]> git.ipfire.org Git - thirdparty/glibc.git/blob - crypt/crypt-entry.c
projects / thirdparty / glibc.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
* crypt/crypt-entry.c: Include fips-private.h.
[thirdparty/glibc.git] / crypt / crypt-entry.c
1 /*
2 * UFC-crypt: ultra fast crypt(3) implementation
3 *
4 * Copyright (C) 1991-1993,1996-1997,2007,2012 Free Software Foundation, Inc.
5 *
6 * The GNU C Library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2.1 of the License, or (at your option) any later version.
10 *
11 * The GNU C Library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with the GNU C Library; if not, see
18 * <http://www.gnu.org/licenses/>.
19 *
20 * crypt entry points
21 *
22 * @(#)crypt-entry.c 1.2 12/20/96
23 *
24 */
25
26 #ifdef DEBUG
27 #include <stdio.h>
28 #endif
29 #include <string.h>
30 #include <errno.h>
31 #include <fips-private.h>
32
33 #ifndef STATIC
34 #define STATIC static
35 #endif
36
37 #ifndef DOS
38 #include "ufc-crypt.h"
39 #else
40 /*
41 * Thanks to greg%wind@plains.NoDak.edu (Greg W. Wettstein)
42 * for DOS patches
43 */
44 #include "ufc.h"
45 #endif
46 #include "crypt.h"
47 #include "crypt-private.h"
48
49 /* Prototypes for local functions. */
50 #ifndef __GNU_LIBRARY__
51 void _ufc_clearmem (char *start, int cnt);
52 #else
53 #define _ufc_clearmem(start, cnt) memset(start, 0, cnt)
54 #endif
55 extern char *__md5_crypt_r (const char *key, const char *salt, char *buffer,
56 int buflen);
57 extern char *__md5_crypt (const char *key, const char *salt);
58 extern char *__sha256_crypt_r (const char *key, const char *salt,
59 char *buffer, int buflen);
60 extern char *__sha256_crypt (const char *key, const char *salt);
61 extern char *__sha512_crypt_r (const char *key, const char *salt,
62 char *buffer, int buflen);
63 extern char *__sha512_crypt (const char *key, const char *salt);
64
65 /* Define our magic string to mark salt for MD5 encryption
66 replacement. This is meant to be the same as for other MD5 based
67 encryption implementations. */
68 static const char md5_salt_prefix[] = "$1$";
69
70 /* Magic string for SHA256 encryption. */
71 static const char sha256_salt_prefix[] = "$5$";
72
73 /* Magic string for SHA512 encryption. */
74 static const char sha512_salt_prefix[] = "$6$";
75
76 /* For use by the old, non-reentrant routines (crypt/encrypt/setkey) */
77 extern struct crypt_data _ufc_foobar;
78
79 /*
80 * UNIX crypt function
81 */
82
83 char *
84 __crypt_r (key, salt, data)
85 const char *key;
86 const char *salt;
87 struct crypt_data * __restrict data;
88 {
89 ufc_long res[4];
90 char ktab[9];
91 ufc_long xx = 25; /* to cope with GCC long long compiler bugs */
92
93 #ifdef _LIBC
94 /* Try to find out whether we have to use MD5 encryption replacement. */
95 if (strncmp (md5_salt_prefix, salt, sizeof (md5_salt_prefix) - 1) == 0)
96 {
97 /* FIPS rules out MD5 password encryption. */
98 if (fips_enabled_p ())
99 {
100 __set_errno (EPERM);
101 return NULL;
102 }
103 return __md5_crypt_r (key, salt, (char *) data,
104 sizeof (struct crypt_data));
105 }
106
107 /* Try to find out whether we have to use SHA256 encryption replacement. */
108 if (strncmp (sha256_salt_prefix, salt, sizeof (sha256_salt_prefix) - 1) == 0)
109 return __sha256_crypt_r (key, salt, (char *) data,
110 sizeof (struct crypt_data));
111
112 /* Try to find out whether we have to use SHA512 encryption replacement. */
113 if (strncmp (sha512_salt_prefix, salt, sizeof (sha512_salt_prefix) - 1) == 0)
114 return __sha512_crypt_r (key, salt, (char *) data,
115 sizeof (struct crypt_data));
116 #endif
117
118 /*
119 * Hack DES tables according to salt
120 */
121 if (!_ufc_setup_salt_r (salt, data))
122 {
123 __set_errno (EINVAL);
124 return NULL;
125 }
126
127 /* FIPS rules out DES password encryption. */
128 if (fips_enabled_p ())
129 {
130 __set_errno (EPERM);
131 return NULL;
132 }
133
134 /*
135 * Setup key schedule
136 */
137 _ufc_clearmem (ktab, (int) sizeof (ktab));
138 (void) strncpy (ktab, key, 8);
139 _ufc_mk_keytab_r (ktab, data);
140
141 /*
142 * Go for the 25 DES encryptions
143 */
144 _ufc_clearmem ((char*) res, (int) sizeof (res));
145 _ufc_doit_r (xx, data, &res[0]);
146
147 /*
148 * Do final permutations
149 */
150 _ufc_dofinalperm_r (res, data);
151
152 /*
153 * And convert back to 6 bit ASCII
154 */
155 _ufc_output_conversion_r (res[0], res[1], salt, data);
156 return data->crypt_3_buf;
157 }
158 weak_alias (__crypt_r, crypt_r)
159
160 char *
161 crypt (key, salt)
162 const char *key;
163 const char *salt;
164 {
165 #ifdef _LIBC
166 /* Try to find out whether we have to use MD5 encryption replacement. */
167 if (strncmp (md5_salt_prefix, salt, sizeof (md5_salt_prefix) - 1) == 0
168 /* Let __crypt_r deal with the error code if FIPS is enabled. */
169 && !fips_enabled_p ())
170 return __md5_crypt (key, salt);
171
172 /* Try to find out whether we have to use SHA256 encryption replacement. */
173 if (strncmp (sha256_salt_prefix, salt, sizeof (sha256_salt_prefix) - 1) == 0)
174 return __sha256_crypt (key, salt);
175
176 /* Try to find out whether we have to use SHA512 encryption replacement. */
177 if (strncmp (sha512_salt_prefix, salt, sizeof (sha512_salt_prefix) - 1) == 0)
178 return __sha512_crypt (key, salt);
179 #endif
180
181 return __crypt_r (key, salt, &_ufc_foobar);
182 }
183
184
185 /*
186 * To make fcrypt users happy.
187 * They don't need to call init_des.
188 */
189 #ifdef _LIBC
190 weak_alias (crypt, fcrypt)
191 #else
192 char *
193 __fcrypt (key, salt)
194 const char *key;
195 const char *salt;
196 {
197 return crypt (key, salt);
198 }
199 #endif
A mirror of the official glibc repository