Add compatibility with $2y$ bcrypt hashes

crypt_blowfish and many implementations based on it (Apache, PHP, PostgreSQL) implemented $2y$ before OpenBSD went with $2b$. This changes marks them as equivalent. http://www.openwall.com/lists/announce/2011/07/17/1 This change is required for applications that use the base crypt() implementation (including nginx) to be able to validate $2y$ hashes Reviewed by: eadler Approved by: delphij MFC after: 1 week Relnotes: yes Sponsored by: ScaleEngine Inc. Differential Revision: https://reviews.freebsd.org/D2742
2015-06-16 23:57:29 +00:00 · 2015-06-16 23:57:29 +00:00 · a3b20e50a9
commit a3b20e50a9
parent 71e221e8b4
1 changed files with 3 additions and 0 deletions
--- a/secure/lib/libcrypt/crypt-blowfish.c
+++ b/secure/lib/libcrypt/crypt-blowfish.c
@ -167,6 +167,9 @@ crypt_blowfish(const char *key, const char *salt)
 			 switch (salt[1]) {
 			 case 'a':	/* 'ab' should not yield the same as 'abab' */
 			 case 'b':	/* cap input length at 72 bytes */
+			 case 'y':	/* same as 'b', for compatibility
+					 * with openwall crypt_blowfish
+					 */
 				 minr = salt[1];
 				 salt++;
 				 break;