From 04b9d67f1af54a733090f034636f37e1234b084a Mon Sep 17 00:00:00 2001
From: tedu <tedu@openbsd.org>
Date: Wed, 24 Dec 2014 22:04:26 +0000
Subject: [PATCH] simplify. bcrypt only support and use newer libc APIs. no
 makekey emul. ok deraadt schwarze is a little sad to see the last 1/8 shared
 man page go, but we have a support program in place, called the attic.

---
 usr.bin/encrypt/Makefile  | 12 +-----
 usr.bin/encrypt/encrypt.1 | 30 ++------------
 usr.bin/encrypt/encrypt.c | 82 ++++++++-------------------------------
 3 files changed, 22 insertions(+), 102 deletions(-)

diff --git a/usr.bin/encrypt/Makefile b/usr.bin/encrypt/Makefile
index 870ce900274..fdb03721fcd 100644
--- a/usr.bin/encrypt/Makefile
+++ b/usr.bin/encrypt/Makefile
@@ -1,17 +1,9 @@
-#	$OpenBSD: Makefile,v 1.7 2002/06/27 19:56:03 art Exp $
+#	$OpenBSD: Makefile,v 1.8 2014/12/24 22:04:26 tedu Exp $
 
 # Must be static because the floppies use it through a chroot.
 
 LDSTATIC=	${STATIC}
 PROG=	encrypt
-SRCS= encrypt.c pwd_gensalt.c
-.PATH: ${.CURDIR}/../passwd
-
-LDADD = -lutil
-DPADD= ${LIBUTIL}
-LIBEXEC?=       /usr/libexec
-
-LINKS=	${BINDIR}/encrypt ${LIBEXEC}/makekey
-MLINKS=	encrypt.1 makekey.8
+SRCS= encrypt.c
 
 .include <bsd.prog.mk>
diff --git a/usr.bin/encrypt/encrypt.1 b/usr.bin/encrypt/encrypt.1
index 2197ff01aad..053f6eec613 100644
--- a/usr.bin/encrypt/encrypt.1
+++ b/usr.bin/encrypt/encrypt.1
@@ -1,4 +1,4 @@
-.\"	$OpenBSD: encrypt.1,v 1.24 2014/09/03 07:47:50 giovanni Exp $
+.\"	$OpenBSD: encrypt.1,v 1.25 2014/12/24 22:04:26 tedu Exp $
 .\"
 .\" Copyright (c) 1996, Jason Downs.  All rights reserved.
 .\"
@@ -23,7 +23,7 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: September 3 2014 $
+.Dd $Mdocdate: December 24 2014 $
 .Dt ENCRYPT 1
 .Os
 .Sh NAME
@@ -31,12 +31,9 @@
 .Nd encrypt passwords from the command line or standard input
 .Sh SYNOPSIS
 .Nm encrypt
-.Op Fl k
 .Op Fl b Ar rounds
 .Op Fl c Ar class
 .Op Fl p | Ar string
-.Op Fl s Ar salt
-.Nm makekey
 .Sh DESCRIPTION
 .Nm
 prints the encrypted form of
@@ -44,12 +41,6 @@ prints the encrypted form of
 to the standard output.
 This is mostly useful for encrypting passwords from within scripts.
 .Pp
-When invoked as
-.Nm makekey ,
-a single combined key and salt are read from standard
-input and the DES encrypted result is written to standard output without a
-terminating newline.
-.Pp
 The options are as follows:
 .Bl -tag -width Ds
 .It Fl b Ar rounds
@@ -62,23 +53,15 @@ Use the cipher type specified in the given user login class.
 See
 .Xr login.conf 5
 for more information.
-.It Fl k
-Run in
-.Nm makekey
-compatible mode.
 .It Fl p
 Prompt for a single string with echo turned off.
-.It Fl s Ar salt
-Encrypt the string using DES, with the specified
-.Ar salt .
 .El
 .Pp
 If no
 .Ar string
 is specified,
 .Nm
-reads one string per line from standard input, encrypting each one
-with the chosen algorithm from above.
+reads one string per line from standard input, encrypting each one.
 In the case where no specific algorithm or specific user login class was given
 as a command line option, the algorithm specified in the default class in
 .Pa /etc/login.conf
@@ -96,14 +79,9 @@ standard input is more secure.
 .It Pa /etc/login.conf
 .El
 .Sh SEE ALSO
-.Xr crypt 3 ,
+.Xr crypt_newhash 3 ,
 .Xr login.conf 5
 .Sh HISTORY
 .Nm
 first appeared in
 .Ox 1.2 .
-.Pp
-A
-.Nm makekey
-command appeared in
-.At v7 .
diff --git a/usr.bin/encrypt/encrypt.c b/usr.bin/encrypt/encrypt.c
index 800d190166e..0f302b5706b 100644
--- a/usr.bin/encrypt/encrypt.c
+++ b/usr.bin/encrypt/encrypt.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: encrypt.c,v 1.33 2014/11/03 16:47:55 tedu Exp $	*/
+/*	$OpenBSD: encrypt.c,v 1.34 2014/12/24 22:04:26 tedu Exp $	*/
 
 /*
  * Copyright (c) 1996, Jason Downs.  All rights reserved.
@@ -42,23 +42,20 @@
  * line.  Useful for scripts and such.
  */
 
-#define DO_MAKEKEY 0
-#define DO_DES     1
-#define DO_BLF     2
-
 extern char *__progname;
-char buffer[_PASSWORD_LEN];
 
 void	usage(void);
 int	ideal_rounds(void);
 void	print_passwd(char *, int, void *);
 
+#define DO_BLF		0
+
 void
 usage(void)
 {
 
 	(void)fprintf(stderr,
-	    "usage: %s [-k] [-b rounds] [-c class] [-p | string] [-s salt]\n",
+	    "usage: %s [-b rounds] [-c class] [-p | string]\n",
 	    __progname);
 	exit(1);
 }
@@ -100,49 +97,27 @@ ideal_rounds(void)
 void
 print_passwd(char *string, int operation, void *extra)
 {
-	char msalt[3], *salt, *cryptstr;
-	login_cap_t *lc;
-	int pwd_gensalt(char *, int, login_cap_t *, char);
-	void to64(char *, u_int32_t, int n);
+	char buffer[_PASSWORD_LEN];
 
 	if (operation == DO_BLF) {
-		if (bcrypt_newhash(string, *(int *)extra, buffer,
-		    sizeof(buffer)) != 0)
+		int rounds = *(int *)extra;
+		if (bcrypt_newhash(string, rounds, buffer, sizeof(buffer)) != 0)
 			errx(1, "bcrypt newhash failed");
 		fputs(buffer, stdout);
 		return;
-	}
-
-	switch(operation) {
-	case DO_MAKEKEY:
-		/*
-		 * makekey mode: parse string into separate DES key and salt.
-		 */
-		if (strlen(string) != 10) {
-			/* To be compatible... */
-			errx(1, "%s", strerror(EFTYPE));
-		}
-		strlcpy(msalt, &string[8], sizeof msalt);
-		salt = msalt;
-		break;
-
-	case DO_DES:
-		salt = extra;
-		break;
+	} else {
+		login_cap_t *lc;
+		const char *pref;
 
-	default:
 		if ((lc = login_getclass(extra)) == NULL)
 			errx(1, "unable to get login class `%s'",
 			    extra ? (char *)extra : "default");
-		if (!pwd_gensalt(buffer, _PASSWORD_LEN, lc, 'l'))
-			errx(1, "can't generate salt");
-		salt = buffer;
-		break;
+		pref = login_getcapstr(lc, "localcipher", NULL, NULL);
+		if (crypt_newhash(string, pref, buffer, sizeof(buffer)) != 0)
+			errx(1, "can't generate hash");
 	}
 
-	if ((cryptstr = crypt(string, salt)) == NULL)
-		errx(1, "crypt failed");
-	fputs(cryptstr, stdout);
+	fputs(buffer, stdout);
 }
 
 int
@@ -155,30 +130,11 @@ main(int argc, char **argv)
 	void *extra = NULL;		/* Store salt or number of rounds */
 	const char *errstr;
 
-	if (strcmp(__progname, "makekey") == 0)
-		operation = DO_MAKEKEY;
-
-	while ((opt = getopt(argc, argv, "kps:b:c:")) != -1) {
+	while ((opt = getopt(argc, argv, "pb:c:")) != -1) {
 		switch (opt) {
-		case 'k':                       /* Stdin/Stdout Unix crypt */
-			if (operation != -1 || prompt)
-				usage();
-			operation = DO_MAKEKEY;
-			break;
-
 		case 'p':
-			if (operation == DO_MAKEKEY)
-				usage();
 			prompt = 1;
 			break;
-
-		case 's':                       /* Unix crypt (DES) */
-			if (operation != -1 || optarg[0] == '$')
-				usage();
-			operation = DO_DES;
-			extra = optarg;
-			break;
-
 		case 'b':                       /* Blowfish password hash */
 			if (operation != -1)
 				usage();
@@ -191,18 +147,16 @@ main(int argc, char **argv)
 				errx(1, "%s: %s", errstr, optarg);
 			extra = &rounds;
 			break;
-
 		case 'c':                       /* user login class */
 			extra = optarg;
 			operation = -1;
 			break;
-
 		default:
 			usage();
 		}
 	}
 
-	if (((argc - optind) < 1) || operation == DO_MAKEKEY) {
+	if (((argc - optind) < 1)) {
 		char line[BUFSIZ], *string;
 
 		if (prompt) {
@@ -223,10 +177,6 @@ main(int argc, char **argv)
 
 				print_passwd(line, operation, extra);
 
-				if (operation == DO_MAKEKEY) {
-					fflush(stdout);
-					break;
-				}
 				(void)fputc('\n', stdout);
 			}
 		}
-- 
2.20.1