Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help
CRYPT_GENSALT(3)	    Library Functions Manual	      CRYPT_GENSALT(3)

NAME
       crypt_gensalt,  crypt_gensalt_rn,  crypt_gensalt_ra  -- encode settings
       for passphrase hashing

LIBRARY
       Crypt Library (libcrypt,	-lcrypt)

SYNOPSIS
       #include	<crypt.h>

       char *
       crypt_gensalt(const char	*prefix,		  unsigned long	count,
	   const char *rbytes, int nrbytes);

       char *
       crypt_gensalt_rn(const char * prefix,		  unsigned long	count,
	   const char *rbytes, int nrbytes, char * output, int output_size);

       char *
       crypt_gensalt_ra(const char *prefix,		  unsigned long	count,
	   const char *rbytes, int nrbytes);

DESCRIPTION
       The  crypt_gensalt,  crypt_gensalt_rn,  and  crypt_gensalt_ra functions
       compile a string	for use	as the setting	argument  to  crypt,  crypt_r,
       crypt_rn,  and  crypt_ra.   prefix  selects  the	hashing	method to use.
       count controls the processing cost of the hash; the valid range and ex-
       act meaning of count depend on the hashing method, but  larger  numbers
       correspond to more costly hashes	in terms of CPU	time and possibly mem-
       ory  usage.   rbytes  should  point to nrbytes cryptographically	random
       bytes for use as	"salt."

       If prefix is a null pointer, the	best available hashing method will  be
       selected.   (CAUTION:  if  prefix is an empty string, the "traditional"
       DES-based hashing method	will be	selected; this method is  unacceptably
       weak  by	 modern	standards.)  If	count is 0, a low default cost will be
       selected.  If rbytes is a null pointer, an appropriate number of	random
       bytes will be obtained from the operating system, and  nrbytes  is  ig-
       nored.

       See  crypt(5)  for  other strings that can be used as prefix, and valid
       values of count for each.

RETURN VALUES
       crypt_gensalt, crypt_gensalt_rn,	and crypt_gensalt_ra return a  pointer
       to  an  encoded setting string.	This string will be entirely printable
       ASCII, and will not contain whitespace or the characters	`:', `;', `*',
       `!', or `\'.  See crypt(5) for  more  detail  on	 the  format  of  this
       string.	Upon error, they return	a null pointer and set errno to	an ap-
       propriate  error	 code.	When the functions succeed, the	value of errno
       is unspecified and must not be relied upon.

       crypt_gensalt places its	result in a static storage area, which will be
       overwritten by subsequent calls to crypt_gensalt.  It is	 not  safe  to
       call crypt_gensalt from multiple	threads	simultaneously.	 It's also not
       recommended to use the pointer returned as an argument for another call
       to  crypt_gensalt,  as some implementations, including earlier releases
       of libxcrypt, may overwrite the underlying static output	buffer	before
       computing the setting.  However,	it is safe to pass the string returned
       by  crypt_gensalt  directly  to crypt without copying it; each function
       has its own static storage area.

       crypt_gensalt_rn	places its result in the supplied output buffer, which
       has output_size bytes of	 storage  available.   output_size  should  be
       greater than or equal to	CRYPT_GENSALT_OUTPUT_SIZE.  It's also not rec-
       ommended	to use the pointer returned as an argument for another call to
       crypt_gensalt_rn	 using the same	output buffer for subsequent calls, as
       some implementations, including	earlier	 releases  of  libxcrypt,  may
       overwrite the supplied buffer before computing the setting.

       crypt_gensalt_ra	 allocates  memory for its result using	malloc(3).  It
       should be freed with free(3) after use.

       Upon error, in addition to returning a null pointer, crypt_gensalt  and
       crypt_gensalt_rn	 will  write an	invalid	setting	string to their	output
       buffer, if there	is enough space; this string will begin	with a `*' and
       will not	be equal to prefix.

ERRORS
       EINVAL		  prefix is invalid or not supported by	this implemen-
			  tation; count	is invalid for the  requested  prefix;
			  the  input  nrbytes is insufficient for the smallest
			  valid	salt with the requested	prefix.

       ERANGE		  crypt_gensalt_rn only: output_size is	too  small  to
			  hold the compiled setting string.

       ENOMEM		  Failed to allocate internal scratch memory.
			  crypt_gensalt_ra only: failed	to allocate memory for
			  the compiled setting string.

       ENOSYS, EACCES, EIO, etc.
			  Obtaining  random  bytes  from  the operating	system
			  failed.  This	can only happen	when rbytes is a  null
			  pointer.

FEATURE	TEST MACROS
       The following macros are	defined	by <crypt.h>:

       CRYPT_GENSALT_IMPLEMENTS_DEFAULT_PREFIX
	       A null pointer can be specified as the prefix argument.

       CRYPT_GENSALT_IMPLEMENTS_AUTO_ENTROPY
	       A null pointer can be specified as the rbytes argument.

PORTABILITY NOTES
       The functions crypt_gensalt, crypt_gensalt_rn, and crypt_gensalt_ra are
       not part	of any standard.  They originate with the Openwall project.  A
       function	 with  the  name  crypt_gensalt	 also exists on	Solaris	10 and
       newer, but its prototype	and semantics differ.

       The default prefix and auto entropy features are	available since	 libx-
       crypt  version 4.0.0.  Portable software	can use	feature	test macros to
       find out	whether	null pointers can be used for the  prefix  and	rbytes
       arguments.

       The set of supported hashing methods varies considerably	from system to
       system.

ATTRIBUTES
       For   an	  explanation	of   the  terms	 used  in  this	 section,  see
       attributes(7).
       +-------------------+---------------+------------------------------+
       | Interface	   | Attribute	   | Value			  |
       +-------------------+---------------+------------------------------+
       | crypt_gensalt	   | Thread safety | MT-Unsafe race:crypt_gensalt |
       +-------------------+---------------+------------------------------+
       | crypt_gensalt_rn, | Thread safety | MT-Safe			  |
       | crypt_gensalt_ra  |		   |				  |
       +-------------------+---------------+------------------------------+

SEE ALSO
       crypt(3),  getpass(3),  getpwent(3),  shadow(3),	 login(1),  passwd(1),
       crypt(5), passwd(5), shadow(5), pam(8)

Openwall Project		March 27, 2024		      CRYPT_GENSALT(3)

Want to link to this manual page? Use this URL:
<https://man.freebsd.org/cgi/man.cgi?query=crypt_gensalt&sektion=3&manpath=FreeBSD+Ports+15.1.quarterly>

home | help