1999-04-22 08:25:57 +08:00
|
|
|
/*
|
|
|
|
|
+----------------------------------------------------------------------+
|
2004-01-08 16:18:22 +08:00
|
|
|
| PHP Version 5 |
|
1999-04-22 08:25:57 +08:00
|
|
|
+----------------------------------------------------------------------+
|
2010-01-03 17:23:27 +08:00
|
|
|
| Copyright (c) 1997-2010 The PHP Group |
|
1999-04-22 08:25:57 +08:00
|
|
|
+----------------------------------------------------------------------+
|
2006-01-01 20:51:34 +08:00
|
|
|
| This source file is subject to version 3.01 of the PHP license, |
|
1999-07-16 21:13:16 +08:00
|
|
|
| that is bundled with this package in the file LICENSE, and is |
|
2003-06-11 04:04:29 +08:00
|
|
|
| available through the world-wide-web at the following url: |
|
2006-01-01 20:51:34 +08:00
|
|
|
| http://www.php.net/license/3_01.txt |
|
1999-07-16 21:13:16 +08:00
|
|
|
| If you did not receive a copy of the PHP license and are unable to |
|
|
|
|
|
| obtain it through the world-wide-web, please send a note to |
|
|
|
|
|
| license@php.net so we can mail you a copy immediately. |
|
1999-04-22 08:25:57 +08:00
|
|
|
+----------------------------------------------------------------------+
|
2004-02-13 03:05:41 +08:00
|
|
|
| Authors: Stig Bakken <ssb@php.net> |
|
1999-07-16 21:13:16 +08:00
|
|
|
| Zeev Suraski <zeev@zend.com> |
|
2002-02-28 16:29:35 +08:00
|
|
|
| Rasmus Lerdorf <rasmus@php.net> |
|
2010-02-22 02:11:11 +08:00
|
|
|
| Pierre Joye <pierre@php.net> |
|
1999-04-22 08:25:57 +08:00
|
|
|
+----------------------------------------------------------------------+
|
2007-11-05 20:44:52 +08:00
|
|
|
*/
|
|
|
|
|
|
1999-04-22 08:25:57 +08:00
|
|
|
/* $Id$ */
|
2007-11-05 20:44:52 +08:00
|
|
|
|
1999-04-22 08:25:57 +08:00
|
|
|
#include <stdlib.h>
|
|
|
|
|
|
|
|
|
|
#include "php.h"
|
|
|
|
|
#if HAVE_CRYPT
|
|
|
|
|
|
|
|
|
|
#if HAVE_UNISTD_H
|
|
|
|
|
#include <unistd.h>
|
|
|
|
|
#endif
|
2008-07-28 19:50:35 +08:00
|
|
|
#ifdef PHP_USE_PHP_CRYPT_R
|
|
|
|
|
# include "php_crypt_r.h"
|
|
|
|
|
# include "crypt_freesec.h"
|
|
|
|
|
#else
|
|
|
|
|
# if HAVE_CRYPT_H
|
|
|
|
|
# if defined(CRYPT_R_GNU_SOURCE) && !defined(_GNU_SOURCE)
|
|
|
|
|
# define _GNU_SOURCE
|
|
|
|
|
# endif
|
|
|
|
|
# include <crypt.h>
|
|
|
|
|
# endif
|
1999-04-22 08:25:57 +08:00
|
|
|
#endif
|
|
|
|
|
#if TM_IN_SYS_TIME
|
|
|
|
|
#include <sys/time.h>
|
|
|
|
|
#else
|
|
|
|
|
#include <time.h>
|
|
|
|
|
#endif
|
|
|
|
|
#if HAVE_STRING_H
|
|
|
|
|
#include <string.h>
|
|
|
|
|
#else
|
|
|
|
|
#include <strings.h>
|
|
|
|
|
#endif
|
|
|
|
|
|
2000-02-11 23:59:30 +08:00
|
|
|
#ifdef PHP_WIN32
|
1999-04-22 08:25:57 +08:00
|
|
|
#include <process.h>
|
|
|
|
|
#endif
|
|
|
|
|
|
2000-07-27 00:35:32 +08:00
|
|
|
#include "php_lcg.h"
|
1999-12-05 03:19:57 +08:00
|
|
|
#include "php_crypt.h"
|
2001-02-22 11:37:32 +08:00
|
|
|
#include "php_rand.h"
|
1999-04-22 08:25:57 +08:00
|
|
|
|
2007-11-05 20:44:52 +08:00
|
|
|
/* The capabilities of the crypt() function is determined by the test programs
|
|
|
|
|
* run by configure from aclocal.m4. They will set PHP_STD_DES_CRYPT,
|
|
|
|
|
* PHP_EXT_DES_CRYPT, PHP_MD5_CRYPT and PHP_BLOWFISH_CRYPT as appropriate
|
|
|
|
|
* for the target platform. */
|
|
|
|
|
|
2000-02-26 11:20:55 +08:00
|
|
|
#if PHP_STD_DES_CRYPT
|
|
|
|
|
#define PHP_MAX_SALT_LEN 2
|
1999-04-22 08:25:57 +08:00
|
|
|
#endif
|
2000-07-27 00:42:04 +08:00
|
|
|
|
2000-02-26 11:20:55 +08:00
|
|
|
#if PHP_EXT_DES_CRYPT
|
|
|
|
|
#undef PHP_MAX_SALT_LEN
|
|
|
|
|
#define PHP_MAX_SALT_LEN 9
|
1999-04-22 08:25:57 +08:00
|
|
|
#endif
|
2000-07-27 00:42:04 +08:00
|
|
|
|
2000-02-26 11:20:55 +08:00
|
|
|
#if PHP_MD5_CRYPT
|
|
|
|
|
#undef PHP_MAX_SALT_LEN
|
|
|
|
|
#define PHP_MAX_SALT_LEN 12
|
1999-04-22 08:25:57 +08:00
|
|
|
#endif
|
2000-07-27 00:42:04 +08:00
|
|
|
|
2000-02-26 11:20:55 +08:00
|
|
|
#if PHP_BLOWFISH_CRYPT
|
|
|
|
|
#undef PHP_MAX_SALT_LEN
|
2001-01-08 01:22:17 +08:00
|
|
|
#define PHP_MAX_SALT_LEN 60
|
2000-05-05 18:36:00 +08:00
|
|
|
#endif
|
|
|
|
|
|
2009-12-09 08:20:14 +08:00
|
|
|
#if PHP_SHA512_CRYPT
|
|
|
|
|
#undef PHP_MAX_SALT_LEN
|
|
|
|
|
#define PHP_MAX_SALT_LEN 123
|
|
|
|
|
#endif
|
|
|
|
|
|
|
|
|
|
|
2007-11-05 20:44:52 +08:00
|
|
|
/* If the configure-time checks fail, we provide DES.
|
|
|
|
|
* XXX: This is a hack. Fix the real problem! */
|
2000-05-05 18:36:00 +08:00
|
|
|
|
|
|
|
|
#ifndef PHP_MAX_SALT_LEN
|
|
|
|
|
#define PHP_MAX_SALT_LEN 2
|
|
|
|
|
#undef PHP_STD_DES_CRYPT
|
|
|
|
|
#define PHP_STD_DES_CRYPT 1
|
1999-04-22 08:25:57 +08:00
|
|
|
#endif
|
|
|
|
|
|
2001-09-17 04:49:57 +08:00
|
|
|
#define PHP_CRYPT_RAND php_rand(TSRMLS_C)
|
2001-02-22 08:24:19 +08:00
|
|
|
|
2007-11-05 20:44:52 +08:00
|
|
|
PHP_MINIT_FUNCTION(crypt) /* {{{ */
|
1999-04-22 08:25:57 +08:00
|
|
|
{
|
2001-08-05 07:58:56 +08:00
|
|
|
REGISTER_LONG_CONSTANT("CRYPT_SALT_LENGTH", PHP_MAX_SALT_LEN, CONST_CS | CONST_PERSISTENT);
|
2001-04-06 02:48:03 +08:00
|
|
|
REGISTER_LONG_CONSTANT("CRYPT_STD_DES", PHP_STD_DES_CRYPT, CONST_CS | CONST_PERSISTENT);
|
|
|
|
|
REGISTER_LONG_CONSTANT("CRYPT_EXT_DES", PHP_EXT_DES_CRYPT, CONST_CS | CONST_PERSISTENT);
|
|
|
|
|
REGISTER_LONG_CONSTANT("CRYPT_MD5", PHP_MD5_CRYPT, CONST_CS | CONST_PERSISTENT);
|
2000-11-03 08:45:24 +08:00
|
|
|
REGISTER_LONG_CONSTANT("CRYPT_BLOWFISH", PHP_BLOWFISH_CRYPT, CONST_CS | CONST_PERSISTENT);
|
2009-12-09 09:43:23 +08:00
|
|
|
|
2010-03-30 18:10:20 +08:00
|
|
|
#ifdef PHP_SHA256_CRYPT
|
|
|
|
|
REGISTER_LONG_CONSTANT("CRYPT_SHA256", PHP_SHA256_CRYPT, CONST_CS | CONST_PERSISTENT);
|
|
|
|
|
#endif
|
|
|
|
|
|
|
|
|
|
#ifdef PHP_SHA512_CRYPT
|
|
|
|
|
REGISTER_LONG_CONSTANT("CRYPT_SHA512", PHP_SHA512_CRYPT, CONST_CS | CONST_PERSISTENT);
|
|
|
|
|
#endif
|
2000-11-03 08:45:24 +08:00
|
|
|
|
2008-07-28 19:50:35 +08:00
|
|
|
#ifdef PHP_USE_PHP_CRYPT_R
|
|
|
|
|
php_init_crypt_r();
|
|
|
|
|
#endif
|
|
|
|
|
|
|
|
|
|
return SUCCESS;
|
|
|
|
|
}
|
2008-08-19 23:14:46 +08:00
|
|
|
/* }}} */
|
2008-07-28 19:50:35 +08:00
|
|
|
|
2008-08-19 23:14:46 +08:00
|
|
|
PHP_MSHUTDOWN_FUNCTION(crypt) /* {{{ */
|
2008-07-28 19:50:35 +08:00
|
|
|
{
|
2008-08-19 23:14:46 +08:00
|
|
|
#ifdef PHP_USE_PHP_CRYPT_R
|
2008-07-28 19:50:35 +08:00
|
|
|
php_shutdown_crypt_r();
|
2008-08-19 23:14:46 +08:00
|
|
|
#endif
|
2008-07-28 19:50:35 +08:00
|
|
|
|
2001-05-07 00:54:27 +08:00
|
|
|
return SUCCESS;
|
|
|
|
|
}
|
2007-11-05 20:44:52 +08:00
|
|
|
/* }}} */
|
2000-11-03 08:45:24 +08:00
|
|
|
|
1999-04-22 08:25:57 +08:00
|
|
|
static unsigned char itoa64[] = "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
|
|
|
|
|
|
2007-11-05 20:44:52 +08:00
|
|
|
static void php_to64(char *s, long v, int n) /* {{{ */
|
2001-09-17 04:49:57 +08:00
|
|
|
{
|
1999-04-22 08:25:57 +08:00
|
|
|
while (--n >= 0) {
|
2007-11-05 20:44:52 +08:00
|
|
|
*s++ = itoa64[v&0x3f];
|
1999-04-22 08:25:57 +08:00
|
|
|
v >>= 6;
|
2007-11-05 20:44:52 +08:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
/* }}} */
|
1999-04-22 08:25:57 +08:00
|
|
|
|
2000-05-18 03:40:10 +08:00
|
|
|
/* {{{ proto string crypt(string str [, string salt])
|
2007-11-05 20:44:52 +08:00
|
|
|
Hash a string */
|
1999-05-16 19:19:26 +08:00
|
|
|
PHP_FUNCTION(crypt)
|
1999-04-22 08:25:57 +08:00
|
|
|
{
|
2007-11-05 20:44:52 +08:00
|
|
|
char salt[PHP_MAX_SALT_LEN + 1];
|
2001-10-27 05:07:59 +08:00
|
|
|
char *str, *salt_in = NULL;
|
2008-10-22 06:08:38 +08:00
|
|
|
int str_len, salt_in_len = 0;
|
2010-02-22 02:11:11 +08:00
|
|
|
char *crypt_res;
|
2007-11-05 20:44:52 +08:00
|
|
|
salt[0] = salt[PHP_MAX_SALT_LEN] = '\0';
|
|
|
|
|
|
1999-09-06 21:24:36 +08:00
|
|
|
/* This will produce suitable results if people depend on DES-encryption
|
2007-11-05 20:44:52 +08:00
|
|
|
* available (passing always 2-character salt). At least for glibc6.1 */
|
|
|
|
|
memset(&salt[1], '$', PHP_MAX_SALT_LEN - 1);
|
1999-04-22 08:25:57 +08:00
|
|
|
|
2007-11-05 20:44:52 +08:00
|
|
|
if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "s|s", &str, &str_len, &salt_in, &salt_in_len) == FAILURE) {
|
2001-10-27 05:07:59 +08:00
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (salt_in) {
|
|
|
|
|
memcpy(salt, salt_in, MIN(PHP_MAX_SALT_LEN, salt_in_len));
|
1999-04-22 08:25:57 +08:00
|
|
|
}
|
|
|
|
|
|
2008-07-28 19:50:35 +08:00
|
|
|
/* The automatic salt generation covers standard DES, md5-crypt and Blowfish (simple) */
|
2007-11-05 20:44:52 +08:00
|
|
|
if (!*salt) {
|
2001-08-05 07:58:56 +08:00
|
|
|
#if PHP_MD5_CRYPT
|
1999-04-22 08:25:57 +08:00
|
|
|
strcpy(salt, "$1$");
|
2000-02-26 11:20:55 +08:00
|
|
|
php_to64(&salt[3], PHP_CRYPT_RAND, 4);
|
|
|
|
|
php_to64(&salt[7], PHP_CRYPT_RAND, 4);
|
1999-04-22 08:25:57 +08:00
|
|
|
strcpy(&salt[11], "$");
|
2001-08-05 07:58:56 +08:00
|
|
|
#elif PHP_STD_DES_CRYPT
|
|
|
|
|
php_to64(&salt[0], PHP_CRYPT_RAND, 2);
|
|
|
|
|
salt[2] = '\0';
|
1999-04-22 08:25:57 +08:00
|
|
|
#endif
|
2009-12-09 08:20:14 +08:00
|
|
|
salt_in_len = strlen(salt);
|
1999-04-22 08:25:57 +08:00
|
|
|
}
|
2008-07-28 19:50:35 +08:00
|
|
|
|
|
|
|
|
/* Windows (win32/crypt) has a stripped down version of libxcrypt and
|
|
|
|
|
a CryptoApi md5_crypt implementation */
|
|
|
|
|
#if PHP_USE_PHP_CRYPT_R
|
2006-11-30 23:59:53 +08:00
|
|
|
{
|
2008-07-28 19:50:35 +08:00
|
|
|
struct php_crypt_extended_data buffer;
|
|
|
|
|
|
|
|
|
|
if (salt[0]=='$' && salt[1]=='1' && salt[2]=='$') {
|
|
|
|
|
char output[MD5_HASH_MAX_LEN];
|
|
|
|
|
|
|
|
|
|
RETURN_STRING(php_md5_crypt_r(str, salt, output), 1);
|
2009-12-09 08:20:14 +08:00
|
|
|
} else if (salt[0]=='$' && salt[1]=='6' && salt[2]=='$') {
|
|
|
|
|
const char sha512_salt_prefix[] = "$6$";
|
|
|
|
|
const char sha512_rounds_prefix[] = "rounds=";
|
|
|
|
|
char *output;
|
|
|
|
|
int needed = (sizeof(sha512_salt_prefix) - 1
|
|
|
|
|
+ sizeof(sha512_rounds_prefix) + 9 + 1
|
|
|
|
|
+ strlen(salt) + 1 + 43 + 1);
|
|
|
|
|
output = emalloc(needed * sizeof(char *));
|
|
|
|
|
salt[salt_in_len] = '\0';
|
|
|
|
|
|
2010-02-22 02:11:11 +08:00
|
|
|
crypt_res = php_sha512_crypt_r(str, salt, output, needed);
|
|
|
|
|
if (!crypt_res) {
|
2010-02-24 01:26:49 +08:00
|
|
|
if (salt[0]=='*' && salt[1]=='0') {
|
|
|
|
|
RETVAL_STRING("*1", 1);
|
|
|
|
|
} else {
|
|
|
|
|
RETVAL_STRING("*0", 1);
|
|
|
|
|
}
|
2010-02-22 02:11:11 +08:00
|
|
|
} else {
|
|
|
|
|
RETVAL_STRING(output, 1);
|
|
|
|
|
}
|
2009-12-09 08:20:14 +08:00
|
|
|
|
|
|
|
|
memset(output, 0, PHP_MAX_SALT_LEN + 1);
|
|
|
|
|
efree(output);
|
|
|
|
|
} else if (salt[0]=='$' && salt[1]=='5' && salt[2]=='$') {
|
|
|
|
|
const char sha256_salt_prefix[] = "$5$";
|
|
|
|
|
const char sha256_rounds_prefix[] = "rounds=";
|
|
|
|
|
char *output;
|
|
|
|
|
int needed = (sizeof(sha256_salt_prefix) - 1
|
|
|
|
|
+ sizeof(sha256_rounds_prefix) + 9 + 1
|
|
|
|
|
+ strlen(salt) + 1 + 43 + 1);
|
|
|
|
|
output = emalloc(needed * sizeof(char *));
|
|
|
|
|
salt[salt_in_len] = '\0';
|
|
|
|
|
|
2010-02-22 02:11:11 +08:00
|
|
|
crypt_res = php_sha256_crypt_r(str, salt, output, needed);
|
|
|
|
|
if (!crypt_res) {
|
2010-02-24 01:26:49 +08:00
|
|
|
if (salt[0]=='*' && salt[1]=='0') {
|
|
|
|
|
RETVAL_STRING("*1", 1);
|
|
|
|
|
} else {
|
|
|
|
|
RETVAL_STRING("*0", 1);
|
|
|
|
|
}
|
2010-02-22 02:11:11 +08:00
|
|
|
} else {
|
|
|
|
|
RETVAL_STRING(output, 1);
|
|
|
|
|
}
|
|
|
|
|
|
2009-12-09 08:20:14 +08:00
|
|
|
memset(output, 0, PHP_MAX_SALT_LEN + 1);
|
|
|
|
|
efree(output);
|
|
|
|
|
} else if (
|
2008-07-28 19:50:35 +08:00
|
|
|
salt[0] == '$' &&
|
|
|
|
|
salt[1] == '2' &&
|
|
|
|
|
salt[2] == 'a' &&
|
|
|
|
|
salt[3] == '$' &&
|
|
|
|
|
salt[4] >= '0' && salt[4] <= '3' &&
|
|
|
|
|
salt[5] >= '0' && salt[5] <= '9' &&
|
|
|
|
|
salt[6] == '$') {
|
|
|
|
|
char output[PHP_MAX_SALT_LEN + 1];
|
|
|
|
|
|
|
|
|
|
memset(output, 0, PHP_MAX_SALT_LEN + 1);
|
|
|
|
|
|
2010-02-22 02:11:11 +08:00
|
|
|
crypt_res = php_crypt_blowfish_rn(str, salt, output, sizeof(output));
|
|
|
|
|
if (!crypt_res) {
|
2010-02-24 01:26:49 +08:00
|
|
|
if (salt[0]=='*' && salt[1]=='0') {
|
|
|
|
|
RETVAL_STRING("*1", 1);
|
|
|
|
|
} else {
|
|
|
|
|
RETVAL_STRING("*0", 1);
|
|
|
|
|
}
|
2010-02-22 02:11:11 +08:00
|
|
|
} else {
|
|
|
|
|
RETVAL_STRING(output, 1);
|
|
|
|
|
}
|
|
|
|
|
|
2008-07-28 19:50:35 +08:00
|
|
|
memset(output, 0, PHP_MAX_SALT_LEN + 1);
|
|
|
|
|
} else {
|
|
|
|
|
memset(&buffer, 0, sizeof(buffer));
|
|
|
|
|
_crypt_extended_init_r();
|
2010-02-22 02:11:11 +08:00
|
|
|
|
|
|
|
|
crypt_res = _crypt_extended_r(str, salt, &buffer);
|
|
|
|
|
if (!crypt_res) {
|
2010-02-24 01:26:49 +08:00
|
|
|
if (salt[0]=='*' && salt[1]=='0') {
|
|
|
|
|
RETURN_STRING("*1", 1);
|
|
|
|
|
} else {
|
|
|
|
|
RETURN_STRING("*0", 1);
|
|
|
|
|
}
|
2010-02-22 02:11:11 +08:00
|
|
|
} else {
|
|
|
|
|
RETURN_STRING(crypt_res, 1);
|
|
|
|
|
}
|
2008-07-28 19:50:35 +08:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
#else
|
|
|
|
|
|
|
|
|
|
# if defined(HAVE_CRYPT_R) && (defined(_REENTRANT) || defined(_THREAD_SAFE))
|
|
|
|
|
{
|
|
|
|
|
# if defined(CRYPT_R_STRUCT_CRYPT_DATA)
|
2006-11-30 23:59:53 +08:00
|
|
|
struct crypt_data buffer;
|
|
|
|
|
memset(&buffer, 0, sizeof(buffer));
|
2008-07-28 19:50:35 +08:00
|
|
|
# elif defined(CRYPT_R_CRYPTD)
|
2006-12-12 15:38:04 +08:00
|
|
|
CRYPTD buffer;
|
2008-07-28 19:50:35 +08:00
|
|
|
# else
|
|
|
|
|
# error Data struct used by crypt_r() is unknown. Please report.
|
|
|
|
|
# endif
|
2010-02-22 02:11:11 +08:00
|
|
|
crypt_res = crypt_r(str, salt, &buffer);
|
|
|
|
|
if (!crypt_res) {
|
2010-02-24 01:26:49 +08:00
|
|
|
if (salt[0]=='*' && salt[1]=='0') {
|
|
|
|
|
RETURN_STRING("*1", 1);
|
|
|
|
|
} else {
|
|
|
|
|
RETURN_STRING("*0", 1);
|
|
|
|
|
}
|
2010-02-22 02:11:11 +08:00
|
|
|
} else {
|
|
|
|
|
RETURN_STRING(crypt_res, 1);
|
|
|
|
|
}
|
2006-11-30 23:59:53 +08:00
|
|
|
}
|
2008-07-28 19:50:35 +08:00
|
|
|
# endif
|
2006-11-30 23:59:53 +08:00
|
|
|
#endif
|
1999-04-22 08:25:57 +08:00
|
|
|
}
|
2000-05-18 03:40:10 +08:00
|
|
|
/* }}} */
|
2000-05-28 03:27:20 +08:00
|
|
|
#endif
|
1999-04-22 08:25:57 +08:00
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Local variables:
|
|
|
|
|
* tab-width: 4
|
|
|
|
|
* c-basic-offset: 4
|
|
|
|
|
* End:
|
2001-09-09 21:29:31 +08:00
|
|
|
* vim600: sw=4 ts=4 fdm=marker
|
|
|
|
|
* vim<600: sw=4 ts=4
|
1999-04-22 08:25:57 +08:00
|
|
|
*/
|
