Re: [PATCH] Crypto blowfish addition to glibc - possible?
At Fri, 23 Jul 2004 02:51:26 +0200,
Marek Habersack wrote:
> I have just finished compiling glibc 2.3.2.ds1-13 patched to contain the
> crypt-blowfish support from the OWL project (http://openwall.com/crypt/). I
> applied, compiled and is running without any even the slightest problem. My
> goal is to modify the Debian shadow tools with the support for TCB
> (http://openwall.com/tcb/) as well as package their TCB PAM modules, TCB NSS
> library and all the utilites there are for TCB integration. All of the above
> require crypto-blowfish to be included in the libc. Attached you can find
> the dpatch which adds the support to the Debian libc (should be added as the
> last entry to debian/patches/00list) and the upstream crypt(3) manpage (for
> your reference). My question is whether there is any chance of including
> that support in the Debian package?
At least I don't apply this dpatch until sarge is released because
we're partially freezing our glibc.
> IMHO, it would greately add to the
> Debian security and, since it doesn't change the glibc ABI nor introduce any
> incompatibilities, it would seamlessly integrate with Debian.
I don't know the necessity of blowfish, but the wishlist of this
blowfish support was already proposed at:
#149452: libc6: OpenBSD's bcrypt password hashing support
So I think that if its license becomes clear, applying this patch to
upstream in first is good idea.
BTW, looking through the code:
- crypt/Versions should be changed to the appropriate version. The
current debian glibc should be GLIBC_2.3.2, and the upstream
should be GLIBC_2_3_4.
- x86.S should be moved into the appropriate place, ex: sysdeps/ as
internal function. Because it can be created i686 version, i786
version, and so on.
- It's nice to separate '#ifdef TEST' code. It should be changed to
tst-crypt and so on.
- Removing other OSes part is good idea.
- I don't see why crypt.h is needed to modify.
- I don't understand why magic function to switch md5/blowfish/des
is needed. Is this work neccessary?
Regards,
-- gotom
Reply to: