emo/shadow
1
0
Fork 0
Code Issues Pull Requests Packages Releases Activity
2f0d14eb21
shadow/libmisc/salt.c

424 lines
11 KiB
C
Raw Normal View History

[svn-upgrade] Integrating new upstream version, shadow (19990709)
2007-10-07 17:14:02 +05:30
/*
* salt.c - generate a random salt string for crypt()
*
* Written by Marek Michalkiewicz <marekm@i17linuxb.ists.pwr.wroc.pl>,
Make sure every source files are distributed with a copyright and license. Files with no license use the default 3-clauses BSD license. The copyright were mostly not recorded; they were updated according to the Changelog. "Julianne Frances Haugh and contributors" changed to "copyright holders and contributors".
2008-04-27 06:10:09 +05:30
* it is in the public domain.
Add support for uClibc with no l64a().
2007-11-16 18:06:21 +05:30
*
* l64a was Written by J.T. Conklin <jtc@netbsd.org>. Public domain.
[svn-upgrade] Integrating new upstream version, shadow (19990709)
2007-10-07 17:14:02 +05:30
*/
#include <config.h>
Added the subversion svn:keywords property (Id) for proper identification.
2007-11-11 05:16:11 +05:30
#ident "$Id$"
[svn-upgrade] Integrating new upstream version, shadow (4.0.13)
2007-10-07 17:17:01 +05:30
[svn-upgrade] Integrating new upstream version, shadow (4.0.8)
2007-10-07 17:16:07 +05:30
#include <sys/time.h>
libmisc/salt.c: Sanitize code. * Move all pre-processor defines to the top of the file. * Unify the gensalt() function to be useable for all supported hash methods. * Drop the gensalt_{b,yes}crypt() functions in favor of the previous change. * Refactor the functions converting the rounds number into a string for use with the crypt() function, to not require any static buffer anymore. * Clarify the comment about how crypt_make_salt() chooses the used hash method from the settings in the login.defs file. * Use memset() to fill static buffers with zero before using them. * Use a fixed amount of 16 random base64-chars for the sha{256,512}crypt hash methods, which is effectively still less than the recommendation from NIST (>= 128 bits), but the maximum those methods can effectively use (approx. 90 bits). * Rename ROUNDS_{MIN,MAX} to SHA_ROUNDS_{MIN,MAX}. * Bugfixes in the logic of setting rounds in BCRYPT_salt_rounds(). * Likewise for YESCRYPT_salt_cost(). * Fix formatting and white-space errors. Signed-off-by: Björn Esser <besser82@fedoraproject.org>
2021-06-15 02:58:28 +05:30
#include <string.h>
[svn-upgrade] Integrating new upstream version, shadow (4.0.8)
2007-10-07 17:16:07 +05:30
#include <stdlib.h>
Fix build failures with --disable-shadowgrp. Thanks to Jürgen Daubert for the patch. * libmisc/salt.c: Include <stdio.h>, needed for stderr and printf functions. * lib/encrypt.c: Include <stdio.h>, needed for perror, stderr and printf functions * src/usermod.c: sgr_locked exists only if SHADOWGRP is defined. * src/chgpasswd.c: Only check is the gshadow file exists if SHADOWGRP is defined.
2008-01-26 23:11:20 +05:30
#include <stdio.h>
Applied patch shadow-utils-4.0.18.2-salt.patch. Thanks to Dan Kopecek <dkopecek@redhat.com>
2007-11-24 02:21:43 +05:30
#include <assert.h>
[svn-upgrade] Integrating new upstream version, shadow (19990709)
2007-10-07 17:14:02 +05:30
#include "prototypes.h"
#include "defines.h"
#include "getdef.h"
Add support for uClibc with no l64a().
2007-11-16 18:06:21 +05:30
libmisc/salt.c: Sanitize code. * Move all pre-processor defines to the top of the file. * Unify the gensalt() function to be useable for all supported hash methods. * Drop the gensalt_{b,yes}crypt() functions in favor of the previous change. * Refactor the functions converting the rounds number into a string for use with the crypt() function, to not require any static buffer anymore. * Clarify the comment about how crypt_make_salt() chooses the used hash method from the settings in the login.defs file. * Use memset() to fill static buffers with zero before using them. * Use a fixed amount of 16 random base64-chars for the sha{256,512}crypt hash methods, which is effectively still less than the recommendation from NIST (>= 128 bits), but the maximum those methods can effectively use (approx. 90 bits). * Rename ROUNDS_{MIN,MAX} to SHA_ROUNDS_{MIN,MAX}. * Bugfixes in the logic of setting rounds in BCRYPT_salt_rounds(). * Likewise for YESCRYPT_salt_cost(). * Fix formatting and white-space errors. Signed-off-by: Björn Esser <besser82@fedoraproject.org>
2021-06-15 02:58:28 +05:30
/* Add the salt prefix. */
#define MAGNUM(array,ch) (array)[0]=(array)[2]='$',(array)[1]=(ch),(array)[3]='\0'
#ifdef USE_BCRYPT
/* Use $2b$ as prefix for compatibility with OpenBSD's bcrypt. */
#define BCRYPTMAGNUM(array) (array)[0]=(array)[3]='$',(array)[1]='2',(array)[2]='b',(array)[4]='\0'
#define BCRYPT_SALT_SIZE 22
/* Default number of rounds if not explicitly specified. */
#define B_ROUNDS_DEFAULT 13
/* Minimum number of rounds. */
#define B_ROUNDS_MIN 4
/* Maximum number of rounds. */
#define B_ROUNDS_MAX 31
#endif /* USE_BCRYPT */
#ifdef USE_SHA_CRYPT
/* Fixed salt len for sha{256,512}crypt. */
#define SHA_CRYPT_SALT_SIZE 16
/* Default number of rounds if not explicitly specified. */
#define SHA_ROUNDS_DEFAULT 5000
/* Minimum number of rounds. */
#define SHA_ROUNDS_MIN 1000
/* Maximum number of rounds. */
#define SHA_ROUNDS_MAX 999999999
#endif
#ifdef USE_YESCRYPT
/*
* Default number of base64 characters used for the salt.
* 24 characters gives a 144 bits (18 bytes) salt. Unlike the more
* traditional 128 bits (16 bytes) salt, this 144 bits salt is always
* represented by the same number of base64 characters without padding
* issue, even with a non-standard base64 encoding scheme.
*/
#define YESCRYPT_SALT_SIZE 24
/* Default cost if not explicitly specified. */
#define Y_COST_DEFAULT 5
/* Minimum cost. */
#define Y_COST_MIN 1
/* Maximum cost. */
#define Y_COST_MAX 11
#endif
/* Fixed salt len for md5crypt. */
#define MD5_CRYPT_SALT_SIZE 8
/* Generate salt of size salt_size. */
#define MAX_SALT_SIZE 44
#define MIN_SALT_SIZE 8
/* Maximum size of the generated salt string. */
#define GENSALT_SETTING_SIZE 100
* libmisc/salt.c: Add prototype for l64a(), gensalt(), SHA_salt_size(), and SHA_salt_rounds(). * libmisc/salt.c: l64a() and gensalt() are static. * libmisc/salt.c: The `meth' parameter of crypt_make_salt() is a const. (ditto for the method variable). * libmisc/salt.c: SHA_salt_rounds returns a const string. * libmisc/salt.c: Avoid warnings with cast of random() to double. * libmisc/salt.c: Replace rand() by random().
2008-01-06 20:20:26 +05:30
/* local function prototypes */
Do not seed the random number generator each time, and use the time in microseconds to avoid having the same salt for different passwords generated in the same second. This permits to avoid using the same salt for different passwords in newusers.
2008-02-03 22:53:58 +05:30
static void seedRNG (void);
* libmisc/xgetXXbyYY.c, libmisc/myname.c, libmisc/getgr_nam_gid.c, libmisc/salt.c, libmisc/list.c, libmisc/cleanup.c, src/login.c, lib/getdef.h, lib/groupio.c, lib/getlong.c, lib/gshadow_.h, lib/sgroupio.c, lib/shadowio.c, lib/pwio.c, lib/commonio.h, lib/fputsx.c, lib/prototypes.h: Added splint annotations. * lib/groupio.c: Avoid implicit conversion of pointers to booleans. * lib/groupio.c: Free allocated buffers in case of failure.
2009-04-23 15:27:03 +05:30
static /*@observer@*/const char *gensalt (size_t salt_size);
Initial bcrypt support
2019-09-17 00:24:56 +05:30
#if defined(USE_SHA_CRYPT) || defined(USE_BCRYPT)
(shadow_random): Use long instead of size_t. * libmisc/salt.c (shadow_random): Use long instead of size_t. Compatibility with size_t is easier to check since it's used for smaller numbers (salt size).
2013-08-13 22:46:24 +05:30
static long shadow_random (long min, long max);
Initial bcrypt support
2019-09-17 00:24:56 +05:30
#endif /* USE_SHA_CRYPT || USE_BCRYPT */
#ifdef USE_SHA_CRYPT
libmisc/salt.c: Sanitize code. * Move all pre-processor defines to the top of the file. * Unify the gensalt() function to be useable for all supported hash methods. * Drop the gensalt_{b,yes}crypt() functions in favor of the previous change. * Refactor the functions converting the rounds number into a string for use with the crypt() function, to not require any static buffer anymore. * Clarify the comment about how crypt_make_salt() chooses the used hash method from the settings in the login.defs file. * Use memset() to fill static buffers with zero before using them. * Use a fixed amount of 16 random base64-chars for the sha{256,512}crypt hash methods, which is effectively still less than the recommendation from NIST (>= 128 bits), but the maximum those methods can effectively use (approx. 90 bits). * Rename ROUNDS_{MIN,MAX} to SHA_ROUNDS_{MIN,MAX}. * Bugfixes in the logic of setting rounds in BCRYPT_salt_rounds(). * Likewise for YESCRYPT_salt_cost(). * Fix formatting and white-space errors. Signed-off-by: Björn Esser <besser82@fedoraproject.org>
2021-06-15 02:58:28 +05:30
static /*@observer@*/void SHA_salt_rounds_to_buf (char *buf, /*@null@*/int *prefered_rounds);
Document the sections closed by #endif
2008-05-20 02:26:48 +05:30
#endif /* USE_SHA_CRYPT */
Initial bcrypt support
2019-09-17 00:24:56 +05:30
#ifdef USE_BCRYPT
libmisc/salt.c: Sanitize code. * Move all pre-processor defines to the top of the file. * Unify the gensalt() function to be useable for all supported hash methods. * Drop the gensalt_{b,yes}crypt() functions in favor of the previous change. * Refactor the functions converting the rounds number into a string for use with the crypt() function, to not require any static buffer anymore. * Clarify the comment about how crypt_make_salt() chooses the used hash method from the settings in the login.defs file. * Use memset() to fill static buffers with zero before using them. * Use a fixed amount of 16 random base64-chars for the sha{256,512}crypt hash methods, which is effectively still less than the recommendation from NIST (>= 128 bits), but the maximum those methods can effectively use (approx. 90 bits). * Rename ROUNDS_{MIN,MAX} to SHA_ROUNDS_{MIN,MAX}. * Bugfixes in the logic of setting rounds in BCRYPT_salt_rounds(). * Likewise for YESCRYPT_salt_cost(). * Fix formatting and white-space errors. Signed-off-by: Björn Esser <besser82@fedoraproject.org>
2021-06-15 02:58:28 +05:30
static /*@observer@*/void BCRYPT_salt_rounds_to_buf (char *buf, /*@null@*/int *prefered_rounds);
Initial bcrypt support
2019-09-17 00:24:56 +05:30
#endif /* USE_BCRYPT */
Add yescrypt support
2020-12-28 01:39:25 +05:30
#ifdef USE_YESCRYPT
libmisc/salt.c: Sanitize code. * Move all pre-processor defines to the top of the file. * Unify the gensalt() function to be useable for all supported hash methods. * Drop the gensalt_{b,yes}crypt() functions in favor of the previous change. * Refactor the functions converting the rounds number into a string for use with the crypt() function, to not require any static buffer anymore. * Clarify the comment about how crypt_make_salt() chooses the used hash method from the settings in the login.defs file. * Use memset() to fill static buffers with zero before using them. * Use a fixed amount of 16 random base64-chars for the sha{256,512}crypt hash methods, which is effectively still less than the recommendation from NIST (>= 128 bits), but the maximum those methods can effectively use (approx. 90 bits). * Rename ROUNDS_{MIN,MAX} to SHA_ROUNDS_{MIN,MAX}. * Bugfixes in the logic of setting rounds in BCRYPT_salt_rounds(). * Likewise for YESCRYPT_salt_cost(). * Fix formatting and white-space errors. Signed-off-by: Björn Esser <besser82@fedoraproject.org>
2021-06-15 02:58:28 +05:30
static /*@observer@*/void YESCRYPT_salt_cost_to_buf (char *buf, /*@null@*/int *prefered_cost);
Add yescrypt support
2020-12-28 01:39:25 +05:30
#endif /* USE_YESCRYPT */
* libmisc/salt.c: Add prototype for l64a(), gensalt(), SHA_salt_size(), and SHA_salt_rounds(). * libmisc/salt.c: l64a() and gensalt() are static. * libmisc/salt.c: The `meth' parameter of crypt_make_salt() is a const. (ditto for the method variable). * libmisc/salt.c: SHA_salt_rounds returns a const string. * libmisc/salt.c: Avoid warnings with cast of random() to double. * libmisc/salt.c: Replace rand() by random().
2008-01-06 20:20:26 +05:30
#ifndef HAVE_L64A
libmisc/salt.c: Sanitize code. * Move all pre-processor defines to the top of the file. * Unify the gensalt() function to be useable for all supported hash methods. * Drop the gensalt_{b,yes}crypt() functions in favor of the previous change. * Refactor the functions converting the rounds number into a string for use with the crypt() function, to not require any static buffer anymore. * Clarify the comment about how crypt_make_salt() chooses the used hash method from the settings in the login.defs file. * Use memset() to fill static buffers with zero before using them. * Use a fixed amount of 16 random base64-chars for the sha{256,512}crypt hash methods, which is effectively still less than the recommendation from NIST (>= 128 bits), but the maximum those methods can effectively use (approx. 90 bits). * Rename ROUNDS_{MIN,MAX} to SHA_ROUNDS_{MIN,MAX}. * Bugfixes in the logic of setting rounds in BCRYPT_salt_rounds(). * Likewise for YESCRYPT_salt_cost(). * Fix formatting and white-space errors. Signed-off-by: Björn Esser <besser82@fedoraproject.org>
2021-06-15 02:58:28 +05:30
static /*@observer@*/char *l64a (long value)
Add support for uClibc with no l64a().
2007-11-16 18:06:21 +05:30
{
static char buf[8];
char *s = buf;
int digit;
int i;
if (value < 0) {
errno = EINVAL;
return(NULL);
}
for (i = 0; value != 0 && i < 6; i++) {
digit = value & 0x3f;
* libmisc/salt.c: Use a size_t for the size of strings instead of unsigned int. * libmisc/salt.c: Add brackets and parenthesis. * libmisc/salt.c: Avoid assignments in comparisons.
2008-06-14 01:07:15 +05:30
if (digit < 2) {
Add support for uClibc with no l64a().
2007-11-16 18:06:21 +05:30
*s = digit + '.';
* libmisc/salt.c: Use a size_t for the size of strings instead of unsigned int. * libmisc/salt.c: Add brackets and parenthesis. * libmisc/salt.c: Avoid assignments in comparisons.
2008-06-14 01:07:15 +05:30
} else if (digit < 12) {
Add support for uClibc with no l64a().
2007-11-16 18:06:21 +05:30
*s = digit + '0' - 2;
* libmisc/salt.c: Use a size_t for the size of strings instead of unsigned int. * libmisc/salt.c: Add brackets and parenthesis. * libmisc/salt.c: Avoid assignments in comparisons.
2008-06-14 01:07:15 +05:30
} else if (digit < 38) {
Add support for uClibc with no l64a().
2007-11-16 18:06:21 +05:30
*s = digit + 'A' - 12;
* libmisc/salt.c: Use a size_t for the size of strings instead of unsigned int. * libmisc/salt.c: Add brackets and parenthesis. * libmisc/salt.c: Avoid assignments in comparisons.
2008-06-14 01:07:15 +05:30
} else {
Add support for uClibc with no l64a().
2007-11-16 18:06:21 +05:30
*s = digit + 'a' - 38;
* libmisc/salt.c: Use a size_t for the size of strings instead of unsigned int. * libmisc/salt.c: Add brackets and parenthesis. * libmisc/salt.c: Avoid assignments in comparisons.
2008-06-14 01:07:15 +05:30
}
Add support for uClibc with no l64a().
2007-11-16 18:06:21 +05:30
value >>= 6;
s++;
}
*s = '\0';
libmisc/salt.c: Sanitize code. * Move all pre-processor defines to the top of the file. * Unify the gensalt() function to be useable for all supported hash methods. * Drop the gensalt_{b,yes}crypt() functions in favor of the previous change. * Refactor the functions converting the rounds number into a string for use with the crypt() function, to not require any static buffer anymore. * Clarify the comment about how crypt_make_salt() chooses the used hash method from the settings in the login.defs file. * Use memset() to fill static buffers with zero before using them. * Use a fixed amount of 16 random base64-chars for the sha{256,512}crypt hash methods, which is effectively still less than the recommendation from NIST (>= 128 bits), but the maximum those methods can effectively use (approx. 90 bits). * Rename ROUNDS_{MIN,MAX} to SHA_ROUNDS_{MIN,MAX}. * Bugfixes in the logic of setting rounds in BCRYPT_salt_rounds(). * Likewise for YESCRYPT_salt_cost(). * Fix formatting and white-space errors. Signed-off-by: Björn Esser <besser82@fedoraproject.org>
2021-06-15 02:58:28 +05:30
return buf;
Add support for uClibc with no l64a().
2007-11-16 18:06:21 +05:30
}
#endif /* !HAVE_L64A */
Do not seed the random number generator each time, and use the time in microseconds to avoid having the same salt for different passwords generated in the same second. This permits to avoid using the same salt for different passwords in newusers.
2008-02-03 22:53:58 +05:30
static void seedRNG (void)
{
struct timeval tv;
static int seeded = 0;
if (0 == seeded) {
* libmisc/salt.c: In case gettimeofday() fails, get some entropy from the PID.
2009-04-25 04:19:20 +05:30
(void) gettimeofday (&tv, NULL);
srandom (tv.tv_sec ^ tv.tv_usec ^ getpid ());
Do not seed the random number generator each time, and use the time in microseconds to avoid having the same salt for different passwords generated in the same second. This permits to avoid using the same salt for different passwords in newusers.
2008-02-03 22:53:58 +05:30
seeded = 1;
}
}
Initial bcrypt support
2019-09-17 00:24:56 +05:30
#if defined(USE_SHA_CRYPT) || defined(USE_BCRYPT)
Debian bug 677275 - random() max value * libmisc/salt.c: random() max value is 2^31-1 (same as RAND_MAX on GNU). As it is not clear whether on some systems the max value can exceed this number and whether some systems have max values which would be lower, we take this into account when defining the salt size and number of rounds for SHA encrypted passwords. Higher values are favored.
2013-08-05 17:49:23 +05:30
/* It is not clear what is the maximum value of random().
* We assume 2^31-1.*/
#define RANDOM_MAX 0x7FFFFFFF
* libmisc/salt.c: The salt has a random size (between 8 and 16 bytes). * lib/getdef.c, etc/login.defs: Add definitions for SHA_CRYPT_MIN_ROUNDS and SHA_CRYPT_MAX_ROUNDS. * libmisc/salt.c: Use SHA_CRYPT_MIN_ROUNDS and SHA_CRYPT_MAX_ROUNDS to add a random number of rounds if needed.
2007-11-20 05:35:54 +05:30
/*
Debian bug 677275 - random() max value * libmisc/salt.c: random() max value is 2^31-1 (same as RAND_MAX on GNU). As it is not clear whether on some systems the max value can exceed this number and whether some systems have max values which would be lower, we take this into account when defining the salt size and number of rounds for SHA encrypted passwords. Higher values are favored.
2013-08-05 17:49:23 +05:30
* Return a random number between min and max (both included).
*
* It favors slightly the higher numbers.
* libmisc/salt.c: The salt has a random size (between 8 and 16 bytes). * lib/getdef.c, etc/login.defs: Add definitions for SHA_CRYPT_MIN_ROUNDS and SHA_CRYPT_MAX_ROUNDS. * libmisc/salt.c: Use SHA_CRYPT_MIN_ROUNDS and SHA_CRYPT_MAX_ROUNDS to add a random number of rounds if needed.
2007-11-20 05:35:54 +05:30
*/
(shadow_random): Use long instead of size_t. * libmisc/salt.c (shadow_random): Use long instead of size_t. Compatibility with size_t is easier to check since it's used for smaller numbers (salt size).
2013-08-13 22:46:24 +05:30
static long shadow_random (long min, long max)
* libmisc/salt.c: The salt has a random size (between 8 and 16 bytes). * lib/getdef.c, etc/login.defs: Add definitions for SHA_CRYPT_MIN_ROUNDS and SHA_CRYPT_MAX_ROUNDS. * libmisc/salt.c: Use SHA_CRYPT_MIN_ROUNDS and SHA_CRYPT_MAX_ROUNDS to add a random number of rounds if needed.
2007-11-20 05:35:54 +05:30
{
Debian bug 677275 - random() max value * libmisc/salt.c: random() max value is 2^31-1 (same as RAND_MAX on GNU). As it is not clear whether on some systems the max value can exceed this number and whether some systems have max values which would be lower, we take this into account when defining the salt size and number of rounds for SHA encrypted passwords. Higher values are favored.
2013-08-05 17:49:23 +05:30
double drand;
(shadow_random): Use long instead of size_t. * libmisc/salt.c (shadow_random): Use long instead of size_t. Compatibility with size_t is easier to check since it's used for smaller numbers (salt size).
2013-08-13 22:46:24 +05:30
long ret;
*** security: - generation of SHA encrypted passwords (chpasswd, gpasswd, newusers, chgpasswd; and also passwd if configured without PAM support). The number of rounds and number of salt bytes was fixed to their lower allowed values (resp. configurable and 8), hence voiding some of the advantages of this encryption method. Dictionary attacks with precomputed tables were easier than expected, but still harder than with the MD5 (or DES) methods. * NEWS, libmisc/salt.c (SHA_salt_size): Seed the RNG, and fix a overflow. These caused the SHA salt size to always be 8 bytes, instead of being in the 8-16 range. Thanks to Peter Vrabec pvrabec@redhat.com for noticing. * NEWS, libmisc/salt.c (SHA_salt_rounds): Seed the RNG with seedRNG instead of srand, and fix the same overflow. This caused the number of rounds to always be the smallest one.
2008-05-20 19:04:06 +05:30
seedRNG ();
Debian bug 677275 - random() max value * libmisc/salt.c: random() max value is 2^31-1 (same as RAND_MAX on GNU). As it is not clear whether on some systems the max value can exceed this number and whether some systems have max values which would be lower, we take this into account when defining the salt size and number of rounds for SHA encrypted passwords. Higher values are favored.
2013-08-05 17:49:23 +05:30
drand = (double) (max - min + 1) * random () / RANDOM_MAX;
/* On systems were this is not random() range is lower, we favor
* higher numbers of salt. */
(shadow_random): Use long instead of size_t. * libmisc/salt.c (shadow_random): Use long instead of size_t. Compatibility with size_t is easier to check since it's used for smaller numbers (salt size).
2013-08-13 22:46:24 +05:30
ret = (long) (max + 1 - drand);
Debian bug 677275 - random() max value * libmisc/salt.c: random() max value is 2^31-1 (same as RAND_MAX on GNU). As it is not clear whether on some systems the max value can exceed this number and whether some systems have max values which would be lower, we take this into account when defining the salt size and number of rounds for SHA encrypted passwords. Higher values are favored.
2013-08-05 17:49:23 +05:30
/* And we catch limits, and use the highest number */
if ((ret < min) || (ret > max)) {
ret = max;
}
return ret;
* libmisc/salt.c: The salt has a random size (between 8 and 16 bytes). * lib/getdef.c, etc/login.defs: Add definitions for SHA_CRYPT_MIN_ROUNDS and SHA_CRYPT_MAX_ROUNDS. * libmisc/salt.c: Use SHA_CRYPT_MIN_ROUNDS and SHA_CRYPT_MAX_ROUNDS to add a random number of rounds if needed.
2007-11-20 05:35:54 +05:30
}
Initial bcrypt support
2019-09-17 00:24:56 +05:30
#endif /* USE_SHA_CRYPT || USE_BCRYPT */
* libmisc/salt.c: The salt has a random size (between 8 and 16 bytes). * lib/getdef.c, etc/login.defs: Add definitions for SHA_CRYPT_MIN_ROUNDS and SHA_CRYPT_MAX_ROUNDS. * libmisc/salt.c: Use SHA_CRYPT_MIN_ROUNDS and SHA_CRYPT_MAX_ROUNDS to add a random number of rounds if needed.
2007-11-20 05:35:54 +05:30
Initial bcrypt support
2019-09-17 00:24:56 +05:30
#ifdef USE_SHA_CRYPT
* libmisc/salt.c: The salt has a random size (between 8 and 16 bytes). * lib/getdef.c, etc/login.defs: Add definitions for SHA_CRYPT_MIN_ROUNDS and SHA_CRYPT_MAX_ROUNDS. * libmisc/salt.c: Use SHA_CRYPT_MIN_ROUNDS and SHA_CRYPT_MAX_ROUNDS to add a random number of rounds if needed.
2007-11-20 05:35:54 +05:30
/*
libmisc/salt.c: Sanitize code. * Move all pre-processor defines to the top of the file. * Unify the gensalt() function to be useable for all supported hash methods. * Drop the gensalt_{b,yes}crypt() functions in favor of the previous change. * Refactor the functions converting the rounds number into a string for use with the crypt() function, to not require any static buffer anymore. * Clarify the comment about how crypt_make_salt() chooses the used hash method from the settings in the login.defs file. * Use memset() to fill static buffers with zero before using them. * Use a fixed amount of 16 random base64-chars for the sha{256,512}crypt hash methods, which is effectively still less than the recommendation from NIST (>= 128 bits), but the maximum those methods can effectively use (approx. 90 bits). * Rename ROUNDS_{MIN,MAX} to SHA_ROUNDS_{MIN,MAX}. * Bugfixes in the logic of setting rounds in BCRYPT_salt_rounds(). * Likewise for YESCRYPT_salt_cost(). * Fix formatting and white-space errors. Signed-off-by: Björn Esser <besser82@fedoraproject.org>
2021-06-15 02:58:28 +05:30
* Fill a salt prefix specifying the rounds number for the SHA crypt methods
* to a buffer.
* libmisc/salt.c: The salt has a random size (between 8 and 16 bytes). * lib/getdef.c, etc/login.defs: Add definitions for SHA_CRYPT_MIN_ROUNDS and SHA_CRYPT_MAX_ROUNDS. * libmisc/salt.c: Use SHA_CRYPT_MIN_ROUNDS and SHA_CRYPT_MAX_ROUNDS to add a random number of rounds if needed.
2007-11-20 05:35:54 +05:30
*/
libmisc/salt.c: Sanitize code. * Move all pre-processor defines to the top of the file. * Unify the gensalt() function to be useable for all supported hash methods. * Drop the gensalt_{b,yes}crypt() functions in favor of the previous change. * Refactor the functions converting the rounds number into a string for use with the crypt() function, to not require any static buffer anymore. * Clarify the comment about how crypt_make_salt() chooses the used hash method from the settings in the login.defs file. * Use memset() to fill static buffers with zero before using them. * Use a fixed amount of 16 random base64-chars for the sha{256,512}crypt hash methods, which is effectively still less than the recommendation from NIST (>= 128 bits), but the maximum those methods can effectively use (approx. 90 bits). * Rename ROUNDS_{MIN,MAX} to SHA_ROUNDS_{MIN,MAX}. * Bugfixes in the logic of setting rounds in BCRYPT_salt_rounds(). * Likewise for YESCRYPT_salt_cost(). * Fix formatting and white-space errors. Signed-off-by: Björn Esser <besser82@fedoraproject.org>
2021-06-15 02:58:28 +05:30
static /*@observer@*/void SHA_salt_rounds_to_buf (char *buf, /*@null@*/int *prefered_rounds)
* libmisc/salt.c: The salt has a random size (between 8 and 16 bytes). * lib/getdef.c, etc/login.defs: Add definitions for SHA_CRYPT_MIN_ROUNDS and SHA_CRYPT_MAX_ROUNDS. * libmisc/salt.c: Use SHA_CRYPT_MIN_ROUNDS and SHA_CRYPT_MAX_ROUNDS to add a random number of rounds if needed.
2007-11-20 05:35:54 +05:30
{
libmisc/salt.c: Sanitize code. * Move all pre-processor defines to the top of the file. * Unify the gensalt() function to be useable for all supported hash methods. * Drop the gensalt_{b,yes}crypt() functions in favor of the previous change. * Refactor the functions converting the rounds number into a string for use with the crypt() function, to not require any static buffer anymore. * Clarify the comment about how crypt_make_salt() chooses the used hash method from the settings in the login.defs file. * Use memset() to fill static buffers with zero before using them. * Use a fixed amount of 16 random base64-chars for the sha{256,512}crypt hash methods, which is effectively still less than the recommendation from NIST (>= 128 bits), but the maximum those methods can effectively use (approx. 90 bits). * Rename ROUNDS_{MIN,MAX} to SHA_ROUNDS_{MIN,MAX}. * Bugfixes in the logic of setting rounds in BCRYPT_salt_rounds(). * Likewise for YESCRYPT_salt_cost(). * Fix formatting and white-space errors. Signed-off-by: Björn Esser <besser82@fedoraproject.org>
2021-06-15 02:58:28 +05:30
unsigned long rounds;
const size_t buf_begin = strlen (buf);
* libmisc/salt.c: The salt has a random size (between 8 and 16 bytes). * lib/getdef.c, etc/login.defs: Add definitions for SHA_CRYPT_MIN_ROUNDS and SHA_CRYPT_MAX_ROUNDS. * libmisc/salt.c: Use SHA_CRYPT_MIN_ROUNDS and SHA_CRYPT_MAX_ROUNDS to add a random number of rounds if needed.
2007-11-20 05:35:54 +05:30
* lib/prototypes.h, libmisc/salt.c: Add parameters to crypt_make_salt to force the crypt method and number of rounds. * libmisc/salt.c: Add parameter to SHA_salt_rounds to force the number of rounds. * libmisc/salt.c, lib/getdef.c: ENCRYPT_METHOD and MD5_CRYPT_ENAB are needed also when USE_PAM (e.g. for chpasswd). * src/newusers.c, src/gpasswd.c: Use the new crypt_make_salt prototype. * src/chpasswd.c, src/chgpasswd.c: Add option -c, --crypt-method and -s, --sha-rounds to specify the crypt method and number of rounds in case of one of the SHA methods. The new prototype of crypt_make_salt simplifies the handling of -m, --md5.
2007-11-20 15:03:52 +05:30
if (NULL == prefered_rounds) {
long min_rounds = getdef_long ("SHA_CRYPT_MIN_ROUNDS", -1);
long max_rounds = getdef_long ("SHA_CRYPT_MAX_ROUNDS", -1);
* libmisc/salt.c: The salt has a random size (between 8 and 16 bytes). * lib/getdef.c, etc/login.defs: Add definitions for SHA_CRYPT_MIN_ROUNDS and SHA_CRYPT_MAX_ROUNDS. * libmisc/salt.c: Use SHA_CRYPT_MIN_ROUNDS and SHA_CRYPT_MAX_ROUNDS to add a random number of rounds if needed.
2007-11-20 05:35:54 +05:30
* libmisc/salt.c: Use a size_t for the size of strings instead of unsigned int. * libmisc/salt.c: Add brackets and parenthesis. * libmisc/salt.c: Avoid assignments in comparisons.
2008-06-14 01:07:15 +05:30
if ((-1 == min_rounds) && (-1 == max_rounds)) {
libmisc/salt.c: Sanitize code. * Move all pre-processor defines to the top of the file. * Unify the gensalt() function to be useable for all supported hash methods. * Drop the gensalt_{b,yes}crypt() functions in favor of the previous change. * Refactor the functions converting the rounds number into a string for use with the crypt() function, to not require any static buffer anymore. * Clarify the comment about how crypt_make_salt() chooses the used hash method from the settings in the login.defs file. * Use memset() to fill static buffers with zero before using them. * Use a fixed amount of 16 random base64-chars for the sha{256,512}crypt hash methods, which is effectively still less than the recommendation from NIST (>= 128 bits), but the maximum those methods can effectively use (approx. 90 bits). * Rename ROUNDS_{MIN,MAX} to SHA_ROUNDS_{MIN,MAX}. * Bugfixes in the logic of setting rounds in BCRYPT_salt_rounds(). * Likewise for YESCRYPT_salt_cost(). * Fix formatting and white-space errors. Signed-off-by: Björn Esser <besser82@fedoraproject.org>
2021-06-15 02:58:28 +05:30
rounds = SHA_ROUNDS_DEFAULT;
* libmisc/salt.c: Use a size_t for the size of strings instead of unsigned int. * libmisc/salt.c: Add brackets and parenthesis. * libmisc/salt.c: Avoid assignments in comparisons.
2008-06-14 01:07:15 +05:30
}
* libmisc/salt.c: The salt has a random size (between 8 and 16 bytes). * lib/getdef.c, etc/login.defs: Add definitions for SHA_CRYPT_MIN_ROUNDS and SHA_CRYPT_MAX_ROUNDS. * libmisc/salt.c: Use SHA_CRYPT_MIN_ROUNDS and SHA_CRYPT_MAX_ROUNDS to add a random number of rounds if needed.
2007-11-20 05:35:54 +05:30
* libmisc/salt.c: Use a size_t for the size of strings instead of unsigned int. * libmisc/salt.c: Add brackets and parenthesis. * libmisc/salt.c: Avoid assignments in comparisons.
2008-06-14 01:07:15 +05:30
if (-1 == min_rounds) {
* lib/prototypes.h, libmisc/salt.c: Add parameters to crypt_make_salt to force the crypt method and number of rounds. * libmisc/salt.c: Add parameter to SHA_salt_rounds to force the number of rounds. * libmisc/salt.c, lib/getdef.c: ENCRYPT_METHOD and MD5_CRYPT_ENAB are needed also when USE_PAM (e.g. for chpasswd). * src/newusers.c, src/gpasswd.c: Use the new crypt_make_salt prototype. * src/chpasswd.c, src/chgpasswd.c: Add option -c, --crypt-method and -s, --sha-rounds to specify the crypt method and number of rounds in case of one of the SHA methods. The new prototype of crypt_make_salt simplifies the handling of -m, --md5.
2007-11-20 15:03:52 +05:30
min_rounds = max_rounds;
* libmisc/salt.c: Use a size_t for the size of strings instead of unsigned int. * libmisc/salt.c: Add brackets and parenthesis. * libmisc/salt.c: Avoid assignments in comparisons.
2008-06-14 01:07:15 +05:30
}
* libmisc/salt.c: The salt has a random size (between 8 and 16 bytes). * lib/getdef.c, etc/login.defs: Add definitions for SHA_CRYPT_MIN_ROUNDS and SHA_CRYPT_MAX_ROUNDS. * libmisc/salt.c: Use SHA_CRYPT_MIN_ROUNDS and SHA_CRYPT_MAX_ROUNDS to add a random number of rounds if needed.
2007-11-20 05:35:54 +05:30
* libmisc/salt.c: Use a size_t for the size of strings instead of unsigned int. * libmisc/salt.c: Add brackets and parenthesis. * libmisc/salt.c: Avoid assignments in comparisons.
2008-06-14 01:07:15 +05:30
if (-1 == max_rounds) {
* lib/prototypes.h, libmisc/salt.c: Add parameters to crypt_make_salt to force the crypt method and number of rounds. * libmisc/salt.c: Add parameter to SHA_salt_rounds to force the number of rounds. * libmisc/salt.c, lib/getdef.c: ENCRYPT_METHOD and MD5_CRYPT_ENAB are needed also when USE_PAM (e.g. for chpasswd). * src/newusers.c, src/gpasswd.c: Use the new crypt_make_salt prototype. * src/chpasswd.c, src/chgpasswd.c: Add option -c, --crypt-method and -s, --sha-rounds to specify the crypt method and number of rounds in case of one of the SHA methods. The new prototype of crypt_make_salt simplifies the handling of -m, --md5.
2007-11-20 15:03:52 +05:30
max_rounds = min_rounds;
* libmisc/salt.c: Use a size_t for the size of strings instead of unsigned int. * libmisc/salt.c: Add brackets and parenthesis. * libmisc/salt.c: Avoid assignments in comparisons.
2008-06-14 01:07:15 +05:30
}
* libmisc/salt.c: The salt has a random size (between 8 and 16 bytes). * lib/getdef.c, etc/login.defs: Add definitions for SHA_CRYPT_MIN_ROUNDS and SHA_CRYPT_MAX_ROUNDS. * libmisc/salt.c: Use SHA_CRYPT_MIN_ROUNDS and SHA_CRYPT_MAX_ROUNDS to add a random number of rounds if needed.
2007-11-20 05:35:54 +05:30
* libmisc/salt.c: Use a size_t for the size of strings instead of unsigned int. * libmisc/salt.c: Add brackets and parenthesis. * libmisc/salt.c: Avoid assignments in comparisons.
2008-06-14 01:07:15 +05:30
if (min_rounds > max_rounds) {
* lib/prototypes.h, libmisc/salt.c: Add parameters to crypt_make_salt to force the crypt method and number of rounds. * libmisc/salt.c: Add parameter to SHA_salt_rounds to force the number of rounds. * libmisc/salt.c, lib/getdef.c: ENCRYPT_METHOD and MD5_CRYPT_ENAB are needed also when USE_PAM (e.g. for chpasswd). * src/newusers.c, src/gpasswd.c: Use the new crypt_make_salt prototype. * src/chpasswd.c, src/chgpasswd.c: Add option -c, --crypt-method and -s, --sha-rounds to specify the crypt method and number of rounds in case of one of the SHA methods. The new prototype of crypt_make_salt simplifies the handling of -m, --md5.
2007-11-20 15:03:52 +05:30
max_rounds = min_rounds;
* libmisc/salt.c: Use a size_t for the size of strings instead of unsigned int. * libmisc/salt.c: Add brackets and parenthesis. * libmisc/salt.c: Avoid assignments in comparisons.
2008-06-14 01:07:15 +05:30
}
* lib/prototypes.h, libmisc/salt.c: Add parameters to crypt_make_salt to force the crypt method and number of rounds. * libmisc/salt.c: Add parameter to SHA_salt_rounds to force the number of rounds. * libmisc/salt.c, lib/getdef.c: ENCRYPT_METHOD and MD5_CRYPT_ENAB are needed also when USE_PAM (e.g. for chpasswd). * src/newusers.c, src/gpasswd.c: Use the new crypt_make_salt prototype. * src/chpasswd.c, src/chgpasswd.c: Add option -c, --crypt-method and -s, --sha-rounds to specify the crypt method and number of rounds in case of one of the SHA methods. The new prototype of crypt_make_salt simplifies the handling of -m, --md5.
2007-11-20 15:03:52 +05:30
libmisc/salt.c: Sanitize code. * Move all pre-processor defines to the top of the file. * Unify the gensalt() function to be useable for all supported hash methods. * Drop the gensalt_{b,yes}crypt() functions in favor of the previous change. * Refactor the functions converting the rounds number into a string for use with the crypt() function, to not require any static buffer anymore. * Clarify the comment about how crypt_make_salt() chooses the used hash method from the settings in the login.defs file. * Use memset() to fill static buffers with zero before using them. * Use a fixed amount of 16 random base64-chars for the sha{256,512}crypt hash methods, which is effectively still less than the recommendation from NIST (>= 128 bits), but the maximum those methods can effectively use (approx. 90 bits). * Rename ROUNDS_{MIN,MAX} to SHA_ROUNDS_{MIN,MAX}. * Bugfixes in the logic of setting rounds in BCRYPT_salt_rounds(). * Likewise for YESCRYPT_salt_cost(). * Fix formatting and white-space errors. Signed-off-by: Björn Esser <besser82@fedoraproject.org>
2021-06-15 02:58:28 +05:30
rounds = (unsigned long) shadow_random (min_rounds, max_rounds);
* libmisc/salt.c: Use a size_t for the size of strings instead of unsigned int. * libmisc/salt.c: Add brackets and parenthesis. * libmisc/salt.c: Avoid assignments in comparisons.
2008-06-14 01:07:15 +05:30
} else if (0 == *prefered_rounds) {
libmisc/salt.c: Sanitize code. * Move all pre-processor defines to the top of the file. * Unify the gensalt() function to be useable for all supported hash methods. * Drop the gensalt_{b,yes}crypt() functions in favor of the previous change. * Refactor the functions converting the rounds number into a string for use with the crypt() function, to not require any static buffer anymore. * Clarify the comment about how crypt_make_salt() chooses the used hash method from the settings in the login.defs file. * Use memset() to fill static buffers with zero before using them. * Use a fixed amount of 16 random base64-chars for the sha{256,512}crypt hash methods, which is effectively still less than the recommendation from NIST (>= 128 bits), but the maximum those methods can effectively use (approx. 90 bits). * Rename ROUNDS_{MIN,MAX} to SHA_ROUNDS_{MIN,MAX}. * Bugfixes in the logic of setting rounds in BCRYPT_salt_rounds(). * Likewise for YESCRYPT_salt_cost(). * Fix formatting and white-space errors. Signed-off-by: Björn Esser <besser82@fedoraproject.org>
2021-06-15 02:58:28 +05:30
rounds = SHA_ROUNDS_DEFAULT;
* libmisc/salt.c: Use a size_t for the size of strings instead of unsigned int. * libmisc/salt.c: Add brackets and parenthesis. * libmisc/salt.c: Avoid assignments in comparisons.
2008-06-14 01:07:15 +05:30
} else {
libmisc/salt.c: Sanitize code. * Move all pre-processor defines to the top of the file. * Unify the gensalt() function to be useable for all supported hash methods. * Drop the gensalt_{b,yes}crypt() functions in favor of the previous change. * Refactor the functions converting the rounds number into a string for use with the crypt() function, to not require any static buffer anymore. * Clarify the comment about how crypt_make_salt() chooses the used hash method from the settings in the login.defs file. * Use memset() to fill static buffers with zero before using them. * Use a fixed amount of 16 random base64-chars for the sha{256,512}crypt hash methods, which is effectively still less than the recommendation from NIST (>= 128 bits), but the maximum those methods can effectively use (approx. 90 bits). * Rename ROUNDS_{MIN,MAX} to SHA_ROUNDS_{MIN,MAX}. * Bugfixes in the logic of setting rounds in BCRYPT_salt_rounds(). * Likewise for YESCRYPT_salt_cost(). * Fix formatting and white-space errors. Signed-off-by: Björn Esser <besser82@fedoraproject.org>
2021-06-15 02:58:28 +05:30
rounds = (unsigned long) *prefered_rounds;
* libmisc/salt.c: Use a size_t for the size of strings instead of unsigned int. * libmisc/salt.c: Add brackets and parenthesis. * libmisc/salt.c: Avoid assignments in comparisons.
2008-06-14 01:07:15 +05:30
}
* libmisc/salt.c: The salt has a random size (between 8 and 16 bytes). * lib/getdef.c, etc/login.defs: Add definitions for SHA_CRYPT_MIN_ROUNDS and SHA_CRYPT_MAX_ROUNDS. * libmisc/salt.c: Use SHA_CRYPT_MIN_ROUNDS and SHA_CRYPT_MAX_ROUNDS to add a random number of rounds if needed.
2007-11-20 05:35:54 +05:30
/* Sanity checks. The libc should also check this, but this
* protects against a rounds_prefix overflow. */
libmisc/salt.c: Sanitize code. * Move all pre-processor defines to the top of the file. * Unify the gensalt() function to be useable for all supported hash methods. * Drop the gensalt_{b,yes}crypt() functions in favor of the previous change. * Refactor the functions converting the rounds number into a string for use with the crypt() function, to not require any static buffer anymore. * Clarify the comment about how crypt_make_salt() chooses the used hash method from the settings in the login.defs file. * Use memset() to fill static buffers with zero before using them. * Use a fixed amount of 16 random base64-chars for the sha{256,512}crypt hash methods, which is effectively still less than the recommendation from NIST (>= 128 bits), but the maximum those methods can effectively use (approx. 90 bits). * Rename ROUNDS_{MIN,MAX} to SHA_ROUNDS_{MIN,MAX}. * Bugfixes in the logic of setting rounds in BCRYPT_salt_rounds(). * Likewise for YESCRYPT_salt_cost(). * Fix formatting and white-space errors. Signed-off-by: Björn Esser <besser82@fedoraproject.org>
2021-06-15 02:58:28 +05:30
if (rounds < SHA_ROUNDS_MIN) {
rounds = SHA_ROUNDS_MIN;
}
if (rounds > SHA_ROUNDS_MAX) {
rounds = SHA_ROUNDS_MAX;
* libmisc/salt.c: Use a size_t for the size of strings instead of unsigned int. * libmisc/salt.c: Add brackets and parenthesis. * libmisc/salt.c: Avoid assignments in comparisons.
2008-06-14 01:07:15 +05:30
}
* libmisc/salt.c: The salt has a random size (between 8 and 16 bytes). * lib/getdef.c, etc/login.defs: Add definitions for SHA_CRYPT_MIN_ROUNDS and SHA_CRYPT_MAX_ROUNDS. * libmisc/salt.c: Use SHA_CRYPT_MIN_ROUNDS and SHA_CRYPT_MAX_ROUNDS to add a random number of rounds if needed.
2007-11-20 05:35:54 +05:30
libmisc/salt.c: Sanitize code. * Move all pre-processor defines to the top of the file. * Unify the gensalt() function to be useable for all supported hash methods. * Drop the gensalt_{b,yes}crypt() functions in favor of the previous change. * Refactor the functions converting the rounds number into a string for use with the crypt() function, to not require any static buffer anymore. * Clarify the comment about how crypt_make_salt() chooses the used hash method from the settings in the login.defs file. * Use memset() to fill static buffers with zero before using them. * Use a fixed amount of 16 random base64-chars for the sha{256,512}crypt hash methods, which is effectively still less than the recommendation from NIST (>= 128 bits), but the maximum those methods can effectively use (approx. 90 bits). * Rename ROUNDS_{MIN,MAX} to SHA_ROUNDS_{MIN,MAX}. * Bugfixes in the logic of setting rounds in BCRYPT_salt_rounds(). * Likewise for YESCRYPT_salt_cost(). * Fix formatting and white-space errors. Signed-off-by: Björn Esser <besser82@fedoraproject.org>
2021-06-15 02:58:28 +05:30
/* Nothing to do here if SHA_ROUNDS_DEFAULT is used. */
if (rounds == SHA_ROUNDS_DEFAULT) {
return;
* libmisc/salt.c: Use a size_t for the size of strings instead of unsigned int. * libmisc/salt.c: Add brackets and parenthesis. * libmisc/salt.c: Avoid assignments in comparisons.
2008-06-14 01:07:15 +05:30
}
* libmisc/salt.c: The salt has a random size (between 8 and 16 bytes). * lib/getdef.c, etc/login.defs: Add definitions for SHA_CRYPT_MIN_ROUNDS and SHA_CRYPT_MAX_ROUNDS. * libmisc/salt.c: Use SHA_CRYPT_MIN_ROUNDS and SHA_CRYPT_MAX_ROUNDS to add a random number of rounds if needed.
2007-11-20 05:35:54 +05:30
libmisc/salt.c: Sanitize code. * Move all pre-processor defines to the top of the file. * Unify the gensalt() function to be useable for all supported hash methods. * Drop the gensalt_{b,yes}crypt() functions in favor of the previous change. * Refactor the functions converting the rounds number into a string for use with the crypt() function, to not require any static buffer anymore. * Clarify the comment about how crypt_make_salt() chooses the used hash method from the settings in the login.defs file. * Use memset() to fill static buffers with zero before using them. * Use a fixed amount of 16 random base64-chars for the sha{256,512}crypt hash methods, which is effectively still less than the recommendation from NIST (>= 128 bits), but the maximum those methods can effectively use (approx. 90 bits). * Rename ROUNDS_{MIN,MAX} to SHA_ROUNDS_{MIN,MAX}. * Bugfixes in the logic of setting rounds in BCRYPT_salt_rounds(). * Likewise for YESCRYPT_salt_cost(). * Fix formatting and white-space errors. Signed-off-by: Björn Esser <besser82@fedoraproject.org>
2021-06-15 02:58:28 +05:30
/* Check if the result buffer is long enough. */
assert (GENSALT_SETTING_SIZE > buf_begin + 17);
* libmisc/salt.c: The salt has a random size (between 8 and 16 bytes). * lib/getdef.c, etc/login.defs: Add definitions for SHA_CRYPT_MIN_ROUNDS and SHA_CRYPT_MAX_ROUNDS. * libmisc/salt.c: Use SHA_CRYPT_MIN_ROUNDS and SHA_CRYPT_MAX_ROUNDS to add a random number of rounds if needed.
2007-11-20 05:35:54 +05:30
libmisc/salt.c: Sanitize code. * Move all pre-processor defines to the top of the file. * Unify the gensalt() function to be useable for all supported hash methods. * Drop the gensalt_{b,yes}crypt() functions in favor of the previous change. * Refactor the functions converting the rounds number into a string for use with the crypt() function, to not require any static buffer anymore. * Clarify the comment about how crypt_make_salt() chooses the used hash method from the settings in the login.defs file. * Use memset() to fill static buffers with zero before using them. * Use a fixed amount of 16 random base64-chars for the sha{256,512}crypt hash methods, which is effectively still less than the recommendation from NIST (>= 128 bits), but the maximum those methods can effectively use (approx. 90 bits). * Rename ROUNDS_{MIN,MAX} to SHA_ROUNDS_{MIN,MAX}. * Bugfixes in the logic of setting rounds in BCRYPT_salt_rounds(). * Likewise for YESCRYPT_salt_cost(). * Fix formatting and white-space errors. Signed-off-by: Björn Esser <besser82@fedoraproject.org>
2021-06-15 02:58:28 +05:30
(void) snprintf (buf + buf_begin, 18, "rounds=%lu$", rounds);
* libmisc/salt.c: The salt has a random size (between 8 and 16 bytes). * lib/getdef.c, etc/login.defs: Add definitions for SHA_CRYPT_MIN_ROUNDS and SHA_CRYPT_MAX_ROUNDS. * libmisc/salt.c: Use SHA_CRYPT_MIN_ROUNDS and SHA_CRYPT_MAX_ROUNDS to add a random number of rounds if needed.
2007-11-20 05:35:54 +05:30
}
Document the sections closed by #endif
2008-05-20 02:26:48 +05:30
#endif /* USE_SHA_CRYPT */
* libmisc/salt.c: The salt has a random size (between 8 and 16 bytes). * lib/getdef.c, etc/login.defs: Add definitions for SHA_CRYPT_MIN_ROUNDS and SHA_CRYPT_MAX_ROUNDS. * libmisc/salt.c: Use SHA_CRYPT_MIN_ROUNDS and SHA_CRYPT_MAX_ROUNDS to add a random number of rounds if needed.
2007-11-20 05:35:54 +05:30
Initial bcrypt support
2019-09-17 00:24:56 +05:30
#ifdef USE_BCRYPT
/*
libmisc/salt.c: Sanitize code. * Move all pre-processor defines to the top of the file. * Unify the gensalt() function to be useable for all supported hash methods. * Drop the gensalt_{b,yes}crypt() functions in favor of the previous change. * Refactor the functions converting the rounds number into a string for use with the crypt() function, to not require any static buffer anymore. * Clarify the comment about how crypt_make_salt() chooses the used hash method from the settings in the login.defs file. * Use memset() to fill static buffers with zero before using them. * Use a fixed amount of 16 random base64-chars for the sha{256,512}crypt hash methods, which is effectively still less than the recommendation from NIST (>= 128 bits), but the maximum those methods can effectively use (approx. 90 bits). * Rename ROUNDS_{MIN,MAX} to SHA_ROUNDS_{MIN,MAX}. * Bugfixes in the logic of setting rounds in BCRYPT_salt_rounds(). * Likewise for YESCRYPT_salt_cost(). * Fix formatting and white-space errors. Signed-off-by: Björn Esser <besser82@fedoraproject.org>
2021-06-15 02:58:28 +05:30
* Fill a salt prefix specifying the rounds number for the BCRYPT method
* to a buffer.
Initial bcrypt support
2019-09-17 00:24:56 +05:30
*/
libmisc/salt.c: Sanitize code. * Move all pre-processor defines to the top of the file. * Unify the gensalt() function to be useable for all supported hash methods. * Drop the gensalt_{b,yes}crypt() functions in favor of the previous change. * Refactor the functions converting the rounds number into a string for use with the crypt() function, to not require any static buffer anymore. * Clarify the comment about how crypt_make_salt() chooses the used hash method from the settings in the login.defs file. * Use memset() to fill static buffers with zero before using them. * Use a fixed amount of 16 random base64-chars for the sha{256,512}crypt hash methods, which is effectively still less than the recommendation from NIST (>= 128 bits), but the maximum those methods can effectively use (approx. 90 bits). * Rename ROUNDS_{MIN,MAX} to SHA_ROUNDS_{MIN,MAX}. * Bugfixes in the logic of setting rounds in BCRYPT_salt_rounds(). * Likewise for YESCRYPT_salt_cost(). * Fix formatting and white-space errors. Signed-off-by: Björn Esser <besser82@fedoraproject.org>
2021-06-15 02:58:28 +05:30
static /*@observer@*/void BCRYPT_salt_rounds_to_buf (char *buf, /*@null@*/int *prefered_rounds)
Initial bcrypt support
2019-09-17 00:24:56 +05:30
{
libmisc/salt.c: Sanitize code. * Move all pre-processor defines to the top of the file. * Unify the gensalt() function to be useable for all supported hash methods. * Drop the gensalt_{b,yes}crypt() functions in favor of the previous change. * Refactor the functions converting the rounds number into a string for use with the crypt() function, to not require any static buffer anymore. * Clarify the comment about how crypt_make_salt() chooses the used hash method from the settings in the login.defs file. * Use memset() to fill static buffers with zero before using them. * Use a fixed amount of 16 random base64-chars for the sha{256,512}crypt hash methods, which is effectively still less than the recommendation from NIST (>= 128 bits), but the maximum those methods can effectively use (approx. 90 bits). * Rename ROUNDS_{MIN,MAX} to SHA_ROUNDS_{MIN,MAX}. * Bugfixes in the logic of setting rounds in BCRYPT_salt_rounds(). * Likewise for YESCRYPT_salt_cost(). * Fix formatting and white-space errors. Signed-off-by: Björn Esser <besser82@fedoraproject.org>
2021-06-15 02:58:28 +05:30
unsigned long rounds;
const size_t buf_begin = strlen (buf);
Initial bcrypt support
2019-09-17 00:24:56 +05:30
if (NULL == prefered_rounds) {
long min_rounds = getdef_long ("BCRYPT_MIN_ROUNDS", -1);
long max_rounds = getdef_long ("BCRYPT_MAX_ROUNDS", -1);
libmisc/salt.c: Sanitize code. * Move all pre-processor defines to the top of the file. * Unify the gensalt() function to be useable for all supported hash methods. * Drop the gensalt_{b,yes}crypt() functions in favor of the previous change. * Refactor the functions converting the rounds number into a string for use with the crypt() function, to not require any static buffer anymore. * Clarify the comment about how crypt_make_salt() chooses the used hash method from the settings in the login.defs file. * Use memset() to fill static buffers with zero before using them. * Use a fixed amount of 16 random base64-chars for the sha{256,512}crypt hash methods, which is effectively still less than the recommendation from NIST (>= 128 bits), but the maximum those methods can effectively use (approx. 90 bits). * Rename ROUNDS_{MIN,MAX} to SHA_ROUNDS_{MIN,MAX}. * Bugfixes in the logic of setting rounds in BCRYPT_salt_rounds(). * Likewise for YESCRYPT_salt_cost(). * Fix formatting and white-space errors. Signed-off-by: Björn Esser <besser82@fedoraproject.org>
2021-06-15 02:58:28 +05:30
if ((-1 == min_rounds) && (-1 == max_rounds)) {
Initial bcrypt support
2019-09-17 00:24:56 +05:30
rounds = B_ROUNDS_DEFAULT;
libmisc/salt.c: Sanitize code. * Move all pre-processor defines to the top of the file. * Unify the gensalt() function to be useable for all supported hash methods. * Drop the gensalt_{b,yes}crypt() functions in favor of the previous change. * Refactor the functions converting the rounds number into a string for use with the crypt() function, to not require any static buffer anymore. * Clarify the comment about how crypt_make_salt() chooses the used hash method from the settings in the login.defs file. * Use memset() to fill static buffers with zero before using them. * Use a fixed amount of 16 random base64-chars for the sha{256,512}crypt hash methods, which is effectively still less than the recommendation from NIST (>= 128 bits), but the maximum those methods can effectively use (approx. 90 bits). * Rename ROUNDS_{MIN,MAX} to SHA_ROUNDS_{MIN,MAX}. * Bugfixes in the logic of setting rounds in BCRYPT_salt_rounds(). * Likewise for YESCRYPT_salt_cost(). * Fix formatting and white-space errors. Signed-off-by: Björn Esser <besser82@fedoraproject.org>
2021-06-15 02:58:28 +05:30
} else {
Initial bcrypt support
2019-09-17 00:24:56 +05:30
if (-1 == min_rounds) {
min_rounds = max_rounds;
}
libmisc/salt.c: Sanitize code. * Move all pre-processor defines to the top of the file. * Unify the gensalt() function to be useable for all supported hash methods. * Drop the gensalt_{b,yes}crypt() functions in favor of the previous change. * Refactor the functions converting the rounds number into a string for use with the crypt() function, to not require any static buffer anymore. * Clarify the comment about how crypt_make_salt() chooses the used hash method from the settings in the login.defs file. * Use memset() to fill static buffers with zero before using them. * Use a fixed amount of 16 random base64-chars for the sha{256,512}crypt hash methods, which is effectively still less than the recommendation from NIST (>= 128 bits), but the maximum those methods can effectively use (approx. 90 bits). * Rename ROUNDS_{MIN,MAX} to SHA_ROUNDS_{MIN,MAX}. * Bugfixes in the logic of setting rounds in BCRYPT_salt_rounds(). * Likewise for YESCRYPT_salt_cost(). * Fix formatting and white-space errors. Signed-off-by: Björn Esser <besser82@fedoraproject.org>
2021-06-15 02:58:28 +05:30
Initial bcrypt support
2019-09-17 00:24:56 +05:30
if (-1 == max_rounds) {
max_rounds = min_rounds;
}
libmisc/salt.c: Sanitize code. * Move all pre-processor defines to the top of the file. * Unify the gensalt() function to be useable for all supported hash methods. * Drop the gensalt_{b,yes}crypt() functions in favor of the previous change. * Refactor the functions converting the rounds number into a string for use with the crypt() function, to not require any static buffer anymore. * Clarify the comment about how crypt_make_salt() chooses the used hash method from the settings in the login.defs file. * Use memset() to fill static buffers with zero before using them. * Use a fixed amount of 16 random base64-chars for the sha{256,512}crypt hash methods, which is effectively still less than the recommendation from NIST (>= 128 bits), but the maximum those methods can effectively use (approx. 90 bits). * Rename ROUNDS_{MIN,MAX} to SHA_ROUNDS_{MIN,MAX}. * Bugfixes in the logic of setting rounds in BCRYPT_salt_rounds(). * Likewise for YESCRYPT_salt_cost(). * Fix formatting and white-space errors. Signed-off-by: Björn Esser <besser82@fedoraproject.org>
2021-06-15 02:58:28 +05:30
Initial bcrypt support
2019-09-17 00:24:56 +05:30
if (min_rounds > max_rounds) {
max_rounds = min_rounds;
}
libmisc/salt.c: Sanitize code. * Move all pre-processor defines to the top of the file. * Unify the gensalt() function to be useable for all supported hash methods. * Drop the gensalt_{b,yes}crypt() functions in favor of the previous change. * Refactor the functions converting the rounds number into a string for use with the crypt() function, to not require any static buffer anymore. * Clarify the comment about how crypt_make_salt() chooses the used hash method from the settings in the login.defs file. * Use memset() to fill static buffers with zero before using them. * Use a fixed amount of 16 random base64-chars for the sha{256,512}crypt hash methods, which is effectively still less than the recommendation from NIST (>= 128 bits), but the maximum those methods can effectively use (approx. 90 bits). * Rename ROUNDS_{MIN,MAX} to SHA_ROUNDS_{MIN,MAX}. * Bugfixes in the logic of setting rounds in BCRYPT_salt_rounds(). * Likewise for YESCRYPT_salt_cost(). * Fix formatting and white-space errors. Signed-off-by: Björn Esser <besser82@fedoraproject.org>
2021-06-15 02:58:28 +05:30
rounds = (unsigned long) shadow_random (min_rounds, max_rounds);
Initial bcrypt support
2019-09-17 00:24:56 +05:30
}
libmisc/salt.c: Sanitize code. * Move all pre-processor defines to the top of the file. * Unify the gensalt() function to be useable for all supported hash methods. * Drop the gensalt_{b,yes}crypt() functions in favor of the previous change. * Refactor the functions converting the rounds number into a string for use with the crypt() function, to not require any static buffer anymore. * Clarify the comment about how crypt_make_salt() chooses the used hash method from the settings in the login.defs file. * Use memset() to fill static buffers with zero before using them. * Use a fixed amount of 16 random base64-chars for the sha{256,512}crypt hash methods, which is effectively still less than the recommendation from NIST (>= 128 bits), but the maximum those methods can effectively use (approx. 90 bits). * Rename ROUNDS_{MIN,MAX} to SHA_ROUNDS_{MIN,MAX}. * Bugfixes in the logic of setting rounds in BCRYPT_salt_rounds(). * Likewise for YESCRYPT_salt_cost(). * Fix formatting and white-space errors. Signed-off-by: Björn Esser <besser82@fedoraproject.org>
2021-06-15 02:58:28 +05:30
} else if (0 == *prefered_rounds) {
rounds = B_ROUNDS_DEFAULT;
Initial bcrypt support
2019-09-17 00:24:56 +05:30
} else {
libmisc/salt.c: Sanitize code. * Move all pre-processor defines to the top of the file. * Unify the gensalt() function to be useable for all supported hash methods. * Drop the gensalt_{b,yes}crypt() functions in favor of the previous change. * Refactor the functions converting the rounds number into a string for use with the crypt() function, to not require any static buffer anymore. * Clarify the comment about how crypt_make_salt() chooses the used hash method from the settings in the login.defs file. * Use memset() to fill static buffers with zero before using them. * Use a fixed amount of 16 random base64-chars for the sha{256,512}crypt hash methods, which is effectively still less than the recommendation from NIST (>= 128 bits), but the maximum those methods can effectively use (approx. 90 bits). * Rename ROUNDS_{MIN,MAX} to SHA_ROUNDS_{MIN,MAX}. * Bugfixes in the logic of setting rounds in BCRYPT_salt_rounds(). * Likewise for YESCRYPT_salt_cost(). * Fix formatting and white-space errors. Signed-off-by: Björn Esser <besser82@fedoraproject.org>
2021-06-15 02:58:28 +05:30
rounds = (unsigned long) *prefered_rounds;
Initial bcrypt support
2019-09-17 00:24:56 +05:30
}
libmisc/salt.c: Sanitize code. * Move all pre-processor defines to the top of the file. * Unify the gensalt() function to be useable for all supported hash methods. * Drop the gensalt_{b,yes}crypt() functions in favor of the previous change. * Refactor the functions converting the rounds number into a string for use with the crypt() function, to not require any static buffer anymore. * Clarify the comment about how crypt_make_salt() chooses the used hash method from the settings in the login.defs file. * Use memset() to fill static buffers with zero before using them. * Use a fixed amount of 16 random base64-chars for the sha{256,512}crypt hash methods, which is effectively still less than the recommendation from NIST (>= 128 bits), but the maximum those methods can effectively use (approx. 90 bits). * Rename ROUNDS_{MIN,MAX} to SHA_ROUNDS_{MIN,MAX}. * Bugfixes in the logic of setting rounds in BCRYPT_salt_rounds(). * Likewise for YESCRYPT_salt_cost(). * Fix formatting and white-space errors. Signed-off-by: Björn Esser <besser82@fedoraproject.org>
2021-06-15 02:58:28 +05:30
/* Sanity checks. */
Initial bcrypt support
2019-09-17 00:24:56 +05:30
if (rounds < B_ROUNDS_MIN) {
rounds = B_ROUNDS_MIN;
}
libmisc/salt.c: Sanitize code. * Move all pre-processor defines to the top of the file. * Unify the gensalt() function to be useable for all supported hash methods. * Drop the gensalt_{b,yes}crypt() functions in favor of the previous change. * Refactor the functions converting the rounds number into a string for use with the crypt() function, to not require any static buffer anymore. * Clarify the comment about how crypt_make_salt() chooses the used hash method from the settings in the login.defs file. * Use memset() to fill static buffers with zero before using them. * Use a fixed amount of 16 random base64-chars for the sha{256,512}crypt hash methods, which is effectively still less than the recommendation from NIST (>= 128 bits), but the maximum those methods can effectively use (approx. 90 bits). * Rename ROUNDS_{MIN,MAX} to SHA_ROUNDS_{MIN,MAX}. * Bugfixes in the logic of setting rounds in BCRYPT_salt_rounds(). * Likewise for YESCRYPT_salt_cost(). * Fix formatting and white-space errors. Signed-off-by: Björn Esser <besser82@fedoraproject.org>
2021-06-15 02:58:28 +05:30
/*
* Use 19 as an upper bound for now,
* because musl doesn't allow rounds >= 20.
*/
Initial bcrypt support
2019-09-17 00:24:56 +05:30
if (rounds > 19) {
/* rounds = B_ROUNDS_MAX; */
rounds = 19;
}
libmisc/salt.c: Sanitize code. * Move all pre-processor defines to the top of the file. * Unify the gensalt() function to be useable for all supported hash methods. * Drop the gensalt_{b,yes}crypt() functions in favor of the previous change. * Refactor the functions converting the rounds number into a string for use with the crypt() function, to not require any static buffer anymore. * Clarify the comment about how crypt_make_salt() chooses the used hash method from the settings in the login.defs file. * Use memset() to fill static buffers with zero before using them. * Use a fixed amount of 16 random base64-chars for the sha{256,512}crypt hash methods, which is effectively still less than the recommendation from NIST (>= 128 bits), but the maximum those methods can effectively use (approx. 90 bits). * Rename ROUNDS_{MIN,MAX} to SHA_ROUNDS_{MIN,MAX}. * Bugfixes in the logic of setting rounds in BCRYPT_salt_rounds(). * Likewise for YESCRYPT_salt_cost(). * Fix formatting and white-space errors. Signed-off-by: Björn Esser <besser82@fedoraproject.org>
2021-06-15 02:58:28 +05:30
/* Check if the result buffer is long enough. */
assert (GENSALT_SETTING_SIZE > buf_begin + 3);
Initial bcrypt support
2019-09-17 00:24:56 +05:30
libmisc/salt.c: Sanitize code. * Move all pre-processor defines to the top of the file. * Unify the gensalt() function to be useable for all supported hash methods. * Drop the gensalt_{b,yes}crypt() functions in favor of the previous change. * Refactor the functions converting the rounds number into a string for use with the crypt() function, to not require any static buffer anymore. * Clarify the comment about how crypt_make_salt() chooses the used hash method from the settings in the login.defs file. * Use memset() to fill static buffers with zero before using them. * Use a fixed amount of 16 random base64-chars for the sha{256,512}crypt hash methods, which is effectively still less than the recommendation from NIST (>= 128 bits), but the maximum those methods can effectively use (approx. 90 bits). * Rename ROUNDS_{MIN,MAX} to SHA_ROUNDS_{MIN,MAX}. * Bugfixes in the logic of setting rounds in BCRYPT_salt_rounds(). * Likewise for YESCRYPT_salt_cost(). * Fix formatting and white-space errors. Signed-off-by: Björn Esser <besser82@fedoraproject.org>
2021-06-15 02:58:28 +05:30
(void) snprintf (buf + buf_begin, 4, "%2.2lu$", rounds);
Initial bcrypt support
2019-09-17 00:24:56 +05:30
}
#endif /* USE_BCRYPT */
Add yescrypt support
2020-12-28 01:39:25 +05:30
#ifdef USE_YESCRYPT
/*
libmisc/salt.c: Sanitize code. * Move all pre-processor defines to the top of the file. * Unify the gensalt() function to be useable for all supported hash methods. * Drop the gensalt_{b,yes}crypt() functions in favor of the previous change. * Refactor the functions converting the rounds number into a string for use with the crypt() function, to not require any static buffer anymore. * Clarify the comment about how crypt_make_salt() chooses the used hash method from the settings in the login.defs file. * Use memset() to fill static buffers with zero before using them. * Use a fixed amount of 16 random base64-chars for the sha{256,512}crypt hash methods, which is effectively still less than the recommendation from NIST (>= 128 bits), but the maximum those methods can effectively use (approx. 90 bits). * Rename ROUNDS_{MIN,MAX} to SHA_ROUNDS_{MIN,MAX}. * Bugfixes in the logic of setting rounds in BCRYPT_salt_rounds(). * Likewise for YESCRYPT_salt_cost(). * Fix formatting and white-space errors. Signed-off-by: Björn Esser <besser82@fedoraproject.org>
2021-06-15 02:58:28 +05:30
* Fill a salt prefix specifying the cost for the YESCRYPT method
* to a buffer.
Add yescrypt support
2020-12-28 01:39:25 +05:30
*/
libmisc/salt.c: Sanitize code. * Move all pre-processor defines to the top of the file. * Unify the gensalt() function to be useable for all supported hash methods. * Drop the gensalt_{b,yes}crypt() functions in favor of the previous change. * Refactor the functions converting the rounds number into a string for use with the crypt() function, to not require any static buffer anymore. * Clarify the comment about how crypt_make_salt() chooses the used hash method from the settings in the login.defs file. * Use memset() to fill static buffers with zero before using them. * Use a fixed amount of 16 random base64-chars for the sha{256,512}crypt hash methods, which is effectively still less than the recommendation from NIST (>= 128 bits), but the maximum those methods can effectively use (approx. 90 bits). * Rename ROUNDS_{MIN,MAX} to SHA_ROUNDS_{MIN,MAX}. * Bugfixes in the logic of setting rounds in BCRYPT_salt_rounds(). * Likewise for YESCRYPT_salt_cost(). * Fix formatting and white-space errors. Signed-off-by: Björn Esser <besser82@fedoraproject.org>
2021-06-15 02:58:28 +05:30
static /*@observer@*/void YESCRYPT_salt_cost_to_buf (char *buf, /*@null@*/int *prefered_cost)
Add yescrypt support
2020-12-28 01:39:25 +05:30
{
libmisc/salt.c: Sanitize code. * Move all pre-processor defines to the top of the file. * Unify the gensalt() function to be useable for all supported hash methods. * Drop the gensalt_{b,yes}crypt() functions in favor of the previous change. * Refactor the functions converting the rounds number into a string for use with the crypt() function, to not require any static buffer anymore. * Clarify the comment about how crypt_make_salt() chooses the used hash method from the settings in the login.defs file. * Use memset() to fill static buffers with zero before using them. * Use a fixed amount of 16 random base64-chars for the sha{256,512}crypt hash methods, which is effectively still less than the recommendation from NIST (>= 128 bits), but the maximum those methods can effectively use (approx. 90 bits). * Rename ROUNDS_{MIN,MAX} to SHA_ROUNDS_{MIN,MAX}. * Bugfixes in the logic of setting rounds in BCRYPT_salt_rounds(). * Likewise for YESCRYPT_salt_cost(). * Fix formatting and white-space errors. Signed-off-by: Björn Esser <besser82@fedoraproject.org>
2021-06-15 02:58:28 +05:30
unsigned long cost;
const size_t buf_begin = strlen (buf);
Add yescrypt support
2020-12-28 01:39:25 +05:30
if (NULL == prefered_cost) {
cost = getdef_num ("YESCRYPT_COST_FACTOR", Y_COST_DEFAULT);
libmisc/salt.c: Sanitize code. * Move all pre-processor defines to the top of the file. * Unify the gensalt() function to be useable for all supported hash methods. * Drop the gensalt_{b,yes}crypt() functions in favor of the previous change. * Refactor the functions converting the rounds number into a string for use with the crypt() function, to not require any static buffer anymore. * Clarify the comment about how crypt_make_salt() chooses the used hash method from the settings in the login.defs file. * Use memset() to fill static buffers with zero before using them. * Use a fixed amount of 16 random base64-chars for the sha{256,512}crypt hash methods, which is effectively still less than the recommendation from NIST (>= 128 bits), but the maximum those methods can effectively use (approx. 90 bits). * Rename ROUNDS_{MIN,MAX} to SHA_ROUNDS_{MIN,MAX}. * Bugfixes in the logic of setting rounds in BCRYPT_salt_rounds(). * Likewise for YESCRYPT_salt_cost(). * Fix formatting and white-space errors. Signed-off-by: Björn Esser <besser82@fedoraproject.org>
2021-06-15 02:58:28 +05:30
} else if (0 == *prefered_cost) {
cost = Y_COST_DEFAULT;
Add yescrypt support
2020-12-28 01:39:25 +05:30
} else {
libmisc/salt.c: Sanitize code. * Move all pre-processor defines to the top of the file. * Unify the gensalt() function to be useable for all supported hash methods. * Drop the gensalt_{b,yes}crypt() functions in favor of the previous change. * Refactor the functions converting the rounds number into a string for use with the crypt() function, to not require any static buffer anymore. * Clarify the comment about how crypt_make_salt() chooses the used hash method from the settings in the login.defs file. * Use memset() to fill static buffers with zero before using them. * Use a fixed amount of 16 random base64-chars for the sha{256,512}crypt hash methods, which is effectively still less than the recommendation from NIST (>= 128 bits), but the maximum those methods can effectively use (approx. 90 bits). * Rename ROUNDS_{MIN,MAX} to SHA_ROUNDS_{MIN,MAX}. * Bugfixes in the logic of setting rounds in BCRYPT_salt_rounds(). * Likewise for YESCRYPT_salt_cost(). * Fix formatting and white-space errors. Signed-off-by: Björn Esser <besser82@fedoraproject.org>
2021-06-15 02:58:28 +05:30
cost = (unsigned long) *prefered_cost;
Add yescrypt support
2020-12-28 01:39:25 +05:30
}
libmisc/salt.c: Sanitize code. * Move all pre-processor defines to the top of the file. * Unify the gensalt() function to be useable for all supported hash methods. * Drop the gensalt_{b,yes}crypt() functions in favor of the previous change. * Refactor the functions converting the rounds number into a string for use with the crypt() function, to not require any static buffer anymore. * Clarify the comment about how crypt_make_salt() chooses the used hash method from the settings in the login.defs file. * Use memset() to fill static buffers with zero before using them. * Use a fixed amount of 16 random base64-chars for the sha{256,512}crypt hash methods, which is effectively still less than the recommendation from NIST (>= 128 bits), but the maximum those methods can effectively use (approx. 90 bits). * Rename ROUNDS_{MIN,MAX} to SHA_ROUNDS_{MIN,MAX}. * Bugfixes in the logic of setting rounds in BCRYPT_salt_rounds(). * Likewise for YESCRYPT_salt_cost(). * Fix formatting and white-space errors. Signed-off-by: Björn Esser <besser82@fedoraproject.org>
2021-06-15 02:58:28 +05:30
/* Sanity checks. */
Add yescrypt support
2020-12-28 01:39:25 +05:30
if (cost < Y_COST_MIN) {
cost = Y_COST_MIN;
}
libmisc/salt.c: Sanitize code. * Move all pre-processor defines to the top of the file. * Unify the gensalt() function to be useable for all supported hash methods. * Drop the gensalt_{b,yes}crypt() functions in favor of the previous change. * Refactor the functions converting the rounds number into a string for use with the crypt() function, to not require any static buffer anymore. * Clarify the comment about how crypt_make_salt() chooses the used hash method from the settings in the login.defs file. * Use memset() to fill static buffers with zero before using them. * Use a fixed amount of 16 random base64-chars for the sha{256,512}crypt hash methods, which is effectively still less than the recommendation from NIST (>= 128 bits), but the maximum those methods can effectively use (approx. 90 bits). * Rename ROUNDS_{MIN,MAX} to SHA_ROUNDS_{MIN,MAX}. * Bugfixes in the logic of setting rounds in BCRYPT_salt_rounds(). * Likewise for YESCRYPT_salt_cost(). * Fix formatting and white-space errors. Signed-off-by: Björn Esser <besser82@fedoraproject.org>
2021-06-15 02:58:28 +05:30
Add yescrypt support
2020-12-28 01:39:25 +05:30
if (cost > Y_COST_MAX) {
cost = Y_COST_MAX;
}
libmisc/salt.c: Sanitize code. * Move all pre-processor defines to the top of the file. * Unify the gensalt() function to be useable for all supported hash methods. * Drop the gensalt_{b,yes}crypt() functions in favor of the previous change. * Refactor the functions converting the rounds number into a string for use with the crypt() function, to not require any static buffer anymore. * Clarify the comment about how crypt_make_salt() chooses the used hash method from the settings in the login.defs file. * Use memset() to fill static buffers with zero before using them. * Use a fixed amount of 16 random base64-chars for the sha{256,512}crypt hash methods, which is effectively still less than the recommendation from NIST (>= 128 bits), but the maximum those methods can effectively use (approx. 90 bits). * Rename ROUNDS_{MIN,MAX} to SHA_ROUNDS_{MIN,MAX}. * Bugfixes in the logic of setting rounds in BCRYPT_salt_rounds(). * Likewise for YESCRYPT_salt_cost(). * Fix formatting and white-space errors. Signed-off-by: Björn Esser <besser82@fedoraproject.org>
2021-06-15 02:58:28 +05:30
/* Check if the result buffer is long enough. */
assert (GENSALT_SETTING_SIZE > buf_begin + 3);
buf[buf_begin + 0] = 'j';
Add yescrypt support
2020-12-28 01:39:25 +05:30
if (cost < 3) {
libmisc/salt.c: Sanitize code. * Move all pre-processor defines to the top of the file. * Unify the gensalt() function to be useable for all supported hash methods. * Drop the gensalt_{b,yes}crypt() functions in favor of the previous change. * Refactor the functions converting the rounds number into a string for use with the crypt() function, to not require any static buffer anymore. * Clarify the comment about how crypt_make_salt() chooses the used hash method from the settings in the login.defs file. * Use memset() to fill static buffers with zero before using them. * Use a fixed amount of 16 random base64-chars for the sha{256,512}crypt hash methods, which is effectively still less than the recommendation from NIST (>= 128 bits), but the maximum those methods can effectively use (approx. 90 bits). * Rename ROUNDS_{MIN,MAX} to SHA_ROUNDS_{MIN,MAX}. * Bugfixes in the logic of setting rounds in BCRYPT_salt_rounds(). * Likewise for YESCRYPT_salt_cost(). * Fix formatting and white-space errors. Signed-off-by: Björn Esser <besser82@fedoraproject.org>
2021-06-15 02:58:28 +05:30
buf[buf_begin + 1] = 0x36 + cost;
Add yescrypt support
2020-12-28 01:39:25 +05:30
} else if (cost < 6) {
libmisc/salt.c: Sanitize code. * Move all pre-processor defines to the top of the file. * Unify the gensalt() function to be useable for all supported hash methods. * Drop the gensalt_{b,yes}crypt() functions in favor of the previous change. * Refactor the functions converting the rounds number into a string for use with the crypt() function, to not require any static buffer anymore. * Clarify the comment about how crypt_make_salt() chooses the used hash method from the settings in the login.defs file. * Use memset() to fill static buffers with zero before using them. * Use a fixed amount of 16 random base64-chars for the sha{256,512}crypt hash methods, which is effectively still less than the recommendation from NIST (>= 128 bits), but the maximum those methods can effectively use (approx. 90 bits). * Rename ROUNDS_{MIN,MAX} to SHA_ROUNDS_{MIN,MAX}. * Bugfixes in the logic of setting rounds in BCRYPT_salt_rounds(). * Likewise for YESCRYPT_salt_cost(). * Fix formatting and white-space errors. Signed-off-by: Björn Esser <besser82@fedoraproject.org>
2021-06-15 02:58:28 +05:30
buf[buf_begin + 1] = 0x34 + cost;
Add yescrypt support
2020-12-28 01:39:25 +05:30
} else {
libmisc/salt.c: Sanitize code. * Move all pre-processor defines to the top of the file. * Unify the gensalt() function to be useable for all supported hash methods. * Drop the gensalt_{b,yes}crypt() functions in favor of the previous change. * Refactor the functions converting the rounds number into a string for use with the crypt() function, to not require any static buffer anymore. * Clarify the comment about how crypt_make_salt() chooses the used hash method from the settings in the login.defs file. * Use memset() to fill static buffers with zero before using them. * Use a fixed amount of 16 random base64-chars for the sha{256,512}crypt hash methods, which is effectively still less than the recommendation from NIST (>= 128 bits), but the maximum those methods can effectively use (approx. 90 bits). * Rename ROUNDS_{MIN,MAX} to SHA_ROUNDS_{MIN,MAX}. * Bugfixes in the logic of setting rounds in BCRYPT_salt_rounds(). * Likewise for YESCRYPT_salt_cost(). * Fix formatting and white-space errors. Signed-off-by: Björn Esser <besser82@fedoraproject.org>
2021-06-15 02:58:28 +05:30
buf[buf_begin + 1] = 0x3b + cost;
Add yescrypt support
2020-12-28 01:39:25 +05:30
}
libmisc/salt.c: Sanitize code. * Move all pre-processor defines to the top of the file. * Unify the gensalt() function to be useable for all supported hash methods. * Drop the gensalt_{b,yes}crypt() functions in favor of the previous change. * Refactor the functions converting the rounds number into a string for use with the crypt() function, to not require any static buffer anymore. * Clarify the comment about how crypt_make_salt() chooses the used hash method from the settings in the login.defs file. * Use memset() to fill static buffers with zero before using them. * Use a fixed amount of 16 random base64-chars for the sha{256,512}crypt hash methods, which is effectively still less than the recommendation from NIST (>= 128 bits), but the maximum those methods can effectively use (approx. 90 bits). * Rename ROUNDS_{MIN,MAX} to SHA_ROUNDS_{MIN,MAX}. * Bugfixes in the logic of setting rounds in BCRYPT_salt_rounds(). * Likewise for YESCRYPT_salt_cost(). * Fix formatting and white-space errors. Signed-off-by: Björn Esser <besser82@fedoraproject.org>
2021-06-15 02:58:28 +05:30
buf[buf_begin + 2] = cost >= 3 ? 'T' : '5';
buf[buf_begin + 3] = '$';
buf[buf_begin + 4] = '\0';
Add yescrypt support
2020-12-28 01:39:25 +05:30
}
#endif /* USE_YESCRYPT */
* libmisc/xgetXXbyYY.c, libmisc/myname.c, libmisc/getgr_nam_gid.c, libmisc/salt.c, libmisc/list.c, libmisc/cleanup.c, src/login.c, lib/getdef.h, lib/groupio.c, lib/getlong.c, lib/gshadow_.h, lib/sgroupio.c, lib/shadowio.c, lib/pwio.c, lib/commonio.h, lib/fputsx.c, lib/prototypes.h: Added splint annotations. * lib/groupio.c: Avoid implicit conversion of pointers to booleans. * lib/groupio.c: Free allocated buffers in case of failure.
2009-04-23 15:27:03 +05:30
static /*@observer@*/const char *gensalt (size_t salt_size)
* libmisc/salt.c: Add prototype for l64a(), gensalt(), SHA_salt_size(), and SHA_salt_rounds(). * libmisc/salt.c: l64a() and gensalt() are static. * libmisc/salt.c: The `meth' parameter of crypt_make_salt() is a const. (ditto for the method variable). * libmisc/salt.c: SHA_salt_rounds returns a const string. * libmisc/salt.c: Avoid warnings with cast of random() to double. * libmisc/salt.c: Replace rand() by random().
2008-01-06 20:20:26 +05:30
{
libmisc/salt.c: Sanitize code. * Move all pre-processor defines to the top of the file. * Unify the gensalt() function to be useable for all supported hash methods. * Drop the gensalt_{b,yes}crypt() functions in favor of the previous change. * Refactor the functions converting the rounds number into a string for use with the crypt() function, to not require any static buffer anymore. * Clarify the comment about how crypt_make_salt() chooses the used hash method from the settings in the login.defs file. * Use memset() to fill static buffers with zero before using them. * Use a fixed amount of 16 random base64-chars for the sha{256,512}crypt hash methods, which is effectively still less than the recommendation from NIST (>= 128 bits), but the maximum those methods can effectively use (approx. 90 bits). * Rename ROUNDS_{MIN,MAX} to SHA_ROUNDS_{MIN,MAX}. * Bugfixes in the logic of setting rounds in BCRYPT_salt_rounds(). * Likewise for YESCRYPT_salt_cost(). * Fix formatting and white-space errors. Signed-off-by: Björn Esser <besser82@fedoraproject.org>
2021-06-15 02:58:28 +05:30
static char salt[MAX_SALT_SIZE + 6];
Re-indent.
2007-11-24 05:30:12 +05:30
libmisc/salt.c: Sanitize code. * Move all pre-processor defines to the top of the file. * Unify the gensalt() function to be useable for all supported hash methods. * Drop the gensalt_{b,yes}crypt() functions in favor of the previous change. * Refactor the functions converting the rounds number into a string for use with the crypt() function, to not require any static buffer anymore. * Clarify the comment about how crypt_make_salt() chooses the used hash method from the settings in the login.defs file. * Use memset() to fill static buffers with zero before using them. * Use a fixed amount of 16 random base64-chars for the sha{256,512}crypt hash methods, which is effectively still less than the recommendation from NIST (>= 128 bits), but the maximum those methods can effectively use (approx. 90 bits). * Rename ROUNDS_{MIN,MAX} to SHA_ROUNDS_{MIN,MAX}. * Bugfixes in the logic of setting rounds in BCRYPT_salt_rounds(). * Likewise for YESCRYPT_salt_cost(). * Fix formatting and white-space errors. Signed-off-by: Björn Esser <besser82@fedoraproject.org>
2021-06-15 02:58:28 +05:30
memset (salt, '\0', MAX_SALT_SIZE + 6);
Re-indent.
2007-11-24 05:30:12 +05:30
* Move the srandom call to gensalt. * Replace the test on salt_size by an assert.
2007-11-24 02:34:43 +05:30
assert (salt_size >= MIN_SALT_SIZE &&
salt_size <= MAX_SALT_SIZE);
Do not seed the random number generator each time, and use the time in microseconds to avoid having the same salt for different passwords generated in the same second. This permits to avoid using the same salt for different passwords in newusers.
2008-02-03 22:53:58 +05:30
seedRNG ();
Re-indent.
2007-11-24 05:30:12 +05:30
strcat (salt, l64a (random()));
do {
strcat (salt, l64a (random()));
} while (strlen (salt) < salt_size);
* libmisc/salt.c: Use a size_t for the size of strings instead of unsigned int. * libmisc/salt.c: Add brackets and parenthesis. * libmisc/salt.c: Avoid assignments in comparisons.
2008-06-14 01:07:15 +05:30
Re-indent.
2007-11-24 05:30:12 +05:30
salt[salt_size] = '\0';
return salt;
Applied patch shadow-utils-4.0.18.2-salt.patch. Thanks to Dan Kopecek <dkopecek@redhat.com>
2007-11-24 02:21:43 +05:30
}
* libmisc/salt.c: The salt has a random size (between 8 and 16 bytes). * lib/getdef.c, etc/login.defs: Add definitions for SHA_CRYPT_MIN_ROUNDS and SHA_CRYPT_MAX_ROUNDS. * libmisc/salt.c: Use SHA_CRYPT_MIN_ROUNDS and SHA_CRYPT_MAX_ROUNDS to add a random number of rounds if needed.
2007-11-20 05:35:54 +05:30
/*
* Generate 8 base64 ASCII characters of random salt. If MD5_CRYPT_ENAB
* in /etc/login.defs is "yes", the salt string will be prefixed by "$1$"
* (magic) and pw_encrypt() will execute the MD5-based FreeBSD-compatible
* version of crypt() instead of the standard one.
* Other methods can be set with ENCRYPT_METHOD
* lib/prototypes.h, libmisc/salt.c: Add parameters to crypt_make_salt to force the crypt method and number of rounds. * libmisc/salt.c: Add parameter to SHA_salt_rounds to force the number of rounds. * libmisc/salt.c, lib/getdef.c: ENCRYPT_METHOD and MD5_CRYPT_ENAB are needed also when USE_PAM (e.g. for chpasswd). * src/newusers.c, src/gpasswd.c: Use the new crypt_make_salt prototype. * src/chpasswd.c, src/chgpasswd.c: Add option -c, --crypt-method and -s, --sha-rounds to specify the crypt method and number of rounds in case of one of the SHA methods. The new prototype of crypt_make_salt simplifies the handling of -m, --md5.
2007-11-20 15:03:52 +05:30
*
* The method can be forced with the meth parameter.
libmisc/salt.c: Sanitize code. * Move all pre-processor defines to the top of the file. * Unify the gensalt() function to be useable for all supported hash methods. * Drop the gensalt_{b,yes}crypt() functions in favor of the previous change. * Refactor the functions converting the rounds number into a string for use with the crypt() function, to not require any static buffer anymore. * Clarify the comment about how crypt_make_salt() chooses the used hash method from the settings in the login.defs file. * Use memset() to fill static buffers with zero before using them. * Use a fixed amount of 16 random base64-chars for the sha{256,512}crypt hash methods, which is effectively still less than the recommendation from NIST (>= 128 bits), but the maximum those methods can effectively use (approx. 90 bits). * Rename ROUNDS_{MIN,MAX} to SHA_ROUNDS_{MIN,MAX}. * Bugfixes in the logic of setting rounds in BCRYPT_salt_rounds(). * Likewise for YESCRYPT_salt_cost(). * Fix formatting and white-space errors. Signed-off-by: Björn Esser <besser82@fedoraproject.org>
2021-06-15 02:58:28 +05:30
* If NULL, the method will be defined according to the ENCRYPT_METHOD
* variable, and if not set according to the MD5_CRYPT_ENAB variable,
* which can both be set inside the login.defs file.
* lib/prototypes.h, libmisc/salt.c: Add parameters to crypt_make_salt to force the crypt method and number of rounds. * libmisc/salt.c: Add parameter to SHA_salt_rounds to force the number of rounds. * libmisc/salt.c, lib/getdef.c: ENCRYPT_METHOD and MD5_CRYPT_ENAB are needed also when USE_PAM (e.g. for chpasswd). * src/newusers.c, src/gpasswd.c: Use the new crypt_make_salt prototype. * src/chpasswd.c, src/chgpasswd.c: Add option -c, --crypt-method and -s, --sha-rounds to specify the crypt method and number of rounds in case of one of the SHA methods. The new prototype of crypt_make_salt simplifies the handling of -m, --md5.
2007-11-20 15:03:52 +05:30
*
* If meth is specified, an additional parameter can be provided.
* * For the SHA256 and SHA512 method, this specifies the number of rounds
* (if not NULL).
Add yescrypt support
2020-12-28 01:39:25 +05:30
* * For the YESCRYPT method, this specifies the cost factor (if not NULL).
* libmisc/salt.c: The salt has a random size (between 8 and 16 bytes). * lib/getdef.c, etc/login.defs: Add definitions for SHA_CRYPT_MIN_ROUNDS and SHA_CRYPT_MAX_ROUNDS. * libmisc/salt.c: Use SHA_CRYPT_MIN_ROUNDS and SHA_CRYPT_MAX_ROUNDS to add a random number of rounds if needed.
2007-11-20 05:35:54 +05:30
*/
* src/chgpasswd.c: Add splint annotations. * src/chpasswd.c: Likewise. * src/newusers.c: Likewise. * libmisc/salt.c, lib/prototypes.h (crypt_make_salt): Likewise.
2011-08-14 20:07:17 +05:30
/*@observer@*/const char *crypt_make_salt (/*@null@*//*@observer@*/const char *meth, /*@null@*/void *arg)
[svn-upgrade] Integrating new upstream version, shadow (19990709)
2007-10-07 17:14:02 +05:30
{
libmisc/salt.c: Sanitize code. * Move all pre-processor defines to the top of the file. * Unify the gensalt() function to be useable for all supported hash methods. * Drop the gensalt_{b,yes}crypt() functions in favor of the previous change. * Refactor the functions converting the rounds number into a string for use with the crypt() function, to not require any static buffer anymore. * Clarify the comment about how crypt_make_salt() chooses the used hash method from the settings in the login.defs file. * Use memset() to fill static buffers with zero before using them. * Use a fixed amount of 16 random base64-chars for the sha{256,512}crypt hash methods, which is effectively still less than the recommendation from NIST (>= 128 bits), but the maximum those methods can effectively use (approx. 90 bits). * Rename ROUNDS_{MIN,MAX} to SHA_ROUNDS_{MIN,MAX}. * Bugfixes in the logic of setting rounds in BCRYPT_salt_rounds(). * Likewise for YESCRYPT_salt_cost(). * Fix formatting and white-space errors. Signed-off-by: Björn Esser <besser82@fedoraproject.org>
2021-06-15 02:58:28 +05:30
static char result[GENSALT_SETTING_SIZE];
size_t salt_len = MAX_SALT_SIZE;
* libmisc/salt.c: Add prototype for l64a(), gensalt(), SHA_salt_size(), and SHA_salt_rounds(). * libmisc/salt.c: l64a() and gensalt() are static. * libmisc/salt.c: The `meth' parameter of crypt_make_salt() is a const. (ditto for the method variable). * libmisc/salt.c: SHA_salt_rounds returns a const string. * libmisc/salt.c: Avoid warnings with cast of random() to double. * libmisc/salt.c: Replace rand() by random().
2008-01-06 20:20:26 +05:30
const char *method;
[svn-upgrade] Integrating new upstream version, shadow (19990709)
2007-10-07 17:14:02 +05:30
libmisc/salt.c: Sanitize code. * Move all pre-processor defines to the top of the file. * Unify the gensalt() function to be useable for all supported hash methods. * Drop the gensalt_{b,yes}crypt() functions in favor of the previous change. * Refactor the functions converting the rounds number into a string for use with the crypt() function, to not require any static buffer anymore. * Clarify the comment about how crypt_make_salt() chooses the used hash method from the settings in the login.defs file. * Use memset() to fill static buffers with zero before using them. * Use a fixed amount of 16 random base64-chars for the sha{256,512}crypt hash methods, which is effectively still less than the recommendation from NIST (>= 128 bits), but the maximum those methods can effectively use (approx. 90 bits). * Rename ROUNDS_{MIN,MAX} to SHA_ROUNDS_{MIN,MAX}. * Bugfixes in the logic of setting rounds in BCRYPT_salt_rounds(). * Likewise for YESCRYPT_salt_cost(). * Fix formatting and white-space errors. Signed-off-by: Björn Esser <besser82@fedoraproject.org>
2021-06-15 02:58:28 +05:30
memset (result, '\0', GENSALT_SETTING_SIZE);
* libmisc/salt.c (MAGNUM): Terminate the array with nul (the array is then used with strcat). * libmisc/salt.c (crypt_make_salt): Initialize result[0] to nul at the beginning (was not initialized when USE_PAM). * libmisc/salt.c (crypt_make_salt): Check that ENCRYPT_METHOD is a valid crypt method.
2007-11-20 04:04:48 +05:30
* lib/prototypes.h, libmisc/salt.c: Add parameters to crypt_make_salt to force the crypt method and number of rounds. * libmisc/salt.c: Add parameter to SHA_salt_rounds to force the number of rounds. * libmisc/salt.c, lib/getdef.c: ENCRYPT_METHOD and MD5_CRYPT_ENAB are needed also when USE_PAM (e.g. for chpasswd). * src/newusers.c, src/gpasswd.c: Use the new crypt_make_salt prototype. * src/chpasswd.c, src/chgpasswd.c: Add option -c, --crypt-method and -s, --sha-rounds to specify the crypt method and number of rounds in case of one of the SHA methods. The new prototype of crypt_make_salt simplifies the handling of -m, --md5.
2007-11-20 15:03:52 +05:30
if (NULL != meth)
method = meth;
Make sure method is not NULL, defaulting to DES. Thanks to Dan Kopecek <dkopecek@redhat.com>.
2007-11-24 05:27:47 +05:30
else {
* libmisc/salt.c: Use a size_t for the size of strings instead of unsigned int. * libmisc/salt.c: Add brackets and parenthesis. * libmisc/salt.c: Avoid assignments in comparisons.
2008-06-14 01:07:15 +05:30
method = getdef_str ("ENCRYPT_METHOD");
if (NULL == method) {
method = getdef_bool ("MD5_CRYPT_ENAB") ? "MD5" : "DES";
}
Make sure method is not NULL, defaulting to DES. Thanks to Dan Kopecek <dkopecek@redhat.com>.
2007-11-24 05:27:47 +05:30
}
* lib/prototypes.h, libmisc/salt.c: Add parameters to crypt_make_salt to force the crypt method and number of rounds. * libmisc/salt.c: Add parameter to SHA_salt_rounds to force the number of rounds. * libmisc/salt.c, lib/getdef.c: ENCRYPT_METHOD and MD5_CRYPT_ENAB are needed also when USE_PAM (e.g. for chpasswd). * src/newusers.c, src/gpasswd.c: Use the new crypt_make_salt prototype. * src/chpasswd.c, src/chgpasswd.c: Add option -c, --crypt-method and -s, --sha-rounds to specify the crypt method and number of rounds in case of one of the SHA methods. The new prototype of crypt_make_salt simplifies the handling of -m, --md5.
2007-11-20 15:03:52 +05:30
Fix compiler warnings: * libmisc/audit_help.c: Include prototypes.h to get the prototype of audit_help_open. * libmisc/salt.c: Use booleans instead of negating integers. * src/passwd.c: Declare the check_selinux_access prototype and avoid name clashes (change_user -> changed_user; change_uid -> changed_uid; access -> requested_access)
2008-05-24 18:38:58 +05:30
if (0 == strcmp (method, "MD5")) {
* lib/prototypes.h, libmisc/salt.c: Add parameters to crypt_make_salt to force the crypt method and number of rounds. * libmisc/salt.c: Add parameter to SHA_salt_rounds to force the number of rounds. * libmisc/salt.c, lib/getdef.c: ENCRYPT_METHOD and MD5_CRYPT_ENAB are needed also when USE_PAM (e.g. for chpasswd). * src/newusers.c, src/gpasswd.c: Use the new crypt_make_salt prototype. * src/chpasswd.c, src/chgpasswd.c: Add option -c, --crypt-method and -s, --sha-rounds to specify the crypt method and number of rounds in case of one of the SHA methods. The new prototype of crypt_make_salt simplifies the handling of -m, --md5.
2007-11-20 15:03:52 +05:30
MAGNUM(result, '1');
libmisc/salt.c: Sanitize code. * Move all pre-processor defines to the top of the file. * Unify the gensalt() function to be useable for all supported hash methods. * Drop the gensalt_{b,yes}crypt() functions in favor of the previous change. * Refactor the functions converting the rounds number into a string for use with the crypt() function, to not require any static buffer anymore. * Clarify the comment about how crypt_make_salt() chooses the used hash method from the settings in the login.defs file. * Use memset() to fill static buffers with zero before using them. * Use a fixed amount of 16 random base64-chars for the sha{256,512}crypt hash methods, which is effectively still less than the recommendation from NIST (>= 128 bits), but the maximum those methods can effectively use (approx. 90 bits). * Rename ROUNDS_{MIN,MAX} to SHA_ROUNDS_{MIN,MAX}. * Bugfixes in the logic of setting rounds in BCRYPT_salt_rounds(). * Likewise for YESCRYPT_salt_cost(). * Fix formatting and white-space errors. Signed-off-by: Björn Esser <besser82@fedoraproject.org>
2021-06-15 02:58:28 +05:30
salt_len = MD5_CRYPT_SALT_SIZE;
Initial bcrypt support
2019-09-17 00:24:56 +05:30
#ifdef USE_BCRYPT
} else if (0 == strcmp (method, "BCRYPT")) {
BCRYPTMAGNUM(result);
libmisc/salt.c: Sanitize code. * Move all pre-processor defines to the top of the file. * Unify the gensalt() function to be useable for all supported hash methods. * Drop the gensalt_{b,yes}crypt() functions in favor of the previous change. * Refactor the functions converting the rounds number into a string for use with the crypt() function, to not require any static buffer anymore. * Clarify the comment about how crypt_make_salt() chooses the used hash method from the settings in the login.defs file. * Use memset() to fill static buffers with zero before using them. * Use a fixed amount of 16 random base64-chars for the sha{256,512}crypt hash methods, which is effectively still less than the recommendation from NIST (>= 128 bits), but the maximum those methods can effectively use (approx. 90 bits). * Rename ROUNDS_{MIN,MAX} to SHA_ROUNDS_{MIN,MAX}. * Bugfixes in the logic of setting rounds in BCRYPT_salt_rounds(). * Likewise for YESCRYPT_salt_cost(). * Fix formatting and white-space errors. Signed-off-by: Björn Esser <besser82@fedoraproject.org>
2021-06-15 02:58:28 +05:30
salt_len = BCRYPT_SALT_SIZE;
BCRYPT_salt_rounds_to_buf (result, (int *) arg);
Initial bcrypt support
2019-09-17 00:24:56 +05:30
#endif /* USE_BCRYPT */
Add yescrypt support
2020-12-28 01:39:25 +05:30
#ifdef USE_YESCRYPT
} else if (0 == strcmp (method, "YESCRYPT")) {
MAGNUM(result, 'y');
libmisc/salt.c: Sanitize code. * Move all pre-processor defines to the top of the file. * Unify the gensalt() function to be useable for all supported hash methods. * Drop the gensalt_{b,yes}crypt() functions in favor of the previous change. * Refactor the functions converting the rounds number into a string for use with the crypt() function, to not require any static buffer anymore. * Clarify the comment about how crypt_make_salt() chooses the used hash method from the settings in the login.defs file. * Use memset() to fill static buffers with zero before using them. * Use a fixed amount of 16 random base64-chars for the sha{256,512}crypt hash methods, which is effectively still less than the recommendation from NIST (>= 128 bits), but the maximum those methods can effectively use (approx. 90 bits). * Rename ROUNDS_{MIN,MAX} to SHA_ROUNDS_{MIN,MAX}. * Bugfixes in the logic of setting rounds in BCRYPT_salt_rounds(). * Likewise for YESCRYPT_salt_cost(). * Fix formatting and white-space errors. Signed-off-by: Björn Esser <besser82@fedoraproject.org>
2021-06-15 02:58:28 +05:30
salt_len = YESCRYPT_SALT_SIZE;
YESCRYPT_salt_cost_to_buf (result, (int *) arg);
Add yescrypt support
2020-12-28 01:39:25 +05:30
#endif /* USE_YESCRYPT */
* configure.in: New configure option: --with-sha-crypt enabled by default. Keeping the feature enabled is safe. Disabling it permits to disable the references to the SHA256 and SHA512 password encryption algorithms from the usage help and manuals (in addition to the support for these algorithms in the code). * libmisc/obscure.c, libmisc/salt.c, src/newusers.c, src/chpasswd.c, src/chgpasswd.c, src/passwd.c: ENCRYPT_METHOD is always supported in login.defs. Remove the ENCRYPTMETHOD_SELECT preprocessor condition. * libmisc/obscure.c, libmisc/salt.c, src/newusers.c, src/chpasswd.c, src/chgpasswd.c, src/passwd.c: Disable SHA256 and SHA512 if USE_SHA_CRYPT is not defined (this corresponds to a subset of the ENCRYPTMETHOD_SELECT sections).
2007-11-24 18:38:08 +05:30
#ifdef USE_SHA_CRYPT
Fix compiler warnings: * libmisc/audit_help.c: Include prototypes.h to get the prototype of audit_help_open. * libmisc/salt.c: Use booleans instead of negating integers. * src/passwd.c: Declare the check_selinux_access prototype and avoid name clashes (change_user -> changed_user; change_uid -> changed_uid; access -> requested_access)
2008-05-24 18:38:58 +05:30
} else if (0 == strcmp (method, "SHA256")) {
* lib/prototypes.h, libmisc/salt.c: Add parameters to crypt_make_salt to force the crypt method and number of rounds. * libmisc/salt.c: Add parameter to SHA_salt_rounds to force the number of rounds. * libmisc/salt.c, lib/getdef.c: ENCRYPT_METHOD and MD5_CRYPT_ENAB are needed also when USE_PAM (e.g. for chpasswd). * src/newusers.c, src/gpasswd.c: Use the new crypt_make_salt prototype. * src/chpasswd.c, src/chgpasswd.c: Add option -c, --crypt-method and -s, --sha-rounds to specify the crypt method and number of rounds in case of one of the SHA methods. The new prototype of crypt_make_salt simplifies the handling of -m, --md5.
2007-11-20 15:03:52 +05:30
MAGNUM(result, '5');
libmisc/salt.c: Sanitize code. * Move all pre-processor defines to the top of the file. * Unify the gensalt() function to be useable for all supported hash methods. * Drop the gensalt_{b,yes}crypt() functions in favor of the previous change. * Refactor the functions converting the rounds number into a string for use with the crypt() function, to not require any static buffer anymore. * Clarify the comment about how crypt_make_salt() chooses the used hash method from the settings in the login.defs file. * Use memset() to fill static buffers with zero before using them. * Use a fixed amount of 16 random base64-chars for the sha{256,512}crypt hash methods, which is effectively still less than the recommendation from NIST (>= 128 bits), but the maximum those methods can effectively use (approx. 90 bits). * Rename ROUNDS_{MIN,MAX} to SHA_ROUNDS_{MIN,MAX}. * Bugfixes in the logic of setting rounds in BCRYPT_salt_rounds(). * Likewise for YESCRYPT_salt_cost(). * Fix formatting and white-space errors. Signed-off-by: Björn Esser <besser82@fedoraproject.org>
2021-06-15 02:58:28 +05:30
salt_len = SHA_CRYPT_SALT_SIZE;
SHA_salt_rounds_to_buf (result, (int *) arg);
Fix compiler warnings: * libmisc/audit_help.c: Include prototypes.h to get the prototype of audit_help_open. * libmisc/salt.c: Use booleans instead of negating integers. * src/passwd.c: Declare the check_selinux_access prototype and avoid name clashes (change_user -> changed_user; change_uid -> changed_uid; access -> requested_access)
2008-05-24 18:38:58 +05:30
} else if (0 == strcmp (method, "SHA512")) {
* lib/prototypes.h, libmisc/salt.c: Add parameters to crypt_make_salt to force the crypt method and number of rounds. * libmisc/salt.c: Add parameter to SHA_salt_rounds to force the number of rounds. * libmisc/salt.c, lib/getdef.c: ENCRYPT_METHOD and MD5_CRYPT_ENAB are needed also when USE_PAM (e.g. for chpasswd). * src/newusers.c, src/gpasswd.c: Use the new crypt_make_salt prototype. * src/chpasswd.c, src/chgpasswd.c: Add option -c, --crypt-method and -s, --sha-rounds to specify the crypt method and number of rounds in case of one of the SHA methods. The new prototype of crypt_make_salt simplifies the handling of -m, --md5.
2007-11-20 15:03:52 +05:30
MAGNUM(result, '6');
libmisc/salt.c: Sanitize code. * Move all pre-processor defines to the top of the file. * Unify the gensalt() function to be useable for all supported hash methods. * Drop the gensalt_{b,yes}crypt() functions in favor of the previous change. * Refactor the functions converting the rounds number into a string for use with the crypt() function, to not require any static buffer anymore. * Clarify the comment about how crypt_make_salt() chooses the used hash method from the settings in the login.defs file. * Use memset() to fill static buffers with zero before using them. * Use a fixed amount of 16 random base64-chars for the sha{256,512}crypt hash methods, which is effectively still less than the recommendation from NIST (>= 128 bits), but the maximum those methods can effectively use (approx. 90 bits). * Rename ROUNDS_{MIN,MAX} to SHA_ROUNDS_{MIN,MAX}. * Bugfixes in the logic of setting rounds in BCRYPT_salt_rounds(). * Likewise for YESCRYPT_salt_cost(). * Fix formatting and white-space errors. Signed-off-by: Björn Esser <besser82@fedoraproject.org>
2021-06-15 02:58:28 +05:30
salt_len = SHA_CRYPT_SALT_SIZE;
SHA_salt_rounds_to_buf (result, (int *) arg);
Document the sections closed by #endif
2008-05-20 02:26:48 +05:30
#endif /* USE_SHA_CRYPT */
* libmisc/obscure.c, libmisc/salt.c, src/passwd.c: Match DES, MD5, SHA256, and SHA512 exactly (not only the first 3/6 chars). * libmisc/salt.c (SHA_salt_rounds): Set rounds to the specified prefered_rounds value, if specified. * src/gpasswd.c, libmisc/salt.c: Fix compilation warnings (use size_t for lengths). * src/chpasswd.c, src/chgpasswd.c: Add missing parenthesis.
2007-11-21 01:30:16 +05:30
} else if (0 != strcmp (method, "DES")) {
libsubid: don't print error messages on stderr by default Closes #325 Add a new subid_init() function which can be used to specify the stream on which error messages should be printed. (If you want to get fancy you can redirect that to memory :) If subid_init() is not called, use stderr. If NULL is passed, then /dev/null will be used. This patch also fixes up the 'Prog', which previously had to be defined by any program linking against libsubid. Now, by default in libsubid it will show (subid). Once subid_init() is called, it will use the first variable passed to subid_init(). Signed-off-by: Serge Hallyn <serge@hallyn.com>
2021-05-09 04:12:14 +05:30
fprintf (shadow_logfd,
* lib/prototypes.h, libmisc/salt.c: Add parameters to crypt_make_salt to force the crypt method and number of rounds. * libmisc/salt.c: Add parameter to SHA_salt_rounds to force the number of rounds. * libmisc/salt.c, lib/getdef.c: ENCRYPT_METHOD and MD5_CRYPT_ENAB are needed also when USE_PAM (e.g. for chpasswd). * src/newusers.c, src/gpasswd.c: Use the new crypt_make_salt prototype. * src/chpasswd.c, src/chgpasswd.c: Add option -c, --crypt-method and -s, --sha-rounds to specify the crypt method and number of rounds in case of one of the SHA methods. The new prototype of crypt_make_salt simplifies the handling of -m, --md5.
2007-11-20 15:03:52 +05:30
_("Invalid ENCRYPT_METHOD value: '%s'.\n"
"Defaulting to DES.\n"),
method);
libmisc/salt.c: Sanitize code. * Move all pre-processor defines to the top of the file. * Unify the gensalt() function to be useable for all supported hash methods. * Drop the gensalt_{b,yes}crypt() functions in favor of the previous change. * Refactor the functions converting the rounds number into a string for use with the crypt() function, to not require any static buffer anymore. * Clarify the comment about how crypt_make_salt() chooses the used hash method from the settings in the login.defs file. * Use memset() to fill static buffers with zero before using them. * Use a fixed amount of 16 random base64-chars for the sha{256,512}crypt hash methods, which is effectively still less than the recommendation from NIST (>= 128 bits), but the maximum those methods can effectively use (approx. 90 bits). * Rename ROUNDS_{MIN,MAX} to SHA_ROUNDS_{MIN,MAX}. * Bugfixes in the logic of setting rounds in BCRYPT_salt_rounds(). * Likewise for YESCRYPT_salt_cost(). * Fix formatting and white-space errors. Signed-off-by: Björn Esser <besser82@fedoraproject.org>
2021-06-15 02:58:28 +05:30
salt_len = MAX_SALT_SIZE;
memset (result, '\0', GENSALT_SETTING_SIZE);
Add support for SHA256 and SHA512 encrypt methods. Apply RedHat's patch shadow-4.0.18.1-sha256.patch. Thanks to Peter Vrabec. Hardly no changes except re-indent and changes related to recent modifications (max_salt_len in crypt_make_salt). Changes in lib/defines.h not applied (definition of ENCRYPTMETHOD_SELECT). I will add a configure check or flag.
2007-11-20 03:44:19 +05:30
}
* libmisc/salt.c: The salt has a random size (between 8 and 16 bytes). * lib/getdef.c, etc/login.defs: Add definitions for SHA_CRYPT_MIN_ROUNDS and SHA_CRYPT_MAX_ROUNDS. * libmisc/salt.c: Use SHA_CRYPT_MIN_ROUNDS and SHA_CRYPT_MAX_ROUNDS to add a random number of rounds if needed.
2007-11-20 05:35:54 +05:30
libmisc/salt.c: Sanitize code. * Move all pre-processor defines to the top of the file. * Unify the gensalt() function to be useable for all supported hash methods. * Drop the gensalt_{b,yes}crypt() functions in favor of the previous change. * Refactor the functions converting the rounds number into a string for use with the crypt() function, to not require any static buffer anymore. * Clarify the comment about how crypt_make_salt() chooses the used hash method from the settings in the login.defs file. * Use memset() to fill static buffers with zero before using them. * Use a fixed amount of 16 random base64-chars for the sha{256,512}crypt hash methods, which is effectively still less than the recommendation from NIST (>= 128 bits), but the maximum those methods can effectively use (approx. 90 bits). * Rename ROUNDS_{MIN,MAX} to SHA_ROUNDS_{MIN,MAX}. * Bugfixes in the logic of setting rounds in BCRYPT_salt_rounds(). * Likewise for YESCRYPT_salt_cost(). * Fix formatting and white-space errors. Signed-off-by: Björn Esser <besser82@fedoraproject.org>
2021-06-15 02:58:28 +05:30
/* Check if the result buffer is long enough. */
assert (GENSALT_SETTING_SIZE > strlen (result) + salt_len);
/* Concatenate a pseudo random salt. */
strncat (result, gensalt (salt_len),
GENSALT_SETTING_SIZE - strlen (result) - 1);
[svn-upgrade] Integrating new upstream version, shadow (19990709)
2007-10-07 17:14:02 +05:30
return result;
}
Reference in New Issue Copy Permalink