Commit Graph

21 Commits

Author SHA1 Message Date
christos
6fa2277528 Revert putting a $ as the final character for blowfish. It is not required by
MCF and we want to be compatible.
2020-03-25 21:02:26 +00:00
christos
fd9ae3edee Add missing trailing $ for blowfish 2020-03-25 18:36:29 +00:00
riastradh
1239c2bb08 Publish explicit_memset and consttime_memequal in userland libc.
Remove the double-underscore from the userland versions, and do the
weak alias dance instead, now that these are public parts of libc.

As discussed on tech-userlevel:

https://mail-index.netbsd.org/tech-userlevel/2013/06/24/msg007843.html
(option 3)
2013-08-28 17:47:07 +00:00
riastradh
82db4b9858 Replace consttime_bcmp/explicit_bzero by consttime_memequal/explicit_memset.
consttime_memequal is the same as the old consttime_bcmp.
explicit_memset is to memset as explicit_bzero was to bcmp.

Passes amd64 release and i386/ALL, but I'm sure I missed some spots,
so please let me know.
2013-06-24 04:21:19 +00:00
drochner
8588929dc5 Add "consttime_bcmp" and "explicit_bzero" functions for both kernel
abd userland, as proposed on tech-security, with explicit_bzero using
a volatile function pointer as suggested by Alan Barrett.
Both do what the name says. For userland, both are prefixed by "__"
to keep them out of the user namespace.
Change some memset/memcmp uses to the new functions where it makes
sense -- these are just some examples, more to come.
2012-08-30 12:16:48 +00:00
matt
f9113d007b Use C89 functions definitions.
Remove use of __P
2012-03-21 05:33:26 +00:00
christos
3b47f52ce7 clamp length to 72 (73) characters. 2011-12-28 03:12:38 +00:00
christos
0d2c1e1b4f - go back to returning NULL, we are going to wrap crypt instead.
- limit length of key to 253 to prevent truncation.
2011-12-27 23:33:41 +00:00
christos
671f563b75 we want to check against "*0" not "*\0" 2011-12-27 22:01:26 +00:00
christos
91160c96e4 Instead of returning ":" on error, return "*0" or "*1" which will always result
in logged password entries, even if the calling program decides to blindly
use them. Discussed in: http://www.openwall.com/lists/oss-security/2011/11/15/3
2011-12-27 19:36:10 +00:00
christos
c9260d16b9 Return ":1" on error instead of ":", so that sloppy password creation programs
don't end up confusing libc or the other way around. From Solar Designer
2011-12-26 21:51:53 +00:00
drochner
ccdea5df98 -fix maximum length of salt (missing prefix, rounding error)
-clip number of rounds at 31 -- this is log2 of the real number,
 and anything larger would break exponentation
-catch possible atoi() error where log2(rounds) is parsed in the
 salt prefix
-zero crypto state on exit
from Open/FreeBSD
2011-05-16 10:45:56 +00:00
drochner
65b9988ba4 gently add some "const", and avoid some casts
compiles with WARNS=4 now (on i386 and alpha)
2006-10-27 19:39:11 +00:00
mlelstv
999ac788ac don't segfault on NULL pointer if number of rounds is
not specified in passwd.conf.
2006-10-24 22:49:19 +00:00
christos
d205f30a4b fix compile issue and de-lint 2005-01-12 05:27:35 +00:00
christos
3131ddcccc - change the gensalt functions to take an optional string instead of
the number of rounds.
- make pw_gensalt() more generic, so that it does not depend in libutil.
2005-01-12 03:32:52 +00:00
christos
7724b89cd5 add local prototype for old salt function 2005-01-11 23:02:16 +00:00
christos
2c53ed1484 Write __gensalt_blowfish function that does not use static storage and
can return an error. Make the old bcrypt_gensalt() function use that.
XXX: should gc bcrypt_gensalt(). What uses it?
2005-01-11 22:39:21 +00:00
jdolecek
b91cb5be6c add __RCSID() 2003-08-06 08:34:32 +00:00
thorpej
90099f5fe1 hrink the Blowfish routines down to only what we need for __bcrypt(),
and don't export any of the Blowfish functionality outside bcrypt.c.
2003-04-17 00:31:04 +00:00
itojun
c89c003ed2 support bcrypt password. can be chosen by "blowfish" keyword in passwd.conf.
from openbsd
2002-05-24 04:02:47 +00:00