From: Andreas Helmcke <ahe@helmcke.name>
To: ptxdist@pengutronix.de
Cc: m.olbrich@pengutronix.de
Subject: [ptxdist] [PATCH v7] libxcrypt: new package
Date: Fri, 6 May 2022 13:27:35 +0200 [thread overview]
Message-ID: <b0ed8f66-cc32-e43d-af1b-2dedcd90a62a@helmcke.name> (raw)
In-Reply-To: <YnThJBDfpGy9cDsZ@pengutronix.de>
Also implement the needed logic to (optionally) replace
the libcrypt from the selected libc with libxcrypt.
libxcrypt is a modern library for one-way hashing of passwords.
It supports a wide variety of both modern and historical hashing
methods: yescrypt, gost-yescrypt, scrypt, bcrypt, sha512crypt,
sha256crypt, md5crypt, SunMD5, sha1crypt, NT, bsdicrypt, bigcrypt,
and descrypt. It provides the traditional Unix crypt and crypt_r
interfaces, as well as a set of extended interfaces pioneered by
Openwall Linux, crypt_rn, crypt_ra, crypt_gensalt, crypt_gensalt_rn,
and crypt_gensalt_ra.
libxcrypt is intended to be used by login(1), passwd(1), and other
similar programs; that is, to hash a small number of passwords
during an interactive authentication dialogue with a human. It is
not suitable for use in bulk password-cracking applications, or in
any other situation where speed is more important than careful
handling of sensitive data. However, it is intended to be fast and
lightweight enough for use in servers that must field thousands of
login attempts per minute.
Co-authored-by: Andreas Helmcke <ahe@helmcke.name>
Signed-off-by: Andreas Helmcke <ahe@helmcke.name>
Signed-off-by: Björn Esser <bes@pengutronix.de>
---
v6 -> v7:
- Applied the changes recommend by Michael Olbrich
v5 -> v6: (by Andreas Helmcke)
- Updated commit message to properly address authors
v4 -> v5: (by Andreas Helmcke)
- Update libxcrypt 4.4.10 -> 4.4.24
- Changed download url to official tar, which does not need autoconf
- Changed the config variable names to reflect menu structure
- Corrected two typos
original work by Björn Esser :
v3 -> v4:
- Update libxcrypt 4.4.9 -> 4.4.10
v2 -> v3:
- Added 3 files that also needed minor adaptions and I forgot to add
to the initial patch.
v1 -> v2:
- Adapt the two remarks pointed out by Dennis Osterland
rules/glibc.in | 3 +-
rules/libc.in | 8 +++--
rules/libxcrypt.in | 42 ++++++++++++++++++++++++++
rules/libxcrypt.make | 71 ++++++++++++++++++++++++++++++++++++++++++++
rules/uclibc.in | 3 +-
5 files changed, 123 insertions(+), 4 deletions(-)
create mode 100644 rules/libxcrypt.in
create mode 100644 rules/libxcrypt.make
diff --git a/rules/glibc.in b/rules/glibc.in
index 16e5e84d1..e574bc8f0 100644
--- a/rules/glibc.in
+++ b/rules/glibc.in
@@ -81,7 +81,8 @@ config GLIBC_DL
config GLIBC_CRYPT
bool
- prompt "Install libcrypt"
+ prompt "Install libcrypt" if LIBC_CRYPT_NATIVE_CRYPT
+ default no if !LIBC_CRYPT_NATIVE_CRYPT
help
The encryption/decryption library
diff --git a/rules/libc.in b/rules/libc.in
index 1614affd9..f2e56fa62 100644
--- a/rules/libc.in
+++ b/rules/libc.in
@@ -27,6 +27,10 @@ choice
prompt "uClibc "
endchoice
+config LIBC_CRYPT_NATIVE_CRYPT
+ bool
+ default !LIBXCRYPT
+
source "generated/libc.in"
endif
@@ -59,8 +63,8 @@ config LIBC_DL
config LIBC_CRYPT
bool
- select GLIBC_CRYPT if LIBC_GLIBC
- select UCLIBC_CRYPT if LIBC_UCLIBC
+ select GLIBC_CRYPT if LIBC_GLIBC &&
LIBC_CRYPT_NATIVE_CRYPT
+ select UCLIBC_CRYPT if LIBC_UCLIBC &&
LIBC_CRYPT_NATIVE_CRYPT
config LIBC_UTIL
bool
diff --git a/rules/libxcrypt.in b/rules/libxcrypt.in
new file mode 100644
index 000000000..01f9dd4b1
--- /dev/null
+++ b/rules/libxcrypt.in
@@ -0,0 +1,42 @@
+## SECTION=system_libraries
+
+menuconfig LIBXCRYPT
+ bool
+ prompt "libxcrypt "
+ help
+ Extended crypt library for descrypt, md5crypt, bcrypt, and others.
+
+ libxcrypt is a modern library for one-way hashing of passwords.
+ It supports a wide variety of both modern and historical hashing
+ methods: yescrypt, gost-yescrypt, scrypt, bcrypt, sha512crypt,
+ sha256crypt, md5crypt, SunMD5, sha1crypt, NT, bsdicrypt, bigcrypt,
+ and descrypt. It provides the traditional Unix crypt and crypt_r
+ interfaces, as well as a set of extended interfaces pioneered by
+ Openwall Linux, crypt_rn, crypt_ra, crypt_gensalt,
+ crypt_gensalt_rn, and crypt_gensalt_ra.
+
+ libxcrypt is intended to be used by login(1), passwd(1), and other
+ similar programs; that is, to hash a small number of passwords
+ during an interactive authentication dialogue with a human. It is
+ not suitable for use in bulk password-cracking applications, or in
+ any other situation where speed is more important than careful
+ handling of sensitive data. However, it is intended to be
fast and
+ lightweight enough for use in servers that must field thousands of
+ login attempts per minute.
+
+if LIBXCRYPT
+
+config LIBXCRYPT_OBSOLETE_STUBS
+ bool
+ prompt "Replace obsolete functions with non-functional stubs"
+ help
+ If enabled, this option replaces the obsolete APIs (fcrypt,
+ encrypt{,_r}, and setkey{,_r}) with stubs that set errno to
+ ENOSYS and return without performing any real operations.
+
+ For security reasons, the encrypt{,r} functions will also
+ overwrite their data-block argument with random bits.
+
+ The fcrypt function will also always return NULL-pointer.
+
+endif
diff --git a/rules/libxcrypt.make b/rules/libxcrypt.make
new file mode 100644
index 000000000..930d91e8b
--- /dev/null
+++ b/rules/libxcrypt.make
@@ -0,0 +1,71 @@
+# -*-makefile-*-
+#
+# Copyright (C) 2019 by Bjoern Esser <bes@pengutronix.de>
+#
+# For further information about the PTXdist project and license conditions
+# see the README file.
+#
+
+#
+# We provide this package
+#
+PACKAGES-$(PTXCONF_LIBXCRYPT) += libxcrypt
+
+#
+# Paths and names
+#
+LIBXCRYPT_VERSION := 4.4.28
+LIBXCRYPT_MD5 := 0b873e641ae201e5e7470cf791c0fe16
+LIBXCRYPT := libxcrypt-$(LIBXCRYPT_VERSION)
+LIBXCRYPT_SUFFIX := tar.xz
+LIBXCRYPT_URL :=
https://github.com/besser82/libxcrypt/releases/download/v$(LIBXCRYPT_VERSION)/$(LIBXCRYPT).$(LIBXCRYPT_SUFFIX)
+LIBXCRYPT_SOURCE := $(SRCDIR)/$(LIBXCRYPT).$(LIBXCRYPT_SUFFIX)
+LIBXCRYPT_DIR := $(BUILDDIR)/$(LIBXCRYPT)
+LIBXCRYPT_LICENSE := LGPL-2.1-or-later AND BSD-3-Clause AND
BSD-2-Clause AND 0BSD AND public_domain
+LIBXCRYPT_LICENSE_MD5 :=
file://LICENSING;md5=3bb6614cf5880cbf1b9dbd9e3d145e2c
+
+#
----------------------------------------------------------------------------
+# Prepare
+#
----------------------------------------------------------------------------
+
+#
+# options
+#
+
+# Hash methods enabled by default.
+HASH_METHODS := glibc,strong
+
+#
+# autoconf
+#
+LIBXCRYPT_CONF_TOOL := autoconf
+LIBXCRYPT_CONF_OPT := \
+ $(CROSS_AUTOCONF_USR) \
+ --disable-failure-tokens \
+ --disable-static \
+ --disable-valgrind \
+ --enable-obsolete-api \
+ --enable-obsolete-api-enosys=$(call
ptx/ifdef,PTXCONF_LIBXCRYPT_OBSOLETE_STUBS,yes,no) \
+ --enable-hashes=$(HASH_METHODS) \
+ --enable-xcrypt-compat-files
+
+#
----------------------------------------------------------------------------
+# Target-Install
+#
----------------------------------------------------------------------------
+
+$(STATEDIR)/libxcrypt.targetinstall:
+ @$(call targetinfo)
+
+ @$(call install_init, libxcrypt)
+ @$(call install_fixup, libxcrypt,PRIORITY,optional)
+ @$(call install_fixup, libxcrypt,SECTION,base)
+ @$(call install_fixup, libxcrypt,AUTHOR,"Bjoern Esser
<bes@pengutronix.de>")
+ @$(call install_fixup, libxcrypt,DESCRIPTION,Extended crypt library)
+
+ @$(call install_lib, libxcrypt, 0, 0, 0644, libcrypt)
+
+ @$(call install_finish, libxcrypt)
+
+ @$(call touch)
+
+# vim: syntax=make
diff --git a/rules/uclibc.in b/rules/uclibc.in
index 1fa99eba5..39d8ca3d7 100644
--- a/rules/uclibc.in
+++ b/rules/uclibc.in
@@ -26,7 +26,8 @@ config UCLIBC_C
config UCLIBC_CRYPT
bool
- prompt "Install libcrypt"
+ prompt "Install libcrypt" if LIBC_CRYPT_NATIVE_CRYPT
+ default no if !LIBC_CRYPT_NATIVE_CRYPT
help
The encryption/decryption library
--
2.34.1
next prev parent reply other threads:[~2022-05-06 11:27 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-09-16 12:57 [ptxdist] [PATCH] " Björn Esser
2019-09-18 5:41 ` Denis OSTERLAND
2019-09-18 8:41 ` [ptxdist] [PATCH v2] " Björn Esser
2019-09-18 9:57 ` [ptxdist] [PATCH v3] " Björn Esser
2019-09-18 10:06 ` Ahmad Fatoum
2019-09-18 10:34 ` Björn Esser
2019-09-23 10:07 ` [ptxdist] [PATCH v4] " Björn Esser
2019-09-23 10:12 ` Lucas Stach
2019-09-23 10:42 ` Björn Esser
2022-05-04 16:58 ` [ptxdist] [PATCH v5] " Andreas Helmcke
2022-05-05 7:27 ` Alexander Dahl
2022-05-05 12:46 ` [ptxdist] [PATCH v6] " Andreas Helmcke
2022-05-06 8:49 ` Michael Olbrich
2022-05-06 11:27 ` Andreas Helmcke [this message]
2022-05-06 11:41 ` [ptxdist] [PATCH v7] " Michael Olbrich
2022-05-07 20:44 ` [ptxdist] [PATCH v8] " Andreas Helmcke
2023-10-16 17:01 ` [ptxdist] [PATCH v9] " Andreas Helmcke
2023-11-10 7:25 ` [ptxdist] [APPLIED] " Michael Olbrich
2023-11-10 7:32 ` [ptxdist] [PATCH v9] " Michael Olbrich
2022-05-06 11:53 ` [ptxdist] [PATCH v7] " Alexander Dahl
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=b0ed8f66-cc32-e43d-af1b-2dedcd90a62a@helmcke.name \
--to=ahe@helmcke.name \
--cc=m.olbrich@pengutronix.de \
--cc=ptxdist@pengutronix.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox