Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Compile-time switch for disabling SUNMD5 hashes #7

Closed
fweimer opened this issue Jun 25, 2018 · 0 comments
Closed

Compile-time switch for disabling SUNMD5 hashes #7

fweimer opened this issue Jun 25, 2018 · 0 comments

Comments

@fweimer
Copy link
Contributor

fweimer commented Jun 25, 2018

The implementation is under the CDDL, which some of us consider inappropriate for a system library due to its GPL incompatibility.
@zackw zackw mentioned this issue Jun 29, 2018
Closed
ldv-alt added a commit to ldv-alt/libxcrypt that referenced this issue Jun 30, 2018
@ldv-alt
Extend --enable-weak-hashes configure option
342cd73 
Extend --enable-weak-hashes configure option to accept optional "glibc"
parameter.  When specified, it enables only those of weak hashes that
are supported by historic versions of the GNU libc.

Closes: besser82#7
ldv-alt added a commit to ldv-alt/libxcrypt that referenced this issue Jun 30, 2018
@ldv-alt
Extend --enable-weak-hashes configure option
06ea2f8 
Extend --enable-weak-hashes configure option to accept optional "glibc"
parameter.  When specified, it enables only those of weak hashes that
are supported by historic versions of the GNU libc.

Closes: besser82#7
@zackw zackw closed this as completed in 1048328 Jun 30, 2018
zackw added a commit that referenced this issue Jul 10, 2018
@zackw
Replace crypt-sunmd5.c with BSD-licensed cleanroom reimplementation.
9197a77 
This eliminates all CDDL-licensed code from the library, as requested
in issue #7 because of GPL incompatibility.

The new implementation was based exclusively on the prose description
of the algorithm in the Passlib v1.7.1 documentation, which should be
adequately arms-length for copyright purposes.  (N.B. the lengthy
quotation from _Hamlet_ is used as input to MD5, so it must remain
byte-for-byte identical to achieve interoperability with the original;
also, the play itself is in the public domain.)

The new implementation is also fully deterministic (that is, its
gensalt procedure draws randomness only from its rbytes argument) and
does not call malloc.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@fweimer