#
303975 |
|
11-Aug-2016 |
gjb |
Copy stable/11@r303970 to releng/11.0 as part of the 11.0-RELEASE cycle.
Prune svn:mergeinfo from the new branch, and rename it to RC1.
Update __FreeBSD_version.
Use the quarterly branch for the default FreeBSD.conf pkg(8) repo and the dvd1.iso packages population.
Approved by: re (implicit) Sponsored by: The FreeBSD Foundation |
#
302408 |
|
08-Jul-2016 |
gjb |
Copy head@r302406 to stable/11 as part of the 11.0-RELEASE cycle. Prune svn:mergeinfo from the new branch, as nothing has been merged here.
Additional commits post-branch will follow.
Approved by: re (implicit) Sponsored by: The FreeBSD Foundation
|
#
284483 |
|
16-Jun-2015 |
allanjude |
Add compatibility with $2y$ bcrypt hashes
crypt_blowfish and many implementations based on it (Apache, PHP, PostgreSQL) implemented $2y$ before OpenBSD went with $2b$. This changes marks them as equivalent.
http://www.openwall.com/lists/announce/2011/07/17/1
This change is required for applications that use the base crypt() implementation (including nginx) to be able to validate $2y$ hashes
Reviewed by: eadler Approved by: delphij MFC after: 1 week Relnotes: yes Sponsored by: ScaleEngine Inc. Differential Revision: https://reviews.freebsd.org/D2742
|
#
265995 |
|
14-May-2014 |
delphij |
Switch using the new $2b$ format by default, when bcrypt is used.
MFC after: 2 weeks Relnotes: default Blowfish crypt(3) format have been changed to $2b$.
|
#
262501 |
|
25-Feb-2014 |
delphij |
Refresh our implementation of OpenBSD's Blowfish password format.
Notable changes:
- Support of $2b$ password format to address a problem where very long passwords (more than 256 characters, when an integer overflow would happen and cause the length to wrap at 256). - Updated pseudo code in comments to reflect the reality. - Removed our local shortcut of processing magic string and rely on the centralized and tigntened validation. - Diff reduction from upstream.
For now we are still generating the older $02a$ format of password but we will migrate to the new format once the format is formally finalized.
MFC after: 1 month
|
#
231986 |
|
22-Feb-2012 |
kevlo |
Return NULL on error rather than ":", per the crypt(3) man page. Discussed in: http://www.openwall.com/lists/oss-security/2011/11/15/3
|
#
115719 |
|
02-Jun-2003 |
markm |
Strip the private blowfish code down to only that which is required to make crypt(3) blowfish "$2a$..." hashes. Lint and warnsify.
|
#
91754 |
|
06-Mar-2002 |
markm |
No functional change, but big code cleanup. WARNS, lint(1) and style(9).
|
#
85358 |
|
23-Oct-2001 |
peter |
__FBSDID() (second half of src/lib/libcrypt changes)
|
#
74106 |
|
11-Mar-2001 |
markm |
Add OpenBSD-style blowfish password hashing. This makes one less gratuitous difference between us and our sister project.
This was given to me _ages_ ago. May apologies to Paul for the length of time its taken me to commit.
Obtained from: Niels Provos <provos@physnet.uni-hamburg.de>/OpenBSD Submitted by: Paul Herman <pherman@frenchfries.net>
|