Merge branch 'busybox' into merge

author: Ron Yorston <rmy@pobox.com> 2025-08-12 08:07:00 +0100
committer: Ron Yorston <rmy@pobox.com> 2025-08-12 08:07:00 +0100
commit: 4e6b0b3e8b8f819bc9e2f69b0c267abecfe30968 (patch)
tree: d030cd6daff8d3b79f1fbefa0b33bd02f33c3d5c /include
parent: aa6a7ebcfb93b21916ad5fb97ecf64c22328c07b (diff)
parent: 628a7b2f4708037056a1432d7b6b1792c67e486a (diff)
download: busybox-w32-4e6b0b3e8b8f819bc9e2f69b0c267abecfe30968.tar.gz
busybox-w32-4e6b0b3e8b8f819bc9e2f69b0c267abecfe30968.tar.bz2
busybox-w32-4e6b0b3e8b8f819bc9e2f69b0c267abecfe30968.zip
2 files changed, 73 insertions, 18 deletions
diff --git a/include/libbb.h b/include/libbb.h
index 4cacdacba..7a375f4d2 100644
--- a/include/libbb.h
+++ b/include/libbb.h
@@ -1210,6 +1210,16 @@ char *bin2hex(char *dst, const char *src, int count) FAST_FUNC;
 /* Reverse */
 char* hex2bin(char *dst, const char *src, int count) FAST_FUNC;
+void FAST_FUNC xorbuf_3(void *dst, const void *src1, const void *src2, unsigned count);
+void FAST_FUNC xorbuf(void* buf, const void* mask, unsigned count);
+void FAST_FUNC xorbuf16_aligned_long(void* buf, const void* mask);
+void FAST_FUNC xorbuf64_3_aligned64(void *dst, const void *src1, const void *src2);
+#if BB_UNALIGNED_MEMACCESS_OK
+# define xorbuf16(buf,mask) xorbuf16_aligned_long(buf,mask)
+#else
+void FAST_FUNC xorbuf16(void* buf, const void* mask);
+#endif
 /* Generate a UUID */
 void generate_uuid(uint8_t *buf) FAST_FUNC;
@@ -1924,18 +1934,25 @@ extern char *pw_encrypt(const char *clear, const char *salt, int cleanup) FAST_F
 extern int obscure(const char *old, const char *newval, const struct passwd *pwdp) FAST_FUNC;
 /*
 * rnd is additional random input. New one is returned.
- * Useful if you call crypt_make_salt many times in a row:
+ * Useful if you call crypt_make_rand64encoded many times in a row:
- * rnd = crypt_make_salt(buf1, 4, 0);
+ * rnd = crypt_make_rand64encoded(buf1, 4, 0);
- * rnd = crypt_make_salt(buf2, 4, rnd);
+ * rnd = crypt_make_rand64encoded(buf2, 4, rnd);
- * rnd = crypt_make_salt(buf3, 4, rnd);
+ * rnd = crypt_make_rand64encoded(buf3, 4, rnd);
 * (otherwise we risk having same salt generated)
 */
-extern int crypt_make_salt(char *p, int cnt /*, int rnd*/) FAST_FUNC;
+extern int crypt_make_rand64encoded(char *p, int cnt /*, int rnd*/) FAST_FUNC;
-/* "$N$" + sha_salt_16_bytes + NUL */
+/* Size of char salt[] to hold randomly-generated salt string
-#define MAX_PW_SALT_LEN (3 + 16 + 1)
+ * sha256/512:
+ * "$5$" ["rounds=999999999$"] "<sha_salt_16_chars><NUL>"
+ * "$6$" ["rounds=999999999$"] "<sha_salt_16_chars><NUL>"
+ * #define MAX_PW_SALT_LEN (3 + sizeof("rounds=999999999$")-1 + 16 + 1)
+ * yescrypt:
+ * "$y$" <up to 8 params of up to 6 chars each> "$" <up to 86 chars salt><NUL>
+ * (86 chars are ascii64-encoded 64 binary bytes)
+ */
+#define MAX_PW_SALT_LEN (3 + 8*6 + 1 + 86 + 1)
 extern char* crypt_make_pw_salt(char p[MAX_PW_SALT_LEN], const char *algo) FAST_FUNC;
 /* Returns number of lines changed, or -1 on error */
 #if !(ENABLE_FEATURE_ADDUSER_TO_GROUP || ENABLE_FEATURE_DEL_USER_FROM_GROUP)
 #define update_passwd(filename, username, data, member) \
@@ -2335,6 +2352,21 @@ char *decode_base64(char *dst, const char **pp_src) FAST_FUNC;
 char *decode_base32(char *dst, const char **pp_src) FAST_FUNC;
 void read_base64(FILE *src_stream, FILE *dst_stream, int flags) FAST_FUNC;
+int FAST_FUNC i2a64(int i);
+int FAST_FUNC a2i64(char c);
+char* FAST_FUNC num2str64_lsb_first(char *s, unsigned v, int n);
+enum {
+        /* how many bytes XYZ_end() fills */
+        MD5_OUTSIZE    = 16,
+        SHA1_OUTSIZE   = 20,
+        SHA256_OUTSIZE = 32,
+        SHA512_OUTSIZE = 64,
+        SHA3_OUTSIZE   = 28,
+        /* size of input block */
+        SHA2_INSIZE     = 64,
+};
 #if defined CONFIG_FEATURE_USE_CNG_API
 struct bcrypt_hash_ctx_t {
        void *handle;
@@ -2399,6 +2431,7 @@ unsigned sha512_end(sha512_ctx_t *ctx, void *resbuf) FAST_FUNC;
 void sha3_begin(sha3_ctx_t *ctx) FAST_FUNC;
 void sha3_hash(sha3_ctx_t *ctx, const void *buffer, size_t len) FAST_FUNC;
 unsigned sha3_end(sha3_ctx_t *ctx, void *resbuf) FAST_FUNC;
+void FAST_FUNC sha256_block(const void *in, size_t len, uint8_t hash[32]);
 /* TLS benefits from knowing that sha1 and sha256 share these. Give them "agnostic" names too */
 #if defined CONFIG_FEATURE_USE_CNG_API
 typedef struct bcrypt_hash_ctx_t md5sha_ctx_t;
@@ -2409,13 +2442,35 @@ typedef struct md5_ctx_t md5sha_ctx_t;
 #define md5sha_hash md5_hash
 #define sha_end sha1_end
 #endif
-enum {
-        MD5_OUTSIZE    = 16,
+/* RFC 2104 HMAC (hash-based message authentication code) */
-        SHA1_OUTSIZE   = 20,
+typedef struct hmac_ctx {
-        SHA256_OUTSIZE = 32,
+        md5sha_ctx_t hashed_key_xor_ipad;
-        SHA512_OUTSIZE = 64,
+        md5sha_ctx_t hashed_key_xor_opad;
-        SHA3_OUTSIZE   = 28,
+} hmac_ctx_t;
-};
+#define HMAC_ONLY_SHA256 (!ENABLE_FEATURE_TLS_SHA1)
+typedef void md5sha_begin_func(md5sha_ctx_t *ctx) FAST_FUNC;
+#if HMAC_ONLY_SHA256
+#define hmac_begin(ctx,key,key_size,begin) \
+        hmac_begin(ctx,key,key_size)
+#endif
+void FAST_FUNC hmac_begin(hmac_ctx_t *ctx, const uint8_t *key, unsigned key_size, md5sha_begin_func *begin);
+static ALWAYS_INLINE void hmac_hash(hmac_ctx_t *ctx, const void *in, size_t len)
+{
+        md5sha_hash(&ctx->hashed_key_xor_ipad, in, len);
+}
+unsigned FAST_FUNC hmac_end(hmac_ctx_t *ctx, uint8_t *out);
+#if HMAC_ONLY_SHA256
+#define hmac_block(key,key_size,begin,in,sz,out) \
+        hmac_block(key,key_size,in,sz,out)
+#endif
+unsigned FAST_FUNC hmac_block(const uint8_t *key, unsigned key_size,
+                md5sha_begin_func *begin,
+                const void *in, unsigned sz,
+                uint8_t *out);
+/* HMAC helpers for TLS: */
+void FAST_FUNC hmac_hash_v(hmac_ctx_t *ctx, va_list va);
+unsigned FAST_FUNC hmac_peek_hash(hmac_ctx_t *ctx, uint8_t *out, ...);
 extern uint32_t *global_crc32_table;
 uint32_t *crc32_filltable(uint32_t *tbl256, int endian) FAST_FUNC;
diff --git a/include/usage.src.h b/include/usage.src.h
index 5d2038834..0881337f8 100644
--- a/include/usage.src.h
+++ b/include/usage.src.h
@@ -17,11 +17,11 @@
 #define scripted_trivial_usage NOUSAGE_STR
 #define scripted_full_usage ""
-#if !ENABLE_USE_BB_CRYPT || ENABLE_USE_BB_CRYPT_SHA
+#if !ENABLE_USE_BB_CRYPT
-# define CRYPT_METHODS_HELP_STR "des,md5,sha256/512" \
+# define CRYPT_METHODS_HELP_STR "des,md5,sha256/512,yescrypt" \
        " (default "CONFIG_FEATURE_DEFAULT_PASSWD_ALGO")"
 #else
-# define CRYPT_METHODS_HELP_STR "des,md5" \
+# define CRYPT_METHODS_HELP_STR "des,md5"IF_USE_BB_CRYPT_SHA(",sha256/512")IF_USE_BB_CRYPT_YES(",yescrypt") \
        " (default "CONFIG_FEATURE_DEFAULT_PASSWD_ALGO")"
 #endif
author	Ron Yorston <rmy@pobox.com>	2025-08-12 08:07:00 +0100
committer	Ron Yorston <rmy@pobox.com>	2025-08-12 08:07:00 +0100
commit	4e6b0b3e8b8f819bc9e2f69b0c267abecfe30968 (patch)
tree	d030cd6daff8d3b79f1fbefa0b33bd02f33c3d5c /include
parent	aa6a7ebcfb93b21916ad5fb97ecf64c22328c07b (diff)
parent	628a7b2f4708037056a1432d7b6b1792c67e486a (diff)
download	busybox-w32-4e6b0b3e8b8f819bc9e2f69b0c267abecfe30968.tar.gz busybox-w32-4e6b0b3e8b8f819bc9e2f69b0c267abecfe30968.tar.bz2 busybox-w32-4e6b0b3e8b8f819bc9e2f69b0c267abecfe30968.zip

diff --git a/include/libbb.h b/include/libbb.h index 4cacdacba..7a375f4d2 100644 --- a/include/libbb.h +++ b/include/libbb.h
@@ -1210,6 +1210,16 @@ char bin2hex(char dst, const char *src, int count) FAST_FUNC;
1210	/* Reverse */	1210	/* Reverse */
1211	char* hex2bin(char dst, const char src, int count) FAST_FUNC;	1211	char* hex2bin(char dst, const char src, int count) FAST_FUNC;
1212		1212
		1213	void FAST_FUNC xorbuf_3(void dst, const void src1, const void *src2, unsigned count);
		1214	void FAST_FUNC xorbuf(void* buf, const void* mask, unsigned count);
		1215	void FAST_FUNC xorbuf16_aligned_long(void* buf, const void* mask);
		1216	void FAST_FUNC xorbuf64_3_aligned64(void dst, const void src1, const void *src2);
		1217	#if BB_UNALIGNED_MEMACCESS_OK
		1218	# define xorbuf16(buf,mask) xorbuf16_aligned_long(buf,mask)
		1219	#else
		1220	void FAST_FUNC xorbuf16(void* buf, const void* mask);
		1221	#endif
		1222
1213	/* Generate a UUID */	1223	/* Generate a UUID */
1214	void generate_uuid(uint8_t *buf) FAST_FUNC;	1224	void generate_uuid(uint8_t *buf) FAST_FUNC;
1215		1225
@@ -1924,18 +1934,25 @@ extern char pw_encrypt(const char clear, const char *salt, int cleanup) FAST_F
1924	extern int obscure(const char old, const char newval, const struct passwd *pwdp) FAST_FUNC;	1934	extern int obscure(const char old, const char newval, const struct passwd *pwdp) FAST_FUNC;
1925	/*	1935	/*
1926	* rnd is additional random input. New one is returned.	1936	* rnd is additional random input. New one is returned.
1927	* Useful if you call crypt_make_salt many times in a row:	1937	* Useful if you call crypt_make_rand64encoded many times in a row:
1928	* rnd = crypt_make_salt(buf1, 4, 0);	1938	* rnd = crypt_make_rand64encoded(buf1, 4, 0);
1929	* rnd = crypt_make_salt(buf2, 4, rnd);	1939	* rnd = crypt_make_rand64encoded(buf2, 4, rnd);
1930	* rnd = crypt_make_salt(buf3, 4, rnd);	1940	* rnd = crypt_make_rand64encoded(buf3, 4, rnd);
1931	* (otherwise we risk having same salt generated)	1941	* (otherwise we risk having same salt generated)
1932	*/	1942	*/
1933	extern int crypt_make_salt(char p, int cnt /, int rnd*/) FAST_FUNC;	1943	extern int crypt_make_rand64encoded(char p, int cnt /, int rnd*/) FAST_FUNC;
1934	/* "$N$" + sha_salt_16_bytes + NUL */	1944	/* Size of char salt[] to hold randomly-generated salt string
1935	#define MAX_PW_SALT_LEN (3 + 16 + 1)	1945	* sha256/512:
		1946	* "$5$" ["rounds=999999999$"] "<sha_salt_16_chars><NUL>"
		1947	* "$6$" ["rounds=999999999$"] "<sha_salt_16_chars><NUL>"
		1948	* #define MAX_PW_SALT_LEN (3 + sizeof("rounds=999999999$")-1 + 16 + 1)
		1949	* yescrypt:
		1950	* "$y$" <up to 8 params of up to 6 chars each> "$" <up to 86 chars salt><NUL>
		1951	* (86 chars are ascii64-encoded 64 binary bytes)
		1952	*/
		1953	#define MAX_PW_SALT_LEN (3 + 8*6 + 1 + 86 + 1)
1936	extern char* crypt_make_pw_salt(char p[MAX_PW_SALT_LEN], const char *algo) FAST_FUNC;	1954	extern char* crypt_make_pw_salt(char p[MAX_PW_SALT_LEN], const char *algo) FAST_FUNC;
1937		1955
1938
1939	/* Returns number of lines changed, or -1 on error */	1956	/* Returns number of lines changed, or -1 on error */
1940	#if !(ENABLE_FEATURE_ADDUSER_TO_GROUP \|\| ENABLE_FEATURE_DEL_USER_FROM_GROUP)	1957	#if !(ENABLE_FEATURE_ADDUSER_TO_GROUP \|\| ENABLE_FEATURE_DEL_USER_FROM_GROUP)
1941	#define update_passwd(filename, username, data, member) \	1958	#define update_passwd(filename, username, data, member) \
@@ -2335,6 +2352,21 @@ char decode_base64(char dst, const char **pp_src) FAST_FUNC;
2335	char decode_base32(char dst, const char **pp_src) FAST_FUNC;	2352	char decode_base32(char dst, const char **pp_src) FAST_FUNC;
2336	void read_base64(FILE src_stream, FILE dst_stream, int flags) FAST_FUNC;	2353	void read_base64(FILE src_stream, FILE dst_stream, int flags) FAST_FUNC;
2337		2354
		2355	int FAST_FUNC i2a64(int i);
		2356	int FAST_FUNC a2i64(char c);
		2357	char* FAST_FUNC num2str64_lsb_first(char *s, unsigned v, int n);
		2358
		2359	enum {
		2360	/* how many bytes XYZ_end() fills */
		2361	MD5_OUTSIZE = 16,
		2362	SHA1_OUTSIZE = 20,
		2363	SHA256_OUTSIZE = 32,
		2364	SHA512_OUTSIZE = 64,
		2365	SHA3_OUTSIZE = 28,
		2366	/* size of input block */
		2367	SHA2_INSIZE = 64,
		2368	};
		2369
2338	#if defined CONFIG_FEATURE_USE_CNG_API	2370	#if defined CONFIG_FEATURE_USE_CNG_API
2339	struct bcrypt_hash_ctx_t {	2371	struct bcrypt_hash_ctx_t {
2340	void *handle;	2372	void *handle;
@@ -2399,6 +2431,7 @@ unsigned sha512_end(sha512_ctx_t ctx, void resbuf) FAST_FUNC;
2399	void sha3_begin(sha3_ctx_t *ctx) FAST_FUNC;	2431	void sha3_begin(sha3_ctx_t *ctx) FAST_FUNC;
2400	void sha3_hash(sha3_ctx_t ctx, const void buffer, size_t len) FAST_FUNC;	2432	void sha3_hash(sha3_ctx_t ctx, const void buffer, size_t len) FAST_FUNC;
2401	unsigned sha3_end(sha3_ctx_t ctx, void resbuf) FAST_FUNC;	2433	unsigned sha3_end(sha3_ctx_t ctx, void resbuf) FAST_FUNC;
		2434	void FAST_FUNC sha256_block(const void *in, size_t len, uint8_t hash[32]);
2402	/* TLS benefits from knowing that sha1 and sha256 share these. Give them "agnostic" names too */	2435	/* TLS benefits from knowing that sha1 and sha256 share these. Give them "agnostic" names too */
2403	#if defined CONFIG_FEATURE_USE_CNG_API	2436	#if defined CONFIG_FEATURE_USE_CNG_API
2404	typedef struct bcrypt_hash_ctx_t md5sha_ctx_t;	2437	typedef struct bcrypt_hash_ctx_t md5sha_ctx_t;
@@ -2409,13 +2442,35 @@ typedef struct md5_ctx_t md5sha_ctx_t;
2409	#define md5sha_hash md5_hash	2442	#define md5sha_hash md5_hash
2410	#define sha_end sha1_end	2443	#define sha_end sha1_end
2411	#endif	2444	#endif
2412	enum {	2445
2413	MD5_OUTSIZE = 16,	2446	/* RFC 2104 HMAC (hash-based message authentication code) */
2414	SHA1_OUTSIZE = 20,	2447	typedef struct hmac_ctx {
2415	SHA256_OUTSIZE = 32,	2448	md5sha_ctx_t hashed_key_xor_ipad;
2416	SHA512_OUTSIZE = 64,	2449	md5sha_ctx_t hashed_key_xor_opad;
2417	SHA3_OUTSIZE = 28,	2450	} hmac_ctx_t;
2418	};	2451	#define HMAC_ONLY_SHA256 (!ENABLE_FEATURE_TLS_SHA1)
		2452	typedef void md5sha_begin_func(md5sha_ctx_t *ctx) FAST_FUNC;
		2453	#if HMAC_ONLY_SHA256
		2454	#define hmac_begin(ctx,key,key_size,begin) \
		2455	hmac_begin(ctx,key,key_size)
		2456	#endif
		2457	void FAST_FUNC hmac_begin(hmac_ctx_t ctx, const uint8_t key, unsigned key_size, md5sha_begin_func *begin);
		2458	static ALWAYS_INLINE void hmac_hash(hmac_ctx_t ctx, const void in, size_t len)
		2459	{
		2460	md5sha_hash(&ctx->hashed_key_xor_ipad, in, len);
		2461	}
		2462	unsigned FAST_FUNC hmac_end(hmac_ctx_t ctx, uint8_t out);
		2463	#if HMAC_ONLY_SHA256
		2464	#define hmac_block(key,key_size,begin,in,sz,out) \
		2465	hmac_block(key,key_size,in,sz,out)
		2466	#endif
		2467	unsigned FAST_FUNC hmac_block(const uint8_t *key, unsigned key_size,
		2468	md5sha_begin_func *begin,
		2469	const void *in, unsigned sz,
		2470	uint8_t *out);
		2471	/* HMAC helpers for TLS: */
		2472	void FAST_FUNC hmac_hash_v(hmac_ctx_t *ctx, va_list va);
		2473	unsigned FAST_FUNC hmac_peek_hash(hmac_ctx_t ctx, uint8_t out, ...);
2419		2474
2420	extern uint32_t *global_crc32_table;	2475	extern uint32_t *global_crc32_table;
2421	uint32_t crc32_filltable(uint32_t tbl256, int endian) FAST_FUNC;	2476	uint32_t crc32_filltable(uint32_t tbl256, int endian) FAST_FUNC;


diff --git a/include/usage.src.h b/include/usage.src.h index 5d2038834..0881337f8 100644 --- a/include/usage.src.h +++ b/include/usage.src.h
@@ -17,11 +17,11 @@
17	#define scripted_trivial_usage NOUSAGE_STR	17	#define scripted_trivial_usage NOUSAGE_STR
18	#define scripted_full_usage ""	18	#define scripted_full_usage ""
19		19
20	#if !ENABLE_USE_BB_CRYPT \|\| ENABLE_USE_BB_CRYPT_SHA	20	#if !ENABLE_USE_BB_CRYPT
21	# define CRYPT_METHODS_HELP_STR "des,md5,sha256/512" \	21	# define CRYPT_METHODS_HELP_STR "des,md5,sha256/512,yescrypt" \
22	" (default "CONFIG_FEATURE_DEFAULT_PASSWD_ALGO")"	22	" (default "CONFIG_FEATURE_DEFAULT_PASSWD_ALGO")"
23	#else	23	#else
24	# define CRYPT_METHODS_HELP_STR "des,md5" \	24	# define CRYPT_METHODS_HELP_STR "des,md5"IF_USE_BB_CRYPT_SHA(",sha256/512")IF_USE_BB_CRYPT_YES(",yescrypt") \
25	" (default "CONFIG_FEATURE_DEFAULT_PASSWD_ALGO")"	25	" (default "CONFIG_FEATURE_DEFAULT_PASSWD_ALGO")"
26	#endif	26	#endif
27		27