From aacddaf626bd85461ecd9c3350e996029c328af0 Mon Sep 17 00:00:00 2001 From: awolk Date: Wed, 7 Jun 2017 09:11:52 +0000 Subject: [PATCH] htpasswd: use crypt_newhash instead of the bcrypt API man bcrypt states: These functions are deprecated in favor of crypt_checkpass(3) and crypt_newhash(3). hence with this change we move htpasswd to the new API, while here also change the rounds from a hardcoded 8 to automatic selection based on system performance. OK florian@ --- usr.bin/htpasswd/htpasswd.c | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/usr.bin/htpasswd/htpasswd.c b/usr.bin/htpasswd/htpasswd.c index 73683302343..e5c95dfcaad 100644 --- a/usr.bin/htpasswd/htpasswd.c +++ b/usr.bin/htpasswd/htpasswd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: htpasswd.c,v 1.15 2015/11/05 20:07:15 florian Exp $ */ +/* $OpenBSD: htpasswd.c,v 1.16 2017/06/07 09:11:52 awolk Exp $ */ /* * Copyright (c) 2014 Florian Obser * @@ -47,7 +47,7 @@ int nagcount; int main(int argc, char** argv) { - char salt[_PASSWORD_LEN], tmpl[sizeof("/tmp/htpasswd-XXXXXXXXXX")]; + char tmpl[sizeof("/tmp/htpasswd-XXXXXXXXXX")]; char hash[_PASSWORD_LEN], pass[1024], pass2[1024]; char *line = NULL, *login = NULL, *tok; int c, fd, loginlen, batch = 0; @@ -133,10 +133,8 @@ main(int argc, char** argv) explicit_bzero(pass2, sizeof(pass2)); } - if (strlcpy(salt, bcrypt_gensalt(8), sizeof(salt)) >= sizeof(salt)) - errx(1, "salt too long"); - if (strlcpy(hash, bcrypt(pass, salt), sizeof(hash)) >= sizeof(hash)) - errx(1, "hash too long"); + if (crypt_newhash(pass, "bcrypt,a", hash, sizeof(hash)) != 0) + err(1, "can't generate hash"); explicit_bzero(pass, sizeof(pass)); if (file == NULL) -- 2.20.1