crypt: Remove libcrypt support

All the crypt related functions, cryptographic algorithms, and
make requirements are removed,  with only the exception of md5
implementation which is moved to locale folder since it is
required by localedef for integrity protection (libc's
locale-reading code does not check these, but localedef does
generate them).

Besides thec code itself, both internal documentation and the
manual is also adjusted.  This allows to remove both --enable-crypt
and --enable-nss-crypt configure options.

Checked with a build for all affected ABIs.

Co-authored-by: Zack Weinberg <[email protected]>
Reviewed-by: Carlos O'Donell <[email protected]>

CONTRIBUTED-BY

@@ -24,21 +24,6 @@ catgets/gencat.c:
 catgets/open_catalog.c:
     Contributed by Ulrich Drepper, <[email protected]>.
 
-crypt/md5-crypt.c:
-    Contributed by Ulrich Drepper <[email protected]>, 1996.
-
-crypt/sha256-crypt.c:
-    Contributed by Ulrich Drepper <[email protected]>, 2007.
-
-crypt/sha256.c:
-    Written by Ulrich Drepper <[email protected]>, 2007.
-
-crypt/sha512-crypt.c:
-    Contributed by Ulrich Drepper <[email protected]>, 2007.
-
-crypt/sha512.c:
-    Written by Ulrich Drepper <[email protected]>, 2007.
-
 debug/backtrace.c:
     Contributed by Jakub Jelinek <[email protected]>, 2003.
 

INSTALL

@@ -228,19 +228,6 @@ if ‘CFLAGS’ is specified it must enable optimization.  For example:
      By default for x86_64, the GNU C Library is built with the vector
      math library.  Use this option to disable the vector math library.
 
-‘--enable-crypt’
-     Install the legacy passphrase-hashing library ‘libcrypt’ and the
-     header file ‘crypt.h’.  ‘unistd.h’ will declare the function
-     ‘crypt’ regardless of this option.  Using this option does not
-     change the set of programs that may need to be linked with
-     ‘-lcrypt’; it only means that the GNU C Library will provide that
-     library.
-
-     This option is for hackers and distributions who may not yet be
-     able to use libcrypt alternatives such as libxcrypt and need this
-     legacy implementation as a temporary workaround.  Note that
-     libcrypt may be removed in a future release.
-
 ‘--disable-scv’
      Disable using ‘scv’ instruction for syscalls.  All syscalls will
      use ‘sc’ instead, even if the kernel supports ‘scv’.  PowerPC only.

Makeconfig

@@ -1357,11 +1357,6 @@ all-subdirs = csu assert ctype locale intl catgets math setjmp signal	    \
 	      localedata timezone rt conform debug mathvec support	    \
 	      dlfcn elf
 
-ifeq ($(build-crypt),yes)
-all-subdirs += crypt
-rpath-dirs += crypt
-endif
-
 ifndef avoid-generated
 # sysd-sorted itself will contain rules making the sysd-sorted target
 # depend on Depend files.  But if you just added a Depend file to an

NEWS

@@ -44,6 +44,22 @@ Deprecated and removed features, and other changes affecting compatibility:
   ".tmp", to avoid examining temporary files created by the RPM and dpkg
   package managers.
 
+* libcrypt has been removed from the GNU C Library.  The configure
+  options "--enable-crypt" and "--enable-nss-crypt" are no longer
+  available.  <crypt.h>, libcrypt.a, and libcrypt.so.1 will not be
+  installed, and <unistd.h> will not declare the crypt function.
+
+  The replacement for libcrypt is libxcrypt, maintained separately from
+  GNU libc, but available under compatible licensing terms, and providing
+  binary backward compatibility with the former libcrypt.  It is currently
+  distributed from <https://github.com/besser82/libxcrypt/>.
+
+  As a consequence of this removal, GNU libc no longer makes any use of
+  the NSS cryptography library (Network Security Services; not to be
+  confused with Name Service Switch).  Distributors of binary packages
+  of GNU libc are advised to check whether their build processes can be
+  simplified.
+
 Changes to build and runtime requirements:
 
 * Building on LoongArch requires at a minimum binutils 2.41 for vector

SHARED-FILES

@@ -27,8 +27,6 @@ gnulib:
   argp/argp-pvh.c
   argp/argp-xinl.c
   argp/argp.h
-  crypt/md5.c
-  crypt/md5.h
   dirent/alphasort.c
   dirent/scandir.c
   # Merged from gnulib 2021-09-21

config.make.in

@@ -80,16 +80,12 @@ mach-interface-list = @mach_interface_list@
 
 memory-tagging = @memory_tagging@
 
-nss-crypt = @libc_cv_nss_crypt@
-static-nss-crypt = @libc_cv_static_nss_crypt@
-
 # Configuration options.
 build-shared = @shared@
 build-profile = @profile@
 build-static-nss = @static_nss@
 cross-compiling = @cross_compiling@
 force-install = @force_install@
-build-crypt = @build_crypt@
 build-nscd = @build_nscd@
 use-nscd = @use_nscd@
 build-hardcoded-path-in-tests= @hardcoded_path_in_tests@

configure

@@ -700,9 +700,6 @@ INSTALL_PROGRAM
 base_machine
 build_pt_chown
 build_nscd
-libc_cv_static_nss_crypt
-libc_cv_nss_crypt
-build_crypt
 memory_tagging
 enable_werror
 force_install
@@ -806,8 +803,6 @@ enable_kernel
 enable_werror
 enable_multi_arch
 enable_memory_tagging
-enable_crypt
-enable_nss_crypt
 enable_systemtap
 enable_build_nscd
 enable_nscd
@@ -1481,9 +1476,6 @@ Optional Features:
                           architectures
   --enable-memory-tagging enable memory tagging if supported by the
                           architecture [default=no]
-  --enable-crypt          build and install the legacy passphrase hashing
-                          library, libcrypt
-  --enable-nss-crypt      enable libcrypt to use nss
   --enable-systemtap      enable systemtap static probe points [default=no]
   --disable-build-nscd    disable building and installing the nscd daemon
   --disable-nscd          library functions will not contact the nscd daemon
@@ -4561,124 +4553,6 @@ if test "$memory_tagging" = yes; then
 fi
 
 
-# Check whether --enable-crypt was given.
-if test ${enable_crypt+y}
-then :
-  enableval=$enable_crypt; build_crypt=$enableval
-else $as_nop
-  build_crypt=no
-fi
-
-
-
-# Check whether --enable-nss-crypt was given.
-if test ${enable_nss_crypt+y}
-then :
-  enableval=$enable_nss_crypt; nss_crypt=$enableval
-else $as_nop
-  nss_crypt=no
-fi
-
-if test x$build_libcrypt = xno && test x$nss_crypt = xyes; then
-  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: --enable-nss-crypt has no effect when libcrypt is disabled" >&5
-printf "%s\n" "$as_me: WARNING: --enable-nss-crypt has no effect when libcrypt is disabled" >&2;}
-  nss_crypt=no
-fi
-if test x$nss_crypt = xyes; then
-  nss_includes=-I$(nss-config --includedir 2>/dev/null)
-  if test $? -ne 0; then
-    as_fn_error $? "cannot find include directory with nss-config" "$LINENO" 5
-  fi
-  nspr_includes=-I$(nspr-config --includedir 2>/dev/null)
-  if test $? -ne 0; then
-    as_fn_error $? "cannot find include directory with nspr-config" "$LINENO" 5
-  fi
-  old_CFLAGS="$CFLAGS"
-  CFLAGS="$CFLAGS $nss_includes $nspr_includes"
-
-cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h.  */
-typedef int PRBool;
-#include <hasht.h>
-#include <nsslowhash.h>
-void f (void) { NSSLOW_Init (); }
-int
-main (void)
-{
-
-  ;
-  return 0;
-}
-_ACEOF
-if ac_fn_c_try_compile "$LINENO"
-then :
-  libc_cv_nss_crypt=yes
-else $as_nop
-  as_fn_error $? "
-cannot find NSS headers with lowlevel hash function interfaces" "$LINENO" 5
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
-  old_LIBS="$LIBS"
-  old_LDFLAGS="$LDFLAGS"
-  LIBS="$LIBS -lfreebl3"
-  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h.  */
-typedef int PRBool;
-#include <hasht.h>
-#include <nsslowhash.h>
-int
-main (void)
-{
-NSSLOW_Init();
-  ;
-  return 0;
-}
-_ACEOF
-if ac_fn_c_try_link "$LINENO"
-then :
-  libc_cv_nss_crypt=yes
-else $as_nop
-  as_fn_error $? "
-cannot link program using lowlevel NSS hash functions" "$LINENO" 5
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam \
-    conftest$ac_exeext conftest.$ac_ext
-  # Check to see if there is a static NSS cryptographic library.
-  # If there isn't then we can't link anything with libcrypt.a,
-  # and that might mean disabling some static tests.
-  LDFLAGS="$LDFLAGS -static"
-  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h.  */
-typedef int PRBool;
-#include <hasht.h>
-#include <nsslowhash.h>
-int
-main (void)
-{
-NSSLOW_Init();
-  ;
-  return 0;
-}
-_ACEOF
-if ac_fn_c_try_link "$LINENO"
-then :
-  libc_cv_static_nss_crypt=yes
-else $as_nop
-  libc_cv_static_nss_crypt=no
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam \
-    conftest$ac_exeext conftest.$ac_ext
-  LDFLAGS="$old_LDFLAGS"
-  CFLAGS="$old_CFLAGS"
-  LIBS="$old_LIBS"
-else
-  libc_cv_nss_crypt=no
-  libc_cv_static_nss_crypt=no
-fi
-
-
-
-
 # Check whether --enable-systemtap was given.
 if test ${enable_systemtap+y}
 then :

configure.ac

@@ -305,71 +305,6 @@ if test "$memory_tagging" = yes; then
 fi
 AC_SUBST(memory_tagging)
 
-AC_ARG_ENABLE([crypt],
-              AS_HELP_STRING([--enable-crypt],
-                             [build and install the legacy passphrase hashing library, libcrypt]),
-              [build_crypt=$enableval],
-              [build_crypt=no])
-AC_SUBST(build_crypt)
-
-AC_ARG_ENABLE([nss-crypt],
-	      AS_HELP_STRING([--enable-nss-crypt],
-			     [enable libcrypt to use nss]),
-	      [nss_crypt=$enableval],
-	      [nss_crypt=no])
-if test x$build_libcrypt = xno && test x$nss_crypt = xyes; then
-  AC_MSG_WARN([--enable-nss-crypt has no effect when libcrypt is disabled])
-  nss_crypt=no
-fi
-if test x$nss_crypt = xyes; then
-  nss_includes=-I$(nss-config --includedir 2>/dev/null)
-  if test $? -ne 0; then
-    AC_MSG_ERROR([cannot find include directory with nss-config])
-  fi
-  nspr_includes=-I$(nspr-config --includedir 2>/dev/null)
-  if test $? -ne 0; then
-    AC_MSG_ERROR([cannot find include directory with nspr-config])
-  fi
-  old_CFLAGS="$CFLAGS"
-  CFLAGS="$CFLAGS $nss_includes $nspr_includes"
-  AC_COMPILE_IFELSE([AC_LANG_PROGRAM([typedef int PRBool;
-#include <hasht.h>
-#include <nsslowhash.h>
-void f (void) { NSSLOW_Init (); }])],
-	     libc_cv_nss_crypt=yes,
-	     AC_MSG_ERROR([
-cannot find NSS headers with lowlevel hash function interfaces]))
-  old_LIBS="$LIBS"
-  old_LDFLAGS="$LDFLAGS"
-  LIBS="$LIBS -lfreebl3"
-  AC_LINK_IFELSE([AC_LANG_PROGRAM([typedef int PRBool;
-#include <hasht.h>
-#include <nsslowhash.h>],
-				  [NSSLOW_Init();])],
-		 libc_cv_nss_crypt=yes,
-		 AC_MSG_ERROR([
-cannot link program using lowlevel NSS hash functions]))
-  # Check to see if there is a static NSS cryptographic library.
-  # If there isn't then we can't link anything with libcrypt.a,
-  # and that might mean disabling some static tests.
-  LDFLAGS="$LDFLAGS -static"
-  AC_LINK_IFELSE([AC_LANG_PROGRAM([typedef int PRBool;
-#include <hasht.h>
-#include <nsslowhash.h>],
-				  [NSSLOW_Init();])],
-		 libc_cv_static_nss_crypt=yes,
-		 libc_cv_static_nss_crypt=no)
-  LDFLAGS="$old_LDFLAGS"
-  CFLAGS="$old_CFLAGS"
-  LIBS="$old_LIBS"
-else
-  libc_cv_nss_crypt=no
-  libc_cv_static_nss_crypt=no
-fi
-AC_SUBST(libc_cv_nss_crypt)
-AC_SUBST(libc_cv_static_nss_crypt)
-
-
 AC_ARG_ENABLE([systemtap],
               [AS_HELP_STRING([--enable-systemtap],
 	       [enable systemtap static probe points @<:@default=no@:>@])],

conform/Makefile

@@ -212,11 +212,6 @@ linknamespace-libs-XOPEN2K8 = $(linknamespace-libs-xsi)
 linknamespace-libs = $(foreach std,$(conformtest-standards),\
 				   $(linknamespace-libs-$(std)))
 
-ifeq ($(build-crypt),yes)
-linknamespace-libs-xsi += $(common-objpfx)crypt/libcrypt.a
-linknamespace-libs-XPG4 += $(common-objpfx)crypt/libcrypt.a
-endif
-
 $(linknamespace-symlist-stdlibs-tests): $(objpfx)symlist-stdlibs-%: \
 					$(linknamespace-libs)
 	LC_ALL=C $(READELF) -W -s $(linknamespace-libs-$*) > $@; \