The algorithm used is essentially PBKDF1 from RFC 2898 but using
hmac_sha1 rather than SHA1 directly (suggested by smb@research.att.com).
* The format of the encrypted password is:
* $<tag>$<iterations>$<salt>$<digest>
*
* where:
* <tag> is "sha1"
* <iterations> is an unsigned int identifying how many rounds
* have been applied to <digest>. The number
* should vary slightly for each password to make
* it harder to generate a dictionary of
* pre-computed hashes. See crypt_sha1_iterations.
* <salt> up to 64 bytes of random data, 8 bytes is
* currently considered more than enough.
* <digest> the hashed password.
hmac.c implementes HMAC as defined in RFC 2104 and includes a unit
test for both hmac_sha1 and hmac_sha1 using a selection of the Known
Answer Tests from RFC 2202.
It is worth noting that to be FIPS compliant the hmac key (password)
should be 10-20 chars.
1. Pass the caller-supplied protocol name down through ipsec_switch().
2. Remove my poor attempt to print fast-ipsec stats automagically for
`netstat -s'. The previous code would print (fast)IPsec per-protocol
stats even for 'netstat', which is just wrong.
A better fix would be to enumerate the sub-"protocols" under IPsec;
but first lets fix the broken behaviour now, for a pullup to 2.0.
the write to the ktraced file descriptor (when they used fktrace internally)
would block. Fix by clearing the non-blocking bit in the file descriptor by
default, so that the writes will block. This has the side effect of stopping
the traced process. Add a flag to override (-n) this behavior and have the
trace stop without blocking the traced process (the previous behavior).
Fix lint, add checks to failed syscalls, ansify.
_NETBSD_SOURCE as this makes cross building from older/newer versions of
NetBSD harder, not easier (and also makes the resulting tools 'different')
Wrap all required code with the inclusion of nbtool_config.h, attempt to
only use POSIX code in all places (or when reasonable test w. configure and
provide definitions: ala u_int, etc).
Reviewed by lukem. Tested on FreeBSD 4.9, Redhat Linux ES3, NetBSD 1.6.2 x86
NetBSD current (x86 and amd64) and Solaris 9.
Fixes PR's: PR#17762 PR#25944
and exponential hashtable growth for tracking previously seen inodes.
This replaces the O(n^2) behavior of linkchk() with an implementation
that should be O(n*logn)
This addresses NetBSD PR bin/25857
on subsequent calls. Newterm() would fail after a few calls, leading to vi
exiting with a "ex/vi: error initializing terminal" message
. if tcsetattr() fails due to EINTR, ignore it
Fixes PR #25849
buffer was a backslash. This closes PR bin/25899.
Patch was borrowed from FreeBSD. Their log says:
Fix a bug in sed(1)'s "s" command wherein if an escape ("\"
character) was initiated at the last character of the line buffer,
the Wrong Thing was done and sed barfed by interpreting the
following NUL byte as a digit. Instead, pull up the next buffer
and record that the "\" was last seen.
OK'ed by jmc@.
clarify the circumstances under which the compiler/linker will
merge strings (identical & read-only; how could it do otherwise?)
This, and the other stuff Christos has done is partly an answer
to PR 25835.
wiz