| #
a2c0d202 |
| 10-Oct-2024 |
Robert Clausecker <fuz@FreeBSD.org> |
lib/libcrypt: use explicit_bzero() to clear sensitive buffers
Prevent a potentially sufficiently smart compiler from optimising
away our attempts to clear sensitive buffers.
A related change was di
lib/libcrypt: use explicit_bzero() to clear sensitive buffers
Prevent a potentially sufficiently smart compiler from optimising
away our attempts to clear sensitive buffers.
A related change was discussed and rejected in D16059, but I don't
believe the reasoning there applies: the code clearly documents its
intent that the `memset` calls clear sensitive buffers so they don't
hang around. `explicit_bzero` is the appropriate function for this
purpose. A potential performance disadvantage seems less important:
the functions in crypt are specifically designed to be slow, so a
few extra calls to guarantee that sensitive buffers are cleared does
not significantly affect runtime.
See also: D16059
Reviewed by: delphij, kevans
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D47037
show more ...
|
|
Revision tags: release/13.4.0, release/14.1.0, release/13.3.0, release/14.0.0 |
|
| #
1d386b48 |
| 16-Aug-2023 |
Warner Losh <imp@FreeBSD.org> |
Remove $FreeBSD$: one-line .c pattern
Remove /^[\s*]*__FBSDID\("\$FreeBSD\$"\);?\s*\n/
|
| #
4d846d26 |
| 10-May-2023 |
Warner Losh <imp@FreeBSD.org> |
spdx: The BSD-2-Clause-FreeBSD identifier is obsolete, drop -FreeBSD
The SPDX folks have obsoleted the BSD-2-Clause-FreeBSD identifier. Catch
up to that fact and revert to their recommended match of
spdx: The BSD-2-Clause-FreeBSD identifier is obsolete, drop -FreeBSD
The SPDX folks have obsoleted the BSD-2-Clause-FreeBSD identifier. Catch
up to that fact and revert to their recommended match of BSD-2-Clause.
Discussed with: pfg
MFC After: 3 days
Sponsored by: Netflix
show more ...
|
|
Revision tags: release/13.2.0, release/12.4.0, release/13.1.0, release/12.3.0, release/13.0.0, release/12.2.0, release/11.4.0, release/12.1.0, release/11.3.0, release/12.0.0 |
|
| #
c721d419 |
| 20-Jul-2018 |
Xin LI <delphij@FreeBSD.org> |
libcrypt: There is no need to clear message digest context after they
are finialized after r336539, so do not do it.
Submitted by: David CARLIER <devnexen gmail com>
MFC after: 1 month (after r33653
libcrypt: There is no need to clear message digest context after they
are finialized after r336539, so do not do it.
Submitted by: David CARLIER <devnexen gmail com>
MFC after: 1 month (after r336539)
Differential Revision: https://reviews.freebsd.org/D16059
show more ...
|
| #
a7e92a77 |
| 20-Jul-2018 |
Xin LI <delphij@FreeBSD.org> |
Get rid of unused variables.
copied_key and copied_salt are assigned with NULL and never used
otherwise. Remove the two variables and related code.
Reviewed by: pfg
MFC after: 2 weeks
Differential
Get rid of unused variables.
copied_key and copied_salt are assigned with NULL and never used
otherwise. Remove the two variables and related code.
Reviewed by: pfg
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D16314
show more ...
|
|
Revision tags: release/11.2.0 |
|
| #
5e53a4f9 |
| 26-Nov-2017 |
Pedro F. Giffuni <pfg@FreeBSD.org> |
lib: further adoption of SPDX licensing ID tags.
Mainly focus on files that use BSD 2-Clause license, however the tool I
was using mis-identified many licenses so this was mostly a manual - error
pr
lib: further adoption of SPDX licensing ID tags.
Mainly focus on files that use BSD 2-Clause license, however the tool I
was using mis-identified many licenses so this was mostly a manual - error
prone - task.
The Software Package Data Exchange (SPDX) group provides a specification
to make it easier for automated tools to detect and summarize well known
opensource licenses. We are gradually adopting the specification, noting
that the tags are considered only advisory and do not, in any way,
superceed or replace the license texts.
show more ...
|
|
Revision tags: release/10.4.0, release/11.1.0, release/11.0.1, release/11.0.0 |
|
| #
27067774 |
| 16-Aug-2016 |
Dimitry Andric <dim@FreeBSD.org> |
Merge ^/head r303250 through r304235.
|
| #
569e9018 |
| 13-Aug-2016 |
Enji Cooper <ngie@FreeBSD.org> |
MFhead @ r304038
|
| #
5f521d7b |
| 10-Aug-2016 |
Ed Schouten <ed@FreeBSD.org> |
Make libcrypt thread-safe. Add crypt_r(3).
glibc has a pretty nice function called crypt_r(3), which is nothing
more than crypt(3), but thread-safe. It accomplishes this by introducing
a 'struct cry
Make libcrypt thread-safe. Add crypt_r(3).
glibc has a pretty nice function called crypt_r(3), which is nothing
more than crypt(3), but thread-safe. It accomplishes this by introducing
a 'struct crypt_data' structure that contains a buffer that is large
enough to hold the resulting string.
Let's go ahead and also add this function. It would be a shame if a
useful function like this wouldn't be usable in multithreaded apps.
Refactor crypt.c and all of the backends to no longer declare static
arrays, but write their output in a provided buffer.
There is no need to do any buffer length computation here, as we'll just
need to ensure that 'struct crypt_data' is large enough, which it is.
_PASSWORD_LEN is defined to 128 bytes, but in this case I'm picking 256,
as this is going to be part of the actual ABI.
Differential Revision: https://reviews.freebsd.org/D7306
show more ...
|
|
Revision tags: release/10.3.0, release/10.2.0, release/10.1.0, release/9.3.0, release/10.0.0, release/9.2.0, release/8.4.0, release/9.1.0, release/8.3.0_cvs, release/8.3.0, release/9.0.0 |
|
| #
a7a34796 |
| 05-May-2011 |
Attilio Rao <attilio@FreeBSD.org> |
MFC
|
| #
ad45dd41 |
| 05-May-2011 |
David E. O'Brien <obrien@FreeBSD.org> |
s/shaN_crypt/crypt_shaN/g to be a more consistent with the existing naming.
Reviewed by: markm
|
| #
3d6f63c0 |
| 09-Apr-2011 |
Mark Murray <markm@FreeBSD.org> |
Add SHA256/512 ($5$ and $6$) to crypt(3). Used in linux-world, doesn't
hurt us.
PR: misc/124164
Submitted by: KIMURA Yasuhiro < yasu utahime org >
MFC after: 1 month
|