Re: [PATCH] Crypto blowfish addition to glibc - possible?

To: grendel@debian.org
Cc: debian-glibc@lists.debian.org
Subject: Re: [PATCH] Crypto blowfish addition to glibc - possible?
From: GOTO Masanori <gotom@debian.or.jp>
Date: Fri, 23 Jul 2004 17:32:18 +0900
Message-id: <[🔎] 81n01r9l9p.wl@omega.webmasters.gr.jp>
In-reply-to: <[🔎] 20040723005126.GA4094@beowulf.thanes.org>
References: <[🔎] 20040723005126.GA4094@beowulf.thanes.org>

At Fri, 23 Jul 2004 02:51:26 +0200,
Marek Habersack wrote:
>   I have just finished compiling glibc 2.3.2.ds1-13 patched to contain the
> crypt-blowfish support from the OWL project (http://openwall.com/crypt/). I
> applied, compiled and is running without any even the slightest problem. My
> goal is to modify the Debian shadow tools with the support for TCB
> (http://openwall.com/tcb/) as well as package their TCB PAM modules, TCB NSS
> library and all the utilites there are for TCB integration. All of the above
> require crypto-blowfish to be included in the libc. Attached you can find
> the dpatch which adds the support to the Debian libc (should be added as the
> last entry to debian/patches/00list) and the upstream crypt(3) manpage (for
> your reference). My question is whether there is any chance of including
> that support in the Debian package?

At least I don't apply this dpatch until sarge is released because
we're partially freezing our glibc.

> IMHO, it would greately add to the
> Debian security and, since it doesn't change the glibc ABI nor introduce any
> incompatibilities, it would seamlessly integrate with Debian. 

I don't know the necessity of blowfish, but the wishlist of this
blowfish support was already proposed at:
#149452: libc6: OpenBSD's bcrypt password hashing support

So I think that if its license becomes clear, applying this patch to
upstream in first is good idea.

BTW, looking through the code:

  - crypt/Versions should be changed to the appropriate version.  The
    current debian glibc should be GLIBC_2.3.2, and the upstream
    should be GLIBC_2_3_4.

  - x86.S should be moved into the appropriate place, ex: sysdeps/ as
    internal function.  Because it can be created i686 version, i786
    version, and so on.

  - It's nice to separate '#ifdef TEST' code.  It should be changed to
    tst-crypt and so on.

  - Removing other OSes part is good idea.

  - I don't see why crypt.h is needed to modify.

  - I don't understand why magic function to switch md5/blowfish/des
    is needed.  Is this work neccessary?

Regards,
-- gotom

Reply to:

References:
- [PATCH] Crypto blowfish addition to glibc - possible?
  - From: Marek Habersack <grendel@debian.org>

Prev by Date: Re: libc6-dbg
Next by Date: Re: Bug#260222: ITP: libmqueue -- POSIX message queues library for Linux
Previous by thread: [PATCH] Crypto blowfish addition to glibc - possible?
Next by thread: Re: Bug#260222: ITP: libmqueue -- POSIX message queues library for Linux
Index(es):
- Date
- Thread