[0/4,v3] libcrypt phaseout

Message ID	20180521173853.5172-1-zackw@panix.com
Headers	show Return-Path: <libc-alpha-return-92635-incoming=patchwork.ozlabs.org@sourceware.org> DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:from:to:cc:subject:date:message-id :mime-version:content-transfer-encoding; q=dns; s=default; b=fgv xNx2jOxPiJSafas2TTIzDlqo4LPHF/rRdLscYP2ZLjmN9ZMvJYh/yczuNe9VrwMm a7lyEUpv+DM2Acf+XcPW7pl4a41tG2w/9ArxLXpORQG20zYXwooET4PaI7yXoO7t LKctOe0AC+Raysed91sZPcALWlJ3QY9UGDaDDIgs= Mailing-List: contact libc-alpha-help@sourceware.org; run by ezmlm Precedence: bulk Sender: libc-alpha-owner@sourceware.org From: Zack Weinberg <zackw@panix.com> To: libc-alpha@sourceware.org Cc: carlos@redhat.com, fweimer@redhat.com, rj@2c3t.io, kukuk@suse.de Subject: [PATCH 0/4 v3] libcrypt phaseout Date: Mon, 21 May 2018 13:38:49 -0400 Message-Id: <20180521173853.5172-1-zackw@panix.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit
Series	libcrypt phaseout \| expand [0/4,v3] libcrypt phaseout [1/4] Disallow use of DES encryption functions in new programs. [2/4] Reorganize crypt.texi. [3/4] Revise crypt.texi. [4/4] New configure option --disable-crypt.

Message ID

20180521173853.5172-1-zackw@panix.com

Headers

DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:from:to:cc:subject:date:message-id
	:mime-version:content-transfer-encoding; q=dns; s=default; b=fgv
	xNx2jOxPiJSafas2TTIzDlqo4LPHF/rRdLscYP2ZLjmN9ZMvJYh/yczuNe9VrwMm
	a7lyEUpv+DM2Acf+XcPW7pl4a41tG2w/9ArxLXpORQG20zYXwooET4PaI7yXoO7t
	LKctOe0AC+Raysed91sZPcALWlJ3QY9UGDaDDIgs=
Mailing-List: contact libc-alpha-help@sourceware.org; run by ezmlm
Precedence: bulk
Sender: libc-alpha-owner@sourceware.org
From: Zack Weinberg <zackw@panix.com>
To: libc-alpha@sourceware.org
Cc: carlos@redhat.com,
	fweimer@redhat.com,
	rj@2c3t.io,
	kukuk@suse.de
Subject: [PATCH 0/4 v3] libcrypt phaseout
Date: Mon, 21 May 2018 13:38:49 -0400
Message-Id: <20180521173853.5172-1-zackw@panix.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

Series

libcrypt phaseout | expand

Message

Zack Weinberg May 21, 2018, 5:38 p.m. UTC

Here comes another revision of the patchset to begin phasing out
libcrypt (and also improve the documentation for 'crypt'.)  Major
changes from the previous revision are:

 - Rather than just marking them deprecated, I have gone ahead and
   disallowed use of the DES encryption functions in new programs.
   The only reason I hadn't done that already was because 'setkey' and
   'encrypt' are still in POSIX; but the insecurity of DES is more
   important than that, and libxcrypt already took the plunge.
   Conveniently, this means all of the documentation of those
   functions can be dropped and I don't have to figure out how to
   explain the bizarro things that some of them do.

 - I changed my mind about consolidating the random number generation
   discussion.  "Unpredictable Bytes" now remains in crypt.texi and
   "Pseudo-Random Numbers" remains in math.texi.

 - I went back to using hardwired hashes in the testpass.c example,
   because that way the program actually works as a demo; also it
   allows me to show how the DES-based hash ignores all but the first
   eight characters of the input passphrase.

 - Terminology has been made consistent throughout the manual and the
   public headers: "passphrase", "user database", and "(one-way)
   hashing", not "password", "password database", or "encryption".

 - Lots more documentation improvements.

Zack Weinberg (4):
  Disallow use of DES encryption functions in new programs.
  Reorganize crypt.texi.
  Revise crypt.texi.
  New configure option --disable-crypt.

 INSTALL                     |  11 +
 Makeconfig                  |   9 +-
 NEWS                        |  25 ++
 config.make.in              |   1 +
 configure                   |  18 +
 configure.ac                |  11 +
 conform/Makefile            |  11 +-
 conform/data/stdlib.h-data  |   3 -
 conform/data/unistd.h-data  |   3 -
 crypt/Makefile              |   4 -
 crypt/Versions              |   3 +
 crypt/cert.c                |  29 ++
 crypt/crypt-entry.c         |  15 +-
 crypt/crypt.h               |  37 +-
 crypt/crypt_util.c          |   9 +
 elf/Makefile                |  27 +-
 elf/tst-linkall-static.c    |   4 +-
 inet/ruserpass.c            |   2 +-
 manual/contrib.texi         |   2 +-
 manual/crypt.texi           | 695 +++++++++++++-----------------------
 manual/examples/genpass.c   |  44 ++-
 manual/examples/mygetpass.c |   4 +-
 manual/examples/testpass.c  |  52 ++-
 manual/install.texi         |  12 +
 manual/intro.texi           |   1 -
 manual/memory.texi          |   2 +-
 manual/nss.texi             |  12 +-
 manual/socket.texi          |   4 +-
 manual/string.texi          |  82 ++---
 manual/terminal.texi        |  45 +++
 manual/users.texi           |  22 +-
 nscd/pwdcache.c             |   4 +-
 posix/unistd.h              |  19 +-
 pwd/pwd.h                   |  29 +-
 shadow/shadow.h             |  16 +-
 stdlib/stdlib.h             |   6 -
 sunrpc/Makefile             |   2 +-
 sunrpc/des_crypt.c          |   7 +-
 sunrpc/des_soft.c           |   2 +-
 39 files changed, 651 insertions(+), 633 deletions(-)