The algorithm used is essentially PBKDF1 from RFC 2898 but using
hmac_sha1 rather than SHA1 directly (suggested by smb@research.att.com).
* The format of the encrypted password is:
* $<tag>$<iterations>$<salt>$<digest>
*
* where:
* <tag> is "sha1"
* <iterations> is an unsigned int identifying how many rounds
* have been applied to <digest>. The number
* should vary slightly for each password to make
* it harder to generate a dictionary of
* pre-computed hashes. See crypt_sha1_iterations.
* <salt> up to 64 bytes of random data, 8 bytes is
* currently considered more than enough.
* <digest> the hashed password.
hmac.c implementes HMAC as defined in RFC 2104 and includes a unit
test for both hmac_sha1 and hmac_sha1 using a selection of the Known
Answer Tests from RFC 2202.
It is worth noting that to be FIPS compliant the hmac key (password)
should be 10-20 chars.
* Rename "config.h" to "nbtool_config.h" and
HAVE_CONFIG_H to HAVE_NBTOOL_CONFIG_H.
This makes in more obvious in the source when we're using
tools/compat/config.h versus "standard autoconf" config.h
* Consistently move the inclusion of nbtool_config.h to before
<sys/cdefs.h> so that the former can provide __RCSID() (et al),
and there's no need to protect those macros any more.
These changes should make it easier to "tool-ify" a program by adding:
#if HAVE_NBTOOL_CONFIG_H
#include "nbtool_config.h"
#endif
to the top of the source files (for the general case).
as int's, as the array is not guaranteed to be int-aligned on the stack.
Use a CHAR64LONG16 type instead for the workspace, since the workspace
is accessed through that type anyway.
Fixes PR pkg/12417 from Andrew Brown.
descriptors against -1 (as appropriate).
* add actual checks which to detect stuff that would trigger_DIAGASSERT(),
and attempt to return a sane error condition.
* knf some code
* remove some `register' decls.
the first two items result in the addition of code similar to the
following in various functions:
_DIAGASSERT(path != NULL)
#ifdef _DIAGNOSTIC
if (path == NULL) {
errno = EFAULT;
return (-1);
}
#endif