Commit Graph

44 Commits

Author SHA1 Message Date
Bjoern A. Zeeb
071183ef48 Update the previous openssl fix. [12:01]
Fix a bug in crypt(3) ignoring characters of a passphrase. [12:02]

Security:	FreeBSD-SA-12:01.openssl (revised)
Security:	FreeBSD-SA-12:02.crypt
Approved by:	so (bz, simon)
2012-05-30 12:01:28 +00:00
Kevin Lo
19ab58bfe3 Return NULL on error rather than ":", per the crypt(3) man page.
Discussed in: http://www.openwall.com/lists/oss-security/2011/11/15/3
2012-02-22 01:23:14 +00:00
Mark Murray
c8fa8e25d7 Strip the private blowfish code down to only that which is
required to make crypt(3) blowfish "$2a$..." hashes. Lint and
warnsify.
2003-06-02 19:17:24 +00:00
Mark Murray
f2ac424af7 No functional change, but big code cleanup. WARNS, lint(1) and style(9). 2002-03-06 17:18:09 +00:00
Mike Barcroft
fd8e4ebc8c o Move NTOHL() and associated macros into <sys/param.h>. These are
deprecated in favor of the POSIX-defined lowercase variants.
o Change all occurrences of NTOHL() and associated marcros in the
  source tree to use the lowercase function variants.
o Add missing license bits to sparc64's <machine/endian.h>.
  Approved by: jake
o Clean up <machine/endian.h> files.
o Remove unused __uint16_swap_uint32() from i386's <machine/endian.h>.
o Remove prototypes for non-existent bswapXX() functions.
o Include <machine/endian.h> in <arpa/inet.h> to define the
  POSIX-required ntohl() family of functions.
o Do similar things to expose the ntohl() family in libstand, <netinet/in.h>,
  and <sys/param.h>.
o Prepend underscores to the ntohl() family to help deal with
  complexities associated with having MD (asm and inline) versions, and
  having to prevent exposure of these functions in other headers that
  happen to make use of endian-specific defines.
o Create weak aliases to the canonical function name to help deal with
  third-party software forgetting to include an appropriate header.
o Remove some now unneeded pollution from <sys/types.h>.
o Add missing <arpa/inet.h> includes in userland.

Tested on:	alpha, i386
Reviewed by:	bde, jake, tmm
2002-02-18 20:35:27 +00:00
Peter Wemm
68344a9547 __FBSDID() (second half of src/lib/libcrypt changes) 2001-10-23 10:23:32 +00:00
Mark Murray
5c1296168b Add OpenBSD-style blowfish password hashing. This makes one less
gratuitous difference between us and our sister project.

This was given to me _ages_ ago. May apologies to Paul for the length
of time its taken me to commit.

Obtained from:	Niels Provos <provos@physnet.uni-hamburg.de>/OpenBSD
Submitted by:	Paul Herman <pherman@frenchfries.net>
2001-03-11 16:05:43 +00:00
Peter Wemm
9886bcdf93 Merge into a single US-exportable libcrypt, which only provides
one-way hash functions for authentication purposes.  There is no more
"set the libcrypt->libXXXcrypt" nightmare.
- Undo the libmd.so hack, use -D to hide the md5c.c internals.
- Remove the symlink hacks in release/Makefile
- the algorthm is set by set_crypt_format() as before.  If this is
  not called, it tries to heuristically figure out the hash format, and
  if all else fails, it uses the optional auth.conf entry to chose the
  overall default hash.
- Since source has non-hidden crypto in it there may be some issues with
  having the source it in some countries, so preserve the "secure/*"
  division.  You can still build a des-free libcrypt library if you want
  to badly enough.  This should not be a problem in the US or exporting
  from the US as freebsd.org had notified BXA some time ago.  That makes
  this stuff re-exportable by anyone.
- For consistancy, the default in absence of any other clues is md5.  This
  is to try and minimize POLA across buildworld where folk may suddenly
  be activating des-crypt()-hash support.  Since the des hash may not
  always be present, it seemed sensible to make the stronger md5 algorithm
  the default.
All things being equal, no functionality is lost.

Reviewed-by: jkh

(flame-proof suit on)
2000-12-28 10:32:02 +00:00
Brian Feldman
04c9749ff0 Add working and easy crypt(3)-switching. Yes, we need a whole new API
for crypt(3) by now.  In any case:

Add crypt_set_format(3) + documentation to -lcrypt.
Add login_setcryptfmt(3) + documentation to -lutil.
Support for switching crypt formats in passwd(8).
Support for switching crypt formats in pw(8).

The simple synopsis is:
edit login.conf; add a passwd_format field set to "des" or "md5"; go nuts :)

Reviewed by:	peter
2000-08-22 02:15:54 +00:00
Kris Kennaway
06f13592e1 Add NODESCRYPTLINKS knob to prevent spamming of libcrypt -> libscrypt
symlinks. The name is against my better judgement, but I defer to ancient
tradition here because I'm a nice guy.

Reviewed by:	-current
2000-02-29 05:47:52 +00:00
Kris Kennaway
63f691b33c Really really remove SHA-1 support. 2000-01-09 21:22:48 +00:00
Jordan K. Hubbard
e63a240576 Remove the SHA stuff properly. 2000-01-08 03:01:13 +00:00
Peter Wemm
1a9527eaaa I missed the LDADD/DPADD for -lmd in the secure cases. :-(
Pointed out by: marcel
1999-12-19 16:50:33 +00:00
Mark Murray
e267a66620 Colour me stupid. This is a better way of using the macros. 1999-09-21 22:13:07 +00:00
Mark Murray
af37a7967b Do this the same way as Internat to reduce diffs. 1999-09-21 17:57:09 +00:00
Dmitrij Tejblum
462da152d2 Someone changed major numbers of the libraries from 2 to 3 for 0 (zero) reasons.
Revert the major number back to 2.

libcrypt only export one function, before the recent changes and now:
char *crypt(const char *key, const char *salt);
The prototype didn't changed. Internal representation of `char' and `char *'
didn't changed. Therefore, there is no reason to change the version number.
1999-09-21 17:52:05 +00:00
Peter Wemm
6fd36d7d11 Restore SONAME setting, otherwise libdescrypt.so.3 doesn't end up with
a special SONAME of libcrypt.so.3 and the runtime symlink doesn't work.
1999-09-21 14:47:36 +00:00
Mark Murray
e1e54354b5 Make this completely dependant on the exportable libcrypt, to avoid
duplication of effort. Also a large cleanup of the code, inspired
by Brandon Gillespie.
1999-09-20 12:40:06 +00:00
Peter Wemm
a1a4f1a0d8 $Header$ -> $FreeBSD$ 1999-08-28 05:11:36 +00:00
Peter Wemm
97d92980a9 $Id$ -> $FreeBSD$ 1999-08-28 01:35:59 +00:00
Mike Pritchard
36b3fda178 Various man page cleanup:
- Be consistent with section names as outlined in mdoc(7).
- Other misc mdoc cleanup.
1999-08-15 10:01:15 +00:00
Mark Murray
1b340441b7 Fix symlinking. Without the -f "force" option, the wrong version
can be found.
Submitted by:   Bruce
1999-01-24 07:51:33 +00:00
Mark Murray
945c0b6dde The new crypt code breaks "make world". Back it out. 1999-01-23 08:26:11 +00:00
Brandon Gillespie
5287069da8 Removed from the secure/lib/libcrypt area, because of the rewrite to how
the Makefile handles des support by just including the single .c file.

Reviewed by:	Mark Murray
1999-01-21 13:51:49 +00:00
John Birrell
7dcd8b7c45 BINFORMAT -> OBJFORMAT ready for E-day. Untested 'cause I'm outside
the US and not allowed to see this. I kept my eyes closed. 8-)
1998-08-31 00:35:10 +00:00
Peter Wemm
a99f0e8211 Teach libdescrypt about elf builds. 1997-09-05 12:21:22 +00:00
Peter Wemm
c0ec1f37ef Revert $FreeBSD$ to $Id$ 1997-02-22 14:40:44 +00:00
Jordan K. Hubbard
1130b656e5 Make the long-awaited change from $Id$ to $FreeBSD$
This will make a number of things easier in the future, as well as (finally!)
avoiding the Id-smashing problem which has plagued developers for so long.

Boy, I'm glad we're not using sup anymore.  This update would have been
insane otherwise.
1997-01-14 07:20:47 +00:00
Jordan K. Hubbard
cd9a2f5c28 Bring in my changes for removing the pestilent obj links (unless you
really want them) from /usr/src.  This is the final version of the
patches, incorporating the feedback I've received from -current.
1996-06-24 04:26:21 +00:00
Mark Murray
c5cdf2c7f4 Split libcrypt and libcipher man pages. 1996-04-13 08:18:24 +00:00
Jordan K. Hubbard
1c934dae3e Add back missing crypt.3 man page. 1996-02-21 08:15:08 +00:00
Mark Murray
96e718fe29 Dual personality crypt(3). This crypt will choose its encryption algorithm
(DES or MD5) based on the type of salt used. Salt beginning with "$1$"
indicates MD5.
1995-12-16 09:14:12 +00:00
Rodney W. Grimes
5ebc7e6281 Remove trailing whitespace. 1995-05-30 06:12:45 +00:00
Geoff Rehmet
49de41577e More elegant fix for short settings.
(Our existing fixes already plugged the security holes involved.)
Submitted by:	Geoff Rehmet after consultation with David Burren
1994-09-19 19:26:39 +00:00
Paul Traina
bf8f9d53f6 Back out static hacks & build of usr.bin until Geoff informs the
world of his master plan.

Submitted by:	pst
1994-09-07 07:47:08 +00:00
Paul Traina
21b4fe120d Remove static in front of declarations for des_setkey and des_cipher
so that linking against -lcrypt (-ldescrypt) will give us the good
versions instead of the stubs in libc.  (These changes need to be
made to the non-US version of libdescrypt too!)

Allow building and support for bdes program.
A bit more work still needs to be done on secure telnet.

Submitted by:	pst
1994-09-07 07:16:52 +00:00
Garrett Wollman
ef17cd2157 Hopefully fix bogus permissions. 1994-08-26 23:31:11 +00:00
Garrett Wollman
52780bc5c4 Install libdescrypt.so immutable. 1994-08-26 19:03:23 +00:00
Geoff Rehmet
db5408c498 Fix afterinstall rule for generating links to the real libcrypt
Submitted by:	Geoff
1994-08-20 18:16:57 +00:00
Geoff Rehmet
f09e7cba42 when making test programs, look for libdescrypt, not libcrypt
Submitted by:	Geoff Rehmet
1994-08-12 21:55:04 +00:00
Geoff Rehmet
b1c75fb65d 1) don't make bdes yet
2) fix .include in secure/lib/Makefile.inc
3) fix afterinstall rule in libcrypt/Makefile
Submitted by:	Geoff Rehmet
1994-08-12 21:02:31 +00:00
Geoff Rehmet
7dc2bee339 Install secure/lib/libcrypt as libdescrypt, and symlink it to
libcrypt.  There may be a little modification neede to this makefile once
we start working on tidy make world's.
Submitted by:	geoff.
1994-08-09 18:52:52 +00:00
Geoff Rehmet
712ca8b499 Modify libcrypt so that the only exported symbol is _crypt().
Submitted by:	 Geoff Rehmet
1994-08-08 17:29:04 +00:00
Geoff Rehmet
c4f09032cb Unecumbered securedist from FreeBSD 1.1.5.1 - sources for libcrypt.
The next commit will remove all symbols except _crypt()
Reviewed by:	Geoff Rehmet
Submitted by:	David Burren
1994-08-08 17:18:09 +00:00