diff options
| -rw-r--r-- | CHANGES | 12 | ||||
| -rw-r--r-- | apps/passwd.c | 7 | ||||
| -rw-r--r-- | doc/apps/passwd.pod | 8 |
3 files changed, 25 insertions, 2 deletions
@@ -4,6 +4,18 @@ Changes between 0.9.6 and 0.9.7 [xx XXX 2000] + *) In 'openssl passwd', verify passwords read from the terminal + unless the '-salt' option is used (which usually means that + verification would just waste user's time since the resulting + hash is going to be compared with some given password hash) + or the new '-noverify' option is used. + + This is an incompatible change, but it does not affect + non-interactive use of 'openssl passwd' (passwords on the command + line, '-stdin' option, '-in ...' option) and thus should not + cause any problems. + [Bodo Moeller] + *) Remove all references to RSAref, since there's no more need for it. [Richard Levitte] diff --git a/apps/passwd.c b/apps/passwd.c index 6851a9927d..c92ff40beb 100644 --- a/apps/passwd.c +++ b/apps/passwd.c @@ -50,6 +50,7 @@ static int do_passwd(int passed_salt, char **salt_p, char **salt_malloc_p, * -salt string - salt * -in file - read passwords from file * -stdin - read passwords from stdin + * -noverify - never verify when reading password from terminal * -quiet - no warnings * -table - format output as table * -reverse - switch table columns @@ -62,6 +63,7 @@ int MAIN(int argc, char **argv) int ret = 1; char *infile = NULL; int in_stdin = 0; + int in_noverify = 0; char *salt = NULL, *passwd = NULL, **passwds = NULL; char *salt_malloc = NULL, *passwd_malloc = NULL; size_t passwd_malloc_size = 0; @@ -128,6 +130,8 @@ int MAIN(int argc, char **argv) else badopt = 1; } + else if (strcmp(argv[i], "-noverify") == 0) + in_noverify = 1; else if (strcmp(argv[i], "-quiet") == 0) quiet = 1; else if (strcmp(argv[i], "-table") == 0) @@ -174,6 +178,7 @@ int MAIN(int argc, char **argv) BIO_printf(bio_err, "-salt string use provided salt\n"); BIO_printf(bio_err, "-in file read passwords from file\n"); BIO_printf(bio_err, "-stdin read passwords from stdin\n"); + BIO_printf(bio_err, "-noverify never verify when reading password from terminal\n"); BIO_printf(bio_err, "-quiet no warnings\n"); BIO_printf(bio_err, "-table format output as table\n"); BIO_printf(bio_err, "-reverse switch table columns\n"); @@ -222,7 +227,7 @@ int MAIN(int argc, char **argv) passwds = passwds_static; if (in == NULL) - if (EVP_read_pw_string(passwd_malloc, passwd_malloc_size, "Password: ", 0) != 0) + if (EVP_read_pw_string(passwd_malloc, passwd_malloc_size, "Password: ", !(passed_salt || in_noverify)) != 0) goto err; passwds[0] = passwd_malloc; } diff --git a/doc/apps/passwd.pod b/doc/apps/passwd.pod index 6e098940c7..07d849c824 100644 --- a/doc/apps/passwd.pod +++ b/doc/apps/passwd.pod @@ -13,6 +13,7 @@ B<openssl passwd> [B<-salt> I<string>] [B<-in> I<file>] [B<-stdin>] +[B<-noverify>] [B<-quiet>] [B<-table>] {I<password>} @@ -22,7 +23,7 @@ B<openssl passwd> The B<passwd> command computes the hash of a password typed at run-time or the hash of each password in a list. The password list is taken from the named file for option B<-in file>, from stdin for -option B<-stdin>, and from the command line otherwise. +option B<-stdin>, or from the command line, or from the terminal otherwise. The Unix standard algorithm B<crypt> and the MD5-based BSD password algorithm B<1> and its Apache variant B<apr1> are available. @@ -45,6 +46,7 @@ Use the B<apr1> algorithm (Apache variant of the BSD algorithm). =item B<-salt> I<string> Use the specified salt. +When reading a password from the terminal, this implies B<-noverify>. =item B<-in> I<file> @@ -54,6 +56,10 @@ Read passwords from I<file>. Read passwords from B<stdin>. +=item B<-noverify> + +Don't verify when reading a password from the terminal. + =item B<-quiet> Don't output warnings when passwords given at the command line are truncated. |