mirror of
https://sourceware.org/git/glibc.git
synced 2024-11-22 13:00:06 +00:00
5a82c74822
Also, change sources.redhat.com to sourceware.org.
This patch was automatically generated by running the following shell
script, which uses GNU sed, and which avoids modifying files imported
from upstream:
sed -ri '
s,(http|ftp)(://(.*\.)?(gnu|fsf|sourceware)\.org($|[^.]|\.[^a-z])),https\2,g
s,(http|ftp)(://(.*\.)?)sources\.redhat\.com($|[^.]|\.[^a-z]),https\2sourceware.org\4,g
' \
$(find $(git ls-files) -prune -type f \
! -name '*.po' \
! -name 'ChangeLog*' \
! -path COPYING ! -path COPYING.LIB \
! -path manual/fdl-1.3.texi ! -path manual/lgpl-2.1.texi \
! -path manual/texinfo.tex ! -path scripts/config.guess \
! -path scripts/config.sub ! -path scripts/install-sh \
! -path scripts/mkinstalldirs ! -path scripts/move-if-change \
! -path INSTALL ! -path locale/programs/charmap-kw.h \
! -path po/libc.pot ! -path sysdeps/gnu/errlist.c \
! '(' -name configure \
-execdir test -f configure.ac -o -f configure.in ';' ')' \
! '(' -name preconfigure \
-execdir test -f preconfigure.ac ';' ')' \
-print)
and then by running 'make dist-prepare' to regenerate files built
from the altered files, and then executing the following to cleanup:
chmod a+x sysdeps/unix/sysv/linux/riscv/configure
# Omit irrelevant whitespace and comment-only changes,
# perhaps from a slightly-different Autoconf version.
git checkout -f \
sysdeps/csky/configure \
sysdeps/hppa/configure \
sysdeps/riscv/configure \
sysdeps/unix/sysv/linux/csky/configure
# Omit changes that caused a pre-commit check to fail like this:
# remote: *** error: sysdeps/powerpc/powerpc64/ppc-mcount.S: trailing lines
git checkout -f \
sysdeps/powerpc/powerpc64/ppc-mcount.S \
sysdeps/unix/sysv/linux/s390/s390-64/syscall.S
# Omit change that caused a pre-commit check to fail like this:
# remote: *** error: sysdeps/sparc/sparc64/multiarch/memcpy-ultra3.S: last line does not end in newline
git checkout -f sysdeps/sparc/sparc64/multiarch/memcpy-ultra3.S
184 lines
5.3 KiB
C
184 lines
5.3 KiB
C
/*
|
|
* UFC-crypt: ultra fast crypt(3) implementation
|
|
*
|
|
* Copyright (C) 1991-2019 Free Software Foundation, Inc.
|
|
*
|
|
* The GNU C Library is free software; you can redistribute it and/or
|
|
* modify it under the terms of the GNU Lesser General Public
|
|
* License as published by the Free Software Foundation; either
|
|
* version 2.1 of the License, or (at your option) any later version.
|
|
*
|
|
* The GNU C Library is distributed in the hope that it will be useful,
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
* Lesser General Public License for more details.
|
|
*
|
|
* You should have received a copy of the GNU Lesser General Public
|
|
* License along with the GNU C Library; if not, see
|
|
* <https://www.gnu.org/licenses/>.
|
|
*
|
|
* crypt entry points
|
|
*
|
|
* @(#)crypt-entry.c 1.2 12/20/96
|
|
*
|
|
*/
|
|
|
|
#ifdef DEBUG
|
|
#include <stdio.h>
|
|
#endif
|
|
#include <string.h>
|
|
#include <errno.h>
|
|
#include <fips-private.h>
|
|
|
|
#ifndef STATIC
|
|
#define STATIC static
|
|
#endif
|
|
|
|
#include "crypt-private.h"
|
|
#include <shlib-compat.h>
|
|
|
|
/* Prototypes for local functions. */
|
|
#ifndef __GNU_LIBRARY__
|
|
void _ufc_clearmem (char *start, int cnt);
|
|
#else
|
|
#define _ufc_clearmem(start, cnt) memset(start, 0, cnt)
|
|
#endif
|
|
extern char *__md5_crypt_r (const char *key, const char *salt, char *buffer,
|
|
int buflen);
|
|
extern char *__md5_crypt (const char *key, const char *salt);
|
|
extern char *__sha256_crypt_r (const char *key, const char *salt,
|
|
char *buffer, int buflen);
|
|
extern char *__sha256_crypt (const char *key, const char *salt);
|
|
extern char *__sha512_crypt_r (const char *key, const char *salt,
|
|
char *buffer, int buflen);
|
|
extern char *__sha512_crypt (const char *key, const char *salt);
|
|
|
|
/* Define our magic string to mark salt for MD5 encryption
|
|
replacement. This is meant to be the same as for other MD5 based
|
|
encryption implementations. */
|
|
static const char md5_salt_prefix[] = "$1$";
|
|
|
|
/* Magic string for SHA256 encryption. */
|
|
static const char sha256_salt_prefix[] = "$5$";
|
|
|
|
/* Magic string for SHA512 encryption. */
|
|
static const char sha512_salt_prefix[] = "$6$";
|
|
|
|
/* For use by the old, non-reentrant routines (crypt/encrypt/setkey) */
|
|
extern struct crypt_data _ufc_foobar;
|
|
|
|
/*
|
|
* UNIX crypt function
|
|
*/
|
|
|
|
char *
|
|
__crypt_r (const char *key, const char *salt,
|
|
struct crypt_data * __restrict data)
|
|
{
|
|
ufc_long res[4];
|
|
char ktab[9];
|
|
ufc_long xx = 25; /* to cope with GCC long long compiler bugs */
|
|
|
|
#ifdef _LIBC
|
|
/* Try to find out whether we have to use MD5 encryption replacement. */
|
|
if (strncmp (md5_salt_prefix, salt, sizeof (md5_salt_prefix) - 1) == 0)
|
|
{
|
|
/* FIPS rules out MD5 password encryption. */
|
|
if (fips_enabled_p ())
|
|
{
|
|
__set_errno (EPERM);
|
|
return NULL;
|
|
}
|
|
return __md5_crypt_r (key, salt, (char *) data,
|
|
sizeof (struct crypt_data));
|
|
}
|
|
|
|
/* Try to find out whether we have to use SHA256 encryption replacement. */
|
|
if (strncmp (sha256_salt_prefix, salt, sizeof (sha256_salt_prefix) - 1) == 0)
|
|
return __sha256_crypt_r (key, salt, (char *) data,
|
|
sizeof (struct crypt_data));
|
|
|
|
/* Try to find out whether we have to use SHA512 encryption replacement. */
|
|
if (strncmp (sha512_salt_prefix, salt, sizeof (sha512_salt_prefix) - 1) == 0)
|
|
return __sha512_crypt_r (key, salt, (char *) data,
|
|
sizeof (struct crypt_data));
|
|
#endif
|
|
|
|
/*
|
|
* Hack DES tables according to salt
|
|
*/
|
|
if (!_ufc_setup_salt_r (salt, data))
|
|
{
|
|
__set_errno (EINVAL);
|
|
return NULL;
|
|
}
|
|
|
|
/* FIPS rules out DES password encryption. */
|
|
if (fips_enabled_p ())
|
|
{
|
|
__set_errno (EPERM);
|
|
return NULL;
|
|
}
|
|
|
|
/*
|
|
* Setup key schedule
|
|
*/
|
|
_ufc_clearmem (ktab, (int) sizeof (ktab));
|
|
(void) strncpy (ktab, key, 8);
|
|
_ufc_mk_keytab_r (ktab, data);
|
|
|
|
/*
|
|
* Go for the 25 DES encryptions
|
|
*/
|
|
_ufc_clearmem ((char*) res, (int) sizeof (res));
|
|
_ufc_doit_r (xx, data, &res[0]);
|
|
|
|
/*
|
|
* Do final permutations
|
|
*/
|
|
_ufc_dofinalperm_r (res, data);
|
|
|
|
/*
|
|
* And convert back to 6 bit ASCII
|
|
*/
|
|
_ufc_output_conversion_r (res[0], res[1], salt, data);
|
|
|
|
/*
|
|
* Erase key-dependent intermediate data. Data dependent only on
|
|
* the salt is not considered sensitive.
|
|
*/
|
|
explicit_bzero (ktab, sizeof (ktab));
|
|
explicit_bzero (data->keysched, sizeof (data->keysched));
|
|
explicit_bzero (res, sizeof (res));
|
|
|
|
return data->crypt_3_buf;
|
|
}
|
|
weak_alias (__crypt_r, crypt_r)
|
|
|
|
char *
|
|
crypt (const char *key, const char *salt)
|
|
{
|
|
#ifdef _LIBC
|
|
/* Try to find out whether we have to use MD5 encryption replacement. */
|
|
if (strncmp (md5_salt_prefix, salt, sizeof (md5_salt_prefix) - 1) == 0
|
|
/* Let __crypt_r deal with the error code if FIPS is enabled. */
|
|
&& !fips_enabled_p ())
|
|
return __md5_crypt (key, salt);
|
|
|
|
/* Try to find out whether we have to use SHA256 encryption replacement. */
|
|
if (strncmp (sha256_salt_prefix, salt, sizeof (sha256_salt_prefix) - 1) == 0)
|
|
return __sha256_crypt (key, salt);
|
|
|
|
/* Try to find out whether we have to use SHA512 encryption replacement. */
|
|
if (strncmp (sha512_salt_prefix, salt, sizeof (sha512_salt_prefix) - 1) == 0)
|
|
return __sha512_crypt (key, salt);
|
|
#endif
|
|
|
|
return __crypt_r (key, salt, &_ufc_foobar);
|
|
}
|
|
|
|
#if SHLIB_COMPAT (libcrypt, GLIBC_2_0, GLIBC_2_28)
|
|
weak_alias (crypt, fcrypt)
|
|
compat_symbol (libcrypt, fcrypt, fcrypt, GLIBC_2_0);
|
|
#endif
|