etc/, lib/, man/, tests/: Remove support for MD5_CRYPT_ENAB

etc/login.defs

@@ -300,21 +300,6 @@ CHFN_RESTRICT		rwh
 # to use the default which is just "Password: ".
 #LOGIN_STRING		"%s's Password: "
 
-#
-# Only works if compiled with MD5_CRYPT defined:
-# If set to "yes", new passwords will be encrypted using the MD5-based
-# algorithm compatible with the one used by recent releases of FreeBSD.
-# It supports passwords of unlimited length and longer salt strings.
-# Set to "no" if you need to copy encrypted passwords to other systems
-# which don't understand the new algorithm.  Default is "no".
-#
-# Note: if you use PAM, it is recommended to use a value consistent with
-# the PAM modules configuration.
-#
-# This variable is deprecated. You should use ENCRYPT_METHOD instead.
-#
-#MD5_CRYPT_ENAB	no
-
 #
 # Only works if compiled with ENCRYPTMETHOD_SELECT defined:
 # If set to MD5, MD5-based algorithm will be used for encrypting password
@@ -324,7 +309,6 @@ CHFN_RESTRICT		rwh
 # If set to YESCRYPT, YESCRYPT-based algorithm will be used for encrypting password
 # If set to DES, DES-based algorithm will be used for encrypting password (default)
 # MD5 and DES should not be used for new hashes, see crypt(5) for recommendations.
-# Overrides the MD5_CRYPT_ENAB option
 #
 # Note: if you use PAM, it is recommended to use a value consistent with
 # the PAM modules configuration.

lib/getdef.c

@@ -107,7 +107,6 @@ static struct itemdef def_table[] = {
 	{"MAIL_DIR", NULL},
 	{"MAIL_FILE", NULL},
 	{"MAX_MEMBERS_PER_GROUP", NULL},
-	{"MD5_CRYPT_ENAB", NULL},
 	{"NONEXISTENT", NULL},
 	{"PASS_MAX_DAYS", NULL},
 	{"PASS_MIN_DAYS", NULL},

lib/obscure.c

@@ -215,11 +215,7 @@ obscure_get_range(int *minlen, int *maxlen)
 	}
 
 	method = getdef_str ("ENCRYPT_METHOD");
-	if (NULL == method) {
-		if (getdef_bool ("MD5_CRYPT_ENAB")) {
-			return;
-		}
-	} else {
+	if (NULL != method) {
 		if (   streq(method, "MD5")
 		    || streq(method, "SHA256")
 		    || streq(method, "SHA512")

lib/salt.c

@@ -334,16 +334,12 @@ static /*@observer@*/const char *gensalt (size_t salt_size)
 #endif /* !USE_XCRYPT_GENSALT */
 
 /*
- * Generate 8 base64 ASCII characters of random salt.  If MD5_CRYPT_ENAB
- * in /etc/login.defs is "yes", the salt string will be prefixed by "$1$"
- * (magic) and pw_encrypt() will execute the MD5-based FreeBSD-compatible
- * version of crypt() instead of the standard one.
- * Other methods can be set with ENCRYPT_METHOD
+ * Generate 8 base64 ASCII characters of random salt.
+ * Methods can be set with ENCRYPT_METHOD
  *
  * The method can be forced with the meth parameter.
  * If NULL, the method will be defined according to the ENCRYPT_METHOD
- * variable, and if not set according to the MD5_CRYPT_ENAB variable,
- * which can both be set inside the login.defs file.
+ * variable, which can be set inside the login.defs file.
  *
  * If meth is specified, an additional parameter can be provided.
  *  * For the SHA256 and SHA512 method, this specifies the number of rounds
@@ -359,14 +355,7 @@ static /*@observer@*/const char *gensalt (size_t salt_size)
 
 	bzero(result, GENSALT_SETTING_SIZE);
 
-	if (NULL != meth)
-		method = meth;
-	else {
-		method = getdef_str ("ENCRYPT_METHOD");
-		if (NULL == method) {
-			method = getdef_bool ("MD5_CRYPT_ENAB") ? "MD5" : "DES";
-		}
-	}
+	method = meth ?: getdef_str("ENCRYPT_METHOD") ?: "DES";
 
 	if (streq(method, "MD5")) {
 		MAGNUM(result, '1');

man/Makefile.am

@@ -156,7 +156,6 @@ login_defs_v = \
 	MAIL_CHECK_ENAB.xml \
 	MAIL_DIR.xml \
 	MAX_MEMBERS_PER_GROUP.xml \
-	MD5_CRYPT_ENAB.xml \
 	MOTD_FILE.xml \
 	NOLOGINS_FILE.xml \
 	NONEXISTENT.xml \

man/chgpasswd.8.xml

@@ -9,7 +9,6 @@
 <!ENTITY BCRYPT_MIN_ROUNDS     SYSTEM "login.defs.d/BCRYPT_MIN_ROUNDS.xml">
 <!ENTITY ENCRYPT_METHOD        SYSTEM "login.defs.d/ENCRYPT_METHOD.xml">
 <!ENTITY MAX_MEMBERS_PER_GROUP SYSTEM "login.defs.d/MAX_MEMBERS_PER_GROUP.xml">
-<!ENTITY MD5_CRYPT_ENAB        SYSTEM "login.defs.d/MD5_CRYPT_ENAB.xml">
 <!ENTITY SHA_CRYPT_MIN_ROUNDS  SYSTEM "login.defs.d/SHA_CRYPT_MIN_ROUNDS.xml">
 <!ENTITY YESCRYPT_COST_FACTOR  SYSTEM "login.defs.d/YESCRYPT_COST_FACTOR.xml">
 <!-- SHADOW-CONFIG-HERE -->
@@ -70,8 +69,8 @@
     <para>
       The default encryption algorithm can be defined for the system with
       the <option>ENCRYPT_METHOD</option> variable of <filename>/etc/login.defs</filename>,
-      and can be overwritten with the <option>-e</option>,
-      <option>-m</option>, or <option>-c</option> options.
+      and can be overwritten with the <option>-e</option>
+      or <option>-c</option> options.
     </para>
     <para>
       This command is intended to be used in a large system environment
@@ -116,15 +115,6 @@
 	  <para>Display help message and exit.</para>
 	</listitem>
       </varlistentry>
-      <varlistentry>
-	<term><option>-m</option>, <option>--md5</option></term>
-	<listitem>
-	  <para>
-	    Use MD5 encryption instead of DES when the supplied passwords are
-	    not encrypted.
-	  </para>
-	</listitem>
-      </varlistentry>
       <varlistentry>
 	<term>
 	  <option>-R</option>, <option>--root</option>&nbsp;<replaceable>CHROOT_DIR</replaceable>
@@ -209,7 +199,6 @@
       &BCRYPT_MIN_ROUNDS; <!--This also document BCRYPT_MAX_ROUNDS-->
       &ENCRYPT_METHOD;
       &MAX_MEMBERS_PER_GROUP;
-      &MD5_CRYPT_ENAB;
       &SHA_CRYPT_MIN_ROUNDS; <!--This also document SHA_CRYPT_MAX_ROUNDS-->
       &YESCRYPT_COST_FACTOR;
     </variablelist>

man/chpasswd.8.xml

@@ -8,7 +8,6 @@
   "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
 <!ENTITY BCRYPT_MIN_ROUNDS     SYSTEM "login.defs.d/BCRYPT_MIN_ROUNDS.xml">
 <!ENTITY ENCRYPT_METHOD        SYSTEM "login.defs.d/ENCRYPT_METHOD.xml">
-<!ENTITY MD5_CRYPT_ENAB        SYSTEM "login.defs.d/MD5_CRYPT_ENAB.xml">
 <!ENTITY SHA_CRYPT_MIN_ROUNDS  SYSTEM "login.defs.d/SHA_CRYPT_MIN_ROUNDS.xml">
 <!ENTITY YESCRYPT_COST_FACTOR  SYSTEM "login.defs.d/YESCRYPT_COST_FACTOR.xml">
 <!-- SHADOW-CONFIG-HERE -->
@@ -74,16 +73,15 @@
     </para>
     <para condition="no_pam">
       The default encryption algorithm can be defined for the system with
-      the <option>ENCRYPT_METHOD</option> or
-      <option>MD5_CRYPT_ENAB</option> variables of
+      the <option>ENCRYPT_METHOD</option> variable of
       <filename>/etc/login.defs</filename>, and can be overwritten with the
-      <option>-e</option>, <option>-m</option>, or <option>-c</option>
+      <option>-e</option> or <option>-c</option>
       options.
     </para>
     <para condition="pam">
       By default, passwords are encrypted by PAM, but (even if not
       recommended) you can select a different encryption method with the
-      <option>-e</option>, <option>-m</option>, or <option>-c</option>
+      <option>-e</option> or <option>-c</option>
       options.
     </para>
     <para>
@@ -133,11 +131,10 @@
 	    By default, PAM is used to encrypt the passwords.
 	  </para>
 	  <para condition="no_pam">
-	    By default (if none of the <option>-c</option>,
-	    <option>-m</option>, or <option>-e</option> options are
+	    By default (if none of the <option>-c</option>
+	    or <option>-e</option> options are
 	    specified), the encryption method is defined by the 
-	    <option>ENCRYPT_METHOD</option> or
-	    <option>MD5_CRYPT_ENAB</option> variables of
+	    <option>ENCRYPT_METHOD</option> variable of
 	    <filename>/etc/login.defs</filename>.
 	  </para>
 	</listitem>
@@ -158,15 +155,6 @@
       </varlistentry>
     </variablelist>
     <variablelist remap='IP'>
-      <varlistentry>
-	<term><option>-m</option>, <option>--md5</option></term>
-	<listitem>
-	  <para>
-	    Use MD5 encryption instead of DES when the supplied passwords are
-	    not encrypted.
-	  </para>
-	</listitem>
-      </varlistentry>
       <varlistentry>
 	<term>
 	  <option>-R</option>, <option>--root</option>&nbsp;<replaceable>CHROOT_DIR</replaceable>
@@ -262,7 +250,6 @@
     </para>
     <variablelist condition="no_pam">
       &ENCRYPT_METHOD;
-      &MD5_CRYPT_ENAB;
     </variablelist>
     <variablelist>
       &BCRYPT_MIN_ROUNDS; <!--documents also BCRYPT_MAX_ROUNDS-->

man/gpasswd.1.xml

@@ -9,7 +9,6 @@
 <!ENTITY BCRYPT_MIN_ROUNDS     SYSTEM "login.defs.d/BCRYPT_MIN_ROUNDS.xml">
 <!ENTITY ENCRYPT_METHOD        SYSTEM "login.defs.d/ENCRYPT_METHOD.xml">
 <!ENTITY MAX_MEMBERS_PER_GROUP SYSTEM "login.defs.d/MAX_MEMBERS_PER_GROUP.xml">
-<!ENTITY MD5_CRYPT_ENAB        SYSTEM "login.defs.d/MD5_CRYPT_ENAB.xml">
 <!ENTITY SHA_CRYPT_MIN_ROUNDS  SYSTEM "login.defs.d/SHA_CRYPT_MIN_ROUNDS.xml">
 <!ENTITY YESCRYPT_COST_FACTOR  SYSTEM "login.defs.d/YESCRYPT_COST_FACTOR.xml">
 <!-- SHADOW-CONFIG-HERE -->
@@ -250,7 +249,6 @@
     <variablelist>
       &ENCRYPT_METHOD;
       &MAX_MEMBERS_PER_GROUP;
-      &MD5_CRYPT_ENAB;
       &SHA_CRYPT_MIN_ROUNDS; <!--This also document SHA_CRYPT_MAX_ROUNDS-->
     </variablelist>
   </refsect1>

man/login.defs.5.xml

@@ -42,7 +42,6 @@
 <!ENTITY MAIL_CHECK_ENAB       SYSTEM "login.defs.d/MAIL_CHECK_ENAB.xml">
 <!ENTITY MAIL_DIR              SYSTEM "login.defs.d/MAIL_DIR.xml">
 <!ENTITY MAX_MEMBERS_PER_GROUP SYSTEM "login.defs.d/MAX_MEMBERS_PER_GROUP.xml">
-<!ENTITY MD5_CRYPT_ENAB        SYSTEM "login.defs.d/MD5_CRYPT_ENAB.xml">
 <!ENTITY MOTD_FILE             SYSTEM "login.defs.d/MOTD_FILE.xml">
 <!ENTITY NOLOGINS_FILE         SYSTEM "login.defs.d/NOLOGINS_FILE.xml">
 <!ENTITY NONEXISTENT           SYSTEM "login.defs.d/NONEXISTENT.xml">
@@ -182,7 +181,6 @@
       &MAIL_CHECK_ENAB;
       &MAIL_DIR;
       &MAX_MEMBERS_PER_GROUP;
-      &MD5_CRYPT_ENAB;
       &MOTD_FILE;
       &NOLOGINS_FILE;
       &NONEXISTENT;
@@ -255,7 +253,7 @@
 	  <para>
 	    <phrase condition="bcrypt">BCRYPT_MAX_ROUNDS
 	    BCRYPT_MIN_ROUNDS</phrase>
-	    ENCRYPT_METHOD MAX_MEMBERS_PER_GROUP MD5_CRYPT_ENAB
+	    ENCRYPT_METHOD MAX_MEMBERS_PER_GROUP
 	    SHA_CRYPT_MAX_ROUNDS SHA_CRYPT_MIN_ROUNDS
 	    <phrase condition="yescrypt">YESCRYPT_COST_FACTOR</phrase>
 	  </para>
@@ -267,8 +265,7 @@
 	  <para>
 	    <phrase condition="bcrypt">BCRYPT_MAX_ROUNDS
 	    BCRYPT_MIN_ROUNDS</phrase>
-	    <phrase condition="no_pam">ENCRYPT_METHOD
-	    MD5_CRYPT_ENAB </phrase>
+	    <phrase condition="no_pam">ENCRYPT_METHOD</phrase>
 	    SHA_CRYPT_MAX_ROUNDS SHA_CRYPT_MIN_ROUNDS
 	    <phrase condition="yescrypt">YESCRYPT_COST_FACTOR</phrase>
 	  </para>
@@ -290,7 +287,7 @@
 	  <para>
 	    <phrase condition="bcrypt">BCRYPT_MAX_ROUNDS
 	    BCRYPT_MIN_ROUNDS</phrase>
-	    ENCRYPT_METHOD MAX_MEMBERS_PER_GROUP MD5_CRYPT_ENAB
+	    ENCRYPT_METHOD MAX_MEMBERS_PER_GROUP
 	    SHA_CRYPT_MAX_ROUNDS SHA_CRYPT_MIN_ROUNDS
 	    <phrase condition="yescrypt">YESCRYPT_COST_FACTOR</phrase>
 	  </para>
@@ -392,7 +389,7 @@
 	    BCRYPT_MIN_ROUNDS</phrase>
 	    ENCRYPT_METHOD
 	    GID_MAX GID_MIN
-	    MAX_MEMBERS_PER_GROUP MD5_CRYPT_ENAB
+	    MAX_MEMBERS_PER_GROUP
 	    HOME_MODE
 	    PASS_MAX_DAYS PASS_MIN_DAYS PASS_WARN_AGE
 	    SHA_CRYPT_MAX_ROUNDS SHA_CRYPT_MIN_ROUNDS
@@ -411,7 +408,7 @@
 	  <para>
 	    <phrase condition="bcrypt">BCRYPT_MAX_ROUNDS
 	    BCRYPT_MIN_ROUNDS</phrase>
-	    ENCRYPT_METHOD MD5_CRYPT_ENAB OBSCURE_CHECKS_ENAB
+	    ENCRYPT_METHOD OBSCURE_CHECKS_ENAB
 	    PASS_ALWAYS_WARN PASS_CHANGE_TRIES PASS_MAX_LEN PASS_MIN_LEN
 	    SHA_CRYPT_MAX_ROUNDS SHA_CRYPT_MIN_ROUNDS
 	    <phrase condition="yescrypt">YESCRYPT_COST_FACTOR</phrase>

man/login.defs.d/ENCRYPT_METHOD.xml

@@ -22,10 +22,6 @@
       <refentrytitle>crypt</refentrytitle><manvolnum>5</manvolnum>
       for recommendations.
     </para>
-    <para>
-      Note: this parameter overrides the <option>MD5_CRYPT_ENAB</option>
-      variable.
-    </para>
     <para condition="pam">
       Note: this only affects the generation of group passwords.
       The generation of user passwords is done by PAM and subject to the

man/login.defs.d/PASS_MAX_LEN.xml

@@ -18,8 +18,7 @@
     <para>
       <option>PASS_MAX_LEN</option> is only used for DES.
       It is ignored if an encryption algorithm other than DES is used,
-      either because <option>MD5_CRYPT_ENAB</option> set to
-      <replaceable>yes</replaceable> or <option>ENCRYPT_METHOD</option>
+      because <option>ENCRYPT_METHOD</option>
       set to an algorithm other than <replaceable>DES</replaceable>.
     </para>
     <para>

man/newusers.8.xml

@@ -11,7 +11,6 @@
 <!ENTITY GID_MAX               SYSTEM "login.defs.d/GID_MAX.xml">
 <!ENTITY HOME_MODE             SYSTEM "login.defs.d/HOME_MODE.xml">
 <!ENTITY MAX_MEMBERS_PER_GROUP SYSTEM "login.defs.d/MAX_MEMBERS_PER_GROUP.xml">
-<!ENTITY MD5_CRYPT_ENAB        SYSTEM "login.defs.d/MD5_CRYPT_ENAB.xml">
 <!ENTITY PASS_MAX_DAYS         SYSTEM "login.defs.d/PASS_MAX_DAYS.xml">
 <!ENTITY PASS_MIN_DAYS         SYSTEM "login.defs.d/PASS_MIN_DAYS.xml">
 <!ENTITY PASS_WARN_AGE         SYSTEM "login.defs.d/PASS_WARN_AGE.xml">
@@ -393,9 +392,6 @@
       &HOME_MODE;
       &MAX_MEMBERS_PER_GROUP;
     </variablelist>
-    <variablelist condition="no_pam">
-      &MD5_CRYPT_ENAB;
-    </variablelist>
     <variablelist>
       &PASS_MAX_DAYS;
       &PASS_MIN_DAYS;

man/passwd.1.xml

@@ -8,7 +8,6 @@
   "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
 <!ENTITY BCRYPT_MIN_ROUNDS     SYSTEM "login.defs.d/BCRYPT_MIN_ROUNDS.xml">
 <!ENTITY ENCRYPT_METHOD        SYSTEM "login.defs.d/ENCRYPT_METHOD.xml">
-<!ENTITY MD5_CRYPT_ENAB        SYSTEM "login.defs.d/MD5_CRYPT_ENAB.xml">
 <!ENTITY OBSCURE_CHECKS_ENAB   SYSTEM "login.defs.d/OBSCURE_CHECKS_ENAB.xml">
 <!ENTITY PASS_ALWAYS_WARN      SYSTEM "login.defs.d/PASS_ALWAYS_WARN.xml">
 <!ENTITY PASS_CHANGE_TRIES     SYSTEM "login.defs.d/PASS_CHANGE_TRIES.xml">
@@ -400,7 +399,6 @@
     </para>
     <variablelist>
       &ENCRYPT_METHOD;
-      &MD5_CRYPT_ENAB;
       &OBSCURE_CHECKS_ENAB;
       &PASS_ALWAYS_WARN;
       &PASS_CHANGE_TRIES;