FreeBSD source tree https://cgit-dev.freebsd.org/src/atom?h=releng%2F12.2 2016-08-10T15:16:28Z 2016-08-10T15:16:28Z Ed Schouten ed@FreeBSD.org 2016-08-10T15:16:28Z urn:sha1:5f521d7ba72145092ea23ff6081d8791ad6c1f9d glibc has a pretty nice function called crypt_r(3), which is nothing more than crypt(3), but thread-safe. It accomplishes this by introducing a 'struct crypt_data' structure that contains a buffer that is large enough to hold the resulting string. Let's go ahead and also add this function. It would be a shame if a useful function like this wouldn't be usable in multithreaded apps. Refactor crypt.c and all of the backends to no longer declare static arrays, but write their output in a provided buffer. There is no need to do any buffer length computation here, as we'll just need to ensure that 'struct crypt_data' is large enough, which it is. _PASSWORD_LEN is defined to 128 bytes, but in this case I'm picking 256, as this is going to be part of the actual ABI. Differential Revision: https://reviews.freebsd.org/D7306 2015-06-16T23:57:29Z Allan Jude allanjude@FreeBSD.org 2015-06-16T23:57:29Z urn:sha1:a3b20e50a92f92e15eaf191c1fd84f223f411043 crypt_blowfish and many implementations based on it (Apache, PHP, PostgreSQL) implemented $2y$ before OpenBSD went with $2b$. This changes marks them as equivalent. http://www.openwall.com/lists/announce/2011/07/17/1 This change is required for applications that use the base crypt() implementation (including nginx) to be able to validate $2y$ hashes Reviewed by: eadler Approved by: delphij MFC after: 1 week Relnotes: yes Sponsored by: ScaleEngine Inc. Differential Revision: https://reviews.freebsd.org/D2742 2014-05-14T00:50:31Z Xin LI delphij@FreeBSD.org 2014-05-14T00:50:31Z urn:sha1:185e05ee1a28a5fd897416874d5c71eb69198341 MFC after: 2 weeks Relnotes: default Blowfish crypt(3) format have been changed to $2b$. 2014-02-25T23:03:48Z Xin LI delphij@FreeBSD.org 2014-02-25T23:03:48Z urn:sha1:43e3038611943925a3a9560242b9218a68a8fb6f Notable changes: - Support of $2b$ password format to address a problem where very long passwords (more than 256 characters, when an integer overflow would happen and cause the length to wrap at 256). - Updated pseudo code in comments to reflect the reality. - Removed our local shortcut of processing magic string and rely on the centralized and tigntened validation. - Diff reduction from upstream. For now we are still generating the older $02a$ format of password but we will migrate to the new format once the format is formally finalized. MFC after: 1 month 2012-05-30T12:01:28Z Bjoern A. Zeeb bz@FreeBSD.org 2012-05-30T12:01:28Z urn:sha1:071183ef48062f3d4cd317aac2b7639dc2d70dc9 Fix a bug in crypt(3) ignoring characters of a passphrase. [12:02] Security: FreeBSD-SA-12:01.openssl (revised) Security: FreeBSD-SA-12:02.crypt Approved by: so (bz, simon) 2012-02-22T01:23:14Z Kevin Lo kevlo@FreeBSD.org 2012-02-22T01:23:14Z urn:sha1:19ab58bfe3daf34d714195dcbd0f91e480924f7e Discussed in: http://www.openwall.com/lists/oss-security/2011/11/15/3 2003-06-02T19:17:24Z Mark Murray markm@FreeBSD.org 2003-06-02T19:17:24Z urn:sha1:c8fa8e25d77016f36e63790f2ceccb90613ccb2e required to make crypt(3) blowfish "$2a$..." hashes. Lint and warnsify. 2002-03-06T17:18:09Z Mark Murray markm@FreeBSD.org 2002-03-06T17:18:09Z urn:sha1:f2ac424af7b980ba4d858ecfd1644ce197d6869d 2002-02-18T20:35:27Z Mike Barcroft mike@FreeBSD.org 2002-02-18T20:35:27Z urn:sha1:fd8e4ebc8c18caec3eefac6527831f9ee6a92959 deprecated in favor of the POSIX-defined lowercase variants. o Change all occurrences of NTOHL() and associated marcros in the source tree to use the lowercase function variants. o Add missing license bits to sparc64's <machine/endian.h>. Approved by: jake o Clean up <machine/endian.h> files. o Remove unused __uint16_swap_uint32() from i386's <machine/endian.h>. o Remove prototypes for non-existent bswapXX() functions. o Include <machine/endian.h> in <arpa/inet.h> to define the POSIX-required ntohl() family of functions. o Do similar things to expose the ntohl() family in libstand, <netinet/in.h>, and <sys/param.h>. o Prepend underscores to the ntohl() family to help deal with complexities associated with having MD (asm and inline) versions, and having to prevent exposure of these functions in other headers that happen to make use of endian-specific defines. o Create weak aliases to the canonical function name to help deal with third-party software forgetting to include an appropriate header. o Remove some now unneeded pollution from <sys/types.h>. o Add missing <arpa/inet.h> includes in userland. Tested on: alpha, i386 Reviewed by: bde, jake, tmm 2001-10-23T10:23:32Z Peter Wemm peter@FreeBSD.org 2001-10-23T10:23:32Z urn:sha1:68344a95478e7f7a30cc2d93820595aad7e7bc5b