Loading CHANGES +12 −0 Original line number Diff line number Diff line Loading @@ -4,6 +4,18 @@ Changes between 0.9.6 and 0.9.7 [xx XXX 2000] *) In 'openssl passwd', verify passwords read from the terminal unless the '-salt' option is used (which usually means that verification would just waste user's time since the resulting hash is going to be compared with some given password hash) or the new '-noverify' option is used. This is an incompatible change, but it does not affect non-interactive use of 'openssl passwd' (passwords on the command line, '-stdin' option, '-in ...' option) and thus should not cause any problems. [Bodo Moeller] *) Remove all references to RSAref, since there's no more need for it. [Richard Levitte] Loading apps/passwd.c +6 −1 Original line number Diff line number Diff line Loading @@ -50,6 +50,7 @@ static int do_passwd(int passed_salt, char **salt_p, char **salt_malloc_p, * -salt string - salt * -in file - read passwords from file * -stdin - read passwords from stdin * -noverify - never verify when reading password from terminal * -quiet - no warnings * -table - format output as table * -reverse - switch table columns Loading @@ -62,6 +63,7 @@ int MAIN(int argc, char **argv) int ret = 1; char *infile = NULL; int in_stdin = 0; int in_noverify = 0; char *salt = NULL, *passwd = NULL, **passwds = NULL; char *salt_malloc = NULL, *passwd_malloc = NULL; size_t passwd_malloc_size = 0; Loading Loading @@ -128,6 +130,8 @@ int MAIN(int argc, char **argv) else badopt = 1; } else if (strcmp(argv[i], "-noverify") == 0) in_noverify = 1; else if (strcmp(argv[i], "-quiet") == 0) quiet = 1; else if (strcmp(argv[i], "-table") == 0) Loading Loading @@ -174,6 +178,7 @@ int MAIN(int argc, char **argv) BIO_printf(bio_err, "-salt string use provided salt\n"); BIO_printf(bio_err, "-in file read passwords from file\n"); BIO_printf(bio_err, "-stdin read passwords from stdin\n"); BIO_printf(bio_err, "-noverify never verify when reading password from terminal\n"); BIO_printf(bio_err, "-quiet no warnings\n"); BIO_printf(bio_err, "-table format output as table\n"); BIO_printf(bio_err, "-reverse switch table columns\n"); Loading Loading @@ -222,7 +227,7 @@ int MAIN(int argc, char **argv) passwds = passwds_static; if (in == NULL) if (EVP_read_pw_string(passwd_malloc, passwd_malloc_size, "Password: ", 0) != 0) if (EVP_read_pw_string(passwd_malloc, passwd_malloc_size, "Password: ", !(passed_salt || in_noverify)) != 0) goto err; passwds[0] = passwd_malloc; } Loading doc/apps/passwd.pod +7 −1 Original line number Diff line number Diff line Loading @@ -13,6 +13,7 @@ B<openssl passwd> [B<-salt> I<string>] [B<-in> I<file>] [B<-stdin>] [B<-noverify>] [B<-quiet>] [B<-table>] {I<password>} Loading @@ -22,7 +23,7 @@ B<openssl passwd> The B<passwd> command computes the hash of a password typed at run-time or the hash of each password in a list. The password list is taken from the named file for option B<-in file>, from stdin for option B<-stdin>, and from the command line otherwise. option B<-stdin>, or from the command line, or from the terminal otherwise. The Unix standard algorithm B<crypt> and the MD5-based BSD password algorithm B<1> and its Apache variant B<apr1> are available. Loading @@ -45,6 +46,7 @@ Use the B<apr1> algorithm (Apache variant of the BSD algorithm). =item B<-salt> I<string> Use the specified salt. When reading a password from the terminal, this implies B<-noverify>. =item B<-in> I<file> Loading @@ -54,6 +56,10 @@ Read passwords from I<file>. Read passwords from B<stdin>. =item B<-noverify> Don't verify when reading a password from the terminal. =item B<-quiet> Don't output warnings when passwords given at the command line are truncated. Loading Loading
CHANGES +12 −0 Original line number Diff line number Diff line Loading @@ -4,6 +4,18 @@ Changes between 0.9.6 and 0.9.7 [xx XXX 2000] *) In 'openssl passwd', verify passwords read from the terminal unless the '-salt' option is used (which usually means that verification would just waste user's time since the resulting hash is going to be compared with some given password hash) or the new '-noverify' option is used. This is an incompatible change, but it does not affect non-interactive use of 'openssl passwd' (passwords on the command line, '-stdin' option, '-in ...' option) and thus should not cause any problems. [Bodo Moeller] *) Remove all references to RSAref, since there's no more need for it. [Richard Levitte] Loading
apps/passwd.c +6 −1 Original line number Diff line number Diff line Loading @@ -50,6 +50,7 @@ static int do_passwd(int passed_salt, char **salt_p, char **salt_malloc_p, * -salt string - salt * -in file - read passwords from file * -stdin - read passwords from stdin * -noverify - never verify when reading password from terminal * -quiet - no warnings * -table - format output as table * -reverse - switch table columns Loading @@ -62,6 +63,7 @@ int MAIN(int argc, char **argv) int ret = 1; char *infile = NULL; int in_stdin = 0; int in_noverify = 0; char *salt = NULL, *passwd = NULL, **passwds = NULL; char *salt_malloc = NULL, *passwd_malloc = NULL; size_t passwd_malloc_size = 0; Loading Loading @@ -128,6 +130,8 @@ int MAIN(int argc, char **argv) else badopt = 1; } else if (strcmp(argv[i], "-noverify") == 0) in_noverify = 1; else if (strcmp(argv[i], "-quiet") == 0) quiet = 1; else if (strcmp(argv[i], "-table") == 0) Loading Loading @@ -174,6 +178,7 @@ int MAIN(int argc, char **argv) BIO_printf(bio_err, "-salt string use provided salt\n"); BIO_printf(bio_err, "-in file read passwords from file\n"); BIO_printf(bio_err, "-stdin read passwords from stdin\n"); BIO_printf(bio_err, "-noverify never verify when reading password from terminal\n"); BIO_printf(bio_err, "-quiet no warnings\n"); BIO_printf(bio_err, "-table format output as table\n"); BIO_printf(bio_err, "-reverse switch table columns\n"); Loading Loading @@ -222,7 +227,7 @@ int MAIN(int argc, char **argv) passwds = passwds_static; if (in == NULL) if (EVP_read_pw_string(passwd_malloc, passwd_malloc_size, "Password: ", 0) != 0) if (EVP_read_pw_string(passwd_malloc, passwd_malloc_size, "Password: ", !(passed_salt || in_noverify)) != 0) goto err; passwds[0] = passwd_malloc; } Loading
doc/apps/passwd.pod +7 −1 Original line number Diff line number Diff line Loading @@ -13,6 +13,7 @@ B<openssl passwd> [B<-salt> I<string>] [B<-in> I<file>] [B<-stdin>] [B<-noverify>] [B<-quiet>] [B<-table>] {I<password>} Loading @@ -22,7 +23,7 @@ B<openssl passwd> The B<passwd> command computes the hash of a password typed at run-time or the hash of each password in a list. The password list is taken from the named file for option B<-in file>, from stdin for option B<-stdin>, and from the command line otherwise. option B<-stdin>, or from the command line, or from the terminal otherwise. The Unix standard algorithm B<crypt> and the MD5-based BSD password algorithm B<1> and its Apache variant B<apr1> are available. Loading @@ -45,6 +46,7 @@ Use the B<apr1> algorithm (Apache variant of the BSD algorithm). =item B<-salt> I<string> Use the specified salt. When reading a password from the terminal, this implies B<-noverify>. =item B<-in> I<file> Loading @@ -54,6 +56,10 @@ Read passwords from I<file>. Read passwords from B<stdin>. =item B<-noverify> Don't verify when reading a password from the terminal. =item B<-quiet> Don't output warnings when passwords given at the command line are truncated. Loading
