Aren/NetBSD
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
207,825 Commits 606 Branches 0 Tags
Commit Graph

104 Commits

Author SHA1 Message Date
christos
35a585027b Improve returns description from Solar Designer. 2012-01-01 23:18:51 +00:00
wiz
4c98bf7fdf Remove trailing whitespace. Avoid xr to itself. 2011-12-28 22:41:34 +00:00
christos
fd093070ff reflect current reality about return values. 2011-12-28 22:15:23 +00:00
christos
e7926f1e9e make __crypt static 2011-12-28 03:13:09 +00:00
christos
3b47f52ce7 clamp length to 72 (73) characters. 2011-12-28 03:12:38 +00:00
christos
dbd463652a wrap crypt() to a function that returns *0 and *1 on error. 2011-12-27 23:34:13 +00:00
christos
0d2c1e1b4f - go back to returning NULL, we are going to wrap crypt instead. 
- limit length of key to 253 to prevent truncation.
 2011-12-27 23:33:41 +00:00
christos
671f563b75 we want to check against "*0" not "*\0" 2011-12-27 22:01:26 +00:00
christos
91160c96e4 Instead of returning ":" on error, return "*0" or "*1" which will always result 
in logged password entries, even if the calling program decides to blindly
use them. Discussed in: http://www.openwall.com/lists/oss-security/2011/11/15/3
 2011-12-27 19:36:10 +00:00
christos
b0ca4d4eba perform the check for all salts > 2. 2011-12-27 01:20:45 +00:00
christos
aeeea54d2f Provide a safer salting method that does not turn invalid salts to '.'. 
Be more sensitive to bad salts and counts. From:
http://cvsweb.openwall.com/cgi/cvsweb.cgi/Owl/packages/glibc/crypt_freesec.c
From Solar Designer
 2011-12-26 22:58:45 +00:00
christos
c9260d16b9 Return ":1" on error instead of ":", so that sloppy password creation programs 
don't end up confusing libc or the other way around. From Solar Designer
 2011-12-26 21:51:53 +00:00
christos
ad9882f615 avoid accessing array over its bound, from Solar Designer 2011-12-26 16:03:42 +00:00
drochner
7babedb72c remove the option to build this against openssl - this hasn't been used 
in the NetBSD build
since the libc version of MD5Final zeroes out the context, replace
the bzero introduced in the previous commit by comments telling that
 2011-11-29 17:27:10 +00:00
drochner
487c0196f3 zero out hash context after use, to avoid traces in RAM 
(hint from "Solar Designer")
 2011-11-29 13:18:52 +00:00
mrg
75e42fa7da remove most of the remaining HAVE_GCC tests that are always true in 
the modern world.
 2011-06-20 07:43:56 +00:00
drochner
ccdea5df98 -fix maximum length of salt (missing prefix, rounding error) 
-clip number of rounds at 31 -- this is log2 of the real number,
 and anything larger would break exponentation
-catch possible atoi() error where log2(rounds) is parsed in the
 salt prefix
-zero crypto state on exit
from Open/FreeBSD
 2011-05-16 10:45:56 +00:00
drochner
9c09925b41 fix ipad/opad buffer length (was one too much), just for sanity 2011-05-16 10:39:12 +00:00
drochner
e7c5804ca9 rearrange variable usage to kill __UNCONST 
reviewed by sjg
 2011-05-09 19:15:28 +00:00
perry
591534100f ANSI function prototypes 2009-05-01 00:28:17 +00:00
perry
b34e9d9fea de-__P 2009-05-01 00:20:08 +00:00
lukem
a06595c27b fix -Wsign-compare issues 2009-01-18 12:14:16 +00:00
christos
46edb91e9f bump shared libraries. 2009-01-11 03:07:47 +00:00
gmcgarry
3c9a95916d Wrap compiler-specific flags with HAVE_GCC and HAVE_PCC as necessary. Add a few flags for PCC. 2008-08-29 00:02:21 +00:00
gmcgarry
686556951e Add test for HAVE_PCC with HAVE_GCC which turn off compiler warning flags. 2008-07-12 12:29:42 +00:00
hubertf
55ac93d329 Remove more duplicate #includes, and a few spurious whitespaces at EOL 
From Slava Semushin <slava.semushin@gmail.com>
 2007-01-17 23:24:22 +00:00
freza
782d524f80 Constify prtab() argument, fixes MKDEBUGLIB build. 2006-11-25 17:55:48 +00:00
drochner
65b9988ba4 gently add some "const", and avoid some casts 
compiles with WARNS=4 now (on i386 and alpha)
 2006-10-27 19:39:11 +00:00
drochner
d16ceb033e As discussed back in June, move the implementation of hmac_sha1 here 
because this is not a public function and crypt-sha1.c is the only
place where it is used (It must have been that way formerly, because
there was a stale prototype in crypt.h all the time.)
Being here, do some RCSID and prototype cleanup, and add as much "const"
as needed to compile these files with WARNS=3.
 2006-10-27 18:22:56 +00:00
mlelstv
999ac788ac don't segfault on NULL pointer if number of rounds is 
not specified in passwd.conf.
 2006-10-24 22:49:19 +00:00
mrg
aadd7d4847 sprinkle some -fno-strict-aliasing and -Wno-pointer-sign with GCC4. 2006-05-11 23:16:28 +00:00
christos
a0d45c2607 Need stdio.h if debug. 2006-04-08 23:24:44 +00:00
perry
4e11af46bc Remove leading __ from __(const|inline|signed|volatile) -- it is obsolete. 2005-12-24 21:11:15 +00:00
hubertf
105b456cb7 Mention pwhash(1) in a few places, 
suggested in PR 31125 by Stefan Schumacher.
 2005-09-05 03:37:14 +00:00
drochner
27a681b048 salt is in the second argument 2005-08-16 10:10:16 +00:00
christos
d1ac9947b2 fix compile issue. 2005-01-12 05:27:48 +00:00
christos
d205f30a4b fix compile issue and de-lint 2005-01-12 05:27:35 +00:00
christos
3131ddcccc - change the gensalt functions to take an optional string instead of 
the number of rounds.
- make pw_gensalt() more generic, so that it does not depend in libutil.
 2005-01-12 03:32:52 +00:00
christos
6252af1a9f sprinkle ARGSUSED and include "crypt.h" 2005-01-11 23:21:31 +00:00
christos
b181dae89f only get the rounds if we have them. 2005-01-11 23:02:30 +00:00
christos
7724b89cd5 add local prototype for old salt function 2005-01-11 23:02:16 +00:00
christos
8cfd209e8e Add pw_gensalt, which was taken from pwd_gensalt. This now is used in 3 
places, so it might as well be part of libcrypt.
 2005-01-11 22:41:07 +00:00
christos
21356b2c66 use the standard __UNCONST 2005-01-11 22:40:22 +00:00
christos
0fc4f2b291 - remove local UNCONST 
- add new __gensalt functions
 2005-01-11 22:40:00 +00:00
christos
2c53ed1484 Write __gensalt_blowfish function that does not use static storage and 
can return an error. Make the old bcrypt_gensalt() function use that.
XXX: should gc bcrypt_gensalt(). What uses it?
 2005-01-11 22:39:21 +00:00
sjg
3a0c68edfd Add support for SHA1 hashed passwords. 
The algorithm used is essentially PBKDF1 from RFC 2898 but using
hmac_sha1 rather than SHA1 directly (suggested by smb@research.att.com).

 * The format of the encrypted password is:
 * $<tag>$<iterations>$<salt>$<digest>
 *
 * where:
 *      <tag>           is "sha1"
 *      <iterations>    is an unsigned int identifying how many rounds
 *                      have been applied to <digest>.  The number
 *                      should vary slightly for each password to make
 *                      it harder to generate a dictionary of
 *                      pre-computed hashes.  See crypt_sha1_iterations.
 *      <salt>          up to 64 bytes of random data, 8 bytes is
 *                      currently considered more than enough.
 *      <digest>        the hashed password.

hmac.c implementes HMAC as defined in RFC 2104 and includes a unit
test for both hmac_sha1 and hmac_sha1 using a selection of the Known
Answer Tests from RFC 2202.

It is worth noting that to be FIPS compliant the hmac key (password)
should be 10-20 chars.
 2004-07-02 00:05:23 +00:00
uebayasi
12db5f3635 Remove a superfluous .sp in the SEE ALSO section. 2004-06-10 13:53:48 +00:00
agc
eb7c1594f1 Move UCB-licensed code from 4-clause to 3-clause licence. 
Patches provided by Joel Baker in PR 22280, verified by myself.
 2003-08-07 16:42:00 +00:00
jdolecek
d7d75e0646 make the read-only arrays const 2003-08-06 08:44:22 +00:00
jdolecek
9caa6d5440 make itoa64[] const 2003-08-06 08:37:19 +00:00