Commit Graph

150 Commits

Author SHA1 Message Date
Dag-Erling Smørgrav
e401beb723 Switch the hardcoded default hash function from MD5 / DES to SHA512. 2014-02-15 10:53:44 +00:00
Rui Paulo
e2197f8018 Set up the /usr/tests hierarchy.
Populate /usr/tests with the only test programs that currently live
in the tree (those in lib/libcrypt/tests/) and add all the build
machinery to accompany this change.

In particular:

- Add a WITHOUT_TESTS variable that users can define to request that
  no tests be put in /usr/tests.
- Add a top-level Kyuafile for /usr/tests and a way to create similar
  Kyuafiles in top-level subdirectories.
- Add a BSD.tests.dist file to define the directory layout of
  /usr/tests.

Submitted by:	Julio Merino jmmv google.com
Reviewed by:	sjg
MFC after:	2 weeks
2013-10-25 05:25:19 +00:00
Rui Paulo
d4a14c8563 Clearly split the logic to build ATF and plain tests apart.
This change introduces a new plain.test.mk file that provides the build
infrastructure to build test programs that don't use any framework.
Most of the code previously in bsd.test.mk moves to plain.test.mk and
atf.test.mk is extended with the missing pieces.

In doing so, this change pushes all test program building logic to the
various *.test.mk files instead of trying to reuse some tiny bits.
In fact, this attempt to reuse some definitions makes the code harder
to read and harder to extend.

The clear benefit of this is that the interface of bsd.test.mk is now
clearly delimited.

Submitted by:	Julio Merino jmmv google.com
MFC after:	2 weeks
2013-10-19 06:48:49 +00:00
Rui Paulo
ec0e2ac611 Remove most of the ATF tools and the _atf user.
This is necessary because ATF is deprecated and it will be replaced by Kyua.

Submitted by:	jmmv@netbsd.org
Reviewed by:	Garrett Cooper
Approved by:	re
2013-10-12 06:06:53 +00:00
Simon J. Gerraty
12d4083451 Fix building of crypt_tests 2013-06-25 05:05:10 +00:00
Simon J. Gerraty
7cf3a1c6b2 Updated dependencies 2013-03-11 17:21:52 +00:00
Simon J. Gerraty
f5f7c05209 Updated dependencies 2013-02-16 01:23:54 +00:00
David E. O'Brien
d9a447559b Sync with HEAD. 2013-02-08 16:10:16 +00:00
Simon J. Gerraty
62b43b7f0d Simple unit-tests for libcrypt, to show how easy it is.
Approved by:	marcel (mentor)
2012-11-07 22:03:59 +00:00
Simon J. Gerraty
23090366f7 Sync from head 2012-11-04 02:52:03 +00:00
Marcel Moolenaar
7750ad47a9 Sync FreeBSD's bmake branch with Juniper's internal bmake branch.
Requested by: Simon Gerraty <sjg@juniper.net>
2012-08-22 19:25:57 +00:00
Dag-Erling Smørgrav
a0ee974f0b Stop using auth_getval() now that it always returns NULL. Instead,
hardcode the default to what it would be if we didn't hardcode it,
i.e. DES if supported and MD5 otherwise.

MFC after:	3 weeks
2012-06-12 17:14:19 +00:00
Joel Dahl
9ee2158b55 mdoc: minor Bl improvements. 2012-06-02 08:47:26 +00:00
Eitan Adler
b54c79e15f Make the item numbers match the crypt magic number
PR:		docs/166497
Submitted by:	Mike Kelly <pioto@pioto.org>
Approved by:	cperciva
MFC after:	1 week
2012-04-11 14:12:28 +00:00
Joel Dahl
41949a1ed5 Remove superfluous paragraph macro. 2012-03-25 12:13:24 +00:00
David E. O'Brien
ad45dd4174 s/shaN_crypt/crypt_shaN/g to be a more consistent with the existing naming.
Reviewed by:	markm
2011-05-05 01:09:42 +00:00
David E. O'Brien
ce8679e47d Protect the reachover built symbols after the SHA256/512 crypt(3) addition. 2011-04-27 21:33:56 +00:00
Mark Murray
a5c28e29e2 Document SHA256/512 modes.
MFC after:	1 month
2011-04-09 14:09:46 +00:00
Mark Murray
3d6f63c046 Add SHA256/512 ($5$ and $6$) to crypt(3). Used in linux-world, doesn't
hurt us.

PR:		misc/124164
Submitted by:	KIMURA Yasuhiro < yasu utahime org >
MFC after:	1 month
2011-04-09 14:02:04 +00:00
Ed Schouten
daaf575910 Build lib/ with WARNS=6 by default.
Similar to libexec/, do the same with lib/. Make WARNS=6 the norm and
lower it when needed.

I'm setting WARNS?=0 for secure/. It seems secure/ includes the
Makefile.inc provided by lib/. I'm not going to touch that directory.
Most of the code there is contributed anyway.
2010-01-02 09:58:07 +00:00
Ken Smith
3ca3047aee Bump the version of all non-symbol-versioned shared libraries in
preparation for 8.0-RELEASE.  Add the previous version of those
libraries to ObsoleteFiles.inc and bump __FreeBSD_Version.

Reviewed by:    kib
Approved by:    re (rwatson)
2009-07-19 17:25:24 +00:00
Daniel Eischen
419ecd5dee Bump library versions in preparation for 7.0.
Ok'd by:	kan
2007-05-21 02:49:08 +00:00
Ceri Davies
adde36d27a cipher(3) is gone.
MFC after:	3 days
2007-04-04 14:04:55 +00:00
Ruslan Ermilov
fcaa466865 Provide alternate default for SHLIBDIR before bsd.own.mk does this.
Reported by:	phk
2006-03-18 11:01:06 +00:00
Ruslan Ermilov
e1fe3dba5c Reimplementation of world/kernel build options. For details, see:
http://lists.freebsd.org/pipermail/freebsd-current/2006-March/061725.html

The src.conf(5) manpage is to follow in a few days.

Brought to you by:	imp, jhb, kris, phk, ru (all bugs are mine)
2006-03-17 18:54:44 +00:00
Ken Smith
a84020c2b9 Bump the shared library version number of all libraries that have not
been bumped since RELENG_5.

Reviewed by:	ru
Approved by:	re (not needed for commit check but in principle...)
2005-07-22 17:19:05 +00:00
Ruslan Ermilov
6b806d21d1 Fixed the misplaced $FreeBSD$. 2005-02-09 18:07:17 +00:00
Ruslan Ermilov
24a0682c64 Sort sections. 2005-01-20 09:17:07 +00:00
Ruslan Ermilov
a216173556 NOCRYPT -> NO_CRYPT 2004-12-21 10:16:04 +00:00
Ruslan Ermilov
a35d88931c For variables that are only checked with defined(), don't provide
any fake value.
2004-10-24 15:33:08 +00:00
Ruslan Ermilov
1a0a934547 Mechanically kill hard sentence breaks. 2004-07-02 23:52:20 +00:00
Gordon Tetlow
41d8423f71 Stage 3 of dynamic root support. Make all the libraries needed to run
binaries in /bin and /sbin installed in /lib. Only the versioned files
reside in /lib, the .so symlink continues to live /usr/lib so the
toolchain doesn't need to be modified.
2003-08-17 08:28:46 +00:00
Philippe Charnier
e4f2c10b4c The .Fn function 2003-06-08 10:20:32 +00:00
Mark Murray
d8e82636a4 Tidy the code up a fraction. Re-release with a 2-clause BSD license
with the kind permission of the author/copyright holder.

Thanks to:	phk
2003-06-02 21:43:14 +00:00
Mark Murray
bf513f6958 Add a new hash type. This "NT-hash" is compatible with the password
hashing scheme used in Microsoft's NT machines. IT IS NOT SECURE!
DON'T USE IT! This is for the use of competent sysadmins only!

Submitted by:	Michael Bretterklieber
2003-06-02 19:29:27 +00:00
Dag-Erling Smørgrav
7691f66abf Retire the useless NOSECURE knob.
Approved by:	re (scottl)
2003-05-19 15:52:01 +00:00
Jens Schweikhardt
57bd0fc6e8 english(4) police. 2002-12-27 12:15:40 +00:00
Tom Rhodes
96f68db50b crypt(3) incorrectly documents md5 salt, fixed.
PR:	36782
No objections from:	ru
MFC after:	3 days
2002-04-09 22:32:59 +00:00
Poul-Henning Kamp
fe681e1955 Fix grammer in comment.
Submitted by:	Engin Gunduz <engin@ripe.net>
2002-03-25 15:55:36 +00:00
Poul-Henning Kamp
adf75add2d Modernize my email-address. 2002-03-25 13:48:53 +00:00
Mark Murray
bbf177c2a9 Darn. There is (now was) a signed/unsigned issue that resulted in a
very long loop.

Reported by:	nnd@mail.nsk.ru (Nickolay Dudorov)
2002-03-07 10:41:11 +00:00
Mark Murray
f2ac424af7 No functional change, but big code cleanup. WARNS, lint(1) and style(9). 2002-03-06 17:18:09 +00:00
Ruslan Ermilov
3ea75eb1a1 s/crypt_format/crypt_default/ to match reality.
PR:		docs/32787
Spotted by:	Pete Carah <pete@altadena.net>
2001-12-13 08:05:32 +00:00
Ruslan Ermilov
32eef9aeb1 mdoc(7) police: Use the new .In macro for #include statements. 2001-10-01 16:09:29 +00:00
Matthew Dillon
e67f5b9fca Implement __FBSDID() 2001-09-16 21:35:07 +00:00
Mark Murray
b30a6aedc2 Remove out-of-date "cannot be exported from USA" notice. 2001-08-15 20:25:16 +00:00
Ruslan Ermilov
8af1452cf8 Removed duplicate VCS ID tags, as per style(9). 2001-08-13 14:06:34 +00:00
Dima Dorfman
7ebcc426ef Remove whitespace at EOL. 2001-07-15 07:53:42 +00:00
Ruslan Ermilov
eb89426722 mdoc(7) police: removed punctuation after the last SEE ALSO xref. 2001-07-10 18:00:19 +00:00
Ruslan Ermilov
a307d59838 mdoc(7) police: removed HISTORY info from the .Os call. 2001-07-10 13:41:46 +00:00
Dima Dorfman
70d51341bf mdoc(7) police: remove extraneous .Pp before and/or after .Sh. 2001-07-09 09:54:33 +00:00
Dima Dorfman
a910f192bb Remove duplicate words. 2001-06-24 01:34:38 +00:00
Ruslan Ermilov
4a558355e5 MAN[1-9] -> MAN. 2001-03-27 17:27:19 +00:00
Peter Wemm
db5882e725 Help standalone builds by getting libutil.h from src/lib/libutil 2001-03-21 22:54:59 +00:00
Ruslan Ermilov
067f2c3fb2 mdoc(7) police: ``It'' macro does not take argument in -enum lists.
(In -mdocNG, this only causes warning.  In current implementation,
it is fatal.)

Pointy hat to:	markm (for not checking stderr)
2001-03-16 12:06:26 +00:00
Mark Murray
5c1296168b Add OpenBSD-style blowfish password hashing. This makes one less
gratuitous difference between us and our sister project.

This was given to me _ages_ ago. May apologies to Paul for the length
of time its taken me to commit.

Obtained from:	Niels Provos <provos@physnet.uni-hamburg.de>/OpenBSD
Submitted by:	Paul Herman <pherman@frenchfries.net>
2001-03-11 16:05:43 +00:00
Ruslan Ermilov
4263595653 Prepare for mdoc(7)NG. 2000-12-29 14:08:20 +00:00
Peter Wemm
88b471a108 Reflect rev 1.18 in crypt.c. Note that this section is somewhat
mangled and could do with some word-smithing.
2000-12-28 11:56:45 +00:00
Peter Wemm
65c10f6d33 Hindsight is wonderful, but I got cold feet over the crypt(3) default
so I am backing it out for now.  The problem is that some random program
calling crypt() could be passing a DES salt and the crypt(3) library
would encrypt it in md5 mode and there would be a password mismatch as a
result.  I wrote a validater function for the DES code to verify that
a salt is valid for DES, but I realized there were too many strange things
to go wrong.  passwd(1), pw(8) etc still generate md5 passwords by default
for /etc/master.passwd, so this is almost academic.  It is a big deal for
things that have their own crypt(3)-ed password strings (.htaccess,
etc etc).  Those are the things I do not want to break.

My DES salt recognizer basically checked if the salt was either 2 or
13 characters long, or began with '_' (_PASSWORD_EFMT1).  I think it
would have worked but I have seen way too much crypt() mishandling
in the past.
2000-12-28 11:23:01 +00:00
Peter Wemm
9886bcdf93 Merge into a single US-exportable libcrypt, which only provides
one-way hash functions for authentication purposes.  There is no more
"set the libcrypt->libXXXcrypt" nightmare.
- Undo the libmd.so hack, use -D to hide the md5c.c internals.
- Remove the symlink hacks in release/Makefile
- the algorthm is set by set_crypt_format() as before.  If this is
  not called, it tries to heuristically figure out the hash format, and
  if all else fails, it uses the optional auth.conf entry to chose the
  overall default hash.
- Since source has non-hidden crypto in it there may be some issues with
  having the source it in some countries, so preserve the "secure/*"
  division.  You can still build a des-free libcrypt library if you want
  to badly enough.  This should not be a problem in the US or exporting
  from the US as freebsd.org had notified BXA some time ago.  That makes
  this stuff re-exportable by anyone.
- For consistancy, the default in absence of any other clues is md5.  This
  is to try and minimize POLA across buildworld where folk may suddenly
  be activating des-crypt()-hash support.  Since the des hash may not
  always be present, it seemed sensible to make the stronger md5 algorithm
  the default.
All things being equal, no functionality is lost.

Reviewed-by: jkh

(flame-proof suit on)
2000-12-28 10:32:02 +00:00
Ruslan Ermilov
725ab6287f log 2000-11-22 09:23:54 +00:00
Brian Feldman
da140a0594 Still have to support libscrypt for now :( Add #defines to take DES
out for it.
2000-08-24 17:51:16 +00:00
Brian Feldman
3a1030f458 How did you sneak in... 2000-08-22 02:17:54 +00:00
Brian Feldman
04c9749ff0 Add working and easy crypt(3)-switching. Yes, we need a whole new API
for crypt(3) by now.  In any case:

Add crypt_set_format(3) + documentation to -lcrypt.
Add login_setcryptfmt(3) + documentation to -lutil.
Support for switching crypt formats in passwd(8).
Support for switching crypt formats in pw(8).

The simple synopsis is:
edit login.conf; add a passwd_format field set to "des" or "md5"; go nuts :)

Reviewed by:	peter
2000-08-22 02:15:54 +00:00
Kris Kennaway
f32b130012 Oops, remove vestigial reference to SHS passwords. 2000-04-22 20:43:21 +00:00
Alexey Zelkin
f45f23ddb4 Introduce .Lb macro to libcrypt manpage.
Make it more mdoc(7) compliant:
. use .Tn for DES, MD5 andSHS.
. Replace double quotes with .Dq macro
. use An/Aq scheme for listing authors
2000-04-22 15:56:59 +00:00
Mark Murray
0058720184 A bunch of factual corrections. 2000-01-18 18:23:28 +00:00
Bruce Evans
f92c744fd8 Fixed missing include in synopsis. 2000-01-13 10:21:25 +00:00
Kris Kennaway
0ade301d10 Zap SHA1 password support. This will be re-implemented at a later date. 2000-01-07 06:33:54 +00:00
Bruce Evans
d3f0d184db Fixed a formatting error in the prototype for crypt(). 1999-12-23 16:53:18 +00:00
Peter Wemm
e67c7c99ef Make a dlopen failure consistant with dlsym(). "Shouldn't happen." 1999-12-17 20:21:45 +00:00
Peter Wemm
9c8fbe31e5 patch glitch 1999-12-17 20:19:28 +00:00
Peter Wemm
1f4aad4d1c Remove -lmd. Use dlopen() and dlsym() instead for calls to the MD5* and
SHA* routines so that callers of libcrypt are not exposed to the internal
implementation.
1999-12-17 20:04:01 +00:00
Mark Murray
3ab9676ab3 Never return NULL, always return a hash.
Submitted by:	dt
1999-09-22 06:53:08 +00:00
Dmitrij Tejblum
462da152d2 Someone changed major numbers of the libraries from 2 to 3 for 0 (zero) reasons.
Revert the major number back to 2.

libcrypt only export one function, before the recent changes and now:
char *crypt(const char *key, const char *salt);
The prototype didn't changed. Internal representation of `char' and `char *'
didn't changed. Therefore, there is no reason to change the version number.
1999-09-21 17:52:05 +00:00
Peter Wemm
6b0e02e513 Somebody deleted the SONAME override causing the symlink to be expanded
at link time and the target name compiled into the binaries.  ie:
everything used libscrypt or libdescrypt explicitly.
1999-09-21 14:44:27 +00:00
Mark Murray
e9a56ad5ca Big code cleanup. (Inspired by Brandon Gillespie). Also move as
much as possible away from secure/ to make extending easier.
1999-09-20 12:45:49 +00:00
Peter Wemm
a1a4f1a0d8 $Header$ -> $FreeBSD$ 1999-08-28 05:11:36 +00:00
Peter Wemm
7f3dea244c $Id$ -> $FreeBSD$ 1999-08-28 00:22:10 +00:00
Bruce Evans
3c697e0a62 Simplified using new SYMLINKS macro, mainly to test this macro. The
ifdefs are too ugly for this to be much of a simplification.  The
existence tests are even uglier now.  Note that the previous commit
was not submitted by me.  It missed the point and just added a second
layer of unused removals.

Fixed hard-coded "libcrypt"s.  The LCRYPTBASE macro mainly makes
things hard to read, but use it while we have it.
1999-03-23 03:41:09 +00:00
Mark Murray
1b340441b7 Fix symlinking. Without the -f "force" option, the wrong version
can be found.
Submitted by:   Bruce
1999-01-24 07:51:33 +00:00
Mark Murray
4fdd3d5417 The new crypt code broke "make world". Back it out. 1999-01-23 08:27:46 +00:00
Brandon Gillespie
6bf154696d Moved from the old secure/lib/libcrypt area, because of the rewrite to how
the Makefile handles des support by just including the single .c file.

Reviewed by:	Mark Murray
1999-01-21 13:51:04 +00:00
Brandon Gillespie
da5c7089a3 Rewrite of crypt library to be more modular, and addition of the
Secure Hashing Algorithm - 1 (SHA-1), along with the further
refinement of what $x$salt$hash means.  With this new crypt the
following are all acceptable:

    $1$
    $MD5$
    $SHA1$

Note: $2$ is used by OpenBSD's Blowfish, which I considered adding
as $BF$, but there is no actual need for it with SHA-1.  However,
somebody wishing to add OpenBSD password support could easilly add
it in now.

There is also a malloc_crypt() available in the library now, which
behaves exactly the same as crypt(), but it uses a malloced buffer
instead of a static buffer.  However, this is not standard so will
likely not be used much (at all).

Also, for those interested I did a brief speed test Pentium 166/MMX,
which shows the DES crypt to do approximately 2640 crypts a CPU second,
MD5 to do about 62 crypts a CPU second and SHA1 to do about 18 crypts
a CPU second.

Reviewed by:	Mark Murray
1999-01-21 13:50:09 +00:00
Bruce Evans
cb997c9220 Fixed the elf case of the creation of the libcrypt.so -> libscrypt->so
link.  Shared libraries are in ${SHLIBDIR}, not necessarily in ${LIBDIR}.
1998-09-02 15:09:15 +00:00
John Birrell
839de40e6e BINFORMAT -> OBJFORMAT ready for E-day. 1998-08-30 02:52:04 +00:00
John Birrell
8deb7ff0b0 BINFORMAT -> OBJFORMAT ready for E-day. 1998-08-30 01:57:55 +00:00
Peter Wemm
c4a04f5540 Turn on the rcsid storage so that it's easier to tell the difference
between libscrypt.a and libdescrypt.a
1998-05-28 12:52:03 +00:00
Peter Wemm
a9c87f32ee When compiling under elf, use correct library naming conventions. Also
add the required extra symlink.  Set the -soname to libcrypt.so so that
the symlink is used at runtime rather than resolved at compile time.
1997-09-05 12:12:35 +00:00
Peter Wemm
7e546392b5 Revert $FreeBSD$ to $Id$ 1997-02-22 15:12:41 +00:00
Jordan K. Hubbard
1130b656e5 Make the long-awaited change from $Id$ to $FreeBSD$
This will make a number of things easier in the future, as well as (finally!)
avoiding the Id-smashing problem which has plagued developers for so long.

Boy, I'm glad we're not using sup anymore.  This update would have been
insane otherwise.
1997-01-14 07:20:47 +00:00
Poul-Henning Kamp
139107f0ff A couple of minor nits.
Submitted by:	Craig Leres <leres@ee.lbl.gov>
Submitted by:	Theo Deraadt <deraadt@theos.com>
1996-10-14 08:34:02 +00:00
Jordan K. Hubbard
51295a4d3e General -Wall warning cleanup, part I.
Submitted-By: Kent Vander Velden <graphix@iastate.edu>
1996-07-12 18:57:58 +00:00
Rodney W. Grimes
6c06b4e2aa Remove trailing whitespace. 1995-05-30 05:51:47 +00:00
Bruce Evans
643c00317e Install shared libraries in ${DESTDIR}${SHLIBDIR} instead of in
$(DESTDIR)/$(LIBDIR) (I need SHLIBDIR.  The / was a bug and the
$(...) style was inconsistent.)

Install ordinary libraries in ${DESTDIR}${LIBDIR} instead of in
$(DESTDIR)/$(LIBDIR).

Change remaining $(...) to ${...}.
1994-11-14 06:44:45 +00:00
Poul-Henning Kamp
3b2b7f71de *** ATTENTION *** YOU MIGHT BE ABOUT TO BE HOSED *** ATTENTION ***
This effectively changes the non-DES password algoritm.

If you have the "securedist" installed you will have no problems with this.
(Though you might want to consider using this password-encryption instead
of the DES-based if your system is likely to be hacked)

If you are running a -current system without the "securedist" installed:
YOU WILL NEED TO CHANGE ALL PASSWORDS !!    There is no backwards mode.

Suggested procedure is:
	Update your sources
	cd /usr/src/lib/libcrypt
	make clean
	make all
	make install
	passwd root
		<set roots new password>
	change password for any other users on the system.

This algorithm is expected to be much better than the traditional DES-
based algorithm.  It uses the MD5 algorithm at what it is best at, as
opposed to the DES algorithm at something it isn't good at at all.  The
algorithm is designed such that it should very hard to shortcut the
calculations needed to build a dictionary, and to make partial knowledge
(Hmm, his password starts with a 'P'...) useless.  Of course if somebody
breaks the MD5 algorithm this looses too.

The salt is 48 bits (8 char @ base64).
The encrypted password is 128 bits.

And I am positively delighted to say that it takes 34 msec to crypt() a
password on a Pentium/60Mhz, so building a dictionary is not really an
option for hackers at the moment.
1994-11-07 21:07:09 +00:00
Geoff Rehmet
c8023944f8 Fix afterinstall rule for generating links to the real libcrypt
Submitted by:	geoff
1994-08-20 18:13:59 +00:00
Geoff Rehmet
a54d939519 Fix afterinstall rule for NOSHARED case
Submitted by:	Geoff Rehmet
1994-08-12 21:12:37 +00:00
Geoff Rehmet
f5db7b1cf9 The password scrambler now becomes libscrypt, and libcrypt is
a symlink to it. (The real libcrypt will be installed as libdescrypt.)
Submitted by:	Geoff.
1994-08-09 18:49:04 +00:00
Geoff Rehmet
0e27b8d587 Nates password scrambler, from FreebSD 1.1.5, but with everything except
crypt() ripped out
Reviewed by:	Geoff Rehmet
Submitted by:	Nate Williams
1994-08-09 17:07:27 +00:00