#
1.13 |
|
22-Jan-2024 |
deraadt |
make login.conf(5) and crypt_newhash(3) and the underlying code consistant regarding bcrypt,a instead of blowfish,a. "blowfish" is a historical alias which we don't need to document as firmly as "bcrypt". report about difficult manual page discovery from ataraxia937 ok millert
|
Revision tags: OPENBSD_5_9_BASE OPENBSD_6_0_BASE OPENBSD_6_1_BASE OPENBSD_6_2_BASE OPENBSD_6_3_BASE OPENBSD_6_4_BASE OPENBSD_6_5_BASE OPENBSD_6_6_BASE OPENBSD_6_7_BASE OPENBSD_6_8_BASE OPENBSD_6_9_BASE OPENBSD_7_0_BASE OPENBSD_7_1_BASE OPENBSD_7_2_BASE OPENBSD_7_3_BASE OPENBSD_7_4_BASE
|
#
1.12 |
|
13-Sep-2015 |
guenther |
Wrap <pwd.h> so that calls go direct and the symbols are all weak. Hide bcrypt_autorounds(), prefixing with an underbar for static builds.
|
#
1.11 |
|
12-Sep-2015 |
guenther |
Wrap <unistd.h> so that internal calls go direct and they're all weak symbols Delete unused 'fd' argument from internal function oldttyname()
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.10 |
|
23-Jul-2015 |
tedu |
permit "bcrypt" as an alias for "blowfish". this is, after all, what 99% of the world calls it. allow just "bcrypt" without params to mean auto-tune ("bcrypt,a"). default remains 8 rounds (for now) ok deraadt
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.9 |
|
24-Feb-2015 |
tedu |
Set errno to EINVAL, instead of letting ERANGE escape out. Printing strerror() in that case will say result too large, even if rounds is actually too small. invalid is less specific, but less incorrect. ok millert
|
#
1.8 |
|
15-Jan-2015 |
chl |
remove unused variable
ok tedu@
|
#
1.7 |
|
30-Dec-2014 |
tedu |
copy bcrypt autotune from encrypt(1) and expose via crypt_newhash ok deraadt miod
|
#
1.6 |
|
24-Dec-2014 |
tedu |
simplify crypt_checkpass. The API promise is that this function doesn't use global data. The simplest fix is to only check blowfish passwords, and implicitly lock out DES passwords. crypt_checkpass is currently only used in one place, passwd, to verify the local user's password, so this is probably acceptable. Gives people a little more time to migrate away from DES before introduing checkpass into more places.
|
#
1.5 |
|
24-Nov-2014 |
tedu |
check crypt() for null. noticed by Jonas Termansen
|
#
1.4 |
|
21-Nov-2014 |
schwarze |
Let crypt_checkpass() set EACCES after bcrypt_checkpass() failure; ok tedu@
|
#
1.3 |
|
21-Nov-2014 |
tedu |
change prototype for crypt_newhash. the login_cap_t is a holdover from its pwd_gensalt origins, but a string argument works equally work and is more friendly to consumers beyond local user accounts. ok deraadt
|
#
1.2 |
|
17-Nov-2014 |
tedu |
add new function crypt_newhash to simplify creating new hashes. does most of the work pwd_gensalt did, but also creates the hash. (unused yet)
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.1 |
|
12-May-2014 |
tedu |
remove md5crypt. while changing things, add a crypt_checkpass wrapper that handles most of the edge cases. (not quite ready for production, though.) ok deraadt
|
Revision tags: OPENBSD_5_9_BASE OPENBSD_6_0_BASE OPENBSD_6_1_BASE OPENBSD_6_2_BASE
|
#
1.12 |
|
13-Sep-2015 |
guenther |
Wrap <pwd.h> so that calls go direct and the symbols are all weak. Hide bcrypt_autorounds(), prefixing with an underbar for static builds.
|
#
1.11 |
|
12-Sep-2015 |
guenther |
Wrap <unistd.h> so that internal calls go direct and they're all weak symbols Delete unused 'fd' argument from internal function oldttyname()
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.10 |
|
23-Jul-2015 |
tedu |
permit "bcrypt" as an alias for "blowfish". this is, after all, what 99% of the world calls it. allow just "bcrypt" without params to mean auto-tune ("bcrypt,a"). default remains 8 rounds (for now) ok deraadt
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.9 |
|
24-Feb-2015 |
tedu |
Set errno to EINVAL, instead of letting ERANGE escape out. Printing strerror() in that case will say result too large, even if rounds is actually too small. invalid is less specific, but less incorrect. ok millert
|
#
1.8 |
|
15-Jan-2015 |
chl |
remove unused variable
ok tedu@
|
#
1.7 |
|
30-Dec-2014 |
tedu |
copy bcrypt autotune from encrypt(1) and expose via crypt_newhash ok deraadt miod
|
#
1.6 |
|
24-Dec-2014 |
tedu |
simplify crypt_checkpass. The API promise is that this function doesn't use global data. The simplest fix is to only check blowfish passwords, and implicitly lock out DES passwords. crypt_checkpass is currently only used in one place, passwd, to verify the local user's password, so this is probably acceptable. Gives people a little more time to migrate away from DES before introduing checkpass into more places.
|
#
1.5 |
|
24-Nov-2014 |
tedu |
check crypt() for null. noticed by Jonas Termansen
|
#
1.4 |
|
21-Nov-2014 |
schwarze |
Let crypt_checkpass() set EACCES after bcrypt_checkpass() failure; ok tedu@
|
#
1.3 |
|
21-Nov-2014 |
tedu |
change prototype for crypt_newhash. the login_cap_t is a holdover from its pwd_gensalt origins, but a string argument works equally work and is more friendly to consumers beyond local user accounts. ok deraadt
|
#
1.2 |
|
17-Nov-2014 |
tedu |
add new function crypt_newhash to simplify creating new hashes. does most of the work pwd_gensalt did, but also creates the hash. (unused yet)
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.1 |
|
12-May-2014 |
tedu |
remove md5crypt. while changing things, add a crypt_checkpass wrapper that handles most of the edge cases. (not quite ready for production, though.) ok deraadt
|