krisk0 · July 19, 2024 05:53
diff --git a/busybox_gost-yescrypt.patch b/busybox_gost-yescrypt.patch
 diff -urN a/include/libbb.h b/include/libbb.h
 --- a/include/libbb.h	2023-01-03 17:17:01.000000000 +0300
 +++ b/include/libbb.h	2024-07-17 11:28:28.000000000 +0300
 @@ -1777,8 +1777,14 @@
  * (otherwise we risk having same salt generated)
  */
 extern int crypt_make_salt(char *p, int cnt /*, int rnd*/) FAST_FUNC;
 +
 +#if ENABLE_GOST_YESCRYPT
 +/* $gy$j9T$ + salt(16) + NUL */
 +#define MAX_PW_SALT_LEN (8 + 16 + 1)
 +#else
 /* "$N$" + sha_salt_16_bytes + NUL */
 #define MAX_PW_SALT_LEN (3 + 16 + 1)
 +#endif
 extern char* crypt_make_pw_salt(char p[MAX_PW_SALT_LEN], const char *algo) FAST_FUNC;
 
 
 diff -urN a/include/usage.src.h b/include/usage.src.h
 --- a/include/usage.src.h	2023-01-03 17:17:01.000000000 +0300
 +++ b/include/usage.src.h	2024-07-17 13:03:24.000000000 +0300
 @@ -18,13 +18,18 @@
 #define scripted_full_usage ""
 
 #if !ENABLE_USE_BB_CRYPT || ENABLE_USE_BB_CRYPT_SHA
 -# define CRYPT_METHODS_HELP_STR "des,md5,sha256/512" \
 -	" (default "CONFIG_FEATURE_DEFAULT_PASSWD_ALGO")"
 +# if ENABLE_GOST_YESCRYPT
 +#  define _CRYPT_METHODS_HELP_STR "des,md5,sha256/512,gy"
 +# else
 +#  define _CRYPT_METHODS_HELP_STR "des,md5,sha256/512"
 +# endif
 #else
 -# define CRYPT_METHODS_HELP_STR "des,md5" \
 -	" (default "CONFIG_FEATURE_DEFAULT_PASSWD_ALGO")"
 +# define _CRYPT_METHODS_HELP_STR "des,md5"
 #endif
 
 +#define CRYPT_METHODS_HELP_STR _CRYPT_METHODS_HELP_STR \
 +	" (default "CONFIG_FEATURE_DEFAULT_PASSWD_ALGO")"
 +
 #if ENABLE_FEATURE_HWCLOCK_ADJTIME_FHS
 # define ADJTIME_PATH "/var/lib/hwclock/adjtime"
 #else
 diff -urN a/libbb/pw_encrypt.c b/libbb/pw_encrypt.c
 --- a/libbb/pw_encrypt.c	2023-01-03 17:17:01.000000000 +0300
 +++ b/libbb/pw_encrypt.c	2024-07-17 11:55:24.000000000 +0300
 @@ -71,6 +71,14 @@
 			len = 16/2;
 		}
 #endif
 +#if ENABLE_GOST_YESCRYPT
 +		if ((algo[0] == 'g') && (algo[1] == 'y')) {
 +			/* j9T -- often used algorithm parameters */
 +			sprintf(salt + 1, "%s$j9T$", algo);
 +			salt_ptr = salt + 8;
 +			len = 16/2;
 +		}
 +#endif
 	}
 	crypt_make_salt(salt_ptr, len);
 	return salt_ptr;
 diff -urN a/loginutils/Config.src b/loginutils/Config.src
 --- a/loginutils/Config.src	2023-01-03 17:17:01.000000000 +0300
 +++ b/loginutils/Config.src	2024-07-19 07:48:37.000000000 +0300
 @@ -91,6 +91,17 @@
 	With this option off, login will fail password check for any
 	user which has password encrypted with these algorithms.
 
 +config GOST_YESCRYPT
 +	bool "Enable gost-yescrypt password processing"
 +	default n
 +	depends on !USE_BB_CRYPT && PASSWD
 +	help
 +	Enable this if you want to create or check password entries
 +	hashed with gost-yescrypt algorithm. The algorithm is supported
 +	by PAM and libxcrypt since 2018.
 +	With this option off, login will fail password check for any
 +	user which has password encrypted via gost-yescrypt.
 +
 INSERT
 
 endmenu
	diff -urN a/include/libbb.h b/include/libbb.h
	--- a/include/libbb.h 2023-01-03 17:17:01.000000000 +0300
	+++ b/include/libbb.h 2024-07-17 11:28:28.000000000 +0300
	@@ -1777,8 +1777,14 @@
	* (otherwise we risk having same salt generated)
	*/
	extern int crypt_make_salt(char p, int cnt /, int rnd*/) FAST_FUNC;
	+
	+#if ENABLE_GOST_YESCRYPT
	+/* $gy$j9T$ + salt(16) + NUL */
	+#define MAX_PW_SALT_LEN (8 + 16 + 1)
	+#else
	/* "$N$" + sha_salt_16_bytes + NUL */
	#define MAX_PW_SALT_LEN (3 + 16 + 1)
	+#endif
	extern char* crypt_make_pw_salt(char p[MAX_PW_SALT_LEN], const char *algo) FAST_FUNC;


	diff -urN a/include/usage.src.h b/include/usage.src.h
	--- a/include/usage.src.h 2023-01-03 17:17:01.000000000 +0300
	+++ b/include/usage.src.h 2024-07-17 13:03:24.000000000 +0300
	@@ -18,13 +18,18 @@
	#define scripted_full_usage ""

	#if !ENABLE_USE_BB_CRYPT \|\| ENABLE_USE_BB_CRYPT_SHA
	-# define CRYPT_METHODS_HELP_STR "des,md5,sha256/512" \
	- " (default "CONFIG_FEATURE_DEFAULT_PASSWD_ALGO")"
	+# if ENABLE_GOST_YESCRYPT
	+# define _CRYPT_METHODS_HELP_STR "des,md5,sha256/512,gy"
	+# else
	+# define _CRYPT_METHODS_HELP_STR "des,md5,sha256/512"
	+# endif
	#else
	-# define CRYPT_METHODS_HELP_STR "des,md5" \
	- " (default "CONFIG_FEATURE_DEFAULT_PASSWD_ALGO")"
	+# define _CRYPT_METHODS_HELP_STR "des,md5"
	#endif

	+#define CRYPT_METHODS_HELP_STR _CRYPT_METHODS_HELP_STR \
	+ " (default "CONFIG_FEATURE_DEFAULT_PASSWD_ALGO")"
	+
	#if ENABLE_FEATURE_HWCLOCK_ADJTIME_FHS
	# define ADJTIME_PATH "/var/lib/hwclock/adjtime"
	#else
	diff -urN a/libbb/pw_encrypt.c b/libbb/pw_encrypt.c
	--- a/libbb/pw_encrypt.c 2023-01-03 17:17:01.000000000 +0300
	+++ b/libbb/pw_encrypt.c 2024-07-17 11:55:24.000000000 +0300
	@@ -71,6 +71,14 @@
	len = 16/2;
	}
	#endif
	+#if ENABLE_GOST_YESCRYPT
	+ if ((algo[0] == 'g') && (algo[1] == 'y')) {
	+ /* j9T -- often used algorithm parameters */
	+ sprintf(salt + 1, "%s$j9T$", algo);
	+ salt_ptr = salt + 8;
	+ len = 16/2;
	+ }
	+#endif
	}
	crypt_make_salt(salt_ptr, len);
	return salt_ptr;
	diff -urN a/loginutils/Config.src b/loginutils/Config.src
	--- a/loginutils/Config.src 2023-01-03 17:17:01.000000000 +0300
	+++ b/loginutils/Config.src 2024-07-19 07:48:37.000000000 +0300
	@@ -91,6 +91,17 @@
	With this option off, login will fail password check for any
	user which has password encrypted with these algorithms.

	+config GOST_YESCRYPT
	+ bool "Enable gost-yescrypt password processing"
	+ default n
	+ depends on !USE_BB_CRYPT && PASSWD
	+ help
	+ Enable this if you want to create or check password entries
	+ hashed with gost-yescrypt algorithm. The algorithm is supported
	+ by PAM and libxcrypt since 2018.
	+ With this option off, login will fail password check for any
	+ user which has password encrypted via gost-yescrypt.
	+
	INSERT

	endmenu