Copy stable/10@r272459 to releng/10.1 as part of
the 10.1-RELEASE process.

Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation

MFH (r261913): switch default to sha512
MFH (r264964): rewrite so DES still works when not the default
MFH (r262945): clean up man page

Copy head (r256279) to stable/10 as part of the 10.0-RELEASE cycle.

Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation

Stop using auth_getval() now that it always returns NULL. Instead,
hardcode the default to what it would be if we didn't hardcode it,
i.e. DES if supported and MD5 otherwise.

MFC after: 3 weeks

mdoc: minor Bl improvements.

Make the item numbers match the crypt magic number

PR: docs/166497
Submitted by: Mike Kelly <pioto@pioto.org>
Approved by: cperciva
MFC after: 1 week

Remove superfluous paragraph macro.

Document SHA256/512 modes.

MFC after: 1 month

cipher(3) is gone.

MFC after: 3 days

Fixed the misplaced $FreeBSD$.

Sort sections.

Mechanically kill hard sentence breaks.

The .Fn function

Add a new hash type. This "NT-hash" is compatible with the password
hashing scheme used in Microsoft's NT machines. IT IS NOT SECURE!
DON'T USE IT! This is for the use of competent sysadmins only!

Submitted by: Michael Bretterklieber

english(4) police.

crypt(3) incorrectly documents md5 salt, fixed.

PR: 36782
No objections from: ru
MFC after: 3 days

s/crypt_format/crypt_default/ to match reality.

PR: docs/32787
Spotted by: Pete Carah <pete@altadena.net>

mdoc(7) police: Use the new .In macro for #include statements.

Remove out-of-date "cannot be exported from USA" notice.

Remove whitespace at EOL.

mdoc(7) police: removed punctuation after the last SEE ALSO xref.

mdoc(7) police: removed HISTORY info from the .Os call.

mdoc(7) police: remove extraneous .Pp before and/or after .Sh.

Remove duplicate words.

mdoc(7) police: ``It'' macro does not take argument in -enum lists.
(In -mdocNG, this only causes warning. In current implementation,
it is fatal.)

Pointy hat to: markm (for not checking stderr)

Add OpenBSD-style blowfish password hashing. This makes one less
gratuitous difference between us and our sister project.

This was given to me _ages_ ago. May apologies to Paul for the length
of time its taken me to commit.

Obtained from: Niels Provos <provos@physnet.uni-hamburg.de>/OpenBSD
Submitted by: Paul Herman <pherman@frenchfries.net>

Prepare for mdoc(7)NG.

Reflect rev 1.18 in crypt.c. Note that this section is somewhat
mangled and could do with some word-smithing.

Merge into a single US-exportable libcrypt, which only provides
one-way hash functions for authentication purposes. There is no more
"set the libcrypt->libXXXcrypt" nightmare.
- Undo the libmd.so hack, use -D to hide the md5c.c internals.
- Remove the symlink hacks in release/Makefile
- the algorthm is set by set_crypt_format() as before. If this is
not called, it tries to heuristically figure out the hash format, and
if all else fails, it uses the optional auth.conf entry to chose the
overall default hash.
- Since source has non-hidden crypto in it there may be some issues with
having the source it in some countries, so preserve the "secure/*"
division. You can still build a des-free libcrypt library if you want
to badly enough. This should not be a problem in the US or exporting
from the US as freebsd.org had notified BXA some time ago. That makes
this stuff re-exportable by anyone.
- For consistancy, the default in absence of any other clues is md5. This
is to try and minimize POLA across buildworld where folk may suddenly
be activating des-crypt()-hash support. Since the des hash may not
always be present, it seemed sensible to make the stronger md5 algorithm
the default.
All things being equal, no functionality is lost.

Reviewed-by: jkh

(flame-proof suit on)

(null commit)

Previous commit has wrong log message. The correct one is:

mdoc(7) police: do not split author names in the AUTHORS section.

log

Add working and easy crypt(3)-switching. Yes, we need a whole new API
for crypt(3) by now. In any case:

Add crypt_set_format(3) + documentation to -lcrypt.
Add login_setcryptfmt(3) + documentation to -lutil.
Support for switching crypt formats in passwd(8).
Support for switching crypt formats in pw(8).

The simple synopsis is:
edit login.conf; add a passwd_format field set to "des" or "md5"; go nuts :)

Reviewed by: peter

Oops, remove vestigial reference to SHS passwords.

Introduce .Lb macro to libcrypt manpage.
Make it more mdoc(7) compliant:
. use .Tn for DES, MD5 andSHS.
. Replace double quotes with .Dq macro
. use An/Aq scheme for listing authors

A bunch of factual corrections.

Fixed missing include in synopsis.

Fixed a formatting error in the prototype for crypt().

Big code cleanup. (Inspired by Brandon Gillespie). Also move as
much as possible away from secure/ to make extending easier.