History log of /PHP-8.2/ext/standard/crypt_blowfish.c (Results 1 – 21 of 21)
Revision (<<< Hide revision tags) (Show revision tags >>>) Date Author Comments
# c840f715 23-Jan-2023 Tim Düsterhus

crypt: Fix validation of malformed BCrypt hashes

PHP’s implementation of crypt_blowfish differs from the upstream Openwall
version by adding a “PHP Hack”, which allows one to cut short t

crypt: Fix validation of malformed BCrypt hashes

PHP’s implementation of crypt_blowfish differs from the upstream Openwall
version by adding a “PHP Hack”, which allows one to cut short the BCrypt salt
by including a `$` character within the characters that represent the salt.

Hashes that are affected by the “PHP Hack” may erroneously validate any
password as valid when used with `password_verify` and when comparing the
return value of `crypt()` against the input.

The PHP Hack exists since the first version of PHP’s own crypt_blowfish
implementation that was added in 1e820eca02dcf322b41fd2fe4ed2a6b8309f8ab5.

No clear reason is given for the PHP Hack’s existence. This commit removes it,
because BCrypt hashes containing a `$` character in their salt are not valid
BCrypt hashes.

show more ...


# 4a2ae841 07-Sep-2020 Dmitry Stogov

Add "const". Move constant strings to read-only memory.


# 19d3e29b 23-Jun-2020 Alex Dowad

Clean house in cryptographic hashing code

- Remove dead code from php_crypt_r.c

This code has been commented out since the file was added in 2008. It's safe to say
that no-o

Clean house in cryptographic hashing code

- Remove dead code from php_crypt_r.c

This code has been commented out since the file was added in 2008. It's safe to say
that no-one is ever going to use it.

- Fix typo in comment in php_crypt_r.c

- Remove redundant Windows-only implementation of php_md5_crypt_r

There is a portable implementation in the same file, which is selected if not
building for Windows. But why should Windows have its own special implementation
of this function at all? There doesn't seem to be any good reason.

Better to use the portable implementation on all platforms.

- Don't define useless __CONST macro in php_crypt_r.h

This preprocessor macro is not used anywhere.

- Add comment on functions for encoding data as Base64

- Remove dead code from crypt_blowfish.h

- Remove unneeded junk comments from crypt_freesec.c

- Remove dead code from crypt_blowfish.c

This function has been commented out since 2011.

show more ...


# 389c2b43 05-May-2020 George Peter Banyard

Drop BF_ASM constant as it's always 0

Closes GH-5531


Revision tags: php-7.3.13RC1, php-7.2.26RC1, php-7.4.0, php-7.2.25, php-7.3.12, php-7.4.0RC6, php-7.3.12RC1, php-7.2.25RC1, php-7.4.0RC5, php-7.1.33, php-7.2.24, php-7.3.11, php-7.4.0RC4, php-7.3.11RC1, php-7.2.24RC1, php-7.4.0RC3, php-7.2.23, php-7.3.10, php-7.4.0RC2, php-7.2.23RC1, php-7.3.10RC1, php-7.4.0RC1, php-7.1.32, php-7.2.22, php-7.3.9, php-7.4.0beta4, php-7.2.22RC1, php-7.3.9RC1, php-7.4.0beta2, php-7.1.31, php-7.2.21, php-7.3.8, php-7.4.0beta1, php-7.2.21RC1, php-7.3.8RC1, php-7.4.0alpha3, php-7.3.7, php-7.2.20, php-7.4.0alpha2, php-7.3.7RC3, php-7.3.7RC2, php-7.2.20RC2, php-7.4.0alpha1, php-7.3.7RC1, php-7.2.20RC1, php-7.2.19, php-7.3.6, php-7.1.30, php-7.2.19RC1, php-7.3.6RC1, php-7.1.29, php-7.2.18, php-7.3.5, php-7.2.18RC1, php-7.3.5RC1, php-7.2.17, php-7.3.4, php-7.1.28, php-7.3.4RC1, php-7.2.17RC1, php-7.1.27, php-7.3.3, php-7.2.16, php-7.3.3RC1, php-7.2.16RC1, php-7.2.15, php-7.3.2, php-7.2.15RC1, php-7.3.2RC1, php-5.6.40, php-7.1.26, php-7.3.1, php-7.2.14, php-7.2.14RC1, php-7.3.1RC1, php-5.6.39, php-7.1.25, php-7.2.13, php-7.0.33, php-7.3.0, php-7.1.25RC1, php-7.2.13RC1, php-7.3.0RC6, php-7.1.24, php-7.2.12, php-7.3.0RC5, php-7.1.24RC1, php-7.2.12RC1, php-7.3.0RC4, php-7.1.23, php-7.2.11, php-7.3.0RC3, php-7.1.23RC1, php-7.2.11RC1, php-7.3.0RC2, php-5.6.38, php-7.1.22, php-7.3.0RC1, php-7.2.10, php-7.0.32, php-7.1.22RC1, php-7.3.0beta3, php-7.2.10RC1, php-7.1.21, php-7.2.9, php-7.3.0beta2, php-7.1.21RC1, php-7.3.0beta1, php-7.2.9RC1, php-5.6.37, php-7.1.20, php-7.3.0alpha4, php-7.0.31, php-7.2.8, php-7.1.20RC1, php-7.2.8RC1, php-7.3.0alpha3
# 8d3f8ca1 03-Jul-2018 Peter Kokot

Remove unused Git attributes ident

The $Id$ keywords were used in Subversion where they can be substituted
with filename, last revision number change, last changed date, and last
use

Remove unused Git attributes ident

The $Id$ keywords were used in Subversion where they can be substituted
with filename, last revision number change, last changed date, and last
user who changed it.

In Git this functionality is different and can be done with Git attribute
ident. These need to be defined manually for each file in the
.gitattributes file and are afterwards replaced with 40-character
hexadecimal blob object name which is based only on the particular file
contents.

This patch simplifies handling of $Id$ keywords by removing them since
they are not used anymore.

show more ...


Revision tags: php-7.3.0alpha2, php-7.1.19, php-7.2.7, php-7.1.19RC1, php-7.3.0alpha1, php-7.2.7RC1, php-7.1.18, php-7.2.6, php-7.2.6RC1, php-7.1.18RC1, php-5.6.36, php-7.2.5, php-7.1.17, php-7.0.30, php-7.1.17RC1, php-7.2.5RC1, php-5.6.35, php-7.0.29, php-7.2.4, php-7.1.16, php-7.1.16RC1, php-7.2.4RC1, php-7.1.15, php-5.6.34, php-7.2.3, php-7.0.28, php-7.2.3RC1, php-7.1.15RC1, php-7.1.14, php-7.2.2, php-7.1.14RC1, php-7.2.2RC1, php-7.1.13, php-5.6.33, php-7.2.1, php-7.0.27, php-7.2.1RC1, php-7.1.13RC1, php-7.0.27RC1, php-7.2.0, php-7.1.12, php-7.0.26, php-7.1.12RC1, php-7.2.0RC6, php-7.0.26RC1, php-7.1.11, php-5.6.32, php-7.2.0RC5, php-7.0.25, php-7.1.11RC1, php-7.2.0RC4, php-7.0.25RC1, php-7.1.10, php-7.2.0RC3, php-7.0.24, php-7.2.0RC2, php-7.1.10RC1, php-7.0.24RC1, php-7.1.9, php-7.2.0RC1, php-7.0.23, php-7.1.9RC1, php-7.2.0beta3, php-7.0.23RC1, php-7.1.8, php-7.2.0beta2, php-7.0.22, php-7.1.8RC1, php-7.2.0beta1, php-7.0.22RC1, php-5.6.31, php-7.0.21, php-7.1.7, php-7.2.0alpha3, php-7.1.7RC1, php-7.0.21RC1, php-7.2.0alpha2, php-7.1.6, php-7.2.0alpha1, php-7.0.20, php-7.1.6RC1, php-7.0.20RC1, php-7.1.5, php-7.0.19, php-7.0.19RC1, php-7.1.5RC1, php-7.1.4, php-7.0.18, php-7.1.4RC1, php-7.0.18RC1, php-7.1.3, php-7.0.17, php-7.1.3RC1, php-7.0.17RC1, php-7.1.2, php-7.0.16, php-7.0.16RC1, php-7.1.2RC1, php-5.6.30, php-7.0.15, php-5.6.30RC1, php-7.1.1RC1, php-7.0.15RC1, php-7.1.1, php-5.6.29, php-7.0.14, php-7.1.0, php-5.6.29RC1, php-7.0.14RC1, php-7.1.0RC6, php-5.6.28, php-7.0.13, php-5.6.28RC1, php-7.1.0RC5, php-7.0.13RC1, php-7.1.0RC4, php-5.6.27, php-7.0.12, php-7.1.0RC3, php-5.6.27RC1, php-7.0.12RC1, php-5.6.26, php-7.1.0RC2, php-7.0.11
# 669fda00 10-Sep-2016 Anatol Belski

Bug #73058 crypt broken when salt is 'too' long


Revision tags: php-5.6.26RC1, php-7.1.0RC1, php-7.0.11RC1, php-7.1.0beta3, php-5.6.25, php-7.0.10, php-7.1.0beta2, php-5.6.25RC1, php-7.0.10RC1, php-7.1.0beta1, php-5.6.24, php-7.0.9, php-5.5.38, php-5.6.24RC1, php-7.1.0alpha3, php-7.0.9RC1, php-7.1.0alpha2, php-7.0.8, php-5.6.23, php-5.5.37, php-5.6.23RC1, php-7.0.8RC1, php-7.1.0alpha1, php-5.6.22, php-5.5.36, php-7.0.7, php-5.6.22RC1, php-7.0.7RC1, php-7.0.6, php-5.6.21, php-5.5.35, php-5.6.21RC1, php-7.0.6RC1, php-5.6.20, php-5.5.34, php-7.0.5, php-5.6.20RC1, php-7.0.5RC1, php-5.6.19, php-5.5.33, php-7.0.4, php-5.6.19RC1, php-7.0.4RC1, php-5.6.18, php-7.0.3, php-5.5.32, php-5.6.18RC1, php-7.0.3RC1, php-5.6.17, php-5.5.31, php-7.0.2, php-7.0.2RC1, php-5.6.17RC1, php-7.0.1RC1, php-7.0.0, php-5.6.16, php-7.0.0RC8, php-7.0.0RC7, php-5.6.16RC1, php-5.6.15, php-7.0.0RC6, php-7.0.1, php-5.6.15RC1, php-7.0.0RC5, php-5.5.30, php-5.6.14, php-7.0.0RC4, php-5.6.14RC1, php-7.0.0RC3, php-5.6.13, php-7.0.0RC2, php-5.5.29, php-5.4.45, php-5.6.13RC1, php-7.0.0RC1, php-5.6.12, php-5.5.28, php-7.0.0beta3, php-5.4.44, php-5.6.12RC1, php-7.0.0beta2, php-7.0.0beta1, php-5.6.11, php-5.5.27, php-5.4.43, php-5.6.11RC1, php-5.5.27RC1, php-7.0.0alpha2, php-5.5.26, php-7.0.0alpha1, php-5.6.10, php-5.4.42, POST_PHP7_NSAPI_REMOVAL, PRE_PHP7_NSAPI_REMOVAL, php-5.6.10RC1, php-5.5.26RC1, php-5.5.25, php-5.6.9, php-5.4.41, php-5.6.9RC1, php-5.5.25RC1, php-5.6.8, php-5.5.24, php-5.4.40, php-5.6.8RC1, php-5.5.24RC1, php-5.6.7, php-5.5.23, php-5.4.39, php-5.6.7RC1, php-5.5.23RC1, POST_PHP7_EREG_MYSQL_REMOVALS, PRE_PHP7_EREG_MYSQL_REMOVALS, php-5.6.6, php-5.5.22, php-5.4.38, POST_PHP7_REMOVALS, PRE_PHP7_REMOVALS, php-5.6.6RC1, php-5.5.22RC1, php-5.5.21, php-5.6.5, php-5.4.37
# fc33f52d 15-Jan-2015 Xinchen Hui

bump year


# 0579e827 15-Jan-2015 Xinchen Hui

bump year


# 73c1be26 15-Jan-2015 Xinchen Hui

Bump year


Revision tags: php-5.5.21RC1, php-5.6.5RC1, POST_NATIVE_TLS_MERGE, PRE_NATIVE_TLS_MERGE, php-5.5.20, php-5.4.36, php-5.6.4, php-5.6.4RC1, php-5.5.20RC1, php-5.6.3, php-5.5.19, php-5.4.35, php-5.6.3RC1, php-5.5.19RC1, php-5.5.18, php-5.4.34
# 29f51e1c 07-Oct-2014 Leigh

Upgrade crypt_blowfish to version 1.3


# e331f9af 07-Oct-2014 Leigh

Upgrade crypt_blowfish to version 1.3


Revision tags: php-5.5.18RC1, php-5.6.1, php-5.6.2, php-5.4.33, php-5.5.17, php-5.6.1RC1, php-5.5.17RC1, php-5.4.33RC1, php-5.6.0, POST_AST_MERGE, PRE_AST_MERGE, POST_64BIT_BRANCH_MERGE, PRE_64BIT_BRANCH_MERGE, php-5.5.16, php-5.4.32, POST_PHPNG_MERGE, PRE_PHPNG_MERGE, php-5.6.0RC4, php-5.3.29, php-5.5.16RC1, php-5.4.32RC1, php-5.3.29RC1, php-5.6.0RC3, php-5.5.15, php-5.4.31, php-5.4.31RC1, php-5.5.15RC1, php-5.6.0RC2, php-5.4.30, php-5.5.14, php-5.6.0RC1, php-5.5.14RC1, php-5.4.30RC1, php-5.6.0beta4, php-5.4.29, php-5.5.13, php-5.5.13RC1, php-5.6.0beta3, php-5.4.29RC1, php-5.6.0beta2, php-5.5.12, php-5.4.28, php-5.4.28RC1, php-5.5.12RC1, php-5.6.0beta1, php-5.4.27, php-5.5.11, php-5.5.11RC1, php-5.4.27RC1, php-5.5.10, php-5.4.26, php-5.6.0alpha3, php-5.4.26RC1, php-5.5.10RC1, php-5.6.0alpha2, php-5.5.9, php-5.4.25, php-5.5.9RC1, php-5.4.25RC1, php-5.6.0alpha1, php-5.5.8, php-5.4.24, php-5.4.24RC1, php-5.5.8RC1, php-5.5.7, php-5.4.23, php-5.3.28, php-5.5.7RC1, php-5.4.23RC1, php-5.4.22, php-5.5.6, php-5.4.22RC1, php-5.5.6RC1, php-5.4.21, php-5.5.5, php-5.4.21RC1, php-5.5.5RC1, php-5.5.4, php-5.4.20, php-5.5.4RC1, php-5.4.20RC1, php-5.5.3, php-5.4.19, php-5.5.2, php-5.4.18, php-5.5.2RC1, php-5.4.18RC2, php-5.5.1, php-5.4.18RC1, php-5.3.27, php-5.4.17, php-5.5.0, php-5.3.27RC1, php-5.4.17RC1, php-5.5.0RC3, php-5.3.26, php-5.4.16, php-5.5.0RC2, php-5.3.26RC1, php-5.4.16RC1, php-5.5.0RC1, php-5.3.25, php-5.4.15, php-5.3.25RC1, php-5.5.0beta4, php-5.4.15RC1, php-5.4.14, php-5.3.24, php-5.5.0beta3, php-5.3.24RC1, php-5.4.14RC1, php-5.5.0beta2, php-5.5.0beta1, php-5.3.23, php-5.4.13, php-5.5.0alpha6, php-5.3.23RC1, php-5.4.13RC1, php-5.3.22, php-5.5.0alpha5, php-5.4.12, php-5.3.22RC2, php-5.4.12RC2, php-5.3.22RC1, php-5.4.12RC1, php-5.5.0alpha4, php-5.3.21, php-5.4.11, php-5.5.0alpha3, php-5.3.21RC1, php-5.4.11RC1, php-5.3.20, php-5.4.10, php-5.5.0alpha2, php-5.3.20RC1, php-5.4.10RC1, php-5.3.19, php-5.4.9, php-5.5.0alpha1, php-5.3.19RC1, php-5.4.9RC1, php-5.3.18, php-5.4.8, php-5.3.18RC1, php-5.4.8RC1, php-5.3.17, php-5.4.7, php-5.4.7RC1, php-5.3.16, php-5.4.6, php-5.4.6RC1, php-5.4.5, php-5.3.15, php-5.3.15RC1, php-5.4.5RC1, php-5.3.14, php-5.4.4, php-5.3.14RC2, php-5.4.4RC2, php-5.3.14RC1, php-5.4.4RC1, php-5.3.13, php-5.4.3, php-5.4.2, php-5.3.12, php-5.3.11, php-5.4.1, php-5.3.11RC2, php-5.4.1RC2, php-5.3.11RC1, php-5.4.1RC1, PHP-5.4.1-RC1, php-5.4.0, php-5.4.0RC8, php-5.3.10, php-5.4.0RC7, php-5.4.0RC6, php-5.3.9, php-5.4.0RC5, php-5.3.9RC4, php-5.4.0RC4, php-5.3.9RC3, php-5.4.0RC3, php-5.3.9RC2, php-5.4.0RC2, php-5.4.0RC1, php-5.3.9RC1, php-5.4.0beta2, php-5.4.0beta1, yaf-2.1.0, php-5.3.8, php-5.3.7, php-5.3.7RC5, php-5.4.0alpha3, php-5.3.7RC4
# 8280b0a7 18-Jul-2011 Pierre Joye

- update blowfish to 1.2 (Solar Designer)


# 264e5c05 18-Jul-2011 Pierre Joye

- update blowfish to 1.2 (Solar Designer)


# 03315d96 18-Jul-2011 Pierre Joye

- update blowfish to 1.2 (Solar Designer)


Revision tags: php-5.3.7RC3, php-5.4.0alpha2, php-5.3.7RC2
# b158091e 26-Jun-2011 Stanislav Malyshev

Fix crypt_blowfish 8-bit chars problem (CVE-2011-2483), add tests

# See details at http://www.openwall.com/lists/announce/2011/06/21/1


# 3acd5811 26-Jun-2011 Stanislav Malyshev

Fix crypt_blowfish 8-bit chars problem (CVE-2011-2483), add tests

# See details at http://www.openwall.com/lists/announce/2011/06/21/1


Revision tags: php-5.4.0alpha1, php-5.3.7RC1, php-5.3.6, php-5.3.6RC3, php-5.3.6RC2, php-5.3.6RC1, php-5.2.17, php-5.3.5, php-5.2.16, php-5.2.15, php-5.3.4, php-5.2.15RC2, php-5.3.4RC2, php-5.3.4RC1, php-5.2.15RC1, PHP_5_2_15RC1
# cb500110 23-Sep-2010 Kalle Sommer Nielsen

Fixed compiler warnings in the standard library


Revision tags: oci8-1.4.3, php-5.2.14, php-5.3.3, php-5.3.3RC3, php-5.2.14RC3, php-5.3.3RC2, php-5.2.14RC2, php-5.3.3RC1, php-5.2.14RC1, php-5.3.2, php-5.2.13, php-5.3.2RC3
# c402adc3 21-Feb-2010 Pierre Joye

- Corrected the sanity check of the "setting" string in _crypt_blowfish_rn() to
reject iteration counts encoded as 36 through 39. Previously, these would be
misinterpreted as being the s

- Corrected the sanity check of the "setting" string in _crypt_blowfish_rn() to
reject iteration counts encoded as 36 through 39. Previously, these would be
misinterpreted as being the same as 04 through 07. (Solar Designer)

show more ...


Revision tags: php-5.3.2RC2, php-5.2.13RC2, php-5.2.13RC1, php-5.3.2RC1, php-5.2.12, php-5.2.12RC4, php-5.2.12RC3, php-5.2.12RC2, php-5.3.1, php-5.3.1RC4, php-5.2.12RC1, php-5.3.1RC3, php-5.3.1RC2, oci8-1.4.0, php-5.2.11, php-5.2.11RC3, php-5.3.1RC1, php-5.2.11RC2, php-5.2.11RC1, php-5.3.0, php-5.3.0RC4, php-5.2.10, php-5.2.10RC2, php-5.3.0RC3
# 4cb1d57f 08-Jun-2009 Pierre Joye

- sync with 1.0.2, improve perf x86-64 (patch by Solar Designer)


Revision tags: php-5.2.10RC1, php-5.3.0RC2, php-5.3.0RC1, RELEASE_1_3_5, php-5.2.9, php-5.2.9RC3, php-5.2.9RC2, php-5.2.9RC1, php-5.3.0beta1, NEWS, php-5.2.8, BEFORE_HEAD_NS_CHANGES_MERGE, php-5.3.0alpha3, php-5.3.0alpha2, php-5.2.7, php-5.2.7RC5, php-5.2.7RC4, BEFORE_HEAD_NS_CHANGE, BEFORE_NS_RULES_CHANGE, php-5.2.7RC3, php-5.2.7RC2, php-5.2.7RC1, php-4.4.9, php-5.3.0alpha1
# e30b1041 29-Jul-2008 Scott MacVicar

Fix build where __const is already defined like OS X.


# 1e820eca 28-Jul-2008 Pierre Joye

-MFH:
- #45430, windows implementation of crypt is not TS
- add Blowfish (using implementation from Solar Designer <solar at openwal dot com>) and extended DES support
- Make crypt fea

-MFH:
- #45430, windows implementation of crypt is not TS
- add Blowfish (using implementation from Solar Designer <solar at openwal dot com>) and extended DES support
- Make crypt features portable:
- if no crypt_r, php's implemetation is used (all algo and TS), php can't be used with unsafe crypt anymore
- if one algo is missing, php's implemetation is used
- Windows always use php's implementation
- removed old code in windows/

show more ...