crypt(3) - Switch SHA256/512 to the Linux implementation

* The existing SHA backends have been shown to be more susceptible to brute-
  force attacks than we would prefer --
  http://www.openwall.com/lists/oss-security/2012/01/16/2

* Bring in the reference implementation used in Linux, code is in the public
  domain.

* Add required (standard) functions mempcpy and stpcpy.

* Change default for future installs to SHA512, this is the default on at
  least archlinux and fedora.

* Add some minor hacks to libcrypt/crypt.c to ensure that
  a) All existing passwords continue to work
  b) All future passwords will be more secure with no changes required

* To update passwords to the new format use passwd(1) for each user, and to
  change your default password type to SHA512 (default for new installations)
  change the passwd_format setting under default to "sha512".

etc/login.conf

@@ -19,7 +19,7 @@
 # Note that entries like "cputime" set both "cputime-cur" and "cputime-max"
 
 default:\
-	:passwd_format=sha256:\
+	:passwd_format=sha512:\
 	:copyright=/etc/COPYRIGHT:\
 	:welcome=/etc/motd:\
 	:setenv=MAIL=/var/mail/$,BLOCKSIZE=K,FTP_PASSIVE_MODE=YES:\

include/string.h

@@ -67,13 +67,17 @@ void	*memcpy(void * __restrict, const void * __restrict, size_t);
 #endif
 #if __BSD_VISIBLE
 void	*memmem(const void *, size_t, const void *, size_t);
+void	*mempcpy(void *, const void *, size_t);
 #endif
 #if !defined(_KERNEL_VIRTUAL)
 void	*memmove(void *, const void *, size_t);
 void	*memset(void *, int, size_t);
 #endif
+#if __POSIX_VISIBLE >= 200809 || __BSD_VISIBLE
+char    *stpcpy(char *, const char *);
+char    *stpncpy(char * __restrict, const char * __restrict, size_t);
+#endif
 #if __BSD_VISIBLE
-char	*stpcpy(char *, const char *);
 char	*strcasestr(const char *, const char *) __pure;
 #endif
 #if !defined(_KERNEL_VIRTUAL)

lib/libc/string/Makefile.inc

@@ -9,10 +9,11 @@ CFLAGS+= -I${.CURDIR}/../libc/locale
 # machine-independent string sources
 MISRCS+=bcmp.c bcopy.c bzero.c ffs.c ffsl.c ffsll.c fls.c flsl.c flsll.c \
 	index.c memccpy.c memchr.c memrchr.c memcmp.c \
-	memcpy.c memmem.c memmove.c memset.c rindex.c stpcpy.c strcasecmp.c \
-	strcat.c strcasestr.c strchr.c strcmp.c strcoll.c strcpy.c strcspn.c \
-	strdup.c strerror.c strlcat.c strlcpy.c strlen.c strmode.c strncat.c \
-	strncmp.c strncpy.c strndup.c strnlen.c strnstr.c \
+	memcpy.c memmem.c memmove.c mempcpy.c memset.c rindex.c stpcpy.c \
+	stpncpy.c \
+	strcasecmp.c strcat.c strcasestr.c strchr.c strcmp.c strcoll.c \
+	strcpy.c strcspn.c strdup.c strerror.c strlcat.c strlcpy.c strlen.c \
+	strmode.c strncat.c strncmp.c strncpy.c strndup.c strnlen.c strnstr.c \
 	strpbrk.c strrchr.c strsep.c strsignal.c strspn.c strstr.c strtok.c \
 	strxfrm.c swab.c wcscat.c wcschr.c wcscmp.c wcscoll.c wcscpy.c \
 	wcscspn.c wcsdup.c \
@@ -44,11 +45,13 @@ MLINKS+=ffs.3 ffsl.3 \
 	ffs.3 flsll.3
 MLINKS+=index.3 rindex.3
 MLINKS+=memchr.3 memrchr.3
+MLINKS+=memcpy.3 mempcpy.3
 MLINKS+=strcasecmp.3 strncasecmp.3
 MLINKS+=strcat.3 strncat.3
 MLINKS+=strchr.3 strrchr.3
 MLINKS+=strcmp.3 strncmp.3
 MLINKS+=strcpy.3 stpcpy.3 \
+	strcpy.3 stpncpy.3 \
 	strcpy.3 strncpy.3
 MLINKS+=strdup.3 strndup.3
 MLINKS+=strerror.3 perror.3 \

lib/libc/string/memcpy.3

@@ -45,11 +45,15 @@
 .In string.h
 .Ft void *
 .Fn memcpy "void *dst" "const void *src" "size_t len"
+.Ft void *
+.Fn mempcpy "void *dst" "const void *src" "size_t len"
 .Sh DESCRIPTION
 The
 .Fn memcpy
-function
-copies
+and
+.Fn mempcpy
+functions
+copy
 .Fa len
 bytes from string
 .Fa src
@@ -61,6 +65,11 @@ The
 function
 returns the original value of
 .Fa dst .
+The
+.Fn mempcpy
+function
+returns a pointer to the byte directly following the last byte written in
+.Fa dst .
 .Sh SEE ALSO
 .Xr bcopy 3 ,
 .Xr memccpy 3 ,

lib/libc/string/mempcpy.c

@@ -0,0 +1,44 @@
+/*
+ * Copyright (c) 2012
+ *         The DragonFly Project.  All rights reserved.
+ * 
+ * This code is derived from software contributed to The DragonFly Project
+ * by Samuel J. Greear <sjg@dragonflybsd.org>
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ * 3. Neither the name of The DragonFly Project nor the names of its
+ *    contributors may be used to endorse or promote products derived
+ *    from this software without specific, prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY OR CONSEQUENTIAL DAMAGES (INCLUDING,
+ * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
+ * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+ * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
+ * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ */
+
+#include <string.h>
+
+void *
+mempcpy(void *dest, const void *src, size_t len)
+{
+	return ((char *)memcpy(dest, src, len) + len);
+}
+

lib/libc/string/stpncpy.c

@@ -0,0 +1,44 @@
+/*-
+ * Copyright (c) 2009 David Schultz <das@FreeBSD.org>
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * $FreeBSD: src/lib/libc/string/stpncpy.c, SVN Rev. 189136 $
+ */
+
+#include <string.h>
+
+char *
+stpncpy(char * __restrict dst, const char * __restrict src, size_t len)
+{
+
+	for (; len--; dst++, src++) {
+		if (!(*dst = *src)) {
+			char *ret = dst;
+			while (len--)
+				*++dst = '\0';
+			return (ret);
+		}
+	}
+	return (dst);
+}

lib/libc/string/strcpy.3

@@ -33,7 +33,7 @@
 .\" $FreeBSD: src/lib/libc/string/strcpy.3,v 1.26 2007/01/09 00:28:12 imp Exp $
 .\" $DragonFly: src/lib/libc/string/strcpy.3,v 1.3 2005/08/05 22:35:10 swildner Exp $
 .\"
-.Dd August 9, 2001
+.Dd January 20, 2012
 .Dt STRCPY 3
 .Os
 .Sh NAME
@@ -47,6 +47,8 @@
 .Ft char *
 .Fn stpcpy "char *dst" "const char *src"
 .Ft char *
+.Fn stpncpy "char * restrict dst" "const char * restrict src" "size_t len"
+.Ft char *
 .Fn strcpy "char * restrict dst" "const char * restrict src"
 .Ft char *
 .Fn strncpy "char * restrict dst" "const char * restrict src" "size_t len"
@@ -65,8 +67,10 @@ to
 character.)
 .Pp
 The
+.Fn stpncpy
+and
 .Fn strncpy
-function copies at most
+functions copy at most
 .Fa len
 characters from
 .Fa src
@@ -97,10 +101,23 @@ return
 .Fa dst .
 The
 .Fn stpcpy
-function returns a pointer to the terminating
+and
+.Fn stpncpy
+functions return a pointer to the terminating
 .Ql \e0
 character of
 .Fa dst .
+If
+.Fn stpncpy
+does not null-terminate
+.Fa dst
+because the length of
+.Fa src
+was greater than
+.Fa len ,
+then it returns a pointer to
+.Li dst[len] ,
+which may not be valid.
 .Sh EXAMPLES
 The following sets
 .Va chararray
@@ -187,14 +204,17 @@ conform to
 .St -isoC .
 The
 .Fn stpcpy
-function is an MS-DOS and GNUism.
-The
-.Fn stpcpy
-function
-conforms to no standard.
+and
+.Fn stpncpy
+functions conform to
+.St -p1003.1-2008 .
 .Sh HISTORY
 The
 .Fn stpcpy
 function first appeared in
 .Fx 4.4 ,
-coming from 1998-vintage Linux.
+coming from 1998-vintage Linux
+and
+.Fn stpncpy
+first appeared in
+.Dx 2.13 .

lib/libcrypt/Makefile

@@ -3,12 +3,14 @@
 # $DragonFly: src/lib/libcrypt/Makefile,v 1.8 2008/10/28 17:23:45 swildner Exp $
 #
 
-SHLIB_MAJOR=	3
+SHLIB_MAJOR=	4
 LIB=		crypt
 
 .PATH:		${.CURDIR}/../libmd
-SRCS=		crypt.c crypt-md5.c crypt-sha256.c crypt-sha512.c \
-            md5c.c sha256c.c sha512c.c misc.c
+SRCS=		crypt.c crypt-md5.c \
+		crypt-sha256.c crypt-sha512.c \
+		deprecated-crypt-sha256.c deprecated-crypt-sha512.c \
+		md5c.c sha256c.c sha512c.c misc.c
 WARNS?=		2
 MAN=		crypt.3
 MLINKS=		crypt.3 crypt_get_format.3 crypt.3 crypt_set_format.3