Commit Graph

41 Commits

Author SHA1 Message Date
Xin LI
a6c0c82406 Chase r261913: hardcoded default crypt(3) algorithm is SHA-512 when DES
is not available.

Submitted by:	Ali Mashtizadeh <ali mashtizadeh.com>
MFC after:	3 days
2019-05-27 06:37:23 +00:00
Warner Losh
fbbd9655e5 Renumber copyright clause 4
Renumber cluase 4 to 3, per what everybody else did when BSD granted
them permission to remove clause 3. My insistance on keeping the same
numbering for legal reasons is too pedantic, so give up on that point.

Submitted by:	Jan Schaumann <jschauma@stevens.edu>
Pull Request:	https://github.com/freebsd/freebsd/pull/96
2017-02-28 23:42:47 +00:00
Ed Schouten
5f521d7ba7 Make libcrypt thread-safe. Add crypt_r(3).
glibc has a pretty nice function called crypt_r(3), which is nothing
more than crypt(3), but thread-safe. It accomplishes this by introducing
a 'struct crypt_data' structure that contains a buffer that is large
enough to hold the resulting string.

Let's go ahead and also add this function. It would be a shame if a
useful function like this wouldn't be usable in multithreaded apps.
Refactor crypt.c and all of the backends to no longer declare static
arrays, but write their output in a provided buffer.

There is no need to do any buffer length computation here, as we'll just
need to ensure that 'struct crypt_data' is large enough, which it is.
_PASSWORD_LEN is defined to 128 bytes, but in this case I'm picking 256,
as this is going to be part of the actual ABI.

Differential Revision:	https://reviews.freebsd.org/D7306
2016-08-10 15:16:28 +00:00
Baptiste Daroussin
2b7af31cf5 use .Mt to mark up email addresses consistently (part3)
PR:		191174
Submitted by:	Franco Fichtner  <franco at lastsummer.de>
2014-06-23 08:23:05 +00:00
John-Mark Gurney
41f554961d various formating fixes, use NUL for NUL bytes..
drop out dated perf numbers (can't imagine people are still running
Pentium MMX 166's anymore)...

bump date...

drop max length of salt of 8 since _PASSWORD_LEN is now large, 128..
and state the max length of the salt depends upon the module,
sha-{256,512} have a max salt of 16..

recommend 8 characters of salt instead of just 2...

MFC after:	1 week
2014-03-09 07:45:59 +00:00
Dag-Erling Smørgrav
a0ee974f0b Stop using auth_getval() now that it always returns NULL. Instead,
hardcode the default to what it would be if we didn't hardcode it,
i.e. DES if supported and MD5 otherwise.

MFC after:	3 weeks
2012-06-12 17:14:19 +00:00
Joel Dahl
9ee2158b55 mdoc: minor Bl improvements. 2012-06-02 08:47:26 +00:00
Eitan Adler
b54c79e15f Make the item numbers match the crypt magic number
PR:		docs/166497
Submitted by:	Mike Kelly <pioto@pioto.org>
Approved by:	cperciva
MFC after:	1 week
2012-04-11 14:12:28 +00:00
Joel Dahl
41949a1ed5 Remove superfluous paragraph macro. 2012-03-25 12:13:24 +00:00
Mark Murray
a5c28e29e2 Document SHA256/512 modes.
MFC after:	1 month
2011-04-09 14:09:46 +00:00
Ceri Davies
adde36d27a cipher(3) is gone.
MFC after:	3 days
2007-04-04 14:04:55 +00:00
Ruslan Ermilov
6b806d21d1 Fixed the misplaced $FreeBSD$. 2005-02-09 18:07:17 +00:00
Ruslan Ermilov
24a0682c64 Sort sections. 2005-01-20 09:17:07 +00:00
Ruslan Ermilov
1a0a934547 Mechanically kill hard sentence breaks. 2004-07-02 23:52:20 +00:00
Philippe Charnier
e4f2c10b4c The .Fn function 2003-06-08 10:20:32 +00:00
Mark Murray
bf513f6958 Add a new hash type. This "NT-hash" is compatible with the password
hashing scheme used in Microsoft's NT machines. IT IS NOT SECURE!
DON'T USE IT! This is for the use of competent sysadmins only!

Submitted by:	Michael Bretterklieber
2003-06-02 19:29:27 +00:00
Jens Schweikhardt
57bd0fc6e8 english(4) police. 2002-12-27 12:15:40 +00:00
Tom Rhodes
96f68db50b crypt(3) incorrectly documents md5 salt, fixed.
PR:	36782
No objections from:	ru
MFC after:	3 days
2002-04-09 22:32:59 +00:00
Ruslan Ermilov
3ea75eb1a1 s/crypt_format/crypt_default/ to match reality.
PR:		docs/32787
Spotted by:	Pete Carah <pete@altadena.net>
2001-12-13 08:05:32 +00:00
Ruslan Ermilov
32eef9aeb1 mdoc(7) police: Use the new .In macro for #include statements. 2001-10-01 16:09:29 +00:00
Mark Murray
b30a6aedc2 Remove out-of-date "cannot be exported from USA" notice. 2001-08-15 20:25:16 +00:00
Dima Dorfman
7ebcc426ef Remove whitespace at EOL. 2001-07-15 07:53:42 +00:00
Ruslan Ermilov
eb89426722 mdoc(7) police: removed punctuation after the last SEE ALSO xref. 2001-07-10 18:00:19 +00:00
Ruslan Ermilov
a307d59838 mdoc(7) police: removed HISTORY info from the .Os call. 2001-07-10 13:41:46 +00:00
Dima Dorfman
70d51341bf mdoc(7) police: remove extraneous .Pp before and/or after .Sh. 2001-07-09 09:54:33 +00:00
Dima Dorfman
a910f192bb Remove duplicate words. 2001-06-24 01:34:38 +00:00
Ruslan Ermilov
067f2c3fb2 mdoc(7) police: ``It'' macro does not take argument in -enum lists.
(In -mdocNG, this only causes warning.  In current implementation,
it is fatal.)

Pointy hat to:	markm (for not checking stderr)
2001-03-16 12:06:26 +00:00
Mark Murray
5c1296168b Add OpenBSD-style blowfish password hashing. This makes one less
gratuitous difference between us and our sister project.

This was given to me _ages_ ago. May apologies to Paul for the length
of time its taken me to commit.

Obtained from:	Niels Provos <provos@physnet.uni-hamburg.de>/OpenBSD
Submitted by:	Paul Herman <pherman@frenchfries.net>
2001-03-11 16:05:43 +00:00
Ruslan Ermilov
4263595653 Prepare for mdoc(7)NG. 2000-12-29 14:08:20 +00:00
Peter Wemm
88b471a108 Reflect rev 1.18 in crypt.c. Note that this section is somewhat
mangled and could do with some word-smithing.
2000-12-28 11:56:45 +00:00
Peter Wemm
9886bcdf93 Merge into a single US-exportable libcrypt, which only provides
one-way hash functions for authentication purposes.  There is no more
"set the libcrypt->libXXXcrypt" nightmare.
- Undo the libmd.so hack, use -D to hide the md5c.c internals.
- Remove the symlink hacks in release/Makefile
- the algorthm is set by set_crypt_format() as before.  If this is
  not called, it tries to heuristically figure out the hash format, and
  if all else fails, it uses the optional auth.conf entry to chose the
  overall default hash.
- Since source has non-hidden crypto in it there may be some issues with
  having the source it in some countries, so preserve the "secure/*"
  division.  You can still build a des-free libcrypt library if you want
  to badly enough.  This should not be a problem in the US or exporting
  from the US as freebsd.org had notified BXA some time ago.  That makes
  this stuff re-exportable by anyone.
- For consistancy, the default in absence of any other clues is md5.  This
  is to try and minimize POLA across buildworld where folk may suddenly
  be activating des-crypt()-hash support.  Since the des hash may not
  always be present, it seemed sensible to make the stronger md5 algorithm
  the default.
All things being equal, no functionality is lost.

Reviewed-by: jkh

(flame-proof suit on)
2000-12-28 10:32:02 +00:00
Ruslan Ermilov
725ab6287f log 2000-11-22 09:23:54 +00:00
Brian Feldman
04c9749ff0 Add working and easy crypt(3)-switching. Yes, we need a whole new API
for crypt(3) by now.  In any case:

Add crypt_set_format(3) + documentation to -lcrypt.
Add login_setcryptfmt(3) + documentation to -lutil.
Support for switching crypt formats in passwd(8).
Support for switching crypt formats in pw(8).

The simple synopsis is:
edit login.conf; add a passwd_format field set to "des" or "md5"; go nuts :)

Reviewed by:	peter
2000-08-22 02:15:54 +00:00
Kris Kennaway
f32b130012 Oops, remove vestigial reference to SHS passwords. 2000-04-22 20:43:21 +00:00
Alexey Zelkin
f45f23ddb4 Introduce .Lb macro to libcrypt manpage.
Make it more mdoc(7) compliant:
. use .Tn for DES, MD5 andSHS.
. Replace double quotes with .Dq macro
. use An/Aq scheme for listing authors
2000-04-22 15:56:59 +00:00
Mark Murray
0058720184 A bunch of factual corrections. 2000-01-18 18:23:28 +00:00
Bruce Evans
f92c744fd8 Fixed missing include in synopsis. 2000-01-13 10:21:25 +00:00
Bruce Evans
d3f0d184db Fixed a formatting error in the prototype for crypt(). 1999-12-23 16:53:18 +00:00
Mark Murray
e9a56ad5ca Big code cleanup. (Inspired by Brandon Gillespie). Also move as
much as possible away from secure/ to make extending easier.
1999-09-20 12:45:49 +00:00
Mark Murray
4fdd3d5417 The new crypt code broke "make world". Back it out. 1999-01-23 08:27:46 +00:00
Brandon Gillespie
da5c7089a3 Rewrite of crypt library to be more modular, and addition of the
Secure Hashing Algorithm - 1 (SHA-1), along with the further
refinement of what $x$salt$hash means.  With this new crypt the
following are all acceptable:

    $1$
    $MD5$
    $SHA1$

Note: $2$ is used by OpenBSD's Blowfish, which I considered adding
as $BF$, but there is no actual need for it with SHA-1.  However,
somebody wishing to add OpenBSD password support could easilly add
it in now.

There is also a malloc_crypt() available in the library now, which
behaves exactly the same as crypt(), but it uses a malloced buffer
instead of a static buffer.  However, this is not standard so will
likely not be used much (at all).

Also, for those interested I did a brief speed test Pentium 166/MMX,
which shows the DES crypt to do approximately 2640 crypts a CPU second,
MD5 to do about 62 crypts a CPU second and SHA1 to do about 18 crypts
a CPU second.

Reviewed by:	Mark Murray
1999-01-21 13:50:09 +00:00