From 85c5ea456a1e9833631ac685204adde7a833189c Mon Sep 17 00:00:00 2001 From: tedu <> Date: Thu, 20 Nov 2014 19:18:25 +0000 Subject: [PATCH] split crypt_checkpass off into a new file --- src/lib/libc/crypt/Makefile.inc | 8 ++-- src/lib/libc/crypt/crypt.3 | 40 ++++-------------- src/lib/libc/crypt/crypt_checkpass.3 | 61 ++++++++++++++++++++++++++++ 3 files changed, 73 insertions(+), 36 deletions(-) create mode 100644 src/lib/libc/crypt/crypt_checkpass.3 diff --git a/src/lib/libc/crypt/Makefile.inc b/src/lib/libc/crypt/Makefile.inc index c22c2d1e..f4cf2de0 100644 --- a/src/lib/libc/crypt/Makefile.inc +++ b/src/lib/libc/crypt/Makefile.inc @@ -1,15 +1,15 @@ -# $OpenBSD: Makefile.inc,v 1.23 2014/11/18 22:17:50 jmc Exp $ +# $OpenBSD: Makefile.inc,v 1.24 2014/11/20 19:18:25 tedu Exp $ .PATH: ${LIBCSRCDIR}/arch/${MACHINE_CPU}/crypt ${LIBCSRCDIR}/crypt SRCS+= crypt.c crypt2.c cryptutil.c arc4random.c arc4random_uniform.c \ blowfish.c bcrypt.c -MAN+= crypt.3 blowfish.3 arc4random.3 -MLINKS+=crypt.3 setkey.3 crypt.3 crypt_checkpass.3 -MLINKS+=crypt.3 crypt_newhash.3 crypt.3 encrypt.3 +MAN+= crypt.3 crypt_checkpass.3 blowfish.3 arc4random.3 +MLINKS+=crypt.3 setkey.3 crypt.3 encrypt.3 MLINKS+=crypt.3 des_setkey.3 crypt.3 des_cipher.3 MLINKS+=crypt.3 bcrypt_gensalt.3 crypt.3 bcrypt.3 +MLINKS+=crypt_checkpass.3 crypt_newhash.3 MLINKS+=blowfish.3 blf_key.3 blowfish.3 blf_enc.3 MLINKS+=blowfish.3 blf_dec.3 blowfish.3 blf_ecb_encrypt.3 MLINKS+=blowfish.3 blf_ecb_decrypt.3 blowfish.3 blf_cbc_encrypt.3 diff --git a/src/lib/libc/crypt/crypt.3 b/src/lib/libc/crypt/crypt.3 index 636e49d1..f01f9964 100644 --- a/src/lib/libc/crypt/crypt.3 +++ b/src/lib/libc/crypt/crypt.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: crypt.3,v 1.40 2014/11/18 22:17:50 jmc Exp $ +.\" $OpenBSD: crypt.3,v 1.41 2014/11/20 19:18:25 tedu Exp $ .\" .\" FreeSec: libcrypt .\" @@ -31,13 +31,11 @@ .\" .\" Manual page, using -mandoc macros .\" -.Dd $Mdocdate: November 18 2014 $ +.Dd $Mdocdate: November 20 2014 $ .Dt CRYPT 3 .Os .Sh NAME .Nm crypt , -.Nm crypt_checkpass , -.Nm crypt_newhash , .Nm setkey , .Nm encrypt , .Nm des_setkey , @@ -54,10 +52,6 @@ .Ft char * .Fn crypt "const char *key" "const char *setting" .Ft int -.Fn crypt_checkpass "const char *password" "const char *hash" -.Ft int -.Fn crypt_newhash "const char *password" "login_cap_t *lc" "char *hash" "size_t hashsize" -.Ft int .Fn encrypt "char *block" "int flag" .Ft int .Fn des_setkey "const char *key" @@ -69,6 +63,11 @@ .Ft char * .Fn bcrypt "const char *key" "const char *salt" .Sh DESCRIPTION +These functions are deprecated in favor of +.Xr crypt_checkpass 3 +and +.Xr crypt_newhash 3 . +.Pp The .Fn crypt function performs password hashing based on the @@ -94,30 +93,6 @@ and a number then a different algorithm is used depending on the number. At the moment .Ql $2 chooses Blowfish hashing; see below for more information. -.Pp -The -.Fn crypt_checkpass -function is provided to simplify checking a user's password. -If both the hash and the password are the empty string, authentication -is a success. -Otherwise, the password is hashed and compared to the provided hash. -If the hash is NULL, authentication will always fail, but a default -amount of work is performed to simulate the hashing operation. -A successful match will return 0. -A failure will return \-1 and set errno. -.Pp -The -.Fn crypt_newhash -function is provided to simplify the creation of new password hashes. -The provided -.Fa password -is randomly salted and hashed and stored in -.Fa hash . -The login class argument -.Fa lc -is used to identify the preferred hashing algorithm and parameters. -Refer to -.Xr login.conf 5 . .Ss Extended crypt The .Ar key @@ -298,6 +273,7 @@ return 0 on success and 1 on failure. .Xr login 1 , .Xr passwd 1 , .Xr blowfish 3 , +.Xr crypt_checkpass 3 , .Xr getpass 3 , .Xr md5 3 , .Xr passwd 5 diff --git a/src/lib/libc/crypt/crypt_checkpass.3 b/src/lib/libc/crypt/crypt_checkpass.3 new file mode 100644 index 00000000..3a360fb8 --- /dev/null +++ b/src/lib/libc/crypt/crypt_checkpass.3 @@ -0,0 +1,61 @@ +.\" $OpenBSD: crypt_checkpass.3,v 1.1 2014/11/20 19:18:25 tedu Exp $ +.\" +.\" Copyright (c) Ted Unangst +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: November 20 2014 $ +.Dt CRYPT_CHECKPASS 3 +.Os +.Sh NAME +.Nm crypt_checkpass , +.Nm crypt_newhash +.Nd password hashing +.Sh SYNOPSIS +.In unistd.h +.Ft int +.Fn crypt_checkpass "const char *password" "const char *hash" +.In login_cap.h +.Ft int +.Fn crypt_newhash "const char *password" "login_cap_t *lc" "char *hash" "size_t hashsize" +.Sh DESCRIPTION +The +.Fn crypt_checkpass +function is provided to simplify checking a user's password. +If both the hash and the password are the empty string, authentication +is a success. +Otherwise, the password is hashed and compared to the provided hash. +If the hash is NULL, authentication will always fail, but a default +amount of work is performed to simulate the hashing operation. +A successful match will return 0. +A failure will return \-1 and set errno. +.Pp +The +.Fn crypt_newhash +function is provided to simplify the creation of new password hashes. +The provided +.Fa password +is randomly salted and hashed and stored in +.Fa hash . +The login class argument +.Fa lc +is used to identify the preferred hashing algorithm and parameters. +Refer to +.Xr login.conf 5 . +.Sh RETURN VALUES +These functions +return 0 on success and -1 on failure. +.Sh SEE ALSO +.Xr crypt 3 , +.Xr login.conf 5 , +.Xr passwd 5