From owner-freebsd-security@FreeBSD.ORG Wed Feb 11 02:19:13 2015 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id C6DCB3A1; Wed, 11 Feb 2015 02:19:13 +0000 (UTC) Received: from gold.funkthat.com (gate2.funkthat.com [208.87.223.18]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "gold.funkthat.com", Issuer "gold.funkthat.com" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id A230FD76; Wed, 11 Feb 2015 02:19:13 +0000 (UTC) Received: from gold.funkthat.com (localhost [127.0.0.1]) by gold.funkthat.com (8.14.5/8.14.5) with ESMTP id t1B2JBsP040337 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Tue, 10 Feb 2015 18:19:12 -0800 (PST) (envelope-from jmg@gold.funkthat.com) Received: (from jmg@localhost) by gold.funkthat.com (8.14.5/8.14.5/Submit) id t1B2JBOW040336; Tue, 10 Feb 2015 18:19:11 -0800 (PST) (envelope-from jmg) Date: Tue, 10 Feb 2015 18:19:10 -0800 From: John-Mark Gurney To: "Derek (freebsd lists)" <482254ac@razorfever.net> Subject: [CFR] Re: [patch] libcrypt & friends - modular crypt format support in /etc/login.conf Message-ID: <20150211021910.GQ1953@funkthat.com> References: <54D9F8DF.7070904@razorfever.net> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <54D9F8DF.7070904@razorfever.net> X-Operating-System: FreeBSD 9.1-PRERELEASE amd64 X-PGP-Fingerprint: 54BA 873B 6515 3F10 9E88 9322 9CB1 8F74 6D3F A396 X-Files: The truth is out there X-URL: http://resnet.uoregon.edu/~gurney_j/ X-Resume: http://resnet.uoregon.edu/~gurney_j/resume.html X-TipJar: bitcoin:13Qmb6AeTgQecazTWph4XasEsP7nGRbAPE X-to-the-FBI-CIA-and-NSA: HI! HOW YA DOIN? can i haz chizburger? User-Agent: Mutt/1.5.21 (2010-09-15) X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.2.7 (gold.funkthat.com [127.0.0.1]); Tue, 10 Feb 2015 18:19:12 -0800 (PST) Cc: freebsd-security@freebsd.org, "A.J. Kehoe IV \(Nanoman\)" , delphij@freebsd.org X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 11 Feb 2015 02:19:14 -0000 Derek (freebsd lists) wrote this message on Tue, Feb 10, 2015 at 07:26 -0500: > I've been working on this for a while, and I've produced a patch > that does a few things with the base system: > > 1. allows modular crypt to be specified as passwd_format in > /etc/login.conf > - this allows setting the algorithm *and rounds*, i.e. $2b$10$ > for users of varying classes. > - this will allow any future algorithms and parameters > supported by crypt(3) to be supported by the tools around login.conf > > 2. introduces a new api, crypt_makesalt which will generate an > appropriate salt for any algorithm selected > > 3. updates userland to use this API, and removes totally the > {crypt_set_format, login_setcryptfmt, login_getcryptfmt} APIs > > 4. switches crypt algorithms to use thread-local storage, so the > good old global crypt buffer is thread-local > > 5. includes a bunch of new test vectors for libcrypt ATF tests > > > There are references to previous discussions/patches/etc here: > > https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=182518 > > http://docs.freebsd.org/cgi/getmsg.cgi?fetch=168499+0+/usr/local/www/db/text/2013/freebsd-current/20131006.freebsd-current > > http://docs.freebsd.org/cgi/getmsg.cgi?fetch=361757+0+/usr/local/www/db/text/2014/freebsd-current/20140112.freebsd-current > > > And most recent discussion here: > > http://docs.freebsd.org/cgi/getmsg.cgi?fetch=1751919+0+archive/2014/freebsd-current/20140716.freebsd-current > > > Anyways, I've put a bunch of work into this, and am anxious to > actually get this accepted into -HEAD. > > > > What more can I do at this point? I finally got around to reviewing this... For the tests, we should probably add an invalid password test for each format... We need man pages for the new function... I guess this new man page would be a good place to document all the modular formats in more detail.. what is in crypt(3) isn't that useful... Also, crypt(3) should have an xref to crypt_makesalt... Other than those, unless someone objects, I'll commit it... -- John-Mark Gurney Voice: +1 415 225 5579 "All that I will do, has been done, All that I have, has not."