Commit Graph

21 Commits

Author SHA1 Message Date
Joseph Myers
319d2a7b60 Add GRND_INSECURE from Linux 5.6 to sys/random.h
This patch adds the GRND_INSECURE constant from Linux 5.6 to glibc's
sys/random.h.  This is also added to the documentation.  The constant
acts as a no-op for the Hurd implementation (as that doesn't check
whether the flags are known), which is semantically fine, while older
Linux kernels reject unknown flags with an EINVAL error.

Tested for x86_64.
2020-04-09 21:21:16 +00:00
Zack Weinberg
841785bad1 manual: Revise crypt.texi.
This is a major rewrite of the description of 'crypt', 'getentropy',
and 'getrandom'.

A few highlights of the content changes:

 - Throughout the manual, public headers, and user-visible messages,
   I replaced the term "password" with "passphrase", the term
   "password database" with "user database", and the term
   "encrypt(ion)" with "(one-way) hashing" whenever it was applied to
   passphrases.  I didn't bother making this change in internal code
   or tests.  The use of the term "password" in ruserpass.c survives,
   because that refers to a keyword in netrc files, but it is adjusted
   to make this clearer.

   There is a note in crypt.texi explaining that they were
   traditionally called passwords but single words are not good enough
   anymore, and a note in users.texi explaining that actual passphrase
   hashes are found in a "shadow" database nowadays.

 - There is a new short introduction to the "Cryptographic Functions"
   section, explaining how we do not intend to be a general-purpose
   cryptography library, and cautioning that there _are_, or have
   been, legal restrictions on the use of cryptography in many
   countries, without getting into any kind of detail that we can't
   promise to keep up to date.

 - I added more detail about what a "one-way function" is, and why
   they are used to obscure passphrases for storage.  I removed the
   paragraph saying that systems not connected to a network need no
   user authentication, because that's a pretty rare situation
   nowadays.  (It still says "sometimes it is necessary" to
   authenticate the user, though.)

 - I added documentation for all of the hash functions that glibc
   actually supports, but not for the additional hash functions
   supported by libxcrypt.  If we're going to keep this manual section
   around after the transition is more advanced, it would probably
   make sense to add them then.

 - There is much more detailed discussion of how to generate a salt,
   and the failure behavior for crypt is documented.  (Returning an
   invalid hash on failure is what libxcrypt does; Solar Designer's
   notes say that this was done "for compatibility with old programs
   that assume crypt can never fail".)

 - As far as I can tell, the header 'crypt.h' is entirely a GNU
   invention, and never existed on any other Unix lineage.  The
   function 'crypt', however, was in Issue 1 of the SVID and is now
   in the XSI component of POSIX.  I tried to make all of the
   @standards annotations consistent with this, but I'm not sure I got
   them perfectly right.

 - The genpass.c example has been improved to use getentropy instead
   of the current time to generate the salt, and to use a SHA-256 hash
   instead of MD5. It uses more random bytes than is strictly
   necessary because I didn't want to complicate the code with proper
   base64 encoding.

 - The testpass.c example has three hardwired hashes now, to
   demonstrate that different one-way functions produce different
   hashes for the same input.  It also demonstrates how DES hashing
   only pays attention to the first eight characters of the input.

 - There is new text explaining in more detail how a CSPRNG differs
   from a regular random number generator, and how
   getentropy/getrandom are not exactly a CSPRNG.  I tried not to make
   specific falsifiable claims here.  I also tried to make the
   blocking/cancellation/error behavior of both getentropy and
   getrandom clearer.
2018-06-29 16:53:37 +02:00
Zack Weinberg
6ab902e4de manual: Reorganize crypt.texi.
In preparation for a major revision of the documentation for
crypt(_r), getentropy, and getrandom, reorganize crypt.texi.  This
patch does not change any text; it only deletes and moves text.

The description of 'getpass' moves to terminal.texi, since all it does
is read a password from the controlling terminal with echo disabled.
The "Legal Problems" section of crypt.texi is dropped, and the
introductory text is shifted down to the "Encrypting Passwords"
section; the next patch will add some new introductory text.

Also, it is no longer true that crypt.texi's top @node needs to have
no pointers.  That was a vestige of crypt/ being an add-on.  (makeinfo
itself doesn't need @node pointers anymore, but the scripts that
assemble the libc manual's topmost node rely on each chapter-level
node having them.)
2018-06-29 16:53:29 +02:00
Zack Weinberg
b10a0accee Disallow use of DES encryption functions in new programs.
The functions encrypt, setkey, encrypt_r, setkey_r, cbc_crypt,
ecb_crypt, and des_setparity should not be used in new programs,
because they use the DES block cipher, which is unacceptably weak by
modern standards.  Demote all of them to compatibility symbols, and
remove their prototypes from installed headers.  cbc_crypt, ecb_crypt,
and des_setparity were already compat symbols when glibc was
configured with --disable-obsolete-rpc.

POSIX requires encrypt and setkey to be available when _XOPEN_CRYPT
is defined, so this change also removes the definition of X_OPEN_CRYPT
from <unistd.h>.

The entire "DES Encryption" section is dropped from the manual, as is
the mention of AUTH_DES and FIPS 140-2 in the introduction to
crypt.texi.  The documentation of 'memfrob' cross-referenced the DES
Encryption section, which is replaced by a hyperlink to libgcrypt, and
while I was in there I spruced up the actual documentation of
'memfrob' and 'strfry' a little.  It's still fairly jokey, because
those functions _are_ jokes, but they do also have real use cases, so
people trying to use them for real should have all the information
they need.

DES-based authentication for Sun RPC is also insecure and should be
deprecated or even removed, but maybe that can be left as TI-RPC's
problem.
2018-06-29 16:53:18 +02:00
Rical Jasan
d08a7e4cbe manual: Replace summary.awk with summary.pl.
The Summary is now generated from @standards, and syntax-checking is
performed.  If invalid @standards syntax is detected, summary.pl will
fail, reporting all errors.  Failure and error reporting is disabled
for now, however, since much of the manual is still incomplete
wrt. header and standards annotations.

Note that the sorting order of the Summary has changed; summary.pl
respects the locale, like summary.awk did, but the use of LC_ALL=C is
introduced in the Makefile.  Other notable deviations are improved
detection of the annotated elements' names, which are used for
sorting, and improved detection of the @node used to reference into
the manual.  The most noticeable difference in the rendered Summary is
that entries may now contain multiple lines, one for each header and
standard combination.

summary.pl accepts a `--help' option, which details the expected
syntax of @standards.  If errors are reported, the user is directed to
this feature for further information.

	* manual/Makefile: Generate summary.texi with summary.pl.
	Force use of the C locale.  Update Perl dependency comment.
	* manual/header.texi: Update reference to summary.awk.
	* manual/macros.texi: Refer authors to `summary.pl --help'.
	* manual/summary.awk: Remove file.
	* manual/summary.pl: New file.  Generate summary.texi, and
	check for @standards-related syntax errors.
	* manual/argp.texi: Convert header and standards @comments to
	@standards.
	* manual/arith.texi: Likewise.
	* manual/charset.texi: Likewise.
	* manual/conf.texi: Likewise.
	* manual/creature.texi: Likewise.
	* manual/crypt.texi: Likewise.
	* manual/ctype.texi: Likewise.
	* manual/debug.texi: Likewise.
	* manual/errno.texi: Likewise.
	* manual/filesys.texi: Likewise.
	* manual/getopt.texi: Likewise.
	* manual/job.texi: Likewise.
	* manual/lang.texi: Likewise.
	* manual/llio.texi: Likewise.
	* manual/locale.texi: Likewise.
	* manual/math.texi: Likewise.
	* manual/memory.texi: Likewise.
	* manual/message.texi: Likewise.
	* manual/pattern.texi: Likewise.
	* manual/pipe.texi: Likewise.
	* manual/process.texi: Likewise.
	* manual/resource.texi: Likewise.
	* manual/search.texi: Likewise.
	* manual/setjmp.texi: Likewise.
	* manual/signal.texi: Likewise.
	* manual/socket.texi: Likewise.
	* manual/startup.texi: Likewise.
	* manual/stdio.texi: Likewise.
	* manual/string.texi: Likewise.
	* manual/sysinfo.texi: Likewise.
	* manual/syslog.texi: Likewise.
	* manual/terminal.texi: Likewise.
	* manual/threads.texi: Likewise.
	* manual/time.texi: Likewise.
	* manual/users.texi: Likewise.
2017-06-15 21:26:20 -07:00
Rical Jasan
f227c3e0a6 manual: Fix up invalid header and standards syntax.
This commit handles exceptional cases of invalid syntax for the
@standards conversion script.

	* manual/crypt.texi: Move a comment out of an @*x list.
	* manual/filesys.texi: Refactor some comments, one of which
	looks like a standard.  Fix incorrectly separated standards.
	* manual/locale.texi: Invert an annotation.
	* manual/resource.texi: Fix incorrectly separated standards.
	* manual/time.texi: Refactor a @vtable that obscures an
	annotation.
	* manual/users.texi: Refactor multiple headers to occupy a
	single @comment.
2017-05-18 00:39:48 -07:00
Florian Weimer
92dcaa3e2f Add getentropy, getrandom, <sys/random.h> [BZ #17252] 2016-12-12 17:28:04 +01:00
Rical Jasan
b8867dabdf Manual typos: DES Encryption and Password Handling
2016-05-06  Rical Jasan  <ricaljasan@pacific.net>

	* manual/crypt.texi: Fix typos in the manual.
2016-10-06 12:25:00 +05:30
Mike Frysinger
ef48b19677 manual: fix spelling typos
I've bracketed the changes to make it easier to pick out.

	enlengthen -> extend
	enlengthened -> extended
	excep[e]tions -> exceptions
	exten[da]ble -> exten[si]ble
	implement[o]r -> implement[e]r
	licen[c]e -> licen[s]e
	optimzed -> optim[i]zed
	overriden -> overrid[d]en
	param[a]ter -> param[e]ter

Signed-off-by: Mike Frysinger <vapier@gentoo.org>

2012-10-27  Mike Frysinger  <vapier@gentoo.org>

	* manual/arith.texi: Fix spelling typos.
	* manual/contrib.texi: Likewise.
	* manual/crypt.texi: Likewise.
	* manual/filesys.texi: Likewise.
	* manual/llio.texi: Likewise.
	* manual/locale.texi: Likewise.
	* manual/message.texi: Likewise.
	* manual/nss.texi: Likewise.
	* manual/socket.texi: Likewise.
	* manual/stdio.texi: Likewise.
	* manual/string.texi: Likewise.
	* manual/sysinfo.texi: Likewise.
2016-06-16 00:59:57 -04:00
Alexandre Oliva
7616763710 * manual/crypt.texi: Document MTASC-safety properties. 2014-01-29 05:27:54 -02:00
Carlos O'Donell
3d7dc513b7 Mention FIPS 140-2 compliance and Sun RPC.
The Secure RPC implementation in glibc uses DES encryption
during authentication of the user. This use of DES means
that anyone using Sun RPC will likely not be compliant
with FIPS 140-2 which forbids the use of DES.

One solution to the compliance issue is to disable AUTH_DES
and AUTH_KERB, both use DES, when in FIPS compliance mode.
This is not a good idea because it disables all of the even
mildly secure methods of authentication allowing only plain
text methods.

Instead we leave AUTH_DES and AUTH_KERB enabled in FIPS
compliance mode and document the compliance issue in the
manual. FIPS allows this, that is to say that if you can't
fix it you must document the non-compliance.

This commit adds documentation to that effect in the
"DES encryption and password handling" section of the
manual.
2013-10-19 00:11:31 -04:00
Joseph Myers
1f77f0491f Use Texinfo macros to refer to the GNU C Library within the manual. 2012-02-28 14:44:20 +00:00
Ulrich Drepper
d40eb37aad [BZ #40]
Update.
2004-05-15  Petter Reinholdtsen  <pere@hungry.com>

	* locale/iso-3166.def: Remove YUGOSLAVIA and insert "SERBIA AND
	MONTENEGRO" which have taken over the code 819.  Patch from
	Danilo Segan. [BZ #40]

2004-05-15  Jakub Jelinek  <jakub@redhat.com>

	* sysdeps/unix/sysv/linux/sparc/sparc32/sysdep.h
	(SYSCALL_ERROR_HANDLER): Rename __sparc.get_pic.l7 to
	__sparc_get_pic_l7.

2004-05-15  Joseph S. Myers  <jsm@polyomino.org.uk>

	* catgets/gencat.c: Update bug reporting instructions.
	* csu/version.c: Likewise.
	* debug/catchsegv.sh: Likewise.
	* debug/pcprofiledump.c: Likewise.
	* debug/xtrace.sh: Likewise.
	* elf/ldd.bash.in: Likewise.
	* iconv/iconv_prog.c: Likewise.
	* iconv/iconvconfig.c: Likewise.
	* locale/programs/locale.c: Likewise.
	* locale/programs/localedef.c: Likewise.
	* login/programs/pt_chown.c: Likewise.
	* malloc/memusage.sh: Likewise.
	* malloc/memusagestat.c: Likewise.
	* malloc/mtrace.pl: Likewise.
	* manual/crypt.texi: Likewise.
	* manual/install.texi: Likewise.
	* nss/makedb.c: Likewise.

2004-05-14  Jakub Jelinek  <jakub@redhat.com>

	* sysdeps/sparc/sparc32/dl-machine.h (elf_machine_rela): Only
	CHECK_STATIC_TLS if sym != NULL.
	* sysdeps/sh/dl-machine.h (elf_machine_rela): Likewise.
	* sysdeps/i386/dl-machine.h (elf_machine_rela): Likewise.

2004-05-12  Andreas Schwab  <schwab@suse.de>

	* posix/regex_internal.c (build_wcs_buffer): Also set pstr->mbs
	when translating.

2004-05-13  H.J. Lu  <hongjiu.lu@intel.com>

	* Rules (xtests): Depend on tests.
2004-05-17 18:59:35 +00:00
Roland McGrath
be1960c6fd 2002-11-11 Paul Eggert <eggert@twinsun.com>
* manual/crypt.texi (Cryptographic Functions): Mention that
        the MD5 one-way algorithm is compatible with BSD's.
2002-11-13 04:51:00 +00:00
Andreas Jaeger
0bc93a2fb1 Update.
2001-05-21  Andreas Jaeger  <aj@suse.de>

	* locale/programs/ld-collate.c (handle_ellipsis): Fix message.
	Patch by Philipp Thomas <pthomas@suse.de>.
2001-05-21 17:38:30 +00:00
Ulrich Drepper
cf6960d7ca Update.
* iconvdata/Makefile (modules): Add GBBIG5.
	(distribute): Add gbbig5.c.
	* iconvdata/gbbig5.c: New file.
	* iconvdata/gconv-modules: Add entries for GBBIG5 module.

2001-02-13  Philip Blundell  <pb@futuretv.com>

	* manual/crypt.texi: Remove outdated references to crypt add-on.

	* manual/creature.texi: Improve wording slightly.

2001-02-13  Ulrich Drepper  <drepper@redhat.com>
2001-02-13 23:36:45 +00:00
Ulrich Drepper
b642f10105 (Currency Symbol): Add INT_ constants and CODESET: 2001-02-11 09:54:25 +00:00
Ulrich Drepper
2244ddf2bf Update.
2001-01-17  Ulrich Drepper  <drepper@redhat.com>

	* manual/Makefile (chapters): Add debug.
	* manual/debug.texi: New file.
	* manual/examples/execinfo.c: New file.
	Patch by suckfish@ihug.co.nz.
2001-01-17 16:54:30 +00:00
Andreas Jaeger
93773779e3 Update.
2000-03-08  Andreas Jaeger  <aj@suse.de>

	* manual/crypt.texi: Fix paths.
2000-03-08 08:58:29 +00:00
Ulrich Drepper
6d7496e846 Update.
* crypt/crypt.texi: Moved to...
	* crypt/examples/genpass.c: Moved to...
	* manual/examples/genpass.c: ...here.
	* crypt/examples/mygenpass.c: Moved to...
	* manual/examples/mygenpass.c: ...here.
	* crypt/examples/testpass.c: Moved to...
	* manual/examples/testpass.c: ...here.

	* manual/Makefile (chapters): Add crypt.
	* manual/conf.texi: Add usual header for not-last chapter.
	* manual/crypt.texi: Add special header for last chapter.
2000-02-29 06:34:39 +00:00
Ulrich Drepper
07e0f7adf6 Update.
2000-02-28  Ulrich Drepper  <drepper@redhat.com>

	* crypt/tcrypt.texi: Moved to...
	* manual/crypt.texi: ...here.
2000-02-29 06:01:28 +00:00