[openssl] master update
Dr. Paul Dale
pauli at openssl.org
Wed Nov 11 22:37:04 UTC 2020
The branch master has been updated
via c87a7f31a3db97376d764583ad5ee4a76db2cbef (commit)
from 93c87f745d5694b829d5b52d371d478b063a1fba (commit)
- Log -----------------------------------------------------------------
commit c87a7f31a3db97376d764583ad5ee4a76db2cbef
Author: Pauli <paul.dale at oracle.com>
Date: Wed Nov 4 22:34:52 2020 +1000
apps/passwd: remove the -crypt option.
Reviewed-by: Matt Caswell <matt at openssl.org>
Reviewed-by: Richard Levitte <levitte at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13313)
-----------------------------------------------------------------------
Summary of changes:
CHANGES.md | 4 ++++
apps/passwd.c | 35 ++---------------------------------
doc/man1/openssl-passwd.pod.in | 19 +++++++------------
test/recipes/20-test_passwd.t | 8 +-------
4 files changed, 14 insertions(+), 52 deletions(-)
diff --git a/CHANGES.md b/CHANGES.md
index 1388167577..3f4b9e6a0a 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -23,6 +23,10 @@ OpenSSL 3.0
### Changes between 1.1.1 and 3.0 [xx XXX xxxx]
+ * The -crypt option to the passwd command line tool has been removed.
+
+ *Paul Dale*
+
* Add support for AES Key Wrap inverse ciphers to the EVP layer.
The algorithms are:
"AES-128-WRAP-INV", "AES-192-WRAP-INV", "AES-256-WRAP-INV",
diff --git a/apps/passwd.c b/apps/passwd.c
index 5ddcfe1c57..5bf031566a 100644
--- a/apps/passwd.c
+++ b/apps/passwd.c
@@ -7,9 +7,6 @@
* https://www.openssl.org/source/license.html
*/
-/* We need to use some deprecated APIs */
-#define OPENSSL_SUPPRESS_DEPRECATED
-
#include <string.h>
#include "apps.h"
@@ -41,7 +38,6 @@ static const char ascii_dollar[] = { 0x24, 0x00 };
typedef enum {
passwd_unset = 0,
- passwd_crypt,
passwd_md5,
passwd_apr1,
passwd_sha256,
@@ -57,7 +53,7 @@ typedef enum OPTION_choice {
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
OPT_IN,
OPT_NOVERIFY, OPT_QUIET, OPT_TABLE, OPT_REVERSE, OPT_APR1,
- OPT_1, OPT_5, OPT_6, OPT_CRYPT, OPT_AIXMD5, OPT_SALT, OPT_STDIN,
+ OPT_1, OPT_5, OPT_6, OPT_AIXMD5, OPT_SALT, OPT_STDIN,
OPT_R_ENUM, OPT_PROV_ENUM
} OPTION_CHOICE;
@@ -85,9 +81,6 @@ const OPTIONS passwd_options[] = {
{"apr1", OPT_APR1, '-', "MD5-based password algorithm, Apache variant"},
{"1", OPT_1, '-', "MD5-based password algorithm"},
{"aixmd5", OPT_AIXMD5, '-', "AIX MD5-based password algorithm"},
-#if !defined(OPENSSL_NO_DES) && !defined(OPENSSL_NO_DEPRECATED_3_0)
- {"crypt", OPT_CRYPT, '-', "Standard Unix password algorithm (default)"},
-#endif
OPT_R_OPTIONS,
OPT_PROV_OPTIONS,
@@ -171,13 +164,6 @@ int passwd_main(int argc, char **argv)
goto opthelp;
mode = passwd_aixmd5;
break;
- case OPT_CRYPT:
-#if !defined(OPENSSL_NO_DES) && !defined(OPENSSL_NO_DEPRECATED_3_0)
- if (mode != passwd_unset)
- goto opthelp;
- mode = passwd_crypt;
-#endif
- break;
case OPT_SALT:
passed_salt = 1;
salt = opt_arg();
@@ -210,14 +196,9 @@ int passwd_main(int argc, char **argv)
if (mode == passwd_unset) {
/* use default */
- mode = passwd_crypt;
+ mode = passwd_md5;
}
-#if defined(OPENSSL_NO_DES) || defined(OPENSSL_NO_DEPRECATED_3_0)
- if (mode == passwd_crypt)
- goto opthelp;
-#endif
-
if (infile != NULL && in_stdin) {
BIO_printf(bio_err, "%s: Can't combine -in and -stdin\n", prog);
goto end;
@@ -233,9 +214,6 @@ int passwd_main(int argc, char **argv)
goto end;
}
- if (mode == passwd_crypt)
- pw_maxlen = 8;
-
if (passwds == NULL) {
/* no passwords on the command line */
@@ -806,11 +784,6 @@ static int do_passwd(int passed_salt, char **salt_p, char **salt_malloc_p,
size_t saltlen = 0;
size_t i;
-#if !defined(OPENSSL_NO_DES) && !defined(OPENSSL_NO_DEPRECATED_3_0)
- if (mode == passwd_crypt)
- saltlen = 2;
-#endif /* !OPENSSL_NO_DES */
-
if (mode == passwd_md5 || mode == passwd_apr1 || mode == passwd_aixmd5)
saltlen = 8;
@@ -849,10 +822,6 @@ static int do_passwd(int passed_salt, char **salt_p, char **salt_malloc_p,
assert(strlen(passwd) <= pw_maxlen);
/* now compute password hash */
-#if !defined(OPENSSL_NO_DES) && !defined(OPENSSL_NO_DEPRECATED_3_0)
- if (mode == passwd_crypt)
- hash = DES_crypt(passwd, *salt_p);
-#endif
if (mode == passwd_md5 || mode == passwd_apr1)
hash = md5crypt(passwd, (mode == passwd_md5 ? "1" : "apr1"), *salt_p);
if (mode == passwd_aixmd5)
diff --git a/doc/man1/openssl-passwd.pod.in b/doc/man1/openssl-passwd.pod.in
index 30159e35bf..8e1f6f2de7 100644
--- a/doc/man1/openssl-passwd.pod.in
+++ b/doc/man1/openssl-passwd.pod.in
@@ -9,7 +9,6 @@ openssl-passwd - compute password hashes
B<openssl passwd>
[B<-help>]
-[B<-crypt>]
[B<-1>]
[B<-apr1>]
[B<-aixmd5>]
@@ -34,9 +33,8 @@ This command computes the hash of a password typed at
run-time or the hash of each password in a list. The password list is
taken from the named file for option B<-in>, from stdin for
option B<-stdin>, or from the command line, or from the terminal otherwise.
-The Unix standard algorithm B<-crypt> and the MD5-based BSD password
-algorithm B<-1>, its Apache variant B<-apr1>, and its AIX variant are
-available.
+The MD5-based BSD password algorithm B<-1>, its Apache variant B<-apr1>,
+and its AIX variant are available.
=head1 OPTIONS
@@ -46,13 +44,9 @@ available.
Print out a usage message.
-=item B<-crypt>
-
-Use the B<crypt> algorithm (default).
-
=item B<-1>
-Use the MD5 based BSD password algorithm B<1>.
+Use the MD5 based BSD password algorithm B<1> (default).
=item B<-apr1>
@@ -107,9 +101,6 @@ When the B<-table> option is used, reverse the order of cleartext and hash.
=head1 EXAMPLES
- % openssl passwd -crypt -salt xx password
- xxj31ZMTZzkVA
-
% openssl passwd -1 -salt xxxxxxxx password
$1$xxxxxxxx$UYCIxa628.9qXjpQCjM4a.
@@ -119,6 +110,10 @@ When the B<-table> option is used, reverse the order of cleartext and hash.
% openssl passwd -aixmd5 -salt xxxxxxxx password
xxxxxxxx$8Oaipk/GPKhC64w/YVeFD/
+=head1 HISTORY
+
+The B<-crypt> option was removed in OpenSSL 3.0.
+
=head1 COPYRIGHT
Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/test/recipes/20-test_passwd.t b/test/recipes/20-test_passwd.t
index 65d6e0d25d..9707ecc3f2 100644
--- a/test/recipes/20-test_passwd.t
+++ b/test/recipes/20-test_passwd.t
@@ -76,12 +76,9 @@ my @sha_tests =
expected => '$6$rounds=1000$roundstoolow$kUMsbe306n21p9R.FRkW3IGn.S9NPN0x50YhH1xhLsPuWGsUSklZt58jaTfF4ZEQpyUNGc0dqbpBYYBaHHrsX.' }
);
-plan tests => (disabled("des") || disabled('deprecated-3.0') ? 9 : 11) + scalar @sha_tests;
+plan tests => 9 + scalar @sha_tests;
-ok(compare1stline_re([qw{openssl passwd password}], '^.{13}\R$'),
- 'crypt password with random salt')
- if !disabled("des") && !disabled('deprecated-3.0');
ok(compare1stline_re([qw{openssl passwd -1 password}], '^\$1\$.{8}\$.{22}\R$'),
'BSD style MD5 password with random salt');
ok(compare1stline_re([qw{openssl passwd -apr1 password}], '^\$apr1\$.{8}\$.{22}\R$'),
@@ -91,9 +88,6 @@ ok(compare1stline_re([qw{openssl passwd -5 password}], '^\$5\$.{16}\$.{43}\R$'),
ok(compare1stline_re([qw{openssl passwd -6 password}], '^\$6\$.{16}\$.{86}\R$'),
'Apache SHA512 password with random salt');
-ok(compare1stline([qw{openssl passwd -salt xx password}], 'xxj31ZMTZzkVA'),
- 'crypt password with salt xx')
- if !disabled("des") && !disabled('deprecated-3.0');
ok(compare1stline([qw{openssl passwd -salt xxxxxxxx -1 password}], '$1$xxxxxxxx$UYCIxa628.9qXjpQCjM4a.'),
'BSD style MD5 password with salt xxxxxxxx');
ok(compare1stline([qw{openssl passwd -salt xxxxxxxx -apr1 password}], '$apr1$xxxxxxxx$dxHfLAsjHkDRmG83UXe8K0'),
More information about the openssl-commits
mailing list