diff options
| author | Ted Unangst <tedu@cvs.openbsd.org> | 2014-11-17 16:47:29 +0000 |
|---|---|---|
| committer | Ted Unangst <tedu@cvs.openbsd.org> | 2014-11-17 16:47:29 +0000 |
| commit | 87af124b820bdc0e01acb10c1779b4ebded57df6 (patch) | |
| tree | b8a5d03a52386f25267e4741bf9a8bd6d6026420 /lib/libc | |
| parent | 5c2b628ed4f8ef07e5af015e82ec7653fb39e1b6 (diff) | |
add new function crypt_newhash to simplify creating new hashes.
does most of the work pwd_gensalt did, but also creates the hash.
(unused yet)
Diffstat (limited to 'lib/libc')
| -rw-r--r-- | lib/libc/crypt/crypt.3 | 19 | ||||
| -rw-r--r-- | lib/libc/crypt/cryptutil.c | 30 |
2 files changed, 46 insertions, 3 deletions
diff --git a/lib/libc/crypt/crypt.3 b/lib/libc/crypt/crypt.3 index 95eb8c156da..a1912f8a453 100644 --- a/lib/libc/crypt/crypt.3 +++ b/lib/libc/crypt/crypt.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: crypt.3,v 1.38 2014/05/16 22:11:00 jmc Exp $ +.\" $OpenBSD: crypt.3,v 1.39 2014/11/17 16:47:28 tedu Exp $ .\" .\" FreeSec: libcrypt .\" @@ -31,7 +31,7 @@ .\" .\" Manual page, using -mandoc macros .\" -.Dd $Mdocdate: May 16 2014 $ +.Dd $Mdocdate: November 17 2014 $ .Dt CRYPT 3 .Os .Sh NAME @@ -55,6 +55,8 @@ .Ft int .Fn crypt_checkpass "const char *password" "const char *hash" .Ft int +.Fn crypt_newhash "const char *password" "login_cap_t *lc" "char *hash" "size_t hashsize" +.Ft int .Fn encrypt "char *block" "int flag" .Ft int .Fn des_setkey "const char *key" @@ -102,6 +104,19 @@ If the hash is NULL, authentication will always fail, but a default amount of work is performed to simulate the hashing operation. A successful match will return 0. A failure will return \-1 and set errno. +.Pp +The +.Fn crypt_newhash +function is provided to simplify the creation of new password hashes. +The provided +.Fa password +is randomly salted and hashed and stored in +.Fa hash . +The login class argument +.Fa lc +is used to identify the preferred hashing algorithm and parameters. +Refer to +.Xr login.conf 5 . .Ss Extended crypt The .Ar key diff --git a/lib/libc/crypt/cryptutil.c b/lib/libc/crypt/cryptutil.c index 36deda778e4..4a8c46be49d 100644 --- a/lib/libc/crypt/cryptutil.c +++ b/lib/libc/crypt/cryptutil.c @@ -1,4 +1,4 @@ -/* $OpenBSD: cryptutil.c,v 1.1 2014/05/12 19:13:14 tedu Exp $ */ +/* $OpenBSD: cryptutil.c,v 1.2 2014/11/17 16:47:28 tedu Exp $ */ /* * Copyright (c) 2014 Ted Unangst <tedu@openbsd.org> * @@ -18,6 +18,7 @@ #include <unistd.h> #include <string.h> #include <pwd.h> +#include <login_cap.h> #include <errno.h> int @@ -52,3 +53,30 @@ fail: errno = EACCES; return -1; } + +int +crypt_newhash(const char *pass, login_cap_t *lc, char *hash, size_t hashlen) +{ + int rv = -1; + char *pref; + char *defaultpref = "blowfish,8"; + const char *errstr; + int rounds; + + if (lc == NULL || + (pref = login_getcapstr(lc, "localcipher", NULL, NULL)) == NULL) + pref = defaultpref; + if (strncmp(pref, "blowfish,", 9) != 0) { + errno = EINVAL; + goto err; + } + rounds = strtonum(pref + 9, 4, 31, &errstr); + if (errstr) + goto err; + rv = bcrypt_newhash(pass, rounds, hash, hashlen); + +err: + if (pref != defaultpref) + free(pref); + return rv; +} |