src/lib/libcrypt/crypt.c, branch releng/5.0 FreeBSD source tree No functional change, but big code cleanup. WARNS, lint(1) and style(9). 2002-03-06T17:18:09+00:00 Mark Murray markm@FreeBSD.org 2002-03-06T17:18:09+00:00 f2ac424af7b980ba4d858ecfd1644ce197d6869d 






Implement __FBSDID()
2001-09-16T21:35:07+00:00

Matthew Dillon
dillon@FreeBSD.org

2001-09-16T21:35:07+00:00

e67f5b9fcac5f0ebb78f0b3a50c0128432cca584












Removed duplicate VCS ID tags, as per style(9).
2001-08-13T14:06:34+00:00

Ruslan Ermilov
ru@FreeBSD.org

2001-08-13T14:06:34+00:00

8af1452cf8dd1b33da881f84e445d5981eaa9613












Add OpenBSD-style blowfish password hashing. This makes one less
2001-03-11T16:05:43+00:00

Mark Murray
markm@FreeBSD.org

2001-03-11T16:05:43+00:00

5c1296168babf97c51ff030872cddb7f9857474f

gratuitous difference between us and our sister project.

This was given to me _ages_ ago. May apologies to Paul for the length
of time its taken me to commit.

Obtained from:	Niels Provos <provos@physnet.uni-hamburg.de>/OpenBSD
Submitted by:	Paul Herman <pherman@frenchfries.net>





gratuitous difference between us and our sister project.

This was given to me _ages_ ago. May apologies to Paul for the length
of time its taken me to commit.

Obtained from:	Niels Provos <provos@physnet.uni-hamburg.de>/OpenBSD
Submitted by:	Paul Herman <pherman@frenchfries.net>







Hindsight is wonderful, but I got cold feet over the crypt(3) default
2000-12-28T11:23:01+00:00

Peter Wemm
peter@FreeBSD.org

2000-12-28T11:23:01+00:00

65c10f6d334b4e6c9879de96fef092bb72afc758

so I am backing it out for now.  The problem is that some random program
calling crypt() could be passing a DES salt and the crypt(3) library
would encrypt it in md5 mode and there would be a password mismatch as a
result.  I wrote a validater function for the DES code to verify that
a salt is valid for DES, but I realized there were too many strange things
to go wrong.  passwd(1), pw(8) etc still generate md5 passwords by default
for /etc/master.passwd, so this is almost academic.  It is a big deal for
things that have their own crypt(3)-ed password strings (.htaccess,
etc etc).  Those are the things I do not want to break.

My DES salt recognizer basically checked if the salt was either 2 or
13 characters long, or began with '_' (_PASSWORD_EFMT1).  I think it
would have worked but I have seen way too much crypt() mishandling
in the past.





so I am backing it out for now.  The problem is that some random program
calling crypt() could be passing a DES salt and the crypt(3) library
would encrypt it in md5 mode and there would be a password mismatch as a
result.  I wrote a validater function for the DES code to verify that
a salt is valid for DES, but I realized there were too many strange things
to go wrong.  passwd(1), pw(8) etc still generate md5 passwords by default
for /etc/master.passwd, so this is almost academic.  It is a big deal for
things that have their own crypt(3)-ed password strings (.htaccess,
etc etc).  Those are the things I do not want to break.

My DES salt recognizer basically checked if the salt was either 2 or
13 characters long, or began with '_' (_PASSWORD_EFMT1).  I think it
would have worked but I have seen way too much crypt() mishandling
in the past.







Merge into a single US-exportable libcrypt, which only provides
2000-12-28T10:32:02+00:00

Peter Wemm
peter@FreeBSD.org

2000-12-28T10:32:02+00:00

9886bcdf9326929b650dc843802a25400f597365

one-way hash functions for authentication purposes.  There is no more
"set the libcrypt->libXXXcrypt" nightmare.
- Undo the libmd.so hack, use -D to hide the md5c.c internals.
- Remove the symlink hacks in release/Makefile
- the algorthm is set by set_crypt_format() as before.  If this is
  not called, it tries to heuristically figure out the hash format, and
  if all else fails, it uses the optional auth.conf entry to chose the
  overall default hash.
- Since source has non-hidden crypto in it there may be some issues with
  having the source it in some countries, so preserve the "secure/*"
  division.  You can still build a des-free libcrypt library if you want
  to badly enough.  This should not be a problem in the US or exporting
  from the US as freebsd.org had notified BXA some time ago.  That makes
  this stuff re-exportable by anyone.
- For consistancy, the default in absence of any other clues is md5.  This
  is to try and minimize POLA across buildworld where folk may suddenly
  be activating des-crypt()-hash support.  Since the des hash may not
  always be present, it seemed sensible to make the stronger md5 algorithm
  the default.
All things being equal, no functionality is lost.

Reviewed-by: jkh

(flame-proof suit on)





one-way hash functions for authentication purposes.  There is no more
"set the libcrypt->libXXXcrypt" nightmare.
- Undo the libmd.so hack, use -D to hide the md5c.c internals.
- Remove the symlink hacks in release/Makefile
- the algorthm is set by set_crypt_format() as before.  If this is
  not called, it tries to heuristically figure out the hash format, and
  if all else fails, it uses the optional auth.conf entry to chose the
  overall default hash.
- Since source has non-hidden crypto in it there may be some issues with
  having the source it in some countries, so preserve the "secure/*"
  division.  You can still build a des-free libcrypt library if you want
  to badly enough.  This should not be a problem in the US or exporting
  from the US as freebsd.org had notified BXA some time ago.  That makes
  this stuff re-exportable by anyone.
- For consistancy, the default in absence of any other clues is md5.  This
  is to try and minimize POLA across buildworld where folk may suddenly
  be activating des-crypt()-hash support.  Since the des hash may not
  always be present, it seemed sensible to make the stronger md5 algorithm
  the default.
All things being equal, no functionality is lost.

Reviewed-by: jkh

(flame-proof suit on)







Still have to support libscrypt for now :(  Add #defines to take DES
2000-08-24T17:51:16+00:00

Brian Feldman
green@FreeBSD.org

2000-08-24T17:51:16+00:00

da140a0594e26b718c45d9dd0b445a10eb32464a

out for it.





out for it.







Add working and easy crypt(3)-switching.  Yes, we need a whole new API
2000-08-22T02:15:54+00:00

Brian Feldman
green@FreeBSD.org

2000-08-22T02:15:54+00:00

04c9749ff0148ec8f73b150cec8bc2c094a5d31a

for crypt(3) by now.  In any case:

Add crypt_set_format(3) + documentation to -lcrypt.
Add login_setcryptfmt(3) + documentation to -lutil.
Support for switching crypt formats in passwd(8).
Support for switching crypt formats in pw(8).

The simple synopsis is:
edit login.conf; add a passwd_format field set to "des" or "md5"; go nuts :)

Reviewed by:	peter





for crypt(3) by now.  In any case:

Add crypt_set_format(3) + documentation to -lcrypt.
Add login_setcryptfmt(3) + documentation to -lutil.
Support for switching crypt formats in passwd(8).
Support for switching crypt formats in pw(8).

The simple synopsis is:
edit login.conf; add a passwd_format field set to "des" or "md5"; go nuts :)

Reviewed by:	peter







Zap SHA1 password support. This will be re-implemented at a later date.
2000-01-07T06:33:54+00:00

Kris Kennaway
kris@FreeBSD.org

2000-01-07T06:33:54+00:00

0ade301d10aba84c062b0edde928a0484ed17074












Never return NULL, always return a hash.
1999-09-22T06:53:08+00:00

Mark Murray
markm@FreeBSD.org

1999-09-22T06:53:08+00:00

3ab9676ab3be356887930cd9c0fb8228b4b92239

Submitted by:	dt





Submitted by:	dt