From f2228a0dd92a1b59d218d08c05b1fda13c646d74 Mon Sep 17 00:00:00 2001
From: allanjude <allanjude@FreeBSD.org>
Date: Tue, 16 Jun 2015 23:57:29 +0000
Subject: Add compatibility with $2y$ bcrypt hashes

crypt_blowfish and many implementations based on it (Apache, PHP, PostgreSQL) implemented $2y$ before OpenBSD went with $2b$. This changes marks them as equivalent.

http://www.openwall.com/lists/announce/2011/07/17/1

This change is required for applications that use the base crypt() implementation (including nginx) to be able to validate $2y$ hashes

Reviewed by:	eadler
Approved by:	delphij
MFC after:	1 week
Relnotes:	yes
Sponsored by:	ScaleEngine Inc.
Differential Revision:	https://reviews.freebsd.org/D2742
---
 secure/lib/libcrypt/crypt-blowfish.c | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'secure/lib/libcrypt/crypt-blowfish.c')

diff --git a/secure/lib/libcrypt/crypt-blowfish.c b/secure/lib/libcrypt/crypt-blowfish.c
index 35fb581..acd9057 100644
--- a/secure/lib/libcrypt/crypt-blowfish.c
+++ b/secure/lib/libcrypt/crypt-blowfish.c
@@ -167,6 +167,9 @@ crypt_blowfish(const char *key, const char *salt)
 			 switch (salt[1]) {
 			 case 'a':	/* 'ab' should not yield the same as 'abab' */
 			 case 'b':	/* cap input length at 72 bytes */
+			 case 'y':	/* same as 'b', for compatibility
+					 * with openwall crypt_blowfish
+					 */
 				 minr = salt[1];
 				 salt++;
 				 break;
-- 
cgit v1.1