Browse Source

add new function crypt_newhash to simplify creating new hashes.

does most of the work pwd_gensalt did, but also creates the hash.
(unused yet)
OPENBSD_5_7
tedu 10 years ago
parent
commit
572a59f1f0
2 changed files with 46 additions and 3 deletions
  1. +17
    -2
      src/lib/libc/crypt/crypt.3
  2. +29
    -1
      src/lib/libc/crypt/cryptutil.c

+ 17
- 2
src/lib/libc/crypt/crypt.3 View File

@ -1,4 +1,4 @@
.\" $OpenBSD: crypt.3,v 1.38 2014/05/16 22:11:00 jmc Exp $
.\" $OpenBSD: crypt.3,v 1.39 2014/11/17 16:47:28 tedu Exp $
.\"
.\" FreeSec: libcrypt
.\"
@ -31,7 +31,7 @@
.\"
.\" Manual page, using -mandoc macros
.\"
.Dd $Mdocdate: May 16 2014 $
.Dd $Mdocdate: November 17 2014 $
.Dt CRYPT 3
.Os
.Sh NAME
@ -55,6 +55,8 @@
.Ft int
.Fn crypt_checkpass "const char *password" "const char *hash"
.Ft int
.Fn crypt_newhash "const char *password" "login_cap_t *lc" "char *hash" "size_t hashsize"
.Ft int
.Fn encrypt "char *block" "int flag"
.Ft int
.Fn des_setkey "const char *key"
@ -102,6 +104,19 @@ If the hash is NULL, authentication will always fail, but a default
amount of work is performed to simulate the hashing operation.
A successful match will return 0.
A failure will return \-1 and set errno.
.Pp
The
.Fn crypt_newhash
function is provided to simplify the creation of new password hashes.
The provided
.Fa password
is randomly salted and hashed and stored in
.Fa hash .
The login class argument
.Fa lc
is used to identify the preferred hashing algorithm and parameters.
Refer to
.Xr login.conf 5 .
.Ss Extended crypt
The
.Ar key


+ 29
- 1
src/lib/libc/crypt/cryptutil.c View File

@ -1,4 +1,4 @@
/* $OpenBSD: cryptutil.c,v 1.1 2014/05/12 19:13:14 tedu Exp $ */
/* $OpenBSD: cryptutil.c,v 1.2 2014/11/17 16:47:28 tedu Exp $ */
/*
* Copyright (c) 2014 Ted Unangst <tedu@openbsd.org>
*
@ -18,6 +18,7 @@
#include <unistd.h>
#include <string.h>
#include <pwd.h>
#include <login_cap.h>
#include <errno.h>
int
@ -52,3 +53,30 @@ fail:
errno = EACCES;
return -1;
}
int
crypt_newhash(const char *pass, login_cap_t *lc, char *hash, size_t hashlen)
{
int rv = -1;
char *pref;
char *defaultpref = "blowfish,8";
const char *errstr;
int rounds;
if (lc == NULL ||
(pref = login_getcapstr(lc, "localcipher", NULL, NULL)) == NULL)
pref = defaultpref;
if (strncmp(pref, "blowfish,", 9) != 0) {
errno = EINVAL;
goto err;
}
rounds = strtonum(pref + 9, 4, 31, &errstr);
if (errstr)
goto err;
rv = bcrypt_newhash(pass, rounds, hash, hashlen);
err:
if (pref != defaultpref)
free(pref);
return rv;
}

Loading…
Cancel
Save