Commit Graph

71 Commits

Author SHA1 Message Date
hubertf
105b456cb7 Mention pwhash(1) in a few places,
suggested in PR 31125 by Stefan Schumacher.
2005-09-05 03:37:14 +00:00
drochner
27a681b048 salt is in the second argument 2005-08-16 10:10:16 +00:00
christos
d1ac9947b2 fix compile issue. 2005-01-12 05:27:48 +00:00
christos
d205f30a4b fix compile issue and de-lint 2005-01-12 05:27:35 +00:00
christos
3131ddcccc - change the gensalt functions to take an optional string instead of
the number of rounds.
- make pw_gensalt() more generic, so that it does not depend in libutil.
2005-01-12 03:32:52 +00:00
christos
6252af1a9f sprinkle ARGSUSED and include "crypt.h" 2005-01-11 23:21:31 +00:00
christos
b181dae89f only get the rounds if we have them. 2005-01-11 23:02:30 +00:00
christos
7724b89cd5 add local prototype for old salt function 2005-01-11 23:02:16 +00:00
christos
8cfd209e8e Add pw_gensalt, which was taken from pwd_gensalt. This now is used in 3
places, so it might as well be part of libcrypt.
2005-01-11 22:41:07 +00:00
christos
21356b2c66 use the standard __UNCONST 2005-01-11 22:40:22 +00:00
christos
0fc4f2b291 - remove local UNCONST
- add new __gensalt functions
2005-01-11 22:40:00 +00:00
christos
2c53ed1484 Write __gensalt_blowfish function that does not use static storage and
can return an error. Make the old bcrypt_gensalt() function use that.
XXX: should gc bcrypt_gensalt(). What uses it?
2005-01-11 22:39:21 +00:00
sjg
3a0c68edfd Add support for SHA1 hashed passwords.
The algorithm used is essentially PBKDF1 from RFC 2898 but using
hmac_sha1 rather than SHA1 directly (suggested by smb@research.att.com).

 * The format of the encrypted password is:
 * $<tag>$<iterations>$<salt>$<digest>
 *
 * where:
 *      <tag>           is "sha1"
 *      <iterations>    is an unsigned int identifying how many rounds
 *                      have been applied to <digest>.  The number
 *                      should vary slightly for each password to make
 *                      it harder to generate a dictionary of
 *                      pre-computed hashes.  See crypt_sha1_iterations.
 *      <salt>          up to 64 bytes of random data, 8 bytes is
 *                      currently considered more than enough.
 *      <digest>        the hashed password.

hmac.c implementes HMAC as defined in RFC 2104 and includes a unit
test for both hmac_sha1 and hmac_sha1 using a selection of the Known
Answer Tests from RFC 2202.

It is worth noting that to be FIPS compliant the hmac key (password)
should be 10-20 chars.
2004-07-02 00:05:23 +00:00
uebayasi
12db5f3635 Remove a superfluous .sp in the SEE ALSO section. 2004-06-10 13:53:48 +00:00
agc
eb7c1594f1 Move UCB-licensed code from 4-clause to 3-clause licence.
Patches provided by Joel Baker in PR 22280, verified by myself.
2003-08-07 16:42:00 +00:00
jdolecek
d7d75e0646 make the read-only arrays const 2003-08-06 08:44:22 +00:00
jdolecek
9caa6d5440 make itoa64[] const 2003-08-06 08:37:19 +00:00
jdolecek
b91cb5be6c add __RCSID() 2003-08-06 08:34:32 +00:00
itojun
fcfc71fca0 use strlcat 2003-07-14 12:37:13 +00:00
thorpej
90099f5fe1 hrink the Blowfish routines down to only what we need for __bcrypt(),
and don't export any of the Blowfish functionality outside bcrypt.c.
2003-04-17 00:31:04 +00:00
thorpej
d1bb0be3e8 If libcrypto is defined, use the MD5 routines from libcrypto, rather
than from libc.
2003-04-17 00:29:43 +00:00
wiz
472351e13d Use
.In header.h
instead of
.Fd #include \*[Lt]header.h\*[Gt]
Much easier to read and write, and supported by groff for ages.
Okayed by ross.
2003-04-16 13:34:34 +00:00
wiz
4f92a4853d New sentence, new line. From Robert Elz. 2002-10-01 19:38:46 +00:00
lukem
ec5dbc56b8 Explicitly move setting of NOxxx and USE_SHLIBDIR to the top of the
Makefile (before including <bsd.own.mk>)
2002-08-19 14:55:14 +00:00
itojun
caecca980a crank minor for bcrypt support 2002-05-24 04:07:05 +00:00
itojun
c89c003ed2 support bcrypt password. can be chosen by "blowfish" keyword in passwd.conf.
from openbsd
2002-05-24 04:02:47 +00:00
wiz
0a2f7411a3 Change Nd argument to 'password encryption', since it does not only provide
DES support. Noted by Jeremy C. Reed.
2002-04-17 18:17:58 +00:00
wiz
a6876a2a4e Punctuation nits. 2002-02-20 11:56:13 +00:00
ross
814f296b77 Generate <>& symbolically. 2002-02-07 07:00:09 +00:00
wiz
854cba8fda Whitespace nits, drop unnecessary .Pps. 2002-01-15 02:40:05 +00:00
lukem
efcc9a4c9d * Add user-controlled mk.conf variables
- SHLIBDIR	Location to install shared libraries if ${USE_SHLIBDIR}
			is "yes".  Defaults to "/usr/lib".

	- USE_SHLIBDIR	If "yes", install shared libraries in ${SHLIBDIR}
			instead of ${LIBDIR}.  Defaults to "no".
			Sets ${_LIBSODIR} to the appropriate value.
			This may be set by individual Makefiles as well.

	- SHLINKDIR	Location of shared linker.  Defaults to "/usr/libexec".
			If != "/usr/libexec", change the dynamic-linker
			encoded in shared programs

* Set USE_SHLIBDIR for libraries used by /bin and /sbin:
	libc libcrypt libcrypto libedit libipsec libkvm libm libmi387
	libtermcap libutil libz

* If ${_LIBSODIR} != ${LIBDIR}, add symlinks from ${LIBDIR}/${LIB}.so*
  to ${_LIBSODIR}/${LIB}.so* for compatibility.

* Always install /sbin/init statically (for now)


The net effect of these changes depends on how the variables are set:

  1.)	If nothing is set or changed, there is no change from the
	current behaviour:
		- Static /bin, /sbin, and bits of /usr/*
		- Dynamic rest
		- Shared linker is /usr/libexec/ld*so

  2.)	If the following make variables are set:
		LDSTATIC=
		SHLINKDIR=/lib
		SHLIBDIR=/lib
	Then the behaviour becomes:
		- Dynamic tools
		- .so libraries used by /bin and /sbin are installed to /lib,
		  with symlinks from /usr/lib/lib*so to -> /lib/lib*so
		  where appropriate
		- Shared linker is /lib/ld*so

  3.)	As per 2.), but add the following variable:
		USE_SHLIBDIR=yes
	This forces all .so's to be instaleld in /lib (with compat
	symlinks), not just those tagged by their Makefiles to be.
	Again, compat symlinks are installed
2001-12-28 01:32:37 +00:00
ad
e5afda7b98 Ensure that the salt is always terminated properly with '$'. Makes Cyrus'
pwcheck (which either modifies the buffer or was passing bad password
strings) happy. Noted by Cillian Sharkey <cns@redbrick.dcu.ie>.
2001-09-10 12:33:25 +00:00
wiz
ddb7e7aa53 Four casts for lint. 2001-03-01 14:37:35 +00:00
christos
a46d295d72 fix nested extern declaration. 2001-01-05 23:11:13 +00:00
ad
c9305d1df0 Fix comment. 2000-12-03 13:01:37 +00:00
ad
684eb80714 Cosmetic nits. 2000-08-03 08:32:36 +00:00
ad
04e2145813 Take a stab at documenting non-DES password encryption. 2000-08-03 08:30:43 +00:00
ad
ac9fc8f4e6 Handle non-DES encrypted passwords; currently only MD5. 2000-07-06 11:13:49 +00:00
ad
49de2aa1ce Add __md5crypt(), for internal use by libcrypt. This behaves for the most
part like crypt() but uses a proprietry encryption scheme that utilises MD5.
From FreeBSD via OpenBSD.
2000-07-06 11:12:42 +00:00
thorpej
3c3dcb50e3 No longer need the <bsd.crypto.mk> song-and-dance here. 2000-06-16 16:29:35 +00:00
thorpej
9323d93234 Enable decryption in crypt(), from cryptosrc-intl, and lift the updated
manual page (which describes decryption) from cryptosrc-us.
2000-06-16 16:27:32 +00:00
soren
89c5a767f8 Fix doubled 'the's. 2000-03-13 22:55:05 +00:00
mrg
51a96a002f optionally include CRYPTOPATH Makefile.frag files. 1999-07-20 09:35:18 +00:00
thorpej
a3281f7249 Use bsd.crypto.mk. 1999-07-12 22:04:09 +00:00
simonb
1528b77539 More trailing white space. 1999-07-02 15:14:07 +00:00
abs
edc1a24a56 Add a note to update src/distrib/sets/lists/base/shl.*, and add a missing
RCS Id.
1999-02-25 08:02:19 +00:00
matt
59695352ce vax -> __vax__ 1998-10-20 02:02:30 +00:00
kleink
56545aba03 Need <stdlib.h> for setkey() prototype. 1998-06-01 20:25:24 +00:00
kleink
fa992e178b Prototype has moved: add inclusion of <stdlib.h> to the synopsis of setkey(). 1998-06-01 20:24:46 +00:00
perry
312aca536f add LIBRARY section to man page 1998-02-05 18:45:17 +00:00