libbb: add optionl support for SHA256/512 encrypted passwords

function                                             old     new   delta
sha_crypt                                              -    2423   +2423
cryptpw_main                                         128     183     +55
to64                                                   -      29     +29
pw_encrypt                                           974    1000     +26
str_rounds                                             -      11     +11
login_main                                          1532    1541      +9
packed_usage                                       25215   25200     -15
__md5_to64                                            29       -     -29
------------------------------------------------------------------------------
(add/remove: 3/1 grow/shrink: 3/1 up/down: 2553/-44)         Total: 2509 bytes

2 files changed, 34 insertions, 8 deletions

diff --git a/loginutils/Config.in b/loginutils/Config.in
index bb1369cdd..5f66e8685 100644
--- a/loginutils/Config.in
+++ b/loginutils/Config.in
@@ -58,7 +58,7 @@ config USE_BB_SHADOW
           password servers and whatnot.
 
 config USE_BB_CRYPT
-        bool "Use internal DES and MD5 crypt functions"
+        bool "Use internal crypt functions"
         default y
         help
           Busybox has internal DES and MD5 crypt functions.
@@ -79,6 +79,18 @@ config USE_BB_CRYPT
           In static build, it makes code _smaller_ by about 1.2k,
           and likely many kilobytes less of bss.
 
+config USE_BB_CRYPT_SHA
+        bool "Enable SHA256/512 crypt functions"
+        default n
+        depends on USE_BB_CRYPT
+        help
+          Enable this if you have passwords starting with "$5$" or "$6$"
+          in your /etc/passwd or /etc/shadow files. These passwords
+          are hashed using SHA256 and SHA512 algorithms. Support for them
+          was added to glibc in 2008.
+          With this option off, login will fail password check for any
+          user which has password encrypted with these algorithms.
+
 config ADDGROUP
         bool "addgroup"
         default n
diff --git a/loginutils/cryptpw.c b/loginutils/cryptpw.c
index db5d95920..d76deac20 100644
--- a/loginutils/cryptpw.c
+++ b/loginutils/cryptpw.c
@@ -34,22 +34,36 @@ done
 int cryptpw_main(int argc, char **argv) MAIN_EXTERNALLY_VISIBLE;
 int cryptpw_main(int argc UNUSED_PARAM, char **argv)
 {
-        char salt[sizeof("$N$XXXXXXXX")];
+        char salt[sizeof("$N$") + 16];
         char *opt_a;
+        int opts;
 
-        if (!getopt32(argv, "a:", &opt_a) || opt_a[0] != 'd') {
+        opts = getopt32(argv, "a:", &opt_a);
+
+        if (opts && opt_a[0] == 'd') {
+                crypt_make_salt(salt, 2/2, 0);     /* des */
+#if TESTING
+                strcpy(salt, "a.");
+#endif
+        } else {
                 salt[0] = '$';
                 salt[1] = '1';
                 salt[2] = '$';
-                crypt_make_salt(salt + 3, 4, 0); /* md5 */
+#if !ENABLE_USE_BB_CRYPT || ENABLE_USE_BB_CRYPT_SHA
+                if (opts && opt_a[0] == 's') {
+                        salt[1] = '5' + (strcmp(opt_a, "sha512") == 0);
+                        crypt_make_salt(salt + 3, 16/2, 0); /* sha */
 #if TESTING
-                strcpy(salt + 3, "ajg./bcf");
+                        strcpy(salt, "$6$em7yVj./Mv5n1V5X");
 #endif
-        } else {
-                crypt_make_salt(salt, 1, 0);     /* des */
+                } else
+#endif
+                {
+                        crypt_make_salt(salt + 3, 8/2, 0); /* md5 */
 #if TESTING
-                strcpy(salt, "a.");
+                        strcpy(salt + 3, "ajg./bcf");
 #endif
+                }
         }
 
         puts(pw_encrypt(argv[optind] ? argv[optind] : xmalloc_fgetline(stdin), salt, 1));