1
2CRYPT_RN(3)                    Library functions                   CRYPT_RN(3)
3
4
5

NAME

7       crypt, crypt_r, crypt_rn, crypt_ra - passphrase hashing
8

SYNOPSIS

10       #include <crypt.h>
11
12       char *crypt(const char *phrase, const char *setting);
13       char *crypt_r(const char *phrase, const char *setting, struct
14               crypt_data *data);
15       char *crypt_rn(const char *phrase, const char *setting, void *data, int
16               size);
17       char *crypt_ra(const char *phrase, const char *setting, void **data,
18               int *size);
19
20       Link with -lcrypt.
21

DESCRIPTION

23       The crypt,  crypt_r,  crypt_rn,  and  crypt_ra  functions  irreversibly
24       “hash”  phrase  for storage in the system password database (shadow(5))
25       using a cryptographic “hashing method.”  The result of  this  operation
26       is  called a “hashed passphrase” or just a “hash.”  Hashing methods are
27       described in crypt(5).
28
29       setting controls which hashing method to use, and also supplies various
30       parameters to the chosen method, most importantly a random “salt” which
31       ensures that no two stored hashes are the  same,  even  if  the  phrase
32       strings are the same.  The hashing methods are explained below.
33
34       The crypt_data structure passed to crypt_r has at least these fields:
35
36           struct crypt_data {
37               char output[CRYPT_OUTPUT_SIZE];
38               char setting[CRYPT_OUTPUT_SIZE];
39               char phrase[CRYPT_MAX_PASSPHRASE_SIZE];
40               char initialized;
41           };
42
43       Upon  a  successful  return from crypt_r, the hashed passphrase will be
44       stored in output.  Applications are encouraged, but  not  required,  to
45       use  the  setting and phrase fields to store the strings that they will
46       pass as phrase and setting to crypt_r.  This will  make  it  easier  to
47       erase all sensitive data after it is no longer needed.
48
49       The  initialized  field  must  be  set  to zero before the first time a
50       crypt_data object is first used in a call  to  crypt_r.   We  recommend
51       zeroing the entire crypt_data object, not just initialized and not just
52       the documented fields, before the  first  use.   (Of  course,  do  this
53       before storing anything in setting and phrase.)
54
55       The data argument to crypt_rn should also point to a crypt_data object,
56       and size should be the size of that object, cast  to  int.   When  used
57       with  crypt_rn,  the entire crypt_data object must be zeroed before its
58       first use; this is not just a recommendation, as  it  is  for  crypt_r.
59       (setting  and  phrase  are  still  allowed to be used.)  Otherwise, the
60       fields of the object have the same uses that they do for crypt_r.
61
62       On the first call to crypt_ra, data should be the address of a  void  *
63       variable set to NULL, and size should be the address of an int variable
64       set to zero.   crypt_ra  will  allocate  and  initialize  a  crypt_data
65       object,  using malloc(3), and write its address and size into *data and
66       *size.  These can be reused in subsequent calls.  After the application
67       is done hashing passphrases, it should deallocate *data using free(3).
68

RETURN VALUE

70       Upon  successful  completion,  crypt,  crypt_r,  crypt_rn, and crypt_ra
71       return a pointer to a string which encodes both the hashed  passphrase,
72       and  the settings that were used to encode it.  This string is directly
73       usable as setting with other calls to  crypt,  crypt_r,  crypt_rn,  and
74       crypt_ra,  and as prefix with calls to crypt_gensalt, crypt_gensalt_rn,
75       and crypt_gensalt_ra.  It will be entirely printable  ASCII,  and  will
76       not  contain  whitespace  or the characters ‘:’, ‘;’, ‘*’, ‘!’, or ‘\’.
77       See crypt(5) for more detail on the format of hashed passphrases.
78
79       crypt places its result in a static storage area, which will  be  over‐
80       written  by  subsequent  calls  to crypt.  It is not safe to call crypt
81       from multiple threads simultaneously.
82
83       crypt_r, crypt_rn, and crypt_ra place their result in the output  field
84       of  the  crypt_data  object  that they are supplied with; it is safe to
85       call them from multiple threads simultaneously, as long as  a  separate
86       crypt_data object is used for each thread.
87
88       Upon  error,  crypt_r,  crypt_rn,  and crypt_ra write an invalid hashed
89       passphrase to the output field of their crypt_data  object,  and  crypt
90       writes an invalid hash to its static storage area.  This string will be
91       shorter than 13 characters, will begin with a ‘*’, and will not compare
92       equal to setting.
93
94       Upon  error,  crypt_rn and crypt_ra return a null pointer.  crypt_r and
95       crypt may also return a null pointer, or they may return a  pointer  to
96       the  invalid  hash,  depending  on  how  libcrypt was configured.  (The
97       option to return the invalid hash is for compatibility with old  appli‐
98       cations  that  assume  that  crypt  cannot  return a null pointer.  See
99       PORTABILITY NOTES below.)
100
101       All four functions set errno when they fail.
102

ERRORS

104       EINVAL setting is invalid, or requests a hashing  method  that  is  not
105              supported.
106
107       ERANGE crypt_rn  only:  size  is  too  small  for  the  hashing  method
108              requested by setting.
109
110       ENOMEM Failed to allocate internal scratch memory.
111              crypt_ra only: failed to allocate memory for *data.
112
113       ENOSYS or EOPNOTSUPP
114              Hashing passphrases is not supported at all  on  this  installa‐
115              tion,  or  the  hashing  method requested by setting is not sup‐
116              ported.  These error codes are  not  used  by  this  version  of
117              libcrypt, but may be encountered on other systems.
118

PORTABILITY NOTES

120       crypt is included in POSIX, but crypt_r, crypt_rn, and crypt_ra are not
121       part of any standard.
122
123       POSIX does not specify any hashing methods, and does not require hashed
124       passphrases  to  be  portable  between  systems.   In  practice, hashed
125       passphrases are portable as long as both systems  support  the  hashing
126       method  that  was  used.  However, the set of supported hashing methods
127       varies considerably from system to system.
128
129       The behavior of crypt on errors isn't well standardized.   Some  imple‐
130       mentations  simply  can't fail (except by crashing the program), others
131       return a null pointer or a fixed string.   Most  implementations  don't
132       set  errno,  but some do.  POSIX specifies returning a null pointer and
133       setting errno, but it defines only one possible error, ENOSYS,  in  the
134       case  where  crypt is not supported at all.  Many existing applications
135       are not prepared to handle null pointers returned by crypt.  The behav‐
136       ior  described above for this implementation, setting errno and return‐
137       ing an invalid hashed passphrase different from setting, is  chosen  to
138       make these applications fail closed when an error occurs.
139
140       Due  to historical restrictions on the export of cryptographic software
141       from the USA, crypt  is  an  optional  POSIX  component.   Applications
142       should  therefore  be  prepared  for  crypt  not to be available, or to
143       always fail (setting errno to ENOSYS) at runtime.
144
145       POSIX specifies that crypt is declared in unistd.h,  but  only  if  the
146       macro  _XOPEN_CRYPT is defined and has a value greater than or equal to
147       zero.  Since libcrypt does not provide  unistd.h,  it  declares  crypt,
148       crypt_r, crypt_rn, and crypt_ra in crypt.h instead.
149
150       On  a  minority  of systems (notably recent versions of Solaris), crypt
151       uses a thread-specific static storage buffer, which makes  it  safe  to
152       call  from  multiple  threads simultaneously, but does not prevent each
153       call within a thread from overwriting the results of the previous one.
154

BUGS

156       Some implementations of crypt, upon error, return an invalid hash  that
157       is stored in a read-only location or only initialized once, which means
158       that it is only safe to erase the buffer pointed to by the crypt return
159       value if an error did not occur.
160
161       struct  crypt_data  may  be quite large (32kB in this implementation of
162       libcrypt; over 128kB in some other  implementations).   This  is  large
163       enough that it may be unwise to allocate it on the stack.
164
165       Some  recently  designed hashing methods need even more scratch memory,
166       but the crypt_r interface makes it impossible to  change  the  size  of
167       crypt_data  without breaking binary compatibility.  The crypt_rn inter‐
168       face could accommodate larger allocations for specific hashing methods,
169       but  the  caller  of  crypt_rn has no way of knowing how much memory to
170       allocate.  crypt_ra does the allocation itself, but  can  only  make  a
171       single call to malloc(3).
172

ATTRIBUTES

174       For   an   explanation   of   the  terms  used  in  this  section,  see
175       attributes(7).
176
177       ┌───────────────────┬───────────────┬──────────────────────┐
178Interface          Attribute     Value                
179       ├───────────────────┼───────────────┼──────────────────────┤
180crypt              │ Thread safety │ MT-Unsafe race:crypt │
181       ├───────────────────┼───────────────┼──────────────────────┤
182crypt_r, crypt_rn, │ Thread safety │ MT-Safe              │
183crypt_ra           │               │                      │
184       └───────────────────┴───────────────┴──────────────────────┘
185

HISTORY

187       A  rotor-based  crypt  function  appeared  in Version 6 AT&T UNIX.  The
188       "traditional" DES-based crypt first appeared in Version 7 AT&T UNIX.
189
190       crypt_r originates with the GNU C  Library.   There's  also  a  crypt_r
191       function  on  HP-UX  and  MKS Toolkit, but the prototypes and semantics
192       differ.
193
194       crypt_rn and crypt_ra originate with the Openwall project.
195

SEE ALSO

197       crypt_gensalt(3), getpass(3), getpwent(3), shadow(3), login(1),
198       passwd(1), crypt(5), passwd(5), shadow(5), pam(8)
199
200
201
202Openwall Project               October 11, 2017                    CRYPT_RN(3)
Impressum