Update crypt_blowfish to 1.3, switch to 2b hash prefix

skinkade · Apr 10, 2016 · c0a10d2 · c0a10d2
1 parent 743ad63
commit c0a10d2
Show file tree

Hide file tree

Showing 22 changed files with 908 additions and 34 deletions.
diff --git a/Build.pm b/Build.pm
@@ -6,7 +6,7 @@ use LibraryMake;
 
 class Build is Panda::Builder {
 	method build($dir) {
-		my Str $ext = "$dir/ext/crypt_blowfish-1.2";
+		my Str $ext = "$dir/ext/crypt_blowfish-1.3";
 		my Str $blib = "$dir/blib";
 		rm_f("$ext/crypt_blowfish.so");
 		rm_f("$ext/crypt_blowfish.o", "$ext/crypt_gensalt.o");

diff --git a/Makefile.in b/Makefile.in
@@ -4,7 +4,7 @@ CFLAGS = %CCSHARED% %CCFLAGS%
 LDSHARED = %LDSHARED%
 ASFLAGS = -c
 LDFLAGS = $(LDSHARED) -s
-DIR = ext/crypt_blowfish-1.2/
+DIR = ext/crypt_blowfish-1.3/
 
 STATIC_OBJ = \
 	%DESTDIR%/crypt_blowfish.so

diff --git a/README.md b/README.md
@@ -19,11 +19,11 @@ Windows support is absent, though planned.
 ## Credit ##
 
 This module uses the Openwall crypt\_blowfish library by Solar Designer. See http://www.openwall.com/crypt/ and the header of
-[crypt\_blowfish.c](ext/crypt_blowfish-1.2/crypt_blowfish.c) for details.
+[crypt\_blowfish.c](ext/crypt_blowfish-1.3/crypt_blowfish.c) for details.
 
 ## License ##
 
-The Openwall library is licensed and redistributed under the terms outlined in the header of [crypt\_blowfish.c](ext/crypt_blowfish-1.2/crypt_blowfish.c). Any modifications are released under the same terms.
+The Openwall library is licensed and redistributed under the terms outlined in the header of [crypt\_blowfish.c](ext/crypt_blowfish-1.3/crypt_blowfish.c). Any modifications are released under the same terms.
 
 This module is released under the terms of the ISC License.
 See the [LICENSE](LICENSE) file for details.
diff --git a/ext/crypt_blowfish-1.2/LICENSE b/ext/crypt_blowfish-1.2/LICENSE
diff --git a/ext/crypt_blowfish-1.2/README.md b/ext/crypt_blowfish-1.2/README.md
diff --git a/ext/crypt_blowfish-1.3/LINKS b/ext/crypt_blowfish-1.3/LINKS
@@ -0,0 +1,29 @@
+New versions of this package (crypt_blowfish):
+
+	http://www.openwall.com/crypt/
+
+A paper on the algorithm that explains its design decisions:
+
+	http://www.usenix.org/events/usenix99/provos.html
+
+Unix Seventh Edition Manual, Volume 2: the password scheme (1978):
+
+	http://plan9.bell-labs.com/7thEdMan/vol2/password
+
+The Openwall GNU/*/Linux (Owl) tcb suite implementing the alternative
+password shadowing scheme.  This includes a PAM module which
+supersedes pam_unix and uses the password hashing framework provided
+with crypt_blowfish when setting new passwords.
+
+	http://www.openwall.com/tcb/
+
+pam_passwdqc, a password strength checking and policy enforcement
+module for PAM-aware password changing programs:
+
+	http://www.openwall.com/passwdqc/
+
+John the Ripper password cracker:
+
+	http://www.openwall.com/john/
+
+$Owl: Owl/packages/glibc/crypt_blowfish/LINKS,v 1.4 2005/11/16 13:09:47 solar Exp $
diff --git a/ext/crypt_blowfish-1.3/PERFORMANCE b/ext/crypt_blowfish-1.3/PERFORMANCE
@@ -0,0 +1,30 @@
+These numbers are for 32 iterations ("$2a$05"):
+
+			OpenBSD 3.0 bcrypt(*)	crypt_blowfish 0.4.4
+Pentium III, 840 MHz	99 c/s			121 c/s (+22%)
+Alpha 21164PC, 533 MHz	55.5 c/s		76.9 c/s (+38%)
+UltraSparc IIi, 400 MHz	49.9 c/s		52.5 c/s (+5%)
+Pentium, 120 MHz	8.8 c/s			20.1 c/s (+128%)
+PA-RISC 7100LC, 80 MHz	8.5 c/s			16.3 c/s (+92%)
+
+(*) built with -fomit-frame-pointer -funroll-loops, which I don't
+think happens for libcrypt.
+
+Starting with version 1.1 released in June 2011, default builds of
+crypt_blowfish invoke a quick self-test on every hash computation.
+This has roughly a 4.8% performance impact at "$2a$05", but only a 0.6%
+impact at a more typical setting of "$2a$08".
+
+The large speedup for the original Pentium is due to the assembly
+code and the weird optimizations this processor requires.
+
+The numbers for password cracking are 2 to 10% higher than those for
+crypt_blowfish as certain things may be done out of the loop and the
+code doesn't need to be reentrant.
+
+Recent versions of John the Ripper (1.6.25-dev and newer) achieve an
+additional 15% speedup on the Pentium Pro family of processors (which
+includes Pentium III) with a separate version of the assembly code and
+run-time CPU detection.
+
+$Owl: Owl/packages/glibc/crypt_blowfish/PERFORMANCE,v 1.6 2011/06/21 12:09:20 solar Exp $
diff --git a/ext/crypt_blowfish-1.3/README b/ext/crypt_blowfish-1.3/README
@@ -0,0 +1,68 @@
+This is an implementation of a password hashing method, provided via the
+crypt(3) and a reentrant interface.  It is fully compatible with
+OpenBSD's bcrypt.c for prefix "$2b$", originally by Niels Provos and
+David Mazieres.  (Please refer to the included crypt(3) man page for
+information on minor compatibility issues for other bcrypt prefixes.)
+
+I've placed this code in the public domain, with fallback to a
+permissive license.  Please see the comment in crypt_blowfish.c for
+more information.
+
+You can use the provided routines in your own packages, or link them
+into a C library.  I've provided hooks for linking into GNU libc, but
+it shouldn't be too hard to get this into another C library.  Note
+that simply adding this code into your libc is probably not enough to
+make your system use the new password hashing algorithm.  Changes to
+passwd(1), PAM modules, or whatever else your system uses will likely
+be needed as well.  These are not a part of this package, but see
+LINKS for a pointer to our tcb suite.
+
+Instructions on using the routines in one of the two common ways are
+given below.  It is recommended that you test the routines on your
+system before you start.  Type "make check" or "make check_threads"
+(if you have the POSIX threads library), then "make clean".
+
+
+1. Using the routines in your programs.
+
+The available interfaces are in ow-crypt.h, and this is the file you
+should include.  You won't need crypt.h.  When linking, add all of the
+C files and x86.S (you can compile and link it even on a non-x86, it
+will produce no code in this case).
+
+
+2. Building the routines into GNU C library.
+
+For versions 2.13 and 2.14 (and likely other nearby ones), extract the
+library sources as usual.  Apply the patch for glibc 2.14 provided in
+this package.  Enter crypt/ and rename crypt.h to gnu-crypt.h within
+that directory.  Copy the C sources, header, and assembly (x86.S) files
+from this package in there as well (but be sure you don't overwrite the
+Makefile).  Configure, build, and install the library as usual.
+
+For versions 2.2 to 2.3.6 (and likely also for some newer ones),
+extract the library sources and maybe its optional add-ons as usual.
+Apply the patch for glibc 2.3.6 provided in this package.  Enter
+crypt/ and rename crypt.h to gnu-crypt.h within that directory.  Copy
+the C sources, header, and assembly (x86.S) files from this package in
+there as well (but be sure you don't overwrite the Makefile).
+Configure, build, and install the library as usual.
+
+For versions 2.1 to 2.1.3, extract the library sources and the crypt
+and linuxthreads add-ons as usual.  Apply the patch for glibc 2.1.3
+provided in this package.  Enter crypt/sysdeps/unix/, and rename
+crypt.h to gnu-crypt.h within that directory.  Copy C sources, header,
+and assembly (x86.S) files from this package in there as well (but be
+sure you don't overwrite the Makefile).  Configure, build, and install
+the library as usual.
+
+Programs that want to use the provided interfaces will need to include
+crypt.h (but not ow-crypt.h directly).  By default, prototypes for the
+new routines aren't defined (but the extra functionality of crypt(3)
+is indeed available).  You need to define _OW_SOURCE to obtain the new
+routines as well.
+
+-- 
+Solar Designer <solar at openwall.com>
+
+$Owl: Owl/packages/glibc/crypt_blowfish/README,v 1.10 2014/07/07 15:19:04 solar Exp $