macro cleanup; kaspars at bankovskis dot net

author: schwarze <> 2014-12-02 07:39:58 +0000
committer: schwarze <> 2014-12-02 07:39:58 +0000
commit: 8068f015c2050105c1ab16d99b7b03bc027c72d3 (patch)
tree: a5629da1ec9f12207deaf89ec56235572cc9deb6 /src
parent: 31c8510c76a513029853bca574d8394c55f6eff5 (diff)
download: openbsd-8068f015c2050105c1ab16d99b7b03bc027c72d3.tar.gz
openbsd-8068f015c2050105c1ab16d99b7b03bc027c72d3.tar.bz2
openbsd-8068f015c2050105c1ab16d99b7b03bc027c72d3.zip
2 files changed, 55 insertions, 49 deletions
diff --git a/src/lib/libc/crypt/crypt.3 b/src/lib/libc/crypt/crypt.3
index 0271e46cbb..9a73c7a515 100644
--- a/src/lib/libc/crypt/crypt.3
+++ b/src/lib/libc/crypt/crypt.3
@@ -1,4 +1,4 @@
-.\" $OpenBSD: crypt.3,v 1.42 2014/11/25 03:36:34 tedu Exp $
+.\" $OpenBSD: crypt.3,v 1.43 2014/12/02 07:39:58 schwarze Exp $
 .\"
 .\" FreeSec: libcrypt
 .\"
@@ -31,7 +31,7 @@
 .\"
 .\" Manual page, using -mandoc macros
 .\"
-.Dd $Mdocdate: November 25 2014 $
+.Dd $Mdocdate: December 2 2014 $
 .Dt CRYPT 3
 .Os
 .Sh NAME
@@ -71,21 +71,27 @@ and
 The
 .Fn crypt
 function performs password hashing based on the
-.Tn NBS
+NBS Data Encryption Standard (DES).
-Data Encryption Standard (DES).
 Additional code has been added to deter key search attempts and to use
 stronger hashing algorithms.
 .Pp
 The first argument to
 .Fn crypt
-is a
+is a NUL-terminated
-.Dv NUL Ns -terminated
+string
-string, typically a user's typed password.
+.Fa key ,
-The second is in one of three forms:
+typically a user's typed password.
+The second,
+.Fa setting ,
+is in one of three forms:
 if it begins with an underscore
 .Pq Ql _
 then an extended format is used
-in interpreting both the key and the setting, as outlined below.
+in interpreting both the
+.Fa key
+and the
+.Fa setting ,
+as outlined below.
 If it begins
 with a string character
 .Pq Ql $
@@ -95,7 +101,7 @@ At the moment
 chooses Blowfish hashing; see below for more information.
 .Ss Extended crypt
 The
-.Ar key
+.Fa key
 is divided into groups of 8 characters (the last group is null-padded)
 and the low-order 7 bits of each character (56 bits per group) are
 used to form the DES key as follows:
@@ -103,7 +109,9 @@ the first group of 56 bits becomes the initial DES key.
 For each additional group, the XOR of the encryption of the current DES
 key with itself and the group bits becomes the next DES key.
 .Pp
-The setting is a 9-character array consisting of an underscore followed
+The
+.Fa setting
+is a 9-character array consisting of an underscore followed
 by 4 bytes of iteration count and 4 bytes of salt.
 These are encoded as printable characters, 6 bits per character,
 least significant character first.
@@ -113,15 +121,12 @@ This allows 24 bits for both
 .Fa count
 and
 .Fa salt .
-.Ss "Blowfish" crypt
+.Ss Blowfish crypt
-The
+The Blowfish version of crypt has 128 bits of
-.Tn Blowfish
-version of crypt has 128 bits of
 .Fa salt
 in order to make building dictionaries of common passwords space consuming.
 The initial state of the
-.Tn Blowfish
+Blowfish cipher is expanded using the
-cipher is expanded using the
 .Fa salt
 and the
 .Fa password
@@ -132,9 +137,7 @@ The final Blowfish password entry is created by encrypting the string
 .Pp
 .Dq OrpheanBeholderScryDoubt
 .Pp
-with the
+with the Blowfish state 64 times.
-.Tn Blowfish
-state 64 times.
 .Pp
 The version number, the logarithm of the number of rounds and
 the concatenation of salt and hashed password are separated by the
@@ -150,13 +153,15 @@ A valid Blowfish password looks like this:
 The whole Blowfish password string is passed as
 .Fa setting
 for interpretation.
-.Ss "Traditional" crypt
+.Ss Traditional crypt
-The first 8 bytes of the key are null-padded, and the low-order 7 bits of
+The first 8 bytes of the
-each character is used to form the 56-bit
+.Fa key
-.Tn DES
+are null-padded, and the low-order 7 bits of
-key.
+each character is used to form the 56-bit DES key.
 .Pp
-The setting is a 2-character array of the ASCII-encoded salt.
+The
+.Fa setting
+is a 2-character array of the ASCII-encoded salt.
 Thus only 12 bits of
 .Fa salt
 are used.
@@ -165,29 +170,24 @@ is set to 25.
 .Ss DES Algorithm
 The
 .Fa salt
-introduces disorder in the
+introduces disorder in the DES
-.Tn DES
 algorithm in one of 16777216 or 4096 possible ways
 (i.e., with 24 or 12 bits: if bit
 .Em i
 of the
-.Ar salt
+.Fa salt
 is set, then bits
 .Em i
 and
 .Em i+24
-are swapped in the
+are swapped in the DES E-box output).
-.Tn DES
-E-box output).
 .Pp
 The DES key is used to encrypt a 64-bit constant using
-.Ar count
+.Fa count
-iterations of
+iterations of DES.
-.Tn DES .
+The value returned is a NUL-terminated
-The value returned is a
-.Dv NUL Ns -terminated
 string, 20 or 13 bytes (plus NUL) in length, consisting of the
-.Ar setting
+.Fa setting
 followed by the encoded 64-bit encryption.
 .Pp
 The functions
@@ -197,8 +197,7 @@ The functions
 and
 .Fn des_cipher
 provide access to the
-.Tn DES
+DES algorithm itself.
-algorithm itself.
 .Fn setkey
 is passed a 64-byte array of binary values (numeric 0 or 1).
 A 56-bit key is extracted from this array by dividing the
@@ -237,16 +236,14 @@ using
 .Xr abs 3
 of
 .Fa count
-iterations of
+iterations of DES
-.Tn DES
 and stores the 64-bit result in the 8 characters at
 .Fa out
 (which may be the same as
 .Fa in ) .
 The
 .Fa salt
-specifies perturbations to the
+specifies perturbations to the DES
-.Tn DES
 E-box output as described above.
 .Pp
 The
diff --git a/src/lib/libc/crypt/crypt_checkpass.3 b/src/lib/libc/crypt/crypt_checkpass.3
index fd60523502..09f2d02796 100644
--- a/src/lib/libc/crypt/crypt_checkpass.3
+++ b/src/lib/libc/crypt/crypt_checkpass.3
@@ -1,4 +1,4 @@
-.\" $OpenBSD: crypt_checkpass.3,v 1.4 2014/11/21 12:52:54 jmc Exp $
+.\" $OpenBSD: crypt_checkpass.3,v 1.5 2014/12/02 07:39:58 schwarze Exp $
 .\"
 .\" Copyright (c) 2014 Ted Unangst <tedu@openbsd.org>
 .\"
@@ -14,7 +14,7 @@
 .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 .\"
-.Dd $Mdocdate: November 21 2014 $
+.Dd $Mdocdate: December 2 2014 $
 .Dt CRYPT_CHECKPASS 3
 .Os
 .Sh NAME
@@ -31,10 +31,19 @@
 The
 .Fn crypt_checkpass
 function is provided to simplify checking a user's password.
-If both the hash and the password are the empty string, authentication
+If both the
+.Fa hash
+and the
+.Fa password
+are the empty string, authentication
 is a success.
-Otherwise, the password is hashed and compared to the provided hash.
+Otherwise, the
-If the hash is
+.Fa password
+is hashed and compared to the provided
+.Fa hash .
+If the
+.Fa hash
+is
 .Dv NULL ,
 authentication will always fail, but a default
 amount of work is performed to simulate the hashing operation.
author	schwarze <>	2014-12-02 07:39:58 +0000
committer	schwarze <>	2014-12-02 07:39:58 +0000
commit	8068f015c2050105c1ab16d99b7b03bc027c72d3 (patch)
tree	a5629da1ec9f12207deaf89ec56235572cc9deb6 /src
parent	31c8510c76a513029853bca574d8394c55f6eff5 (diff)
download	openbsd-8068f015c2050105c1ab16d99b7b03bc027c72d3.tar.gz openbsd-8068f015c2050105c1ab16d99b7b03bc027c72d3.tar.bz2 openbsd-8068f015c2050105c1ab16d99b7b03bc027c72d3.zip

diff --git a/src/lib/libc/crypt/crypt.3 b/src/lib/libc/crypt/crypt.3 index 0271e46cbb..9a73c7a515 100644 --- a/src/lib/libc/crypt/crypt.3 +++ b/src/lib/libc/crypt/crypt.3
@@ -1,4 +1,4 @@
1	.\" $OpenBSD: crypt.3,v 1.42 2014/11/25 03:36:34 tedu Exp $	1	.\" $OpenBSD: crypt.3,v 1.43 2014/12/02 07:39:58 schwarze Exp $
2	.\"	2	.\"
3	.\" FreeSec: libcrypt	3	.\" FreeSec: libcrypt
4	.\"	4	.\"
@@ -31,7 +31,7 @@
31	.\"	31	.\"
32	.\" Manual page, using -mandoc macros	32	.\" Manual page, using -mandoc macros
33	.\"	33	.\"
34	.Dd $Mdocdate: November 25 2014 $	34	.Dd $Mdocdate: December 2 2014 $
35	.Dt CRYPT 3	35	.Dt CRYPT 3
36	.Os	36	.Os
37	.Sh NAME	37	.Sh NAME
@@ -71,21 +71,27 @@ and
71	The	71	The
72	.Fn crypt	72	.Fn crypt
73	function performs password hashing based on the	73	function performs password hashing based on the
74	.Tn NBS	74	NBS Data Encryption Standard (DES).
75	Data Encryption Standard (DES).
76	Additional code has been added to deter key search attempts and to use	75	Additional code has been added to deter key search attempts and to use
77	stronger hashing algorithms.	76	stronger hashing algorithms.
78	.Pp	77	.Pp
79	The first argument to	78	The first argument to
80	.Fn crypt	79	.Fn crypt
81	is a	80	is a NUL-terminated
82	.Dv NUL Ns -terminated	81	string
83	string, typically a user's typed password.	82	.Fa key ,
84	The second is in one of three forms:	83	typically a user's typed password.
		84	The second,
		85	.Fa setting ,
		86	is in one of three forms:
85	if it begins with an underscore	87	if it begins with an underscore
86	.Pq Ql _	88	.Pq Ql _
87	then an extended format is used	89	then an extended format is used
88	in interpreting both the key and the setting, as outlined below.	90	in interpreting both the
		91	.Fa key
		92	and the
		93	.Fa setting ,
		94	as outlined below.
89	If it begins	95	If it begins
90	with a string character	96	with a string character
91	.Pq Ql $	97	.Pq Ql $
@@ -95,7 +101,7 @@ At the moment
95	chooses Blowfish hashing; see below for more information.	101	chooses Blowfish hashing; see below for more information.
96	.Ss Extended crypt	102	.Ss Extended crypt
97	The	103	The
98	.Ar key	104	.Fa key
99	is divided into groups of 8 characters (the last group is null-padded)	105	is divided into groups of 8 characters (the last group is null-padded)
100	and the low-order 7 bits of each character (56 bits per group) are	106	and the low-order 7 bits of each character (56 bits per group) are
101	used to form the DES key as follows:	107	used to form the DES key as follows:
@@ -103,7 +109,9 @@ the first group of 56 bits becomes the initial DES key.
103	For each additional group, the XOR of the encryption of the current DES	109	For each additional group, the XOR of the encryption of the current DES
104	key with itself and the group bits becomes the next DES key.	110	key with itself and the group bits becomes the next DES key.
105	.Pp	111	.Pp
106	The setting is a 9-character array consisting of an underscore followed	112	The
		113	.Fa setting
		114	is a 9-character array consisting of an underscore followed
107	by 4 bytes of iteration count and 4 bytes of salt.	115	by 4 bytes of iteration count and 4 bytes of salt.
108	These are encoded as printable characters, 6 bits per character,	116	These are encoded as printable characters, 6 bits per character,
109	least significant character first.	117	least significant character first.
@@ -113,15 +121,12 @@ This allows 24 bits for both
113	.Fa count	121	.Fa count
114	and	122	and
115	.Fa salt .	123	.Fa salt .
116	.Ss "Blowfish" crypt	124	.Ss Blowfish crypt
117	The	125	The Blowfish version of crypt has 128 bits of
118	.Tn Blowfish
119	version of crypt has 128 bits of
120	.Fa salt	126	.Fa salt
121	in order to make building dictionaries of common passwords space consuming.	127	in order to make building dictionaries of common passwords space consuming.
122	The initial state of the	128	The initial state of the
123	.Tn Blowfish	129	Blowfish cipher is expanded using the
124	cipher is expanded using the
125	.Fa salt	130	.Fa salt
126	and the	131	and the
127	.Fa password	132	.Fa password
@@ -132,9 +137,7 @@ The final Blowfish password entry is created by encrypting the string
132	.Pp	137	.Pp
133	.Dq OrpheanBeholderScryDoubt	138	.Dq OrpheanBeholderScryDoubt
134	.Pp	139	.Pp
135	with the	140	with the Blowfish state 64 times.
136	.Tn Blowfish
137	state 64 times.
138	.Pp	141	.Pp
139	The version number, the logarithm of the number of rounds and	142	The version number, the logarithm of the number of rounds and
140	the concatenation of salt and hashed password are separated by the	143	the concatenation of salt and hashed password are separated by the
@@ -150,13 +153,15 @@ A valid Blowfish password looks like this:
150	The whole Blowfish password string is passed as	153	The whole Blowfish password string is passed as
151	.Fa setting	154	.Fa setting
152	for interpretation.	155	for interpretation.
153	.Ss "Traditional" crypt	156	.Ss Traditional crypt
154	The first 8 bytes of the key are null-padded, and the low-order 7 bits of	157	The first 8 bytes of the
155	each character is used to form the 56-bit	158	.Fa key
156	.Tn DES	159	are null-padded, and the low-order 7 bits of
157	key.	160	each character is used to form the 56-bit DES key.
158	.Pp	161	.Pp
159	The setting is a 2-character array of the ASCII-encoded salt.	162	The
		163	.Fa setting
		164	is a 2-character array of the ASCII-encoded salt.
160	Thus only 12 bits of	165	Thus only 12 bits of
161	.Fa salt	166	.Fa salt
162	are used.	167	are used.
@@ -165,29 +170,24 @@ is set to 25.
165	.Ss DES Algorithm	170	.Ss DES Algorithm
166	The	171	The
167	.Fa salt	172	.Fa salt
168	introduces disorder in the	173	introduces disorder in the DES
169	.Tn DES
170	algorithm in one of 16777216 or 4096 possible ways	174	algorithm in one of 16777216 or 4096 possible ways
171	(i.e., with 24 or 12 bits: if bit	175	(i.e., with 24 or 12 bits: if bit
172	.Em i	176	.Em i
173	of the	177	of the
174	.Ar salt	178	.Fa salt
175	is set, then bits	179	is set, then bits
176	.Em i	180	.Em i
177	and	181	and
178	.Em i+24	182	.Em i+24
179	are swapped in the	183	are swapped in the DES E-box output).
180	.Tn DES
181	E-box output).
182	.Pp	184	.Pp
183	The DES key is used to encrypt a 64-bit constant using	185	The DES key is used to encrypt a 64-bit constant using
184	.Ar count	186	.Fa count
185	iterations of	187	iterations of DES.
186	.Tn DES .	188	The value returned is a NUL-terminated
187	The value returned is a
188	.Dv NUL Ns -terminated
189	string, 20 or 13 bytes (plus NUL) in length, consisting of the	189	string, 20 or 13 bytes (plus NUL) in length, consisting of the
190	.Ar setting	190	.Fa setting
191	followed by the encoded 64-bit encryption.	191	followed by the encoded 64-bit encryption.
192	.Pp	192	.Pp
193	The functions	193	The functions
@@ -197,8 +197,7 @@ The functions
197	and	197	and
198	.Fn des_cipher	198	.Fn des_cipher
199	provide access to the	199	provide access to the
200	.Tn DES	200	DES algorithm itself.
201	algorithm itself.
202	.Fn setkey	201	.Fn setkey
203	is passed a 64-byte array of binary values (numeric 0 or 1).	202	is passed a 64-byte array of binary values (numeric 0 or 1).
204	A 56-bit key is extracted from this array by dividing the	203	A 56-bit key is extracted from this array by dividing the
@@ -237,16 +236,14 @@ using
237	.Xr abs 3	236	.Xr abs 3
238	of	237	of
239	.Fa count	238	.Fa count
240	iterations of	239	iterations of DES
241	.Tn DES
242	and stores the 64-bit result in the 8 characters at	240	and stores the 64-bit result in the 8 characters at
243	.Fa out	241	.Fa out
244	(which may be the same as	242	(which may be the same as
245	.Fa in ) .	243	.Fa in ) .
246	The	244	The
247	.Fa salt	245	.Fa salt
248	specifies perturbations to the	246	specifies perturbations to the DES
249	.Tn DES
250	E-box output as described above.	247	E-box output as described above.
251	.Pp	248	.Pp
252	The	249	The


diff --git a/src/lib/libc/crypt/crypt_checkpass.3 b/src/lib/libc/crypt/crypt_checkpass.3 index fd60523502..09f2d02796 100644 --- a/src/lib/libc/crypt/crypt_checkpass.3 +++ b/src/lib/libc/crypt/crypt_checkpass.3
@@ -1,4 +1,4 @@
1	.\" $OpenBSD: crypt_checkpass.3,v 1.4 2014/11/21 12:52:54 jmc Exp $	1	.\" $OpenBSD: crypt_checkpass.3,v 1.5 2014/12/02 07:39:58 schwarze Exp $
2	.\"	2	.\"
3	.\" Copyright (c) 2014 Ted Unangst <tedu@openbsd.org>	3	.\" Copyright (c) 2014 Ted Unangst <tedu@openbsd.org>
4	.\"	4	.\"
@@ -14,7 +14,7 @@
14	.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF	14	.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15	.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.	15	.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16	.\"	16	.\"
17	.Dd $Mdocdate: November 21 2014 $	17	.Dd $Mdocdate: December 2 2014 $
18	.Dt CRYPT_CHECKPASS 3	18	.Dt CRYPT_CHECKPASS 3
19	.Os	19	.Os
20	.Sh NAME	20	.Sh NAME
@@ -31,10 +31,19 @@
31	The	31	The
32	.Fn crypt_checkpass	32	.Fn crypt_checkpass
33	function is provided to simplify checking a user's password.	33	function is provided to simplify checking a user's password.
34	If both the hash and the password are the empty string, authentication	34	If both the
		35	.Fa hash
		36	and the
		37	.Fa password
		38	are the empty string, authentication
35	is a success.	39	is a success.
36	Otherwise, the password is hashed and compared to the provided hash.	40	Otherwise, the
37	If the hash is	41	.Fa password
		42	is hashed and compared to the provided
		43	.Fa hash .
		44	If the
		45	.Fa hash
		46	is
38	.Dv NULL ,	47	.Dv NULL ,
39	authentication will always fail, but a default	48	authentication will always fail, but a default
40	amount of work is performed to simulate the hashing operation.	49	amount of work is performed to simulate the hashing operation.