remove md5crypt.

while changing things, add a crypt_checkpass wrapper that handles most of
the edge cases. (not quite ready for production, though.)
ok deraadt

5 files changed, 65 insertions, 195 deletions

diff --git a/src/lib/libc/crypt/Makefile.inc b/src/lib/libc/crypt/Makefile.inc
index c852523372..3676d7f646 100644
--- a/src/lib/libc/crypt/Makefile.inc
+++ b/src/lib/libc/crypt/Makefile.inc
@@ -1,12 +1,12 @@
-#       $OpenBSD: Makefile.inc,v 1.19 2013/10/21 20:33:23 deraadt Exp $
+#       $OpenBSD: Makefile.inc,v 1.20 2014/05/12 19:13:14 tedu Exp $
 
 .PATH: ${LIBCSRCDIR}/arch/${MACHINE_CPU}/crypt ${LIBCSRCDIR}/crypt
 
-SRCS+=  crypt.c crypt2.c md5crypt.c arc4random.c blowfish.c bcrypt.c
+SRCS+=  crypt.c crypt2.c cryptutil.c arc4random.c blowfish.c bcrypt.c
 
 MAN+=   crypt.3 blowfish.3 arc4random.3
 MLINKS+=crypt.3 encrypt.3 crypt.3 setkey.3 crypt.3 des_cipher.3
-MLINKS+=crypt.3 bcrypt_gensalt.3 crypt.3 bcrypt.3 crypt.3 md5crypt.3
+MLINKS+=crypt.3 bcrypt_gensalt.3 crypt.3 bcrypt.3
 MLINKS+=crypt.3 des_setkey.3 blowfish.3 blf_key.3 blowfish.3 blf_enc.3
 MLINKS+=blowfish.3 blf_dec.3 blowfish.3 blf_ecb_encrypt.3
 MLINKS+=blowfish.3 blf_ecb_decrypt.3 blowfish.3 blf_cbc_encrypt.3
diff --git a/src/lib/libc/crypt/crypt.3 b/src/lib/libc/crypt/crypt.3
index f4a78781da..b8777e39ca 100644
--- a/src/lib/libc/crypt/crypt.3
+++ b/src/lib/libc/crypt/crypt.3
@@ -1,4 +1,4 @@
-.\" $OpenBSD: crypt.3,v 1.34 2014/03/19 02:34:45 tedu Exp $
+.\" $OpenBSD: crypt.3,v 1.35 2014/05/12 19:13:14 tedu Exp $
 .\"
 .\" FreeSec: libcrypt
 .\"
@@ -31,7 +31,7 @@
 .\"
 .\" Manual page, using -mandoc macros
 .\"
-.Dd $Mdocdate: March 19 2014 $
+.Dd $Mdocdate: May 12 2014 $
 .Dt CRYPT 3
 .Os
 .Sh NAME
@@ -41,8 +41,7 @@
 .Nm des_setkey ,
 .Nm des_cipher ,
 .Nm bcrypt_gensalt ,
-.Nm bcrypt ,
-.Nm md5crypt
+.Nm bcrypt
 .Nd password hashing
 .Sh SYNOPSIS
 .In stdlib.h
@@ -63,8 +62,6 @@
 .Fn bcrypt_gensalt "u_int8_t log_rounds"
 .Ft char *
 .Fn bcrypt "const char *key" "const char *salt"
-.Ft char *
-.Fn md5crypt "const char *key" "const char *salt"
 .Sh DESCRIPTION
 The
 .Fn crypt
@@ -88,9 +85,7 @@ If it begins
 with a string character
 .Pq Ql $
 and a number then a different algorithm is used depending on the number.
-At the moment a
-.Ql $1
-chooses MD5 hashing and a
+At the moment
 .Ql $2
 chooses Blowfish hashing; see below for more information.
 .Ss Extended crypt
@@ -113,24 +108,6 @@ This allows 24 bits for both
 .Fa count
 and
 .Fa salt .
-.Ss "MD5" crypt
-For
-.Tn MD5
-crypt the version number,
-.Fa salt
-and the hashed password are separated by the
-.Ql $
-character.
-The maximum length of a password is limited by
-the length counter of the MD5 context, which is about
-2**64.
-A valid MD5 password entry looks like this:
-.Pp
-.Dq $1$caeiHQwX$hsKqOjrFRRN6K32OWkCBf1 .
-.Pp
-The whole MD5 password string is passed as
-.Fa setting
-for interpretation.
 .Ss "Blowfish" crypt
 The
 .Tn Blowfish
diff --git a/src/lib/libc/crypt/crypt.c b/src/lib/libc/crypt/crypt.c
index 15a784532d..ad8140e302 100644
--- a/src/lib/libc/crypt/crypt.c
+++ b/src/lib/libc/crypt/crypt.c
@@ -1,4 +1,4 @@
-/*      $OpenBSD: crypt.c,v 1.20 2005/08/08 08:05:33 espie Exp $        */
+/*      $OpenBSD: crypt.c,v 1.21 2014/05/12 19:13:14 tedu Exp $ */
 
 /*
  * FreeSec: libcrypt
@@ -576,15 +576,14 @@ crypt(const char *key, const char *setting)
         u_int32_t       count, salt, l, r0, r1, keybuf[2];
         u_char          *p, *q;
         static u_char   output[21];
-        extern char     *md5crypt(const char *, const char *);
         extern char     *bcrypt(const char *, const char *);
 
         if (setting[0] == '$') {
                 switch (setting[1]) {
-                case '1':
-                        return (md5crypt(key, setting));
-                default:
+                case '2':
                         return bcrypt(key, setting);
+                default:
+                        return (NULL);
                 }
         }
 
diff --git a/src/lib/libc/crypt/cryptutil.c b/src/lib/libc/crypt/cryptutil.c
new file mode 100644
index 0000000000..36deda778e
--- /dev/null
+++ b/src/lib/libc/crypt/cryptutil.c
@@ -0,0 +1,54 @@
+/* $OpenBSD: cryptutil.c,v 1.1 2014/05/12 19:13:14 tedu Exp $ */
+/*
+ * Copyright (c) 2014 Ted Unangst <tedu@openbsd.org>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+#include <stdlib.h>
+#include <unistd.h>
+#include <string.h>
+#include <pwd.h>
+#include <errno.h>
+
+int
+crypt_checkpass(const char *pass, const char *goodhash)
+{
+        char dummy[_PASSWORD_LEN];
+        char *res;
+
+        if (goodhash == NULL) {
+                /* fake it */
+                bcrypt_newhash(pass, 8, dummy, sizeof(dummy));
+                goto fail;
+        }
+
+        /* empty password */
+        if (strlen(goodhash) == 0 && strlen(pass) == 0)
+                return 0;
+
+        if (goodhash[0] == '$' && goodhash[1] == '2') {
+                return bcrypt_checkpass(pass, goodhash);
+        }
+
+        /* have to do it the hard way */
+        res = crypt(pass, goodhash);
+        if (strlen(res) != strlen(goodhash) ||
+            timingsafe_bcmp(res, goodhash, strlen(goodhash)) != 0) {
+                goto fail;
+        }
+
+        return 0;
+fail:
+        errno = EACCES;
+        return -1;
+}
diff --git a/src/lib/libc/crypt/md5crypt.c b/src/lib/libc/crypt/md5crypt.c
deleted file mode 100644
index a855835bcc..0000000000
--- a/src/lib/libc/crypt/md5crypt.c
+++ /dev/null
@@ -1,160 +0,0 @@
-/*      $OpenBSD: md5crypt.c,v 1.17 2014/04/03 15:55:29 beck Exp $      */
-
-/*
- * Copyright (c) 2000 Poul-Henning Kamp <phk@FreeBSD.org>
- *
- * Permission to use, copy, modify, and distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
- * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
- * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
- * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
- * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- */
-
-/*
- * If we meet some day, and you think this stuff is worth it, you
- * can buy me a beer in return. Poul-Henning Kamp
- */
-
-#include <unistd.h>
-#include <stdio.h>
-#include <string.h>
-#include <md5.h>
-#include <string.h>
-
-static unsigned char itoa64[] =         /* 0 ... 63 => ascii - 64 */
-        "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
-
-static void to64(char *, u_int32_t, int);
-
-static void
-to64(char *s, u_int32_t v, int n)
-{
-        while (--n >= 0) {
-                *s++ = itoa64[v&0x3f];
-                v >>= 6;
-        }
-}
-
-/*
- * UNIX password
- *
- * Use MD5 for what it is best at...
- */
-
-char *md5crypt(const char *pw, const char *salt);
-
-char *
-md5crypt(const char *pw, const char *salt)
-{
-        /*
-         * This string is the magic for this algorithm.
-         * Having it this way, we can get better later on.
-         */
-        static unsigned char    *magic = (unsigned char *)"$1$";
-
-        static char     passwd[120], *p;
-        static const unsigned char *sp,*ep;
-        unsigned char   final[16];
-        int sl,pl,i;
-        MD5_CTX ctx,ctx1;
-        u_int32_t l;
-
-        /* Refine the salt first */
-        sp = (const unsigned char *)salt;
-
-        /* If it starts with the magic string, then skip that */
-        if(!strncmp((const char *)sp,(const char *)magic,strlen((const char *)magic)))
-                sp += strlen((const char *)magic);
-
-        /* It stops at the first '$', max 8 chars */
-        for(ep=sp;*ep && *ep != '$' && ep < (sp+8);ep++)
-                continue;
-
-        /* get the length of the true salt */
-        sl = ep - sp;
-
-        MD5Init(&ctx);
-
-        /* The password first, since that is what is most unknown */
-        MD5Update(&ctx,(const unsigned char *)pw,strlen(pw));
-
-        /* Then our magic string */
-        MD5Update(&ctx,magic,strlen((const char *)magic));
-
-        /* Then the raw salt */
-        MD5Update(&ctx,sp,sl);
-
-        /* Then just as many characters of the MD5(pw,salt,pw) */
-        MD5Init(&ctx1);
-        MD5Update(&ctx1,(const unsigned char *)pw,strlen(pw));
-        MD5Update(&ctx1,sp,sl);
-        MD5Update(&ctx1,(const unsigned char *)pw,strlen(pw));
-        MD5Final(final,&ctx1);
-        for(pl = strlen(pw); pl > 0; pl -= 16)
-                MD5Update(&ctx,final,pl>16 ? 16 : pl);
-
-        /* Don't leave anything around in vm they could use. */
-        memset(final,0,sizeof final);
-
-        /* Then something really weird... */
-        for (i = strlen(pw); i ; i >>= 1)
-                if(i&1)
-                    MD5Update(&ctx, final, 1);
-                else
-                    MD5Update(&ctx, (const unsigned char *)pw, 1);
-
-        /* Now make the output string */
-        snprintf(passwd, sizeof(passwd), "%s%.*s$", (char *)magic,
-            sl, (const char *)sp);
-
-        MD5Final(final,&ctx);
-
-        /*
-         * And now, just to make sure things don't run too fast
-         * On a 60 MHz Pentium this takes 34 msec, so you would
-         * need 30 seconds to build a 1000 entry dictionary...
-         * On a modern machine, with possible GPU optimization,
-         * this will run a lot faster than that.
-         */
-        for(i=0;i<1000;i++) {
-                MD5Init(&ctx1);
-                if(i & 1)
-                        MD5Update(&ctx1,(const unsigned char *)pw,strlen(pw));
-                else
-                        MD5Update(&ctx1,final,16);
-
-                if(i % 3)
-                        MD5Update(&ctx1,sp,sl);
-
-                if(i % 7)
-                        MD5Update(&ctx1,(const unsigned char *)pw,strlen(pw));
-
-                if(i & 1)
-                        MD5Update(&ctx1,final,16);
-                else
-                        MD5Update(&ctx1,(const unsigned char *)pw,strlen(pw));
-                MD5Final(final,&ctx1);
-        }
-
-        p = passwd + strlen(passwd);
-
-        l = (final[ 0]<<16) | (final[ 6]<<8) | final[12]; to64(p,l,4); p += 4;
-        l = (final[ 1]<<16) | (final[ 7]<<8) | final[13]; to64(p,l,4); p += 4;
-        l = (final[ 2]<<16) | (final[ 8]<<8) | final[14]; to64(p,l,4); p += 4;
-        l = (final[ 3]<<16) | (final[ 9]<<8) | final[15]; to64(p,l,4); p += 4;
-        l = (final[ 4]<<16) | (final[10]<<8) | final[ 5]; to64(p,l,4); p += 4;
-        l =                    final[11]                ; to64(p,l,2); p += 2;
-        *p = '\0';
-
-        /* Don't leave anything around in vm they could use. */
-        memset(final, 0, sizeof final);
-
-        return passwd;
-}
-