mailing list of musl libc
 help / color / mirror / code / Atom feed
* [musl] [PATCH] crypt: support $2b$ prefix for blowfish
@ 2020-10-15 19:56 Tim van der Staaij
  2020-10-15 20:32 ` Solar Designer
  0 siblings, 1 reply; 7+ messages in thread
From: Tim van der Staaij @ 2020-10-15 19:56 UTC (permalink / raw)
  To: musl

2b is functionally equivalent to 2y, i.e. no known bugs at this time.

openbsd, which created the original bcrypt implementation,
and several other implementations use this prefix since 2014:
https://marc.info/?l=openbsd-misc&m=139320023202696
---
 src/crypt/crypt_blowfish.c | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/src/crypt/crypt_blowfish.c b/src/crypt/crypt_blowfish.c
index d3f79851..a5feffe7 100644
--- a/src/crypt/crypt_blowfish.c
+++ b/src/crypt/crypt_blowfish.c
@@ -533,6 +533,7 @@ static void BF_set_key(const char *key, BF_key expanded, BF_key initial,
  * Valid combinations of settings are:
  *
  * Prefix "$2a$": bug = 0, safety = 0x10000
+ * Prefix "$2b$": bug = 0, safety = 0
  * Prefix "$2x$": bug = 1, safety = 0
  * Prefix "$2y$": bug = 0, safety = 0
  */
@@ -600,7 +601,7 @@ static char *BF_crypt(const char *key, const char *setting,
 	char *output, BF_word min)
 {
 	static const unsigned char flags_by_subtype[26] =
-		{2, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+		{2, 4, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
 		0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 4, 0};
 	struct {
 		BF_ctx ctx;
@@ -748,7 +749,7 @@ char *__crypt_blowfish(const char *key, const char *setting, char *output)
 	const char *test_setting = "$2a$00$abcdefghijklmnopqrstuu";
 	static const char test_hash[2][34] =
 		{"VUrPmXD6q/nVSSp7pNDhCR9071IfIRe\0\x55", /* $2x$ */
-		"i1D709vfamulimlGcq0qq3UvuUasvEa\0\x55"}; /* $2a$, $2y$ */
+		"i1D709vfamulimlGcq0qq3UvuUasvEa\0\x55"}; /* $2a$, $2b$, $2y$ */
 	char *retval;
 	const char *p;
 	int ok;
@@ -777,14 +778,14 @@ char *__crypt_blowfish(const char *key, const char *setting, char *output)
 	ok = (p == buf.o &&
 	    !memcmp(p, buf.s, 7 + 22) &&
 	    !memcmp(p + (7 + 22),
-	    test_hash[buf.s[2] & 1],
+	    test_hash[buf.s[2] != 'x'],
 	    31 + 1 + 1 + 1));
 
 	{
 		const char *k = "\xff\xa3" "34" "\xff\xff\xff\xa3" "345";
 		BF_key ae, ai, ye, yi;
 		BF_set_key(k, ae, ai, 2); /* $2a$ */
-		BF_set_key(k, ye, yi, 4); /* $2y$ */
+		BF_set_key(k, ye, yi, 4); /* $2b$, $2y$ */
 		ai[0] ^= 0x10000; /* undo the safety (for comparison) */
 		ok = ok && ai[0] == 0xdb9c59bc && ye[17] == 0x33343500 &&
 		    !memcmp(ae, ye, sizeof(ae)) &&
-- 
2.23.0





^ permalink raw reply	[flat|nested] 7+ messages in thread

end of thread, other threads:[~2020-10-18 16:12 UTC | newest]

Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-10-15 19:56 [musl] [PATCH] crypt: support $2b$ prefix for blowfish Tim van der Staaij
2020-10-15 20:32 ` Solar Designer
2020-10-15 20:59   ` Tim van der Staaij
2020-10-17 19:27     ` Solar Designer
2020-10-18  8:57       ` Julien Ramseier
2020-10-18 14:51         ` Tim van der Staaij
2020-10-18 16:12         ` Rich Felker

Code repositories for project(s) associated with this public inbox

	https://git.vuxu.org/mirror/musl/

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).