#
1.52 |
|
10-Feb-2022 |
robert |
unveil _PATH_LOGIN_CONF_D
|
Revision tags: OPENBSD_7_0_BASE
|
#
1.51 |
|
12-Jul-2021 |
beck |
Change the error reporting pattern throughout the tree when unveil fails to report the path that the failure occured on. Suggested by deraadt@ after some tech discussion.
Work done and verified by Ashton Fagg <ashton@fagg.id.au>
ok deraadt@ semarie@ claudio@
|
Revision tags: OPENBSD_6_6_BASE OPENBSD_6_7_BASE OPENBSD_6_8_BASE OPENBSD_6_9_BASE
|
#
1.50 |
|
14-Sep-2019 |
semarie |
correct some unveil(2) violations due to "login.conf.db" access (the .db version of "login.conf"), and stat(2) on _PATH_MASTERPASSWD_LOCK (via pw_mkdb(3)).
problem initially noted by myself for passwd(1) millert@ reported similar problem on chpass(1), su(1), doas(1) and encrypt(1) mestre@ noted chpass(1) too
ok mestre@ millert@
|
Revision tags: OPENBSD_6_4_BASE OPENBSD_6_5_BASE
|
#
1.49 |
|
03-Aug-2018 |
deraadt |
The first unveil userland commit!
unveil _PATH_LOGIN_CONF (/etc/login.conf) which is used by login_getclass(3) and family before doing password encode. This is the only filename used by the program during runtime, everything else happens on stdin/stdout.
|
#
1.48 |
|
03-Aug-2018 |
deraadt |
This does not need pledge "wpath"
|
Revision tags: OPENBSD_6_2_BASE OPENBSD_6_3_BASE
|
#
1.47 |
|
24-May-2017 |
mestre |
Use freezero instead of explicit_bzero+free
OK tb@
|
#
1.46 |
|
03-May-2017 |
mestre |
Use the safe idiom of cleaning sensitive data from memory with explicit_bzero, instead of relying on other methods, after readpassphrase. Some programs on this diff won't benefit that much since it happens near the terminal path, but someone might copy the unsafe idiom to another program and place it where it may leak sensitive data.
Discussed aeons ago with tb@, OK deraadt@ and beck@
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.45 |
|
04-Sep-2016 |
tb |
usage() is static and __dead; add prototype for print_passwd; return instead of exit from main
|
#
1.44 |
|
02-Sep-2016 |
tedu |
_PASSWORD_LEN is length that comes out of crypt(), not a meaningful length for user entered passwords. And the +1 is just superstitious nonsense inherited from getpass() guts. Switch to a pleasing fixed size of 1024. ok millert
|
#
1.43 |
|
02-Sep-2016 |
tedu |
convert getpass to readpassphrase. from Dimitris Papastamos
|
Revision tags: OPENBSD_5_9_BASE OPENBSD_6_0_BASE
|
#
1.42 |
|
10-Oct-2015 |
doug |
encrypt(1) also needs to pledge "wpath" for getpass().
getpass() opens /dev/tty RW so it can write the prompt.
ok deraadt@
|
#
1.41 |
|
10-Oct-2015 |
deraadt |
pledge "stdio rpath tty". rpath for the configuration reading done by login* subsystem, tty for readpassphase() ok beck
|
Revision tags: OPENBSD_5_7_BASE OPENBSD_5_8_BASE
|
#
1.40 |
|
26-Feb-2015 |
tedu |
Wrap a long line. Use explicit_bzero. Fix comment describing extra. From Andre Smagin Also, should be safe to print errno from newhash() now. ok millert
|
#
1.39 |
|
24-Feb-2015 |
tedu |
increase prefbuf size so that 'encrypt -b 000000000000000000000012' works. noticed by Andre Smagin. also check snprintf for overflow so we get better error messages if somebody decides to pad with even more zeroes, and avoid possible truncations.
|
#
1.38 |
|
15-Jan-2015 |
chl |
remove unused variable
ok tedu@
|
#
1.37 |
|
05-Jan-2015 |
tedu |
encrypt can use the scrypt scaling code in libc now via crypt_newhash
|
#
1.36 |
|
04-Jan-2015 |
deraadt |
fix -b a mode, spotted by rpe
|
#
1.35 |
|
29-Dec-2014 |
tedu |
impose some limits on the ideal rounds so nothing too crazy happens when the clock results are weird
|
#
1.34 |
|
24-Dec-2014 |
tedu |
simplify. bcrypt only support and use newer libc APIs. no makekey emul. ok deraadt schwarze is a little sad to see the last 1/8 shared man page go, but we have a support program in place, called the attic.
|
#
1.33 |
|
03-Nov-2014 |
tedu |
hoist blowfish up and use bcrypt_newhash directly
|
#
1.32 |
|
03-Sep-2014 |
jmc |
remove -m from usage();
|
#
1.31 |
|
03-Sep-2014 |
giovanni |
kill md5 support, broken since May ok tedu@
|
Revision tags: OPENBSD_5_5_BASE OPENBSD_5_6_BASE
|
#
1.30 |
|
12-Nov-2013 |
deraadt |
simpler prototype repairs
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.29 |
|
23-May-2013 |
tedu |
allow auto scaling bcrypt rounds by CPU power. ok deraadt jmc sthen
|
Revision tags: OPENBSD_4_2_BASE OPENBSD_4_3_BASE OPENBSD_4_4_BASE OPENBSD_4_5_BASE OPENBSD_4_6_BASE OPENBSD_4_7_BASE OPENBSD_4_8_BASE OPENBSD_4_9_BASE OPENBSD_5_0_BASE OPENBSD_5_1_BASE OPENBSD_5_2_BASE OPENBSD_5_3_BASE
|
#
1.28 |
|
14-Jul-2007 |
krw |
Don't trim whitespace from stdin. Encrypt it the same as other input sources. Feedback and fixes from ray@ and fgsch@.
ok millert@ (six years ago) ray@ fgsch@
|
#
1.27 |
|
01-May-2007 |
jdixon |
use strtonum; ok millert@
|
#
1.26 |
|
20-Mar-2007 |
tedu |
remove some bogus *p tests from charles longeau ok deraadt millert
|
Revision tags: OPENBSD_4_1_BASE
|
#
1.25 |
|
06-Mar-2007 |
jmc |
tidy up synopsis and usage(); from Igor Sobrado
|
#
1.24 |
|
02-Nov-2006 |
ray |
There is no need to trim an empty string any further, just return it.
OK moritz@.
|
Revision tags: OPENBSD_4_0_BASE
|
#
1.23 |
|
27-May-2006 |
moritz |
Handle crypt(3) returning NULL. Found by Gustavo C. Pereira.
ok deraadt@
|
#
1.22 |
|
02-Apr-2006 |
deraadt |
oops, to64() is shared.
|
Revision tags: OPENBSD_3_6_BASE OPENBSD_3_7_BASE OPENBSD_3_8_BASE OPENBSD_3_9_BASE
|
#
1.21 |
|
13-Jul-2004 |
millert |
passwd.conf has been deprecated since login.conf was imported. Today it finally dies. Based on a diff from Gabriel Kihlman.
|
Revision tags: OPENBSD_3_5_BASE
|
#
1.20 |
|
23-Nov-2003 |
otto |
Check getpass(3) return value. From Jared Yanovich <jjy2+ at pitt dot edu>
ok henning@
|
Revision tags: OPENBSD_3_4_BASE
|
#
1.19 |
|
02-Jul-2003 |
deraadt |
protos
|
#
1.18 |
|
14-Jun-2003 |
millert |
Add a "-c class" option to specify that the given login class should be used to find the cipher to user.
|
#
1.17 |
|
06-Apr-2003 |
deraadt |
strlcpy
|
Revision tags: OPENBSD_3_1_BASE OPENBSD_3_2_BASE OPENBSD_3_3_BASE
|
#
1.16 |
|
16-Feb-2002 |
millert |
Part one of userland __P removal. Done with a simple regexp with some minor hand editing to make comments line up correctly. Another pass is forthcoming that handles the cases that could not be done automatically.
|
Revision tags: OPENBSD_3_0_BASE
|
#
1.15 |
|
31-Jul-2001 |
millert |
KNF + some ANSIfication
|
#
1.14 |
|
31-Jul-2001 |
millert |
Call pwd_gensalt() with the correct args and reference login.conf in man page; hideishi@magisystem.net
|
Revision tags: OPENBSD_2_9_BASE
|
#
1.13 |
|
11-Nov-2000 |
provos |
allow prompt to be specified anywhere on the command line, make it work with md5. prohibit makekey mode and prompt.
|
#
1.12 |
|
10-Nov-2000 |
provos |
seperate -> separate, okay aaron@
|
Revision tags: OPENBSD_2_6_BASE OPENBSD_2_7_BASE OPENBSD_2_8_BASE
|
#
1.11 |
|
03-Sep-1999 |
deraadt |
proto bcrypt_gensalt()
|
#
1.10 |
|
16-Aug-1999 |
art |
include ctype.h for isspace() and fix some declarations
|
#
1.9 |
|
20-May-1999 |
alex |
Add -p flag, prompt for a string with echo off.
|
#
1.8 |
|
19-May-1999 |
alex |
Use fprintf/exit in place of errx for usage display.
|
Revision tags: OPENBSD_2_2_BASE OPENBSD_2_3_BASE OPENBSD_2_4_BASE OPENBSD_2_5_BASE
|
#
1.7 |
|
17-Jun-1997 |
kstailey |
add <stdlib.h> for atoi(), free(), etc.
|
#
1.6 |
|
17-Jun-1997 |
kstailey |
(foo *)NULL -> NULL
|
Revision tags: OPENBSD_2_1_BASE
|
#
1.5 |
|
30-Mar-1997 |
provos |
blowfish + passwd.conf support. fixed md5 salt.
|
#
1.4 |
|
27-Mar-1997 |
downsj |
Fix core dump.
|
Revision tags: OPENBSD_2_0_BASE
|
#
1.3 |
|
26-Aug-1996 |
downsj |
Add an old makekey(8) mode.
|
#
1.2 |
|
08-Aug-1996 |
downsj |
Slightly cleaner.
|
#
1.1 |
|
08-Aug-1996 |
downsj |
encrypt(1), little utility for encrypting passwords from the command line.
|
#
1.51 |
|
12-Jul-2021 |
beck |
Change the error reporting pattern throughout the tree when unveil fails to report the path that the failure occured on. Suggested by deraadt@ after some tech discussion.
Work done and verified by Ashton Fagg <ashton@fagg.id.au>
ok deraadt@ semarie@ claudio@
|
Revision tags: OPENBSD_6_6_BASE OPENBSD_6_7_BASE OPENBSD_6_8_BASE OPENBSD_6_9_BASE
|
#
1.50 |
|
14-Sep-2019 |
semarie |
correct some unveil(2) violations due to "login.conf.db" access (the .db version of "login.conf"), and stat(2) on _PATH_MASTERPASSWD_LOCK (via pw_mkdb(3)).
problem initially noted by myself for passwd(1) millert@ reported similar problem on chpass(1), su(1), doas(1) and encrypt(1) mestre@ noted chpass(1) too
ok mestre@ millert@
|
Revision tags: OPENBSD_6_4_BASE OPENBSD_6_5_BASE
|
#
1.49 |
|
03-Aug-2018 |
deraadt |
The first unveil userland commit!
unveil _PATH_LOGIN_CONF (/etc/login.conf) which is used by login_getclass(3) and family before doing password encode. This is the only filename used by the program during runtime, everything else happens on stdin/stdout.
|
#
1.48 |
|
03-Aug-2018 |
deraadt |
This does not need pledge "wpath"
|
Revision tags: OPENBSD_6_2_BASE OPENBSD_6_3_BASE
|
#
1.47 |
|
24-May-2017 |
mestre |
Use freezero instead of explicit_bzero+free
OK tb@
|
#
1.46 |
|
03-May-2017 |
mestre |
Use the safe idiom of cleaning sensitive data from memory with explicit_bzero, instead of relying on other methods, after readpassphrase. Some programs on this diff won't benefit that much since it happens near the terminal path, but someone might copy the unsafe idiom to another program and place it where it may leak sensitive data.
Discussed aeons ago with tb@, OK deraadt@ and beck@
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.45 |
|
04-Sep-2016 |
tb |
usage() is static and __dead; add prototype for print_passwd; return instead of exit from main
|
#
1.44 |
|
02-Sep-2016 |
tedu |
_PASSWORD_LEN is length that comes out of crypt(), not a meaningful length for user entered passwords. And the +1 is just superstitious nonsense inherited from getpass() guts. Switch to a pleasing fixed size of 1024. ok millert
|
#
1.43 |
|
02-Sep-2016 |
tedu |
convert getpass to readpassphrase. from Dimitris Papastamos
|
Revision tags: OPENBSD_5_9_BASE OPENBSD_6_0_BASE
|
#
1.42 |
|
10-Oct-2015 |
doug |
encrypt(1) also needs to pledge "wpath" for getpass().
getpass() opens /dev/tty RW so it can write the prompt.
ok deraadt@
|
#
1.41 |
|
10-Oct-2015 |
deraadt |
pledge "stdio rpath tty". rpath for the configuration reading done by login* subsystem, tty for readpassphase() ok beck
|
Revision tags: OPENBSD_5_7_BASE OPENBSD_5_8_BASE
|
#
1.40 |
|
26-Feb-2015 |
tedu |
Wrap a long line. Use explicit_bzero. Fix comment describing extra. From Andre Smagin Also, should be safe to print errno from newhash() now. ok millert
|
#
1.39 |
|
24-Feb-2015 |
tedu |
increase prefbuf size so that 'encrypt -b 000000000000000000000012' works. noticed by Andre Smagin. also check snprintf for overflow so we get better error messages if somebody decides to pad with even more zeroes, and avoid possible truncations.
|
#
1.38 |
|
15-Jan-2015 |
chl |
remove unused variable
ok tedu@
|
#
1.37 |
|
05-Jan-2015 |
tedu |
encrypt can use the scrypt scaling code in libc now via crypt_newhash
|
#
1.36 |
|
04-Jan-2015 |
deraadt |
fix -b a mode, spotted by rpe
|
#
1.35 |
|
29-Dec-2014 |
tedu |
impose some limits on the ideal rounds so nothing too crazy happens when the clock results are weird
|
#
1.34 |
|
24-Dec-2014 |
tedu |
simplify. bcrypt only support and use newer libc APIs. no makekey emul. ok deraadt schwarze is a little sad to see the last 1/8 shared man page go, but we have a support program in place, called the attic.
|
#
1.33 |
|
03-Nov-2014 |
tedu |
hoist blowfish up and use bcrypt_newhash directly
|
#
1.32 |
|
03-Sep-2014 |
jmc |
remove -m from usage();
|
#
1.31 |
|
03-Sep-2014 |
giovanni |
kill md5 support, broken since May ok tedu@
|
Revision tags: OPENBSD_5_5_BASE OPENBSD_5_6_BASE
|
#
1.30 |
|
12-Nov-2013 |
deraadt |
simpler prototype repairs
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.29 |
|
23-May-2013 |
tedu |
allow auto scaling bcrypt rounds by CPU power. ok deraadt jmc sthen
|
Revision tags: OPENBSD_4_2_BASE OPENBSD_4_3_BASE OPENBSD_4_4_BASE OPENBSD_4_5_BASE OPENBSD_4_6_BASE OPENBSD_4_7_BASE OPENBSD_4_8_BASE OPENBSD_4_9_BASE OPENBSD_5_0_BASE OPENBSD_5_1_BASE OPENBSD_5_2_BASE OPENBSD_5_3_BASE
|
#
1.28 |
|
14-Jul-2007 |
krw |
Don't trim whitespace from stdin. Encrypt it the same as other input sources. Feedback and fixes from ray@ and fgsch@.
ok millert@ (six years ago) ray@ fgsch@
|
#
1.27 |
|
01-May-2007 |
jdixon |
use strtonum; ok millert@
|
#
1.26 |
|
20-Mar-2007 |
tedu |
remove some bogus *p tests from charles longeau ok deraadt millert
|
Revision tags: OPENBSD_4_1_BASE
|
#
1.25 |
|
06-Mar-2007 |
jmc |
tidy up synopsis and usage(); from Igor Sobrado
|
#
1.24 |
|
02-Nov-2006 |
ray |
There is no need to trim an empty string any further, just return it.
OK moritz@.
|
Revision tags: OPENBSD_4_0_BASE
|
#
1.23 |
|
27-May-2006 |
moritz |
Handle crypt(3) returning NULL. Found by Gustavo C. Pereira.
ok deraadt@
|
#
1.22 |
|
02-Apr-2006 |
deraadt |
oops, to64() is shared.
|
Revision tags: OPENBSD_3_6_BASE OPENBSD_3_7_BASE OPENBSD_3_8_BASE OPENBSD_3_9_BASE
|
#
1.21 |
|
13-Jul-2004 |
millert |
passwd.conf has been deprecated since login.conf was imported. Today it finally dies. Based on a diff from Gabriel Kihlman.
|
Revision tags: OPENBSD_3_5_BASE
|
#
1.20 |
|
23-Nov-2003 |
otto |
Check getpass(3) return value. From Jared Yanovich <jjy2+ at pitt dot edu>
ok henning@
|
Revision tags: OPENBSD_3_4_BASE
|
#
1.19 |
|
02-Jul-2003 |
deraadt |
protos
|
#
1.18 |
|
14-Jun-2003 |
millert |
Add a "-c class" option to specify that the given login class should be used to find the cipher to user.
|
#
1.17 |
|
06-Apr-2003 |
deraadt |
strlcpy
|
Revision tags: OPENBSD_3_1_BASE OPENBSD_3_2_BASE OPENBSD_3_3_BASE
|
#
1.16 |
|
16-Feb-2002 |
millert |
Part one of userland __P removal. Done with a simple regexp with some minor hand editing to make comments line up correctly. Another pass is forthcoming that handles the cases that could not be done automatically.
|
Revision tags: OPENBSD_3_0_BASE
|
#
1.15 |
|
31-Jul-2001 |
millert |
KNF + some ANSIfication
|
#
1.14 |
|
31-Jul-2001 |
millert |
Call pwd_gensalt() with the correct args and reference login.conf in man page; hideishi@magisystem.net
|
Revision tags: OPENBSD_2_9_BASE
|
#
1.13 |
|
11-Nov-2000 |
provos |
allow prompt to be specified anywhere on the command line, make it work with md5. prohibit makekey mode and prompt.
|
#
1.12 |
|
10-Nov-2000 |
provos |
seperate -> separate, okay aaron@
|
Revision tags: OPENBSD_2_6_BASE OPENBSD_2_7_BASE OPENBSD_2_8_BASE
|
#
1.11 |
|
03-Sep-1999 |
deraadt |
proto bcrypt_gensalt()
|
#
1.10 |
|
16-Aug-1999 |
art |
include ctype.h for isspace() and fix some declarations
|
#
1.9 |
|
20-May-1999 |
alex |
Add -p flag, prompt for a string with echo off.
|
#
1.8 |
|
19-May-1999 |
alex |
Use fprintf/exit in place of errx for usage display.
|
Revision tags: OPENBSD_2_2_BASE OPENBSD_2_3_BASE OPENBSD_2_4_BASE OPENBSD_2_5_BASE
|
#
1.7 |
|
17-Jun-1997 |
kstailey |
add <stdlib.h> for atoi(), free(), etc.
|
#
1.6 |
|
17-Jun-1997 |
kstailey |
(foo *)NULL -> NULL
|
Revision tags: OPENBSD_2_1_BASE
|
#
1.5 |
|
30-Mar-1997 |
provos |
blowfish + passwd.conf support. fixed md5 salt.
|
#
1.4 |
|
27-Mar-1997 |
downsj |
Fix core dump.
|
Revision tags: OPENBSD_2_0_BASE
|
#
1.3 |
|
26-Aug-1996 |
downsj |
Add an old makekey(8) mode.
|
#
1.2 |
|
08-Aug-1996 |
downsj |
Slightly cleaner.
|
#
1.1 |
|
08-Aug-1996 |
downsj |
encrypt(1), little utility for encrypting passwords from the command line.
|
#
1.50 |
|
14-Sep-2019 |
semarie |
correct some unveil(2) violations due to "login.conf.db" access (the .db version of "login.conf"), and stat(2) on _PATH_MASTERPASSWD_LOCK (via pw_mkdb(3)).
problem initially noted by myself for passwd(1) millert@ reported similar problem on chpass(1), su(1), doas(1) and encrypt(1) mestre@ noted chpass(1) too
ok mestre@ millert@
|
Revision tags: OPENBSD_6_4_BASE OPENBSD_6_5_BASE
|
#
1.49 |
|
03-Aug-2018 |
deraadt |
The first unveil userland commit!
unveil _PATH_LOGIN_CONF (/etc/login.conf) which is used by login_getclass(3) and family before doing password encode. This is the only filename used by the program during runtime, everything else happens on stdin/stdout.
|
#
1.48 |
|
03-Aug-2018 |
deraadt |
This does not need pledge "wpath"
|
Revision tags: OPENBSD_6_2_BASE OPENBSD_6_3_BASE
|
#
1.47 |
|
24-May-2017 |
mestre |
Use freezero instead of explicit_bzero+free
OK tb@
|
#
1.46 |
|
03-May-2017 |
mestre |
Use the safe idiom of cleaning sensitive data from memory with explicit_bzero, instead of relying on other methods, after readpassphrase. Some programs on this diff won't benefit that much since it happens near the terminal path, but someone might copy the unsafe idiom to another program and place it where it may leak sensitive data.
Discussed aeons ago with tb@, OK deraadt@ and beck@
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.45 |
|
04-Sep-2016 |
tb |
usage() is static and __dead; add prototype for print_passwd; return instead of exit from main
|
#
1.44 |
|
02-Sep-2016 |
tedu |
_PASSWORD_LEN is length that comes out of crypt(), not a meaningful length for user entered passwords. And the +1 is just superstitious nonsense inherited from getpass() guts. Switch to a pleasing fixed size of 1024. ok millert
|
#
1.43 |
|
02-Sep-2016 |
tedu |
convert getpass to readpassphrase. from Dimitris Papastamos
|
Revision tags: OPENBSD_5_9_BASE OPENBSD_6_0_BASE
|
#
1.42 |
|
10-Oct-2015 |
doug |
encrypt(1) also needs to pledge "wpath" for getpass().
getpass() opens /dev/tty RW so it can write the prompt.
ok deraadt@
|
#
1.41 |
|
10-Oct-2015 |
deraadt |
pledge "stdio rpath tty". rpath for the configuration reading done by login* subsystem, tty for readpassphase() ok beck
|
Revision tags: OPENBSD_5_7_BASE OPENBSD_5_8_BASE
|
#
1.40 |
|
26-Feb-2015 |
tedu |
Wrap a long line. Use explicit_bzero. Fix comment describing extra. From Andre Smagin Also, should be safe to print errno from newhash() now. ok millert
|
#
1.39 |
|
24-Feb-2015 |
tedu |
increase prefbuf size so that 'encrypt -b 000000000000000000000012' works. noticed by Andre Smagin. also check snprintf for overflow so we get better error messages if somebody decides to pad with even more zeroes, and avoid possible truncations.
|
#
1.38 |
|
15-Jan-2015 |
chl |
remove unused variable
ok tedu@
|
#
1.37 |
|
05-Jan-2015 |
tedu |
encrypt can use the scrypt scaling code in libc now via crypt_newhash
|
#
1.36 |
|
04-Jan-2015 |
deraadt |
fix -b a mode, spotted by rpe
|
#
1.35 |
|
29-Dec-2014 |
tedu |
impose some limits on the ideal rounds so nothing too crazy happens when the clock results are weird
|
#
1.34 |
|
24-Dec-2014 |
tedu |
simplify. bcrypt only support and use newer libc APIs. no makekey emul. ok deraadt schwarze is a little sad to see the last 1/8 shared man page go, but we have a support program in place, called the attic.
|
#
1.33 |
|
03-Nov-2014 |
tedu |
hoist blowfish up and use bcrypt_newhash directly
|
#
1.32 |
|
03-Sep-2014 |
jmc |
remove -m from usage();
|
#
1.31 |
|
03-Sep-2014 |
giovanni |
kill md5 support, broken since May ok tedu@
|
Revision tags: OPENBSD_5_5_BASE OPENBSD_5_6_BASE
|
#
1.30 |
|
12-Nov-2013 |
deraadt |
simpler prototype repairs
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.29 |
|
23-May-2013 |
tedu |
allow auto scaling bcrypt rounds by CPU power. ok deraadt jmc sthen
|
Revision tags: OPENBSD_4_2_BASE OPENBSD_4_3_BASE OPENBSD_4_4_BASE OPENBSD_4_5_BASE OPENBSD_4_6_BASE OPENBSD_4_7_BASE OPENBSD_4_8_BASE OPENBSD_4_9_BASE OPENBSD_5_0_BASE OPENBSD_5_1_BASE OPENBSD_5_2_BASE OPENBSD_5_3_BASE
|
#
1.28 |
|
14-Jul-2007 |
krw |
Don't trim whitespace from stdin. Encrypt it the same as other input sources. Feedback and fixes from ray@ and fgsch@.
ok millert@ (six years ago) ray@ fgsch@
|
#
1.27 |
|
01-May-2007 |
jdixon |
use strtonum; ok millert@
|
#
1.26 |
|
20-Mar-2007 |
tedu |
remove some bogus *p tests from charles longeau ok deraadt millert
|
Revision tags: OPENBSD_4_1_BASE
|
#
1.25 |
|
06-Mar-2007 |
jmc |
tidy up synopsis and usage(); from Igor Sobrado
|
#
1.24 |
|
02-Nov-2006 |
ray |
There is no need to trim an empty string any further, just return it.
OK moritz@.
|
Revision tags: OPENBSD_4_0_BASE
|
#
1.23 |
|
27-May-2006 |
moritz |
Handle crypt(3) returning NULL. Found by Gustavo C. Pereira.
ok deraadt@
|
#
1.22 |
|
02-Apr-2006 |
deraadt |
oops, to64() is shared.
|
Revision tags: OPENBSD_3_6_BASE OPENBSD_3_7_BASE OPENBSD_3_8_BASE OPENBSD_3_9_BASE
|
#
1.21 |
|
13-Jul-2004 |
millert |
passwd.conf has been deprecated since login.conf was imported. Today it finally dies. Based on a diff from Gabriel Kihlman.
|
Revision tags: OPENBSD_3_5_BASE
|
#
1.20 |
|
23-Nov-2003 |
otto |
Check getpass(3) return value. From Jared Yanovich <jjy2+ at pitt dot edu>
ok henning@
|
Revision tags: OPENBSD_3_4_BASE
|
#
1.19 |
|
02-Jul-2003 |
deraadt |
protos
|
#
1.18 |
|
14-Jun-2003 |
millert |
Add a "-c class" option to specify that the given login class should be used to find the cipher to user.
|
#
1.17 |
|
06-Apr-2003 |
deraadt |
strlcpy
|
Revision tags: OPENBSD_3_1_BASE OPENBSD_3_2_BASE OPENBSD_3_3_BASE
|
#
1.16 |
|
16-Feb-2002 |
millert |
Part one of userland __P removal. Done with a simple regexp with some minor hand editing to make comments line up correctly. Another pass is forthcoming that handles the cases that could not be done automatically.
|
Revision tags: OPENBSD_3_0_BASE
|
#
1.15 |
|
31-Jul-2001 |
millert |
KNF + some ANSIfication
|
#
1.14 |
|
31-Jul-2001 |
millert |
Call pwd_gensalt() with the correct args and reference login.conf in man page; hideishi@magisystem.net
|
Revision tags: OPENBSD_2_9_BASE
|
#
1.13 |
|
11-Nov-2000 |
provos |
allow prompt to be specified anywhere on the command line, make it work with md5. prohibit makekey mode and prompt.
|
#
1.12 |
|
10-Nov-2000 |
provos |
seperate -> separate, okay aaron@
|
Revision tags: OPENBSD_2_6_BASE OPENBSD_2_7_BASE OPENBSD_2_8_BASE
|
#
1.11 |
|
03-Sep-1999 |
deraadt |
proto bcrypt_gensalt()
|
#
1.10 |
|
16-Aug-1999 |
art |
include ctype.h for isspace() and fix some declarations
|
#
1.9 |
|
20-May-1999 |
alex |
Add -p flag, prompt for a string with echo off.
|
#
1.8 |
|
19-May-1999 |
alex |
Use fprintf/exit in place of errx for usage display.
|
Revision tags: OPENBSD_2_2_BASE OPENBSD_2_3_BASE OPENBSD_2_4_BASE OPENBSD_2_5_BASE
|
#
1.7 |
|
17-Jun-1997 |
kstailey |
add <stdlib.h> for atoi(), free(), etc.
|
#
1.6 |
|
17-Jun-1997 |
kstailey |
(foo *)NULL -> NULL
|
Revision tags: OPENBSD_2_1_BASE
|
#
1.5 |
|
30-Mar-1997 |
provos |
blowfish + passwd.conf support. fixed md5 salt.
|
#
1.4 |
|
27-Mar-1997 |
downsj |
Fix core dump.
|
Revision tags: OPENBSD_2_0_BASE
|
#
1.3 |
|
26-Aug-1996 |
downsj |
Add an old makekey(8) mode.
|
#
1.2 |
|
08-Aug-1996 |
downsj |
Slightly cleaner.
|
#
1.1 |
|
08-Aug-1996 |
downsj |
encrypt(1), little utility for encrypting passwords from the command line.
|
#
1.49 |
|
03-Aug-2018 |
deraadt |
The first unveil userland commit!
unveil _PATH_LOGIN_CONF (/etc/login.conf) which is used by login_getclass(3) and family before doing password encode. This is the only filename used by the program during runtime, everything else happens on stdin/stdout.
|
#
1.48 |
|
03-Aug-2018 |
deraadt |
This does not need pledge "wpath"
|
Revision tags: OPENBSD_6_2_BASE OPENBSD_6_3_BASE
|
#
1.47 |
|
24-May-2017 |
mestre |
Use freezero instead of explicit_bzero+free
OK tb@
|
#
1.46 |
|
03-May-2017 |
mestre |
Use the safe idiom of cleaning sensitive data from memory with explicit_bzero, instead of relying on other methods, after readpassphrase. Some programs on this diff won't benefit that much since it happens near the terminal path, but someone might copy the unsafe idiom to another program and place it where it may leak sensitive data.
Discussed aeons ago with tb@, OK deraadt@ and beck@
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.45 |
|
04-Sep-2016 |
tb |
usage() is static and __dead; add prototype for print_passwd; return instead of exit from main
|
#
1.44 |
|
02-Sep-2016 |
tedu |
_PASSWORD_LEN is length that comes out of crypt(), not a meaningful length for user entered passwords. And the +1 is just superstitious nonsense inherited from getpass() guts. Switch to a pleasing fixed size of 1024. ok millert
|
#
1.43 |
|
02-Sep-2016 |
tedu |
convert getpass to readpassphrase. from Dimitris Papastamos
|
Revision tags: OPENBSD_5_9_BASE OPENBSD_6_0_BASE
|
#
1.42 |
|
10-Oct-2015 |
doug |
encrypt(1) also needs to pledge "wpath" for getpass().
getpass() opens /dev/tty RW so it can write the prompt.
ok deraadt@
|
#
1.41 |
|
10-Oct-2015 |
deraadt |
pledge "stdio rpath tty". rpath for the configuration reading done by login* subsystem, tty for readpassphase() ok beck
|
Revision tags: OPENBSD_5_7_BASE OPENBSD_5_8_BASE
|
#
1.40 |
|
26-Feb-2015 |
tedu |
Wrap a long line. Use explicit_bzero. Fix comment describing extra. From Andre Smagin Also, should be safe to print errno from newhash() now. ok millert
|
#
1.39 |
|
24-Feb-2015 |
tedu |
increase prefbuf size so that 'encrypt -b 000000000000000000000012' works. noticed by Andre Smagin. also check snprintf for overflow so we get better error messages if somebody decides to pad with even more zeroes, and avoid possible truncations.
|
#
1.38 |
|
15-Jan-2015 |
chl |
remove unused variable
ok tedu@
|
#
1.37 |
|
05-Jan-2015 |
tedu |
encrypt can use the scrypt scaling code in libc now via crypt_newhash
|
#
1.36 |
|
04-Jan-2015 |
deraadt |
fix -b a mode, spotted by rpe
|
#
1.35 |
|
29-Dec-2014 |
tedu |
impose some limits on the ideal rounds so nothing too crazy happens when the clock results are weird
|
#
1.34 |
|
24-Dec-2014 |
tedu |
simplify. bcrypt only support and use newer libc APIs. no makekey emul. ok deraadt schwarze is a little sad to see the last 1/8 shared man page go, but we have a support program in place, called the attic.
|
#
1.33 |
|
03-Nov-2014 |
tedu |
hoist blowfish up and use bcrypt_newhash directly
|
#
1.32 |
|
03-Sep-2014 |
jmc |
remove -m from usage();
|
#
1.31 |
|
03-Sep-2014 |
giovanni |
kill md5 support, broken since May ok tedu@
|
Revision tags: OPENBSD_5_5_BASE OPENBSD_5_6_BASE
|
#
1.30 |
|
12-Nov-2013 |
deraadt |
simpler prototype repairs
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.29 |
|
23-May-2013 |
tedu |
allow auto scaling bcrypt rounds by CPU power. ok deraadt jmc sthen
|
Revision tags: OPENBSD_4_2_BASE OPENBSD_4_3_BASE OPENBSD_4_4_BASE OPENBSD_4_5_BASE OPENBSD_4_6_BASE OPENBSD_4_7_BASE OPENBSD_4_8_BASE OPENBSD_4_9_BASE OPENBSD_5_0_BASE OPENBSD_5_1_BASE OPENBSD_5_2_BASE OPENBSD_5_3_BASE
|
#
1.28 |
|
14-Jul-2007 |
krw |
Don't trim whitespace from stdin. Encrypt it the same as other input sources. Feedback and fixes from ray@ and fgsch@.
ok millert@ (six years ago) ray@ fgsch@
|
#
1.27 |
|
01-May-2007 |
jdixon |
use strtonum; ok millert@
|
#
1.26 |
|
20-Mar-2007 |
tedu |
remove some bogus *p tests from charles longeau ok deraadt millert
|
Revision tags: OPENBSD_4_1_BASE
|
#
1.25 |
|
06-Mar-2007 |
jmc |
tidy up synopsis and usage(); from Igor Sobrado
|
#
1.24 |
|
02-Nov-2006 |
ray |
There is no need to trim an empty string any further, just return it.
OK moritz@.
|
Revision tags: OPENBSD_4_0_BASE
|
#
1.23 |
|
27-May-2006 |
moritz |
Handle crypt(3) returning NULL. Found by Gustavo C. Pereira.
ok deraadt@
|
#
1.22 |
|
02-Apr-2006 |
deraadt |
oops, to64() is shared.
|
Revision tags: OPENBSD_3_6_BASE OPENBSD_3_7_BASE OPENBSD_3_8_BASE OPENBSD_3_9_BASE
|
#
1.21 |
|
13-Jul-2004 |
millert |
passwd.conf has been deprecated since login.conf was imported. Today it finally dies. Based on a diff from Gabriel Kihlman.
|
Revision tags: OPENBSD_3_5_BASE
|
#
1.20 |
|
23-Nov-2003 |
otto |
Check getpass(3) return value. From Jared Yanovich <jjy2+ at pitt dot edu>
ok henning@
|
Revision tags: OPENBSD_3_4_BASE
|
#
1.19 |
|
02-Jul-2003 |
deraadt |
protos
|
#
1.18 |
|
14-Jun-2003 |
millert |
Add a "-c class" option to specify that the given login class should be used to find the cipher to user.
|
#
1.17 |
|
06-Apr-2003 |
deraadt |
strlcpy
|
Revision tags: OPENBSD_3_1_BASE OPENBSD_3_2_BASE OPENBSD_3_3_BASE
|
#
1.16 |
|
16-Feb-2002 |
millert |
Part one of userland __P removal. Done with a simple regexp with some minor hand editing to make comments line up correctly. Another pass is forthcoming that handles the cases that could not be done automatically.
|
Revision tags: OPENBSD_3_0_BASE
|
#
1.15 |
|
31-Jul-2001 |
millert |
KNF + some ANSIfication
|
#
1.14 |
|
31-Jul-2001 |
millert |
Call pwd_gensalt() with the correct args and reference login.conf in man page; hideishi@magisystem.net
|
Revision tags: OPENBSD_2_9_BASE
|
#
1.13 |
|
11-Nov-2000 |
provos |
allow prompt to be specified anywhere on the command line, make it work with md5. prohibit makekey mode and prompt.
|
#
1.12 |
|
10-Nov-2000 |
provos |
seperate -> separate, okay aaron@
|
Revision tags: OPENBSD_2_6_BASE OPENBSD_2_7_BASE OPENBSD_2_8_BASE
|
#
1.11 |
|
03-Sep-1999 |
deraadt |
proto bcrypt_gensalt()
|
#
1.10 |
|
16-Aug-1999 |
art |
include ctype.h for isspace() and fix some declarations
|
#
1.9 |
|
20-May-1999 |
alex |
Add -p flag, prompt for a string with echo off.
|
#
1.8 |
|
19-May-1999 |
alex |
Use fprintf/exit in place of errx for usage display.
|
Revision tags: OPENBSD_2_2_BASE OPENBSD_2_3_BASE OPENBSD_2_4_BASE OPENBSD_2_5_BASE
|
#
1.7 |
|
17-Jun-1997 |
kstailey |
add <stdlib.h> for atoi(), free(), etc.
|
#
1.6 |
|
17-Jun-1997 |
kstailey |
(foo *)NULL -> NULL
|
Revision tags: OPENBSD_2_1_BASE
|
#
1.5 |
|
30-Mar-1997 |
provos |
blowfish + passwd.conf support. fixed md5 salt.
|
#
1.4 |
|
27-Mar-1997 |
downsj |
Fix core dump.
|
Revision tags: OPENBSD_2_0_BASE
|
#
1.3 |
|
26-Aug-1996 |
downsj |
Add an old makekey(8) mode.
|
#
1.2 |
|
08-Aug-1996 |
downsj |
Slightly cleaner.
|
#
1.1 |
|
08-Aug-1996 |
downsj |
encrypt(1), little utility for encrypting passwords from the command line.
|
Revision tags: OPENBSD_6_2_BASE
|
#
1.47 |
|
24-May-2017 |
mestre |
Use freezero instead of explicit_bzero+free
OK tb@
|
#
1.46 |
|
03-May-2017 |
mestre |
Use the safe idiom of cleaning sensitive data from memory with explicit_bzero, instead of relying on other methods, after readpassphrase. Some programs on this diff won't benefit that much since it happens near the terminal path, but someone might copy the unsafe idiom to another program and place it where it may leak sensitive data.
Discussed aeons ago with tb@, OK deraadt@ and beck@
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.45 |
|
04-Sep-2016 |
tb |
usage() is static and __dead; add prototype for print_passwd; return instead of exit from main
|
#
1.44 |
|
02-Sep-2016 |
tedu |
_PASSWORD_LEN is length that comes out of crypt(), not a meaningful length for user entered passwords. And the +1 is just superstitious nonsense inherited from getpass() guts. Switch to a pleasing fixed size of 1024. ok millert
|
#
1.43 |
|
02-Sep-2016 |
tedu |
convert getpass to readpassphrase. from Dimitris Papastamos
|
Revision tags: OPENBSD_5_9_BASE OPENBSD_6_0_BASE
|
#
1.42 |
|
10-Oct-2015 |
doug |
encrypt(1) also needs to pledge "wpath" for getpass().
getpass() opens /dev/tty RW so it can write the prompt.
ok deraadt@
|
#
1.41 |
|
10-Oct-2015 |
deraadt |
pledge "stdio rpath tty". rpath for the configuration reading done by login* subsystem, tty for readpassphase() ok beck
|
Revision tags: OPENBSD_5_7_BASE OPENBSD_5_8_BASE
|
#
1.40 |
|
26-Feb-2015 |
tedu |
Wrap a long line. Use explicit_bzero. Fix comment describing extra. From Andre Smagin Also, should be safe to print errno from newhash() now. ok millert
|
#
1.39 |
|
24-Feb-2015 |
tedu |
increase prefbuf size so that 'encrypt -b 000000000000000000000012' works. noticed by Andre Smagin. also check snprintf for overflow so we get better error messages if somebody decides to pad with even more zeroes, and avoid possible truncations.
|
#
1.38 |
|
15-Jan-2015 |
chl |
remove unused variable
ok tedu@
|
#
1.37 |
|
05-Jan-2015 |
tedu |
encrypt can use the scrypt scaling code in libc now via crypt_newhash
|
#
1.36 |
|
04-Jan-2015 |
deraadt |
fix -b a mode, spotted by rpe
|
#
1.35 |
|
29-Dec-2014 |
tedu |
impose some limits on the ideal rounds so nothing too crazy happens when the clock results are weird
|
#
1.34 |
|
24-Dec-2014 |
tedu |
simplify. bcrypt only support and use newer libc APIs. no makekey emul. ok deraadt schwarze is a little sad to see the last 1/8 shared man page go, but we have a support program in place, called the attic.
|
#
1.33 |
|
03-Nov-2014 |
tedu |
hoist blowfish up and use bcrypt_newhash directly
|
#
1.32 |
|
03-Sep-2014 |
jmc |
remove -m from usage();
|
#
1.31 |
|
03-Sep-2014 |
giovanni |
kill md5 support, broken since May ok tedu@
|
Revision tags: OPENBSD_5_5_BASE OPENBSD_5_6_BASE
|
#
1.30 |
|
12-Nov-2013 |
deraadt |
simpler prototype repairs
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.29 |
|
23-May-2013 |
tedu |
allow auto scaling bcrypt rounds by CPU power. ok deraadt jmc sthen
|
Revision tags: OPENBSD_4_2_BASE OPENBSD_4_3_BASE OPENBSD_4_4_BASE OPENBSD_4_5_BASE OPENBSD_4_6_BASE OPENBSD_4_7_BASE OPENBSD_4_8_BASE OPENBSD_4_9_BASE OPENBSD_5_0_BASE OPENBSD_5_1_BASE OPENBSD_5_2_BASE OPENBSD_5_3_BASE
|
#
1.28 |
|
14-Jul-2007 |
krw |
Don't trim whitespace from stdin. Encrypt it the same as other input sources. Feedback and fixes from ray@ and fgsch@.
ok millert@ (six years ago) ray@ fgsch@
|
#
1.27 |
|
01-May-2007 |
jdixon |
use strtonum; ok millert@
|
#
1.26 |
|
20-Mar-2007 |
tedu |
remove some bogus *p tests from charles longeau ok deraadt millert
|
Revision tags: OPENBSD_4_1_BASE
|
#
1.25 |
|
06-Mar-2007 |
jmc |
tidy up synopsis and usage(); from Igor Sobrado
|
#
1.24 |
|
02-Nov-2006 |
ray |
There is no need to trim an empty string any further, just return it.
OK moritz@.
|
Revision tags: OPENBSD_4_0_BASE
|
#
1.23 |
|
27-May-2006 |
moritz |
Handle crypt(3) returning NULL. Found by Gustavo C. Pereira.
ok deraadt@
|
#
1.22 |
|
02-Apr-2006 |
deraadt |
oops, to64() is shared.
|
Revision tags: OPENBSD_3_6_BASE OPENBSD_3_7_BASE OPENBSD_3_8_BASE OPENBSD_3_9_BASE
|
#
1.21 |
|
13-Jul-2004 |
millert |
passwd.conf has been deprecated since login.conf was imported. Today it finally dies. Based on a diff from Gabriel Kihlman.
|
Revision tags: OPENBSD_3_5_BASE
|
#
1.20 |
|
23-Nov-2003 |
otto |
Check getpass(3) return value. From Jared Yanovich <jjy2+ at pitt dot edu>
ok henning@
|
Revision tags: OPENBSD_3_4_BASE
|
#
1.19 |
|
02-Jul-2003 |
deraadt |
protos
|
#
1.18 |
|
14-Jun-2003 |
millert |
Add a "-c class" option to specify that the given login class should be used to find the cipher to user.
|
#
1.17 |
|
06-Apr-2003 |
deraadt |
strlcpy
|
Revision tags: OPENBSD_3_1_BASE OPENBSD_3_2_BASE OPENBSD_3_3_BASE
|
#
1.16 |
|
16-Feb-2002 |
millert |
Part one of userland __P removal. Done with a simple regexp with some minor hand editing to make comments line up correctly. Another pass is forthcoming that handles the cases that could not be done automatically.
|
Revision tags: OPENBSD_3_0_BASE
|
#
1.15 |
|
31-Jul-2001 |
millert |
KNF + some ANSIfication
|
#
1.14 |
|
31-Jul-2001 |
millert |
Call pwd_gensalt() with the correct args and reference login.conf in man page; hideishi@magisystem.net
|
Revision tags: OPENBSD_2_9_BASE
|
#
1.13 |
|
11-Nov-2000 |
provos |
allow prompt to be specified anywhere on the command line, make it work with md5. prohibit makekey mode and prompt.
|
#
1.12 |
|
10-Nov-2000 |
provos |
seperate -> separate, okay aaron@
|
Revision tags: OPENBSD_2_6_BASE OPENBSD_2_7_BASE OPENBSD_2_8_BASE
|
#
1.11 |
|
03-Sep-1999 |
deraadt |
proto bcrypt_gensalt()
|
#
1.10 |
|
16-Aug-1999 |
art |
include ctype.h for isspace() and fix some declarations
|
#
1.9 |
|
20-May-1999 |
alex |
Add -p flag, prompt for a string with echo off.
|
#
1.8 |
|
19-May-1999 |
alex |
Use fprintf/exit in place of errx for usage display.
|
Revision tags: OPENBSD_2_2_BASE OPENBSD_2_3_BASE OPENBSD_2_4_BASE OPENBSD_2_5_BASE
|
#
1.7 |
|
17-Jun-1997 |
kstailey |
add <stdlib.h> for atoi(), free(), etc.
|
#
1.6 |
|
17-Jun-1997 |
kstailey |
(foo *)NULL -> NULL
|
Revision tags: OPENBSD_2_1_BASE
|
#
1.5 |
|
30-Mar-1997 |
provos |
blowfish + passwd.conf support. fixed md5 salt.
|
#
1.4 |
|
27-Mar-1997 |
downsj |
Fix core dump.
|
Revision tags: OPENBSD_2_0_BASE
|
#
1.3 |
|
26-Aug-1996 |
downsj |
Add an old makekey(8) mode.
|
#
1.2 |
|
08-Aug-1996 |
downsj |
Slightly cleaner.
|
#
1.1 |
|
08-Aug-1996 |
downsj |
encrypt(1), little utility for encrypting passwords from the command line.
|