MFC r321915:

Remove bogus bsd.subdir.mk .include

bsd.subdir.mk is included from bsd.obj.mk, which is included via bsd.lib.mk.

MFC r315032-r315036, r315039, r315041

r315032:
Increase WARNS for iconv tests

ATF tests have a default WARNS of 0, unlike other usermode programs.

Reviewed by: ngie
Sponsored by: Spectra Logic Corporation
Differential Revision: https://reviews.freebsd.org/D9933

r315033:
Increase WARNS for nss tests

ATF tests have a default WARNS of 0, unlike other usermode programs.

Reviewed by: ngie
Sponsored by: Spectra Logic Corporation
Differential Revision: https://reviews.freebsd.org/D9933

r315034:
Document that the msun tests require WARNS=0

ATF tests have a default WARNS of 0, unlike other usermode programs. This
change is technically a noop, but it documents that the msun tests don't
work with any warnings enabled, at least not on all architectures.

Reviewed by: ngie
Sponsored by: Spectra Logic Corporation
Differential Revision: https://reviews.freebsd.org/D9933

r315035:
Increase WARNS for libcrypt tests

ATF tests have a default WARNS of 0, unlike other usermode programs.

Reviewed by: ngie, julian
Sponsored by: Spectra Logic Corporation
Differential Revision: https://reviews.freebsd.org/D9933

r315036:
Increase WARNS for libmp tests

ATF tests have a default WARNS of 0, unlike other usermode programs.

Reviewed by: ngie, julian
Sponsored by: Spectra Logic Corporation
Differential Revision: https://reviews.freebsd.org/D9933

r315039:
Increase WARNS for libutil tests

ATF tests have a default WARNS of 0, unlike other usermode programs.

Reviewed by: ngie, julian
Sponsored by: Spectra Logic Corporation
Differential Revision: https://reviews.freebsd.org/D9933

r315041:
Increase WARNS for pw tests

ATF tests have a default WARNS of 0, unlike other usermode programs.

Reviewed by: ngie, julian
Sponsored by: Spectra Logic Corporation
Differential Revision: https://reviews.freebsd.org/D9933

MFC r300903: Implement SHA-512 truncated (224 and 256 bits)

MFC r292782: Replace sys/crypto/sha2/sha2.c with lib/libmd/sha512c.c

cperciva's libmd implementation is 5-30% faster
The same was done for SHA256 previously in r263218

Approved by: secteam

MFC r263215,r263218,r285366: replace the kernel sha256 code

r263215 copy these files from lib/libmd in preperation for moving these
files into the kernel...

r263218 replace the kernel's version w/ cperciva's implementation...

r285366 Complete the move that was started w/ r263218..

Note that the last change is out of order with r282726 that I am going
to merge as well.

Many thanks to cperciva for the more efficient code and to jmg for
integrating it into the kernel.

MFC r289172,r290254:

r289172:

Refactor the test/ Makefiles after recent changes to bsd.test.mk (r289158) and
netbsd-tests.test.mk (r289151)

- Eliminate explicit OBJTOP/SRCTOP setting
- Convert all ad hoc NetBSD test integration over to netbsd-tests.test.mk
- Remove unnecessary TESTSDIR setting
- Use SRCTOP where possible for clarity

r290254:

Remove unused variable (SRCDIR)

MFC r290908,r291615:

r290908:

Integrate contrib/netbsd-tests/lib/libcrypt/t_crypt.c in to the FreeBSD
test suite as lib/libcrypt/crypt_test

Sponsored by: EMC / Isilon Storage Division

r291615 (by rodrigc):

Hack test so that it works on FreeBSD.

MFH (r272830): change the hardcoded default back to DES
MFH (r272833): remove last vestige of MD5 password hashes

MFC r270144:

Add LIBCRYPT to DPADD, remove LDFLAGS from LDADD, and sort the Makefile variables

This fixes "make checkdpadd"

Phabric: D620
Approved by: jmmv (mentor)
PR: 192729

MFH r266813: Don't break the legacy applications which set
just 2 bytes to salt.

MFH (r261913): switch default to sha512
MFH (r264964): rewrite so DES still works when not the default
MFH (r262945): clean up man page

MFC refactoring of the *.test.mk files.

- r263161 Make bsd.test.mk the only public mk fragment for the building of tests.
- r263172 Move FreeBSD Test Suite-specific code to a suite.test.mk file.
- r263204 Add some documentation for bsd.test.mk.
- r263217 Document support for TAP-compliant Perl test programs.

This is "make tinderbox" clean.

Set up the /usr/tests hierarchy.

This is a MFC of the following into stable/10:
- r257097 Set up the /usr/tests hierarchy.
- r257098 Add missing WITHOUTTESTS file.
- r257100 Add a tests(7) manual page.
- r257105 Disable WITHTESTS= for now.
- r257848 Fix buildworld when WITHTESTS is enabled.
- r257850 Subsume the functionality of MKATF into MKTESTS.
- r257851 Handle the removal of the test suite when WITHOUTTESTS=yes.
- r257852 Install category Kyuafiles from their category directories.
- r258232 Install BSD.tests.mtree when MKTESTS is yes.

Note that building with WITH_TESTS is still broken at this point (and
hence why WITHOUT_TESTS is the set as the default). Subsequent pullups
will fix the remaining issues.

Split and extend bsd.test.mk into {atf,plain,tap}.test.mk.

This is a MFC of:

- r256761 Clearly split the logic to build ATF and plain tests apart.
- r256762 Add the automatic generation of Atffile files.
- r256763 Add the automatic generation of Kyuafile files.
- r256764 Plug atf-run into the 'test' target.
- r256765 Plug kyua into the 'test' target.
- r257096 Move the TESTSBASE definition to bsd.own.mk.
- r257099 Add missing plain.test.mk.
- r258297 Remove registration of C++ test programs into PROGS.
- r258298 Fix the build of plain test programs.
- r258551 Install plain.test.mk.
- r259208 Add tap.test.mk.

Approved by: rpaulo (mentor)

MFC 256365
Remove most of the ATF tools and the _atf user.

Approved by: re

Copy head (r256279) to stable/10 as part of the 10.0-RELEASE cycle.

Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation

Simple unit-tests for libcrypt, to show how easy it is.

Approved by: marcel (mentor)

Stop using auth_getval() now that it always returns NULL. Instead,
hardcode the default to what it would be if we didn't hardcode it,
i.e. DES if supported and MD5 otherwise.

MFC after: 3 weeks

mdoc: minor Bl improvements.

Make the item numbers match the crypt magic number

PR: docs/166497
Submitted by: Mike Kelly <pioto@pioto.org>
Approved by: cperciva
MFC after: 1 week

Remove superfluous paragraph macro.

s/shaN_crypt/crypt_shaN/g to be a more consistent with the existing naming.

Reviewed by: markm

Protect the reachover built symbols after the SHA256/512 crypt(3) addition.

Document SHA256/512 modes.

MFC after: 1 month

Add SHA256/512 ($5$ and $6$) to crypt(3). Used in linux-world, doesn't
hurt us.

PR: misc/124164
Submitted by: KIMURA Yasuhiro < yasu utahime org >
MFC after: 1 month

Build lib/ with WARNS=6 by default.

Similar to libexec/, do the same with lib/. Make WARNS=6 the norm and
lower it when needed.

I'm setting WARNS?=0 for secure/. It seems secure/ includes the
Makefile.inc provided by lib/. I'm not going to touch that directory.
Most of the code there is contributed anyway.

Bump the version of all non-symbol-versioned shared libraries in
preparation for 8.0-RELEASE. Add the previous version of those
libraries to ObsoleteFiles.inc and bump __FreeBSD_Version.

Reviewed by: kib
Approved by: re (rwatson)

Bump library versions in preparation for 7.0.

Ok'd by: kan

cipher(3) is gone.

MFC after: 3 days

Provide alternate default for SHLIBDIR before bsd.own.mk does this.

Reported by: phk

Reimplementation of world/kernel build options. For details, see:

http://lists.freebsd.org/pipermail/freebsd-current/2006-March/061725.html

The src.conf(5) manpage is to follow in a few days.

Brought to you by: imp, jhb, kris, phk, ru (all bugs are mine)

Bump the shared library version number of all libraries that have not
been bumped since RELENG_5.

Reviewed by: ru
Approved by: re (not needed for commit check but in principle...)

Fixed the misplaced $FreeBSD$.

Sort sections.

NOCRYPT -> NO_CRYPT

For variables that are only checked with defined(), don't provide
any fake value.

Mechanically kill hard sentence breaks.

Stage 3 of dynamic root support. Make all the libraries needed to run
binaries in /bin and /sbin installed in /lib. Only the versioned files
reside in /lib, the .so symlink continues to live /usr/lib so the
toolchain doesn't need to be modified.

The .Fn function

Tidy the code up a fraction. Re-release with a 2-clause BSD license
with the kind permission of the author/copyright holder.

Thanks to: phk

Add a new hash type. This "NT-hash" is compatible with the password
hashing scheme used in Microsoft's NT machines. IT IS NOT SECURE!
DON'T USE IT! This is for the use of competent sysadmins only!

Submitted by: Michael Bretterklieber

Retire the useless NOSECURE knob.

Approved by: re (scottl)

english(4) police.

crypt(3) incorrectly documents md5 salt, fixed.

PR: 36782
No objections from: ru
MFC after: 3 days

Fix grammer in comment.

Submitted by: Engin Gunduz <engin@ripe.net>

Modernize my email-address.

Darn. There is (now was) a signed/unsigned issue that resulted in a
very long loop.

Reported by: nnd@mail.nsk.ru (Nickolay Dudorov)

No functional change, but big code cleanup. WARNS, lint(1) and style(9).

s/crypt_format/crypt_default/ to match reality.

PR: docs/32787
Spotted by: Pete Carah <pete@altadena.net>

mdoc(7) police: Use the new .In macro for #include statements.

Implement __FBSDID()

Remove out-of-date "cannot be exported from USA" notice.

Removed duplicate VCS ID tags, as per style(9).

Remove whitespace at EOL.

mdoc(7) police: removed punctuation after the last SEE ALSO xref.

mdoc(7) police: removed HISTORY info from the .Os call.

mdoc(7) police: remove extraneous .Pp before and/or after .Sh.

Remove duplicate words.

MAN[1-9] -> MAN.

Help standalone builds by getting libutil.h from src/lib/libutil

mdoc(7) police: ``It'' macro does not take argument in -enum lists.
(In -mdocNG, this only causes warning. In current implementation,
it is fatal.)

Pointy hat to: markm (for not checking stderr)

Add OpenBSD-style blowfish password hashing. This makes one less
gratuitous difference between us and our sister project.

This was given to me _ages_ ago. May apologies to Paul for the length
of time its taken me to commit.

Obtained from: Niels Provos <provos@physnet.uni-hamburg.de>/OpenBSD
Submitted by: Paul Herman <pherman@frenchfries.net>

Prepare for mdoc(7)NG.

Reflect rev 1.18 in crypt.c. Note that this section is somewhat
mangled and could do with some word-smithing.

Hindsight is wonderful, but I got cold feet over the crypt(3) default
so I am backing it out for now. The problem is that some random program
calling crypt() could be passing a DES salt and the crypt(3) library
would encrypt it in md5 mode and there would be a password mismatch as a
result. I wrote a validater function for the DES code to verify that
a salt is valid for DES, but I realized there were too many strange things
to go wrong. passwd(1), pw(8) etc still generate md5 passwords by default
for /etc/master.passwd, so this is almost academic. It is a big deal for
things that have their own crypt(3)-ed password strings (.htaccess,
etc etc). Those are the things I do not want to break.

My DES salt recognizer basically checked if the salt was either 2 or
13 characters long, or began with '_' (_PASSWORD_EFMT1). I think it
would have worked but I have seen way too much crypt() mishandling
in the past.

Merge into a single US-exportable libcrypt, which only provides
one-way hash functions for authentication purposes. There is no more
"set the libcrypt->libXXXcrypt" nightmare.
- Undo the libmd.so hack, use -D to hide the md5c.c internals.
- Remove the symlink hacks in release/Makefile
- the algorthm is set by set_crypt_format() as before. If this is
not called, it tries to heuristically figure out the hash format, and
if all else fails, it uses the optional auth.conf entry to chose the
overall default hash.
- Since source has non-hidden crypto in it there may be some issues with
having the source it in some countries, so preserve the "secure/*"
division. You can still build a des-free libcrypt library if you want
to badly enough. This should not be a problem in the US or exporting
from the US as freebsd.org had notified BXA some time ago. That makes
this stuff re-exportable by anyone.
- For consistancy, the default in absence of any other clues is md5. This
is to try and minimize POLA across buildworld where folk may suddenly
be activating des-crypt()-hash support. Since the des hash may not
always be present, it seemed sensible to make the stronger md5 algorithm
the default.
All things being equal, no functionality is lost.

Reviewed-by: jkh

(flame-proof suit on)

log

Still have to support libscrypt for now :( Add #defines to take DES
out for it.

How did you sneak in...

Add working and easy crypt(3)-switching. Yes, we need a whole new API
for crypt(3) by now. In any case:

Add crypt_set_format(3) + documentation to -lcrypt.
Add login_setcryptfmt(3) + documentation to -lutil.
Support for switching crypt formats in passwd(8).
Support for switching crypt formats in pw(8).

The simple synopsis is:
edit login.conf; add a passwd_format field set to "des" or "md5"; go nuts :)

Reviewed by: peter

Oops, remove vestigial reference to SHS passwords.

Introduce .Lb macro to libcrypt manpage.
Make it more mdoc(7) compliant:
. use .Tn for DES, MD5 andSHS.
. Replace double quotes with .Dq macro
. use An/Aq scheme for listing authors

A bunch of factual corrections.

Fixed missing include in synopsis.

Zap SHA1 password support. This will be re-implemented at a later date.

Fixed a formatting error in the prototype for crypt().

Make a dlopen failure consistant with dlsym(). "Shouldn't happen."

patch glitch

Remove -lmd. Use dlopen() and dlsym() instead for calls to the MD5* and
SHA* routines so that callers of libcrypt are not exposed to the internal
implementation.

Never return NULL, always return a hash.

Submitted by: dt

Someone changed major numbers of the libraries from 2 to 3 for 0 (zero) reasons.
Revert the major number back to 2.

libcrypt only export one function, before the recent changes and now:
char *crypt(const char *key, const char *salt);
The prototype didn't changed. Internal representation of `char' and `char *'
didn't changed. Therefore, there is no reason to change the version number.

Somebody deleted the SONAME override causing the symlink to be expanded
at link time and the target name compiled into the binaries. ie:
everything used libscrypt or libdescrypt explicitly.

Big code cleanup. (Inspired by Brandon Gillespie). Also move as
much as possible away from secure/ to make extending easier.

$Header$ -> $FreeBSD$

$Id$ -> $FreeBSD$

Simplified using new SYMLINKS macro, mainly to test this macro. The
ifdefs are too ugly for this to be much of a simplification. The
existence tests are even uglier now. Note that the previous commit
was not submitted by me. It missed the point and just added a second
layer of unused removals.

Fixed hard-coded "libcrypt"s. The LCRYPTBASE macro mainly makes
things hard to read, but use it while we have it.

Fix symlinking. Without the -f "force" option, the wrong version
can be found.
Submitted by: Bruce

The new crypt code broke "make world". Back it out.

Moved from the old secure/lib/libcrypt area, because of the rewrite to how
the Makefile handles des support by just including the single .c file.

Reviewed by: Mark Murray

Rewrite of crypt library to be more modular, and addition of the
Secure Hashing Algorithm - 1 (SHA-1), along with the further
refinement of what $x$salt$hash means. With this new crypt the
following are all acceptable:

$1$
$MD5$
$SHA1$

Note: $2$ is used by OpenBSD's Blowfish, which I considered adding
as $BF$, but there is no actual need for it with SHA-1. However,
somebody wishing to add OpenBSD password support could easilly add
it in now.

There is also a malloc_crypt() available in the library now, which
behaves exactly the same as crypt(), but it uses a malloced buffer
instead of a static buffer. However, this is not standard so will
likely not be used much (at all).

Also, for those interested I did a brief speed test Pentium 166/MMX,
which shows the DES crypt to do approximately 2640 crypts a CPU second,
MD5 to do about 62 crypts a CPU second and SHA1 to do about 18 crypts
a CPU second.

Reviewed by: Mark Murray

Fixed the elf case of the creation of the libcrypt.so -> libscrypt->so
link. Shared libraries are in ${SHLIBDIR}, not necessarily in ${LIBDIR}.

BINFORMAT -> OBJFORMAT ready for E-day.

BINFORMAT -> OBJFORMAT ready for E-day.

Turn on the rcsid storage so that it's easier to tell the difference
between libscrypt.a and libdescrypt.a

When compiling under elf, use correct library naming conventions. Also
add the required extra symlink. Set the -soname to libcrypt.so so that
the symlink is used at runtime rather than resolved at compile time.

Revert $FreeBSD$ to $Id$

Make the long-awaited change from $Id$ to $FreeBSD$

This will make a number of things easier in the future, as well as (finally!)
avoiding the Id-smashing problem which has plagued developers for so long.

Boy, I'm glad we're not using sup anymore. This update would have been
insane otherwise.

A couple of minor nits.

Submitted by: Craig Leres <leres@ee.lbl.gov>
Submitted by: Theo Deraadt <deraadt@theos.com>

General -Wall warning cleanup, part I.
Submitted-By: Kent Vander Velden <graphix@iastate.edu>

Remove trailing whitespace.

Install shared libraries in ${DESTDIR}${SHLIBDIR} instead of in
$(DESTDIR)/$(LIBDIR) (I need SHLIBDIR. The / was a bug and the
$(...) style was inconsistent.)

Install ordinary libraries in ${DESTDIR}${LIBDIR} instead of in
$(DESTDIR)/$(LIBDIR).

Change remaining $(...) to ${...}.

*** ATTENTION *** YOU MIGHT BE ABOUT TO BE HOSED *** ATTENTION ***

This effectively changes the non-DES password algoritm.

If you have the "securedist" installed you will have no problems with this.
(Though you might want to consider using this password-encryption instead
of the DES-based if your system is likely to be hacked)

If you are running a -current system without the "securedist" installed:
YOU WILL NEED TO CHANGE ALL PASSWORDS !! There is no backwards mode.

Suggested procedure is:
Update your sources
cd /usr/src/lib/libcrypt
make clean
make all
make install
passwd root
<set roots new password>
change password for any other users on the system.

This algorithm is expected to be much better than the traditional DES-
based algorithm. It uses the MD5 algorithm at what it is best at, as
opposed to the DES algorithm at something it isn't good at at all. The
algorithm is designed such that it should very hard to shortcut the
calculations needed to build a dictionary, and to make partial knowledge
(Hmm, his password starts with a 'P'...) useless. Of course if somebody
breaks the MD5 algorithm this looses too.

The salt is 48 bits (8 char @ base64).
The encrypted password is 128 bits.

And I am positively delighted to say that it takes 34 msec to crypt() a
password on a Pentium/60Mhz, so building a dictionary is not really an
option for hackers at the moment.

Fix afterinstall rule for generating links to the real libcrypt
Submitted by: geoff

Fix afterinstall rule for NOSHARED case
Submitted by: Geoff Rehmet

The password scrambler now becomes libscrypt, and libcrypt is
a symlink to it. (The real libcrypt will be installed as libdescrypt.)
Submitted by: Geoff.

This commit was generated by cvs2svn to compensate for changes in r1984,
which included commits to RCS files with non-trunk default branches.