mirror of
https://sourceware.org/git/glibc.git
synced 2024-11-24 10:22:41 +08:00
5a82c74822
Also, change sources.redhat.com to sourceware.org. This patch was automatically generated by running the following shell script, which uses GNU sed, and which avoids modifying files imported from upstream: sed -ri ' s,(http|ftp)(://(.*\.)?(gnu|fsf|sourceware)\.org($|[^.]|\.[^a-z])),https\2,g s,(http|ftp)(://(.*\.)?)sources\.redhat\.com($|[^.]|\.[^a-z]),https\2sourceware.org\4,g ' \ $(find $(git ls-files) -prune -type f \ ! -name '*.po' \ ! -name 'ChangeLog*' \ ! -path COPYING ! -path COPYING.LIB \ ! -path manual/fdl-1.3.texi ! -path manual/lgpl-2.1.texi \ ! -path manual/texinfo.tex ! -path scripts/config.guess \ ! -path scripts/config.sub ! -path scripts/install-sh \ ! -path scripts/mkinstalldirs ! -path scripts/move-if-change \ ! -path INSTALL ! -path locale/programs/charmap-kw.h \ ! -path po/libc.pot ! -path sysdeps/gnu/errlist.c \ ! '(' -name configure \ -execdir test -f configure.ac -o -f configure.in ';' ')' \ ! '(' -name preconfigure \ -execdir test -f preconfigure.ac ';' ')' \ -print) and then by running 'make dist-prepare' to regenerate files built from the altered files, and then executing the following to cleanup: chmod a+x sysdeps/unix/sysv/linux/riscv/configure # Omit irrelevant whitespace and comment-only changes, # perhaps from a slightly-different Autoconf version. git checkout -f \ sysdeps/csky/configure \ sysdeps/hppa/configure \ sysdeps/riscv/configure \ sysdeps/unix/sysv/linux/csky/configure # Omit changes that caused a pre-commit check to fail like this: # remote: *** error: sysdeps/powerpc/powerpc64/ppc-mcount.S: trailing lines git checkout -f \ sysdeps/powerpc/powerpc64/ppc-mcount.S \ sysdeps/unix/sysv/linux/s390/s390-64/syscall.S # Omit change that caused a pre-commit check to fail like this: # remote: *** error: sysdeps/sparc/sparc64/multiarch/memcpy-ultra3.S: last line does not end in newline git checkout -f sysdeps/sparc/sparc64/multiarch/memcpy-ultra3.S
184 lines
5.3 KiB
C
184 lines
5.3 KiB
C
/*
|
|
* UFC-crypt: ultra fast crypt(3) implementation
|
|
*
|
|
* Copyright (C) 1991-2019 Free Software Foundation, Inc.
|
|
*
|
|
* The GNU C Library is free software; you can redistribute it and/or
|
|
* modify it under the terms of the GNU Lesser General Public
|
|
* License as published by the Free Software Foundation; either
|
|
* version 2.1 of the License, or (at your option) any later version.
|
|
*
|
|
* The GNU C Library is distributed in the hope that it will be useful,
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
* Lesser General Public License for more details.
|
|
*
|
|
* You should have received a copy of the GNU Lesser General Public
|
|
* License along with the GNU C Library; if not, see
|
|
* <https://www.gnu.org/licenses/>.
|
|
*
|
|
* crypt entry points
|
|
*
|
|
* @(#)crypt-entry.c 1.2 12/20/96
|
|
*
|
|
*/
|
|
|
|
#ifdef DEBUG
|
|
#include <stdio.h>
|
|
#endif
|
|
#include <string.h>
|
|
#include <errno.h>
|
|
#include <fips-private.h>
|
|
|
|
#ifndef STATIC
|
|
#define STATIC static
|
|
#endif
|
|
|
|
#include "crypt-private.h"
|
|
#include <shlib-compat.h>
|
|
|
|
/* Prototypes for local functions. */
|
|
#ifndef __GNU_LIBRARY__
|
|
void _ufc_clearmem (char *start, int cnt);
|
|
#else
|
|
#define _ufc_clearmem(start, cnt) memset(start, 0, cnt)
|
|
#endif
|
|
extern char *__md5_crypt_r (const char *key, const char *salt, char *buffer,
|
|
int buflen);
|
|
extern char *__md5_crypt (const char *key, const char *salt);
|
|
extern char *__sha256_crypt_r (const char *key, const char *salt,
|
|
char *buffer, int buflen);
|
|
extern char *__sha256_crypt (const char *key, const char *salt);
|
|
extern char *__sha512_crypt_r (const char *key, const char *salt,
|
|
char *buffer, int buflen);
|
|
extern char *__sha512_crypt (const char *key, const char *salt);
|
|
|
|
/* Define our magic string to mark salt for MD5 encryption
|
|
replacement. This is meant to be the same as for other MD5 based
|
|
encryption implementations. */
|
|
static const char md5_salt_prefix[] = "$1$";
|
|
|
|
/* Magic string for SHA256 encryption. */
|
|
static const char sha256_salt_prefix[] = "$5$";
|
|
|
|
/* Magic string for SHA512 encryption. */
|
|
static const char sha512_salt_prefix[] = "$6$";
|
|
|
|
/* For use by the old, non-reentrant routines (crypt/encrypt/setkey) */
|
|
extern struct crypt_data _ufc_foobar;
|
|
|
|
/*
|
|
* UNIX crypt function
|
|
*/
|
|
|
|
char *
|
|
__crypt_r (const char *key, const char *salt,
|
|
struct crypt_data * __restrict data)
|
|
{
|
|
ufc_long res[4];
|
|
char ktab[9];
|
|
ufc_long xx = 25; /* to cope with GCC long long compiler bugs */
|
|
|
|
#ifdef _LIBC
|
|
/* Try to find out whether we have to use MD5 encryption replacement. */
|
|
if (strncmp (md5_salt_prefix, salt, sizeof (md5_salt_prefix) - 1) == 0)
|
|
{
|
|
/* FIPS rules out MD5 password encryption. */
|
|
if (fips_enabled_p ())
|
|
{
|
|
__set_errno (EPERM);
|
|
return NULL;
|
|
}
|
|
return __md5_crypt_r (key, salt, (char *) data,
|
|
sizeof (struct crypt_data));
|
|
}
|
|
|
|
/* Try to find out whether we have to use SHA256 encryption replacement. */
|
|
if (strncmp (sha256_salt_prefix, salt, sizeof (sha256_salt_prefix) - 1) == 0)
|
|
return __sha256_crypt_r (key, salt, (char *) data,
|
|
sizeof (struct crypt_data));
|
|
|
|
/* Try to find out whether we have to use SHA512 encryption replacement. */
|
|
if (strncmp (sha512_salt_prefix, salt, sizeof (sha512_salt_prefix) - 1) == 0)
|
|
return __sha512_crypt_r (key, salt, (char *) data,
|
|
sizeof (struct crypt_data));
|
|
#endif
|
|
|
|
/*
|
|
* Hack DES tables according to salt
|
|
*/
|
|
if (!_ufc_setup_salt_r (salt, data))
|
|
{
|
|
__set_errno (EINVAL);
|
|
return NULL;
|
|
}
|
|
|
|
/* FIPS rules out DES password encryption. */
|
|
if (fips_enabled_p ())
|
|
{
|
|
__set_errno (EPERM);
|
|
return NULL;
|
|
}
|
|
|
|
/*
|
|
* Setup key schedule
|
|
*/
|
|
_ufc_clearmem (ktab, (int) sizeof (ktab));
|
|
(void) strncpy (ktab, key, 8);
|
|
_ufc_mk_keytab_r (ktab, data);
|
|
|
|
/*
|
|
* Go for the 25 DES encryptions
|
|
*/
|
|
_ufc_clearmem ((char*) res, (int) sizeof (res));
|
|
_ufc_doit_r (xx, data, &res[0]);
|
|
|
|
/*
|
|
* Do final permutations
|
|
*/
|
|
_ufc_dofinalperm_r (res, data);
|
|
|
|
/*
|
|
* And convert back to 6 bit ASCII
|
|
*/
|
|
_ufc_output_conversion_r (res[0], res[1], salt, data);
|
|
|
|
/*
|
|
* Erase key-dependent intermediate data. Data dependent only on
|
|
* the salt is not considered sensitive.
|
|
*/
|
|
explicit_bzero (ktab, sizeof (ktab));
|
|
explicit_bzero (data->keysched, sizeof (data->keysched));
|
|
explicit_bzero (res, sizeof (res));
|
|
|
|
return data->crypt_3_buf;
|
|
}
|
|
weak_alias (__crypt_r, crypt_r)
|
|
|
|
char *
|
|
crypt (const char *key, const char *salt)
|
|
{
|
|
#ifdef _LIBC
|
|
/* Try to find out whether we have to use MD5 encryption replacement. */
|
|
if (strncmp (md5_salt_prefix, salt, sizeof (md5_salt_prefix) - 1) == 0
|
|
/* Let __crypt_r deal with the error code if FIPS is enabled. */
|
|
&& !fips_enabled_p ())
|
|
return __md5_crypt (key, salt);
|
|
|
|
/* Try to find out whether we have to use SHA256 encryption replacement. */
|
|
if (strncmp (sha256_salt_prefix, salt, sizeof (sha256_salt_prefix) - 1) == 0)
|
|
return __sha256_crypt (key, salt);
|
|
|
|
/* Try to find out whether we have to use SHA512 encryption replacement. */
|
|
if (strncmp (sha512_salt_prefix, salt, sizeof (sha512_salt_prefix) - 1) == 0)
|
|
return __sha512_crypt (key, salt);
|
|
#endif
|
|
|
|
return __crypt_r (key, salt, &_ufc_foobar);
|
|
}
|
|
|
|
#if SHLIB_COMPAT (libcrypt, GLIBC_2_0, GLIBC_2_28)
|
|
weak_alias (crypt, fcrypt)
|
|
compat_symbol (libcrypt, fcrypt, fcrypt, GLIBC_2_0);
|
|
#endif
|