Commit Graph

17 Commits

Author SHA1 Message Date
mrg aadd7d4847 sprinkle some -fno-strict-aliasing and -Wno-pointer-sign with GCC4. 2006-05-11 23:16:28 +00:00
christos 8cfd209e8e Add pw_gensalt, which was taken from pwd_gensalt. This now is used in 3
places, so it might as well be part of libcrypt.
2005-01-11 22:41:07 +00:00
sjg 3a0c68edfd Add support for SHA1 hashed passwords.
The algorithm used is essentially PBKDF1 from RFC 2898 but using
hmac_sha1 rather than SHA1 directly (suggested by smb@research.att.com).

 * The format of the encrypted password is:
 * $<tag>$<iterations>$<salt>$<digest>
 *
 * where:
 *      <tag>           is "sha1"
 *      <iterations>    is an unsigned int identifying how many rounds
 *                      have been applied to <digest>.  The number
 *                      should vary slightly for each password to make
 *                      it harder to generate a dictionary of
 *                      pre-computed hashes.  See crypt_sha1_iterations.
 *      <salt>          up to 64 bytes of random data, 8 bytes is
 *                      currently considered more than enough.
 *      <digest>        the hashed password.

hmac.c implementes HMAC as defined in RFC 2104 and includes a unit
test for both hmac_sha1 and hmac_sha1 using a selection of the Known
Answer Tests from RFC 2202.

It is worth noting that to be FIPS compliant the hmac key (password)
should be 10-20 chars.
2004-07-02 00:05:23 +00:00
thorpej 90099f5fe1 hrink the Blowfish routines down to only what we need for __bcrypt(),
and don't export any of the Blowfish functionality outside bcrypt.c.
2003-04-17 00:31:04 +00:00
lukem ec5dbc56b8 Explicitly move setting of NOxxx and USE_SHLIBDIR to the top of the
Makefile (before including <bsd.own.mk>)
2002-08-19 14:55:14 +00:00
itojun c89c003ed2 support bcrypt password. can be chosen by "blowfish" keyword in passwd.conf.
from openbsd
2002-05-24 04:02:47 +00:00
lukem efcc9a4c9d * Add user-controlled mk.conf variables
- SHLIBDIR	Location to install shared libraries if ${USE_SHLIBDIR}
			is "yes".  Defaults to "/usr/lib".

	- USE_SHLIBDIR	If "yes", install shared libraries in ${SHLIBDIR}
			instead of ${LIBDIR}.  Defaults to "no".
			Sets ${_LIBSODIR} to the appropriate value.
			This may be set by individual Makefiles as well.

	- SHLINKDIR	Location of shared linker.  Defaults to "/usr/libexec".
			If != "/usr/libexec", change the dynamic-linker
			encoded in shared programs

* Set USE_SHLIBDIR for libraries used by /bin and /sbin:
	libc libcrypt libcrypto libedit libipsec libkvm libm libmi387
	libtermcap libutil libz

* If ${_LIBSODIR} != ${LIBDIR}, add symlinks from ${LIBDIR}/${LIB}.so*
  to ${_LIBSODIR}/${LIB}.so* for compatibility.

* Always install /sbin/init statically (for now)


The net effect of these changes depends on how the variables are set:

  1.)	If nothing is set or changed, there is no change from the
	current behaviour:
		- Static /bin, /sbin, and bits of /usr/*
		- Dynamic rest
		- Shared linker is /usr/libexec/ld*so

  2.)	If the following make variables are set:
		LDSTATIC=
		SHLINKDIR=/lib
		SHLIBDIR=/lib
	Then the behaviour becomes:
		- Dynamic tools
		- .so libraries used by /bin and /sbin are installed to /lib,
		  with symlinks from /usr/lib/lib*so to -> /lib/lib*so
		  where appropriate
		- Shared linker is /lib/ld*so

  3.)	As per 2.), but add the following variable:
		USE_SHLIBDIR=yes
	This forces all .so's to be instaleld in /lib (with compat
	symlinks), not just those tagged by their Makefiles to be.
	Again, compat symlinks are installed
2001-12-28 01:32:37 +00:00
ad 49de2aa1ce Add __md5crypt(), for internal use by libcrypt. This behaves for the most
part like crypt() but uses a proprietry encryption scheme that utilises MD5.
From FreeBSD via OpenBSD.
2000-07-06 11:12:42 +00:00
thorpej 3c3dcb50e3 No longer need the <bsd.crypto.mk> song-and-dance here. 2000-06-16 16:29:35 +00:00
mrg 51a96a002f optionally include CRYPTOPATH Makefile.frag files. 1999-07-20 09:35:18 +00:00
thorpej a3281f7249 Use bsd.crypto.mk. 1999-07-12 22:04:09 +00:00
cgd 4902ac3dcf use the (broken) crypt.c from the 4.4BSD-Lite Foreign distribution, that
can encrypt passwords but _cannot_ decrypt anything.  "real" (i.e. two-way,
unbroken) crypt() now lives in /usr/src/domestic.
1995-02-19 12:18:56 +00:00
cgd 3a370daf86 specify man pages the new way. 1994-12-22 09:44:45 +00:00
cgd eb29ed3995 always create libcrypt, and link with it where necessary. this will
make life with shared libraries happier.  also, get dummy crypt out
of libc.
1993-10-07 01:36:21 +00:00
mycroft aee4b07b8a Add RCS identifiers, remove some completely useless RCS logs and patchkit
headers, and a few other insignificant changes.
1993-08-02 17:48:44 +00:00
cgd a1fe79bac5 make makefile do *nothing* for any of the standard cases if crypt.c
doesn't exist.
1993-05-29 13:27:15 +00:00
cgd e0b9a84a0f made libcrypt, so exportable vs. non-exportable packages can be
handled easliy.
1993-04-26 12:45:00 +00:00