passwd_md5,
passwd_apr1,
passwd_sha256,
- passwd_sha512
+ passwd_sha512,
+ passwd_aixmd5
} passwd_modes;
static int do_passwd(int passed_salt, char **salt_p, char **salt_malloc_p,
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
OPT_IN,
OPT_NOVERIFY, OPT_QUIET, OPT_TABLE, OPT_REVERSE, OPT_APR1,
- OPT_1, OPT_5, OPT_6, OPT_CRYPT, OPT_SALT, OPT_STDIN
+ OPT_1, OPT_5, OPT_6, OPT_CRYPT, OPT_AIXMD5, OPT_SALT, OPT_STDIN
} OPTION_CHOICE;
const OPTIONS passwd_options[] = {
# ifndef NO_MD5CRYPT_1
{"apr1", OPT_APR1, '-', "MD5-based password algorithm, Apache variant"},
{"1", OPT_1, '-', "MD5-based password algorithm"},
+ {"aixmd5", OPT_AIXMD5, '-', "AIX MD5-based password algorithm"},
# endif
# ifndef OPENSSL_NO_DES
{"crypt", OPT_CRYPT, '-', "Standard Unix password algorithm (default)"},
goto opthelp;
mode = passwd_apr1;
break;
+ case OPT_AIXMD5:
+ if (mode != passwd_unset)
+ goto opthelp;
+ mode = passwd_aixmd5;
+ break;
case OPT_CRYPT:
if (mode != passwd_unset)
goto opthelp;
goto opthelp;
# endif
# ifdef NO_MD5CRYPT_1
- if (mode == passwd_md5 || mode == passwd_apr1)
+ if (mode == passwd_md5 || mode == passwd_apr1 || mode == passwd_aixmd5)
goto opthelp;
# endif
# ifdef NO_SHACRYPT
size_t passwd_len, salt_len, magic_len;
passwd_len = strlen(passwd);
- out_buf[0] = '$';
- out_buf[1] = 0;
+
+ out_buf[0] = 0;
magic_len = strlen(magic);
- if (magic_len > 4) /* assert it's "1" or "apr1" */
- return NULL;
+ if (magic_len > 0) {
+ out_buf[0] = '$';
+ out_buf[1] = 0;
+
+ if (magic_len > 4) /* assert it's "1" or "apr1" */
+ return NULL;
+
+ OPENSSL_strlcat(out_buf, magic, sizeof out_buf);
+ OPENSSL_strlcat(out_buf, "$", sizeof out_buf);
+ }
- OPENSSL_strlcat(out_buf, magic, sizeof out_buf);
- OPENSSL_strlcat(out_buf, "$", sizeof out_buf);
OPENSSL_strlcat(out_buf, salt, sizeof out_buf);
if (strlen(out_buf) > 6 + 8) /* assert "$apr1$..salt.." */
return NULL;
- salt_out = out_buf + 2 + magic_len;
+ salt_out = out_buf;
+ if (magic_len > 0)
+ salt_out += 2 + magic_len;
salt_len = strlen(salt_out);
if (salt_len > 8)
md = EVP_MD_CTX_new();
if (md == NULL
|| !EVP_DigestInit_ex(md, EVP_md5(), NULL)
- || !EVP_DigestUpdate(md, passwd, passwd_len)
- || !EVP_DigestUpdate(md, "$", 1)
- || !EVP_DigestUpdate(md, magic, magic_len)
- || !EVP_DigestUpdate(md, "$", 1)
- || !EVP_DigestUpdate(md, salt_out, salt_len))
+ || !EVP_DigestUpdate(md, passwd, passwd_len))
+ goto err;
+
+ if (magic_len > 0)
+ if (!EVP_DigestUpdate(md, "$", 1)
+ || !EVP_DigestUpdate(md, magic, magic_len)
+ || !EVP_DigestUpdate(md, "$", 1))
+ goto err;
+
+ if (!EVP_DigestUpdate(md, salt_out, salt_len))
goto err;
md2 = EVP_MD_CTX_new();
# endif /* !OPENSSL_NO_DES */
# ifndef NO_MD5CRYPT_1
- if (mode == passwd_md5 || mode == passwd_apr1) {
+ if (mode == passwd_md5 || mode == passwd_apr1 || mode == passwd_aixmd5) {
int i;
if (*salt_malloc_p == NULL) {
# ifndef NO_MD5CRYPT_1
if (mode == passwd_md5 || mode == passwd_apr1)
hash = md5crypt(passwd, (mode == passwd_md5 ? "1" : "apr1"), *salt_p);
+ if (mode == passwd_aixmd5)
+ hash = md5crypt(passwd, "", *salt_p);
# endif
# ifndef NO_SHACRYPT
if (mode == passwd_sha256 || mode == passwd_sha512)
expected => '$6$rounds=1000$roundstoolow$kUMsbe306n21p9R.FRkW3IGn.S9NPN0x50YhH1xhLsPuWGsUSklZt58jaTfF4ZEQpyUNGc0dqbpBYYBaHHrsX.' }
);
-plan tests => (disabled("des") ? 8 : 10) + scalar @sha_tests;
+plan tests => (disabled("des") ? 9 : 11) + scalar @sha_tests;
ok(compare1stline_re([qw{openssl passwd password}], '^.{13}\R$'),
'BSD style MD5 password with salt xxxxxxxx');
ok(compare1stline([qw{openssl passwd -salt xxxxxxxx -apr1 password}], '$apr1$xxxxxxxx$dxHfLAsjHkDRmG83UXe8K0'),
'Apache style MD5 password with salt xxxxxxxx');
+ok(compare1stline([qw{openssl passwd -salt xxxxxxxx -aixmd5 password}], 'xxxxxxxx$8Oaipk/GPKhC64w/YVeFD/'),
+ 'AIX style MD5 password with salt xxxxxxxx');
ok(compare1stline([qw{openssl passwd -salt xxxxxxxxxxxxxxxx -5 password}], '$5$xxxxxxxxxxxxxxxx$fHytsM.wVD..zPN/h3i40WJRggt/1f73XkAC/gkelkB'),
'SHA256 password with salt xxxxxxxxxxxxxxxx');
ok(compare1stline([qw{openssl passwd -salt xxxxxxxxxxxxxxxx -6 password}], '$6$xxxxxxxxxxxxxxxx$VjGUrXBG6/8yW0f6ikBJVOb/lK/Tm9LxHJmFfwMvT7cpk64N9BW7ZQhNeMXAYFbOJ6HDG7wb0QpxJyYQn0rh81'),