summaryrefslogtreecommitdiff
path: root/src/lib/libc/crypt (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* revert the bludgeoning of DES. if we need a thread safe crypt, maybe it'stedu2014-11-251-31/+33
| | | | better to find one instead of continuing to mangle this mess.
* push some global data down into functions to make this threadlier.tedu2014-11-251-33/+31
| | | | only doing what's needed for crypt_hashpass. sigh.
* introduce a hashspace define and check that there's enough space totedu2014-11-241-15/+10
| | | | write out a hash. also simplify writing out the hash.
* check crypt() for null. noticed by Jonas Termansentedu2014-11-241-2/+2
|
* space needed between macro args and punctuation;jmc2014-11-211-2/+2
|
* add ERRORS, HISTORY, AUTHORS, Copyright year, and some missing macros;schwarze2014-11-211-6/+39
| | | | ok tedu@ on a previous version
* Let crypt_checkpass() set EACCES after bcrypt_checkpass() failure;schwarze2014-11-211-2/+4
| | | | ok tedu@
* change prototype for crypt_newhash. the login_cap_t is a holdover from itstedu2014-11-212-15/+10
| | | | | | pwd_gensalt origins, but a string argument works equally work and is more friendly to consumers beyond local user accounts. ok deraadt
* split crypt_checkpass off into a new filetedu2014-11-203-36/+73
|
* add crypt_newhash to NAME and add an MLINK;jmc2014-11-182-4/+6
|
* add new function crypt_newhash to simplify creating new hashes.tedu2014-11-172-3/+46
| | | | | does most of the work pwd_gensalt did, but also creates the hash. (unused yet)
* missing newlinederaadt2014-07-211-1/+2
|
* Move more OS-specific functionality to arc4random.h headers.bcook2014-07-202-6/+14
| | | | | | | | Move <sys/mman.h> and raise(SIGKILL) calls to OS-specific headers. On OpenBSD, move thread_private.h as well to arc4random.h. On Windows, use TerminateProcess on getentropy failure. ok deraadt@
* From ISO/IEC 9899:1999 and 9899:201x,guenther2014-07-201-3/+3
| | | | | | | | | 6.11.5 - Storage-class specifiers: The placement of a storage-class specifier other than at the beginning of the declaration specifiers in a declaration is an obsolescent feature. Diff from Jean-Philippe Ouellet (jean-philippe (at) ouellet.biz)
* arc4random re-seeds with getentropy() now; ok deraadt@ jmc@naddy2014-07-191-3/+3
|
* Change _rs_allocate so it can combine the two regions (rs and rsx)deraadt2014-07-192-28/+25
| | | | | | | | | | into one if a system has an awesome getentropy(). In that case it is valid to totally throw away the rsx state in the child. If the getentropy() is not very good and has a lazy reseed operation, this combining is a bad idea, and the reseed should probably continue to use the "something old, something new" mix. _rs_allocate() can accomodate either method, but not on the fly. ok matthew
* Seperate arc4random's os-dependent parts into static inline functions,deraadt2014-07-182-36/+57
| | | | | making it much easier for libressl -portable to fill in the gaps. ok bcook beck
* "Race-free because we're running single-threaded in a newderaadt2014-07-171-1/+5
| | | | | address space, and once allocated rs is never deallocated." document the forkhandler to save reviewers time, with matthew
* #ifdef wrap the _rs_forkhandlerderaadt2014-07-161-1/+3
|
* added handler for an atfork hook from kettenis@bcook2014-07-161-1/+10
| | | | ok deraadt@ beck@ kettenis@
* While we thought this would make portable life easier it actuallybeck2014-07-131-3/+1
| | | | | makes it much harder. ok bcook@ kettenis@
* Wrap "thread_private.h" with #ifdef __OpenBSD__ so that other systemsderaadt2014-07-121-1/+3
| | | | | | can copy this file (plus chacha_private.h) directly and reuse it trivially. Well, as long as they have a getentropy() as well.. ok beck
* Split arc4random_uniform into it's own file, to assist other projectsderaadt2014-07-123-39/+60
| | | | | | now using this as upstream code. The particular problem is systems that contain older arc4random derivations lacking arc4random_uniform(). ok tedu miod
* Clean up after arc4random u_int32_t uint32_t changebeck2014-07-091-5/+5
| | | | ok jsing@
* changes to improve portabilitybcook2014-07-091-10/+11
| | | | ok beck@ deraadt@ jsing@ guenther@
* re-init and init code paths are now more shared, so the getpid()-basedderaadt2014-06-271-2/+3
| | | | portable code path must handle that; with brent cook
* Add back an #ifndef MAP_INHERIT_ZERO chunk to support the old getpid()deraadt2014-06-261-1/+13
| | | | | mechanism, to aid in portability to other systems as requested. ok matthew
* document why we explicit_bzeroderaadt2014-06-251-2/+2
|
* arc4random: hard fail with raise(SIGKILL) if getentropy() returns -1matthew2014-06-201-3/+4
| | | | | | | Allow other non-zero return values in case we change our mind to return an ssize_t byte count instead of simple success/fail. ok deraadt, djm
* Move rs_chacha and rs_buf into the same memory page and don't mark itmatthew2014-06-191-22/+31
| | | | | | | | | MAP_INHERIT_ZERO anymore. This restores arc4random's previous behavior where fork children would mix in some randomness from the parent process. New behavior noticed by deraadt ok deraadt, tedu
* Use MAP_INHERIT_ZERO in arc4random(3)matthew2014-06-171-37/+44
| | | | | | | | Now instead of calling getpid() each time a user invokes arc4random(), we're able to rely on the kernel zero'ing out the RNG state if the process forks. ok deraadt, djm
* For now... assume success of getentropy() just like we assumed successderaadt2014-06-131-3/+3
| | | | of sysctl(). Mark it with XXX while we consider.
* use getgentropy() call. If it fails, things are pretty bad --deraadt2014-06-131-8/+3
| | | | | call abort(). this direction discussed at length with miod beck tedu matthew etc
* Delete the extraneous "return" statement at the end of a void function.jca2014-05-311-2/+1
| | | | From Fritjof Bornebusch.
* Add missing header needed by isdigit().chl2014-05-171-4/+5
| | | | | | While there, sort headers. ok tedu@
* refactor some of the des crypt code to use fewer globals.tedu2014-05-172-42/+45
| | | | ok miod
* update NAME and MLINKS for previous;jmc2014-05-162-5/+7
|
* document crypt_checkpasstedu2014-05-161-1/+14
|
* use $2b in the bcrypt example, ok tedusthen2014-05-161-3/+3
|
* remove md5crypt.tedu2014-05-125-195/+65
| | | | | | while changing things, add a crypt_checkpass wrapper that handles most of the edge cases. (not quite ready for production, though.) ok deraadt
* missing NULL checks to see if init is needed. found hard way by deraadt.tedu2014-05-061-3/+3
|
* fix stupid committedu2014-05-061-5/+5
|
* use explicit_bzerotedu2014-05-061-5/+5
|
* clear a stack buffer with explicit_bzerotedu2014-05-061-2/+2
|
* move chacha context and buffer out of bss and allow mmap to place themtedu2014-05-061-6/+16
| | | | wherever it decides it would like them. first step. ok deraadt dlg djm
* delete useless test codederaadt2014-05-041-23/+1
|
* now that 5.5 has been released with compatibility for 2b hashes,tedu2014-05-031-2/+2
| | | | switch to generating them by default. prodded by deraadt and sthen
* 1. Drop support for no minor. This variant doesn't exist anymore.tedu2014-05-031-44/+30
| | | | | | | | | | 2. Pull up the actual minor processing code into the switch that parses it. 3. atoi is actually simpler than strtonum in this case, but check the input beforehand so we don't get unexpected results. 4. Slightly more consistent style between various parse and check and increment operations on salt. ok deraadt
* one small tweak to avoid ever going off the end of a string.tedu2014-04-191-4/+6
|
* improved checking for invalid hashes. from solar designertedu2014-04-191-6/+10
|
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-21 13:47:21 +0000