The Battle for Wesnoth  1.19.0-dev
crypt_blowfish.c
Go to the documentation of this file.
1 /* $Id$ */
2 /*
3  * The crypt_blowfish homepage is:
4  *
5  * http://www.openwall.com/crypt/
6  *
7  * This code comes from John the Ripper password cracker, with reentrant
8  * and crypt(3) interfaces added, but optimizations specific to password
9  * cracking removed.
10  *
11  * Written by Solar Designer <solar at openwall.com> in 1998-2015.
12  * No copyright is claimed, and the software is hereby placed in the public
13  * domain. In case this attempt to disclaim copyright and place the software
14  * in the public domain is deemed null and void, then the software is
15  * Copyright (c) 1998-2015 Solar Designer and it is hereby released to the
16  * general public under the following terms:
17  *
18  * Redistribution and use in source and binary forms, with or without
19  * modification, are permitted.
20  *
21  * There's ABSOLUTELY NO WARRANTY, express or implied.
22  *
23  * It is my intent that you should be able to use this on your system,
24  * as part of a software package, or anywhere else to improve security,
25  * ensure compatibility, or for any other purpose. I would appreciate
26  * it if you give credit where it is due and keep your modifications in
27  * the public domain as well, but I don't require that in order to let
28  * you place this code and any modifications you make under a license
29  * of your choice.
30  *
31  * This implementation is fully compatible with OpenBSD's bcrypt.c for prefix
32  * "$2b$", originally by Niels Provos <provos at citi.umich.edu>, and it uses
33  * some of his ideas. The password hashing algorithm was designed by David
34  * Mazieres <dm at lcs.mit.edu>. For information on the level of
35  * compatibility for bcrypt hash prefixes other than "$2b$", please refer to
36  * the comments in BF_set_key() below and to the included crypt(3) man page.
37  *
38  * There's a paper on the algorithm that explains its design decisions:
39  *
40  * http://www.usenix.org/events/usenix99/provos.html
41  *
42  * Some of the tricks in BF_ROUND might be inspired by Eric Young's
43  * Blowfish library (I can't be sure if I would think of something if I
44  * hadn't seen his code).
45  */
46 
47 #include <string.h>
48 
49 #include <errno.h>
50 #ifndef __set_errno
51 #define __set_errno(val) errno = (val)
52 #endif
53 
54 /* Just to make sure the prototypes match the actual definitions */
55 #include "crypt_blowfish.h"
56 
57 #ifdef __i386__
58 #define BF_ASM 0
59 #define BF_SCALE 1
60 #elif defined(__x86_64__) || defined(__alpha__) || defined(__hppa__)
61 #define BF_ASM 0
62 #define BF_SCALE 1
63 #else
64 #define BF_ASM 0
65 #define BF_SCALE 0
66 #endif
67 
68 typedef unsigned int BF_word;
69 typedef signed int BF_word_signed;
70 
71 /* Number of Blowfish rounds, this is also hardcoded into a few places */
72 #define BF_N 16
73 
74 typedef BF_word BF_key[BF_N + 2];
75 
76 typedef struct {
77  BF_word S[4][0x100];
79 } BF_ctx;
80 
81 /*
82  * Magic IV for 64 Blowfish encryptions that we do at the end.
83  * The string is "OrpheanBeholderScryDoubt" on big-endian.
84  */
85 static BF_word BF_magic_w[6] = {
86  0x4F727068, 0x65616E42, 0x65686F6C,
87  0x64657253, 0x63727944, 0x6F756274
88 };
89 
90 /*
91  * P-box and S-box tables initialized with digits of Pi.
92  */
94  {
95  {
96  0xd1310ba6, 0x98dfb5ac, 0x2ffd72db, 0xd01adfb7,
97  0xb8e1afed, 0x6a267e96, 0xba7c9045, 0xf12c7f99,
98  0x24a19947, 0xb3916cf7, 0x0801f2e2, 0x858efc16,
99  0x636920d8, 0x71574e69, 0xa458fea3, 0xf4933d7e,
100  0x0d95748f, 0x728eb658, 0x718bcd58, 0x82154aee,
101  0x7b54a41d, 0xc25a59b5, 0x9c30d539, 0x2af26013,
102  0xc5d1b023, 0x286085f0, 0xca417918, 0xb8db38ef,
103  0x8e79dcb0, 0x603a180e, 0x6c9e0e8b, 0xb01e8a3e,
104  0xd71577c1, 0xbd314b27, 0x78af2fda, 0x55605c60,
105  0xe65525f3, 0xaa55ab94, 0x57489862, 0x63e81440,
106  0x55ca396a, 0x2aab10b6, 0xb4cc5c34, 0x1141e8ce,
107  0xa15486af, 0x7c72e993, 0xb3ee1411, 0x636fbc2a,
108  0x2ba9c55d, 0x741831f6, 0xce5c3e16, 0x9b87931e,
109  0xafd6ba33, 0x6c24cf5c, 0x7a325381, 0x28958677,
110  0x3b8f4898, 0x6b4bb9af, 0xc4bfe81b, 0x66282193,
111  0x61d809cc, 0xfb21a991, 0x487cac60, 0x5dec8032,
112  0xef845d5d, 0xe98575b1, 0xdc262302, 0xeb651b88,
113  0x23893e81, 0xd396acc5, 0x0f6d6ff3, 0x83f44239,
114  0x2e0b4482, 0xa4842004, 0x69c8f04a, 0x9e1f9b5e,
115  0x21c66842, 0xf6e96c9a, 0x670c9c61, 0xabd388f0,
116  0x6a51a0d2, 0xd8542f68, 0x960fa728, 0xab5133a3,
117  0x6eef0b6c, 0x137a3be4, 0xba3bf050, 0x7efb2a98,
118  0xa1f1651d, 0x39af0176, 0x66ca593e, 0x82430e88,
119  0x8cee8619, 0x456f9fb4, 0x7d84a5c3, 0x3b8b5ebe,
120  0xe06f75d8, 0x85c12073, 0x401a449f, 0x56c16aa6,
121  0x4ed3aa62, 0x363f7706, 0x1bfedf72, 0x429b023d,
122  0x37d0d724, 0xd00a1248, 0xdb0fead3, 0x49f1c09b,
123  0x075372c9, 0x80991b7b, 0x25d479d8, 0xf6e8def7,
124  0xe3fe501a, 0xb6794c3b, 0x976ce0bd, 0x04c006ba,
125  0xc1a94fb6, 0x409f60c4, 0x5e5c9ec2, 0x196a2463,
126  0x68fb6faf, 0x3e6c53b5, 0x1339b2eb, 0x3b52ec6f,
127  0x6dfc511f, 0x9b30952c, 0xcc814544, 0xaf5ebd09,
128  0xbee3d004, 0xde334afd, 0x660f2807, 0x192e4bb3,
129  0xc0cba857, 0x45c8740f, 0xd20b5f39, 0xb9d3fbdb,
130  0x5579c0bd, 0x1a60320a, 0xd6a100c6, 0x402c7279,
131  0x679f25fe, 0xfb1fa3cc, 0x8ea5e9f8, 0xdb3222f8,
132  0x3c7516df, 0xfd616b15, 0x2f501ec8, 0xad0552ab,
133  0x323db5fa, 0xfd238760, 0x53317b48, 0x3e00df82,
134  0x9e5c57bb, 0xca6f8ca0, 0x1a87562e, 0xdf1769db,
135  0xd542a8f6, 0x287effc3, 0xac6732c6, 0x8c4f5573,
136  0x695b27b0, 0xbbca58c8, 0xe1ffa35d, 0xb8f011a0,
137  0x10fa3d98, 0xfd2183b8, 0x4afcb56c, 0x2dd1d35b,
138  0x9a53e479, 0xb6f84565, 0xd28e49bc, 0x4bfb9790,
139  0xe1ddf2da, 0xa4cb7e33, 0x62fb1341, 0xcee4c6e8,
140  0xef20cada, 0x36774c01, 0xd07e9efe, 0x2bf11fb4,
141  0x95dbda4d, 0xae909198, 0xeaad8e71, 0x6b93d5a0,
142  0xd08ed1d0, 0xafc725e0, 0x8e3c5b2f, 0x8e7594b7,
143  0x8ff6e2fb, 0xf2122b64, 0x8888b812, 0x900df01c,
144  0x4fad5ea0, 0x688fc31c, 0xd1cff191, 0xb3a8c1ad,
145  0x2f2f2218, 0xbe0e1777, 0xea752dfe, 0x8b021fa1,
146  0xe5a0cc0f, 0xb56f74e8, 0x18acf3d6, 0xce89e299,
147  0xb4a84fe0, 0xfd13e0b7, 0x7cc43b81, 0xd2ada8d9,
148  0x165fa266, 0x80957705, 0x93cc7314, 0x211a1477,
149  0xe6ad2065, 0x77b5fa86, 0xc75442f5, 0xfb9d35cf,
150  0xebcdaf0c, 0x7b3e89a0, 0xd6411bd3, 0xae1e7e49,
151  0x00250e2d, 0x2071b35e, 0x226800bb, 0x57b8e0af,
152  0x2464369b, 0xf009b91e, 0x5563911d, 0x59dfa6aa,
153  0x78c14389, 0xd95a537f, 0x207d5ba2, 0x02e5b9c5,
154  0x83260376, 0x6295cfa9, 0x11c81968, 0x4e734a41,
155  0xb3472dca, 0x7b14a94a, 0x1b510052, 0x9a532915,
156  0xd60f573f, 0xbc9bc6e4, 0x2b60a476, 0x81e67400,
157  0x08ba6fb5, 0x571be91f, 0xf296ec6b, 0x2a0dd915,
158  0xb6636521, 0xe7b9f9b6, 0xff34052e, 0xc5855664,
159  0x53b02d5d, 0xa99f8fa1, 0x08ba4799, 0x6e85076a
160  }, {
161  0x4b7a70e9, 0xb5b32944, 0xdb75092e, 0xc4192623,
162  0xad6ea6b0, 0x49a7df7d, 0x9cee60b8, 0x8fedb266,
163  0xecaa8c71, 0x699a17ff, 0x5664526c, 0xc2b19ee1,
164  0x193602a5, 0x75094c29, 0xa0591340, 0xe4183a3e,
165  0x3f54989a, 0x5b429d65, 0x6b8fe4d6, 0x99f73fd6,
166  0xa1d29c07, 0xefe830f5, 0x4d2d38e6, 0xf0255dc1,
167  0x4cdd2086, 0x8470eb26, 0x6382e9c6, 0x021ecc5e,
168  0x09686b3f, 0x3ebaefc9, 0x3c971814, 0x6b6a70a1,
169  0x687f3584, 0x52a0e286, 0xb79c5305, 0xaa500737,
170  0x3e07841c, 0x7fdeae5c, 0x8e7d44ec, 0x5716f2b8,
171  0xb03ada37, 0xf0500c0d, 0xf01c1f04, 0x0200b3ff,
172  0xae0cf51a, 0x3cb574b2, 0x25837a58, 0xdc0921bd,
173  0xd19113f9, 0x7ca92ff6, 0x94324773, 0x22f54701,
174  0x3ae5e581, 0x37c2dadc, 0xc8b57634, 0x9af3dda7,
175  0xa9446146, 0x0fd0030e, 0xecc8c73e, 0xa4751e41,
176  0xe238cd99, 0x3bea0e2f, 0x3280bba1, 0x183eb331,
177  0x4e548b38, 0x4f6db908, 0x6f420d03, 0xf60a04bf,
178  0x2cb81290, 0x24977c79, 0x5679b072, 0xbcaf89af,
179  0xde9a771f, 0xd9930810, 0xb38bae12, 0xdccf3f2e,
180  0x5512721f, 0x2e6b7124, 0x501adde6, 0x9f84cd87,
181  0x7a584718, 0x7408da17, 0xbc9f9abc, 0xe94b7d8c,
182  0xec7aec3a, 0xdb851dfa, 0x63094366, 0xc464c3d2,
183  0xef1c1847, 0x3215d908, 0xdd433b37, 0x24c2ba16,
184  0x12a14d43, 0x2a65c451, 0x50940002, 0x133ae4dd,
185  0x71dff89e, 0x10314e55, 0x81ac77d6, 0x5f11199b,
186  0x043556f1, 0xd7a3c76b, 0x3c11183b, 0x5924a509,
187  0xf28fe6ed, 0x97f1fbfa, 0x9ebabf2c, 0x1e153c6e,
188  0x86e34570, 0xeae96fb1, 0x860e5e0a, 0x5a3e2ab3,
189  0x771fe71c, 0x4e3d06fa, 0x2965dcb9, 0x99e71d0f,
190  0x803e89d6, 0x5266c825, 0x2e4cc978, 0x9c10b36a,
191  0xc6150eba, 0x94e2ea78, 0xa5fc3c53, 0x1e0a2df4,
192  0xf2f74ea7, 0x361d2b3d, 0x1939260f, 0x19c27960,
193  0x5223a708, 0xf71312b6, 0xebadfe6e, 0xeac31f66,
194  0xe3bc4595, 0xa67bc883, 0xb17f37d1, 0x018cff28,
195  0xc332ddef, 0xbe6c5aa5, 0x65582185, 0x68ab9802,
196  0xeecea50f, 0xdb2f953b, 0x2aef7dad, 0x5b6e2f84,
197  0x1521b628, 0x29076170, 0xecdd4775, 0x619f1510,
198  0x13cca830, 0xeb61bd96, 0x0334fe1e, 0xaa0363cf,
199  0xb5735c90, 0x4c70a239, 0xd59e9e0b, 0xcbaade14,
200  0xeecc86bc, 0x60622ca7, 0x9cab5cab, 0xb2f3846e,
201  0x648b1eaf, 0x19bdf0ca, 0xa02369b9, 0x655abb50,
202  0x40685a32, 0x3c2ab4b3, 0x319ee9d5, 0xc021b8f7,
203  0x9b540b19, 0x875fa099, 0x95f7997e, 0x623d7da8,
204  0xf837889a, 0x97e32d77, 0x11ed935f, 0x16681281,
205  0x0e358829, 0xc7e61fd6, 0x96dedfa1, 0x7858ba99,
206  0x57f584a5, 0x1b227263, 0x9b83c3ff, 0x1ac24696,
207  0xcdb30aeb, 0x532e3054, 0x8fd948e4, 0x6dbc3128,
208  0x58ebf2ef, 0x34c6ffea, 0xfe28ed61, 0xee7c3c73,
209  0x5d4a14d9, 0xe864b7e3, 0x42105d14, 0x203e13e0,
210  0x45eee2b6, 0xa3aaabea, 0xdb6c4f15, 0xfacb4fd0,
211  0xc742f442, 0xef6abbb5, 0x654f3b1d, 0x41cd2105,
212  0xd81e799e, 0x86854dc7, 0xe44b476a, 0x3d816250,
213  0xcf62a1f2, 0x5b8d2646, 0xfc8883a0, 0xc1c7b6a3,
214  0x7f1524c3, 0x69cb7492, 0x47848a0b, 0x5692b285,
215  0x095bbf00, 0xad19489d, 0x1462b174, 0x23820e00,
216  0x58428d2a, 0x0c55f5ea, 0x1dadf43e, 0x233f7061,
217  0x3372f092, 0x8d937e41, 0xd65fecf1, 0x6c223bdb,
218  0x7cde3759, 0xcbee7460, 0x4085f2a7, 0xce77326e,
219  0xa6078084, 0x19f8509e, 0xe8efd855, 0x61d99735,
220  0xa969a7aa, 0xc50c06c2, 0x5a04abfc, 0x800bcadc,
221  0x9e447a2e, 0xc3453484, 0xfdd56705, 0x0e1e9ec9,
222  0xdb73dbd3, 0x105588cd, 0x675fda79, 0xe3674340,
223  0xc5c43465, 0x713e38d8, 0x3d28f89e, 0xf16dff20,
224  0x153e21e7, 0x8fb03d4a, 0xe6e39f2b, 0xdb83adf7
225  }, {
226  0xe93d5a68, 0x948140f7, 0xf64c261c, 0x94692934,
227  0x411520f7, 0x7602d4f7, 0xbcf46b2e, 0xd4a20068,
228  0xd4082471, 0x3320f46a, 0x43b7d4b7, 0x500061af,
229  0x1e39f62e, 0x97244546, 0x14214f74, 0xbf8b8840,
230  0x4d95fc1d, 0x96b591af, 0x70f4ddd3, 0x66a02f45,
231  0xbfbc09ec, 0x03bd9785, 0x7fac6dd0, 0x31cb8504,
232  0x96eb27b3, 0x55fd3941, 0xda2547e6, 0xabca0a9a,
233  0x28507825, 0x530429f4, 0x0a2c86da, 0xe9b66dfb,
234  0x68dc1462, 0xd7486900, 0x680ec0a4, 0x27a18dee,
235  0x4f3ffea2, 0xe887ad8c, 0xb58ce006, 0x7af4d6b6,
236  0xaace1e7c, 0xd3375fec, 0xce78a399, 0x406b2a42,
237  0x20fe9e35, 0xd9f385b9, 0xee39d7ab, 0x3b124e8b,
238  0x1dc9faf7, 0x4b6d1856, 0x26a36631, 0xeae397b2,
239  0x3a6efa74, 0xdd5b4332, 0x6841e7f7, 0xca7820fb,
240  0xfb0af54e, 0xd8feb397, 0x454056ac, 0xba489527,
241  0x55533a3a, 0x20838d87, 0xfe6ba9b7, 0xd096954b,
242  0x55a867bc, 0xa1159a58, 0xcca92963, 0x99e1db33,
243  0xa62a4a56, 0x3f3125f9, 0x5ef47e1c, 0x9029317c,
244  0xfdf8e802, 0x04272f70, 0x80bb155c, 0x05282ce3,
245  0x95c11548, 0xe4c66d22, 0x48c1133f, 0xc70f86dc,
246  0x07f9c9ee, 0x41041f0f, 0x404779a4, 0x5d886e17,
247  0x325f51eb, 0xd59bc0d1, 0xf2bcc18f, 0x41113564,
248  0x257b7834, 0x602a9c60, 0xdff8e8a3, 0x1f636c1b,
249  0x0e12b4c2, 0x02e1329e, 0xaf664fd1, 0xcad18115,
250  0x6b2395e0, 0x333e92e1, 0x3b240b62, 0xeebeb922,
251  0x85b2a20e, 0xe6ba0d99, 0xde720c8c, 0x2da2f728,
252  0xd0127845, 0x95b794fd, 0x647d0862, 0xe7ccf5f0,
253  0x5449a36f, 0x877d48fa, 0xc39dfd27, 0xf33e8d1e,
254  0x0a476341, 0x992eff74, 0x3a6f6eab, 0xf4f8fd37,
255  0xa812dc60, 0xa1ebddf8, 0x991be14c, 0xdb6e6b0d,
256  0xc67b5510, 0x6d672c37, 0x2765d43b, 0xdcd0e804,
257  0xf1290dc7, 0xcc00ffa3, 0xb5390f92, 0x690fed0b,
258  0x667b9ffb, 0xcedb7d9c, 0xa091cf0b, 0xd9155ea3,
259  0xbb132f88, 0x515bad24, 0x7b9479bf, 0x763bd6eb,
260  0x37392eb3, 0xcc115979, 0x8026e297, 0xf42e312d,
261  0x6842ada7, 0xc66a2b3b, 0x12754ccc, 0x782ef11c,
262  0x6a124237, 0xb79251e7, 0x06a1bbe6, 0x4bfb6350,
263  0x1a6b1018, 0x11caedfa, 0x3d25bdd8, 0xe2e1c3c9,
264  0x44421659, 0x0a121386, 0xd90cec6e, 0xd5abea2a,
265  0x64af674e, 0xda86a85f, 0xbebfe988, 0x64e4c3fe,
266  0x9dbc8057, 0xf0f7c086, 0x60787bf8, 0x6003604d,
267  0xd1fd8346, 0xf6381fb0, 0x7745ae04, 0xd736fccc,
268  0x83426b33, 0xf01eab71, 0xb0804187, 0x3c005e5f,
269  0x77a057be, 0xbde8ae24, 0x55464299, 0xbf582e61,
270  0x4e58f48f, 0xf2ddfda2, 0xf474ef38, 0x8789bdc2,
271  0x5366f9c3, 0xc8b38e74, 0xb475f255, 0x46fcd9b9,
272  0x7aeb2661, 0x8b1ddf84, 0x846a0e79, 0x915f95e2,
273  0x466e598e, 0x20b45770, 0x8cd55591, 0xc902de4c,
274  0xb90bace1, 0xbb8205d0, 0x11a86248, 0x7574a99e,
275  0xb77f19b6, 0xe0a9dc09, 0x662d09a1, 0xc4324633,
276  0xe85a1f02, 0x09f0be8c, 0x4a99a025, 0x1d6efe10,
277  0x1ab93d1d, 0x0ba5a4df, 0xa186f20f, 0x2868f169,
278  0xdcb7da83, 0x573906fe, 0xa1e2ce9b, 0x4fcd7f52,
279  0x50115e01, 0xa70683fa, 0xa002b5c4, 0x0de6d027,
280  0x9af88c27, 0x773f8641, 0xc3604c06, 0x61a806b5,
281  0xf0177a28, 0xc0f586e0, 0x006058aa, 0x30dc7d62,
282  0x11e69ed7, 0x2338ea63, 0x53c2dd94, 0xc2c21634,
283  0xbbcbee56, 0x90bcb6de, 0xebfc7da1, 0xce591d76,
284  0x6f05e409, 0x4b7c0188, 0x39720a3d, 0x7c927c24,
285  0x86e3725f, 0x724d9db9, 0x1ac15bb4, 0xd39eb8fc,
286  0xed545578, 0x08fca5b5, 0xd83d7cd3, 0x4dad0fc4,
287  0x1e50ef5e, 0xb161e6f8, 0xa28514d9, 0x6c51133c,
288  0x6fd5c7e7, 0x56e14ec4, 0x362abfce, 0xddc6c837,
289  0xd79a3234, 0x92638212, 0x670efa8e, 0x406000e0
290  }, {
291  0x3a39ce37, 0xd3faf5cf, 0xabc27737, 0x5ac52d1b,
292  0x5cb0679e, 0x4fa33742, 0xd3822740, 0x99bc9bbe,
293  0xd5118e9d, 0xbf0f7315, 0xd62d1c7e, 0xc700c47b,
294  0xb78c1b6b, 0x21a19045, 0xb26eb1be, 0x6a366eb4,
295  0x5748ab2f, 0xbc946e79, 0xc6a376d2, 0x6549c2c8,
296  0x530ff8ee, 0x468dde7d, 0xd5730a1d, 0x4cd04dc6,
297  0x2939bbdb, 0xa9ba4650, 0xac9526e8, 0xbe5ee304,
298  0xa1fad5f0, 0x6a2d519a, 0x63ef8ce2, 0x9a86ee22,
299  0xc089c2b8, 0x43242ef6, 0xa51e03aa, 0x9cf2d0a4,
300  0x83c061ba, 0x9be96a4d, 0x8fe51550, 0xba645bd6,
301  0x2826a2f9, 0xa73a3ae1, 0x4ba99586, 0xef5562e9,
302  0xc72fefd3, 0xf752f7da, 0x3f046f69, 0x77fa0a59,
303  0x80e4a915, 0x87b08601, 0x9b09e6ad, 0x3b3ee593,
304  0xe990fd5a, 0x9e34d797, 0x2cf0b7d9, 0x022b8b51,
305  0x96d5ac3a, 0x017da67d, 0xd1cf3ed6, 0x7c7d2d28,
306  0x1f9f25cf, 0xadf2b89b, 0x5ad6b472, 0x5a88f54c,
307  0xe029ac71, 0xe019a5e6, 0x47b0acfd, 0xed93fa9b,
308  0xe8d3c48d, 0x283b57cc, 0xf8d56629, 0x79132e28,
309  0x785f0191, 0xed756055, 0xf7960e44, 0xe3d35e8c,
310  0x15056dd4, 0x88f46dba, 0x03a16125, 0x0564f0bd,
311  0xc3eb9e15, 0x3c9057a2, 0x97271aec, 0xa93a072a,
312  0x1b3f6d9b, 0x1e6321f5, 0xf59c66fb, 0x26dcf319,
313  0x7533d928, 0xb155fdf5, 0x03563482, 0x8aba3cbb,
314  0x28517711, 0xc20ad9f8, 0xabcc5167, 0xccad925f,
315  0x4de81751, 0x3830dc8e, 0x379d5862, 0x9320f991,
316  0xea7a90c2, 0xfb3e7bce, 0x5121ce64, 0x774fbe32,
317  0xa8b6e37e, 0xc3293d46, 0x48de5369, 0x6413e680,
318  0xa2ae0810, 0xdd6db224, 0x69852dfd, 0x09072166,
319  0xb39a460a, 0x6445c0dd, 0x586cdecf, 0x1c20c8ae,
320  0x5bbef7dd, 0x1b588d40, 0xccd2017f, 0x6bb4e3bb,
321  0xdda26a7e, 0x3a59ff45, 0x3e350a44, 0xbcb4cdd5,
322  0x72eacea8, 0xfa6484bb, 0x8d6612ae, 0xbf3c6f47,
323  0xd29be463, 0x542f5d9e, 0xaec2771b, 0xf64e6370,
324  0x740e0d8d, 0xe75b1357, 0xf8721671, 0xaf537d5d,
325  0x4040cb08, 0x4eb4e2cc, 0x34d2466a, 0x0115af84,
326  0xe1b00428, 0x95983a1d, 0x06b89fb4, 0xce6ea048,
327  0x6f3f3b82, 0x3520ab82, 0x011a1d4b, 0x277227f8,
328  0x611560b1, 0xe7933fdc, 0xbb3a792b, 0x344525bd,
329  0xa08839e1, 0x51ce794b, 0x2f32c9b7, 0xa01fbac9,
330  0xe01cc87e, 0xbcc7d1f6, 0xcf0111c3, 0xa1e8aac7,
331  0x1a908749, 0xd44fbd9a, 0xd0dadecb, 0xd50ada38,
332  0x0339c32a, 0xc6913667, 0x8df9317c, 0xe0b12b4f,
333  0xf79e59b7, 0x43f5bb3a, 0xf2d519ff, 0x27d9459c,
334  0xbf97222c, 0x15e6fc2a, 0x0f91fc71, 0x9b941525,
335  0xfae59361, 0xceb69ceb, 0xc2a86459, 0x12baa8d1,
336  0xb6c1075e, 0xe3056a0c, 0x10d25065, 0xcb03a442,
337  0xe0ec6e0e, 0x1698db3b, 0x4c98a0be, 0x3278e964,
338  0x9f1f9532, 0xe0d392df, 0xd3a0342b, 0x8971f21e,
339  0x1b0a7441, 0x4ba3348c, 0xc5be7120, 0xc37632d8,
340  0xdf359f8d, 0x9b992f2e, 0xe60b6f47, 0x0fe3f11d,
341  0xe54cda54, 0x1edad891, 0xce6279cf, 0xcd3e7e6f,
342  0x1618b166, 0xfd2c1d05, 0x848fd2c5, 0xf6fb2299,
343  0xf523f357, 0xa6327623, 0x93a83531, 0x56cccd02,
344  0xacf08162, 0x5a75ebb5, 0x6e163697, 0x88d273cc,
345  0xde966292, 0x81b949d0, 0x4c50901b, 0x71c65614,
346  0xe6c6c7bd, 0x327a140a, 0x45e1d006, 0xc3f27b9a,
347  0xc9aa53fd, 0x62a80f00, 0xbb25bfe2, 0x35bdd2f6,
348  0x71126905, 0xb2040222, 0xb6cbcf7c, 0xcd769c2b,
349  0x53113ec0, 0x1640e3d3, 0x38abbd60, 0x2547adf0,
350  0xba38209c, 0xf746ce76, 0x77afa1c5, 0x20756060,
351  0x85cbfe4e, 0x8ae88dd8, 0x7aaaf9b0, 0x4cf9aa7e,
352  0x1948c25c, 0x02fb8a8c, 0x01c36ae4, 0xd6ebe1f9,
353  0x90d4f869, 0xa65cdea0, 0x3f09252d, 0xc208e69f,
354  0xb74e6132, 0xce77e25b, 0x578fdfe3, 0x3ac372e6
355  }
356  }, {
357  0x243f6a88, 0x85a308d3, 0x13198a2e, 0x03707344,
358  0xa4093822, 0x299f31d0, 0x082efa98, 0xec4e6c89,
359  0x452821e6, 0x38d01377, 0xbe5466cf, 0x34e90c6c,
360  0xc0ac29b7, 0xc97c50dd, 0x3f84d5b5, 0xb5470917,
361  0x9216d5d9, 0x8979fb1b
362  }
363 };
364 
365 static unsigned char BF_itoa64[64 + 1] =
366  "./ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789";
367 
368 static unsigned char BF_atoi64[0x60] = {
369  64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 0, 1,
370  54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 64, 64, 64, 64, 64,
371  64, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16,
372  17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 64, 64, 64, 64, 64,
373  64, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42,
374  43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 64, 64, 64, 64, 64
375 };
376 
377 #define BF_safe_atoi64(dst, src) \
378 { \
379  tmp = (unsigned char)(src); \
380  if (tmp == '$') break; /* PHP hack */ \
381  if ((unsigned int)(tmp -= 0x20) >= 0x60) return -1; \
382  tmp = BF_atoi64[tmp]; \
383  if (tmp > 63) return -1; \
384  (dst) = tmp; \
385 }
386 
387 static int BF_decode(BF_word *dst, const char *src, int size)
388 {
389  unsigned char *dptr = (unsigned char *)dst;
390  unsigned char *end = dptr + size;
391  const unsigned char *sptr = (const unsigned char *)src;
392  unsigned int tmp, c1, c2, c3, c4;
393 
394  do {
395  BF_safe_atoi64(c1, *sptr++);
396  BF_safe_atoi64(c2, *sptr++);
397  *dptr++ = (c1 << 2) | ((c2 & 0x30) >> 4);
398  if (dptr >= end) break;
399 
400  BF_safe_atoi64(c3, *sptr++);
401  *dptr++ = ((c2 & 0x0F) << 4) | ((c3 & 0x3C) >> 2);
402  if (dptr >= end) break;
403 
404  BF_safe_atoi64(c4, *sptr++);
405  *dptr++ = ((c3 & 0x03) << 6) | c4;
406  } while (dptr < end);
407 
408  if (end - dptr == size) {
409  return -1;
410  }
411 
412  while (dptr < end) /* PHP hack */
413  *dptr++ = 0;
414 
415  return 0;
416 }
417 
418 static void BF_encode(char *dst, const BF_word *src, int size)
419 {
420  const unsigned char *sptr = (const unsigned char *)src;
421  const unsigned char *end = sptr + size;
422  unsigned char *dptr = (unsigned char *)dst;
423  unsigned int c1, c2;
424 
425  do {
426  c1 = *sptr++;
427  *dptr++ = BF_itoa64[c1 >> 2];
428  c1 = (c1 & 0x03) << 4;
429  if (sptr >= end) {
430  *dptr++ = BF_itoa64[c1];
431  break;
432  }
433 
434  c2 = *sptr++;
435  c1 |= c2 >> 4;
436  *dptr++ = BF_itoa64[c1];
437  c1 = (c2 & 0x0f) << 2;
438  if (sptr >= end) {
439  *dptr++ = BF_itoa64[c1];
440  break;
441  }
442 
443  c2 = *sptr++;
444  c1 |= c2 >> 6;
445  *dptr++ = BF_itoa64[c1];
446  *dptr++ = BF_itoa64[c2 & 0x3f];
447  } while (sptr < end);
448 }
449 
450 static void BF_swap(BF_word *x, int count)
451 {
452  static int endianness_check = 1;
453  char *is_little_endian = (char *)&endianness_check;
454  BF_word tmp;
455 
456  if (*is_little_endian)
457  do {
458  tmp = *x;
459  tmp = (tmp << 16) | (tmp >> 16);
460  *x++ = ((tmp & 0x00FF00FF) << 8) | ((tmp >> 8) & 0x00FF00FF);
461  } while (--count);
462 }
463 
464 #if BF_SCALE
465 /* Architectures which can shift addresses left by 2 bits with no extra cost */
466 #define BF_ROUND(L, R, N) \
467  tmp1 = L & 0xFF; \
468  tmp2 = L >> 8; \
469  tmp2 &= 0xFF; \
470  tmp3 = L >> 16; \
471  tmp3 &= 0xFF; \
472  tmp4 = L >> 24; \
473  tmp1 = data.ctx.S[3][tmp1]; \
474  tmp2 = data.ctx.S[2][tmp2]; \
475  tmp3 = data.ctx.S[1][tmp3]; \
476  tmp3 += data.ctx.S[0][tmp4]; \
477  tmp3 ^= tmp2; \
478  R ^= data.ctx.P[N + 1]; \
479  tmp3 += tmp1; \
480  R ^= tmp3;
481 #else
482 /* Architectures with no complicated addressing modes supported */
483 #define BF_INDEX(S, i) \
484  (*((BF_word *)(((unsigned char *)S) + (i))))
485 #define BF_ROUND(L, R, N) \
486  tmp1 = L & 0xFF; \
487  tmp1 <<= 2; \
488  tmp2 = L >> 6; \
489  tmp2 &= 0x3FC; \
490  tmp3 = L >> 14; \
491  tmp3 &= 0x3FC; \
492  tmp4 = L >> 22; \
493  tmp4 &= 0x3FC; \
494  tmp1 = BF_INDEX(data.ctx.S[3], tmp1); \
495  tmp2 = BF_INDEX(data.ctx.S[2], tmp2); \
496  tmp3 = BF_INDEX(data.ctx.S[1], tmp3); \
497  tmp3 += BF_INDEX(data.ctx.S[0], tmp4); \
498  tmp3 ^= tmp2; \
499  R ^= data.ctx.P[N + 1]; \
500  tmp3 += tmp1; \
501  R ^= tmp3;
502 #endif
503 
504 /*
505  * Encrypt one block, BF_N is hardcoded here.
506  */
507 #define BF_ENCRYPT \
508  L ^= data.ctx.P[0]; \
509  BF_ROUND(L, R, 0); \
510  BF_ROUND(R, L, 1); \
511  BF_ROUND(L, R, 2); \
512  BF_ROUND(R, L, 3); \
513  BF_ROUND(L, R, 4); \
514  BF_ROUND(R, L, 5); \
515  BF_ROUND(L, R, 6); \
516  BF_ROUND(R, L, 7); \
517  BF_ROUND(L, R, 8); \
518  BF_ROUND(R, L, 9); \
519  BF_ROUND(L, R, 10); \
520  BF_ROUND(R, L, 11); \
521  BF_ROUND(L, R, 12); \
522  BF_ROUND(R, L, 13); \
523  BF_ROUND(L, R, 14); \
524  BF_ROUND(R, L, 15); \
525  tmp4 = R; \
526  R = L; \
527  L = tmp4 ^ data.ctx.P[BF_N + 1];
528 
529 #if BF_ASM
530 #define BF_body() \
531  _BF_body_r(&data.ctx);
532 #else
533 #define BF_body() \
534  L = R = 0; \
535  ptr = data.ctx.P; \
536  do { \
537  ptr += 2; \
538  BF_ENCRYPT; \
539  *(ptr - 2) = L; \
540  *(ptr - 1) = R; \
541  } while (ptr < &data.ctx.P[BF_N + 2]); \
542 \
543  ptr = data.ctx.S[0]; \
544  do { \
545  ptr += 2; \
546  BF_ENCRYPT; \
547  *(ptr - 2) = L; \
548  *(ptr - 1) = R; \
549  } while (ptr < &data.ctx.S[3][0xFF]);
550 #endif
551 
552 static void BF_set_key(const char *key, BF_key expanded, BF_key initial,
553  unsigned char flags)
554 {
555  const char *ptr = key;
556  unsigned int bug, i, j;
557  BF_word safety, sign, diff, tmp[2];
558 
559 /*
560  * There was a sign extension bug in older revisions of this function. While
561  * we would have liked to simply fix the bug and move on, we have to provide
562  * a backwards compatibility feature (essentially the bug) for some systems and
563  * a safety measure for some others. The latter is needed because for certain
564  * multiple inputs to the buggy algorithm there exist easily found inputs to
565  * the correct algorithm that produce the same hash. Thus, we optionally
566  * deviate from the correct algorithm just enough to avoid such collisions.
567  * While the bug itself affected the majority of passwords containing
568  * characters with the 8th bit set (although only a percentage of those in a
569  * collision-producing way), the anti-collision safety measure affects
570  * only a subset of passwords containing the '\xff' character (not even all of
571  * those passwords, just some of them). This character is not found in valid
572  * UTF-8 sequences and is rarely used in popular 8-bit character encodings.
573  * Thus, the safety measure is unlikely to cause much annoyance, and is a
574  * reasonable tradeoff to use when authenticating against existing hashes that
575  * are not reliably known to have been computed with the correct algorithm.
576  *
577  * We use an approach that tries to minimize side-channel leaks of password
578  * information - that is, we mostly use fixed-cost bitwise operations instead
579  * of branches or table lookups. (One conditional branch based on password
580  * length remains. It is not part of the bug aftermath, though, and is
581  * difficult and possibly unreasonable to avoid given the use of C strings by
582  * the caller, which results in similar timing leaks anyway.)
583  *
584  * For actual implementation, we set an array index in the variable "bug"
585  * (0 means no bug, 1 means sign extension bug emulation) and a flag in the
586  * variable "safety" (bit 16 is set when the safety measure is requested).
587  * Valid combinations of settings are:
588  *
589  * Prefix "$2a$": bug = 0, safety = 0x10000
590  * Prefix "$2b$": bug = 0, safety = 0
591  * Prefix "$2x$": bug = 1, safety = 0
592  * Prefix "$2y$": bug = 0, safety = 0
593  */
594  bug = (unsigned int)flags & 1;
595  safety = ((BF_word)flags & 2) << 15;
596 
597  sign = diff = 0;
598 
599  for (i = 0; i < BF_N + 2; i++) {
600  tmp[0] = tmp[1] = 0;
601  for (j = 0; j < 4; j++) {
602  tmp[0] <<= 8;
603  tmp[0] |= (unsigned char)*ptr; /* correct */
604  tmp[1] <<= 8;
605  tmp[1] |= (BF_word_signed)(signed char)*ptr; /* bug */
606 /*
607  * Sign extension in the first char has no effect - nothing to overwrite yet,
608  * and those extra 24 bits will be fully shifted out of the 32-bit word. For
609  * chars 2, 3, 4 in each four-char block, we set bit 7 of "sign" if sign
610  * extension in tmp[1] occurs. Once this flag is set, it remains set.
611  */
612  if (j)
613  sign |= tmp[1] & 0x80;
614  if (!*ptr)
615  ptr = key;
616  else
617  ptr++;
618  }
619  diff |= tmp[0] ^ tmp[1]; /* Non-zero on any differences */
620 
621  expanded[i] = tmp[bug];
622  initial[i] = BF_init_state.P[i] ^ tmp[bug];
623  }
624 
625 /*
626  * At this point, "diff" is zero iff the correct and buggy algorithms produced
627  * exactly the same result. If so and if "sign" is non-zero, which indicates
628  * that there was a non-benign sign extension, this means that we have a
629  * collision between the correctly computed hash for this password and a set of
630  * passwords that could be supplied to the buggy algorithm. Our safety measure
631  * is meant to protect from such many-buggy to one-correct collisions, by
632  * deviating from the correct algorithm in such cases. Let's check for this.
633  */
634  diff |= diff >> 16; /* still zero iff exact match */
635  diff &= 0xffff; /* ditto */
636  diff += 0xffff; /* bit 16 set iff "diff" was non-zero (on non-match) */
637  sign <<= 9; /* move the non-benign sign extension flag to bit 16 */
638  sign &= ~diff & safety; /* action needed? */
639 
640 /*
641  * If we have determined that we need to deviate from the correct algorithm,
642  * flip bit 16 in initial expanded key. (The choice of 16 is arbitrary, but
643  * let's stick to it now. It came out of the approach we used above, and it's
644  * not any worse than any other choice we could make.)
645  *
646  * It is crucial that we don't do the same to the expanded key used in the main
647  * Eksblowfish loop. By doing it to only one of these two, we deviate from a
648  * state that could be directly specified by a password to the buggy algorithm
649  * (and to the fully correct one as well, but that's a side-effect).
650  */
651  initial[0] ^= sign;
652 }
653 
654 static const unsigned char flags_by_subtype[26] =
655  {2, 4, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
656  0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 4, 0};
657 
658 static char *BF_crypt(const char *key, const char *setting,
659  char *output, int size,
660  BF_word min)
661 {
662 #if BF_ASM
663  extern void _BF_body_r(BF_ctx *ctx);
664 #endif
665  struct {
666  BF_ctx ctx;
667  BF_key expanded_key;
668  union {
669  BF_word salt[4];
670  BF_word output[6];
671  } binary;
672  } data;
673  BF_word L, R;
674  BF_word tmp1, tmp2, tmp3, tmp4;
675  BF_word *ptr;
676  BF_word count;
677  int i;
678 
679  if (size < 7 + 22 + 31 + 1) {
680  __set_errno(ERANGE);
681  return NULL;
682  }
683 
684  if (setting[0] != '$' ||
685  setting[1] != '2' ||
686  setting[2] < 'a' || setting[2] > 'z' ||
687  !flags_by_subtype[(unsigned int)(unsigned char)setting[2] - 'a'] ||
688  setting[3] != '$' ||
689  setting[4] < '0' || setting[4] > '3' ||
690  setting[5] < '0' || setting[5] > '9' ||
691  (setting[4] == '3' && setting[5] > '1') ||
692  setting[6] != '$') {
693  __set_errno(EINVAL);
694  return NULL;
695  }
696 
697  count = (BF_word)1 << ((setting[4] - '0') * 10 + (setting[5] - '0'));
698  if (count < min || BF_decode(data.binary.salt, &setting[7], 16)) {
699  __set_errno(EINVAL);
700  return NULL;
701  }
702  BF_swap(data.binary.salt, 4);
703 
704  BF_set_key(key, data.expanded_key, data.ctx.P,
705  flags_by_subtype[(unsigned int)(unsigned char)setting[2] - 'a']);
706 
707  memcpy(data.ctx.S, BF_init_state.S, sizeof(data.ctx.S));
708 
709  L = R = 0;
710  for (i = 0; i < BF_N + 2; i += 2) {
711  L ^= data.binary.salt[i & 2];
712  R ^= data.binary.salt[(i & 2) + 1];
713  BF_ENCRYPT;
714  data.ctx.P[i] = L;
715  data.ctx.P[i + 1] = R;
716  }
717 
718  ptr = data.ctx.S[0];
719  do {
720  ptr += 4;
721  L ^= data.binary.salt[(BF_N + 2) & 3];
722  R ^= data.binary.salt[(BF_N + 3) & 3];
723  BF_ENCRYPT;
724  *(ptr - 4) = L;
725  *(ptr - 3) = R;
726 
727  L ^= data.binary.salt[(BF_N + 4) & 3];
728  R ^= data.binary.salt[(BF_N + 5) & 3];
729  BF_ENCRYPT;
730  *(ptr - 2) = L;
731  *(ptr - 1) = R;
732  } while (ptr < &data.ctx.S[3][0xFF]);
733 
734  do {
735  int done;
736 
737  for (i = 0; i < BF_N + 2; i += 2) {
738  data.ctx.P[i] ^= data.expanded_key[i];
739  data.ctx.P[i + 1] ^= data.expanded_key[i + 1];
740  }
741 
742  done = 0;
743  do {
744  BF_body();
745  if (done)
746  break;
747  done = 1;
748 
749  tmp1 = data.binary.salt[0];
750  tmp2 = data.binary.salt[1];
751  tmp3 = data.binary.salt[2];
752  tmp4 = data.binary.salt[3];
753  for (i = 0; i < BF_N; i += 4) {
754  data.ctx.P[i] ^= tmp1;
755  data.ctx.P[i + 1] ^= tmp2;
756  data.ctx.P[i + 2] ^= tmp3;
757  data.ctx.P[i + 3] ^= tmp4;
758  }
759  data.ctx.P[16] ^= tmp1;
760  data.ctx.P[17] ^= tmp2;
761  } while (1);
762  } while (--count);
763 
764  for (i = 0; i < 6; i += 2) {
765  L = BF_magic_w[i];
766  R = BF_magic_w[i + 1];
767 
768  count = 64;
769  do {
770  BF_ENCRYPT;
771  } while (--count);
772 
773  data.binary.output[i] = L;
774  data.binary.output[i + 1] = R;
775  }
776 
777  memcpy(output, setting, 7 + 22 - 1);
778  output[7 + 22 - 1] = BF_itoa64[(int)
779  BF_atoi64[(int)setting[7 + 22 - 1] - 0x20] & 0x30];
780 
781 /* This has to be bug-compatible with the original implementation, so
782  * only encode 23 of the 24 bytes. :-) */
783  BF_swap(data.binary.output, 6);
784  BF_encode(&output[7 + 22], data.binary.output, 23);
785  output[7 + 22 + 31] = '\0';
786 
787  return output;
788 }
789 
790 static int _crypt_output_magic(const char *setting, char *output, int size)
791 {
792  if (size < 3)
793  return -1;
794 
795  output[0] = '*';
796  output[1] = '0';
797  output[2] = '\0';
798 
799  if (setting[0] == '*' && setting[1] == '0')
800  output[1] = '1';
801 
802  return 0;
803 }
804 
805 /*
806  * Please preserve the runtime self-test. It serves two purposes at once:
807  *
808  * 1. We really can't afford the risk of producing incompatible hashes e.g.
809  * when there's something like gcc bug 26587 again, whereas an application or
810  * library integrating this code might not also integrate our external tests or
811  * it might not run them after every build. Even if it does, the miscompile
812  * might only occur on the production build, but not on a testing build (such
813  * as because of different optimization settings). It is painful to recover
814  * from incorrectly-computed hashes - merely fixing whatever broke is not
815  * enough. Thus, a proactive measure like this self-test is needed.
816  *
817  * 2. We don't want to leave sensitive data from our actual password hash
818  * computation on the stack or in registers. Previous revisions of the code
819  * would do explicit cleanups, but simply running the self-test after hash
820  * computation is more reliable.
821  *
822  * The performance cost of this quick self-test is around 0.6% at the "$2a$08"
823  * setting.
824  */
825 char *php_crypt_blowfish_rn(const char *key, const char *setting,
826  char *output, int size)
827 {
828  const char *test_key = "8b \xd0\xc1\xd2\xcf\xcc\xd8";
829  const char *test_setting = "$2a$00$abcdefghijklmnopqrstuu";
830  static const char * const test_hashes[2] =
831  {"i1D709vfamulimlGcq0qq3UvuUasvEa\0\x55", /* 'a', 'b', 'y' */
832  "VUrPmXD6q/nVSSp7pNDhCR9071IfIRe\0\x55"}; /* 'x' */
833  const char *test_hash = test_hashes[0];
834  char *retval;
835  const char *p;
836  int save_errno, ok;
837  struct {
838  char s[7 + 22 + 1];
839  char o[7 + 22 + 31 + 1 + 1 + 1];
840  } buf;
841 
842 /* Hash the supplied password */
843  _crypt_output_magic(setting, output, size);
844  retval = BF_crypt(key, setting, output, size, 16);
845  save_errno = errno;
846 
847 /*
848  * Do a quick self-test. It is important that we make both calls to BF_crypt()
849  * from the same scope such that they likely use the same stack locations,
850  * which makes the second call overwrite the first call's sensitive data on the
851  * stack and makes it more likely that any alignment related issues would be
852  * detected by the self-test.
853  */
854  memcpy(buf.s, test_setting, sizeof(buf.s));
855  if (retval) {
856  unsigned int flags = flags_by_subtype[
857  (unsigned int)(unsigned char)setting[2] - 'a'];
858  test_hash = test_hashes[flags & 1];
859  buf.s[2] = setting[2];
860  }
861  memset(buf.o, 0x55, sizeof(buf.o));
862  buf.o[sizeof(buf.o) - 1] = 0;
863  p = BF_crypt(test_key, buf.s, buf.o, sizeof(buf.o) - (1 + 1), 1);
864 
865  ok = (p == buf.o &&
866  !memcmp(p, buf.s, 7 + 22) &&
867  !memcmp(p + (7 + 22), test_hash, 31 + 1 + 1 + 1));
868 
869  {
870  const char *k = "\xff\xa3" "34" "\xff\xff\xff\xa3" "345";
871  BF_key ae, ai, ye, yi;
872  BF_set_key(k, ae, ai, 2); /* $2a$ */
873  BF_set_key(k, ye, yi, 4); /* $2y$ */
874  ai[0] ^= 0x10000; /* undo the safety (for comparison) */
875  ok = ok && ai[0] == 0xdb9c59bc && ye[17] == 0x33343500 &&
876  !memcmp(ae, ye, sizeof(ae)) &&
877  !memcmp(ai, yi, sizeof(ai));
878  }
879 
880  __set_errno(save_errno);
881  if (ok)
882  return retval;
883 
884 /* Should not happen */
885  _crypt_output_magic(setting, output, size);
886  __set_errno(EINVAL); /* pretend we don't support this hash type */
887  return NULL;
888 }
889 
890 #if 0
891 char *_crypt_gensalt_blowfish_rn(const char *prefix, unsigned long count,
892  const char *input, int size, char *output, int output_size)
893 {
894  if (size < 16 || output_size < 7 + 22 + 1 ||
895  (count && (count < 4 || count > 31)) ||
896  prefix[0] != '$' || prefix[1] != '2' ||
897  (prefix[2] != 'a' && prefix[2] != 'b' && prefix[2] != 'y')) {
898  if (output_size > 0) output[0] = '\0';
899  __set_errno((output_size < 7 + 22 + 1) ? ERANGE : EINVAL);
900  return NULL;
901  }
902 
903  if (!count) count = 5;
904 
905  output[0] = '$';
906  output[1] = '2';
907  output[2] = prefix[2];
908  output[3] = '$';
909  output[4] = '0' + count / 10;
910  output[5] = '0' + count % 10;
911  output[6] = '$';
912 
913  BF_encode(&output[7], (const BF_word *)input, 16);
914  output[7 + 22] = '\0';
915 
916  return output;
917 }
918 #endif
signed int BF_word_signed
static void BF_set_key(const char *key, BF_key expanded, BF_key initial, unsigned char flags)
static int BF_decode(BF_word *dst, const char *src, int size)
static void BF_swap(BF_word *x, int count)
#define BF_safe_atoi64(dst, src)
static char * BF_crypt(const char *key, const char *setting, char *output, int size, BF_word min)
static int _crypt_output_magic(const char *setting, char *output, int size)
char * php_crypt_blowfish_rn(const char *key, const char *setting, char *output, int size)
#define BF_ENCRYPT
#define BF_N
static BF_word BF_magic_w[6]
static unsigned char BF_itoa64[64+1]
static unsigned char BF_atoi64[0x60]
static BF_ctx BF_init_state
static void BF_encode(char *dst, const BF_word *src, int size)
#define BF_body()
static const unsigned char flags_by_subtype[26]
unsigned int BF_word
BF_word BF_key[BF_N+2]
#define __set_errno(val)
std::size_t i
Definition: function.cpp:968
static std::ostream & output()
Definition: log.cpp:70
A small explanation about what's going on here: Each action has access to two game_info objects First...
Definition: actions.cpp:59
retval
Default window/dialog return values.
Definition: retval.hpp:30
std::size_t size(const std::string &str)
Length in characters of a UTF-8 string.
Definition: unicode.cpp:85
point output_size()
Returns the size of the final render target.
Definition: video.cpp:412
std::string_view data
Definition: picture.cpp:194
BF_key P
BF_word S[4][0x100]
mock_party p
static map_location::DIRECTION s