about summary refs log tree commit diff
path: root/crypt/crypt.h
Commit message (Collapse)AuthorAgeFilesLines
* Update copyright dates with scripts/update-copyrights.Joseph Myers2019-01-011-1/+1
| | | | | | | * All files with FSF copyright notices: Update copyright dates using scripts/update-copyrights. * locale/programs/charmap-kw.h: Regenerated. * locale/programs/locfile-kw.h: Likewise.
* manual: Revise crypt.texi.Zack Weinberg2018-06-291-5/+16
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This is a major rewrite of the description of 'crypt', 'getentropy', and 'getrandom'. A few highlights of the content changes: - Throughout the manual, public headers, and user-visible messages, I replaced the term "password" with "passphrase", the term "password database" with "user database", and the term "encrypt(ion)" with "(one-way) hashing" whenever it was applied to passphrases. I didn't bother making this change in internal code or tests. The use of the term "password" in ruserpass.c survives, because that refers to a keyword in netrc files, but it is adjusted to make this clearer. There is a note in crypt.texi explaining that they were traditionally called passwords but single words are not good enough anymore, and a note in users.texi explaining that actual passphrase hashes are found in a "shadow" database nowadays. - There is a new short introduction to the "Cryptographic Functions" section, explaining how we do not intend to be a general-purpose cryptography library, and cautioning that there _are_, or have been, legal restrictions on the use of cryptography in many countries, without getting into any kind of detail that we can't promise to keep up to date. - I added more detail about what a "one-way function" is, and why they are used to obscure passphrases for storage. I removed the paragraph saying that systems not connected to a network need no user authentication, because that's a pretty rare situation nowadays. (It still says "sometimes it is necessary" to authenticate the user, though.) - I added documentation for all of the hash functions that glibc actually supports, but not for the additional hash functions supported by libxcrypt. If we're going to keep this manual section around after the transition is more advanced, it would probably make sense to add them then. - There is much more detailed discussion of how to generate a salt, and the failure behavior for crypt is documented. (Returning an invalid hash on failure is what libxcrypt does; Solar Designer's notes say that this was done "for compatibility with old programs that assume crypt can never fail".) - As far as I can tell, the header 'crypt.h' is entirely a GNU invention, and never existed on any other Unix lineage. The function 'crypt', however, was in Issue 1 of the SVID and is now in the XSI component of POSIX. I tried to make all of the @standards annotations consistent with this, but I'm not sure I got them perfectly right. - The genpass.c example has been improved to use getentropy instead of the current time to generate the salt, and to use a SHA-256 hash instead of MD5. It uses more random bytes than is strictly necessary because I didn't want to complicate the code with proper base64 encoding. - The testpass.c example has three hardwired hashes now, to demonstrate that different one-way functions produce different hashes for the same input. It also demonstrates how DES hashing only pays attention to the first eight characters of the input. - There is new text explaining in more detail how a CSPRNG differs from a regular random number generator, and how getentropy/getrandom are not exactly a CSPRNG. I tried not to make specific falsifiable claims here. I also tried to make the blocking/cancellation/error behavior of both getentropy and getrandom clearer.
* Disallow use of DES encryption functions in new programs.Zack Weinberg2018-06-291-17/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | The functions encrypt, setkey, encrypt_r, setkey_r, cbc_crypt, ecb_crypt, and des_setparity should not be used in new programs, because they use the DES block cipher, which is unacceptably weak by modern standards. Demote all of them to compatibility symbols, and remove their prototypes from installed headers. cbc_crypt, ecb_crypt, and des_setparity were already compat symbols when glibc was configured with --disable-obsolete-rpc. POSIX requires encrypt and setkey to be available when _XOPEN_CRYPT is defined, so this change also removes the definition of X_OPEN_CRYPT from <unistd.h>. The entire "DES Encryption" section is dropped from the manual, as is the mention of AUTH_DES and FIPS 140-2 in the introduction to crypt.texi. The documentation of 'memfrob' cross-referenced the DES Encryption section, which is replaced by a hyperlink to libgcrypt, and while I was in there I spruced up the actual documentation of 'memfrob' and 'strfry' a little. It's still fairly jokey, because those functions _are_ jokes, but they do also have real use cases, so people trying to use them for real should have all the information they need. DES-based authentication for Sun RPC is also insecure and should be deprecated or even removed, but maybe that can be left as TI-RPC's problem.
* Update copyright dates with scripts/update-copyrights.Joseph Myers2018-01-011-1/+1
| | | | | | | * All files with FSF copyright notices: Update copyright dates using scripts/update-copyrights. * locale/programs/charmap-kw.h: Regenerated. * locale/programs/locfile-kw.h: Likewise.
* Update copyright dates with scripts/update-copyrights.Joseph Myers2017-01-011-1/+1
|
* Update copyright dates with scripts/update-copyrights.Joseph Myers2016-01-041-1/+1
|
* Update copyright dates with scripts/update-copyrights.Joseph Myers2015-01-021-1/+1
|
* Update copyright notices with scripts/update-copyrightsAllan McRae2014-01-011-1/+1
|
* Use __glibc_block in public headers.Meador Inge2013-11-211-2/+3
| | | | | | | | | | | | As detailed in PR11157, the use of '__block' is known to interfere with keywords in some environments, such as the Clang -fblocks extension. Recently a similar issue was raised concerning the use of '__unused' and a '__glibc' prefix was proposed to create a glibc implementation namespace for these sorts of issues [1]. This patches takes that approach. [1] https://sourceware.org/ml/libc-alpha/2012-02/msg00047.html [2] http://lists.debian.org/debian-glibc/2013/11/msg00020.html
* Update copyright notices with scripts/update-copyrights.Joseph Myers2013-01-021-2/+1
|
* Replace FSF snail mail address with URLs.Paul Eggert2012-02-091-3/+2
|
* Remove pre-ISO C supportUlrich Drepper2012-01-071-5/+6
| | | | No more __const.
* Update.Ulrich Drepper2004-09-171-7/+11
| | | | | | * catgets/nl_types.h: Likewise. * crypt/crypt.h: Likewise. * debug/execinfo.h: Likewise.
* * COPYING: Fix Y2k bug in sample copyright notices.Andreas Jaeger2001-07-061-9/+9
| | | | | | * manual/lesser.texi: Renamed from manual/lgpl.texinfo, as fsf.org uses the name "lesser.texi". * manual/Makefile (texis): Follow rename.
* Update.Andreas Jaeger2000-09-221-6/+6
| | | | | | | 2000-09-22 Jakub Jelinek <jakub@redhat.com> * crypt/crypt.h (crypt, setkey, encrypt): Add __THROW. (crypt_r, setkey_r, encrypt_r): Likewise.
* * Makeconfig (rpath-dirs): Add crypt. Geoff Keating2000-03-041-0/+71
(all-subdirs): Remove md5crypt. * crypt/sysdeps/unix/crypt.c: Move to crypt/. * crypt/sysdeps/unix/crypt-entry.c: Move to crypt/. * sysdeps/generic/crypt-entry.c: Delete. * crypt/sysdeps/unix/crypt.h: Move to crypt/. * sysdeps/generic/crypt.h: Delete. * crypt/sysdeps/unix/crypt-private.h: Move to crypt/. * crypt/sysdeps/unix/crypt_util.c: Move to crypt/. * crypt/sysdeps/unix/des_impl.c: Move to sunrpc/. * sysdeps/generic/des_impl.c: Delete. * crypt/sysdeps/unix/ufc-crypt.h: Move to crypt/. * crypt/sysdeps: Delete. * crypt/crypt_util.c: Don't use `patchlevel.h'. * md5-crypt/Versions: Move to crypt/. * md5-crypt/md5-crypt.c: Move to crypt/. * md5-crypt/md5.c: Move to crypt/. * md5-crypt/md5c-test.c: Move to crypt/. * md5-crypt/md5test.c: Move to crypt/. * md5-crypt: Delete. * crypt/Makefile: Adjust for new structure. 2000-03-03 Geoff Keating <geoffk@cygnus.com> * Makeconfig (rpath-dirs): Add crypt. (all-subdirs): Remove md5crypt. * crypt/sysdeps/unix/crypt.c: Move to crypt/. * crypt/sysdeps/unix/crypt-entry.c: Move to crypt/. * sysdeps/generic/crypt-entry.c: Delete. * crypt/sysdeps/unix/crypt.h: Move to crypt/. * sysdeps/generic/crypt.h: Delete. * crypt/sysdeps/unix/crypt-private.h: Move to crypt/. * crypt/sysdeps/unix/crypt_util.c: Move to crypt/. * crypt/sysdeps/unix/des_impl.c: Move to sunrpc/. * sysdeps/generic/des_impl.c: Delete. * crypt/sysdeps/unix/ufc-crypt.h: Move to crypt/. * crypt/sysdeps: Delete. * crypt/crypt_util.c: Don't use `patchlevel.h'. * md5-crypt/Versions: Move to crypt/. * md5-crypt/md5-crypt.c: Move to crypt/. * md5-crypt/md5.c: Move to crypt/. * md5-crypt/md5c-test.c: Move to crypt/. * md5-crypt/md5test.c: Move to crypt/. * md5-crypt: Delete. * crypt/Makefile: Adjust for new structure.