From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on inbox.vuxu.org X-Spam-Level: X-Spam-Status: No, score=-3.3 required=5.0 tests=MAILING_LIST_MULTI, RCVD_IN_DNSWL_MED,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL autolearn=ham autolearn_force=no version=3.4.4 Received: (qmail 21276 invoked from network); 15 Oct 2020 20:08:18 -0000 Received: from mother.openwall.net (195.42.179.200) by inbox.vuxu.org with ESMTPUTF8; 15 Oct 2020 20:08:18 -0000 Received: (qmail 28014 invoked by uid 550); 15 Oct 2020 20:08:13 -0000 Mailing-List: contact musl-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-ID: Reply-To: musl@lists.openwall.com Received: (qmail 16005 invoked from network); 15 Oct 2020 19:57:12 -0000 ARC-Seal: i=1; a=rsa-sha256; t=1602791818; cv=none; d=zohomail.com; s=zohoarc; b=ecXA4sMedQflqsANthsAoGy+GoOWM503Ygj6tioOfDSKdutOZuAnlE3dUWfp2nlaKC9JULihIR4jFY0s3NFb0ISrpM68T2qJG2dRVsQ5tkeHt0cN8sbGM5cCvEtnFod8FlXv99jnZN2uWKaSO64voJ6G0y043viRzE/jLrtGgWQ= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1602791818; h=Content-Type:Content-Transfer-Encoding:Date:From:MIME-Version:Message-ID:Subject:To; bh=6qQE5g7h8OBKsjFPmlzZx2etyeeKAkXEMV751JHL4n0=; b=Ssw3zXV/v6E9ndJhkjWv7D86SFJ51KB8zepj/R310yc53FEk000D8UVIumjx7er5/0mO8jAmTUZMeCDntL6YYa6B2TiH0CDGpWuMYa4RwcQeHAsE/yXQdReSoVtsaiZG/CCUvfkJYm9CadEXAtzS1clyhFDNUvf4nRX0umkxWFI= ARC-Authentication-Results: i=1; mx.zohomail.com; spf=pass smtp.mailfrom=tim@vanderstaaij.email; dmarc=pass header.from= header.from= Date: Thu, 15 Oct 2020 21:56:56 +0200 From: Tim van der Staaij To: "musl" Message-ID: <1752dd63ca0.f45c706c130962.3068699904194055827@tim.vanderstaaij.email> In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 7bit Importance: Medium User-Agent: Zoho Mail X-Mailer: Zoho Mail Subject: [musl] [PATCH] crypt: support $2b$ prefix for blowfish 2b is functionally equivalent to 2y, i.e. no known bugs at this time. openbsd, which created the original bcrypt implementation, and several other implementations use this prefix since 2014: https://marc.info/?l=openbsd-misc&m=139320023202696 --- src/crypt/crypt_blowfish.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/src/crypt/crypt_blowfish.c b/src/crypt/crypt_blowfish.c index d3f79851..a5feffe7 100644 --- a/src/crypt/crypt_blowfish.c +++ b/src/crypt/crypt_blowfish.c @@ -533,6 +533,7 @@ static void BF_set_key(const char *key, BF_key expanded, BF_key initial, * Valid combinations of settings are: * * Prefix "$2a$": bug = 0, safety = 0x10000 + * Prefix "$2b$": bug = 0, safety = 0 * Prefix "$2x$": bug = 1, safety = 0 * Prefix "$2y$": bug = 0, safety = 0 */ @@ -600,7 +601,7 @@ static char *BF_crypt(const char *key, const char *setting, char *output, BF_word min) { static const unsigned char flags_by_subtype[26] = - {2, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + {2, 4, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 4, 0}; struct { BF_ctx ctx; @@ -748,7 +749,7 @@ char *__crypt_blowfish(const char *key, const char *setting, char *output) const char *test_setting = "$2a$00$abcdefghijklmnopqrstuu"; static const char test_hash[2][34] = {"VUrPmXD6q/nVSSp7pNDhCR9071IfIRe\0\x55", /* $2x$ */ - "i1D709vfamulimlGcq0qq3UvuUasvEa\0\x55"}; /* $2a$, $2y$ */ + "i1D709vfamulimlGcq0qq3UvuUasvEa\0\x55"}; /* $2a$, $2b$, $2y$ */ char *retval; const char *p; int ok; @@ -777,14 +778,14 @@ char *__crypt_blowfish(const char *key, const char *setting, char *output) ok = (p == buf.o && !memcmp(p, buf.s, 7 + 22) && !memcmp(p + (7 + 22), - test_hash[buf.s[2] & 1], + test_hash[buf.s[2] != 'x'], 31 + 1 + 1 + 1)); { const char *k = "\xff\xa3" "34" "\xff\xff\xff\xa3" "345"; BF_key ae, ai, ye, yi; BF_set_key(k, ae, ai, 2); /* $2a$ */ - BF_set_key(k, ye, yi, 4); /* $2y$ */ + BF_set_key(k, ye, yi, 4); /* $2b$, $2y$ */ ai[0] ^= 0x10000; /* undo the safety (for comparison) */ ok = ok && ai[0] == 0xdb9c59bc && ye[17] == 0x33343500 && !memcmp(ae, ye, sizeof(ae)) && -- 2.23.0