#
c840f715 |
| 23-Jan-2023 |
Tim Düsterhus |
crypt: Fix validation of malformed BCrypt hashes PHP’s implementation of crypt_blowfish differs from the upstream Openwall version by adding a “PHP Hack”, which allows one to cut short t
crypt: Fix validation of malformed BCrypt hashes PHP’s implementation of crypt_blowfish differs from the upstream Openwall version by adding a “PHP Hack”, which allows one to cut short the BCrypt salt by including a `$` character within the characters that represent the salt. Hashes that are affected by the “PHP Hack” may erroneously validate any password as valid when used with `password_verify` and when comparing the return value of `crypt()` against the input. The PHP Hack exists since the first version of PHP’s own crypt_blowfish implementation that was added in 1e820eca02dcf322b41fd2fe4ed2a6b8309f8ab5. No clear reason is given for the PHP Hack’s existence. This commit removes it, because BCrypt hashes containing a `$` character in their salt are not valid BCrypt hashes.
show more ...
|
#
4a2ae841 |
| 07-Sep-2020 |
Dmitry Stogov |
Add "const". Move constant strings to read-only memory.
|
#
19d3e29b |
| 23-Jun-2020 |
Alex Dowad |
Clean house in cryptographic hashing code - Remove dead code from php_crypt_r.c This code has been commented out since the file was added in 2008. It's safe to say that no-o
Clean house in cryptographic hashing code - Remove dead code from php_crypt_r.c This code has been commented out since the file was added in 2008. It's safe to say that no-one is ever going to use it. - Fix typo in comment in php_crypt_r.c - Remove redundant Windows-only implementation of php_md5_crypt_r There is a portable implementation in the same file, which is selected if not building for Windows. But why should Windows have its own special implementation of this function at all? There doesn't seem to be any good reason. Better to use the portable implementation on all platforms. - Don't define useless __CONST macro in php_crypt_r.h This preprocessor macro is not used anywhere. - Add comment on functions for encoding data as Base64 - Remove dead code from crypt_blowfish.h - Remove unneeded junk comments from crypt_freesec.c - Remove dead code from crypt_blowfish.c This function has been commented out since 2011.
show more ...
|
#
389c2b43 |
| 05-May-2020 |
George Peter Banyard |
Drop BF_ASM constant as it's always 0 Closes GH-5531
|
Revision tags: php-7.3.13RC1, php-7.2.26RC1, php-7.4.0, php-7.2.25, php-7.3.12, php-7.4.0RC6, php-7.3.12RC1, php-7.2.25RC1, php-7.4.0RC5, php-7.1.33, php-7.2.24, php-7.3.11, php-7.4.0RC4, php-7.3.11RC1, php-7.2.24RC1, php-7.4.0RC3, php-7.2.23, php-7.3.10, php-7.4.0RC2, php-7.2.23RC1, php-7.3.10RC1, php-7.4.0RC1, php-7.1.32, php-7.2.22, php-7.3.9, php-7.4.0beta4, php-7.2.22RC1, php-7.3.9RC1, php-7.4.0beta2, php-7.1.31, php-7.2.21, php-7.3.8, php-7.4.0beta1, php-7.2.21RC1, php-7.3.8RC1, php-7.4.0alpha3, php-7.3.7, php-7.2.20, php-7.4.0alpha2, php-7.3.7RC3, php-7.3.7RC2, php-7.2.20RC2, php-7.4.0alpha1, php-7.3.7RC1, php-7.2.20RC1, php-7.2.19, php-7.3.6, php-7.1.30, php-7.2.19RC1, php-7.3.6RC1, php-7.1.29, php-7.2.18, php-7.3.5, php-7.2.18RC1, php-7.3.5RC1, php-7.2.17, php-7.3.4, php-7.1.28, php-7.3.4RC1, php-7.2.17RC1, php-7.1.27, php-7.3.3, php-7.2.16, php-7.3.3RC1, php-7.2.16RC1, php-7.2.15, php-7.3.2, php-7.2.15RC1, php-7.3.2RC1, php-5.6.40, php-7.1.26, php-7.3.1, php-7.2.14, php-7.2.14RC1, php-7.3.1RC1, php-5.6.39, php-7.1.25, php-7.2.13, php-7.0.33, php-7.3.0, php-7.1.25RC1, php-7.2.13RC1, php-7.3.0RC6, php-7.1.24, php-7.2.12, php-7.3.0RC5, php-7.1.24RC1, php-7.2.12RC1, php-7.3.0RC4, php-7.1.23, php-7.2.11, php-7.3.0RC3, php-7.1.23RC1, php-7.2.11RC1, php-7.3.0RC2, php-5.6.38, php-7.1.22, php-7.3.0RC1, php-7.2.10, php-7.0.32, php-7.1.22RC1, php-7.3.0beta3, php-7.2.10RC1, php-7.1.21, php-7.2.9, php-7.3.0beta2, php-7.1.21RC1, php-7.3.0beta1, php-7.2.9RC1, php-5.6.37, php-7.1.20, php-7.3.0alpha4, php-7.0.31, php-7.2.8, php-7.1.20RC1, php-7.2.8RC1, php-7.3.0alpha3 |
|
#
8d3f8ca1 |
| 03-Jul-2018 |
Peter Kokot |
Remove unused Git attributes ident The $Id$ keywords were used in Subversion where they can be substituted with filename, last revision number change, last changed date, and last use
Remove unused Git attributes ident The $Id$ keywords were used in Subversion where they can be substituted with filename, last revision number change, last changed date, and last user who changed it. In Git this functionality is different and can be done with Git attribute ident. These need to be defined manually for each file in the .gitattributes file and are afterwards replaced with 40-character hexadecimal blob object name which is based only on the particular file contents. This patch simplifies handling of $Id$ keywords by removing them since they are not used anymore.
show more ...
|
Revision tags: php-7.3.0alpha2, php-7.1.19, php-7.2.7, php-7.1.19RC1, php-7.3.0alpha1, php-7.2.7RC1, php-7.1.18, php-7.2.6, php-7.2.6RC1, php-7.1.18RC1, php-5.6.36, php-7.2.5, php-7.1.17, php-7.0.30, php-7.1.17RC1, php-7.2.5RC1, php-5.6.35, php-7.0.29, php-7.2.4, php-7.1.16, php-7.1.16RC1, php-7.2.4RC1, php-7.1.15, php-5.6.34, php-7.2.3, php-7.0.28, php-7.2.3RC1, php-7.1.15RC1, php-7.1.14, php-7.2.2, php-7.1.14RC1, php-7.2.2RC1, php-7.1.13, php-5.6.33, php-7.2.1, php-7.0.27, php-7.2.1RC1, php-7.1.13RC1, php-7.0.27RC1, php-7.2.0, php-7.1.12, php-7.0.26, php-7.1.12RC1, php-7.2.0RC6, php-7.0.26RC1, php-7.1.11, php-5.6.32, php-7.2.0RC5, php-7.0.25, php-7.1.11RC1, php-7.2.0RC4, php-7.0.25RC1, php-7.1.10, php-7.2.0RC3, php-7.0.24, php-7.2.0RC2, php-7.1.10RC1, php-7.0.24RC1, php-7.1.9, php-7.2.0RC1, php-7.0.23, php-7.1.9RC1, php-7.2.0beta3, php-7.0.23RC1, php-7.1.8, php-7.2.0beta2, php-7.0.22, php-7.1.8RC1, php-7.2.0beta1, php-7.0.22RC1, php-5.6.31, php-7.0.21, php-7.1.7, php-7.2.0alpha3, php-7.1.7RC1, php-7.0.21RC1, php-7.2.0alpha2, php-7.1.6, php-7.2.0alpha1, php-7.0.20, php-7.1.6RC1, php-7.0.20RC1, php-7.1.5, php-7.0.19, php-7.0.19RC1, php-7.1.5RC1, php-7.1.4, php-7.0.18, php-7.1.4RC1, php-7.0.18RC1, php-7.1.3, php-7.0.17, php-7.1.3RC1, php-7.0.17RC1, php-7.1.2, php-7.0.16, php-7.0.16RC1, php-7.1.2RC1, php-5.6.30, php-7.0.15, php-5.6.30RC1, php-7.1.1RC1, php-7.0.15RC1, php-7.1.1, php-5.6.29, php-7.0.14, php-7.1.0, php-5.6.29RC1, php-7.0.14RC1, php-7.1.0RC6, php-5.6.28, php-7.0.13, php-5.6.28RC1, php-7.1.0RC5, php-7.0.13RC1, php-7.1.0RC4, php-5.6.27, php-7.0.12, php-7.1.0RC3, php-5.6.27RC1, php-7.0.12RC1, php-5.6.26, php-7.1.0RC2, php-7.0.11 |
|
#
669fda00 |
| 10-Sep-2016 |
Anatol Belski |
Bug #73058 crypt broken when salt is 'too' long
|
Revision tags: php-5.6.26RC1, php-7.1.0RC1, php-7.0.11RC1, php-7.1.0beta3, php-5.6.25, php-7.0.10, php-7.1.0beta2, php-5.6.25RC1, php-7.0.10RC1, php-7.1.0beta1, php-5.6.24, php-7.0.9, php-5.5.38, php-5.6.24RC1, php-7.1.0alpha3, php-7.0.9RC1, php-7.1.0alpha2, php-7.0.8, php-5.6.23, php-5.5.37, php-5.6.23RC1, php-7.0.8RC1, php-7.1.0alpha1, php-5.6.22, php-5.5.36, php-7.0.7, php-5.6.22RC1, php-7.0.7RC1, php-7.0.6, php-5.6.21, php-5.5.35, php-5.6.21RC1, php-7.0.6RC1, php-5.6.20, php-5.5.34, php-7.0.5, php-5.6.20RC1, php-7.0.5RC1, php-5.6.19, php-5.5.33, php-7.0.4, php-5.6.19RC1, php-7.0.4RC1, php-5.6.18, php-7.0.3, php-5.5.32, php-5.6.18RC1, php-7.0.3RC1, php-5.6.17, php-5.5.31, php-7.0.2, php-7.0.2RC1, php-5.6.17RC1, php-7.0.1RC1, php-7.0.0, php-5.6.16, php-7.0.0RC8, php-7.0.0RC7, php-5.6.16RC1, php-5.6.15, php-7.0.0RC6, php-7.0.1, php-5.6.15RC1, php-7.0.0RC5, php-5.5.30, php-5.6.14, php-7.0.0RC4, php-5.6.14RC1, php-7.0.0RC3, php-5.6.13, php-7.0.0RC2, php-5.5.29, php-5.4.45, php-5.6.13RC1, php-7.0.0RC1, php-5.6.12, php-5.5.28, php-7.0.0beta3, php-5.4.44, php-5.6.12RC1, php-7.0.0beta2, php-7.0.0beta1, php-5.6.11, php-5.5.27, php-5.4.43, php-5.6.11RC1, php-5.5.27RC1, php-7.0.0alpha2, php-5.5.26, php-7.0.0alpha1, php-5.6.10, php-5.4.42, POST_PHP7_NSAPI_REMOVAL, PRE_PHP7_NSAPI_REMOVAL, php-5.6.10RC1, php-5.5.26RC1, php-5.5.25, php-5.6.9, php-5.4.41, php-5.6.9RC1, php-5.5.25RC1, php-5.6.8, php-5.5.24, php-5.4.40, php-5.6.8RC1, php-5.5.24RC1, php-5.6.7, php-5.5.23, php-5.4.39, php-5.6.7RC1, php-5.5.23RC1, POST_PHP7_EREG_MYSQL_REMOVALS, PRE_PHP7_EREG_MYSQL_REMOVALS, php-5.6.6, php-5.5.22, php-5.4.38, POST_PHP7_REMOVALS, PRE_PHP7_REMOVALS, php-5.6.6RC1, php-5.5.22RC1, php-5.5.21, php-5.6.5, php-5.4.37 |
|
#
fc33f52d |
| 15-Jan-2015 |
Xinchen Hui |
bump year
|
#
0579e827 |
| 15-Jan-2015 |
Xinchen Hui |
bump year
|
#
73c1be26 |
| 15-Jan-2015 |
Xinchen Hui |
Bump year
|
Revision tags: php-5.5.21RC1, php-5.6.5RC1, POST_NATIVE_TLS_MERGE, PRE_NATIVE_TLS_MERGE, php-5.5.20, php-5.4.36, php-5.6.4, php-5.6.4RC1, php-5.5.20RC1, php-5.6.3, php-5.5.19, php-5.4.35, php-5.6.3RC1, php-5.5.19RC1, php-5.5.18, php-5.4.34 |
|
#
29f51e1c |
| 07-Oct-2014 |
Leigh |
Upgrade crypt_blowfish to version 1.3
|
#
e331f9af |
| 07-Oct-2014 |
Leigh |
Upgrade crypt_blowfish to version 1.3
|
Revision tags: php-5.5.18RC1, php-5.6.1, php-5.6.2, php-5.4.33, php-5.5.17, php-5.6.1RC1, php-5.5.17RC1, php-5.4.33RC1, php-5.6.0, POST_AST_MERGE, PRE_AST_MERGE, POST_64BIT_BRANCH_MERGE, PRE_64BIT_BRANCH_MERGE, php-5.5.16, php-5.4.32, POST_PHPNG_MERGE, PRE_PHPNG_MERGE, php-5.6.0RC4, php-5.3.29, php-5.5.16RC1, php-5.4.32RC1, php-5.3.29RC1, php-5.6.0RC3, php-5.5.15, php-5.4.31, php-5.4.31RC1, php-5.5.15RC1, php-5.6.0RC2, php-5.4.30, php-5.5.14, php-5.6.0RC1, php-5.5.14RC1, php-5.4.30RC1, php-5.6.0beta4, php-5.4.29, php-5.5.13, php-5.5.13RC1, php-5.6.0beta3, php-5.4.29RC1, php-5.6.0beta2, php-5.5.12, php-5.4.28, php-5.4.28RC1, php-5.5.12RC1, php-5.6.0beta1, php-5.4.27, php-5.5.11, php-5.5.11RC1, php-5.4.27RC1, php-5.5.10, php-5.4.26, php-5.6.0alpha3, php-5.4.26RC1, php-5.5.10RC1, php-5.6.0alpha2, php-5.5.9, php-5.4.25, php-5.5.9RC1, php-5.4.25RC1, php-5.6.0alpha1, php-5.5.8, php-5.4.24, php-5.4.24RC1, php-5.5.8RC1, php-5.5.7, php-5.4.23, php-5.3.28, php-5.5.7RC1, php-5.4.23RC1, php-5.4.22, php-5.5.6, php-5.4.22RC1, php-5.5.6RC1, php-5.4.21, php-5.5.5, php-5.4.21RC1, php-5.5.5RC1, php-5.5.4, php-5.4.20, php-5.5.4RC1, php-5.4.20RC1, php-5.5.3, php-5.4.19, php-5.5.2, php-5.4.18, php-5.5.2RC1, php-5.4.18RC2, php-5.5.1, php-5.4.18RC1, php-5.3.27, php-5.4.17, php-5.5.0, php-5.3.27RC1, php-5.4.17RC1, php-5.5.0RC3, php-5.3.26, php-5.4.16, php-5.5.0RC2, php-5.3.26RC1, php-5.4.16RC1, php-5.5.0RC1, php-5.3.25, php-5.4.15, php-5.3.25RC1, php-5.5.0beta4, php-5.4.15RC1, php-5.4.14, php-5.3.24, php-5.5.0beta3, php-5.3.24RC1, php-5.4.14RC1, php-5.5.0beta2, php-5.5.0beta1, php-5.3.23, php-5.4.13, php-5.5.0alpha6, php-5.3.23RC1, php-5.4.13RC1, php-5.3.22, php-5.5.0alpha5, php-5.4.12, php-5.3.22RC2, php-5.4.12RC2, php-5.3.22RC1, php-5.4.12RC1, php-5.5.0alpha4, php-5.3.21, php-5.4.11, php-5.5.0alpha3, php-5.3.21RC1, php-5.4.11RC1, php-5.3.20, php-5.4.10, php-5.5.0alpha2, php-5.3.20RC1, php-5.4.10RC1, php-5.3.19, php-5.4.9, php-5.5.0alpha1, php-5.3.19RC1, php-5.4.9RC1, php-5.3.18, php-5.4.8, php-5.3.18RC1, php-5.4.8RC1, php-5.3.17, php-5.4.7, php-5.4.7RC1, php-5.3.16, php-5.4.6, php-5.4.6RC1, php-5.4.5, php-5.3.15, php-5.3.15RC1, php-5.4.5RC1, php-5.3.14, php-5.4.4, php-5.3.14RC2, php-5.4.4RC2, php-5.3.14RC1, php-5.4.4RC1, php-5.3.13, php-5.4.3, php-5.4.2, php-5.3.12, php-5.3.11, php-5.4.1, php-5.3.11RC2, php-5.4.1RC2, php-5.3.11RC1, php-5.4.1RC1, PHP-5.4.1-RC1, php-5.4.0, php-5.4.0RC8, php-5.3.10, php-5.4.0RC7, php-5.4.0RC6, php-5.3.9, php-5.4.0RC5, php-5.3.9RC4, php-5.4.0RC4, php-5.3.9RC3, php-5.4.0RC3, php-5.3.9RC2, php-5.4.0RC2, php-5.4.0RC1, php-5.3.9RC1, php-5.4.0beta2, php-5.4.0beta1, yaf-2.1.0, php-5.3.8, php-5.3.7, php-5.3.7RC5, php-5.4.0alpha3, php-5.3.7RC4 |
|
#
8280b0a7 |
| 18-Jul-2011 |
Pierre Joye |
- update blowfish to 1.2 (Solar Designer)
|
#
264e5c05 |
| 18-Jul-2011 |
Pierre Joye |
- update blowfish to 1.2 (Solar Designer)
|
#
03315d96 |
| 18-Jul-2011 |
Pierre Joye |
- update blowfish to 1.2 (Solar Designer)
|
Revision tags: php-5.3.7RC3, php-5.4.0alpha2, php-5.3.7RC2 |
|
#
b158091e |
| 26-Jun-2011 |
Stanislav Malyshev |
Fix crypt_blowfish 8-bit chars problem (CVE-2011-2483), add tests # See details at http://www.openwall.com/lists/announce/2011/06/21/1
|
#
3acd5811 |
| 26-Jun-2011 |
Stanislav Malyshev |
Fix crypt_blowfish 8-bit chars problem (CVE-2011-2483), add tests # See details at http://www.openwall.com/lists/announce/2011/06/21/1
|
Revision tags: php-5.4.0alpha1, php-5.3.7RC1, php-5.3.6, php-5.3.6RC3, php-5.3.6RC2, php-5.3.6RC1, php-5.2.17, php-5.3.5, php-5.2.16, php-5.2.15, php-5.3.4, php-5.2.15RC2, php-5.3.4RC2, php-5.3.4RC1, php-5.2.15RC1, PHP_5_2_15RC1 |
|
#
cb500110 |
| 23-Sep-2010 |
Kalle Sommer Nielsen |
Fixed compiler warnings in the standard library
|
Revision tags: oci8-1.4.3, php-5.2.14, php-5.3.3, php-5.3.3RC3, php-5.2.14RC3, php-5.3.3RC2, php-5.2.14RC2, php-5.3.3RC1, php-5.2.14RC1, php-5.3.2, php-5.2.13, php-5.3.2RC3 |
|
#
c402adc3 |
| 21-Feb-2010 |
Pierre Joye |
- Corrected the sanity check of the "setting" string in _crypt_blowfish_rn() to reject iteration counts encoded as 36 through 39. Previously, these would be misinterpreted as being the s
- Corrected the sanity check of the "setting" string in _crypt_blowfish_rn() to reject iteration counts encoded as 36 through 39. Previously, these would be misinterpreted as being the same as 04 through 07. (Solar Designer)
show more ...
|
Revision tags: php-5.3.2RC2, php-5.2.13RC2, php-5.2.13RC1, php-5.3.2RC1, php-5.2.12, php-5.2.12RC4, php-5.2.12RC3, php-5.2.12RC2, php-5.3.1, php-5.3.1RC4, php-5.2.12RC1, php-5.3.1RC3, php-5.3.1RC2, oci8-1.4.0, php-5.2.11, php-5.2.11RC3, php-5.3.1RC1, php-5.2.11RC2, php-5.2.11RC1, php-5.3.0, php-5.3.0RC4, php-5.2.10, php-5.2.10RC2, php-5.3.0RC3 |
|
#
4cb1d57f |
| 08-Jun-2009 |
Pierre Joye |
- sync with 1.0.2, improve perf x86-64 (patch by Solar Designer)
|
Revision tags: php-5.2.10RC1, php-5.3.0RC2, php-5.3.0RC1, RELEASE_1_3_5, php-5.2.9, php-5.2.9RC3, php-5.2.9RC2, php-5.2.9RC1, php-5.3.0beta1, NEWS, php-5.2.8, BEFORE_HEAD_NS_CHANGES_MERGE, php-5.3.0alpha3, php-5.3.0alpha2, php-5.2.7, php-5.2.7RC5, php-5.2.7RC4, BEFORE_HEAD_NS_CHANGE, BEFORE_NS_RULES_CHANGE, php-5.2.7RC3, php-5.2.7RC2, php-5.2.7RC1, php-4.4.9, php-5.3.0alpha1 |
|
#
e30b1041 |
| 29-Jul-2008 |
Scott MacVicar |
Fix build where __const is already defined like OS X.
|
#
1e820eca |
| 28-Jul-2008 |
Pierre Joye |
-MFH: - #45430, windows implementation of crypt is not TS - add Blowfish (using implementation from Solar Designer <solar at openwal dot com>) and extended DES support - Make crypt fea
-MFH: - #45430, windows implementation of crypt is not TS - add Blowfish (using implementation from Solar Designer <solar at openwal dot com>) and extended DES support - Make crypt features portable: - if no crypt_r, php's implemetation is used (all algo and TS), php can't be used with unsafe crypt anymore - if one algo is missing, php's implemetation is used - Windows always use php's implementation - removed old code in windows/
show more ...
|