Add crypt_r(), etc.

Add crypt_add_format(), crypt_r(), crypt_md5_r(), crypt_sha256_r() and
crypt_sha512_r().

7 files changed, 879 insertions, 0 deletions

diff --git a/cpukit/libcrypt/Makefile.am b/cpukit/libcrypt/Makefile.am
new file mode 100644
index 0000000000..fe174d4e9d
--- /dev/null
+++ b/cpukit/libcrypt/Makefile.am
@@ -0,0 +1,17 @@
+include $(top_srcdir)/automake/compile.am
+
+include_HEADERS =
+
+noinst_LIBRARIES = libcrypt.a
+
+libcrypt_a_CPPFLAGS = $(AM_CPPFLAGS)
+
+libcrypt_a_SOURCES =
+libcrypt_a_SOURCES += crypt.c
+libcrypt_a_SOURCES += crypt-md5.c
+libcrypt_a_SOURCES += crypt-sha256.c
+libcrypt_a_SOURCES += crypt-sha512.c
+libcrypt_a_SOURCES += misc.c
+
+include $(srcdir)/preinstall.am
+include $(top_srcdir)/automake/local.am
diff --git a/cpukit/libcrypt/crypt-md5.c b/cpukit/libcrypt/crypt-md5.c
new file mode 100644
index 0000000000..c60dcf8973
--- /dev/null
+++ b/cpukit/libcrypt/crypt-md5.c
@@ -0,0 +1,157 @@
+/*-
+ * Copyright (c) 2003 Poul-Henning Kamp
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include <sys/cdefs.h>
+__FBSDID("$FreeBSD$");
+
+#include <sys/types.h>
+
+#include <md5.h>
+#include <stdio.h>
+#include <string.h>
+#include <unistd.h>
+
+#include <crypt.h>
+
+#define MD5_SIZE 16
+
+/*
+ * UNIX password
+ */
+
+char *
+crypt_md5_r(const char *pw, const char *salt, struct crypt_data *data)
+{
+	MD5_CTX	ctx,ctx1;
+	unsigned long l;
+	int sl, pl;
+	u_int i;
+	u_char final[MD5_SIZE];
+	const char *sp, *ep;
+	char *passwd = &data->buffer[0], *p;
+	static const char magic[] = "$1$";
+
+	/* Refine the Salt first */
+	sp = salt;
+
+	/* If it starts with the magic string, then skip that */
+	if(!strncmp(sp, magic, strlen(magic)))
+		sp += strlen(magic);
+
+	/* It stops at the first '$', max 8 chars */
+	for(ep = sp; *ep && *ep != '$' && ep < (sp + 8); ep++)
+		continue;
+
+	/* get the length of the true salt */
+	sl = ep - sp;
+
+	MD5Init(&ctx);
+
+	/* The password first, since that is what is most unknown */
+	MD5Update(&ctx, (const u_char *)pw, strlen(pw));
+
+	/* Then our magic string */
+	MD5Update(&ctx, (const u_char *)magic, strlen(magic));
+
+	/* Then the raw salt */
+	MD5Update(&ctx, (const u_char *)sp, (u_int)sl);
+
+	/* Then just as many characters of the MD5(pw,salt,pw) */
+	MD5Init(&ctx1);
+	MD5Update(&ctx1, (const u_char *)pw, strlen(pw));
+	MD5Update(&ctx1, (const u_char *)sp, (u_int)sl);
+	MD5Update(&ctx1, (const u_char *)pw, strlen(pw));
+	MD5Final(final, &ctx1);
+	for(pl = (int)strlen(pw); pl > 0; pl -= MD5_SIZE)
+		MD5Update(&ctx, (const u_char *)final,
+		    (u_int)(pl > MD5_SIZE ? MD5_SIZE : pl));
+
+	/* Don't leave anything around in vm they could use. */
+	memset(final, 0, sizeof(final));
+
+	/* Then something really weird... */
+	for (i = strlen(pw); i; i >>= 1)
+		if(i & 1)
+		    MD5Update(&ctx, (const u_char *)final, 1);
+		else
+		    MD5Update(&ctx, (const u_char *)pw, 1);
+
+	/* Now make the output string */
+	strcpy(passwd, magic);
+	strncat(passwd, sp, (u_int)sl);
+	strcat(passwd, "$");
+
+	MD5Final(final, &ctx);
+
+	/*
+	 * and now, just to make sure things don't run too fast
+	 * On a 60 Mhz Pentium this takes 34 msec, so you would
+	 * need 30 seconds to build a 1000 entry dictionary...
+	 */
+	for(i = 0; i < 1000; i++) {
+		MD5Init(&ctx1);
+		if(i & 1)
+			MD5Update(&ctx1, (const u_char *)pw, strlen(pw));
+		else
+			MD5Update(&ctx1, (const u_char *)final, MD5_SIZE);
+
+		if(i % 3)
+			MD5Update(&ctx1, (const u_char *)sp, (u_int)sl);
+
+		if(i % 7)
+			MD5Update(&ctx1, (const u_char *)pw, strlen(pw));
+
+		if(i & 1)
+			MD5Update(&ctx1, (const u_char *)final, MD5_SIZE);
+		else
+			MD5Update(&ctx1, (const u_char *)pw, strlen(pw));
+		MD5Final(final, &ctx1);
+	}
+
+	p = passwd + strlen(passwd);
+
+	l = (final[ 0]<<16) | (final[ 6]<<8) | final[12];
+	_crypt_to64(p, l, 4); p += 4;
+	l = (final[ 1]<<16) | (final[ 7]<<8) | final[13];
+	_crypt_to64(p, l, 4); p += 4;
+	l = (final[ 2]<<16) | (final[ 8]<<8) | final[14];
+	_crypt_to64(p, l, 4); p += 4;
+	l = (final[ 3]<<16) | (final[ 9]<<8) | final[15];
+	_crypt_to64(p, l, 4); p += 4;
+	l = (final[ 4]<<16) | (final[10]<<8) | final[ 5];
+	_crypt_to64(p, l, 4); p += 4;
+	l = final[11];
+	_crypt_to64(p, l, 2); p += 2;
+	*p = '\0';
+
+	/* Don't leave anything around in vm they could use. */
+	memset(final, 0, sizeof(final));
+
+	return (passwd);
+}
+
+struct crypt_format crypt_md5_format =
+    CRYPT_FORMAT_INITIALIZER(crypt_md5_r, "$1$");
diff --git a/cpukit/libcrypt/crypt-sha256.c b/cpukit/libcrypt/crypt-sha256.c
new file mode 100644
index 0000000000..7a677284b5
--- /dev/null
+++ b/cpukit/libcrypt/crypt-sha256.c
@@ -0,0 +1,272 @@
+/*
+ * Copyright (c) 2011 The FreeBSD Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/* Based on:
+ * SHA256-based Unix crypt implementation. Released into the Public Domain by
+ * Ulrich Drepper <drepper@redhat.com>. */
+
+#include <sys/cdefs.h>
+__FBSDID("$FreeBSD$");
+
+#include <sys/endian.h>
+#include <sys/param.h>
+
+#include <errno.h>
+#include <limits.h>
+#include <sha256.h>
+#include <stdbool.h>
+#include <stdint.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include <crypt.h>
+
+/* Define our magic string to mark salt for SHA256 "encryption" replacement. */
+static const char sha256_salt_prefix[] = "$5$";
+
+/* Prefix for optional rounds specification. */
+static const char sha256_rounds_prefix[] = "rounds=";
+
+/* Maximum salt string length. */
+#define SALT_LEN_MAX 16
+/* Default number of rounds if not explicitly specified. */
+#define ROUNDS_DEFAULT 5000
+/* Minimum number of rounds. */
+#define ROUNDS_MIN 1000
+/* Maximum number of rounds. */
+#define ROUNDS_MAX 999999999
+
+char *
+crypt_sha256_r(const char *key, const char *salt, struct crypt_data *data)
+{
+	u_long srounds;
+	int n;
+	uint8_t alt_result[32], temp_result[32];
+	SHA256_CTX ctx, alt_ctx;
+	size_t salt_len, key_len, cnt, rounds;
+	char *cp, *copied_key, *copied_salt, *p_bytes, *s_bytes, *endp;
+	const char *num;
+	bool rounds_custom;
+	char *buffer = &data->buffer[0];
+	int buflen = (int)sizeof(data->buffer);
+
+	copied_key = NULL;
+	copied_salt = NULL;
+
+	/* Default number of rounds. */
+	rounds = ROUNDS_DEFAULT;
+	rounds_custom = false;
+
+	/* Find beginning of salt string. The prefix should normally always
+	 * be present. Just in case it is not. */
+	if (strncmp(sha256_salt_prefix, salt, sizeof(sha256_salt_prefix) - 1) == 0)
+		/* Skip salt prefix. */
+		salt += sizeof(sha256_salt_prefix) - 1;
+
+	if (strncmp(salt, sha256_rounds_prefix, sizeof(sha256_rounds_prefix) - 1)
+	    == 0) {
+		num = salt + sizeof(sha256_rounds_prefix) - 1;
+		srounds = strtoul(num, &endp, 10);
+
+		if (*endp == '$') {
+			salt = endp + 1;
+			rounds = MAX(ROUNDS_MIN, MIN(srounds, ROUNDS_MAX));
+			rounds_custom = true;
+		}
+	}
+
+	salt_len = MIN(strcspn(salt, "$"), SALT_LEN_MAX);
+	key_len = strlen(key);
+
+	/* Prepare for the real work. */
+	SHA256_Init(&ctx);
+
+	/* Add the key string. */
+	SHA256_Update(&ctx, key, key_len);
+
+	/* The last part is the salt string. This must be at most 8
+	 * characters and it ends at the first `$' character (for
+	 * compatibility with existing implementations). */
+	SHA256_Update(&ctx, salt, salt_len);
+
+	/* Compute alternate SHA256 sum with input KEY, SALT, and KEY. The
+	 * final result will be added to the first context. */
+	SHA256_Init(&alt_ctx);
+
+	/* Add key. */
+	SHA256_Update(&alt_ctx, key, key_len);
+
+	/* Add salt. */
+	SHA256_Update(&alt_ctx, salt, salt_len);
+
+	/* Add key again. */
+	SHA256_Update(&alt_ctx, key, key_len);
+
+	/* Now get result of this (32 bytes) and add it to the other context. */
+	SHA256_Final(alt_result, &alt_ctx);
+
+	/* Add for any character in the key one byte of the alternate sum. */
+	for (cnt = key_len; cnt > 32; cnt -= 32)
+		SHA256_Update(&ctx, alt_result, 32);
+	SHA256_Update(&ctx, alt_result, cnt);
+
+	/* Take the binary representation of the length of the key and for
+	 * every 1 add the alternate sum, for every 0 the key. */
+	for (cnt = key_len; cnt > 0; cnt >>= 1)
+		if ((cnt & 1) != 0)
+			SHA256_Update(&ctx, alt_result, 32);
+		else
+			SHA256_Update(&ctx, key, key_len);
+
+	/* Create intermediate result. */
+	SHA256_Final(alt_result, &ctx);
+
+	/* Start computation of P byte sequence. */
+	SHA256_Init(&alt_ctx);
+
+	/* For every character in the password add the entire password. */
+	for (cnt = 0; cnt < key_len; ++cnt)
+		SHA256_Update(&alt_ctx, key, key_len);
+
+	/* Finish the digest. */
+	SHA256_Final(temp_result, &alt_ctx);
+
+	/* Create byte sequence P. */
+	cp = p_bytes = alloca(key_len);
+	for (cnt = key_len; cnt >= 32; cnt -= 32) {
+		memcpy(cp, temp_result, 32);
+		cp += 32;
+	}
+	memcpy(cp, temp_result, cnt);
+
+	/* Start computation of S byte sequence. */
+	SHA256_Init(&alt_ctx);
+
+	/* For every character in the password add the entire password. */
+	for (cnt = 0; cnt < 16 + alt_result[0]; ++cnt)
+		SHA256_Update(&alt_ctx, salt, salt_len);
+
+	/* Finish the digest. */
+	SHA256_Final(temp_result, &alt_ctx);
+
+	/* Create byte sequence S. */
+	cp = s_bytes = alloca(salt_len);
+	for (cnt = salt_len; cnt >= 32; cnt -= 32) {
+		memcpy(cp, temp_result, 32);
+		cp += 32;
+	}
+	memcpy(cp, temp_result, cnt);
+
+	/* Repeatedly run the collected hash value through SHA256 to burn CPU
+	 * cycles. */
+	for (cnt = 0; cnt < rounds; ++cnt) {
+		/* New context. */
+		SHA256_Init(&ctx);
+
+		/* Add key or last result. */
+		if ((cnt & 1) != 0)
+			SHA256_Update(&ctx, p_bytes, key_len);
+		else
+			SHA256_Update(&ctx, alt_result, 32);
+
+		/* Add salt for numbers not divisible by 3. */
+		if (cnt % 3 != 0)
+			SHA256_Update(&ctx, s_bytes, salt_len);
+
+		/* Add key for numbers not divisible by 7. */
+		if (cnt % 7 != 0)
+			SHA256_Update(&ctx, p_bytes, key_len);
+
+		/* Add key or last result. */
+		if ((cnt & 1) != 0)
+			SHA256_Update(&ctx, alt_result, 32);
+		else
+			SHA256_Update(&ctx, p_bytes, key_len);
+
+		/* Create intermediate result. */
+		SHA256_Final(alt_result, &ctx);
+	}
+
+	/* Now we can construct the result string. It consists of three
+	 * parts. */
+	cp = stpncpy(buffer, sha256_salt_prefix, MAX(0, buflen));
+	buflen -= sizeof(sha256_salt_prefix) - 1;
+
+	if (rounds_custom) {
+		n = snprintf(cp, MAX(0, buflen), "%s%zu$",
+			 sha256_rounds_prefix, rounds);
+
+		cp += n;
+		buflen -= n;
+	}
+
+	cp = stpncpy(cp, salt, MIN((size_t)MAX(0, buflen), salt_len));
+	buflen -= MIN((size_t)MAX(0, buflen), salt_len);
+
+	if (buflen > 0) {
+		*cp++ = '$';
+		--buflen;
+	}
+
+	b64_from_24bit(alt_result[0], alt_result[10], alt_result[20], 4, &buflen, &cp);
+	b64_from_24bit(alt_result[21], alt_result[1], alt_result[11], 4, &buflen, &cp);
+	b64_from_24bit(alt_result[12], alt_result[22], alt_result[2], 4, &buflen, &cp);
+	b64_from_24bit(alt_result[3], alt_result[13], alt_result[23], 4, &buflen, &cp);
+	b64_from_24bit(alt_result[24], alt_result[4], alt_result[14], 4, &buflen, &cp);
+	b64_from_24bit(alt_result[15], alt_result[25], alt_result[5], 4, &buflen, &cp);
+	b64_from_24bit(alt_result[6], alt_result[16], alt_result[26], 4, &buflen, &cp);
+	b64_from_24bit(alt_result[27], alt_result[7], alt_result[17], 4, &buflen, &cp);
+	b64_from_24bit(alt_result[18], alt_result[28], alt_result[8], 4, &buflen, &cp);
+	b64_from_24bit(alt_result[9], alt_result[19], alt_result[29], 4, &buflen, &cp);
+	b64_from_24bit(0, alt_result[31], alt_result[30], 3, &buflen, &cp);
+	if (buflen <= 0) {
+		errno = ERANGE;
+		buffer = NULL;
+	}
+	else
+		*cp = '\0';	/* Terminate the string. */
+
+	/* Clear the buffer for the intermediate result so that people
+	 * attaching to processes or reading core dumps cannot get any
+	 * information. We do it in this way to clear correct_words[] inside
+	 * the SHA256 implementation as well. */
+	SHA256_Init(&ctx);
+	SHA256_Final(alt_result, &ctx);
+	memset(temp_result, '\0', sizeof(temp_result));
+	memset(p_bytes, '\0', key_len);
+	memset(s_bytes, '\0', salt_len);
+	memset(&ctx, '\0', sizeof(ctx));
+	memset(&alt_ctx, '\0', sizeof(alt_ctx));
+	if (copied_key != NULL)
+		memset(copied_key, '\0', key_len);
+	if (copied_salt != NULL)
+		memset(copied_salt, '\0', salt_len);
+
+	return buffer;
+}
+
+struct crypt_format crypt_sha256_format =
+    CRYPT_FORMAT_INITIALIZER(crypt_sha256_r, "$5$");
diff --git a/cpukit/libcrypt/crypt-sha512.c b/cpukit/libcrypt/crypt-sha512.c
new file mode 100644
index 0000000000..d418b8946a
--- /dev/null
+++ b/cpukit/libcrypt/crypt-sha512.c
@@ -0,0 +1,284 @@
+/*
+ * Copyright (c) 2011 The FreeBSD Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/* Based on:
+ * SHA512-based Unix crypt implementation. Released into the Public Domain by
+ * Ulrich Drepper <drepper@redhat.com>. */
+
+#include <sys/cdefs.h>
+__FBSDID("$FreeBSD$");
+
+#include <sys/endian.h>
+#include <sys/param.h>
+
+#include <errno.h>
+#include <limits.h>
+#include <sha512.h>
+#include <stdbool.h>
+#include <stdint.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include <crypt.h>
+
+/* Define our magic string to mark salt for SHA512 "encryption" replacement. */
+static const char sha512_salt_prefix[] = "$6$";
+
+/* Prefix for optional rounds specification. */
+static const char sha512_rounds_prefix[] = "rounds=";
+
+/* Maximum salt string length. */
+#define SALT_LEN_MAX 16
+/* Default number of rounds if not explicitly specified. */
+#define ROUNDS_DEFAULT 5000
+/* Minimum number of rounds. */
+#define ROUNDS_MIN 1000
+/* Maximum number of rounds. */
+#define ROUNDS_MAX 999999999
+
+char *
+crypt_sha512_r(const char *key, const char *salt, struct crypt_data *data)
+{
+	u_long srounds;
+	int n;
+	uint8_t alt_result[64], temp_result[64];
+	SHA512_CTX ctx, alt_ctx;
+	size_t salt_len, key_len, cnt, rounds;
+	char *cp, *copied_key, *copied_salt, *p_bytes, *s_bytes, *endp;
+	const char *num;
+	bool rounds_custom;
+	char *buffer = &data->buffer[0];
+	int buflen = (int)sizeof(data->buffer);
+
+	copied_key = NULL;
+	copied_salt = NULL;
+
+	/* Default number of rounds. */
+	rounds = ROUNDS_DEFAULT;
+	rounds_custom = false;
+
+	/* Find beginning of salt string. The prefix should normally always
+	 * be present. Just in case it is not. */
+	if (strncmp(sha512_salt_prefix, salt, sizeof(sha512_salt_prefix) - 1) == 0)
+		/* Skip salt prefix. */
+		salt += sizeof(sha512_salt_prefix) - 1;
+
+	if (strncmp(salt, sha512_rounds_prefix, sizeof(sha512_rounds_prefix) - 1)
+	    == 0) {
+		num = salt + sizeof(sha512_rounds_prefix) - 1;
+		srounds = strtoul(num, &endp, 10);
+
+		if (*endp == '$') {
+			salt = endp + 1;
+			rounds = MAX(ROUNDS_MIN, MIN(srounds, ROUNDS_MAX));
+			rounds_custom = true;
+		}
+	}
+
+	salt_len = MIN(strcspn(salt, "$"), SALT_LEN_MAX);
+	key_len = strlen(key);
+
+	/* Prepare for the real work. */
+	SHA512_Init(&ctx);
+
+	/* Add the key string. */
+	SHA512_Update(&ctx, key, key_len);
+
+	/* The last part is the salt string. This must be at most 8
+	 * characters and it ends at the first `$' character (for
+	 * compatibility with existing implementations). */
+	SHA512_Update(&ctx, salt, salt_len);
+
+	/* Compute alternate SHA512 sum with input KEY, SALT, and KEY. The
+	 * final result will be added to the first context. */
+	SHA512_Init(&alt_ctx);
+
+	/* Add key. */
+	SHA512_Update(&alt_ctx, key, key_len);
+
+	/* Add salt. */
+	SHA512_Update(&alt_ctx, salt, salt_len);
+
+	/* Add key again. */
+	SHA512_Update(&alt_ctx, key, key_len);
+
+	/* Now get result of this (64 bytes) and add it to the other context. */
+	SHA512_Final(alt_result, &alt_ctx);
+
+	/* Add for any character in the key one byte of the alternate sum. */
+	for (cnt = key_len; cnt > 64; cnt -= 64)
+		SHA512_Update(&ctx, alt_result, 64);
+	SHA512_Update(&ctx, alt_result, cnt);
+
+	/* Take the binary representation of the length of the key and for
+	 * every 1 add the alternate sum, for every 0 the key. */
+	for (cnt = key_len; cnt > 0; cnt >>= 1)
+		if ((cnt & 1) != 0)
+			SHA512_Update(&ctx, alt_result, 64);
+		else
+			SHA512_Update(&ctx, key, key_len);
+
+	/* Create intermediate result. */
+	SHA512_Final(alt_result, &ctx);
+
+	/* Start computation of P byte sequence. */
+	SHA512_Init(&alt_ctx);
+
+	/* For every character in the password add the entire password. */
+	for (cnt = 0; cnt < key_len; ++cnt)
+		SHA512_Update(&alt_ctx, key, key_len);
+
+	/* Finish the digest. */
+	SHA512_Final(temp_result, &alt_ctx);
+
+	/* Create byte sequence P. */
+	cp = p_bytes = alloca(key_len);
+	for (cnt = key_len; cnt >= 64; cnt -= 64) {
+		memcpy(cp, temp_result, 64);
+		cp += 64;
+	}
+	memcpy(cp, temp_result, cnt);
+
+	/* Start computation of S byte sequence. */
+	SHA512_Init(&alt_ctx);
+
+	/* For every character in the password add the entire password. */
+	for (cnt = 0; cnt < 16 + alt_result[0]; ++cnt)
+		SHA512_Update(&alt_ctx, salt, salt_len);
+
+	/* Finish the digest. */
+	SHA512_Final(temp_result, &alt_ctx);
+
+	/* Create byte sequence S. */
+	cp = s_bytes = alloca(salt_len);
+	for (cnt = salt_len; cnt >= 64; cnt -= 64) {
+		memcpy(cp, temp_result, 64);
+		cp += 64;
+	}
+	memcpy(cp, temp_result, cnt);
+
+	/* Repeatedly run the collected hash value through SHA512 to burn CPU
+	 * cycles. */
+	for (cnt = 0; cnt < rounds; ++cnt) {
+		/* New context. */
+		SHA512_Init(&ctx);
+
+		/* Add key or last result. */
+		if ((cnt & 1) != 0)
+			SHA512_Update(&ctx, p_bytes, key_len);
+		else
+			SHA512_Update(&ctx, alt_result, 64);
+
+		/* Add salt for numbers not divisible by 3. */
+		if (cnt % 3 != 0)
+			SHA512_Update(&ctx, s_bytes, salt_len);
+
+		/* Add key for numbers not divisible by 7. */
+		if (cnt % 7 != 0)
+			SHA512_Update(&ctx, p_bytes, key_len);
+
+		/* Add key or last result. */
+		if ((cnt & 1) != 0)
+			SHA512_Update(&ctx, alt_result, 64);
+		else
+			SHA512_Update(&ctx, p_bytes, key_len);
+
+		/* Create intermediate result. */
+		SHA512_Final(alt_result, &ctx);
+	}
+
+	/* Now we can construct the result string. It consists of three
+	 * parts. */
+	cp = stpncpy(buffer, sha512_salt_prefix, MAX(0, buflen));
+	buflen -= sizeof(sha512_salt_prefix) - 1;
+
+	if (rounds_custom) {
+		n = snprintf(cp, MAX(0, buflen), "%s%zu$",
+			 sha512_rounds_prefix, rounds);
+
+		cp += n;
+		buflen -= n;
+	}
+
+	cp = stpncpy(cp, salt, MIN((size_t)MAX(0, buflen), salt_len));
+	buflen -= MIN((size_t)MAX(0, buflen), salt_len);
+
+	if (buflen > 0) {
+		*cp++ = '$';
+		--buflen;
+	}
+
+	b64_from_24bit(alt_result[0], alt_result[21], alt_result[42], 4, &buflen, &cp);
+	b64_from_24bit(alt_result[22], alt_result[43], alt_result[1], 4, &buflen, &cp);
+	b64_from_24bit(alt_result[44], alt_result[2], alt_result[23], 4, &buflen, &cp);
+	b64_from_24bit(alt_result[3], alt_result[24], alt_result[45], 4, &buflen, &cp);
+	b64_from_24bit(alt_result[25], alt_result[46], alt_result[4], 4, &buflen, &cp);
+	b64_from_24bit(alt_result[47], alt_result[5], alt_result[26], 4, &buflen, &cp);
+	b64_from_24bit(alt_result[6], alt_result[27], alt_result[48], 4, &buflen, &cp);
+	b64_from_24bit(alt_result[28], alt_result[49], alt_result[7], 4, &buflen, &cp);
+	b64_from_24bit(alt_result[50], alt_result[8], alt_result[29], 4, &buflen, &cp);
+	b64_from_24bit(alt_result[9], alt_result[30], alt_result[51], 4, &buflen, &cp);
+	b64_from_24bit(alt_result[31], alt_result[52], alt_result[10], 4, &buflen, &cp);
+	b64_from_24bit(alt_result[53], alt_result[11], alt_result[32], 4, &buflen, &cp);
+	b64_from_24bit(alt_result[12], alt_result[33], alt_result[54], 4, &buflen, &cp);
+	b64_from_24bit(alt_result[34], alt_result[55], alt_result[13], 4, &buflen, &cp);
+	b64_from_24bit(alt_result[56], alt_result[14], alt_result[35], 4, &buflen, &cp);
+	b64_from_24bit(alt_result[15], alt_result[36], alt_result[57], 4, &buflen, &cp);
+	b64_from_24bit(alt_result[37], alt_result[58], alt_result[16], 4, &buflen, &cp);
+	b64_from_24bit(alt_result[59], alt_result[17], alt_result[38], 4, &buflen, &cp);
+	b64_from_24bit(alt_result[18], alt_result[39], alt_result[60], 4, &buflen, &cp);
+	b64_from_24bit(alt_result[40], alt_result[61], alt_result[19], 4, &buflen, &cp);
+	b64_from_24bit(alt_result[62], alt_result[20], alt_result[41], 4, &buflen, &cp);
+	b64_from_24bit(0, 0, alt_result[63], 2, &buflen, &cp);
+
+	if (buflen <= 0) {
+		errno = ERANGE;
+		buffer = NULL;
+	}
+	else
+		*cp = '\0';	/* Terminate the string. */
+
+	/* Clear the buffer for the intermediate result so that people
+	 * attaching to processes or reading core dumps cannot get any
+	 * information. We do it in this way to clear correct_words[] inside
+	 * the SHA512 implementation as well. */
+	SHA512_Init(&ctx);
+	SHA512_Final(alt_result, &ctx);
+	memset(temp_result, '\0', sizeof(temp_result));
+	memset(p_bytes, '\0', key_len);
+	memset(s_bytes, '\0', salt_len);
+	memset(&ctx, '\0', sizeof(ctx));
+	memset(&alt_ctx, '\0', sizeof(alt_ctx));
+	if (copied_key != NULL)
+		memset(copied_key, '\0', key_len);
+	if (copied_salt != NULL)
+		memset(copied_salt, '\0', salt_len);
+
+	return buffer;
+}
+
+struct crypt_format crypt_sha512_format =
+    CRYPT_FORMAT_INITIALIZER(crypt_sha512_r, "$6$");
diff --git a/cpukit/libcrypt/crypt.c b/cpukit/libcrypt/crypt.c
new file mode 100644
index 0000000000..b6acb97335
--- /dev/null
+++ b/cpukit/libcrypt/crypt.c
@@ -0,0 +1,71 @@
+/*
+ * Copyright (c) 2014 embedded brains GmbH.  All rights reserved.
+ *
+ *  embedded brains GmbH
+ *  Dornierstr. 4
+ *  82178 Puchheim
+ *  Germany
+ *  <info@embedded-brains.de>
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include <crypt.h>
+#include <string.h>
+
+static char *
+cf_default_func(const char *pw, const char *salt, struct crypt_data *data)
+{
+	(void)salt;
+
+	strncpy(&data->buffer[0], pw, sizeof(data->buffer) - 1);
+	data->buffer[sizeof(data->buffer) - 1] = '\0';
+
+	return (&data->buffer[0]);
+}
+
+static struct crypt_format cf_default =
+  CRYPT_FORMAT_INITIALIZER(cf_default_func, NULL);
+
+static SLIST_HEAD(, crypt_format) cf_head = {
+	&cf_default
+};
+
+void crypt_add_format(struct crypt_format *cf)
+{
+	if (cf->link.sle_next == NULL)
+		SLIST_INSERT_HEAD(&cf_head, cf, link);
+}
+
+char *
+crypt_r(const char *passwd, const char *salt, struct crypt_data *data)
+{
+	const struct crypt_format *cf;
+
+	SLIST_FOREACH(cf, &cf_head, link)
+		if (cf->magic != NULL && strstr(salt, cf->magic) == salt)
+			return (cf->func(passwd, salt, data));
+
+	cf = SLIST_FIRST(&cf_head);
+
+	return (cf->func(passwd, salt, data));
+}
diff --git a/cpukit/libcrypt/misc.c b/cpukit/libcrypt/misc.c
new file mode 100644
index 0000000000..9f2c13e8c7
--- /dev/null
+++ b/cpukit/libcrypt/misc.c
@@ -0,0 +1,63 @@
+/*
+ * Copyright (c) 1999
+ *      University of California.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the author nor the names of any co-contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY CONTRIBUTORS ``AS IS'' AND ANY EXPRESS
+ * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL CONTRIBUTORS BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
+ * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
+ * IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+ * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+ * IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include <sys/cdefs.h>
+__FBSDID("$FreeBSD$");
+
+#include <sys/types.h>
+
+#include <crypt.h>
+
+static const char itoa64[] =		/* 0 ... 63 => ascii - 64 */
+	"./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
+
+void
+_crypt_to64(char *s, u_long v, int n)
+{
+	while (--n >= 0) {
+		*s++ = itoa64[v&0x3f];
+		v >>= 6;
+	}
+}
+
+void
+b64_from_24bit(uint8_t B2, uint8_t B1, uint8_t B0, int n, int *buflen, char **cp)
+{
+	uint32_t w;
+	int i;
+
+	w = (B2 << 16) | (B1 << 8) | B0;
+	for (i = 0; i < n; i++) {
+		**cp = itoa64[w&0x3f];
+		(*cp)++;
+		if ((*buflen)-- < 0)
+			break;
+		w >>= 6;
+	}
+}
diff --git a/cpukit/libcrypt/preinstall.am b/cpukit/libcrypt/preinstall.am
new file mode 100644
index 0000000000..feb5d1d4e3
--- /dev/null
+++ b/cpukit/libcrypt/preinstall.am
@@ -0,0 +1,15 @@
+## Automatically generated by ampolish3 - Do not edit
+
+if AMPOLISH3
+$(srcdir)/preinstall.am: Makefile.am
+	$(AMPOLISH3) $(srcdir)/Makefile.am > $(srcdir)/preinstall.am
+endif
+
+PREINSTALL_DIRS =
+DISTCLEANFILES = $(PREINSTALL_DIRS)
+
+$(PROJECT_INCLUDE)/$(dirstamp):
+	@$(MKDIR_P) $(PROJECT_INCLUDE)
+	@: > $(PROJECT_INCLUDE)/$(dirstamp)
+PREINSTALL_DIRS += $(PROJECT_INCLUDE)/$(dirstamp)
+