx1, final, 16);
129		125
130	if(i % 3)	126	if (i % 3)
131	MD5_Update(&ctx1,sp,sl);	127	MD5_Update(&ctx1, sp, sl);
132		128
133	if(i % 7)	129	if (i % 7)
134	MD5_Update(&ctx1,pw,strlen(pw));	130	MD5_Update(&ctx1, pw, strlen(pw));
135		131
136	if(i & 1)	132	if (i & 1)
137	MD5_Update(&ctx1,final,16);	133	MD5_Update(&ctx1, final, 16);
138	else	134	else
139	MD5_Update(&ctx1,pw,strlen(pw));	135	MD5_Update(&ctx1, pw, strlen(pw));
140	MD5_Final(final,&ctx1);	136
		137	MD5_Final(final, &ctx1);
141	}	138	}
142		139
143	p = passwd + strlen(passwd);	140	p = passwd + strlen(passwd);
144		141
145	l = (final[ 0]<<16) \| (final[ 6]<<8) \| final[12]; to64(p,l,4); p += 4;	142	l = (final[ 0]<<16) \| (final[ 6]<<8) \| final[12];
146	l = (final[ 1]<<16) \| (final[ 7]<<8) \| final[13]; to64(p,l,4); p += 4;	143	strlcat(passwd, to64(l, 4), sizeof(passwd));
147	l = (final[ 2]<<16) \| (final[ 8]<<8) \| final[14]; to64(p,l,4); p += 4;	144	l = (final[ 1]<<16) \| (final[ 7]<<8) \| final[13];
148	l = (final[ 3]<<16) \| (final[ 9]<<8) \| final[15]; to64(p,l,4); p += 4;	145	strlcat(passwd, to64(l, 4), sizeof(passwd));
149	l = (final[ 4]<<16) \| (final[10]<<8) \| final[ 5]; to64(p,l,4); p += 4;	146	l = (final[ 2]<<16) \| (final[ 8]<<8) \| final[14];
150	l = final[11] ; to64(p,l,2); p += 2;	147	strlcat(passwd, to64(l, 4), sizeof(passwd));
151	*p = '\0';	148	l = (final[ 3]<<16) \| (final[ 9]<<8) \| final[15];
		149	strlcat(passwd, to64(l, 4), sizeof(passwd));
		150	l = (final[ 4]<<16) \| (final[10]<<8) \| final[ 5];
		151	strlcat(passwd, to64(l, 4), sizeof(passwd));
		152	l = final[11] ;
		153	strlcat(passwd, to64(l, 2), sizeof(passwd));
152		154
153	/* Don't leave anything around in vm they could use. */	155	/* Don't leave anything around in vm they could use. */
154	memset(final,0,sizeof final);	156	memset(final, 0, sizeof(final));
		157	memset(salt_copy, 0, sizeof(salt_copy));
		158	memset(&ctx, 0, sizeof(ctx));
		159	memset(&ctx1, 0, sizeof(ctx1));
		160	(void)to64(0, 4);
155		161
156	return passwd;	162	return (passwd);
157	}	163	}
158		164
159	#endif /* defined(HAVE_MD5_PASSWORDS) && !defined(HAVE_MD5_CRYPT) */	165	#endif /* defined(HAVE_MD5_PASSWORDS) && !defined(HAVE_MD5_CRYPT) */