mirror of
https://github.com/openssl/openssl.git
synced 2025-01-18 13:44:20 +08:00
apps/passwd: remove the -crypt option.
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13313)
This commit is contained in:
Pauli
parent
93c87f745d
commit
c87a7f31a3
@ -23,6 +23,10 @@ OpenSSL 3.0
|
||||
|
||||
### Changes between 1.1.1 and 3.0 [xx XXX xxxx]
|
||||
|
||||
* The -crypt option to the passwd command line tool has been removed.
|
||||
|
||||
*Paul Dale*
|
||||
|
||||
* Add support for AES Key Wrap inverse ciphers to the EVP layer.
|
||||
The algorithms are:
|
||||
"AES-128-WRAP-INV", "AES-192-WRAP-INV", "AES-256-WRAP-INV",
|
||||
|
||||
@ -7,9 +7,6 @@
|
||||
* https://www.openssl.org/source/license.html
|
||||
*/
|
||||
|
||||
/* We need to use some deprecated APIs */
|
||||
#define OPENSSL_SUPPRESS_DEPRECATED
|
||||
|
||||
#include <string.h>
|
||||
|
||||
#include "apps.h"
|
||||
@ -41,7 +38,6 @@ static const char ascii_dollar[] = { 0x24, 0x00 };
|
||||
|
||||
typedef enum {
|
||||
passwd_unset = 0,
|
||||
passwd_crypt,
|
||||
passwd_md5,
|
||||
passwd_apr1,
|
||||
passwd_sha256,
|
||||
@ -57,7 +53,7 @@ typedef enum OPTION_choice {
|
||||
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
|
||||
OPT_IN,
|
||||
OPT_NOVERIFY, OPT_QUIET, OPT_TABLE, OPT_REVERSE, OPT_APR1,
|
||||
OPT_1, OPT_5, OPT_6, OPT_CRYPT, OPT_AIXMD5, OPT_SALT, OPT_STDIN,
|
||||
OPT_1, OPT_5, OPT_6, OPT_AIXMD5, OPT_SALT, OPT_STDIN,
|
||||
OPT_R_ENUM, OPT_PROV_ENUM
|
||||
} OPTION_CHOICE;
|
||||
|
||||
@ -85,9 +81,6 @@ const OPTIONS passwd_options[] = {
|
||||
{"apr1", OPT_APR1, '-', "MD5-based password algorithm, Apache variant"},
|
||||
{"1", OPT_1, '-', "MD5-based password algorithm"},
|
||||
{"aixmd5", OPT_AIXMD5, '-', "AIX MD5-based password algorithm"},
|
||||
#if !defined(OPENSSL_NO_DES) && !defined(OPENSSL_NO_DEPRECATED_3_0)
|
||||
{"crypt", OPT_CRYPT, '-', "Standard Unix password algorithm (default)"},
|
||||
#endif
|
||||
|
||||
OPT_R_OPTIONS,
|
||||
OPT_PROV_OPTIONS,
|
||||
@ -171,13 +164,6 @@ int passwd_main(int argc, char **argv)
|
||||
goto opthelp;
|
||||
mode = passwd_aixmd5;
|
||||
break;
|
||||
case OPT_CRYPT:
|
||||
#if !defined(OPENSSL_NO_DES) && !defined(OPENSSL_NO_DEPRECATED_3_0)
|
||||
if (mode != passwd_unset)
|
||||
goto opthelp;
|
||||
mode = passwd_crypt;
|
||||
#endif
|
||||
break;
|
||||
case OPT_SALT:
|
||||
passed_salt = 1;
|
||||
salt = opt_arg();
|
||||
@ -210,14 +196,9 @@ int passwd_main(int argc, char **argv)
|
||||
|
||||
if (mode == passwd_unset) {
|
||||
/* use default */
|
||||
mode = passwd_crypt;
|
||||
mode = passwd_md5;
|
||||
}
|
||||
|
||||
#if defined(OPENSSL_NO_DES) || defined(OPENSSL_NO_DEPRECATED_3_0)
|
||||
if (mode == passwd_crypt)
|
||||
goto opthelp;
|
||||
#endif
|
||||
|
||||
if (infile != NULL && in_stdin) {
|
||||
BIO_printf(bio_err, "%s: Can't combine -in and -stdin\n", prog);
|
||||
goto end;
|
||||
@ -233,9 +214,6 @@ int passwd_main(int argc, char **argv)
|
||||
goto end;
|
||||
}
|
||||
|
||||
if (mode == passwd_crypt)
|
||||
pw_maxlen = 8;
|
||||
|
||||
if (passwds == NULL) {
|
||||
/* no passwords on the command line */
|
||||
|
||||
@ -806,11 +784,6 @@ static int do_passwd(int passed_salt, char **salt_p, char **salt_malloc_p,
|
||||
size_t saltlen = 0;
|
||||
size_t i;
|
||||
|
||||
#if !defined(OPENSSL_NO_DES) && !defined(OPENSSL_NO_DEPRECATED_3_0)
|
||||
if (mode == passwd_crypt)
|
||||
saltlen = 2;
|
||||
#endif /* !OPENSSL_NO_DES */
|
||||
|
||||
if (mode == passwd_md5 || mode == passwd_apr1 || mode == passwd_aixmd5)
|
||||
saltlen = 8;
|
||||
|
||||
@ -849,10 +822,6 @@ static int do_passwd(int passed_salt, char **salt_p, char **salt_malloc_p,
|
||||
assert(strlen(passwd) <= pw_maxlen);
|
||||
|
||||
/* now compute password hash */
|
||||
#if !defined(OPENSSL_NO_DES) && !defined(OPENSSL_NO_DEPRECATED_3_0)
|
||||
if (mode == passwd_crypt)
|
||||
hash = DES_crypt(passwd, *salt_p);
|
||||
#endif
|
||||
if (mode == passwd_md5 || mode == passwd_apr1)
|
||||
hash = md5crypt(passwd, (mode == passwd_md5 ? "1" : "apr1"), *salt_p);
|
||||
if (mode == passwd_aixmd5)
|
||||
|
||||
@ -9,7 +9,6 @@ openssl-passwd - compute password hashes
|
||||
|
||||
B<openssl passwd>
|
||||
[B<-help>]
|
||||
[B<-crypt>]
|
||||
[B<-1>]
|
||||
[B<-apr1>]
|
||||
[B<-aixmd5>]
|
||||
@ -34,9 +33,8 @@ This command computes the hash of a password typed at
|
||||
run-time or the hash of each password in a list. The password list is
|
||||
taken from the named file for option B<-in>, from stdin for
|
||||
option B<-stdin>, or from the command line, or from the terminal otherwise.
|
||||
The Unix standard algorithm B<-crypt> and the MD5-based BSD password
|
||||
algorithm B<-1>, its Apache variant B<-apr1>, and its AIX variant are
|
||||
available.
|
||||
The MD5-based BSD password algorithm B<-1>, its Apache variant B<-apr1>,
|
||||
and its AIX variant are available.
|
||||
|
||||
=head1 OPTIONS
|
||||
|
||||
@ -46,13 +44,9 @@ available.
|
||||
|
||||
Print out a usage message.
|
||||
|
||||
=item B<-crypt>
|
||||
|
||||
Use the B<crypt> algorithm (default).
|
||||
|
||||
=item B<-1>
|
||||
|
||||
Use the MD5 based BSD password algorithm B<1>.
|
||||
Use the MD5 based BSD password algorithm B<1> (default).
|
||||
|
||||
=item B<-apr1>
|
||||
|
||||
@ -107,9 +101,6 @@ When the B<-table> option is used, reverse the order of cleartext and hash.
|
||||
|
||||
=head1 EXAMPLES
|
||||
|
||||
% openssl passwd -crypt -salt xx password
|
||||
xxj31ZMTZzkVA
|
||||
|
||||
% openssl passwd -1 -salt xxxxxxxx password
|
||||
$1$xxxxxxxx$UYCIxa628.9qXjpQCjM4a.
|
||||
|
||||
@ -119,6 +110,10 @@ When the B<-table> option is used, reverse the order of cleartext and hash.
|
||||
% openssl passwd -aixmd5 -salt xxxxxxxx password
|
||||
xxxxxxxx$8Oaipk/GPKhC64w/YVeFD/
|
||||
|
||||
=head1 HISTORY
|
||||
|
||||
The B<-crypt> option was removed in OpenSSL 3.0.
|
||||
|
||||
=head1 COPYRIGHT
|
||||
|
||||
Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved.
|
||||
|
||||
@ -76,12 +76,9 @@ my @sha_tests =
|
||||
expected => '$6$rounds=1000$roundstoolow$kUMsbe306n21p9R.FRkW3IGn.S9NPN0x50YhH1xhLsPuWGsUSklZt58jaTfF4ZEQpyUNGc0dqbpBYYBaHHrsX.' }
|
||||
);
|
||||
|
||||
plan tests => (disabled("des") || disabled('deprecated-3.0') ? 9 : 11) + scalar @sha_tests;
|
||||
plan tests => 9 + scalar @sha_tests;
|
||||
|
||||
|
||||
ok(compare1stline_re([qw{openssl passwd password}], '^.{13}\R$'),
|
||||
'crypt password with random salt')
|
||||
if !disabled("des") && !disabled('deprecated-3.0');
|
||||
ok(compare1stline_re([qw{openssl passwd -1 password}], '^\$1\$.{8}\$.{22}\R$'),
|
||||
'BSD style MD5 password with random salt');
|
||||
ok(compare1stline_re([qw{openssl passwd -apr1 password}], '^\$apr1\$.{8}\$.{22}\R$'),
|
||||
@ -91,9 +88,6 @@ ok(compare1stline_re([qw{openssl passwd -5 password}], '^\$5\$.{16}\$.{43}\R$'),
|
||||
ok(compare1stline_re([qw{openssl passwd -6 password}], '^\$6\$.{16}\$.{86}\R$'),
|
||||
'Apache SHA512 password with random salt');
|
||||
|
||||
ok(compare1stline([qw{openssl passwd -salt xx password}], 'xxj31ZMTZzkVA'),
|
||||
'crypt password with salt xx')
|
||||
if !disabled("des") && !disabled('deprecated-3.0');
|
||||
ok(compare1stline([qw{openssl passwd -salt xxxxxxxx -1 password}], '$1$xxxxxxxx$UYCIxa628.9qXjpQCjM4a.'),
|
||||
'BSD style MD5 password with salt xxxxxxxx');
|
||||
ok(compare1stline([qw{openssl passwd -salt xxxxxxxx -apr1 password}], '$apr1$xxxxxxxx$dxHfLAsjHkDRmG83UXe8K0'),
|
||||
|
||||
Loading…
Reference in New Issue
Block a user