From a5ab4882348d26addc9830a44e053238dfa2cb58 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Thu, 6 May 2021 10:08:30 +1000 Subject: [PATCH] remove built-in support for md5crypt() Users of MD5-hashed password should arrange for ./configure to link against libxcrypt or similar. Though it would be better to avoid use of MD5 password hashing entirely, it's arguably worse than DEScrypt. feedback and ok dtucker@ --- INSTALL | 5 -- LICENCE | 12 +-- Makefile.in | 2 +- configure.ac | 15 ---- contrib/redhat/openssh.spec | 8 +- md5crypt.c | 165 ------------------------------------ md5crypt.h | 22 ----- openbsd-compat/xcrypt.c | 13 +-- 8 files changed, 10 insertions(+), 232 deletions(-) delete mode 100644 md5crypt.c delete mode 100644 md5crypt.h diff --git a/INSTALL b/INSTALL index dddd912c5..b6e53ab6c 100644 --- a/INSTALL +++ b/INSTALL @@ -197,11 +197,6 @@ it if lastlog is installed in a different place. --with-osfsia, --without-osfsia will enable or disable OSF1's Security Integration Architecture. The default for OSF1 machines is enable. ---with-md5-passwords will enable the use of MD5 passwords. Enable this -if your operating system uses MD5 passwords and the system crypt() does -not support them directly (see the crypt(3/3c) man page). If enabled, the -resulting binary will support both MD5 and traditional crypt passwords. - --with-utmpx enables utmpx support. utmpx support is automatic for some platforms. diff --git a/LICENCE b/LICENCE index 5999c5e9d..173561904 100644 --- a/LICENCE +++ b/LICENCE @@ -210,22 +210,14 @@ OpenSSH contains no GPL code. 8) Portable OpenSSH contains the following additional licenses: - a) md5crypt.c, md5crypt.h - - * "THE BEER-WARE LICENSE" (Revision 42): - * wrote this file. As long as you retain this - * notice you can do whatever you want with this stuff. If we meet - * some day, and you think this stuff is worth it, you can buy me a - * beer in return. Poul-Henning Kamp - - b) snprintf replacement + a) snprintf replacement * Copyright Patrick Powell 1995 * This code is based on code written by Patrick Powell * (papowell@astart.com) It may be used for any purpose as long as this * notice remains intact on all source code distributions - c) Compatibility code (openbsd-compat) + b) Compatibility code (openbsd-compat) Apart from the previously mentioned licenses, various pieces of code in the openbsd-compat/ subdirectory are licensed as follows: diff --git a/Makefile.in b/Makefile.in index 84bd0dc07..6d82c1b14 100644 --- a/Makefile.in +++ b/Makefile.in @@ -127,7 +127,7 @@ SSHDOBJS=sshd.o auth-rhosts.o auth-passwd.o \ auth2-none.o auth2-passwd.o auth2-pubkey.o \ monitor.o monitor_wrap.o auth-krb5.o \ auth2-gss.o gss-serv.o gss-serv-krb5.o \ - loginrec.o auth-pam.o auth-shadow.o auth-sia.o md5crypt.o \ + loginrec.o auth-pam.o auth-shadow.o auth-sia.o \ srclimit.o sftp-server.o sftp-common.o \ sandbox-null.o sandbox-rlimit.o sandbox-systrace.o sandbox-darwin.o \ sandbox-seccomp-filter.o sandbox-capsicum.o sandbox-pledge.o \ diff --git a/configure.ac b/configure.ac index 3722b1514..f103b3bfb 100644 --- a/configure.ac +++ b/configure.ac @@ -1859,7 +1859,6 @@ AC_CHECK_FUNCS([ \ localtime_r \ login_getcapbool \ login_getpwclass \ - md5_crypt \ memmem \ memmove \ memset_s \ @@ -4943,19 +4942,6 @@ else fi AC_SUBST([mansubdir]) -# Check whether to enable MD5 passwords -MD5_MSG="no" -AC_ARG_WITH([md5-passwords], - [ --with-md5-passwords Enable use of MD5 passwords], - [ - if test "x$withval" != "xno" ; then - AC_DEFINE([HAVE_MD5_PASSWORDS], [1], - [Define if you want to allow MD5 passwords]) - MD5_MSG="yes" - fi - ] -) - # Whether to disable shadow password support AC_ARG_WITH([shadow], [ --without-shadow Disable shadow password support], @@ -5550,7 +5536,6 @@ echo " PAM support: $PAM_MSG" echo " OSF SIA support: $SIA_MSG" echo " KerberosV support: $KRB5_MSG" echo " SELinux support: $SELINUX_MSG" -echo " MD5 password support: $MD5_MSG" echo " libedit support: $LIBEDIT_MSG" echo " libldns support: $LDNS_MSG" echo " Solaris process contract support: $SPC_MSG" diff --git a/contrib/redhat/openssh.spec b/contrib/redhat/openssh.spec index 2905db0e8..f86b035de 100644 --- a/contrib/redhat/openssh.spec +++ b/contrib/redhat/openssh.spec @@ -66,7 +66,7 @@ # rpm -ba|--rebuild --define "smartcard 1" %{?smartcard:%global scard 1} -# Is this a build for the rescue CD (without PAM, with MD5)? (1=yes 0=no) +# Is this a build for the rescue CD (without PAM)? (1=yes 0=no) %global rescue 0 %{?build_rescue:%global rescue 1} @@ -211,7 +211,6 @@ CFLAGS="$RPM_OPT_FLAGS -Os"; export CFLAGS --with-default-path=/usr/local/bin:/bin:/usr/bin \ --with-superuser-path=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin \ --with-privsep-path=%{_var}/empty/sshd \ - --with-md5-passwords \ --mandir=%{_mandir} \ --with-mantype=man \ --disable-strip \ @@ -424,7 +423,10 @@ fi %endif %changelog -* Mon Jul 20 2020 Damien Miller +* Thu Oct 28 2021 Damien Miller +- Remove remaining traces of --with-md5-passwords + +* Mon Jul 20 2020 Damien Miller - Add ssh-sk-helper and corresponding manual page. * Sat Feb 10 2018 Darren Tucker diff --git a/md5crypt.c b/md5crypt.c deleted file mode 100644 index 52cf2959a..000000000 --- a/md5crypt.c +++ /dev/null @@ -1,165 +0,0 @@ -/* - * ---------------------------------------------------------------------------- - * "THE BEER-WARE LICENSE" (Revision 42): - * wrote this file. As long as you retain this - * notice you can do whatever you want with this stuff. If we meet some - * day, and you think this stuff is worth it, you can buy me a beer in - * return. Poul-Henning Kamp - * ---------------------------------------------------------------------------- - */ - -#include "includes.h" - -#if defined(HAVE_MD5_PASSWORDS) && !defined(HAVE_MD5_CRYPT) -#include - -#include - -#include - -/* 0 ... 63 => ascii - 64 */ -static unsigned char itoa64[] = - "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"; - -static char *magic = "$1$"; - -static char * -to64(unsigned long v, int n) -{ - static char buf[5]; - char *s = buf; - - if (n > 4) - return (NULL); - - memset(buf, '\0', sizeof(buf)); - while (--n >= 0) { - *s++ = itoa64[v&0x3f]; - v >>= 6; - } - - return (buf); -} - -int -is_md5_salt(const char *salt) -{ - return (strncmp(salt, magic, strlen(magic)) == 0); -} - -char * -md5_crypt(const char *pw, const char *salt) -{ - static char passwd[120], salt_copy[9]; - static const char *sp, *ep; - unsigned char final[16]; - int sl, pl, i, j; - MD5_CTX ctx, ctx1; - unsigned long l; - - /* Refine the Salt first */ - sp = salt; - - /* If it starts with the magic string, then skip that */ - if(strncmp(sp, magic, strlen(magic)) == 0) - sp += strlen(magic); - - /* It stops at the first '$', max 8 chars */ - for (ep = sp; *ep != '$'; ep++) { - if (*ep == '\0' || ep >= (sp + 8)) - return (NULL); - } - - /* get the length of the true salt */ - sl = ep - sp; - - /* Stash the salt */ - memcpy(salt_copy, sp, sl); - salt_copy[sl] = '\0'; - - MD5_Init(&ctx); - - /* The password first, since that is what is most unknown */ - MD5_Update(&ctx, pw, strlen(pw)); - - /* Then our magic string */ - MD5_Update(&ctx, magic, strlen(magic)); - - /* Then the raw salt */ - MD5_Update(&ctx, sp, sl); - - /* Then just as many characters of the MD5(pw, salt, pw) */ - MD5_Init(&ctx1); - MD5_Update(&ctx1, pw, strlen(pw)); - MD5_Update(&ctx1, sp, sl); - MD5_Update(&ctx1, pw, strlen(pw)); - MD5_Final(final, &ctx1); - - for(pl = strlen(pw); pl > 0; pl -= 16) - MD5_Update(&ctx, final, pl > 16 ? 16 : pl); - - /* Don't leave anything around in vm they could use. */ - memset(final, '\0', sizeof final); - - /* Then something really weird... */ - for (j = 0, i = strlen(pw); i != 0; i >>= 1) - if (i & 1) - MD5_Update(&ctx, final + j, 1); - else - MD5_Update(&ctx, pw + j, 1); - - /* Now make the output string */ - snprintf(passwd, sizeof(passwd), "%s%s$", magic, salt_copy); - - MD5_Final(final, &ctx); - - /* - * and now, just to make sure things don't run too fast - * On a 60 Mhz Pentium this takes 34 msec, so you would - * need 30 seconds to build a 1000 entry dictionary... - */ - for(i = 0; i < 1000; i++) { - MD5_Init(&ctx1); - if (i & 1) - MD5_Update(&ctx1, pw, strlen(pw)); - else - MD5_Update(&ctx1, final, 16); - - if (i % 3) - MD5_Update(&ctx1, sp, sl); - - if (i % 7) - MD5_Update(&ctx1, pw, strlen(pw)); - - if (i & 1) - MD5_Update(&ctx1, final, 16); - else - MD5_Update(&ctx1, pw, strlen(pw)); - - MD5_Final(final, &ctx1); - } - - l = (final[ 0]<<16) | (final[ 6]<<8) | final[12]; - strlcat(passwd, to64(l, 4), sizeof(passwd)); - l = (final[ 1]<<16) | (final[ 7]<<8) | final[13]; - strlcat(passwd, to64(l, 4), sizeof(passwd)); - l = (final[ 2]<<16) | (final[ 8]<<8) | final[14]; - strlcat(passwd, to64(l, 4), sizeof(passwd)); - l = (final[ 3]<<16) | (final[ 9]<<8) | final[15]; - strlcat(passwd, to64(l, 4), sizeof(passwd)); - l = (final[ 4]<<16) | (final[10]<<8) | final[ 5]; - strlcat(passwd, to64(l, 4), sizeof(passwd)); - l = final[11] ; - strlcat(passwd, to64(l, 2), sizeof(passwd)); - - /* Don't leave anything around in vm they could use. */ - memset(final, 0, sizeof(final)); - memset(salt_copy, 0, sizeof(salt_copy)); - memset(&ctx, 0, sizeof(ctx)); - memset(&ctx1, 0, sizeof(ctx1)); - (void)to64(0, 4); - - return (passwd); -} - -#endif /* defined(HAVE_MD5_PASSWORDS) && !defined(HAVE_MD5_CRYPT) */ diff --git a/md5crypt.h b/md5crypt.h deleted file mode 100644 index 978e579c8..000000000 --- a/md5crypt.h +++ /dev/null @@ -1,22 +0,0 @@ -/* - * ---------------------------------------------------------------------------- - * "THE BEER-WARE LICENSE" (Revision 42): - * wrote this file. As long as you retain this notice you - * can do whatever you want with this stuff. If we meet some day, and you think - * this stuff is worth it, you can buy me a beer in return. Poul-Henning Kamp - * ---------------------------------------------------------------------------- - */ - -#ifndef _MD5CRYPT_H -#define _MD5CRYPT_H - -#include "config.h" - -#if defined(HAVE_MD5_PASSWORDS) && !defined(HAVE_MD5_CRYPT) - -int is_md5_salt(const char *); -char *md5_crypt(const char *, const char *); - -#endif /* defined(HAVE_MD5_PASSWORDS) && !defined(HAVE_MD5_CRYPT) */ - -#endif /* MD5CRYPT_H */ diff --git a/openbsd-compat/xcrypt.c b/openbsd-compat/xcrypt.c index 360b187af..e493dd31f 100644 --- a/openbsd-compat/xcrypt.c +++ b/openbsd-compat/xcrypt.c @@ -54,10 +54,6 @@ # include # endif -# if defined(HAVE_MD5_PASSWORDS) && !defined(HAVE_MD5_CRYPT) -# include "md5crypt.h" -# endif - # if defined(WITH_OPENSSL) && !defined(HAVE_CRYPT) && defined(HAVE_DES_CRYPT) # include # define crypt DES_crypt @@ -108,12 +104,7 @@ xcrypt(const char *password, const char *salt) if (salt == NULL) salt = pick_salt(); -# ifdef HAVE_MD5_PASSWORDS - if (is_md5_salt(salt)) - crypted = md5_crypt(password, salt); - else - crypted = crypt(password, salt); -# elif defined(__hpux) && !defined(HAVE_SECUREWARE) +#if defined(__hpux) && !defined(HAVE_SECUREWARE) if (iscomsec()) crypted = bigcrypt(password, salt); else @@ -122,7 +113,7 @@ xcrypt(const char *password, const char *salt) crypted = bigcrypt(password, salt); # else crypted = crypt(password, salt); -# endif +#endif return crypted; }