Added OpenBSD 5.5+ "$2b$" prefix support to crypt_blowfish (same as "$2y$")

CVS-ID: README 1.10 CVS-ID: crypt.3 1.10 CVS-ID: crypt_blowfish.c 1.31 CVS-ID: wrapper.c 1.23
2025-04-18 09:24:02 +03:00 · 2014-07-07 19:19:04 +04:00 · 2014-07-07 19:19:04 +04:00 · 3354bb81ee
commit 3354bb81ee
parent c98a6fa2d0
4 changed files with 54 additions and 42 deletions
--- a/10
+++ b/10
@ -1,8 +1,8 @@
 This is an implementation of a password hashing method, provided via the
-crypt(3) and a reentrant interface.  It is mostly compatible with
-OpenBSD's bcrypt.c (prefix "$2a$") by Niels Provos and David Mazieres.
-(Please refer to the included crypt(3) man page for information on
-compatibility issues.)
+crypt(3) and a reentrant interface.  It is fully compatible with
+OpenBSD's bcrypt.c for prefix "$2b$", originally by Niels Provos and
+David Mazieres.  (Please refer to the included crypt(3) man page for
+information on minor compatibility issues for other bcrypt prefixes.)

 I've placed this code in the public domain, with fallback to a
 permissive license.  Please see the comment in crypt_blowfish.c for
@ -65,4 +65,4 @@ routines as well.
 -- 
 Solar Designer <solar at openwall.com>

-$Owl: Owl/packages/glibc/crypt_blowfish/README,v 1.9 2011/07/16 21:48:45 solar Exp $
+$Owl: Owl/packages/glibc/crypt_blowfish/README,v 1.10 2014/07/07 15:19:04 solar Exp $
--- a/crypt.3
+++ b/crypt.3
@ -13,7 +13,7 @@
 .\" This manual page in its current form is intended for use on systems
 .\" based on the GNU C Library with crypt_blowfish patched into libcrypt.
 .\"
-.TH CRYPT 3 "July 16, 2011" "Openwall Project" "Library functions"
+.TH CRYPT 3 "July 7, 2014" "Openwall Project" "Library functions"
 .ad l
 .\" No macros in NAME to keep makewhatis happy.
 .SH NAME
@ -392,8 +392,8 @@ OpenBSD, and FreeBSD due to the use of David Burren's FreeSec library.
 .br
 This is Poul-Henning Kamp's MD5-based password hashing method originally
 developed for FreeBSD.
-It is currently supported on many free Unix-like systems, on Solaris 10,
-and it is a part of the official glibc.
+It is currently supported on many free Unix-like systems, on Solaris 10
+and newer, and it is part of the official glibc.
 Its main disadvantage is the fixed iteration count, which is already
 too low for the currently available hardware.
 .hash "$1$" "\e$1\e$[^$]{1,8}\e$[./0-9A-Za-z]{22}" unlimited 8 "" 128 "6 to 48" 1000
@ -404,8 +404,8 @@ too low for the currently available hardware.
 .B bcrypt
 was originally developed by Niels Provos and David Mazieres for OpenBSD
 and is also supported on recent versions of FreeBSD and NetBSD,
-on Solaris 10, and on several GNU/*/Linux distributions.
-It is, however, not a part of the official glibc.
+on Solaris 10 and newer, and on several GNU/*/Linux distributions.
+It is, however, not part of the official glibc.
 .PP
 While both
 .B bcrypt
@ -414,7 +414,7 @@ and the BSDI-style DES-based hashing offer a variable iteration count,
 may scale to even faster hardware, doesn't allow for certain optimizations
 specific to password cracking only, doesn't have the effective key size
 limitation, and uses 8-bit characters in passwords.
-.hash "$2y$" "\e$2[axy]\e$[0-9]{2}\e$[./A-Za-z0-9]{53}" 72 8 "" 184 128 "2**4 to 2**99 (current implementations are limited to 2**31 iterations)"
+.hash "$2b$" "\e$2[abxy]\e$[0-9]{2}\e$[./A-Za-z0-9]{53}" 72 8 "" 184 128 "2**4 to 2**99 (current implementations are limited to 2**31 iterations)"
 .PP
 With
 .BR bcrypt ,
@ -432,20 +432,21 @@ the 8th bit set.
 Besides fixing the bug,
 to provide for upgrade strategies for existing systems, two new prefixes were
 introduced: "$2x$", which fully re-introduces the bug, and "$2y$", which
-guarantees correct handling of both 7- and 8-bit characters (same as OpenBSD's
-"$2a$").
+guarantees correct handling of both 7- and 8-bit characters.
+OpenBSD 5.5 introduced the "$2b$" prefix for behavior that exactly matches
+crypt_blowfish's "$2y$", and current crypt_blowfish supports it as well.
 Unfortunately, the behavior of "$2a$" on password characters with the 8th bit
 set has to be considered system-specific.
-When generating new password hashes, the "$2y$" prefix should be used.
+When generating new password hashes, the "$2b$" or "$2y$" prefix should be used.
 (If such hashes ever need to be migrated to a system that does not yet support
-this new prefix, the prefix in migrated copies of the already-generated hashes
-may be changed to "$2a$".)
+these new prefixes, the prefix in migrated copies of the already-generated
+hashes may be changed to "$2a$".)
 .PP
 .crypt_gensalt and
-support the "$2y$" and "$2a$" prefixes (the latter for legacy programs or
-configurations), but not "$2x$" (which must not be used for new hashes).
+support the "$2b$", "$2y$", and "$2a$" prefixes (the latter for legacy programs
+or configurations), but not "$2x$" (which must not be used for new hashes).
 .crypt and
-support all three of these prefixes.
+support all four of these prefixes.
 .SH PORTABILITY NOTES
 Programs using any of these functions on a glibc 2.x system must be
 linked against
@ -480,7 +481,7 @@ function on HP-UX and MKS Toolkit, but the prototypes and semantics differ.
 is an Openwall extension.
 There's also a
 .B crypt_gensalt
-function on Solaris 10, but the prototypes and semantics differ.
+function on Solaris 10 and newer, but the prototypes and semantics differ.
 .PP
 .BR crypt_rn ,
 .BR crypt_ra ,
--- a/crypt_blowfish.c
+++ b/crypt_blowfish.c
@ -7,11 +7,11 @@
 * and crypt(3) interfaces added, but optimizations specific to password
 * cracking removed.
 *
- * Written by Solar Designer <solar at openwall.com> in 1998-2011.
+ * Written by Solar Designer <solar at openwall.com> in 1998-2014.
 * No copyright is claimed, and the software is hereby placed in the public
 * domain.  In case this attempt to disclaim copyright and place the software
 * in the public domain is deemed null and void, then the software is
- * Copyright (c) 1998-2011 Solar Designer and it is hereby released to the
+ * Copyright (c) 1998-2014 Solar Designer and it is hereby released to the
 * general public under the following terms:
 *
 * Redistribution and use in source and binary forms, with or without
@ -27,12 +27,12 @@
 * you place this code and any modifications you make under a license
 * of your choice.
 *
- * This implementation is mostly compatible with OpenBSD's bcrypt.c (prefix
- * "$2a$") by Niels Provos <provos at citi.umich.edu>, and uses some of his
- * ideas.  The password hashing algorithm was designed by David Mazieres
- * <dm at lcs.mit.edu>.  For more information on the level of compatibility,
- * please refer to the comments in BF_set_key() below and to the included
- * crypt(3) man page.
+ * This implementation is fully compatible with OpenBSD's bcrypt.c for prefix
+ * "$2b$", originally by Niels Provos <provos at citi.umich.edu>, and it uses
+ * some of his ideas.  The password hashing algorithm was designed by David
+ * Mazieres <dm at lcs.mit.edu>.  For information on the level of
+ * compatibility for bcrypt hash prefixes other than "$2b$", please refer to
+ * the comments in BF_set_key() below and to the included crypt(3) man page.
 *
 * There's a paper on the algorithm that explains its design decisions:
 *
@ -578,6 +578,7 @@ static void BF_set_key(const char *key, BF_key expanded, BF_key initial,
 * Valid combinations of settings are:
 *
 * Prefix "$2a$": bug = 0, safety = 0x10000
+ * Prefix "$2b$": bug = 0, safety = 0
 * Prefix "$2x$": bug = 1, safety = 0
 * Prefix "$2y$": bug = 0, safety = 0
 */
@ -641,6 +642,10 @@ static void BF_set_key(const char *key, BF_key expanded, BF_key initial,
 	initial[0] ^= sign;
 }

+static const unsigned char flags_by_subtype[26] =
+	{2, 4, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 4, 0};
+
 static char *BF_crypt(const char *key, const char *setting,
 	char *output, int size,
 	BF_word min)
@ -648,9 +653,6 @@ static char *BF_crypt(const char *key, const char *setting,
 #if BF_ASM
 	extern void _BF_body_r(BF_ctx *ctx);
 #endif
-	static const unsigned char flags_by_subtype[26] =
-		{2, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
-		0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 4, 0};
 	struct {
 		BF_ctx ctx;
 		BF_key expanded_key;
@ -816,9 +818,10 @@ char *_crypt_blowfish_rn(const char *key, const char *setting,
 {
 	const char *test_key = "8b \xd0\xc1\xd2\xcf\xcc\xd8";
 	const char *test_setting = "$2a$00$abcdefghijklmnopqrstuu";
-	static const char * const test_hash[2] =
-		{"VUrPmXD6q/nVSSp7pNDhCR9071IfIRe\0\x55", /* $2x$ */
-		"i1D709vfamulimlGcq0qq3UvuUasvEa\0\x55"}; /* $2a$, $2y$ */
+	static const char * const test_hashes[2] =
+		{"i1D709vfamulimlGcq0qq3UvuUasvEa\0\x55", /* 'a', 'b', 'y' */
+		"VUrPmXD6q/nVSSp7pNDhCR9071IfIRe\0\x55"}; /* 'x' */
+	const char *test_hash = test_hashes[0];
 	char *retval;
 	const char *p;
 	int save_errno, ok;
@ -840,17 +843,19 @@ char *_crypt_blowfish_rn(const char *key, const char *setting,
 * detected by the self-test.
 */
 	memcpy(buf.s, test_setting, sizeof(buf.s));
-	if (retval)
+	if (retval) {
+		unsigned int flags = flags_by_subtype[
+		    (unsigned int)(unsigned char)setting[2] - 'a'];
+		test_hash = test_hashes[flags & 1];
 		buf.s[2] = setting[2];
+	}
 	memset(buf.o, 0x55, sizeof(buf.o));
 	buf.o[sizeof(buf.o) - 1] = 0;
 	p = BF_crypt(test_key, buf.s, buf.o, sizeof(buf.o) - (1 + 1), 1);

 	ok = (p == buf.o &&
 	    !memcmp(p, buf.s, 7 + 22) &&
-	    !memcmp(p + (7 + 22),
-	    test_hash[(unsigned int)(unsigned char)buf.s[2] & 1],
-	    31 + 1 + 1 + 1));
+	    !memcmp(p + (7 + 22), test_hash, 31 + 1 + 1 + 1));

 	{
 		const char *k = "\xff\xa3" "34" "\xff\xff\xff\xa3" "345";
@ -879,7 +884,7 @@ char *_crypt_gensalt_blowfish_rn(const char *prefix, unsigned long count,
 	if (size < 16 || output_size < 7 + 22 + 1 ||
 	    (count && (count < 4 || count > 31)) ||
 	    prefix[0] != '$' || prefix[1] != '2' ||
-	    (prefix[2] != 'a' && prefix[2] != 'y')) {
+	    (prefix[2] != 'a' && prefix[2] != 'b' && prefix[2] != 'y')) {
 		if (output_size > 0) output[0] = '\0';
 		__set_errno((output_size < 7 + 22 + 1) ? ERANGE : EINVAL);
 		return NULL;
--- a/wrapper.c
+++ b/wrapper.c
@ -1,9 +1,9 @@
 /*
- * Written by Solar Designer <solar at openwall.com> in 2000-2011.
+ * Written by Solar Designer <solar at openwall.com> in 2000-2014.
 * No copyright is claimed, and the software is hereby placed in the public
 * domain.  In case this attempt to disclaim copyright and place the software
 * in the public domain is deemed null and void, then the software is
- * Copyright (c) 2000-2011 Solar Designer and it is hereby released to the
+ * Copyright (c) 2000-2014 Solar Designer and it is hereby released to the
 * general public under the following terms:
 *
 * Redistribution and use in source and binary forms, with or without
@ -210,7 +210,8 @@ char *__crypt_gensalt_rn(const char *prefix, unsigned long count,
 		return NULL;
 	}

-	if (!strncmp(prefix, "$2a$", 4) || !strncmp(prefix, "$2y$", 4))
+	if (!strncmp(prefix, "$2a$", 4) || !strncmp(prefix, "$2b$", 4) ||
+	    !strncmp(prefix, "$2y$", 4))
 		use = _crypt_gensalt_blowfish_rn;
 	else
 	if (!strncmp(prefix, "$1$", 3))
@ -293,10 +294,14 @@ static const char *tests[][3] = {
 		"\xff\xff\xa3"},
 	{"$2a$05$/OK.fbVrR/bpIqNJ5ianF.nqd1wy.pTMdcvrRWxyiGL2eMz.2a85.",
 		"\xff\xff\xa3"},
+	{"$2b$05$/OK.fbVrR/bpIqNJ5ianF.CE5elHaaO4EbggVDjb8P19RukzXSM3e",
+		"\xff\xff\xa3"},
 	{"$2y$05$/OK.fbVrR/bpIqNJ5ianF.Sa7shbm4.OzKpvFnX1pQLmQW96oUlCq",
 		"\xa3"},
 	{"$2a$05$/OK.fbVrR/bpIqNJ5ianF.Sa7shbm4.OzKpvFnX1pQLmQW96oUlCq",
 		"\xa3"},
+	{"$2b$05$/OK.fbVrR/bpIqNJ5ianF.Sa7shbm4.OzKpvFnX1pQLmQW96oUlCq",
+		"\xa3"},
 	{"$2x$05$/OK.fbVrR/bpIqNJ5ianF.o./n25XVfn6oAPaUvHe.Csk4zRfsYPi",
 		"1\xa3" "345"},
 	{"$2x$05$/OK.fbVrR/bpIqNJ5ianF.o./n25XVfn6oAPaUvHe.Csk4zRfsYPi",
@ -347,6 +352,7 @@ static const char *tests[][3] = {
 		""},
 	{"*0", "", "$2a$03$CCCCCCCCCCCCCCCCCCCCC."},
 	{"*0", "", "$2a$32$CCCCCCCCCCCCCCCCCCCCC."},
+	{"*0", "", "$2c$05$CCCCCCCCCCCCCCCCCCCCC."},
 	{"*0", "", "$2z$05$CCCCCCCCCCCCCCCCCCCCC."},
 	{"*0", "", "$2`$05$CCCCCCCCCCCCCCCCCCCCC."},
 	{"*0", "", "$2{$05$CCCCCCCCCCCCCCCCCCCCC."},