remove built-in support for md5crypt()

Users of MD5-hashed password should arrange for ./configure to link
against libxcrypt or similar. Though it would be better to avoid use
of MD5 password hashing entirely, it's arguably worse than DEScrypt.

feedback and ok dtucker@

8 files changed, 10 insertions, 232 deletions

diff --git a/INSTALL b/INSTALL
index dddd912c..b6e53ab6 100644
--- a/INSTALL
+++ b/INSTALL
@@ -197,11 +197,6 @@ it if lastlog is installed in a different place.
 --with-osfsia, --without-osfsia will enable or disable OSF1's Security
 Integration Architecture.  The default for OSF1 machines is enable.
 
---with-md5-passwords will enable the use of MD5 passwords. Enable this
-if your operating system uses MD5 passwords and the system crypt() does
-not support them directly (see the crypt(3/3c) man page). If enabled, the
-resulting binary will support both MD5 and traditional crypt passwords.
-
 --with-utmpx enables utmpx support. utmpx support is automatic for
 some platforms.
 
diff --git a/LICENCE b/LICENCE
index 5999c5e9..17356190 100644
--- a/LICENCE
+++ b/LICENCE
@@ -210,22 +210,14 @@ OpenSSH contains no GPL code.
 
 8) Portable OpenSSH contains the following additional licenses:
 
-    a) md5crypt.c, md5crypt.h
-
-	 * "THE BEER-WARE LICENSE" (Revision 42):
-	 * <phk@login.dknet.dk> wrote this file.  As long as you retain this
-	 * notice you can do whatever you want with this stuff. If we meet
-	 * some day, and you think this stuff is worth it, you can buy me a
-	 * beer in return.   Poul-Henning Kamp
-
-    b) snprintf replacement
+    a) snprintf replacement
 
 	* Copyright Patrick Powell 1995
 	* This code is based on code written by Patrick Powell
 	* (papowell@astart.com) It may be used for any purpose as long as this
 	* notice remains intact on all source code distributions
 
-    c) Compatibility code (openbsd-compat)
+    b) Compatibility code (openbsd-compat)
 
        Apart from the previously mentioned licenses, various pieces of code
        in the openbsd-compat/ subdirectory are licensed as follows:
diff --git a/Makefile.in b/Makefile.in
index 84bd0dc0..6d82c1b1 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -127,7 +127,7 @@ SSHDOBJS=sshd.o auth-rhosts.o auth-passwd.o \
 	auth2-none.o auth2-passwd.o auth2-pubkey.o \
 	monitor.o monitor_wrap.o auth-krb5.o \
 	auth2-gss.o gss-serv.o gss-serv-krb5.o \
-	loginrec.o auth-pam.o auth-shadow.o auth-sia.o md5crypt.o \
+	loginrec.o auth-pam.o auth-shadow.o auth-sia.o \
 	srclimit.o sftp-server.o sftp-common.o \
 	sandbox-null.o sandbox-rlimit.o sandbox-systrace.o sandbox-darwin.o \
 	sandbox-seccomp-filter.o sandbox-capsicum.o sandbox-pledge.o \
diff --git a/configure.ac b/configure.ac
index 3722b151..f103b3bf 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1859,7 +1859,6 @@ AC_CHECK_FUNCS([ \
 	localtime_r \
 	login_getcapbool \
 	login_getpwclass \
-	md5_crypt \
 	memmem \
 	memmove \
 	memset_s \
@@ -4943,19 +4942,6 @@ else
 fi
 AC_SUBST([mansubdir])
 
-# Check whether to enable MD5 passwords
-MD5_MSG="no"
-AC_ARG_WITH([md5-passwords],
-	[  --with-md5-passwords    Enable use of MD5 passwords],
-	[
-		if test "x$withval" != "xno" ; then
-			AC_DEFINE([HAVE_MD5_PASSWORDS], [1],
-				[Define if you want to allow MD5 passwords])
-			MD5_MSG="yes"
-		fi
-	]
-)
-
 # Whether to disable shadow password support
 AC_ARG_WITH([shadow],
 	[  --without-shadow        Disable shadow password support],
@@ -5550,7 +5536,6 @@ echo "                       PAM support: $PAM_MSG"
 echo "                   OSF SIA support: $SIA_MSG"
 echo "                 KerberosV support: $KRB5_MSG"
 echo "                   SELinux support: $SELINUX_MSG"
-echo "              MD5 password support: $MD5_MSG"
 echo "                   libedit support: $LIBEDIT_MSG"
 echo "                   libldns support: $LDNS_MSG"
 echo "  Solaris process contract support: $SPC_MSG"
diff --git a/contrib/redhat/openssh.spec b/contrib/redhat/openssh.spec
index 2905db0e..f86b035d 100644
--- a/contrib/redhat/openssh.spec
+++ b/contrib/redhat/openssh.spec
@@ -66,7 +66,7 @@
 # rpm -ba|--rebuild --define "smartcard 1"
 %{?smartcard:%global scard 1}
 
-# Is this a build for the rescue CD (without PAM, with MD5)? (1=yes 0=no)
+# Is this a build for the rescue CD (without PAM)? (1=yes 0=no)
 %global rescue 0
 %{?build_rescue:%global rescue 1}
 
@@ -211,7 +211,6 @@ CFLAGS="$RPM_OPT_FLAGS -Os"; export CFLAGS
 	--with-default-path=/usr/local/bin:/bin:/usr/bin \
 	--with-superuser-path=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin \
 	--with-privsep-path=%{_var}/empty/sshd \
-	--with-md5-passwords \
 	--mandir=%{_mandir} \
 	--with-mantype=man \
 	--disable-strip \
@@ -424,7 +423,10 @@ fi
 %endif
 
 %changelog
-* Mon Jul 20 2020 Damien Miller <djm@mindrto.org>
+* Thu Oct 28 2021 Damien Miller <djm@mindrot.org>
+- Remove remaining traces of --with-md5-passwords
+
+* Mon Jul 20 2020 Damien Miller <djm@mindrot.org>
 - Add ssh-sk-helper and corresponding manual page.
 
 * Sat Feb 10 2018 Darren Tucker <dtucker@dtucker.net>
diff --git a/md5crypt.c b/md5crypt.c
deleted file mode 100644
index 52cf2959..00000000
--- a/md5crypt.c
+++ /dev/null
@@ -1,165 +0,0 @@
-/*
- * ----------------------------------------------------------------------------
- * "THE BEER-WARE LICENSE" (Revision 42):
- * <phk@login.dknet.dk> wrote this file.  As long as you retain this
- * notice you can do whatever you want with this stuff. If we meet some
- * day, and you think this stuff is worth it, you can buy me a beer in
- * return.   Poul-Henning Kamp
- * ----------------------------------------------------------------------------
- */
-
-#include "includes.h"
-
-#if defined(HAVE_MD5_PASSWORDS) && !defined(HAVE_MD5_CRYPT)
-#include <sys/types.h>
-
-#include <string.h>
-
-#include <openssl/md5.h>
-
-/* 0 ... 63 => ascii - 64 */
-static unsigned char itoa64[] =
-    "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
-
-static char *magic = "$1$";
-
-static char *
-to64(unsigned long v, int n)
-{
-	static char buf[5];
-	char *s = buf;
-
-	if (n > 4)
-		return (NULL);
-
-	memset(buf, '\0', sizeof(buf));
-	while (--n >= 0) {
-		*s++ = itoa64[v&0x3f];
-		v >>= 6;
-	}
-
-	return (buf);
-}
-
-int
-is_md5_salt(const char *salt)
-{
-	return (strncmp(salt, magic, strlen(magic)) == 0);
-}
-
-char *
-md5_crypt(const char *pw, const char *salt)
-{
-	static char passwd[120], salt_copy[9];
-	static const char *sp, *ep;
-	unsigned char final[16];
-	int sl, pl, i, j;
-	MD5_CTX	ctx, ctx1;
-	unsigned long l;
-
-	/* Refine the Salt first */
-	sp = salt;
-
-	/* If it starts with the magic string, then skip that */
-	if(strncmp(sp, magic, strlen(magic)) == 0)
-		sp += strlen(magic);
-
-	/* It stops at the first '$', max 8 chars */
-	for (ep = sp; *ep != '$'; ep++) {
-		if (*ep == '\0' || ep >= (sp + 8))
-			return (NULL);
-	}
-
-	/* get the length of the true salt */
-	sl = ep - sp;
-
-	/* Stash the salt */
-	memcpy(salt_copy, sp, sl);
-	salt_copy[sl] = '\0';
-
-	MD5_Init(&ctx);
-
-	/* The password first, since that is what is most unknown */
-	MD5_Update(&ctx, pw, strlen(pw));
-
-	/* Then our magic string */
-	MD5_Update(&ctx, magic, strlen(magic));
-
-	/* Then the raw salt */
-	MD5_Update(&ctx, sp, sl);
-
-	/* Then just as many characters of the MD5(pw, salt, pw) */
-	MD5_Init(&ctx1);
-	MD5_Update(&ctx1, pw, strlen(pw));
-	MD5_Update(&ctx1, sp, sl);
-	MD5_Update(&ctx1, pw, strlen(pw));
-	MD5_Final(final, &ctx1);
-
-	for(pl = strlen(pw); pl > 0; pl -= 16)
-		MD5_Update(&ctx, final, pl > 16 ? 16 : pl);
-
-	/* Don't leave anything around in vm they could use. */
-	memset(final, '\0', sizeof final);
-
-	/* Then something really weird... */
-	for (j = 0, i = strlen(pw); i != 0; i >>= 1)
-		if (i & 1)
-			MD5_Update(&ctx, final + j, 1);
-		else
-			MD5_Update(&ctx, pw + j, 1);
-
-	/* Now make the output string */
-	snprintf(passwd, sizeof(passwd), "%s%s$", magic, salt_copy);
-
-	MD5_Final(final, &ctx);
-
-	/*
-	 * and now, just to make sure things don't run too fast
-	 * On a 60 Mhz Pentium this takes 34 msec, so you would
-	 * need 30 seconds to build a 1000 entry dictionary...
-	 */
-	for(i = 0; i < 1000; i++) {
-		MD5_Init(&ctx1);
-		if (i & 1)
-			MD5_Update(&ctx1, pw, strlen(pw));
-		else
-			MD5_Update(&ctx1, final, 16);
-
-		if (i % 3)
-			MD5_Update(&ctx1, sp, sl);
-
-		if (i % 7)
-			MD5_Update(&ctx1, pw, strlen(pw));
-
-		if (i & 1)
-			MD5_Update(&ctx1, final, 16);
-		else
-			MD5_Update(&ctx1, pw, strlen(pw));
-
-		MD5_Final(final, &ctx1);
-	}
-
-	l = (final[ 0]<<16) | (final[ 6]<<8) | final[12];
-	strlcat(passwd, to64(l, 4), sizeof(passwd));
-	l = (final[ 1]<<16) | (final[ 7]<<8) | final[13];
-	strlcat(passwd, to64(l, 4), sizeof(passwd));
-	l = (final[ 2]<<16) | (final[ 8]<<8) | final[14];
-	strlcat(passwd, to64(l, 4), sizeof(passwd));
-	l = (final[ 3]<<16) | (final[ 9]<<8) | final[15];
-	strlcat(passwd, to64(l, 4), sizeof(passwd));
-	l = (final[ 4]<<16) | (final[10]<<8) | final[ 5];
-	strlcat(passwd, to64(l, 4), sizeof(passwd));
-	l =                    final[11]                ;
-	strlcat(passwd, to64(l, 2), sizeof(passwd));
-
-	/* Don't leave anything around in vm they could use. */
-	memset(final, 0, sizeof(final));
-	memset(salt_copy, 0, sizeof(salt_copy));
-	memset(&ctx, 0, sizeof(ctx));
-	memset(&ctx1, 0, sizeof(ctx1));
-	(void)to64(0, 4);
-
-	return (passwd);
-}
-
-#endif /* defined(HAVE_MD5_PASSWORDS) && !defined(HAVE_MD5_CRYPT) */
diff --git a/md5crypt.h b/md5crypt.h
deleted file mode 100644
index 978e579c..00000000
--- a/md5crypt.h
+++ /dev/null
@@ -1,22 +0,0 @@
-/*
- * ----------------------------------------------------------------------------
- * "THE BEER-WARE LICENSE" (Revision 42):
- * <phk@login.dknet.dk> wrote this file.  As long as you retain this notice you
- * can do whatever you want with this stuff. If we meet some day, and you think
- * this stuff is worth it, you can buy me a beer in return.   Poul-Henning Kamp
- * ----------------------------------------------------------------------------
- */
-
-#ifndef _MD5CRYPT_H
-#define _MD5CRYPT_H
-
-#include "config.h"
-
-#if defined(HAVE_MD5_PASSWORDS) && !defined(HAVE_MD5_CRYPT)
-
-int is_md5_salt(const char *);
-char *md5_crypt(const char *, const char *);
-
-#endif /* defined(HAVE_MD5_PASSWORDS) && !defined(HAVE_MD5_CRYPT) */
-
-#endif /* MD5CRYPT_H */
diff --git a/openbsd-compat/xcrypt.c b/openbsd-compat/xcrypt.c
index 360b187a..e493dd31 100644
--- a/openbsd-compat/xcrypt.c
+++ b/openbsd-compat/xcrypt.c
@@ -54,10 +54,6 @@
 #  include <pwdadj.h>
 # endif
 
-# if defined(HAVE_MD5_PASSWORDS) && !defined(HAVE_MD5_CRYPT)
-#  include "md5crypt.h"
-# endif
-
 # if defined(WITH_OPENSSL) && !defined(HAVE_CRYPT) && defined(HAVE_DES_CRYPT)
 #  include <openssl/des.h>
 #  define crypt DES_crypt
@@ -108,12 +104,7 @@ xcrypt(const char *password, const char *salt)
 	if (salt == NULL)
 		salt = pick_salt();
 
-# ifdef HAVE_MD5_PASSWORDS
-	if (is_md5_salt(salt))
-		crypted = md5_crypt(password, salt);
-	else
-		crypted = crypt(password, salt);
-# elif defined(__hpux) && !defined(HAVE_SECUREWARE)
+#if defined(__hpux) && !defined(HAVE_SECUREWARE)
 	if (iscomsec())
 		crypted = bigcrypt(password, salt);
 	else
@@ -122,7 +113,7 @@ xcrypt(const char *password, const char *salt)
 	crypted = bigcrypt(password, salt);
 # else
 	crypted = crypt(password, salt);
-# endif
+#endif
 
 	return crypted;
 }