openwrt/toolchain/musl/patches/901-crypt_size_hack.patch
Jo-Philipp Wich ceb625439a musl: improve crypt() size hack
Instead of silently downgrading any non-MD5 crypt() request to DES,
cleanly fail with return NULL and errno = ENOSYS. This allows callers
to notice the missing support instead of the unwanted silent fallback
to DES.

Also add a menuconfig toolchain option to optionally disable the crypt
size hack completely. This can be probably made dependant on SMALL_FLASH
or a similar feature indicator in a future commit.

Ref: https://github.com/openwrt/openwrt/pull/1331
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-01-22 12:08:03 +01:00

76 lines
1.4 KiB
Diff

--- a/src/crypt/crypt_sha512.c
+++ b/src/crypt/crypt_sha512.c
@@ -13,6 +13,17 @@
#include <string.h>
#include <stdint.h>
+#ifdef CRYPT_SIZE_HACK
+#include <errno.h>
+
+char *__crypt_sha512(const char *key, const char *setting, char *output)
+{
+ errno = ENOSYS;
+ return NULL;
+}
+
+#else
+
/* public domain sha512 implementation based on fips180-3 */
/* >=2^64 bits messages are not supported (about 2000 peta bytes) */
@@ -369,3 +380,4 @@ char *__crypt_sha512(const char *key, co
return "*";
return p;
}
+#endif
--- a/src/crypt/crypt_blowfish.c
+++ b/src/crypt/crypt_blowfish.c
@@ -50,6 +50,17 @@
#include <string.h>
#include <stdint.h>
+#ifdef CRYPT_SIZE_HACK
+#include <errno.h>
+
+char *__crypt_blowfish(const char *key, const char *setting, char *output)
+{
+ errno = ENOSYS;
+ return NULL;
+}
+
+#else
+
typedef uint32_t BF_word;
typedef int32_t BF_word_signed;
@@ -796,3 +807,4 @@ char *__crypt_blowfish(const char *key,
return "*";
}
+#endif
--- a/src/crypt/crypt_sha256.c
+++ b/src/crypt/crypt_sha256.c
@@ -13,6 +13,17 @@
#include <string.h>
#include <stdint.h>
+#ifdef CRYPT_SIZE_HACK
+#include <errno.h>
+
+char *__crypt_sha256(const char *key, const char *setting, char *output)
+{
+ errno = ENOSYS;
+ return NULL;
+}
+
+#else
+
/* public domain sha256 implementation based on fips180-3 */
struct sha256 {
@@ -320,3 +331,4 @@ char *__crypt_sha256(const char *key, co
return "*";
return p;
}
+#endif