add new function crypt_newhash to simplify creating new hashes.

does most of the work pwd_gensalt did, but also creates the hash. (unused yet)
author: tedu <> 2014-11-17 16:47:28 +0000
committer: tedu <> 2014-11-17 16:47:28 +0000
commit: 1d73abd6ebdd0b8188330f94e644727d86b1d336 (patch)
tree: f8c67ffae926873c4b6b8eb4d6a4dc43ef63d29c
parent: d6b346577efe94c30d6ba08ca7f8feae71688a3c (diff)
download: openbsd-1d73abd6ebdd0b8188330f94e644727d86b1d336.tar.gz
openbsd-1d73abd6ebdd0b8188330f94e644727d86b1d336.tar.bz2
openbsd-1d73abd6ebdd0b8188330f94e644727d86b1d336.zip
2 files changed, 46 insertions, 3 deletions
diff --git a/src/lib/libc/crypt/crypt.3 b/src/lib/libc/crypt/crypt.3
index 95eb8c156d..a1912f8a45 100644
--- a/src/lib/libc/crypt/crypt.3
+++ b/src/lib/libc/crypt/crypt.3
@@ -1,4 +1,4 @@
-.\" $OpenBSD: crypt.3,v 1.38 2014/05/16 22:11:00 jmc Exp $
+.\" $OpenBSD: crypt.3,v 1.39 2014/11/17 16:47:28 tedu Exp $
 .\"
 .\" FreeSec: libcrypt
 .\"
@@ -31,7 +31,7 @@
 .\"
 .\" Manual page, using -mandoc macros
 .\"
-.Dd $Mdocdate: May 16 2014 $
+.Dd $Mdocdate: November 17 2014 $
 .Dt CRYPT 3
 .Os
 .Sh NAME
@@ -55,6 +55,8 @@
 .Ft int
 .Fn crypt_checkpass "const char *password" "const char *hash"
 .Ft int
+.Fn crypt_newhash "const char *password" "login_cap_t *lc" "char *hash" "size_t hashsize"
+.Ft int
 .Fn encrypt "char *block" "int flag"
 .Ft int
 .Fn des_setkey "const char *key"
@@ -102,6 +104,19 @@ If the hash is NULL, authentication will always fail, but a default
 amount of work is performed to simulate the hashing operation.
 A successful match will return 0.
 A failure will return \-1 and set errno.
+.Pp
+The
+.Fn crypt_newhash
+function is provided to simplify the creation of new password hashes.
+The provided
+.Fa password
+is randomly salted and hashed and stored in
+.Fa hash .
+The login class argument
+.Fa lc
+is used to identify the preferred hashing algorithm and parameters.
+Refer to
+.Xr login.conf 5 .
 .Ss Extended crypt
 The
 .Ar key
diff --git a/src/lib/libc/crypt/cryptutil.c b/src/lib/libc/crypt/cryptutil.c
index 36deda778e..4a8c46be49 100644
--- a/src/lib/libc/crypt/cryptutil.c
+++ b/src/lib/libc/crypt/cryptutil.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: cryptutil.c,v 1.1 2014/05/12 19:13:14 tedu Exp $ */
+/* $OpenBSD: cryptutil.c,v 1.2 2014/11/17 16:47:28 tedu Exp $ */
 /*
 * Copyright (c) 2014 Ted Unangst <tedu@openbsd.org>
 *
@@ -18,6 +18,7 @@
 #include <unistd.h>
 #include <string.h>
 #include <pwd.h>
+#include <login_cap.h>
 #include <errno.h>
 int
@@ -52,3 +53,30 @@ fail:
        errno = EACCES;
        return -1;
 }
+int
+crypt_newhash(const char *pass, login_cap_t *lc, char *hash, size_t hashlen)
+{
+        int rv = -1;
+        char *pref;
+        char *defaultpref = "blowfish,8";
+        const char *errstr;
+        int rounds;
+        if (lc == NULL ||
+            (pref = login_getcapstr(lc, "localcipher", NULL, NULL)) == NULL)
+                pref = defaultpref;
+        if (strncmp(pref, "blowfish,", 9) != 0) {
+                errno = EINVAL;
+                goto err;
+        }
+        rounds = strtonum(pref + 9, 4, 31, &errstr);
+        if (errstr)
+                goto err;
+        rv = bcrypt_newhash(pass, rounds, hash, hashlen);
+err:
+        if (pref != defaultpref)
+                free(pref);
+        return rv;
+}
author	tedu <>	2014-11-17 16:47:28 +0000
committer	tedu <>	2014-11-17 16:47:28 +0000
commit	1d73abd6ebdd0b8188330f94e644727d86b1d336 (patch)
tree	f8c67ffae926873c4b6b8eb4d6a4dc43ef63d29c
parent	d6b346577efe94c30d6ba08ca7f8feae71688a3c (diff)
download	openbsd-1d73abd6ebdd0b8188330f94e644727d86b1d336.tar.gz openbsd-1d73abd6ebdd0b8188330f94e644727d86b1d336.tar.bz2 openbsd-1d73abd6ebdd0b8188330f94e644727d86b1d336.zip

diff --git a/src/lib/libc/crypt/crypt.3 b/src/lib/libc/crypt/crypt.3 index 95eb8c156d..a1912f8a45 100644 --- a/src/lib/libc/crypt/crypt.3 +++ b/src/lib/libc/crypt/crypt.3
@@ -1,4 +1,4 @@
1	.\" $OpenBSD: crypt.3,v 1.38 2014/05/16 22:11:00 jmc Exp $	1	.\" $OpenBSD: crypt.3,v 1.39 2014/11/17 16:47:28 tedu Exp $
2	.\"	2	.\"
3	.\" FreeSec: libcrypt	3	.\" FreeSec: libcrypt
4	.\"	4	.\"
@@ -31,7 +31,7 @@
31	.\"	31	.\"
32	.\" Manual page, using -mandoc macros	32	.\" Manual page, using -mandoc macros
33	.\"	33	.\"
34	.Dd $Mdocdate: May 16 2014 $	34	.Dd $Mdocdate: November 17 2014 $
35	.Dt CRYPT 3	35	.Dt CRYPT 3
36	.Os	36	.Os
37	.Sh NAME	37	.Sh NAME
@@ -55,6 +55,8 @@
55	.Ft int	55	.Ft int
56	.Fn crypt_checkpass "const char password" "const char hash"	56	.Fn crypt_checkpass "const char password" "const char hash"
57	.Ft int	57	.Ft int
		58	.Fn crypt_newhash "const char password" "login_cap_t lc" "char *hash" "size_t hashsize"
		59	.Ft int
58	.Fn encrypt "char *block" "int flag"	60	.Fn encrypt "char *block" "int flag"
59	.Ft int	61	.Ft int
60	.Fn des_setkey "const char *key"	62	.Fn des_setkey "const char *key"
@@ -102,6 +104,19 @@ If the hash is NULL, authentication will always fail, but a default
102	amount of work is performed to simulate the hashing operation.	104	amount of work is performed to simulate the hashing operation.
103	A successful match will return 0.	105	A successful match will return 0.
104	A failure will return \-1 and set errno.	106	A failure will return \-1 and set errno.
		107	.Pp
		108	The
		109	.Fn crypt_newhash
		110	function is provided to simplify the creation of new password hashes.
		111	The provided
		112	.Fa password
		113	is randomly salted and hashed and stored in
		114	.Fa hash .
		115	The login class argument
		116	.Fa lc
		117	is used to identify the preferred hashing algorithm and parameters.
		118	Refer to
		119	.Xr login.conf 5 .
105	.Ss Extended crypt	120	.Ss Extended crypt
106	The	121	The
107	.Ar key	122	.Ar key


diff --git a/src/lib/libc/crypt/cryptutil.c b/src/lib/libc/crypt/cryptutil.c index 36deda778e..4a8c46be49 100644 --- a/src/lib/libc/crypt/cryptutil.c +++ b/src/lib/libc/crypt/cryptutil.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: cryptutil.c,v 1.1 2014/05/12 19:13:14 tedu Exp $ */	1	/* $OpenBSD: cryptutil.c,v 1.2 2014/11/17 16:47:28 tedu Exp $ */
2	/*	2	/*
3	* Copyright (c) 2014 Ted Unangst <tedu@openbsd.org>	3	* Copyright (c) 2014 Ted Unangst <tedu@openbsd.org>
4	*	4	*
@@ -18,6 +18,7 @@
18	#include <unistd.h>	18	#include <unistd.h>
19	#include <string.h>	19	#include <string.h>
20	#include <pwd.h>	20	#include <pwd.h>
		21	#include <login_cap.h>
21	#include <errno.h>	22	#include <errno.h>
22		23
23	int	24	int
@@ -52,3 +53,30 @@ fail:
52	errno = EACCES;	53	errno = EACCES;
53	return -1;	54	return -1;
54	}	55	}
		56
		57	int
		58	crypt_newhash(const char pass, login_cap_t lc, char *hash, size_t hashlen)
		59	{
		60	int rv = -1;
		61	char *pref;
		62	char *defaultpref = "blowfish,8";
		63	const char *errstr;
		64	int rounds;
		65
		66	if (lc == NULL \|\|
		67	(pref = login_getcapstr(lc, "localcipher", NULL, NULL)) == NULL)
		68	pref = defaultpref;
		69	if (strncmp(pref, "blowfish,", 9) != 0) {
		70	errno = EINVAL;
		71	goto err;
		72	}
		73	rounds = strtonum(pref + 9, 4, 31, &errstr);
		74	if (errstr)
		75	goto err;
		76	rv = bcrypt_newhash(pass, rounds, hash, hashlen);
		77
		78	err:
		79	if (pref != defaultpref)
		80	free(pref);
		81	return rv;
		82	}