diff options
| author | allanjude <allanjude@FreeBSD.org> | 2015-06-16 23:57:29 +0000 |
|---|---|---|
| committer | allanjude <allanjude@FreeBSD.org> | 2015-06-16 23:57:29 +0000 |
| commit | f2228a0dd92a1b59d218d08c05b1fda13c646d74 (patch) | |
| tree | 5473e4677eebd74ab97e28e91e6aecfa609cafd5 /secure | |
| parent | e2a70012cc68259b1773eefb9147f0d550833e99 (diff) | |
| download | FreeBSD-src-f2228a0dd92a1b59d218d08c05b1fda13c646d74.zip FreeBSD-src-f2228a0dd92a1b59d218d08c05b1fda13c646d74.tar.gz | |
Add compatibility with $2y$ bcrypt hashes
crypt_blowfish and many implementations based on it (Apache, PHP, PostgreSQL) implemented $2y$ before OpenBSD went with $2b$. This changes marks them as equivalent.
http://www.openwall.com/lists/announce/2011/07/17/1
This change is required for applications that use the base crypt() implementation (including nginx) to be able to validate $2y$ hashes
Reviewed by: eadler
Approved by: delphij
MFC after: 1 week
Relnotes: yes
Sponsored by: ScaleEngine Inc.
Differential Revision: https://reviews.freebsd.org/D2742
Diffstat (limited to 'secure')
| -rw-r--r-- | secure/lib/libcrypt/crypt-blowfish.c | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/secure/lib/libcrypt/crypt-blowfish.c b/secure/lib/libcrypt/crypt-blowfish.c index 35fb581..acd9057 100644 --- a/secure/lib/libcrypt/crypt-blowfish.c +++ b/secure/lib/libcrypt/crypt-blowfish.c @@ -167,6 +167,9 @@ crypt_blowfish(const char *key, const char *salt) switch (salt[1]) { case 'a': /* 'ab' should not yield the same as 'abab' */ case 'b': /* cap input length at 72 bytes */ + case 'y': /* same as 'b', for compatibility + * with openwall crypt_blowfish + */ minr = salt[1]; salt++; break; |
