History log of /freebsd-10.3-release/secure/lib/libcrypt/
Revision Date Author Comments
(<<< Hide modified files)
(Show modified files >>>)
296373 04-Mar-2016 marius

- Copy stable/10@296371 to releng/10.3 in preparation for 10.3-RC1
builds.
- Update newvers.sh to reflect RC1.
- Update __FreeBSD_version to reflect 10.3.
- Update default pkg(8) configuration to use the quarterly branch.

Approved by: re (implicit)

266816 28-May-2014 delphij

MFC r265995:

Switch using the new $2b$ format by default, when bcrypt is used.

Relnotes: default Blowfish crypt(3) format have been changed to $2b$.


263783 27-Mar-2014 delphij

MFC r262501:

Refresh our implementation of OpenBSD's Blowfish password format.

Notable changes:

- Support of $2b$ password format to address a problem where very
long passwords (more than 256 characters, when an integer
overflow would happen and cause the length to wrap at 256).
- Updated pseudo code in comments to reflect the reality.
- Removed our local shortcut of processing magic string and rely
on the centralized and tigntened validation.
- Diff reduction from upstream.

For now we are still generating the older $2a$ format of password
but we will migrate to the new format once the format is formally
finalized.


256281 10-Oct-2013 gjb

Copy head (r256279) to stable/10 as part of the 10.0-RELEASE cycle.

Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation


236304 30-May-2012 bz

Update the previous openssl fix. [12:01]

Fix a bug in crypt(3) ignoring characters of a passphrase. [12:02]

Security: FreeBSD-SA-12:01.openssl (revised)
Security: FreeBSD-SA-12:02.crypt
Approved by: so (bz, simon)


231986 22-Feb-2012 kevlo

Return NULL on error rather than ":", per the crypt(3) man page.
Discussed in: http://www.openwall.com/lists/oss-security/2011/11/15/3


115719 02-Jun-2003 markm

Strip the private blowfish code down to only that which is
required to make crypt(3) blowfish "$2a$..." hashes. Lint and
warnsify.


91754 06-Mar-2002 markm

No functional change, but big code cleanup. WARNS, lint(1) and style(9).


90868 18-Feb-2002 mike

o Move NTOHL() and associated macros into <sys/param.h>. These are
deprecated in favor of the POSIX-defined lowercase variants.
o Change all occurrences of NTOHL() and associated marcros in the
source tree to use the lowercase function variants.
o Add missing license bits to sparc64's <machine/endian.h>.
Approved by: jake
o Clean up <machine/endian.h> files.
o Remove unused __uint16_swap_uint32() from i386's <machine/endian.h>.
o Remove prototypes for non-existent bswapXX() functions.
o Include <machine/endian.h> in <arpa/inet.h> to define the
POSIX-required ntohl() family of functions.
o Do similar things to expose the ntohl() family in libstand, <netinet/in.h>,
and <sys/param.h>.
o Prepend underscores to the ntohl() family to help deal with
complexities associated with having MD (asm and inline) versions, and
having to prevent exposure of these functions in other headers that
happen to make use of endian-specific defines.
o Create weak aliases to the canonical function name to help deal with
third-party software forgetting to include an appropriate header.
o Remove some now unneeded pollution from <sys/types.h>.
o Add missing <arpa/inet.h> includes in userland.

Tested on: alpha, i386
Reviewed by: bde, jake, tmm


85358 23-Oct-2001 peter

__FBSDID() (second half of src/lib/libcrypt changes)


74106 11-Mar-2001 markm

Add OpenBSD-style blowfish password hashing. This makes one less
gratuitous difference between us and our sister project.

This was given to me _ages_ ago. May apologies to Paul for the length
of time its taken me to commit.

Obtained from: Niels Provos <provos@physnet.uni-hamburg.de>/OpenBSD
Submitted by: Paul Herman <pherman@frenchfries.net>


70419 28-Dec-2000 peter

Merge into a single US-exportable libcrypt, which only provides
one-way hash functions for authentication purposes. There is no more
"set the libcrypt->libXXXcrypt" nightmare.
- Undo the libmd.so hack, use -D to hide the md5c.c internals.
- Remove the symlink hacks in release/Makefile
- the algorthm is set by set_crypt_format() as before. If this is
not called, it tries to heuristically figure out the hash format, and
if all else fails, it uses the optional auth.conf entry to chose the
overall default hash.
- Since source has non-hidden crypto in it there may be some issues with
having the source it in some countries, so preserve the "secure/*"
division. You can still build a des-free libcrypt library if you want
to badly enough. This should not be a problem in the US or exporting
from the US as freebsd.org had notified BXA some time ago. That makes
this stuff re-exportable by anyone.
- For consistancy, the default in absence of any other clues is md5. This
is to try and minimize POLA across buildworld where folk may suddenly
be activating des-crypt()-hash support. Since the des hash may not
always be present, it seemed sensible to make the stronger md5 algorithm
the default.
All things being equal, no functionality is lost.

Reviewed-by: jkh

(flame-proof suit on)


64918 22-Aug-2000 green

Add working and easy crypt(3)-switching. Yes, we need a whole new API
for crypt(3) by now. In any case:

Add crypt_set_format(3) + documentation to -lcrypt.
Add login_setcryptfmt(3) + documentation to -lutil.
Support for switching crypt formats in passwd(8).
Support for switching crypt formats in pw(8).

The simple synopsis is:
edit login.conf; add a passwd_format field set to "des" or "md5"; go nuts :)

Reviewed by: peter


57582 29-Feb-2000 kris

Add NODESCRYPTLINKS knob to prevent spamming of libcrypt -> libscrypt
symlinks. The name is against my better judgement, but I defer to ancient
tradition here because I'm a nice guy.

Reviewed by: -current


55688 09-Jan-2000 kris

Really really remove SHA-1 support.


55585 08-Jan-2000 jkh

Remove the SHA stuff properly.


54829 19-Dec-1999 peter

I missed the LDADD/DPADD for -lmd in the secure cases. :-(

Pointed out by: marcel


51524 21-Sep-1999 markm

Colour me stupid. This is a better way of using the macros.


51511 21-Sep-1999 markm

Do this the same way as Internat to reduce diffs.


51510 21-Sep-1999 dt

Someone changed major numbers of the libraries from 2 to 3 for 0 (zero) reasons.
Revert the major number back to 2.

libcrypt only export one function, before the recent changes and now:
char *crypt(const char *key, const char *salt);
The prototype didn't changed. Internal representation of `char' and `char *'
didn't changed. Therefore, there is no reason to change the version number.


51507 21-Sep-1999 peter

Restore SONAME setting, otherwise libdescrypt.so.3 doesn't end up with
a special SONAME of libcrypt.so.3 and the runtime symlink doesn't work.


51461 20-Sep-1999 markm

Make this completely dependant on the exportable libcrypt, to avoid
duplication of effort. Also a large cleanup of the code, inspired
by Brandon Gillespie.


50488 28-Aug-1999 peter

$Header$ -> $FreeBSD$


50479 28-Aug-1999 peter

$Id$ -> $FreeBSD$


49830 15-Aug-1999 mpp

Various man page cleanup:

- Be consistent with section names as outlined in mdoc(7).
- Other misc mdoc cleanup.


43152 24-Jan-1999 markm

Fix symlinking. Without the -f "force" option, the wrong version
can be found.
Submitted by: Bruce


43091 23-Jan-1999 markm

The new crypt code breaks "make world". Back it out.


42983 21-Jan-1999 brandon

Removed from the secure/lib/libcrypt area, because of the rewrite to how
the Makefile handles des support by just including the single .c file.

Reviewed by: Mark Murray


38664 31-Aug-1998 jb

BINFORMAT -> OBJFORMAT ready for E-day. Untested 'cause I'm outside
the US and not allowed to see this. I kept my eyes closed. 8-)


29147 05-Sep-1997 peter

Teach libdescrypt about elf builds.


22990 22-Feb-1997 peter

Revert $FreeBSD$ to $Id$


21673 14-Jan-1997 jkh

Make the long-awaited change from $Id$ to $FreeBSD$

This will make a number of things easier in the future, as well as (finally!)
avoiding the Id-smashing problem which has plagued developers for so long.

Boy, I'm glad we're not using sup anymore. This update would have been
insane otherwise.


16663 24-Jun-1996 jkh

Bring in my changes for removing the pestilent obj links (unless you
really want them) from /usr/src. This is the final version of the
patches, incorporating the feedback I've received from -current.


15228 13-Apr-1996 markm

Split libcrypt and libcipher man pages.


14168 21-Feb-1996 jkh

Add back missing crypt.3 man page.


12884 16-Dec-1995 markm

Dual personality crypt(3). This crypt will choose its encryption algorithm
(DES or MD5) based on the type of salt used. Salt beginning with "$1$"
indicates MD5.


8871 30-May-1995 rgrimes

Remove trailing whitespace.


2900 19-Sep-1994 csgr

More elegant fix for short settings.
(Our existing fixes already plugged the security holes involved.)
Submitted by: Geoff Rehmet after consultation with David Burren


2539 07-Sep-1994 pst

Back out static hacks & build of usr.bin until Geoff informs the
world of his master plan.

Submitted by: pst


2536 07-Sep-1994 pst

Remove static in front of declarations for des_setkey and des_cipher
so that linking against -lcrypt (-ldescrypt) will give us the good
versions instead of the stubs in libc. (These changes need to be
made to the non-US version of libdescrypt too!)

Allow building and support for bdes program.
A bit more work still needs to be done on secure telnet.

Submitted by: pst


2306 26-Aug-1994 wollman

Hopefully fix bogus permissions.


2300 26-Aug-1994 wollman

Install libdescrypt.so immutable.


2156 20-Aug-1994 csgr

Fix afterinstall rule for generating links to the real libcrypt
Submitted by: Geoff


2046 12-Aug-1994 csgr

when making test programs, look for libdescrypt, not libcrypt
Submitted by: Geoff Rehmet


2044 12-Aug-1994 csgr

1) don't make bdes yet
2) fix .include in secure/lib/Makefile.inc
3) fix afterinstall rule in libcrypt/Makefile
Submitted by: Geoff Rehmet


1990 09-Aug-1994 csgr

Install secure/lib/libcrypt as libdescrypt, and symlink it to
libcrypt. There may be a little modification neede to this makefile once
we start working on tidy make world's.
Submitted by: geoff.


1959 08-Aug-1994 csgr

Modify libcrypt so that the only exported symbol is _crypt().
Submitted by: Geoff Rehmet


1957 08-Aug-1994 csgr

This commit was generated by cvs2svn to compensate for changes in r1956,
which included commits to RCS files with non-trunk default branches.


1956 08-Aug-1994 csgr

Unecumbered securedist from FreeBSD 1.1.5.1 - sources for libcrypt.
The next commit will remove all symbols except _crypt()
Reviewed by: Geoff Rehmet
Submitted by: David Burren