[PATCH 0/3] libcrypt: modular libcrypt + SHA256/512 support

William Pitcock nenolod at dereferenced.org
Sat Dec 17 10:40:51 UTC 2011


Hi,

This is the third version of my SHA256/SHA512 patch including improvements
pointed out by the various people who have provided feedback thus far.

It does not incorporate the SuSE bcrypt implementation as requested by
"Ed W." because I feel that the implementation is incorrect (it is not really
compatible with the actual bcrypt ($2$ scheme, instead it is $2a$ scheme),
and the OpenBSD/NetBSD/FreeBSD implementations were licensed under terms
which required attribution in printed materials (e.g. Four-clause BSD
license).  It is possible to implement bcrypt, but I feel the best approach
would be to write a new implementation from scratch that covered both variants
of bcrypt.  So I didn't implement it, sorry.

As last time I did not include bloat-o-meter for the modular libcrypt,
here it is again on an x86_64 system:

add/remove: 1/0 grow/shrink: 1/0 up/down: 132/0 (132)
function                                     old     new   delta
crypt                                         92     192    +100
crypt_impl_tab                                 -      32     +32

The eventual goal is to remove crypt_stub.c (instead providing a define in
uClibc_config.h which indicates no crypt implementations are enabled) which
makes the new modular libcrypt implementation have the same effect as the
stub functions.

Please, as always, feel free to provide feedback.  The previous iteration of
this patch series is being used in production in Alpine 2.3 and later, and
the non-modular iteration before it is being used in production in Alpine 2.2
and later with no reported defects in the crypt() implementation, which means
the SHA256/SHA512 code is probably pretty solid at this point.

I am presently in the process of moving house, so it may be a few days before
I can get a reply to any inquiries.

William


More information about the uClibc mailing list