View | Details | Raw Unified | Return to bug 182518 | Differences between
and this patch

Collapse All | Expand All

(-)b/include/unistd.h (+3 lines)
Lines 290-295 typedef __useconds_t useconds_t; Link Here
290
#define	_SC_NPROCESSORS_CONF	57
290
#define	_SC_NPROCESSORS_CONF	57
291
#define	_SC_NPROCESSORS_ONLN	58
291
#define	_SC_NPROCESSORS_ONLN	58
292
#define	_SC_CPUSET_SIZE		122
292
#define	_SC_CPUSET_SIZE		122
293
#define CRYPT_FORMAT_MAX_LEN	20 /* currently strlen("$6$rounds=999999999$") == 20 */
294
#define CRYPT_SALT_MAX_LEN	37 /* currently strlen("$6$rounds=999999999$AAAABBBBCCCCDDDD$") == 37 */
293
#endif
295
#endif
294
296
295
/* Extensions found in Solaris and Linux. */
297
/* Extensions found in Solaris and Linux. */
Lines 490-495 int check_utility_compat(const char *); Link Here
490
const char *
492
const char *
491
	 crypt_get_format(void);
493
	 crypt_get_format(void);
492
int	 crypt_set_format(const char *);
494
int	 crypt_set_format(const char *);
495
int	 crypt_makesalt(char *, const char *, size_t *);
493
int	 des_cipher(const char *, char *, long, int);
496
int	 des_cipher(const char *, char *, long, int);
494
int	 des_setkey(const char *key);
497
int	 des_setkey(const char *key);
495
int	 dup3(int, int, int);
498
int	 dup3(int, int, int);
(-)b/lib/libcrypt/Makefile (-1 / +1 lines)
Lines 17-23 SRCS= crypt.c misc.c \ Link Here
17
		crypt-sha256.c sha256c.c \
17
		crypt-sha256.c sha256c.c \
18
		crypt-sha512.c sha512c.c
18
		crypt-sha512.c sha512c.c
19
MAN=		crypt.3
19
MAN=		crypt.3
20
MLINKS=		crypt.3 crypt_get_format.3 crypt.3 crypt_set_format.3
20
MLINKS=		crypt.3 crypt_makesalt.3 crypt.3 crypt_get_format.3 crypt.3 crypt_set_format.3
21
CFLAGS+=	-I${.CURDIR}/../libmd -I${.CURDIR}/../libutil \
21
CFLAGS+=	-I${.CURDIR}/../libmd -I${.CURDIR}/../libutil \
22
		-I${.CURDIR}/../../sys/crypto/sha2
22
		-I${.CURDIR}/../../sys/crypto/sha2
23
23
(-)b/lib/libcrypt/crypt.3 (-240 / +382 lines)
Lines 1-6 Link Here
1
.\" FreeSec: libcrypt for NetBSD
1
.\" FreeSec: libcrypt for NetBSD
2
.\"
2
.\"
3
.\" Copyright (c) 1994 David Burren
3
.\" Copyright (c) 1994 David Burren
4
.\" Copyright (c) 2015 Derek Marcotte
4
.\" All rights reserved.
5
.\" All rights reserved.
5
.\"
6
.\"
6
.\" Redistribution and use in source and binary forms, with or without
7
.\" Redistribution and use in source and binary forms, with or without
Lines 15-24 Link Here
15
.\"    may be used to endorse or promote products derived from this software
16
.\"    may be used to endorse or promote products derived from this software
16
.\"    without specific prior written permission.
17
.\"    without specific prior written permission.
17
.\"
18
.\"
18
.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
19
.\" THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND
19
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
20
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
20
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
21
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
21
.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
22
.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE
22
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
23
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
23
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
24
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
24
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
25
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
Lines 29-310 Link Here
29
.\"
30
.\"
30
.\" $FreeBSD$
31
.\" $FreeBSD$
31
.\"
32
.\"
32
.Dd March 9, 2014
33
.Dd March 9, 2015
33
.Dt CRYPT 3
34
.Dt LIBCRYPT 3
34
.Os
35
.Os
35
.Sh NAME
36
.Sh NAME
36
.Nm crypt
37
.Nm crypt ,
37
.Nd Trapdoor encryption
38
.Nm crypt_makesalt ,
39
.Nm crypt_get_format ,
40
.Nm crypt_set_format
41
.Nd "library for password hashing"
38
.Sh LIBRARY
42
.Sh LIBRARY
39
.Lb libcrypt
43
.Lb libcrypt
40
.Sh SYNOPSIS
44
.Sh SYNOPSIS
41
.In unistd.h
45
.In unistd.h
42
.Ft char *
46
.Ft "char *"
43
.Fn crypt "const char *key" "const char *salt"
47
.Fn crypt "const char *key" "const char *salt"
44
.Ft const char *
48
.Ft "int"
49
.Fn crypt_makesalt "char *output" "const char *format" "size_t *out_len"
50
.Ft "const char *"
45
.Fn crypt_get_format "void"
51
.Fn crypt_get_format "void"
46
.Ft int
52
.Ft "int"
47
.Fn crypt_set_format "const char *string"
53
.Fn crypt_set_format "const char *string"
48
.Sh DESCRIPTION
54
.Sh DESCRIPTION
49
The
55
The 
50
.Fn crypt
56
.Nm libcrypt 
51
function performs password hashing with additional code added to
57
library covers functions related to password hashing.  
52
deter key search attempts.
58
.Pp
53
Different algorithms can be used to
59
Password hashing is different than a standard one way hash function.  Password hashing tries to make it difficult to recover a low-entropy key 
54
in the hash.
60
.Pq e.g. a typed password
55
.\"
61
from the resultant output hash.  Offline recovery by exhaustive key search 
56
.\" NOTICE:
62
.Pq brute-force and dictionary attacks
57
.\" If you add more algorithms, make sure to update this list
63
is stymied by the password hashing being one-way, and often computationally expensive.  Different algorithms can be selected to produce the password hash, with varying ability to effectively deter key search attempts.
58
.\" and the default used for the Traditional format, below.
64
.Pp
59
.\"
65
The hashing algorithm to be used for an invocation of crypt is chosen by supplying a salt parameter of a particular format.  The algorithms currently supported are: 
60
Currently these include the
66
.Sx bcrypt , 
61
.Tn NBS
67
.Sx sha512-crypt , 
62
.Tn Data Encryption Standard (DES) ,
68
.Sx sha256-crypt , 
63
.Tn MD5
69
.Sx md5-crypt , 
64
hash,
70
.Sx DES Extended Format , 
65
.Tn NT-Hash
71
.Sx Traditional DES Format , 
66
.Pq compatible with Microsoft's NT scheme
72
and 
67
and
73
.Sx NT-Hash .
68
.Tn Blowfish .
74
.Pp
69
The algorithm used will depend upon the format of the Salt
75
Current computational capabilities make all but the bcrypt and sha-crypt families known to be susceptible to exhaustive key searches.  The tuneable work factor of the bcrypt and sha-crypt families has allowed them to be set to be more computationally intensive over time.  The use of the other families is not recommended at this time, but are maintained for legacy compatibility.
70
.Po
76
.Pp
71
following
77
The first argument to 
72
the Modular Crypt Format
78
.Fn crypt 
73
.Pq MCF
79
is the 
74
.Pc ,
80
.Fa key 
75
if
81
to hash 
76
.Tn DES
82
.Pq usually a password , 
77
and/or
83
as a NUL-terminated string.  The second is the 
78
.Tn Blowfish
84
.Fa salt .  
79
is installed or not, and whether
85
A salt is a random value that assists in complicating offline recovery.  The length and format of the salt, and how it will be used is algorithm dependent.  For best results, specify at least sixteen characters of salt.
86
.Pp
87
If the salt begins with the string 
88
.Qq $digit , 
89
then the 
90
.Sx Modular Crypt Format 
91
is used.  If it begins with an underscore 
92
.Qq _ , 
93
then the 
94
.Sx DES Extended Format 
95
is used.  If the salt is 2 or 13 characters and includes only 0-9, a-z, A-Z a dot . or a slash /, then 
96
.Sx Traditional DES Format 
97
is used.  If none of these conditions are true, crypt will use the default hash function set by crypt_set_format, 
98
.Pq or Traditional DES Format if no default has been set, for systems with DES support .
99
.Pp
100
The 
101
.Fn crypt_makesalt
102
function populates an 
103
.Fa output 
104
buffer with a newly generated salt for the specified valid 
105
.Fa format .  
106
The size of the pre-allocated buffer is passed via 
107
.Fa out_len .
108
If the output buffer is too small, the required size is set in 
109
.Fa out_len .
110
.Pp
111
The 
112
.Fn crypt_get_format
113
function returns a constant string that represents the name of the algorithm set as the default.  Its use is deprecated.
114
.Pp
115
The 
80
.Fn crypt_set_format
116
.Fn crypt_set_format
81
has been called to change the default.
117
function sets the default encoding 
82
.Pp
118
.Fa format 
83
The first argument to
119
according to the supplied string.  Its use is deprecated.
84
.Nm
120
.Pp
85
is the data to hash
121
The salts, formats, and algorithms are outlined below.
86
.Pq usually a password ,
122
87
in a
123
.Sh Modular Crypt Format
88
.Dv NUL Ns -terminated
124
.Pp
89
string.
125
Modular Crypt Format is the current standard way to describe which algorithm and parameters to use for a particular crypt invocation.  Salts that are prefixed with $digit are using the modular crypt format.  The prefix selects the algorithm to use.  Valid prefixes are:
90
The second is the salt, in one of three forms:
126
.Bl -column -offset indent ".Sy Prefix" ".Sy Algorithm"
91
.Pp
127
.It Sy Prefix Ta Sy Algorithm
92
.Bl -tag -width Traditional -compact -offset indent
128
.It Li $1$       Ta 
93
.It Extended
129
.Sx md5-crypt
94
If it begins with an underscore
130
.It Li $2        Ta 
95
.Pq Dq _
131
.Sx bcrypt
96
then the
132
.It Li $3$       Ta 
97
.Tn DES
133
.Sx NT-Hash
98
Extended Format
134
.It Li $5$       Ta 
99
is used in interpreting both the key and the salt, as outlined below.
135
.Sx sha256-crypt
100
.It Modular
136
.It Li $6$       Ta 
101
If it begins with the string
137
.Sx sha512-crypt
102
.Dq $digit$
103
then the Modular Crypt Format is used, as outlined below.
104
.It Traditional
105
If neither of the above is true, it assumes the Traditional Format,
106
using the entire string as the salt
107
.Pq or the first portion .
108
.El
138
.El
109
.Pp
139
.Pp
110
All routines are designed to be time-consuming.
140
Everything following the prefix in the salt parameter is algorithm dependant, but includes things like work factor, and an actual salt 
111
.Ss DES Extended Format:
141
.Pq random value for that particular invocation .
112
The
142
113
.Ar key
143
.Ss md5-crypt
114
is divided into groups of 8 characters
144
.Bl -column ".Sy Output Hash Example:" ".Sy 8 characters from the set [a-zA-Z0-9./]"
115
.Pq the last group is NUL-padded
145
.It Li Format Strings:  Ta $1$, md5
116
and the low-order 7 bits of each character
146
.It Li Salt Format:     Ta 8 characters from the set [a-zA-Z0-9./]
117
.Pq 56 bits per group
147
.It Li Full Salt Example:       Ta $1$deadbeef$
118
are used to form the
148
.It Li Output Hash Example:     Ta $1$deadbeef$0Huu6KHrKLVWfqa4WljDE0
119
.Tn DES
149
.El
120
key as follows:
121
the first group of 56 bits becomes the initial
122
.Tn DES
123
key.
124
For each additional group, the XOR of the encryption of the current
125
.Tn DES
126
key with itself and the group bits becomes the next
127
.Tn DES
128
key.
129
.Pp
130
The salt is a 9-character array consisting of an underscore followed
131
by 4 bytes of iteration count and 4 bytes of salt.
132
These are encoded as printable characters, 6 bits per character,
133
least significant character first.
134
The values 0 to 63 are encoded as
135
.Dq ./0-9A-Za-z .
136
This allows 24 bits for both
137
.Fa count
138
and
139
.Fa salt .
140
.Pp
150
.Pp
141
The
151
md5-crypt was the default crypt format in FreeBSD for many years, developed by Poul-Henning Kamp.  
142
.Fa salt
143
introduces disorder in the
144
.Tn DES
145
algorithm in one of 16777216 or 4096 possible ways
146
.Po
147
i.e., with 24 or 12 bits: if bit
148
.Em i
149
of the
150
.Ar salt
151
is set, then bits
152
.Em i
153
and
154
.Em i+24
155
are swapped in the
156
.Tn DES
157
E-box output
158
.Pc .
159
.Pp
152
.Pp
160
The
153
It has seen widespread use in many commercial products, and for a long time was good enough.  It has a fixed work factor, which means that as computers became faster, the ability to attack it has increased proportionally.
161
.Tn DES
154
.Pp
162
key is used to encrypt a 64-bit constant using
155
Its use is no longer recommended.
163
.Ar count
156
164
iterations of
157
.Ss bcrypt
165
.Tn DES .
158
.Bl -column ".Sy Output Hash Example:" ".Sy $2a$05$CCCCCCCCCCCCCCCCCCCCC.VGOzA784oUp/Z0DY336zx7pLYAy0lwK"
166
The value returned is a
159
.It Li Format Strings:  Ta $2$[rounds]$, $2a$[rounds]$, $2b$[rounds]$, blf
167
.Dv NUL Ns -terminated
160
.It Li Salt Format:     Ta 16 bytes then base-64 encoded from the set [a-zA-Z0-9./]
168
string, 20 or 13 bytes
161
.It Li Full Salt Example:       Ta $2a$05$CCCCCCCCCCCCCCCCCCCCC.
169
.Pq plus NUL
162
.It Li Output Hash Example:     Ta $2a$05$CCCCCCCCCCCCCCCCCCCCC.VGOzA784oUp/Z0DY336zx7pLYAy0lwK
170
in length, consisting of the
171
.Ar salt
172
followed by the encoded 64-bit encryption.
173
.Ss Modular crypt:
174
If the salt begins with the string
175
.Fa $digit$
176
then the Modular Crypt Format is used.
177
The
178
.Fa digit
179
represents which algorithm is used in encryption.
180
Following the token is
181
the actual salt to use in the encryption.
182
The maximum length of the salt used depends upon the module.
183
The salt must be terminated with the end of the string character
184
.Pq NUL
185
or a dollar sign.
186
Any characters after the dollar sign are ignored.
187
.Pp
188
Currently supported algorithms are:
189
.Pp
190
.Bl -enum -compact -offset indent
191
.It
192
MD5
193
.It
194
Blowfish
195
.It
196
NT-Hash
197
.It
198
(unused)
199
.It
200
SHA-256
201
.It
202
SHA-512
203
.El
163
.El
204
.Pp
164
.Pp
205
Other crypt formats may be easily added.
165
bcrypt is the first algorithm to support a tuneable work factor.  It was initially introduced in OpenBSD, by Niels Provos, based on the Usenix paper "A Future-Adaptable Password Scheme" by Niels Provos and David Mazières. 
206
An example salt would be:
166
.Pp
207
.Bl -tag -width 6n -offset indent
167
There are three variations supported, each with minor bug fixes.  2b is the recommended variation.  
208
.It Cm "$4$thesalt$rest"
168
.Pp
169
The work factor is specified by the rounds parameter in the format string.  These rounds are logarithmic.  That is, 
170
.Qq $2b$08$ 
171
will take approximately twice as long as 
172
.Qq $2b$07$ 
173
for the same salt and key.  04 is the lowest supported work factor, and 31 is the highest.
174
.Pp
175
When the format string 
176
.Qq blf 
177
is specified, it is equivalent to specifying 
178
.Qq $2b$04$ .
179
180
.Ss NT-Hash
181
.Bl -column ".Sy Output Hash Example:" ".Sy $3$sdlksjfdlksjdlfk"
182
.It Li Format Strings:  Ta $3$, nth
183
.It Li Salt Format:  Ta no salt
184
.It Li Full Salt Example:  Ta $3$
185
.It Li Output Hash Example:  Ta $3$$cc0fb8a290eebbfe74e7207f2ace5927
209
.El
186
.El
210
.Ss Traditional crypt:
211
The algorithm used will depend upon whether
212
.Fn crypt_set_format
213
has been called and whether a global default format has been specified.
214
Unless a global default has been specified or
215
.Fn crypt_set_format
216
has set the format to something else, the built-in default format is
217
used.
218
This is currently
219
.\"
220
.\" NOTICE: Also make sure to update this
221
.\"
222
DES
223
if it is available, or MD5 if not.
224
.Pp
187
.Pp
225
How the salt is used will depend upon the algorithm for the hash.
188
nt-hash is supported for compatibility reasons only.  It is strongly discouraged for any production uses.
226
For
189
227
best results, specify at least eight characters of salt.
190
.Ss sha256-crypt
191
.Bl -column ".Sy Output Hash Example:" ".Sy $5$saltstring$5B8vYYiY.CVt1RlTTf8KbXBH3hsxY/GNooZaBBGWEc5, $5$rounds=10000$saltstringsaltst$3xv.VbSHBb41AL9AvLeujZkZRBAwqFMz2.opqey6IcA "
192
.It Li Format Strings:  Ta $5$, $5$rounds=[rounds]$, sha256
193
.It Li Salt Format:     Ta 16 characters from the set [a-zA-Z0-9./]
194
.It Li Full Salt Examples:      Ta $5$saltstring$, $5$rounds=10000$saltstringsaltst$
195
.It Li Output Hash Examples:     Ta $5$saltstring$5B8vYYiY.CVt1RlTTf8KbXBH3hsxY/GNooZaBBGWEc5, $5$rounds=10000$saltstringsaltst$3xv.VbSHBb41AL9AvLeujZkZRBAwqFMz2.opqey6IcA 
196
.El
228
.Pp
197
.Pp
229
The
198
sha256 supports a tunable work factor.  It was developed by Ulrich Drepper of Red Hat, and is detailed in 
230
.Fn crypt_get_format
199
.Qq Unix crypt using SHA-256 and SHA-512 .
231
function returns a constant string that represents the name of the
232
algorithm currently used.
233
Valid values are
234
.\"
235
.\" NOTICE: Also make sure to update this, too, as well
236
.\"
237
.Ql des ,
238
.Ql blf ,
239
.Ql md5 ,
240
.Ql sha256 ,
241
.Ql sha512
242
and
243
.Ql nth .
244
.Pp
200
.Pp
245
The
201
From that document:
202
.Pp
203
.Qo
204
Security departments in companies are trying to phase out all uses of MD5.  They demand a method which is officially sanctioned.  For US-based users this means tested by the NIST.
205
.Pp
206
This rules out the use of another already implemented method with limited spread: the use of the Blowfish encryption method.  The choice comes down to tested encryption 
207
.Pq 3DES, AES
208
or hash sums 
209
.Pq the SHA family .
210
.Qc
211
.Pp
212
The prepositions in the above statement are misleading.  Blowfish as a primitive, like 3DES or AES, has stood up to years of scrutinty by the cryptographic communinty.  bcrypt, the password hashing function, is ubiquitous.  It also currently provides greater resilience against pipe-lined or GPU-based attacks for the approximate same CPU workload as the sha-crypt family, based on its limited memory requirements.  This is not expected to remain true with future improvements to GPUs.  An additional subtle difference between bcrypt and the sha families is that bcrypt's salt is 2^128 bits, while the sha family is 2^96 bits.
213
.Pp
214
If you require a algorithm that includes NIST sanctioned primitives, choose one of the sha-crypt methods.
215
.Pp
216
The work factor is specified by the rounds parameter in the format string.  These rounds are linear.  That is, 
217
.Qq $5$rounds=20000$ 
218
will take approximately twice as long as 
219
.Qq $5$rounds=10000$ 
220
for the same salt and key. 1000 is the minimum number of rounds, 999999999 is the maximum.
221
.Pp
222
When the format string 
223
.Qq sha256 ,
224
or 
225
.Qq $5$ 
226
is specified, it is equivalent to specifying 
227
.Qq $5$rounds=5000$ .
228
229
230
.Ss sha512-crypt
231
.Bl -column ".Sy Output Hash Example:" ".Sy $6$saltstring$svn8UoSVapNtMuq1ukKS4tPQd8iKwSMHWjl/O817G3uBnIFNjnQJuesI68u4OTLiBFdcbYEdFCoEOfaS35inz1, $6$rounds=10000$saltstringsaltst$OW1/O6BYHV6BcXZu8QVeXbDWra3Oeqh0sbHbbMCVNSnCM/UrjmM0Dp8vOuZeHBy/YTBmSK6H9qs/y3RnOaw5v."
232
.It Li Format Strings:  Ta $6$, $6$rounds=[rounds]$, sha512
233
.It Li Salt Format:     Ta 16 characters from the set [a-zA-Z0-9./]
234
.It Li Full Salt Examples:      Ta $6$saltstring$, $6$rounds=10000$saltstringsaltst$
235
.It Li Output Hash Examples:     Ta $6$saltstring$svn8UoSVapNtMuq1ukKS4tPQd8iKwSMHWjl/O817G3uBnIFNjnQJuesI68u4OTLiBFdcbYEdFCoEOfaS35inz1, $6$rounds=10000$saltstringsaltst$OW1/O6BYHV6BcXZu8QVeXbDWra3Oeqh0sbHbbMCVNSnCM/UrjmM0Dp8vOuZeHBy/YTBmSK6H9qs/y3RnOaw5v. 
236
.El
237
sha512 is nearly equivalent to sha256, except that it uses SHA512 as a primitive.  See Unix crypt using SHA-256 and SHA-512 for more details.
238
239
The details provided in sha256 apply here as well.
240
241
When the format string 
242
.Qq sha512 , 
243
or 
244
.Qq $6$ 
245
is specified, it is equivalent to specifying 
246
.Qq $6$rounds=5000$ .
247
248
.Sh DES Extended Format:
249
.Pp
250
The key is divided into groups of 8 characters 
251
.Pq the last group is NUL-padded 
252
and the low-order 7 bits of each character 
253
.Pq 56 bits per group
254
are used to form the DES key as follows: the first group of 56 bits becomes the initial DES key.  For each additional group, the XOR of the encryption of the current DES key with itself and the group bits becomes the next DES key.
255
.Pp
256
The salt is a 9-character array consisting of an underscore followed by 4 bytes of iteration count and 4 bytes of salt.  These are encoded as printable characters, 6 bits per character, least significant character first.  The values 0 to 63 are encoded as 
257
.Qq ./0-9A-Za-z .  
258
This allows 24 bits for both count and salt.
259
.Pp
260
The salt introduces disorder in the DES algorithm in one of 16777216 or 4096 possible ways 
261
.Pq i.e., with 24 or 12 bits: if bit i of the salt is set, then bits i and i+24 are swapped in the DES E-box output .
262
.Pp
263
The DES key is used to encrypt a 64-bit constant using count iterations of DES.  The value returned is a NUL-terminated string, 20 or 13 bytes 
264
.Pq plus NUL
265
in length, consisting of the salt followed by the encoded 64-bit encryption.
266
267
.Sh Traditional DES Format:
268
.Pp
269
The algorithm used will depend upon whether 
246
.Fn crypt_set_format
270
.Fn crypt_set_format
247
function sets the default encoding format according to the supplied
271
has been called to set the global default.  The built-in default format is used, if no default is set.  This is currently 
248
.Fa string .
272
.Qq des
273
if it is available, or 
274
.Qq sha512
275
if not.
276
249
.Sh RETURN VALUES
277
.Sh RETURN VALUES
250
The
278
.Pp
279
The 
251
.Fn crypt
280
.Fn crypt
252
function returns a pointer to the encrypted value on success, and NULL on
281
function returns a pointer to the encrypted value on success,
253
failure.
282
and NULL on failure.  Note: this is not a standard behaviour, AT&T
254
Note: this is not a standard behaviour, AT&T
255
.Fn crypt
283
.Fn crypt
256
will always return a pointer to a string.
284
will always return a pointer to a string.
257
.Pp
285
.Pp
258
The
286
The
287
.Fn crypt_makesalt
288
function will return a 0 on success, or non-zero on failure.  It may fail in one of two
289
ways.  If 
290
.Fa out_len
291
has changed, the
292
.Fa output
293
buffer was not large enough to store the salt.  The required size will be stored
294
in
295
.Fa out_len .
296
If
297
.Fa out_len 
298
has not changed, then the
299
.Fa format
300
passed was invalid.  
301
.Pp
302
The 
259
.Fn crypt_set_format
303
.Fn crypt_set_format
260
function will return 1 if the supplied encoding format was valid.
304
function will return 1 if the supplied encoding format was valid.  Otherwise, a value of 0 is returned.
261
Otherwise, a value of 0 is returned.
305
306
     
307
.Sh EXAMPLES
308
.Bd -literal
309
#include <stdio.h>
310
#include <string.h>
311
#include <pthread.h>
312
313
#include <pwd.h>
314
#include <unistd.h>
315
316
#include <sys/param.h>
317
318
int
319
main()
320
{
321
	char *global_static_buffer;
322
	char final[_PASSWORD_LEN + 1];
323
	char test[_PASSWORD_LEN + 1];
324
	char salt[CRYPT_SALT_MAX_LEN + 1];
325
	size_t salt_sz = sizeof(salt);
326
327
	int exit_code = 0;
328
329
	/* threaded implementations should use a mutex around crypt */
330
	pthread_mutex_t mtx;
331
	if (pthread_mutex_init(&mtx, NULL) ) {
332
		exit_code = 1;
333
		goto exit1;
334
	}
335
336
	if (crypt_makesalt(salt, "$2b$08$", &salt_sz) ) {
337
		if ( salt_sz != sizeof(salt) ) {
338
			printf("Destination buffer too small for algorithm salt\\n");
339
			exit_code = 2;
340
			goto exit;
341
		}
342
343
		printf("Invalid format specified\\n");
344
		exit_code = 3;
345
		goto exit;
346
	}
347
	printf("crypt_makesalt result: %s\\n", salt);
348
349
	/*
350
	 * Generate a crypt for storage
351
	 */
352
353
	/* crypt buffer is global static */
354
	pthread_mutex_lock(&mtx);
355
	global_static_buffer = crypt("you'll never guess me!", salt);
356
	strncpy(final, global_static_buffer, sizeof(final) );
357
	pthread_mutex_unlock(&mtx);
358
	
359
	if (global_static_buffer == NULL) { 
360
		printf("crypt failed\\n");
361
		exit_code = 4;
362
		goto exit;
363
	}
364
365
	printf("crypt result: %s\\n", final);
366
367
	/*
368
	 * Compare a string against a stored crypt
369
	 */
370
371
	pthread_mutex_lock(&mtx);
372
	global_static_buffer = crypt("is this it?", final);
373
	strncpy(test, global_static_buffer, sizeof(test) );
374
	pthread_mutex_unlock(&mtx);
375
	
376
	if (global_static_buffer == NULL) { 
377
		printf("second crypt failed\\n");
378
		exit_code = 5;
379
		goto exit;
380
	}
381
	
382
	printf("test result: %s\\n", test);
383
	
384
	/* a timing-safe string compare would be better */
385
	if ( strncmp(test, final, MAX(sizeof(test), sizeof(final) ) ) == 0 ) {
386
		printf("The two buffers match.\\n");
387
	} else {
388
		printf("The two buffers do not match.\\n");
389
	}
390
391
exit:
392
	pthread_mutex_destroy(&mtx);
393
exit1:
394
	return exit_code;
395
}
396
.Ed
262
.Sh SEE ALSO
397
.Sh SEE ALSO
263
.Xr login 1 ,
398
.Xr login 1 , 
264
.Xr passwd 1 ,
399
.Xr passwd 1 , 
265
.Xr getpass 3 ,
400
.Xr getpass 3 , 
266
.Xr passwd 5
401
.Xr login_getcapstr 3 , 
402
.Xr passwd 5 ,
403
267
.Sh HISTORY
404
.Sh HISTORY
268
A rotor-based
405
.Pp
406
A rotor-based 
269
.Fn crypt
407
.Fn crypt
270
function appeared in
408
function appeared in Version 6 AT&T UNIX.  The
271
.At v6 .
409
current style 
272
The current style
273
.Fn crypt
410
.Fn crypt
274
first appeared in
411
first appeared in Version 7 AT&T UNIX.
275
.At v7 .
276
.Pp
412
.Pp
277
The
413
The DES section of the code 
278
.Tn DES
414
.Pq FreeSec 1.0
279
section of the code (FreeSec 1.0) was developed outside the United
415
was developed outside the
280
States of America as an unencumbered replacement for the U.S.-only
416
United States of America as an unencumbered replacement for the U.S.-only
281
.Nx
417
NetBSD libcrypt encryption library.
282
libcrypt encryption library.
418
283
.Sh AUTHORS
419
.Sh AUTHORS
284
.An -nosplit
420
Originally written by David Burren 
285
Originally written by
421
.Mt davidb@werj.com.au , 
286
.An David Burren Aq Mt davidb@werj.com.au ,
422
later additions and changes by Poul-Henning Kamp, Mark R V Murray, Michael
287
later additions and changes by
423
Bretterklieber, Kris Kennaway, Brian Feldman, Paul Herman, Niels Provos, and 
288
.An Poul-Henning Kamp ,
424
Derek Marcotte.
289
.An Mark R V Murray ,
425
290
.An Michael Bretterklieber ,
291
.An Kris Kennaway ,
292
.An Brian Feldman ,
293
.An Paul Herman
294
and
295
.An Niels Provos .
296
.Sh BUGS
426
.Sh BUGS
297
The
427
The 
298
.Fn crypt
428
.Fn crypt
299
function returns a pointer to static data, and subsequent calls to
429
function returns a pointer to static data, and subsequent
430
calls to 
300
.Fn crypt
431
.Fn crypt
301
will modify the same data.
432
will modify the same data.  Likewise, 
302
Likewise,
303
.Fn crypt_set_format
433
.Fn crypt_set_format
304
modifies static data.
434
modifies static data.
435
436
.Sh SECURITY CONSIDERATIONS
437
The following algorithms are considered insecure, and are not recommended 
438
for new implementations: 
439
.Sx md5-crypt , 
440
.Sx DES Extended Format , 
441
.Sx Traditional DES Format , 
442
and 
443
.Sx NT-Hash .
305
.Pp
444
.Pp
306
The NT-hash scheme does not use a salt,
445
.Sx bcrypt 
307
and is not hard
446
is preferred over 
308
for a competent attacker
447
.Sx sha512-crypt ,
309
to break.
448
or 
310
Its use is not recommended.
449
.Sx sha256-crypt , 
450
because of 
451
its resiliance to pipelined, and GPU based attacks - unless having a
452
NIST-approved algorithm is a requirement.
(-)b/lib/libcrypt/crypt.c (-25 / +181 lines)
Lines 1-6 Link Here
1
/*-
1
/*-
2
 * Copyright (c) 1999 Mark Murray
2
 * Copyright (c) 1999 Mark Murray
3
 * Copyright (c) 2014 Dag-Erling Smørgrav
3
 * Copyright (c) 2014 Dag-Erling Smørgrav
4
 * Copyright (c) 2015 Derek Marcotte
4
 * All rights reserved.
5
 * All rights reserved.
5
 *
6
 *
6
 * Redistribution and use in source and binary forms, with or without
7
 * Redistribution and use in source and binary forms, with or without
Lines 29-84 Link Here
29
__FBSDID("$FreeBSD$");
30
__FBSDID("$FreeBSD$");
30
31
31
#include <sys/types.h>
32
#include <sys/types.h>
33
#include <sys/param.h>
32
34
33
#include <libutil.h>
35
#include <libutil.h>
34
#include <string.h>
36
#include <string.h>
35
#include <unistd.h>
37
#include <unistd.h>
38
#include <regex.h>
39
#include <stdbool.h>
40
#include <stdlib.h>
36
41
37
#include "crypt.h"
42
#include "crypt.h"
38
43
39
/*
44
/*
40
 * List of supported crypt(3) formats.
45
 * List of supported crypt(3) formats.
41
 *
46
 *
42
 * The default algorithm is the last entry in the list (second-to-last
47
 * Ordered from most probable to least probable[1], for the find algorithm to 
43
 * array element since the last is a sentinel).  The reason for placing
48
 * preform a little better in some cases.  Generally, order is not important.
44
 * the default last rather than first is that DES needs to be at the
49
 *
45
 * bottom for the algorithm guessing logic in crypt(3) to work correctly,
50
 * 1. as guessed by a random person
46
 * and it needs to be the default for backward compatibility.
51
 *
47
 */
52
 */
48
static const struct crypt_format {
53
static const struct crypt_format {
49
	const char *const name;
54
	const char *const name;
50
	char *(*const func)(const char *, const char *);
55
	char *(*const func)(const char *, const char *);
51
	const char *const magic;
56
	const char *const magic;
57
	const char *const default_format;
58
	const char *const format_regex;
59
	
60
	const uint8_t salt_bytes;
61
	const bool salt_trailing_sign;	/* do we tack on a $ at the end of the salt */
52
} crypt_formats[] = {
62
} crypt_formats[] = {
53
	{ "md5",	crypt_md5,		"$1$"	},
63
	{ "md5",	crypt_md5,	"$1$",	"$1$",		"^\\$1\\$$",				8,	true	},
64
	{ "sha512",	crypt_sha512,	"$6$",	"$6$",		"^\\$6\\$(rounds=[0-9]{0,9}\\$)?$",	16,	true	},
54
#ifdef HAS_BLOWFISH
65
#ifdef HAS_BLOWFISH
55
	{ "blf",	crypt_blowfish,		"$2"	},
66
	{ "blf",	crypt_blowfish,	"$2",	"$2b$04$",	"^\\$2[ab]?\\$[0-9]{2}\\$$",		22 /* 16 * 1.333 */,	false	},
56
#endif
67
#endif
57
	{ "nth",	crypt_nthash,		"$3$"	},
58
	{ "sha256",	crypt_sha256,		"$5$"	},
59
	{ "sha512",	crypt_sha512,		"$6$"	},
60
#ifdef HAS_DES
68
#ifdef HAS_DES
61
	{ "des",	crypt_des,		"_"	},
69
	{ "des",	crypt_des,	NULL,	"",		NULL,					2,	false	},
70
	{ "des-ext",	crypt_des,	"_",	"_..T.",	"^_[A-Za-z0-9./]{4}$",			4,	false	},
62
#endif
71
#endif
63
72
	{ "nth",	crypt_nthash,	"$3$",	"$3$",		"^\\$3\\$$",				0,	false	},
73
	{ "sha256",	crypt_sha256,	"$5$",	"$5$",		"^\\$5\\$(rounds=[0-9]{0,9}\\$)?$",	16,	true	},
74
	
64
	/* sentinel */
75
	/* sentinel */
65
	{ NULL,		NULL,			NULL	}
76
	{ NULL,		NULL,		NULL,	NULL,		NULL,	0,	NULL	}
66
};
77
};
67
78
68
static const struct crypt_format *crypt_format =
79
#ifdef HAS_DES
69
    &crypt_formats[(sizeof crypt_formats / sizeof *crypt_formats) - 2];
80
/* must be des if system has des */
81
static char default_format[CRYPT_FORMAT_MAX_LEN + 1] = "des";
82
#else 
83
static char default_format[CRYPT_FORMAT_MAX_LEN + 1] = "sha512";
84
#endif
85
86
/* local-scope only */
87
static const struct crypt_format *crypt_find_format(const char *);
88
static bool crypt_validate_format_regex(const char *, const char *);
89
static bool crypt_format_is_modular(const char*);
70
90
71
#define DES_SALT_ALPHABET \
91
#define DES_SALT_ALPHABET \
72
	"./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"
92
	"./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"
73
93
74
/*
94
/*
95
 * Fill a buffer with a new salt conforming to a particular crypt format
96
 *
97
 * We're breaking the API convention established by crypt_set_format (return 0 
98
 * on success)  * because it might be nice to behave like the rest of C 
99
 * libraries, rather than the one deprecated function.
100
 *
101
 */
102
int
103
crypt_makesalt(char *out, const char *format, size_t *outlen)
104
{
105
	const struct crypt_format *cf;
106
	uint8_t rand_buf[4];
107
	size_t reqsz;
108
	const char *prefix;
109
	size_t prefix_len;
110
	
111
	/* diff really is a size, but keeping it api compatible with b64_from_24bit.  
112
	 * Only up to 4 bytes anyways, shouldn't be a problem, right? 
113
	 */
114
	int diff;
115
	unsigned int i;
116
	
117
	/* find the appropriate format entry */
118
	cf = crypt_find_format(format);
119
	if (cf == NULL )
120
		return (-1);
121
	
122
	/* calculate required output size */
123
	if (crypt_format_is_modular(format) ) {
124
		prefix = format;
125
	} else {
126
		prefix = cf->default_format;
127
	}
128
	prefix_len = strlen(prefix);
129
	reqsz = prefix_len + (size_t) cf->salt_bytes;
130
	
131
	if (cf->salt_trailing_sign)
132
		reqsz++;
133
	
134
	/* trailing '\0' */
135
	reqsz++;
136
	
137
	/* does the output buff have enough */
138
	if (reqsz > *outlen) {
139
		*outlen = reqsz;
140
		return (-2);
141
	}
142
	
143
	/* start building our output */
144
	strncpy(out, prefix, *outlen);
145
	out += prefix_len;
146
	
147
	for (i = 0; i < cf->salt_bytes; i += 4 ) {
148
		arc4random_buf(rand_buf, 3);
149
		
150
		diff = MIN(cf->salt_bytes - i, 4);
151
		b64_from_24bit(rand_buf[2], rand_buf[1], rand_buf[0], diff, &diff, &out);
152
	}
153
	
154
	/* cleanup */
155
	bzero(rand_buf, sizeof(rand_buf) );
156
	
157
	if (cf->salt_trailing_sign) {
158
		out[0] = '$';
159
		out++;
160
	}
161
	
162
	/* don't need to add trailing '\0', strncpy above will have set it already */
163
	return (0);
164
}
165
166
/*
75
 * Returns the name of the currently selected format.
167
 * Returns the name of the currently selected format.
76
 */
168
 */
77
const char *
169
const char *
78
crypt_get_format(void)
170
crypt_get_format(void)
79
{
171
{
80
172
	return default_format;
81
	return (crypt_format->name);
82
}
173
}
83
174
84
/*
175
/*
Lines 87-101 crypt_get_format(void) Link Here
87
int
178
int
88
crypt_set_format(const char *format)
179
crypt_set_format(const char *format)
89
{
180
{
90
	const struct crypt_format *cf;
181
	if (crypt_find_format(format) == NULL) {
182
		return (0);
183
	}
184
	
185
	strncpy(default_format, format, sizeof(default_format) );
186
	return (1);
187
}
188
189
/*
190
 * is the crypt format a recognized as valid
191
 */
192
static bool
193
crypt_format_validate_regex(const char* regex, const char *format) 
194
{
195
	regex_t regex_c;
196
	int res = 0;
197
	
198
	/* We could cache these, but they are simple, and this function won't be
199
	 * called often.
200
	 */
201
	if (regcomp(&regex_c, regex, REG_EXTENDED) != 0) {
202
		return false;
203
	}
204
	
205
	res = regexec(&regex_c, format, 0, NULL, 0);
206
	regfree(&regex_c);
207
	
208
	return !res;
209
}
210
211
/*
212
 * is the crypt format a fancy-dancy modular format
213
 */
214
static bool
215
crypt_format_is_modular(const char* format) 
216
{
217
	/* we'll treat 'new des' as modular, because they can set 24 bits of count via salt */
218
	return (format[0] == '$' || format[0] == '_');
219
}
91
220
92
	for (cf = crypt_formats; cf->name != NULL; ++cf) {
221
/*
93
		if (strcasecmp(cf->name, format) == 0) {
222
 * lookup our format in our internal table for a matching crypt_format structure
94
			crypt_format = cf;
223
 */
95
			return (1);
224
static const struct crypt_format *
225
crypt_find_format(const char *format)
226
{
227
	const struct crypt_format *cf;
228
	
229
	if (strcmp(format, "default") == 0 ) {
230
		format = default_format;
231
	}
232
	
233
	if (crypt_format_is_modular(format) ) {
234
		/* modular crypt magic lookup, force full syntax */
235
		for (cf = crypt_formats; cf->name != NULL; ++cf) {
236
			if (cf->magic != NULL && strstr(format, cf->magic) == format && crypt_format_validate_regex(cf->format_regex, format) ) {
237
				return cf;
238
			}
239
		}
240
	} else {
241
		/* name lookup */
242
		for (cf = crypt_formats; cf->name != NULL; ++cf) {
243
			if (strcasecmp(cf->name, format) == 0) {
244
				return cf;
245
			}
96
		}
246
		}
97
	}
247
	}
98
	return (0);
248
	
249
	return NULL;
99
}
250
}
100
251
101
/*
252
/*
Lines 110-123 crypt(const char *passwd, const char *salt) Link Here
110
#ifdef HAS_DES
261
#ifdef HAS_DES
111
	int len;
262
	int len;
112
#endif
263
#endif
113
264
	
265
	/* use the magic in the salt for lookup */
114
	for (cf = crypt_formats; cf->name != NULL; ++cf)
266
	for (cf = crypt_formats; cf->name != NULL; ++cf)
115
		if (cf->magic != NULL && strstr(salt, cf->magic) == salt)
267
		if (cf->magic != NULL && strstr(salt, cf->magic) == salt)
116
			return (cf->func(passwd, salt));
268
			return (cf->func(passwd, salt));
269
117
#ifdef HAS_DES
270
#ifdef HAS_DES
271
	/* check if it's standard des */
118
	len = strlen(salt);
272
	len = strlen(salt);
119
	if ((len == 13 || len == 2) && strspn(salt, DES_SALT_ALPHABET) == len)
273
	if ((len == 13 || len == 2) && strspn(salt, DES_SALT_ALPHABET) == len)
120
		return (crypt_des(passwd, salt));
274
		return (crypt_des(passwd, salt));
121
#endif
275
#endif
122
	return (crypt_format->func(passwd, salt));
276
277
	cf = crypt_find_format(default_format);
278
	return (cf->func(passwd, salt));
123
}
279
}
(-)b/lib/libcrypt/tests/crypt_tests.c (-8 / +389 lines)
Lines 4-9 __FBSDID("$FreeBSD$"); Link Here
4
#include <sys/types.h>
4
#include <sys/types.h>
5
#include <crypt.h>
5
#include <crypt.h>
6
#include <unistd.h>
6
#include <unistd.h>
7
#include <stdio.h>
7
8
8
#include <atf-c.h>
9
#include <atf-c.h>
9
10
Lines 12-18 __FBSDID("$FreeBSD$"); Link Here
12
ATF_TC(md5);
13
ATF_TC(md5);
13
ATF_TC_HEAD(md5, tc)
14
ATF_TC_HEAD(md5, tc)
14
{
15
{
15
16
	atf_tc_set_md_var(tc, "descr", "Tests the MD5 based password hash");
16
	atf_tc_set_md_var(tc, "descr", "Tests the MD5 based password hash");
17
}
17
}
18
18
Lines 25-38 ATF_TC_BODY(md5, tc) Link Here
25
	ATF_CHECK_STREQ(pw, want);
25
	ATF_CHECK_STREQ(pw, want);
26
}
26
}
27
27
28
ATF_TC(invalid);
28
ATF_TC(md5invalid);
29
ATF_TC_HEAD(invalid, tc)
29
ATF_TC_HEAD(md5invalid, tc)
30
{
30
{
31
31
	atf_tc_set_md_var(tc, "descr", "Tests that md5invalid password fails");
32
	atf_tc_set_md_var(tc, "descr", "Tests that invalid password fails");
33
}
32
}
34
33
35
ATF_TC_BODY(invalid, tc)
34
ATF_TC_BODY(md5invalid, tc)
36
{
35
{
37
	const char want[] = "$1$cafebabe$0Huu6KHrKLVWfqa4WljDE0";
36
	const char want[] = "$1$cafebabe$0Huu6KHrKLVWfqa4WljDE0";
38
	char *pw;
37
	char *pw;
Lines 41-54 ATF_TC_BODY(invalid, tc) Link Here
41
	ATF_CHECK(strcmp(pw, want) != 0);
40
	ATF_CHECK(strcmp(pw, want) != 0);
42
}
41
}
43
42
43
ATF_TC(sha256_vector_1);
44
ATF_TC_HEAD(sha256_vector_1, tc)
45
{
46
	atf_tc_set_md_var(tc, "descr", "Test vector from crypt-sha256.c");
47
}
48
49
ATF_TC_BODY(sha256_vector_1, tc)
50
{
51
	const char want[] = "$5$saltstring$5B8vYYiY.CVt1RlTTf8KbXBH3hsxY/GNooZaBBGWEc5";
52
	char *pw;
53
54
	pw = crypt("Hello world!", "$5$saltstring");
55
	ATF_CHECK_STREQ(pw, want);
56
}
57
58
ATF_TC(sha256_invalid);
59
ATF_TC_HEAD(sha256_invalid, tc)
60
{
61
	atf_tc_set_md_var(tc, "descr", "Tests that an invalid password fails");
62
}
63
64
ATF_TC_BODY(sha256_invalid, tc)
65
{
66
	const char want[] = "$5$saltstring$5B8vYYiY.CVt1RlTTf8KbXBH3hsxY/GNooZaBBGWEc5";
67
	char *pw;
68
69
	pw = crypt("Goodbye cruel world!", "$5$saltstring");
70
	ATF_CHECK(strcmp(pw, want) != 0);
71
}
72
73
ATF_TC(sha256_vector_2);
74
ATF_TC_HEAD(sha256_vector_2, tc)
75
{
76
	atf_tc_set_md_var(tc, "descr", "Test vector from crypt-sha256.c");
77
}
78
79
ATF_TC_BODY(sha256_vector_2, tc)
80
{
81
	const char want[] = "$5$rounds=10000$saltstringsaltst$3xv.VbSHBb41AL9AvLeujZkZRBAwqFMz2."
82
		"opqey6IcA";
83
	char *pw;
84
85
	pw = crypt("Hello world!", "$5$rounds=10000$saltstringsaltstring");
86
	ATF_CHECK_STREQ(pw, want);
87
}
88
89
ATF_TC(sha256_vector_3);
90
ATF_TC_HEAD(sha256_vector_3, tc)
91
{
92
	atf_tc_set_md_var(tc, "descr", "Test vector from crypt-sha256.c");
93
}
94
95
ATF_TC_BODY(sha256_vector_3, tc)
96
{
97
	const char want[] = "$5$rounds=5000$toolongsaltstrin$Un/5jzAHMgOGZ5.mWJpuVolil07guHPvOW8"
98
		"mGRcvxa5";
99
	char *pw;
100
101
	pw = crypt("This is just a test", "$5$rounds=5000$toolongsaltstring");
102
	ATF_CHECK_STREQ(pw, want);
103
}
104
105
ATF_TC(sha256_vector_4);
106
ATF_TC_HEAD(sha256_vector_4, tc)
107
{
108
	atf_tc_set_md_var(tc, "descr", "Test vector from crypt-sha256.c");
109
}
110
111
ATF_TC_BODY(sha256_vector_4, tc)
112
{
113
	const char want[] = "$5$rounds=1400$anotherlongsalts$Rx.j8H.h8HjEDGomFU8bDkXm3XIUnzyxf12"
114
		"oP84Bnq1";
115
	char *pw;
116
117
	pw = crypt("a very much longer text to encrypt.  This one even stretches over more"
118
		"than one line.", "$5$rounds=1400$anotherlongsaltstring");
119
	ATF_CHECK_STREQ(pw, want);
120
}
121
122
ATF_TC(sha256_vector_5);
123
ATF_TC_HEAD(sha256_vector_5, tc)
124
{
125
	atf_tc_set_md_var(tc, "descr", "Test vector from crypt-sha256.c");
126
}
127
128
ATF_TC_BODY(sha256_vector_5, tc)
129
{
130
	const char want[] = "$5$rounds=77777$short$JiO1O3ZpDAxGJeaDIuqCoEFysAe1mZNJRs3pw0KQRd/";
131
	char *pw;
132
133
	pw = crypt("we have a short salt string but not a short password", "$5$rounds=77777$short");
134
	ATF_CHECK_STREQ(pw, want);
135
}
136
137
ATF_TC(sha256_vector_6);
138
ATF_TC_HEAD(sha256_vector_6, tc)
139
{
140
	atf_tc_set_md_var(tc, "descr", "Test vector from crypt-sha256.c");
141
}
142
143
ATF_TC_BODY(sha256_vector_6, tc)
144
{
145
	const char want[] = "$5$rounds=123456$asaltof16chars..$gP3VQ/6X7UUEW3HkBn2w1/Ptq2jxPyzV/"
146
		"cZKmF/wJvD";
147
	char *pw;
148
149
	pw = crypt("a short string", "$5$rounds=123456$asaltof16chars..");
150
	ATF_CHECK_STREQ(pw, want);
151
}
152
153
ATF_TC(sha256_vector_7);
154
ATF_TC_HEAD(sha256_vector_7, tc)
155
{
156
	atf_tc_set_md_var(tc, "descr", "Test vector from crypt-sha256.c");
157
}
158
159
ATF_TC_BODY(sha256_vector_7, tc)
160
{
161
	const char want[] = "$5$rounds=1000$roundstoolow$yfvwcWrQ8l/K0DAWyuPMDNHpIVlTQebY9l/gL97"
162
		"2bIC";
163
	char *pw;
164
165
	pw = crypt("the minimum number is still observed", "$5$rounds=10$roundstoolow");
166
	ATF_CHECK_STREQ(pw, want);
167
}
168
169
ATF_TC(sha512_vector_1);
170
ATF_TC_HEAD(sha512_vector_1, tc)
171
{
172
	atf_tc_set_md_var(tc, "descr", "Test vector from crypt-sha512.c");
173
}
174
175
ATF_TC_BODY(sha512_vector_1, tc)
176
{
177
	const char want[] = "$6$saltstring$svn8UoSVapNtMuq1ukKS4tPQd8iKwSMHWjl/O817G3uBnIFNjnQJu"
178
		"esI68u4OTLiBFdcbYEdFCoEOfaS35inz1";
179
	char *pw;
180
181
	pw = crypt("Hello world!", "$6$saltstring");
182
	ATF_CHECK_STREQ(pw, want);
183
}
184
185
ATF_TC(sha512_invalid);
186
ATF_TC_HEAD(sha512_invalid, tc)
187
{
188
	atf_tc_set_md_var(tc, "descr", "Test vector from crypt-sha512.c");
189
}
190
191
ATF_TC_BODY(sha512_invalid, tc)
192
{
193
	const char want[] = "$6$saltstring$svn8UoSVapNtMuq1ukKS4tPQd8iKwSMHWjl/O817G3uBnIFNjnQJu"
194
		"esI68u4OTLiBFdcbYEdFCoEOfaS35inz1";
195
	char *pw;
196
197
	pw = crypt("Goodbye cruel world!", "$6$saltstring");
198
	ATF_CHECK(strcmp(pw, want) != 0);
199
}
200
201
ATF_TC(sha512_vector_2);
202
ATF_TC_HEAD(sha512_vector_2, tc)
203
{
204
	atf_tc_set_md_var(tc, "descr", "Test vector from crypt-sha512.c");
205
}
206
207
ATF_TC_BODY(sha512_vector_2, tc)
208
{
209
	const char want[] = "$6$rounds=10000$saltstringsaltst$OW1/O6BYHV6BcXZu8QVeXbDWra3Oeqh0sb"
210
		"HbbMCVNSnCM/UrjmM0Dp8vOuZeHBy/YTBmSK6H9qs/y3RnOaw5v.";
211
	char *pw;
212
213
	pw = crypt("Hello world!", "$6$rounds=10000$saltstringsaltstring");
214
	ATF_CHECK_STREQ(pw, want);
215
}
216
217
ATF_TC(sha512_vector_3);
218
ATF_TC_HEAD(sha512_vector_3, tc)
219
{
220
	atf_tc_set_md_var(tc, "descr", "Test vector from crypt-sha512.c");
221
}
222
223
ATF_TC_BODY(sha512_vector_3, tc)
224
{
225
	const char want[] = "$6$rounds=5000$toolongsaltstrin$lQ8jolhgVRVhY4b5pZKaysCLi0QBxGoNeKQ"
226
		"zQ3glMhwllF7oGDZxUhx1yxdYcz/e1JSbq3y6JMxxl8audkUEm0";
227
	char *pw;
228
229
	pw = crypt("This is just a test", "$6$rounds=5000$toolongsaltstring");
230
	ATF_CHECK_STREQ(pw, want);
231
}
232
233
ATF_TC(sha512_vector_4);
234
ATF_TC_HEAD(sha512_vector_4, tc)
235
{
236
	atf_tc_set_md_var(tc, "descr", "Test vector from crypt-sha512.c");
237
}
238
239
ATF_TC_BODY(sha512_vector_4, tc)
240
{
241
	const char want[] = "$6$rounds=1400$anotherlongsalts$POfYwTEok97VWcjxIiSOjiykti.o/pQs.wP"
242
		"vMxQ6Fm7I6IoYN3CmLs66x9t0oSwbtEW7o7UmJEiDwGqd8p4ur1";
243
	char *pw;
244
245
	pw = crypt("a very much longer text to encrypt.  This one even stretches over more"
246
		"than one line.", "$6$rounds=1400$anotherlongsaltstring");
247
	ATF_CHECK_STREQ(pw, want);
248
}
249
250
ATF_TC(sha512_vector_5);
251
ATF_TC_HEAD(sha512_vector_5, tc)
252
{
253
	atf_tc_set_md_var(tc, "descr", "Test vector from crypt-sha512.c");
254
}
255
256
ATF_TC_BODY(sha512_vector_5, tc)
257
{
258
	const char want[] = "$6$rounds=77777$short$WuQyW2YR.hBNpjjRhpYD/ifIw05xdfeEyQoMxIXbkvr0g"
259
		"ge1a1x3yRULJ5CCaUeOxFmtlcGZelFl5CxtgfiAc0";
260
	char *pw;
261
262
	pw = crypt("we have a short salt string but not a short password", "$6$rounds=77777$short");
263
	ATF_CHECK_STREQ(pw, want);
264
}
265
266
ATF_TC(sha512_vector_6);
267
ATF_TC_HEAD(sha512_vector_6, tc)
268
{
269
	atf_tc_set_md_var(tc, "descr", "Test vector from crypt-sha512.c");
270
}
271
272
ATF_TC_BODY(sha512_vector_6, tc)
273
{
274
	const char want[] = "$6$rounds=123456$asaltof16chars..$BtCwjqMJGx5hrJhZywWvt0RLE8uZ4oPwc"
275
		"elCjmw2kSYu.Ec6ycULevoBK25fs2xXgMNrCzIMVcgEJAstJeonj1";
276
	char *pw;
277
278
	pw = crypt("a short string", "$6$rounds=123456$asaltof16chars..");
279
	ATF_CHECK_STREQ(pw, want);
280
}
281
282
ATF_TC(sha512_vector_7);
283
ATF_TC_HEAD(sha512_vector_7, tc)
284
{
285
	atf_tc_set_md_var(tc, "descr", "Test vector from crypt-sha512.c");
286
}
287
288
ATF_TC_BODY(sha512_vector_7, tc)
289
{
290
	const char want[] = "$6$rounds=1000$roundstoolow$kUMsbe306n21p9R.FRkW3IGn.S9NPN0x50YhH1x"
291
		"hLsPuWGsUSklZt58jaTfF4ZEQpyUNGc0dqbpBYYBaHHrsX.";
292
	char *pw;
293
294
	pw = crypt("the minimum number is still observed", "$6$rounds=10$roundstoolow");
295
	ATF_CHECK_STREQ(pw, want);
296
}
297
298
#ifdef HAS_BLOWFISH	
299
ATF_TC(blf_vector_1);
300
ATF_TC_HEAD(blf_vector_1, tc)
301
{
302
	atf_tc_set_md_var(tc, "descr", "Solar Designer wrapper.c test vector 1");
303
}
304
305
ATF_TC_BODY(blf_vector_1, tc)
306
{
307
	const char want[] = "$2a$05$CCCCCCCCCCCCCCCCCCCCC.E5YPO9kmyuRGyh0XouQYb4YMJKvyOeW";
308
	char *pw;
309
	
310
	pw = crypt("U*U", want);
311
	ATF_CHECK_STREQ(pw, want);
312
}
313
314
	
315
ATF_TC(blf_invalid);
316
ATF_TC_HEAD(blf_invalid, tc)
317
{
318
	atf_tc_set_md_var(tc, "descr", "Solar Designer wrapper.c test vector 1 - invalid");
319
}
320
321
ATF_TC_BODY(blf_invalid, tc)
322
{
323
	const char want[] = "$2a$05$CCCCCCCCCCCCCCCCCCCCC.E5YPO9kmyuRGyh0XouQYb4YMJKvyOeW";
324
	char *pw;
325
	
326
	pw = crypt("ME*ME", want);
327
	ATF_CHECK(strcmp(pw, want) != 0);
328
}
329
330
ATF_TC(blf_vector_2);
331
ATF_TC_HEAD(blf_vector_2, tc)
332
{
333
	atf_tc_set_md_var(tc, "descr", "Solar Designer wrapper.c test vector 2");
334
}
335
336
ATF_TC_BODY(blf_vector_2, tc)
337
{
338
	const char want[] = "$2a$05$CCCCCCCCCCCCCCCCCCCCC.VGOzA784oUp/Z0DY336zx7pLYAy0lwK";
339
	char *pw;
340
	
341
	pw = crypt("U*U*", want);
342
	ATF_CHECK_STREQ(pw, want);
343
}
344
345
ATF_TC(blf_vector_3);
346
ATF_TC_HEAD(blf_vector_3, tc)
347
{
348
	atf_tc_set_md_var(tc, "descr", "Solar Designer wrapper.c test vector 3 - long password");
349
}
350
351
ATF_TC_BODY(blf_vector_3, tc)
352
{
353
	const char want[] = "$2a$05$abcdefghijklmnopqrstuu5s2v8.iXieOjg/.AySBTTZIIVFJeBui";
354
	char *pw;
355
	
356
	pw = crypt("0123456789abcdefghijklmnopqrstuvwxyz"
357
		"ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789"
358
		"chars after 72 are ignored", want);
359
	ATF_CHECK_STREQ(pw, want);
360
}
361
362
ATF_TC(blf_vector_4);
363
ATF_TC_HEAD(blf_vector_4, tc)
364
{
365
	atf_tc_set_md_var(tc, "descr", "Solar Designer wrapper.c test vector 4");
366
}
367
368
ATF_TC_BODY(blf_vector_4, tc)
369
{
370
	const char want[] = "$2b$05$/OK.fbVrR/bpIqNJ5ianF.CE5elHaaO4EbggVDjb8P19RukzXSM3e";
371
	char *pw;
372
	
373
	pw = crypt("\xff\xff\xa3", want);
374
	ATF_CHECK_STREQ(pw, want);
375
}
376
377
ATF_TC(blf_vector_5);
378
ATF_TC_HEAD(blf_vector_5, tc)
379
{
380
	atf_tc_set_md_var(tc, "descr", "Solar Designer wrapper.c test vector 5 - ensure our $2a$05$ matches the $2y$05$");
381
}
382
383
ATF_TC_BODY(blf_vector_5, tc)
384
{
385
	const char want[] = "$2a$05$/OK.fbVrR/bpIqNJ5ianF.nRht2l/HRhr6zmCp9vYUvvsqynflf9e";
386
	char *pw;
387
	
388
	pw = crypt("\xff\xa3" "345", want);
389
	ATF_CHECK_STREQ(pw, want);
390
}
391
392
#endif	
393
44
/*
394
/*
45
 * This function must not do anything except enumerate
395
 * This function must not do anything except enumerate
46
 * the test cases, per atf-c-api(3).
396
 * the test cases, per atf-c-api(3).
47
 */
397
 */
48
ATF_TP_ADD_TCS(tp)
398
ATF_TP_ADD_TCS(tp)
49
{
399
{
50
51
	ATF_TP_ADD_TC(tp, md5);
400
	ATF_TP_ADD_TC(tp, md5);
52
	ATF_TP_ADD_TC(tp, invalid);
401
	ATF_TP_ADD_TC(tp, md5invalid);
402
	
403
	ATF_TP_ADD_TC(tp, sha256_vector_1);
404
	ATF_TP_ADD_TC(tp, sha256_invalid);
405
	ATF_TP_ADD_TC(tp, sha256_vector_2);
406
	ATF_TP_ADD_TC(tp, sha256_vector_3);
407
	ATF_TP_ADD_TC(tp, sha256_vector_4);
408
/*
409
	ATF_TP_ADD_TC(tp, sha256_vector_5);
410
	ATF_TP_ADD_TC(tp, sha256_vector_6);
411
*/
412
	ATF_TP_ADD_TC(tp, sha256_vector_7);
413
	
414
	ATF_TP_ADD_TC(tp, sha512_vector_1);
415
	ATF_TP_ADD_TC(tp, sha512_invalid);
416
	ATF_TP_ADD_TC(tp, sha512_vector_2);
417
	ATF_TP_ADD_TC(tp, sha512_vector_3);
418
	ATF_TP_ADD_TC(tp, sha512_vector_4);
419
/*
420
	ATF_TP_ADD_TC(tp, sha512_vector_5);
421
	ATF_TP_ADD_TC(tp, sha512_vector_6);
422
*/
423
	ATF_TP_ADD_TC(tp, sha512_vector_7);
424
425
#ifdef HAS_BLOWFISH	
426
	ATF_TP_ADD_TC(tp, blf_vector_1);
427
	ATF_TP_ADD_TC(tp, blf_invalid);
428
	ATF_TP_ADD_TC(tp, blf_vector_2);
429
	ATF_TP_ADD_TC(tp, blf_vector_3);
430
	ATF_TP_ADD_TC(tp, blf_vector_4);
431
	ATF_TP_ADD_TC(tp, blf_vector_5);
432
#endif	
433
53
	return atf_no_error();
434
	return atf_no_error();
54
}
435
}
(-)b/lib/libpam/modules/pam_unix/pam_unix.c (-40 / +17 lines)
Lines 67-83 __FBSDID("$FreeBSD$"); Link Here
67
#include <security/pam_modules.h>
67
#include <security/pam_modules.h>
68
#include <security/pam_mod_misc.h>
68
#include <security/pam_mod_misc.h>
69
69
70
#define PASSWORD_HASH		"md5"
71
#define DEFAULT_WARN		(2L * 7L * 86400L)  /* Two weeks */
70
#define DEFAULT_WARN		(2L * 7L * 86400L)  /* Two weeks */
72
#define	SALTSIZE		32
73
71
74
#define	LOCKED_PREFIX		"*LOCKED*"
72
#define	LOCKED_PREFIX		"*LOCKED*"
75
#define	LOCKED_PREFIX_LEN	(sizeof(LOCKED_PREFIX) - 1)
73
#define	LOCKED_PREFIX_LEN	(sizeof(LOCKED_PREFIX) - 1)
76
74
77
static void makesalt(char []);
78
79
static char password_hash[] =		PASSWORD_HASH;
80
81
#define PAM_OPT_LOCAL_PASS	"local_pass"
75
#define PAM_OPT_LOCAL_PASS	"local_pass"
82
#define PAM_OPT_NIS_PASS	"nis_pass"
76
#define PAM_OPT_NIS_PASS	"nis_pass"
83
77
Lines 269-281 pam_sm_chauthtok(pam_handle_t *pamh, int flags, Link Here
269
	struct ypclnt *ypclnt;
263
	struct ypclnt *ypclnt;
270
	const void *yp_domain, *yp_server;
264
	const void *yp_domain, *yp_server;
271
#endif
265
#endif
272
	char salt[SALTSIZE + 1];
266
	char salt[CRYPT_SALT_MAX_LEN + 1];
267
	size_t salt_sz;
273
	login_cap_t *lc;
268
	login_cap_t *lc;
274
	struct passwd *pwd, *old_pwd;
269
	struct passwd *pwd, *old_pwd;
275
	const char *user, *old_pass, *new_pass;
270
	const char *user, *old_pass, *new_pass;
276
	char *encrypted;
271
	char *encrypted;
277
	time_t passwordtime;
272
	time_t passwordtime;
278
	int pfd, tfd, retval;
273
	int pfd, tfd, retval;
274
	const char *passwd_format;
279
275
280
	if (openpam_get_option(pamh, PAM_OPT_AUTH_AS_SELF))
276
	if (openpam_get_option(pamh, PAM_OPT_AUTH_AS_SELF))
281
		user = getlogin();
277
		user = getlogin();
Lines 379-388 pam_sm_chauthtok(pam_handle_t *pamh, int flags, Link Here
379
			return (PAM_BUF_ERR);
375
			return (PAM_BUF_ERR);
380
376
381
		lc = login_getclass(pwd->pw_class);
377
		lc = login_getclass(pwd->pw_class);
382
		if (login_setcryptfmt(lc, password_hash, NULL) == NULL)
383
			openpam_log(PAM_LOG_ERROR,
384
			    "can't set password cipher, relying on default");
385
		
378
		
379
		salt_sz = sizeof(salt);
380
		passwd_format = login_getcapstr(lc, "passwd_format", "", NULL);
381
		if (crypt_makesalt(salt, passwd_format, &salt_sz) ) {
382
			login_close(lc);
383
			
384
			if (salt_sz == sizeof(salt) ) {
385
				PAM_LOG("Unable to create salt for crypt(3) format: %s", passwd_format);
386
			} else {
387
				PAM_LOG("Not enough space in buffer to create salt for format: %s. CRYPT_SALT_MAX_LEN is wrong. Buffer size: %zu, required: %zu", passwd_format, sizeof(salt), salt_sz);
388
			}
389
			
390
			return (PAM_SERVICE_ERR);
391
		}
392
				
386
		/* set password expiry date */
393
		/* set password expiry date */
387
		pwd->pw_change = 0;
394
		pwd->pw_change = 0;
388
		passwordtime = login_getcaptime(lc, "passwordtime", 0, 0);
395
		passwordtime = login_getcaptime(lc, "passwordtime", 0, 0);
Lines 390-396 pam_sm_chauthtok(pam_handle_t *pamh, int flags, Link Here
390
			pwd->pw_change = time(NULL) + passwordtime;
397
			pwd->pw_change = time(NULL) + passwordtime;
391
		
398
		
392
		login_close(lc);
399
		login_close(lc);
393
		makesalt(salt);
394
		pwd->pw_passwd = crypt(new_pass, salt);
400
		pwd->pw_passwd = crypt(new_pass, salt);
395
#ifdef YP
401
#ifdef YP
396
		switch (old_pwd->pw_fields & _PWF_SOURCE) {
402
		switch (old_pwd->pw_fields & _PWF_SOURCE) {
Lines 446-478 pam_sm_chauthtok(pam_handle_t *pamh, int flags, Link Here
446
	return (retval);
452
	return (retval);
447
}
453
}
448
454
449
/* Mostly stolen from passwd(1)'s local_passwd.c - markm */
450
451
static unsigned char itoa64[] =		/* 0 ... 63 => ascii - 64 */
452
	"./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
453
454
static void
455
to64(char *s, long v, int n)
456
{
457
	while (--n >= 0) {
458
		*s++ = itoa64[v&0x3f];
459
		v >>= 6;
460
	}
461
}
462
463
/* Salt suitable for traditional DES and MD5 */
464
static void
465
makesalt(char salt[SALTSIZE + 1])
466
{
467
	int i;
468
469
	/* These are not really random numbers, they are just
470
	 * numbers that change to thwart construction of a
471
	 * dictionary.
472
	 */
473
	for (i = 0; i < SALTSIZE; i += 4)
474
		to64(&salt[i], arc4random(), 4);
475
	salt[SALTSIZE] = '\0';
476
}
477
478
PAM_MODULE_ENTRY("pam_unix");
455
PAM_MODULE_ENTRY("pam_unix");
(-)b/lib/libutil/login.conf.5 (-1 / +8 lines)
Lines 278-284 multiplied by 5 seconds. Link Here
278
allowed before the login fails.
278
allowed before the login fails.
279
.It "passwd_format	string	sha512	The encryption format that new or"
279
.It "passwd_format	string	sha512	The encryption format that new or"
280
changed passwords will use.
280
changed passwords will use.
281
Valid values include "des", "md5", "blf", "sha256" and "sha512"; see
281
Valid values include Modular Crypt Format strings, 
282
.Qq des , 
283
.Qq md5 , 
284
.Qq blf , 
285
.Qq sha256
286
and 
287
.Qq sha512 ; 
288
see 
282
.Xr crypt 3
289
.Xr crypt 3
283
for details.
290
for details.
284
NIS clients using a
291
NIS clients using a
(-)b/lib/libutil/login_cap.3 (+7 lines)
Lines 569-574 If calling Link Here
569
on the specifier fails,
569
on the specifier fails,
570
.Fa error
570
.Fa error
571
is returned to indicate this.
571
is returned to indicate this.
572
.Fn login_setcryptfmt
573
and 
574
.Xr crypt_set_format 3
575
are both deprecated in favour of 
576
.Xr login_getcapstr 3
577
and 
578
.Xr crypt_makesalt 3 .
572
.El
579
.El
573
.Sh SEE ALSO
580
.Sh SEE ALSO
574
.Xr login 1 ,
581
.Xr login 1 ,
(-)b/usr.sbin/pw/pw.h (-1 / +1 lines)
Lines 97-103 char const *boolean_str(int val); Link Here
97
char *newstr(char const * p);
97
char *newstr(char const * p);
98
98
99
void pw_log(struct userconf * cnf, int mode, int which, char const * fmt,...) __printflike(4, 5);
99
void pw_log(struct userconf * cnf, int mode, int which, char const * fmt,...) __printflike(4, 5);
100
char *pw_pwcrypt(char *password);
100
char *pw_pwcrypt(const char *password, const char *format);
101
101
102
extern const char *Modes[];
102
extern const char *Modes[];
103
extern const char *Which[];
103
extern const char *Which[];
(-)b/usr.sbin/pw/pw_group.c (-1 / +1 lines)
Lines 91-97 grp_set_passwd(struct group *grp, bool update, int fd, bool precrypted) Link Here
91
			errx(EX_DATAERR, "wrong encrypted passwrd");
91
			errx(EX_DATAERR, "wrong encrypted passwrd");
92
		grp->gr_passwd = line;
92
		grp->gr_passwd = line;
93
	} else
93
	} else
94
		grp->gr_passwd = pw_pwcrypt(line);
94
		grp->gr_passwd = pw_pwcrypt(line, "default");
95
}
95
}
96
96
97
int
97
int
(-)b/usr.sbin/pw/pw_user.c (-28 / +50 lines)
Lines 78-87 static char *pw_homepolicy(struct userconf * cnf, char *homedir, Link Here
78
    const char *user);
78
    const char *user);
79
static char	*pw_shellpolicy(struct userconf * cnf);
79
static char	*pw_shellpolicy(struct userconf * cnf);
80
static char	*pw_password(struct userconf * cnf, char const * user,
80
static char	*pw_password(struct userconf * cnf, char const * user,
81
    bool dryrun);
81
    char const * format, bool dryrun);
82
static char	*shell_path(char const * path, char *shells[], char *sh);
82
static char	*shell_path(char const * path, char *shells[], char *sh);
83
static void	rmat(uid_t uid);
83
static void	rmat(uid_t uid);
84
static void	rmopie(char const * name);
84
static void	rmopie(char const * name);
85
static void	copy_passwd_format(char *passwd_format, login_cap_t *lc, size_t max);
85
86
86
static void
87
static void
87
mkdir_home_parents(int dfd, const char *dir)
88
mkdir_home_parents(int dfd, const char *dir)
Lines 176-181 pw_set_passwd(struct passwd *pwd, int fd, bool precrypted, bool update) Link Here
176
	login_cap_t	*lc;
177
	login_cap_t	*lc;
177
	char		line[_PASSWORD_LEN+1];
178
	char		line[_PASSWORD_LEN+1];
178
	char		*p;
179
	char		*p;
180
	char		passwd_format[CRYPT_FORMAT_MAX_LEN + 1];
179
181
180
	if (fd == '-') {
182
	if (fd == '-') {
181
		if (!pwd->pw_passwd || *pwd->pw_passwd != '*') {
183
		if (!pwd->pw_passwd || *pwd->pw_passwd != '*') {
Lines 221-235 pw_set_passwd(struct passwd *pwd, int fd, bool precrypted, bool update) Link Here
221
		pwd->pw_passwd = strdup(line);
223
		pwd->pw_passwd = strdup(line);
222
	} else {
224
	} else {
223
		lc = login_getpwclass(pwd);
225
		lc = login_getpwclass(pwd);
224
		if (lc == NULL ||
226
		copy_passwd_format(passwd_format, lc, sizeof(passwd_format) );
225
				login_setcryptfmt(lc, "sha512", NULL) == NULL)
226
			warn("setting crypt(3) format");
227
		login_close(lc);
227
		login_close(lc);
228
		pwd->pw_passwd = pw_pwcrypt(line);
228
		pwd->pw_passwd = pw_pwcrypt(line, passwd_format);
229
	}
229
	}
230
	return (1);
230
	return (1);
231
}
231
}
232
232
233
void
234
copy_passwd_format(char *passwd_format, login_cap_t *lc, size_t max) {
235
	const char *cap;
236
	const char *def = "sha512";
237
238
	if (lc == NULL) {
239
		warn("setting crypt(3) format");
240
		strncpy(passwd_format, def, max);
241
		return;
242
	}
243
244
245
	cap = login_getcapstr(lc, "passwd_format", def, NULL);
246
	if (cap == NULL) {
247
		warn("setting crypt(3) format");
248
		strncpy(passwd_format, def, max);
249
		return;
250
	}
251
252
	strncpy(passwd_format, cap, max);
253
	return;
254
}
255
233
static void
256
static void
234
perform_chgpwent(const char *name, struct passwd *pwd, char *nispasswd)
257
perform_chgpwent(const char *name, struct passwd *pwd, char *nispasswd)
235
{
258
{
Lines 479-502 pw_shellpolicy(struct userconf * cnf) Link Here
479
	return shell_path(cnf->shelldir, cnf->shells, cnf->shell_default);
502
	return shell_path(cnf->shelldir, cnf->shells, cnf->shell_default);
480
}
503
}
481
504
482
#define	SALTSIZE	32
505
char           *
483
506
pw_pwcrypt(const char *password, const char *format)
484
static char const chars[] = "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ./";
485
486
char *
487
pw_pwcrypt(char *password)
488
{
507
{
489
	int             i;
508
	char            salt[CRYPT_SALT_MAX_LEN + 1];
490
	char            salt[SALTSIZE + 1];
509
	size_t		salt_sz = sizeof(salt);
491
	char		*cryptpw;
510
	char		*cryptpw;
492
	static char     buf[256];
511
	static char     buf[_PASSWORD_LEN + 1];
493
512
494
	/*
513
	if (crypt_makesalt(salt, format, &salt_sz) ) {
495
	 * Calculate a salt value
514
		if (salt_sz == sizeof(salt) ) {
496
	 */
515
			errx(EX_CONFIG, "Unable to create salt for crypt(3) format: %s", format);
497
	for (i = 0; i < SALTSIZE; i++)
516
		} else {
498
		salt[i] = chars[arc4random_uniform(sizeof(chars) - 1)];
517
			/* really shouldn't get here */
499
	salt[SALTSIZE] = '\0';
518
			errx(EX_CONFIG, "Not enough space to write salt to buffer.  CRYPT_SALT_MAX_LEN is wrong.");
519
		}
520
	}
500
521
501
	cryptpw = crypt(password, salt);
522
	cryptpw = crypt(password, salt);
502
	if (cryptpw == NULL)
523
	if (cryptpw == NULL)
Lines 505-512 pw_pwcrypt(char *password) Link Here
505
}
526
}
506
527
507
static char *
528
static char *
508
pw_password(struct userconf * cnf, char const * user, bool dryrun)
529
pw_password(struct userconf * cnf,  char const * user, const char * format, bool dryrun)
509
{
530
{
531
	static char const chars[] = "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ./!@#$%^&*()-+=<>?";
510
	int             i, l;
532
	int             i, l;
511
	char            pwbuf[32];
533
	char            pwbuf[32];
512
534
Lines 539-545 pw_password(struct userconf * cnf, char const * user, bool dryrun) Link Here
539
		strlcpy(pwbuf, user, sizeof(pwbuf));
561
		strlcpy(pwbuf, user, sizeof(pwbuf));
540
		break;
562
		break;
541
	}
563
	}
542
	return pw_pwcrypt(pwbuf);
564
	return pw_pwcrypt(pwbuf, format);
543
}
565
}
544
566
545
static int
567
static int
Lines 1185-1190 pw_user_add(int argc, char **argv, char *arg1) Link Here
1185
	int rc, ch, fd = -1;
1207
	int rc, ch, fd = -1;
1186
	size_t i;
1208
	size_t i;
1187
	bool dryrun, nis, pretty, quiet, createhome, precrypted, genconf;
1209
	bool dryrun, nis, pretty, quiet, createhome, precrypted, genconf;
1210
	char passwd_format[CRYPT_FORMAT_MAX_LEN + 1];
1188
1211
1189
	dryrun = nis = pretty = quiet = createhome = precrypted = false;
1212
	dryrun = nis = pretty = quiet = createhome = precrypted = false;
1190
	genconf = false;
1213
	genconf = false;
Lines 1367-1376 pw_user_add(int argc, char **argv, char *arg1) Link Here
1367
	pwd->pw_dir = pw_homepolicy(cmdcnf, homedir, pwd->pw_name);
1390
	pwd->pw_dir = pw_homepolicy(cmdcnf, homedir, pwd->pw_name);
1368
	pwd->pw_shell = pw_shellpolicy(cmdcnf);
1391
	pwd->pw_shell = pw_shellpolicy(cmdcnf);
1369
	lc = login_getpwclass(pwd);
1392
	lc = login_getpwclass(pwd);
1370
	if (lc == NULL || login_setcryptfmt(lc, "sha512", NULL) == NULL)
1393
	copy_passwd_format(passwd_format, lc, sizeof(passwd_format));
1371
		warn("setting crypt(3) format");
1372
	login_close(lc);
1394
	login_close(lc);
1373
	pwd->pw_passwd = pw_password(cmdcnf, pwd->pw_name, dryrun);
1395
	pwd->pw_passwd = pw_password(cmdcnf, pwd->pw_name, passwd_format, dryrun);
1374
	if (pwd->pw_uid == 0 && strcmp(pwd->pw_name, "root") != 0)
1396
	if (pwd->pw_uid == 0 && strcmp(pwd->pw_name, "root") != 0)
1375
		warnx("WARNING: new account `%s' has a uid of 0 "
1397
		warnx("WARNING: new account `%s' has a uid of 0 "
1376
		    "(superuser access!)", pwd->pw_name);
1398
		    "(superuser access!)", pwd->pw_name);
Lines 1497-1502 pw_user_mod(int argc, char **argv, char *arg1) Link Here
1497
	bool precrypted;
1519
	bool precrypted;
1498
	mode_t homemode = 0;
1520
	mode_t homemode = 0;
1499
	time_t expire_days, password_days, now;
1521
	time_t expire_days, password_days, now;
1522
	char passwd_format[CRYPT_FORMAT_MAX_LEN + 1];
1500
1523
1501
	expire_days = password_days = -1;
1524
	expire_days = password_days = -1;
1502
	gecos = homedir = grname = name = newname = skel = shell =NULL;
1525
	gecos = homedir = grname = name = newname = skel = shell =NULL;
Lines 1714-1725 pw_user_mod(int argc, char **argv, char *arg1) Link Here
1714
1737
1715
	if (passwd && conf.fd == -1) {
1738
	if (passwd && conf.fd == -1) {
1716
		lc = login_getpwclass(pwd);
1739
		lc = login_getpwclass(pwd);
1717
		if (lc == NULL || login_setcryptfmt(lc, "sha512", NULL) == NULL)
1740
		copy_passwd_format(passwd_format, lc, sizeof(passwd_format) );
1718
			warn("setting crypt(3) format");
1719
		login_close(lc);
1741
		login_close(lc);
1720
		cnf->default_password = passwd_val(passwd,
1742
		cnf->default_password = passwd_val(passwd,
1721
		    cnf->default_password);
1743
		    cnf->default_password);
1722
		pwd->pw_passwd = pw_password(cnf, pwd->pw_name, dryrun);
1744
		pwd->pw_passwd = pw_password(cnf, pwd->pw_name, passwd_format, dryrun);
1723
		edited = true;
1745
		edited = true;
1724
	}
1746
	}
1725
1747

Return to bug 182518