summaryrefslogtreecommitdiff
path: root/src/crypt
AgeCommit message (Collapse)AuthorLines
2016-02-16in crypt-sha*, reject excessive rounds as error rather than clampingRich Felker-2/+2
the reference implementation clamps rounds to [1000,999999999]. we further limited rounds to at most 9999999 as a defense against extreme run times, but wrongly clamped instead of treating out-of-bounds values as an error, thereby producing implementation-specific hash results. fixing this should not break anything since values of rounds this high are not useful anyway.
2014-02-05add legacy functions setkey() and encrypt()Timo Teräs-6/+66
2013-04-20comment potentially-confusing use of struct crypt_data typeRich Felker-1/+10
2013-02-02make some arrays constrofl0r-3/+3
this way they'll go into .rodata, decreasing memory pressure.
2013-01-13in crypt_des change unnecessary union keybuf into unsigned char[]Szabolcs Nagy-11/+8
original FreeSec code accessed keybuf as uint32* and uint8* as well (incorrectly), this got fixed with an union, but then it seems the uint32* access is no longer needed so the code can be simplified
2013-01-13crypt: fix the prototype of md5_sum, sha256_sum and sha512_sumSzabolcs Nagy-3/+3
the internal sha2 hash sum functions had incorrect array size in the prototype for the message digest argument, fixed by using pointer so it is not misleading
2012-09-15add crypt_md5 password hashRich Felker-2/+285
contributed by nsz
2012-09-15revert low rounds-count limits in crypt hashesRich Felker-4/+4
it was determined in discussion that these kind of limits are not sufficient to protect single-threaded servers against denial of service attacks from maliciously large round counts. the time scales simply vary too much; many users will want login passwords with rounds counts on a scale that gives decisecond latency, while highly loaded webservers will need millisecond latency or shorter. still some limit is left in place; the idea is not to protect against attacks, but to avoid the runtime of a single call to crypt being, for all practical purposes, infinite, so that configuration errors can be caught and fixed without bringing down whole systems. these limits are very high, on the order of minute-long runtimes for modest systems.
2012-09-07cleanup src/linux and src/misc trees, etc.Rich Felker-0/+2553
previously, it was pretty much random which one of these trees a given function appeared in. they have now been organized into: src/linux: non-POSIX linux syscalls (possibly shard with other nixen) src/legacy: various obsolete/legacy functions, mostly wrappers src/misc: still mostly uncategorized; some misc POSIX, some nonstd src/crypt: crypt hash functions further cleanup will be done later.