Browse Source

split crypt_checkpass off into a new file

OPENBSD_5_7
tedu 10 years ago
parent
commit
85c5ea456a
3 changed files with 73 additions and 36 deletions
  1. +4
    -4
      src/lib/libc/crypt/Makefile.inc
  2. +8
    -32
      src/lib/libc/crypt/crypt.3
  3. +61
    -0
      src/lib/libc/crypt/crypt_checkpass.3

+ 4
- 4
src/lib/libc/crypt/Makefile.inc View File

@ -1,15 +1,15 @@
# $OpenBSD: Makefile.inc,v 1.23 2014/11/18 22:17:50 jmc Exp $
# $OpenBSD: Makefile.inc,v 1.24 2014/11/20 19:18:25 tedu Exp $
.PATH: ${LIBCSRCDIR}/arch/${MACHINE_CPU}/crypt ${LIBCSRCDIR}/crypt
SRCS+= crypt.c crypt2.c cryptutil.c arc4random.c arc4random_uniform.c \
blowfish.c bcrypt.c
MAN+= crypt.3 blowfish.3 arc4random.3
MLINKS+=crypt.3 setkey.3 crypt.3 crypt_checkpass.3
MLINKS+=crypt.3 crypt_newhash.3 crypt.3 encrypt.3
MAN+= crypt.3 crypt_checkpass.3 blowfish.3 arc4random.3
MLINKS+=crypt.3 setkey.3 crypt.3 encrypt.3
MLINKS+=crypt.3 des_setkey.3 crypt.3 des_cipher.3
MLINKS+=crypt.3 bcrypt_gensalt.3 crypt.3 bcrypt.3
MLINKS+=crypt_checkpass.3 crypt_newhash.3
MLINKS+=blowfish.3 blf_key.3 blowfish.3 blf_enc.3
MLINKS+=blowfish.3 blf_dec.3 blowfish.3 blf_ecb_encrypt.3
MLINKS+=blowfish.3 blf_ecb_decrypt.3 blowfish.3 blf_cbc_encrypt.3


+ 8
- 32
src/lib/libc/crypt/crypt.3 View File

@ -1,4 +1,4 @@
.\" $OpenBSD: crypt.3,v 1.40 2014/11/18 22:17:50 jmc Exp $
.\" $OpenBSD: crypt.3,v 1.41 2014/11/20 19:18:25 tedu Exp $
.\"
.\" FreeSec: libcrypt
.\"
@ -31,13 +31,11 @@
.\"
.\" Manual page, using -mandoc macros
.\"
.Dd $Mdocdate: November 18 2014 $
.Dd $Mdocdate: November 20 2014 $
.Dt CRYPT 3
.Os
.Sh NAME
.Nm crypt ,
.Nm crypt_checkpass ,
.Nm crypt_newhash ,
.Nm setkey ,
.Nm encrypt ,
.Nm des_setkey ,
@ -54,10 +52,6 @@
.Ft char *
.Fn crypt "const char *key" "const char *setting"
.Ft int
.Fn crypt_checkpass "const char *password" "const char *hash"
.Ft int
.Fn crypt_newhash "const char *password" "login_cap_t *lc" "char *hash" "size_t hashsize"
.Ft int
.Fn encrypt "char *block" "int flag"
.Ft int
.Fn des_setkey "const char *key"
@ -69,6 +63,11 @@
.Ft char *
.Fn bcrypt "const char *key" "const char *salt"
.Sh DESCRIPTION
These functions are deprecated in favor of
.Xr crypt_checkpass 3
and
.Xr crypt_newhash 3 .
.Pp
The
.Fn crypt
function performs password hashing based on the
@ -94,30 +93,6 @@ and a number then a different algorithm is used depending on the number.
At the moment
.Ql $2
chooses Blowfish hashing; see below for more information.
.Pp
The
.Fn crypt_checkpass
function is provided to simplify checking a user's password.
If both the hash and the password are the empty string, authentication
is a success.
Otherwise, the password is hashed and compared to the provided hash.
If the hash is NULL, authentication will always fail, but a default
amount of work is performed to simulate the hashing operation.
A successful match will return 0.
A failure will return \-1 and set errno.
.Pp
The
.Fn crypt_newhash
function is provided to simplify the creation of new password hashes.
The provided
.Fa password
is randomly salted and hashed and stored in
.Fa hash .
The login class argument
.Fa lc
is used to identify the preferred hashing algorithm and parameters.
Refer to
.Xr login.conf 5 .
.Ss Extended crypt
The
.Ar key
@ -298,6 +273,7 @@ return 0 on success and 1 on failure.
.Xr login 1 ,
.Xr passwd 1 ,
.Xr blowfish 3 ,
.Xr crypt_checkpass 3 ,
.Xr getpass 3 ,
.Xr md5 3 ,
.Xr passwd 5


+ 61
- 0
src/lib/libc/crypt/crypt_checkpass.3 View File

@ -0,0 +1,61 @@
.\" $OpenBSD: crypt_checkpass.3,v 1.1 2014/11/20 19:18:25 tedu Exp $
.\"
.\" Copyright (c) Ted Unangst <tedu@openbsd.org>
.\"
.\" Permission to use, copy, modify, and distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
.\" copyright notice and this permission notice appear in all copies.
.\"
.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.Dd $Mdocdate: November 20 2014 $
.Dt CRYPT_CHECKPASS 3
.Os
.Sh NAME
.Nm crypt_checkpass ,
.Nm crypt_newhash
.Nd password hashing
.Sh SYNOPSIS
.In unistd.h
.Ft int
.Fn crypt_checkpass "const char *password" "const char *hash"
.In login_cap.h
.Ft int
.Fn crypt_newhash "const char *password" "login_cap_t *lc" "char *hash" "size_t hashsize"
.Sh DESCRIPTION
The
.Fn crypt_checkpass
function is provided to simplify checking a user's password.
If both the hash and the password are the empty string, authentication
is a success.
Otherwise, the password is hashed and compared to the provided hash.
If the hash is NULL, authentication will always fail, but a default
amount of work is performed to simulate the hashing operation.
A successful match will return 0.
A failure will return \-1 and set errno.
.Pp
The
.Fn crypt_newhash
function is provided to simplify the creation of new password hashes.
The provided
.Fa password
is randomly salted and hashed and stored in
.Fa hash .
The login class argument
.Fa lc
is used to identify the preferred hashing algorithm and parameters.
Refer to
.Xr login.conf 5 .
.Sh RETURN VALUES
These functions
return 0 on success and -1 on failure.
.Sh SEE ALSO
.Xr crypt 3 ,
.Xr login.conf 5 ,
.Xr passwd 5

Loading…
Cancel
Save