History log of /freebsd-11.0-release/secure/lib/libcrypt/crypt-blowfish.c
Revision Date Author Comments
(<<< Hide modified files)
(Show modified files >>>)
# 303975 11-Aug-2016 gjb

Copy stable/11@r303970 to releng/11.0 as part of the 11.0-RELEASE
cycle.

Prune svn:mergeinfo from the new branch, and rename it to RC1.

Update __FreeBSD_version.

Use the quarterly branch for the default FreeBSD.conf pkg(8) repo and
the dvd1.iso packages population.

Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation


/freebsd-11.0-release/etc/pkg/FreeBSD.conf
/freebsd-11.0-release/release/pkg_repos/release-dvd.conf
/freebsd-11.0-release/sys/conf/newvers.sh
/freebsd-11.0-release/sys/sys/param.h
# 302408 08-Jul-2016 gjb

Copy head@r302406 to stable/11 as part of the 11.0-RELEASE cycle.
Prune svn:mergeinfo from the new branch, as nothing has been merged
here.

Additional commits post-branch will follow.

Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation
# 284483 16-Jun-2015 allanjude

Add compatibility with $2y$ bcrypt hashes

crypt_blowfish and many implementations based on it (Apache, PHP, PostgreSQL) implemented $2y$ before OpenBSD went with $2b$. This changes marks them as equivalent.

http://www.openwall.com/lists/announce/2011/07/17/1

This change is required for applications that use the base crypt() implementation (including nginx) to be able to validate $2y$ hashes

Reviewed by: eadler
Approved by: delphij
MFC after: 1 week
Relnotes: yes
Sponsored by: ScaleEngine Inc.
Differential Revision: https://reviews.freebsd.org/D2742
# 265995 14-May-2014 delphij

Switch using the new $2b$ format by default, when bcrypt is used.

MFC after: 2 weeks
Relnotes: default Blowfish crypt(3) format have been changed to $2b$.
# 262501 25-Feb-2014 delphij

Refresh our implementation of OpenBSD's Blowfish password format.

Notable changes:

- Support of $2b$ password format to address a problem where very
long passwords (more than 256 characters, when an integer
overflow would happen and cause the length to wrap at 256).
- Updated pseudo code in comments to reflect the reality.
- Removed our local shortcut of processing magic string and rely
on the centralized and tigntened validation.
- Diff reduction from upstream.

For now we are still generating the older $02a$ format of password
but we will migrate to the new format once the format is formally
finalized.

MFC after: 1 month
# 231986 22-Feb-2012 kevlo

Return NULL on error rather than ":", per the crypt(3) man page.
Discussed in: http://www.openwall.com/lists/oss-security/2011/11/15/3
# 115719 02-Jun-2003 markm

Strip the private blowfish code down to only that which is
required to make crypt(3) blowfish "$2a$..." hashes. Lint and
warnsify.
# 91754 06-Mar-2002 markm

No functional change, but big code cleanup. WARNS, lint(1) and style(9).
# 85358 23-Oct-2001 peter

__FBSDID() (second half of src/lib/libcrypt changes)
# 74106 11-Mar-2001 markm

Add OpenBSD-style blowfish password hashing. This makes one less
gratuitous difference between us and our sister project.

This was given to me _ages_ ago. May apologies to Paul for the length
of time its taken me to commit.

Obtained from: Niels Provos <provos@physnet.uni-hamburg.de>/OpenBSD
Submitted by: Paul Herman <pherman@frenchfries.net>