Remove $FreeBSD$: one-line .c pattern

Remove /^[\s*]*__FBSDID\("\$FreeBSD\$"\);?\s*\n/

Make libcrypt thread-safe. Add crypt_r(3).

glibc has a pretty nice function called crypt_r(3), which is nothing
more than crypt(3), but thread-safe. It accomplishes this by introducing
a 'struct cry

Make libcrypt thread-safe. Add crypt_r(3).

glibc has a pretty nice function called crypt_r(3), which is nothing
more than crypt(3), but thread-safe. It accomplishes this by introducing
a 'struct crypt_data' structure that contains a buffer that is large
enough to hold the resulting string.

Let's go ahead and also add this function. It would be a shame if a
useful function like this wouldn't be usable in multithreaded apps.
Refactor crypt.c and all of the backends to no longer declare static
arrays, but write their output in a provided buffer.

There is no need to do any buffer length computation here, as we'll just
need to ensure that 'struct crypt_data' is large enough, which it is.
_PASSWORD_LEN is defined to 128 bytes, but in this case I'm picking 256,
as this is going to be part of the actual ABI.

Differential Revision: https://reviews.freebsd.org/D7306

show more ...

Add compatibility with $2y$ bcrypt hashes

crypt_blowfish and many implementations based on it (Apache, PHP, PostgreSQL) implemented $2y$ before OpenBSD went with $2b$. This changes marks them as equ

Add compatibility with $2y$ bcrypt hashes

crypt_blowfish and many implementations based on it (Apache, PHP, PostgreSQL) implemented $2y$ before OpenBSD went with $2b$. This changes marks them as equivalent.

http://www.openwall.com/lists/announce/2011/07/17/1

This change is required for applications that use the base crypt() implementation (including nginx) to be able to validate $2y$ hashes

Reviewed by: eadler
Approved by: delphij
MFC after: 1 week
Relnotes: yes
Sponsored by: ScaleEngine Inc.
Differential Revision: https://reviews.freebsd.org/D2742

show more ...

Switch using the new $2b$ format by default, when bcrypt is used.

MFC after: 2 weeks
Relnotes: default Blowfish crypt(3) format have been changed to $2b$.

Refresh our implementation of OpenBSD's Blowfish password format.

Notable changes:

- Support of $2b$ password format to address a problem where very
long passwords (more than 256 characters, wh

Refresh our implementation of OpenBSD's Blowfish password format.

Notable changes:

- Support of $2b$ password format to address a problem where very
long passwords (more than 256 characters, when an integer
overflow would happen and cause the length to wrap at 256).
- Updated pseudo code in comments to reflect the reality.
- Removed our local shortcut of processing magic string and rely
on the centralized and tigntened validation.
- Diff reduction from upstream.

For now we are still generating the older $02a$ format of password
but we will migrate to the new format once the format is formally
finalized.

MFC after: 1 month

show more ...

Return NULL on error rather than ":", per the crypt(3) man page.
Discussed in: http://www.openwall.com/lists/oss-security/2011/11/15/3

Strip the private blowfish code down to only that which is
required to make crypt(3) blowfish "$2a$..." hashes. Lint and
warnsify.

No functional change, but big code cleanup. WARNS, lint(1) and style(9).

__FBSDID() (second half of src/lib/libcrypt changes)

Add OpenBSD-style blowfish password hashing. This makes one less
gratuitous difference between us and our sister project.

This was given to me _ages_ ago. May apologies to Paul for the length
of tim

Add OpenBSD-style blowfish password hashing. This makes one less
gratuitous difference between us and our sister project.

This was given to me _ages_ ago. May apologies to Paul for the length
of time its taken me to commit.

Obtained from: Niels Provos <[email protected]>/OpenBSD
Submitted by: Paul Herman <[email protected]>

show more ...