Skip to content

Commit 271ba54

Browse files
feat: add yescrypt support to pw_hash
1 parent 50a6b6b commit 271ba54

File tree

1 file changed

+4
-2
lines changed

1 file changed

+4
-2
lines changed

lib/puppet/parser/functions/pw_hash.rb

Lines changed: 4 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -24,6 +24,7 @@
2424
|bcrypt-a |2a |bug compatible |
2525
|bcrypt-x |2x |bug compatible |
2626
|bcrypt-y |2y |historic alias for 2b|
27+
|yescrypt |y | |
2728
2829
The third argument to this function is the salt to use. For bcrypt-type hashes,
2930
the first two characters of the salt represent a strength parameter, with a value
@@ -54,7 +55,8 @@
5455
'bcrypt' => { prefix: '2b', salt: %r{^(0[4-9]|[12][0-9]|3[01])\$[./A-Za-z0-9]{22}} },
5556
'bcrypt-a' => { prefix: '2a', salt: %r{^(0[4-9]|[12][0-9]|3[01])\$[./A-Za-z0-9]{22}} },
5657
'bcrypt-x' => { prefix: '2x', salt: %r{^(0[4-9]|[12][0-9]|3[01])\$[./A-Za-z0-9]{22}} },
57-
'bcrypt-y' => { prefix: '2y', salt: %r{^(0[4-9]|[12][0-9]|3[01])\$[./A-Za-z0-9]{22}} }
58+
'bcrypt-y' => { prefix: '2y', salt: %r{^(0[4-9]|[12][0-9]|3[01])\$[./A-Za-z0-9]{22}} },
59+
'yescrypt' => { prefix: 'y', salt: %r{^[./A-Za-z0-9]+\$[./A-Za-z0-9]{,86}} }
5860
}
5961

6062
raise ArgumentError, 'pw_hash(): first argument must be a string' unless args[0].is_a?(String) || args[0].nil?
@@ -76,7 +78,7 @@
7678

7779
# handle weak implementations of String#crypt
7880
# dup the string to get rid of frozen status for testing
79-
if RUBY_PLATFORM == 'java' && !args[1].downcase.start_with?('bcrypt')
81+
if RUBY_PLATFORM == 'java' && !['bcrypt', 'bcrypt-a', 'bcrypt-x', 'bcrypt-y', 'yescrypt'].include?(args[1].downcase)
8082
# puppetserver bundles Apache Commons Codec
8183
org.apache.commons.codec.digest.Crypt.crypt(password.to_java_bytes, salt)
8284
elsif (+'test').crypt('$1$1') == '$1$1$Bp8CU9Oujr9SSEw53WV6G.'

0 commit comments

Comments
 (0)