4c4
< # define NO_APR1
---
> # define NO_MD5CRYPT_1
7c7
< #if !defined(NO_DES) || !defined(NO_APR1)
---
> #if !defined(NO_DES) || !defined(NO_MD5CRYPT_1)
22c22
< #ifndef NO_APR1
---
> #ifndef NO_MD5CRYPT_1
45c45
< size_t pw_maxlen, int usecrypt, int useapr1);
---
> size_t pw_maxlen, int usecrypt, int use1, int useapr1);
47,48c47,49
< /* -crypt - standard Unix password algorithm (default, only choice)
< * -apr1 - MD5-based password algorithm
---
> /* -crypt - standard Unix password algorithm (default)
> * -1 - MD5-based password algorithm
> * -apr1 - MD5-based password algorithm, Apache variant
65a67
> size_t passwd_malloc_size = 0;
70c72
< int usecrypt = 0, useapr1 = 0;
---
> int usecrypt = 0, use1 = 0, useapr1 = 0;
81a84,89
> #ifdef VMS
> {
> BIO *tmpbio = BIO_new(BIO_f_linebuffer());
> out = BIO_push(tmpbio, out);
> }
> #endif
88a97,98
> else if (strcmp(argv[i], "-1") == 0)
> use1 = 1;
140c150
< if (!usecrypt && !useapr1) /* use default */
---
> if (!usecrypt && !use1 && !useapr1) /* use default */
142c152
< if (usecrypt + useapr1 > 1) /* conflict */
---
> if (usecrypt + use1 + useapr1 > 1) /* conflict */
149,150c159,160
< #ifdef NO_APR1
< if (useapr1) badopt = 1;
---
> #ifdef NO_MD5CRYPT_1
> if (use1 || useapr1) badopt = 1;
160,161c170,172
< #ifndef NO_APR1
< BIO_printf(bio_err, "-apr1 MD5-based password algorithm\n");
---
> #ifndef NO_MD5CRYPT_1
> BIO_printf(bio_err, "-1 MD5-based password algorithm\n");
> BIO_printf(bio_err, "-apr1 MD5-based password algorithm, Apache variant\n");
193c204
< else if (useapr1)
---
> else if (use1 || useapr1)
199c210,213
< passwd = passwd_malloc = Malloc(pw_maxlen + 1);
---
>
> passwd_malloc_size = pw_maxlen + 2;
> /* longer than necessary so that we can warn about truncation */
> passwd = passwd_malloc = OPENSSL_malloc(passwd_malloc_size);
211c225
< if (EVP_read_pw_string(passwd_malloc, pw_maxlen + 1, "Password: ", 0) != 0)
---
> if (EVP_read_pw_string(passwd_malloc, passwd_malloc_size, "Password: ", 0) != 0)
225c239
< quiet, table, reverse, pw_maxlen, usecrypt, useapr1))
---
> quiet, table, reverse, pw_maxlen, usecrypt, use1, useapr1))
254c268
< quiet, table, reverse, pw_maxlen, usecrypt, useapr1))
---
> quiet, table, reverse, pw_maxlen, usecrypt, use1, useapr1))
265c279
< Free(salt_malloc);
---
> OPENSSL_free(salt_malloc);
267c281
< Free(passwd_malloc);
---
> OPENSSL_free(passwd_malloc);
271c285
< BIO_free(out);
---
> BIO_free_all(out);
276,280c290,301
< #ifndef NO_APR1
< /* MD5-based password algorithm compatible to the one found in Apache
< * (should probably be available as a library function;
< * then the static buffer would not be acceptable) */
< static char *apr1_crypt(const char *passwd, const char *salt)
---
> #ifndef NO_MD5CRYPT_1
> /* MD5-based password algorithm (should probably be available as a library
> * function; then the static buffer would not be acceptable).
> * For magic string "1", this should be compatible to the MD5-based BSD
> * password algorithm.
> * For 'magic' string "apr1", this is compatible to the MD5-based Apache
> * password algorithm.
> * (Apparently, the Apache password algorithm is identical except that the
> * 'magic' string was changed -- the laziest application of the NIH principle
> * I've ever encountered.)
> */
> static char *md5crypt(const char *passwd, const char *magic, const char *salt)
290c311,315
< strcpy(out_buf, "$apr1$");
---
> out_buf[0] = '$';
> out_buf[1] = 0;
> assert(strlen(magic) <= 4); /* "1" or "apr1" */
> strncat(out_buf, magic, 4);
> strncat(out_buf, "$", 1);
299c324,326
< MD5_Update(&md, "$apr1$", 6);
---
> MD5_Update(&md, "$", 1);
> MD5_Update(&md, magic, strlen(magic));
> MD5_Update(&md, "$", 1);
383c410
< size_t pw_maxlen, int usecrypt, int useapr1)
---
> size_t pw_maxlen, int usecrypt, int use1, int useapr1)
398c425
< *salt_p = *salt_malloc_p = Malloc(3);
---
> *salt_p = *salt_malloc_p = OPENSSL_malloc(3);
414,415c441,442
< #ifndef NO_APR1
< if (useapr1)
---
> #ifndef NO_MD5CRYPT_1
> if (use1 || useapr1)
421c448
< *salt_p = *salt_malloc_p = Malloc(9);
---
> *salt_p = *salt_malloc_p = OPENSSL_malloc(9);
432c459
< #endif /* !NO_APR1 */
---
> #endif /* !NO_MD5CRYPT_1 */
451,453c478,480
< #ifndef NO_APR1
< if (useapr1)
< hash = apr1_crypt(passwd, *salt_p);
---
> #ifndef NO_MD5CRYPT_1
> if (use1 || useapr1)
> hash = md5crypt(passwd, (use1 ? "1" : "apr1"), *salt_p);
< # define NO_APR1
---
> # define NO_MD5CRYPT_1
7c7
< #if !defined(NO_DES) || !defined(NO_APR1)
---
> #if !defined(NO_DES) || !defined(NO_MD5CRYPT_1)
22c22
< #ifndef NO_APR1
---
> #ifndef NO_MD5CRYPT_1
45c45
< size_t pw_maxlen, int usecrypt, int useapr1);
---
> size_t pw_maxlen, int usecrypt, int use1, int useapr1);
47,48c47,49
< /* -crypt - standard Unix password algorithm (default, only choice)
< * -apr1 - MD5-based password algorithm
---
> /* -crypt - standard Unix password algorithm (default)
> * -1 - MD5-based password algorithm
> * -apr1 - MD5-based password algorithm, Apache variant
65a67
> size_t passwd_malloc_size = 0;
70c72
< int usecrypt = 0, useapr1 = 0;
---
> int usecrypt = 0, use1 = 0, useapr1 = 0;
81a84,89
> #ifdef VMS
> {
> BIO *tmpbio = BIO_new(BIO_f_linebuffer());
> out = BIO_push(tmpbio, out);
> }
> #endif
88a97,98
> else if (strcmp(argv[i], "-1") == 0)
> use1 = 1;
140c150
< if (!usecrypt && !useapr1) /* use default */
---
> if (!usecrypt && !use1 && !useapr1) /* use default */
142c152
< if (usecrypt + useapr1 > 1) /* conflict */
---
> if (usecrypt + use1 + useapr1 > 1) /* conflict */
149,150c159,160
< #ifdef NO_APR1
< if (useapr1) badopt = 1;
---
> #ifdef NO_MD5CRYPT_1
> if (use1 || useapr1) badopt = 1;
160,161c170,172
< #ifndef NO_APR1
< BIO_printf(bio_err, "-apr1 MD5-based password algorithm\n");
---
> #ifndef NO_MD5CRYPT_1
> BIO_printf(bio_err, "-1 MD5-based password algorithm\n");
> BIO_printf(bio_err, "-apr1 MD5-based password algorithm, Apache variant\n");
193c204
< else if (useapr1)
---
> else if (use1 || useapr1)
199c210,213
< passwd = passwd_malloc = Malloc(pw_maxlen + 1);
---
>
> passwd_malloc_size = pw_maxlen + 2;
> /* longer than necessary so that we can warn about truncation */
> passwd = passwd_malloc = OPENSSL_malloc(passwd_malloc_size);
211c225
< if (EVP_read_pw_string(passwd_malloc, pw_maxlen + 1, "Password: ", 0) != 0)
---
> if (EVP_read_pw_string(passwd_malloc, passwd_malloc_size, "Password: ", 0) != 0)
225c239
< quiet, table, reverse, pw_maxlen, usecrypt, useapr1))
---
> quiet, table, reverse, pw_maxlen, usecrypt, use1, useapr1))
254c268
< quiet, table, reverse, pw_maxlen, usecrypt, useapr1))
---
> quiet, table, reverse, pw_maxlen, usecrypt, use1, useapr1))
265c279
< Free(salt_malloc);
---
> OPENSSL_free(salt_malloc);
267c281
< Free(passwd_malloc);
---
> OPENSSL_free(passwd_malloc);
271c285
< BIO_free(out);
---
> BIO_free_all(out);
276,280c290,301
< #ifndef NO_APR1
< /* MD5-based password algorithm compatible to the one found in Apache
< * (should probably be available as a library function;
< * then the static buffer would not be acceptable) */
< static char *apr1_crypt(const char *passwd, const char *salt)
---
> #ifndef NO_MD5CRYPT_1
> /* MD5-based password algorithm (should probably be available as a library
> * function; then the static buffer would not be acceptable).
> * For magic string "1", this should be compatible to the MD5-based BSD
> * password algorithm.
> * For 'magic' string "apr1", this is compatible to the MD5-based Apache
> * password algorithm.
> * (Apparently, the Apache password algorithm is identical except that the
> * 'magic' string was changed -- the laziest application of the NIH principle
> * I've ever encountered.)
> */
> static char *md5crypt(const char *passwd, const char *magic, const char *salt)
290c311,315
< strcpy(out_buf, "$apr1$");
---
> out_buf[0] = '$';
> out_buf[1] = 0;
> assert(strlen(magic) <= 4); /* "1" or "apr1" */
> strncat(out_buf, magic, 4);
> strncat(out_buf, "$", 1);
299c324,326
< MD5_Update(&md, "$apr1$", 6);
---
> MD5_Update(&md, "$", 1);
> MD5_Update(&md, magic, strlen(magic));
> MD5_Update(&md, "$", 1);
383c410
< size_t pw_maxlen, int usecrypt, int useapr1)
---
> size_t pw_maxlen, int usecrypt, int use1, int useapr1)
398c425
< *salt_p = *salt_malloc_p = Malloc(3);
---
> *salt_p = *salt_malloc_p = OPENSSL_malloc(3);
414,415c441,442
< #ifndef NO_APR1
< if (useapr1)
---
> #ifndef NO_MD5CRYPT_1
> if (use1 || useapr1)
421c448
< *salt_p = *salt_malloc_p = Malloc(9);
---
> *salt_p = *salt_malloc_p = OPENSSL_malloc(9);
432c459
< #endif /* !NO_APR1 */
---
> #endif /* !NO_MD5CRYPT_1 */
451,453c478,480
< #ifndef NO_APR1
< if (useapr1)
< hash = apr1_crypt(passwd, *salt_p);
---
> #ifndef NO_MD5CRYPT_1
> if (use1 || useapr1)
> hash = md5crypt(passwd, (use1 ? "1" : "apr1"), *salt_p);