|
Packit |
13e0ca |
.\" Written and revised by Solar Designer <solar at openwall.com> in 2000-2011.
|
|
Packit |
13e0ca |
.\" Revised by Zack Weinberg <zackw at panix.com> in 2017.
|
|
Packit |
13e0ca |
.\"
|
|
Packit |
13e0ca |
.\" No copyright is claimed, and this man page is hereby placed in the public
|
|
Packit |
13e0ca |
.\" domain. In case this attempt to disclaim copyright and place the man page
|
|
Packit |
13e0ca |
.\" in the public domain is deemed null and void, then the man page is
|
|
Packit |
13e0ca |
.\" Copyright 2000-2011 Solar Designer, 2017 Zack Weinberg, and it is
|
|
Packit |
13e0ca |
.\" hereby released to the general public under the following terms:
|
|
Packit |
13e0ca |
.\"
|
|
Packit |
13e0ca |
.\" Redistribution and use in source and binary forms, with or without
|
|
Packit |
13e0ca |
.\" modification, are permitted.
|
|
Packit |
13e0ca |
.\"
|
|
Packit |
13e0ca |
.\" There's ABSOLUTELY NO WARRANTY, express or implied.
|
|
Packit |
13e0ca |
.\"
|
|
Packit |
13e0ca |
.\" This manual page in its current form is intended for use on systems
|
|
Packit |
13e0ca |
.\" based on the GNU C Library with crypt_blowfish patched into libcrypt.
|
|
Packit |
13e0ca |
.\"
|
|
Packit |
13e0ca |
.TH CRYPT_GENSALT 3 "October 9, 2017" "Openwall Project" "Library Functions"
|
|
Packit |
13e0ca |
.ad l
|
|
Packit |
13e0ca |
.\" No macros in NAME to keep makewhatis happy.
|
|
Packit |
13e0ca |
.SH NAME
|
|
Packit |
13e0ca |
\fBcrypt_gensalt\fR, \fBcrypt_gensalt_rn\fR, \fBcrypt_gensalt_ra\fR
|
|
Packit |
13e0ca |
\- encode settings for passphrase hashing
|
|
Packit |
13e0ca |
.SH SYNOPSIS
|
|
Packit |
13e0ca |
.B #include <crypt.h>
|
|
Packit |
13e0ca |
.sp
|
|
Packit |
13e0ca |
.in +8
|
|
Packit |
13e0ca |
.ti -8
|
|
Packit |
13e0ca |
.BI "char *crypt_gensalt(const char *" prefix ", unsigned long " count ", const char *" rbytes ", int " nrbytes );
|
|
Packit |
13e0ca |
.ti -8
|
|
Packit |
13e0ca |
.BI "char *crypt_gensalt_rn(const char *" prefix ", unsigned long " count ", const char *" rbytes ", int " nrbytes ", char *" output ", int " output_size );
|
|
Packit |
13e0ca |
.ti -8
|
|
Packit |
13e0ca |
.BI "char *crypt_gensalt_ra(const char *" prefix ", unsigned long " count ", const char *" rbytes ", int " nrbytes );
|
|
Packit |
13e0ca |
.in -8
|
|
Packit |
13e0ca |
.sp
|
|
Packit |
13e0ca |
Link with
|
|
Packit |
13e0ca |
.IR -lcrypt .
|
|
Packit |
13e0ca |
.ad b
|
|
Packit |
13e0ca |
.SH DESCRIPTION
|
|
Packit |
13e0ca |
.BR crypt_gensalt ", " crypt_gensalt_rn ", and " crypt_gensalt_ra
|
|
Packit |
13e0ca |
compile a string for use as the
|
|
Packit |
13e0ca |
.I setting
|
|
Packit |
13e0ca |
argument to
|
|
Packit |
13e0ca |
.BR crypt ", " crypt_r ", " crypt_rn ", and " crypt_ra .
|
|
Packit |
13e0ca |
.PP
|
|
Packit |
13e0ca |
.I prefix
|
|
Packit |
13e0ca |
selects the hashing method to use;
|
|
Packit |
13e0ca |
.I count
|
|
Packit |
13e0ca |
controls the CPU time cost of the hash;
|
|
Packit |
13e0ca |
the valid range for
|
|
Packit |
13e0ca |
.I count
|
|
Packit |
13e0ca |
and the exact meaning of \(lqCPU time cost\(rq
|
|
Packit |
13e0ca |
depends on the hashing method,
|
|
Packit |
13e0ca |
but larger numbers correspond to more costly hashes.
|
|
Packit |
13e0ca |
.I rbytes
|
|
Packit |
13e0ca |
should point to
|
|
Packit |
13e0ca |
.I nrbytes
|
|
Packit |
13e0ca |
cryptographically random bytes for use as \(lqsalt.\(rq
|
|
Packit |
13e0ca |
.PP
|
|
Packit |
13e0ca |
If
|
|
Packit |
13e0ca |
.I prefix
|
|
Packit |
13e0ca |
is a null pointer, the best available hashing method will be selected.
|
|
Packit |
13e0ca |
(CAUTION: if
|
|
Packit |
13e0ca |
.I prefix
|
|
Packit |
13e0ca |
is an empty string,
|
|
Packit |
13e0ca |
the \(lqtraditional\(rq DES-based hashing method will be selected;
|
|
Packit |
13e0ca |
this method is unacceptably weak by modern standards.)
|
|
Packit |
13e0ca |
If
|
|
Packit |
13e0ca |
.I count
|
|
Packit |
13e0ca |
is 0, a low default cost will be selected.
|
|
Packit |
13e0ca |
If
|
|
Packit |
13e0ca |
.I rbytes
|
|
Packit |
13e0ca |
is a null pointer, an appropriate number of random bytes will be
|
|
Packit |
13e0ca |
obtained from the operating system, and
|
|
Packit |
13e0ca |
.I nrbytes
|
|
Packit |
13e0ca |
is ignored.
|
|
Packit |
13e0ca |
.PP
|
|
Packit |
13e0ca |
See
|
|
Packit |
13e0ca |
.BR crypt (5)
|
|
Packit |
13e0ca |
for other strings that can be used as
|
|
Packit |
13e0ca |
.IR prefix ,
|
|
Packit |
13e0ca |
and valid values of
|
|
Packit |
13e0ca |
.IR count
|
|
Packit |
13e0ca |
for each.
|
|
Packit |
13e0ca |
.SH RETURN VALUE
|
|
Packit |
13e0ca |
.BR crypt_gensalt ", " crypt_gensalt_rn ", and " crypt_gensalt_ra
|
|
Packit |
13e0ca |
return a pointer to an encoded setting string.
|
|
Packit |
13e0ca |
This string will be entirely printable ASCII,
|
|
Packit |
13e0ca |
and will not contain whitespace
|
|
Packit |
13e0ca |
or the characters \(oq\fB:\fR\(cq,
|
|
Packit |
13e0ca |
\(oq\fB;\fR\(cq,
|
|
Packit |
13e0ca |
\(oq\fB*\fR\(cq,
|
|
Packit |
13e0ca |
\(oq\fB!\fR\(cq, or
|
|
Packit |
13e0ca |
\(oq\fB\e\fR\(cq.
|
|
Packit |
13e0ca |
See
|
|
Packit |
13e0ca |
.BR crypt (5)
|
|
Packit |
13e0ca |
for more detail on the format of this string.
|
|
Packit |
13e0ca |
Upon error, they return a null pointer and set
|
|
Packit |
13e0ca |
.I errno
|
|
Packit |
13e0ca |
to an appropriate error code.
|
|
Packit |
13e0ca |
.PP
|
|
Packit |
13e0ca |
.B crypt_gensalt
|
|
Packit |
13e0ca |
places its result in a static storage area,
|
|
Packit |
13e0ca |
which will be overwritten by subsequent calls to
|
|
Packit |
13e0ca |
.BR crypt_gensalt .
|
|
Packit |
13e0ca |
It is not safe to call
|
|
Packit |
13e0ca |
.B crypt_gensalt
|
|
Packit |
13e0ca |
from multiple threads simultaneously.
|
|
Packit |
13e0ca |
However, it
|
|
Packit |
13e0ca |
.I is
|
|
Packit |
13e0ca |
safe to pass the string returned by
|
|
Packit |
13e0ca |
.B crypt_gensalt
|
|
Packit |
13e0ca |
directly to
|
|
Packit |
13e0ca |
.B crypt
|
|
Packit |
13e0ca |
without copying it;
|
|
Packit |
13e0ca |
each function has its own static storage area.
|
|
Packit |
13e0ca |
.PP
|
|
Packit |
13e0ca |
.B crypt_gensalt_rn
|
|
Packit |
13e0ca |
places its result in the supplied
|
|
Packit |
13e0ca |
.I output
|
|
Packit |
13e0ca |
buffer, which has
|
|
Packit |
13e0ca |
.I output_size
|
|
Packit |
13e0ca |
bytes of storage available.
|
|
Packit |
13e0ca |
.I output_size
|
|
Packit |
13e0ca |
should be greater than or equal to
|
|
Packit |
13e0ca |
.BR CRYPT_GENSALT_OUTPUT_SIZE .
|
|
Packit |
13e0ca |
.PP
|
|
Packit |
13e0ca |
.B crypt_gensalt_ra
|
|
Packit |
13e0ca |
allocates memory for its result using
|
|
Packit |
13e0ca |
.BR malloc (3).
|
|
Packit |
13e0ca |
It should be freed with
|
|
Packit |
13e0ca |
.BR free (3)
|
|
Packit |
13e0ca |
after use.
|
|
Packit |
13e0ca |
.PP
|
|
Packit |
13e0ca |
Upon error, in addition to returning a null pointer,
|
|
Packit |
13e0ca |
.BR crypt_gensalt " and " crypt_gensalt_rn
|
|
Packit |
13e0ca |
will write an invalid setting string
|
|
Packit |
13e0ca |
to their output buffer, if there is enough space;
|
|
Packit |
13e0ca |
this string will begin with a \(oq\fB*\fR\(cq
|
|
Packit |
13e0ca |
and will not be equal to
|
|
Packit |
13e0ca |
.IR prefix .
|
|
Packit |
13e0ca |
.SH ERRORS
|
|
Packit |
13e0ca |
.ad l
|
|
Packit |
13e0ca |
.nh
|
|
Packit |
13e0ca |
.TP
|
|
Packit |
13e0ca |
.B EINVAL
|
|
Packit |
13e0ca |
.I prefix
|
|
Packit |
13e0ca |
is invalid or not supported by this implementation;
|
|
Packit |
13e0ca |
.I count
|
|
Packit |
13e0ca |
is invalid for the requested
|
|
Packit |
13e0ca |
.IR prefix ;
|
|
Packit |
13e0ca |
the input
|
|
Packit |
13e0ca |
.I nrbytes
|
|
Packit |
13e0ca |
is insufficient for the smallest valid salt with the requested
|
|
Packit |
13e0ca |
.IR prefix .
|
|
Packit |
13e0ca |
.TP
|
|
Packit |
13e0ca |
.B ERANGE
|
|
Packit |
13e0ca |
.BR crypt_gensalt_rn
|
|
Packit |
13e0ca |
only:
|
|
Packit |
13e0ca |
.I output_size
|
|
Packit |
13e0ca |
is too small to hold the compiled
|
|
Packit |
13e0ca |
.I setting
|
|
Packit |
13e0ca |
string.
|
|
Packit |
13e0ca |
.TP
|
|
Packit |
13e0ca |
.B ENOMEM
|
|
Packit |
13e0ca |
Failed to allocate internal scratch memory.
|
|
Packit |
13e0ca |
.br
|
|
Packit |
13e0ca |
.BR crypt_gensalt_ra
|
|
Packit |
13e0ca |
only:
|
|
Packit |
13e0ca |
failed to allocate memory for the compiled
|
|
Packit |
13e0ca |
.I setting
|
|
Packit |
13e0ca |
string.
|
|
Packit |
13e0ca |
.ad b
|
|
Packit |
13e0ca |
.hy 1
|
|
Packit |
13e0ca |
.SH FEATURE TEST MACROS
|
|
Packit |
13e0ca |
The following macros are defined by
|
|
Packit |
13e0ca |
.BR crypt.h :
|
|
Packit |
13e0ca |
.TP
|
|
Packit |
13e0ca |
.B CRYPT_GENSALT_IMPLEMENTS_DEFAULT_PREFIX
|
|
Packit |
13e0ca |
A null pointer can be specified as
|
|
Packit |
13e0ca |
.I prefix
|
|
Packit |
13e0ca |
argument.
|
|
Packit |
13e0ca |
.TP
|
|
Packit |
13e0ca |
.B CRYPT_GENSALT_IMPLEMENTS_AUTO_ENTROPY
|
|
Packit |
13e0ca |
A null pointer can be specified as
|
|
Packit |
13e0ca |
.I rbytes
|
|
Packit |
13e0ca |
argument.
|
|
Packit |
13e0ca |
.SH PORTABILITY NOTES
|
|
Packit |
13e0ca |
The functions
|
|
Packit |
13e0ca |
.BR crypt_gensalt ", " crypt_gensalt_rn ", and " crypt_gensalt_ra
|
|
Packit |
13e0ca |
are not part of any standard.
|
|
Packit |
13e0ca |
They originate with the Openwall project.
|
|
Packit |
13e0ca |
A function with the name
|
|
Packit |
13e0ca |
.B crypt_gensalt
|
|
Packit |
13e0ca |
also exists on Solaris 10 and newer, but its prototype and semantics differ.
|
|
Packit |
13e0ca |
.PP
|
|
Packit |
13e0ca |
The default prefix and auto entropy features are available since libxcrypt
|
|
Packit |
13e0ca |
version 4.0.0. Portable software can use feature test macros to find out
|
|
Packit |
13e0ca |
whether null pointers could be specified as
|
|
Packit |
13e0ca |
.I prefix
|
|
Packit |
13e0ca |
and
|
|
Packit |
13e0ca |
.I rbytes
|
|
Packit |
13e0ca |
arguments.
|
|
Packit |
13e0ca |
.PP
|
|
Packit |
13e0ca |
The set of supported hashing methods varies considerably from system
|
|
Packit |
13e0ca |
to system.
|
|
Packit |
13e0ca |
.SH ATTRIBUTES
|
|
Packit |
13e0ca |
For an explanation of the terms used in this section, see
|
|
Packit |
13e0ca |
.BR attributes (7).
|
|
Packit |
13e0ca |
.TS
|
|
Packit |
13e0ca |
allbox;
|
|
Packit |
13e0ca |
lb lb lb
|
|
Packit |
13e0ca |
l l l.
|
|
Packit |
13e0ca |
Interface Attribute Value
|
|
Packit |
13e0ca |
T{
|
|
Packit |
13e0ca |
.B crypt_gensalt
|
|
Packit |
13e0ca |
T} Thread safety MT-Unsafe race:crypt_gensalt
|
|
Packit |
13e0ca |
T{
|
|
Packit |
13e0ca |
.BR crypt_gensalt_rn ", " crypt_gensalt_ra
|
|
Packit |
13e0ca |
T} Thread safety MT-Safe
|
|
Packit |
13e0ca |
.TE
|
|
Packit |
13e0ca |
.sp
|
|
Packit |
13e0ca |
.SH SEE ALSO
|
|
Packit |
13e0ca |
.ad l
|
|
Packit |
13e0ca |
.BR crypt (3),
|
|
Packit Service |
1b19c1 |
.BR crypt_r (3),
|
|
Packit Service |
1b19c1 |
.BR crypt_ra (3),
|
|
Packit |
13e0ca |
.BR crypt_rn (3),
|
|
Packit |
13e0ca |
.BR getpass (3),
|
|
Packit |
13e0ca |
.BR getpwent (3),
|
|
Packit |
13e0ca |
.BR shadow (3),
|
|
Packit |
13e0ca |
.BR login (1),
|
|
Packit |
13e0ca |
.BR passwd (1),
|
|
Packit |
13e0ca |
.BR crypt (5),
|
|
Packit |
13e0ca |
.BR passwd (5),
|
|
Packit |
13e0ca |
.BR shadow (5),
|
|
Packit |
13e0ca |
.BR pam (8)
|