src/secure/lib/libcrypt, branch upstream/11.2.0

Add compatibility with $2y$ bcrypt hashes

2015-06-16T23:57:29Z

crypt_blowfish and many implementations based on it (Apache, PHP, PostgreSQL) implemented $2y$ before OpenBSD went with $2b$. This changes marks them as equivalent. http://www.openwall.com/lists/announce/2011/07/17/1 This change is required for applications that use the base crypt() implementation (including nginx) to be able to validate $2y$ hashes Reviewed by: eadler Approved by: delphij MFC after: 1 week Relnotes: yes Sponsored by: ScaleEngine Inc. Differential Revision: https://reviews.freebsd.org/D2742

Switch using the new $2b$ format by default, when bcrypt is used.

2014-05-14T00:50:31Z

MFC after: 2 weeks Relnotes: default Blowfish crypt(3) format have been changed to $2b$.

Refresh our implementation of OpenBSD's Blowfish password format.

2014-02-25T23:03:48Z

Notable changes: - Support of $2b$ password format to address a problem where very long passwords (more than 256 characters, when an integer overflow would happen and cause the length to wrap at 256). - Updated pseudo code in comments to reflect the reality. - Removed our local shortcut of processing magic string and rely on the centralized and tigntened validation. - Diff reduction from upstream. For now we are still generating the older $02a$ format of password but we will migrate to the new format once the format is formally finalized. MFC after: 1 month

Update the previous openssl fix. [12:01]

2012-05-30T12:01:28Z

Fix a bug in crypt(3) ignoring characters of a passphrase. [12:02] Security: FreeBSD-SA-12:01.openssl (revised) Security: FreeBSD-SA-12:02.crypt Approved by: so (bz, simon)

Return NULL on error rather than ":", per the crypt(3) man page.

2012-02-22T01:23:14Z

Discussed in: http://www.openwall.com/lists/oss-security/2011/11/15/3

Strip the private blowfish code down to only that which is

2003-06-02T19:17:24Z

required to make crypt(3) blowfish "$2a$..." hashes. Lint and warnsify.

No functional change, but big code cleanup. WARNS, lint(1) and style(9).

2002-03-06T17:18:09Z

o Move NTOHL() and associated macros into . These are

2002-02-18T20:35:27Z

deprecated in favor of the POSIX-defined lowercase variants. o Change all occurrences of NTOHL() and associated marcros in the source tree to use the lowercase function variants. o Add missing license bits to sparc64's . Approved by: jake o Clean up files. o Remove unused __uint16_swap_uint32() from i386's . o Remove prototypes for non-existent bswapXX() functions. o Include in to define the POSIX-required ntohl() family of functions. o Do similar things to expose the ntohl() family in libstand, , and . o Prepend underscores to the ntohl() family to help deal with complexities associated with having MD (asm and inline) versions, and having to prevent exposure of these functions in other headers that happen to make use of endian-specific defines. o Create weak aliases to the canonical function name to help deal with third-party software forgetting to include an appropriate header. o Remove some now unneeded pollution from . o Add missing includes in userland. Tested on: alpha, i386 Reviewed by: bde, jake, tmm

__FBSDID() (second half of src/lib/libcrypt changes)

2001-10-23T10:23:32Z

Add OpenBSD-style blowfish password hashing. This makes one less

2001-03-11T16:05:43Z

gratuitous difference between us and our sister project. This was given to me _ages_ ago. May apologies to Paul for the length of time its taken me to commit. Obtained from: Niels Provos /OpenBSD Submitted by: Paul Herman