diff options
| author | Denys Vlasenko <vda.linux@googlemail.com> | 2025-07-19 18:42:32 +0200 |
|---|---|---|
| committer | Denys Vlasenko <vda.linux@googlemail.com> | 2025-07-19 18:42:32 +0200 |
| commit | c6b9e763731545f8e7f3482a90128859496c2964 (patch) | |
| tree | fb67918516a9e657cd25e20a48801ef5b8a3f542 /libbb/pw_encrypt.c | |
| parent | 6979467a62c4bc58eeede0436d06c0cd57649705 (diff) | |
libbb: crypt_make_pw_salt(): fix yescrypt's random salt last char
function old new delta
crypt_make_pw_salt 128 146 +18
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Diffstat (limited to 'libbb/pw_encrypt.c')
| -rw-r--r-- | libbb/pw_encrypt.c | 14 |
1 files changed, 11 insertions, 3 deletions
diff --git a/libbb/pw_encrypt.c b/libbb/pw_encrypt.c index 56191b00e..93653de9f 100644 --- a/libbb/pw_encrypt.c +++ b/libbb/pw_encrypt.c @@ -17,7 +17,7 @@ char* FAST_FUNC crypt_make_pw_salt(char salt[MAX_PW_SALT_LEN], const char *algo) { - int len = 2/2; + int len = 2 / 2; char *salt_ptr = salt; /* Standard chpasswd uses uppercase algos ("MD5", not "md5"). @@ -36,8 +36,8 @@ char* FAST_FUNC crypt_make_pw_salt(char salt[MAX_PW_SALT_LEN], const char *algo) #endif #if !ENABLE_USE_BB_CRYPT || ENABLE_USE_BB_CRYPT_YES if ((algo[0]|0x20) == 'y') { /* yescrypt */ + int rnd; salt[1] = 'y'; - len = 22 / 2; // The "j9T$" below is the default "yescrypt parameters" encoded by yescrypt_encode_params_r(): //shadow-4.17.4/src/passwd.c // salt = crypt_make_salt(NULL, NULL); @@ -61,8 +61,16 @@ char* FAST_FUNC crypt_make_pw_salt(char salt[MAX_PW_SALT_LEN], const char *algo) // params.r = 32; // N in 4KiB // params.N = 1ULL << (count + 7); // 3 -> 1024, 4 -> 2048, ... 11 -> 262144 // yescrypt_encode_params_r(¶ms, rbytes, nrbytes, outbuf, o_size) // always "$y$j9T$<random>" + len = 22 / 2; salt_ptr = stpcpy(salt_ptr, "j9T$"); - crypt_make_rand64encoded(salt_ptr, len); /* appends 2*len random chars */ + /* append 2*len random chars */ + rnd = crypt_make_rand64encoded(salt_ptr, len); + /* fix up last char: it must be in 0..3 range (encoded as one of "./01"). + * IOW: salt_ptr[20..21] encode 16th random byte, must not be > 0xff. + * Without this, we can generate salts which are rejected + * by implementations with more strict salt length check. + */ + salt_ptr[21] = i2a64(rnd & 3); /* For "mkpasswd -m yescrypt PASS j9T$<salt>" use case, * "j9T$" is considered part of salt, * need to return pointer to 'j'. Without -4, |