diff options
author | Jo-Philipp Wich <jo@mein.io> | 2019-01-22 09:50:09 +0100 |
---|---|---|
committer | Jo-Philipp Wich <jo@mein.io> | 2019-01-22 12:08:03 +0100 |
commit | ceb625439a84c7ea4ab1e39f126b6baffc48d1cd (patch) | |
tree | 46fd430073a208627f821711bae6e690ddd14bd7 /toolchain | |
parent | 1211832977b98c491d1198ab66c4f8ffc0886a87 (diff) | |
download | upstream-ceb625439a84c7ea4ab1e39f126b6baffc48d1cd.tar.gz upstream-ceb625439a84c7ea4ab1e39f126b6baffc48d1cd.tar.bz2 upstream-ceb625439a84c7ea4ab1e39f126b6baffc48d1cd.zip |
musl: improve crypt() size hack
Instead of silently downgrading any non-MD5 crypt() request to DES,
cleanly fail with return NULL and errno = ENOSYS. This allows callers
to notice the missing support instead of the unwanted silent fallback
to DES.
Also add a menuconfig toolchain option to optionally disable the crypt
size hack completely. This can be probably made dependant on SMALL_FLASH
or a similar feature indicator in a future commit.
Ref: https://github.com/openwrt/openwrt/pull/1331
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Diffstat (limited to 'toolchain')
-rw-r--r-- | toolchain/Config.in | 1 | ||||
-rw-r--r-- | toolchain/musl/Config.in | 12 | ||||
-rw-r--r-- | toolchain/musl/common.mk | 1 | ||||
-rw-r--r-- | toolchain/musl/patches/901-crypt_size_hack.patch | 65 |
4 files changed, 54 insertions, 25 deletions
diff --git a/toolchain/Config.in b/toolchain/Config.in index 47e1c787df..82dddbc209 100644 --- a/toolchain/Config.in +++ b/toolchain/Config.in @@ -262,6 +262,7 @@ choice endchoice source "toolchain/uClibc/Config.in" +source "toolchain/musl/Config.in" comment "Debuggers" depends on TOOLCHAINOPTS diff --git a/toolchain/musl/Config.in b/toolchain/musl/Config.in new file mode 100644 index 0000000000..7e83b6fa53 --- /dev/null +++ b/toolchain/musl/Config.in @@ -0,0 +1,12 @@ +# Password crypt stubbing + +config MUSL_DISABLE_CRYPT_SIZE_HACK + bool "Include crypt() support for SHA256, SHA512 and Blowfish ciphers" + depends on TOOLCHAINOPTS && USE_MUSL && !EXTERNAL_TOOLCHAIN + default n + help + Enable this option to re-include crypt() support for the SHA256, SHA512 and + Blowfish ciphers. Without this option, attempting to hash a string with a salt + requesting one of these ciphers will cause the crypt() function to call stub + implementations which will always fail with errno ENOSYS. Including the ciphers + will increase the library size by about 14KB after LZMA compression. diff --git a/toolchain/musl/common.mk b/toolchain/musl/common.mk index 234709103c..40c6273e63 100644 --- a/toolchain/musl/common.mk +++ b/toolchain/musl/common.mk @@ -29,6 +29,7 @@ include $(INCLUDE_DIR)/host-build.mk include $(INCLUDE_DIR)/hardening.mk TARGET_CFLAGS:= $(filter-out -O%,$(TARGET_CFLAGS)) +TARGET_CFLAGS+= $(if $(CONFIG_MUSL_DISABLE_CRYPT_SIZE_HACK),,-DCRYPT_SIZE_HACK) MUSL_CONFIGURE:= \ $(TARGET_CONFIGURE_OPTS) \ diff --git a/toolchain/musl/patches/901-crypt_size_hack.patch b/toolchain/musl/patches/901-crypt_size_hack.patch index 8cd7b1989c..75f196abca 100644 --- a/toolchain/musl/patches/901-crypt_size_hack.patch +++ b/toolchain/musl/patches/901-crypt_size_hack.patch @@ -1,59 +1,74 @@ ---- a/src/crypt/crypt_r.c -+++ b/src/crypt/crypt_r.c -@@ -19,12 +19,6 @@ char *__crypt_r(const char *key, const c - if (salt[0] == '$' && salt[1] && salt[2]) { - if (salt[1] == '1' && salt[2] == '$') - return __crypt_md5(key, salt, output); -- if (salt[1] == '2' && salt[3] == '$') -- return __crypt_blowfish(key, salt, output); -- if (salt[1] == '5' && salt[2] == '$') -- return __crypt_sha256(key, salt, output); -- if (salt[1] == '6' && salt[2] == '$') -- return __crypt_sha512(key, salt, output); - } - return __crypt_des(key, salt, output); - } --- a/src/crypt/crypt_sha512.c +++ b/src/crypt/crypt_sha512.c -@@ -12,6 +12,7 @@ - #include <stdio.h> +@@ -13,6 +13,17 @@ #include <string.h> #include <stdint.h> -+#if 0 ++#ifdef CRYPT_SIZE_HACK ++#include <errno.h> ++ ++char *__crypt_sha512(const char *key, const char *setting, char *output) ++{ ++ errno = ENOSYS; ++ return NULL; ++} ++ ++#else ++ /* public domain sha512 implementation based on fips180-3 */ /* >=2^64 bits messages are not supported (about 2000 peta bytes) */ -@@ -369,3 +370,4 @@ char *__crypt_sha512(const char *key, co + +@@ -369,3 +380,4 @@ char *__crypt_sha512(const char *key, co return "*"; return p; } +#endif --- a/src/crypt/crypt_blowfish.c +++ b/src/crypt/crypt_blowfish.c -@@ -50,6 +50,7 @@ +@@ -50,6 +50,17 @@ #include <string.h> #include <stdint.h> -+#if 0 ++#ifdef CRYPT_SIZE_HACK ++#include <errno.h> ++ ++char *__crypt_blowfish(const char *key, const char *setting, char *output) ++{ ++ errno = ENOSYS; ++ return NULL; ++} ++ ++#else ++ typedef uint32_t BF_word; typedef int32_t BF_word_signed; -@@ -796,3 +797,4 @@ char *__crypt_blowfish(const char *key, +@@ -796,3 +807,4 @@ char *__crypt_blowfish(const char *key, return "*"; } +#endif --- a/src/crypt/crypt_sha256.c +++ b/src/crypt/crypt_sha256.c -@@ -13,6 +13,7 @@ +@@ -13,6 +13,17 @@ #include <string.h> #include <stdint.h> -+#if 0 ++#ifdef CRYPT_SIZE_HACK ++#include <errno.h> ++ ++char *__crypt_sha256(const char *key, const char *setting, char *output) ++{ ++ errno = ENOSYS; ++ return NULL; ++} ++ ++#else ++ /* public domain sha256 implementation based on fips180-3 */ struct sha256 { -@@ -320,3 +321,4 @@ char *__crypt_sha256(const char *key, co +@@ -320,3 +331,4 @@ char *__crypt_sha256(const char *key, co return "*"; return p; } |