* @equal Pointer to an int where the result is stored
* '0' = unequal
* '1' = equal
+ * @return 0 on success, error code of errno else
*/
-void crypt_compare(const char *should, const char *passphrase, int *equal);
+int crypt_compare(const char *should, const char *passphrase, int *equal);
/* SPDX-License-Identifier: GPL-2.0+ */
/* Copyright (C) 2020 Steffen Jaeckel <jaeckel-floss@eyet-services.de> */
-#ifndef USE_HOSTCC
-#include "common.h"
-#else
-#include <string.h>
-#endif
-
#include "u-boot/sha256.h"
#define INCLUDE_sha256crypt 1
/* SPDX-License-Identifier: GPL-2.0+ */
/* Copyright (C) 2020 Steffen Jaeckel <jaeckel-floss@eyet-services.de> */
-#ifndef USE_HOSTCC
-#include "common.h"
-#else
-#include <string.h>
-#endif
-
#include "u-boot/sha512.h"
#define INCLUDE_sha512crypt 1
#define b64t ((const char *)ascii64)
-void crypt_sha256crypt_rn(const char *phrase, size_t phr_size,
- const char *setting, size_t ARG_UNUSED(set_size),
- uint8_t *output, size_t out_size, void *scratch,
- size_t scr_size);
-void crypt_sha512crypt_rn(const char *phrase, size_t phr_size,
- const char *setting, size_t ARG_UNUSED(set_size),
- uint8_t *output, size_t out_size, void *scratch,
- size_t scr_size);
+int crypt_sha256crypt_rn_wrapped(const char *phrase, size_t phr_size,
+ const char *setting,
+ size_t ARG_UNUSED(set_size), uint8_t *output,
+ size_t out_size, void *scratch,
+ size_t scr_size);
+int crypt_sha512crypt_rn_wrapped(const char *phrase, size_t phr_size,
+ const char *setting,
+ size_t ARG_UNUSED(set_size), uint8_t *output,
+ size_t out_size, void *scratch,
+ size_t scr_size);
+// SPDX-License-Identifier: CC0-1.0
+/* Based on libxcrypt v4.4.17-0-g6b110bc */
/* One way encryption based on the SHA256-based Unix crypt implementation.
*
* Written by Ulrich Drepper <drepper at redhat.com> in 2007 [1].
* Modified by Zack Weinberg <zackw at panix.com> in 2017, 2018.
* Composed by Björn Esser <besser82 at fedoraproject.org> in 2018.
* Modified by Björn Esser <besser82 at fedoraproject.org> in 2020.
- * Modified by Steffen Jaeckel <jaeckel-floss at eyet-services.de> in 2020.
+ * Modified by Steffen Jaeckel <jaeckel-floss at eyet-services.de> in 2021
+ * for U-Boot, instead of using the global errno to use a static one
+ * inside this file.
* To the extent possible under law, the named authors have waived all
* copyright and related or neighboring rights to this work.
*
#include "crypt-port.h"
#include "alg-sha256.h"
-#include <errno.h>
+#include <linux/errno.h>
#include <stdio.h>
#include <stdlib.h>
"ALG_SPECIFIC_SIZE is too small for SHA256");
+/* Use this instead of including errno.h */
+static int errno;
+
+void crypt_sha256crypt_rn(const char *phrase, size_t phr_size,
+ const char *setting, size_t ARG_UNUSED(set_size),
+ uint8_t *output, size_t out_size, void *scratch,
+ size_t scr_size);
+
+int crypt_sha256crypt_rn_wrapped(const char *phrase, size_t phr_size,
+ const char *setting, size_t set_size,
+ u8 *output, size_t out_size, void *scratch,
+ size_t scr_size)
+{
+ errno = 0;
+ crypt_sha256crypt_rn(phrase, phr_size, setting, set_size, output,
+ out_size, scratch, scr_size);
+ return -errno;
+}
+
/* Feed CTX with LEN bytes of a virtual byte sequence consisting of
BLOCK repeated over and over indefinitely. */
static void
+// SPDX-License-Identifier: CC0-1.0
+/* Based on libxcrypt v4.4.17-0-g6b110bc */
/* One way encryption based on the SHA512-based Unix crypt implementation.
*
* Written by Ulrich Drepper <drepper at redhat.com> in 2007 [1].
* Modified by Zack Weinberg <zackw at panix.com> in 2017, 2018.
* Composed by Björn Esser <besser82 at fedoraproject.org> in 2018.
* Modified by Björn Esser <besser82 at fedoraproject.org> in 2020.
- * Modified by Steffen Jaeckel <jaeckel-floss at eyet-services.de> in 2020.
+ * Modified by Steffen Jaeckel <jaeckel-floss at eyet-services.de> in 2021
+ * for U-Boot, instead of using the global errno to use a static one
+ * inside this file.
* To the extent possible under law, the named authors have waived all
* copyright and related or neighboring rights to this work.
*
#include "crypt-port.h"
#include "alg-sha512.h"
-#include <errno.h>
+#include <linux/errno.h>
#include <stdio.h>
#include <stdlib.h>
"ALG_SPECIFIC_SIZE is too small for SHA512");
+/* Use this instead of including errno.h */
+static int errno;
+
+void crypt_sha512crypt_rn(const char *phrase, size_t phr_size,
+ const char *setting, size_t ARG_UNUSED(set_size),
+ uint8_t *output, size_t out_size, void *scratch,
+ size_t scr_size);
+
+int crypt_sha512crypt_rn_wrapped(const char *phrase, size_t phr_size,
+ const char *setting, size_t set_size,
+ u8 *output, size_t out_size, void *scratch,
+ size_t scr_size)
+{
+ errno = 0;
+ crypt_sha512crypt_rn(phrase, phr_size, setting, set_size, output,
+ out_size, scratch, scr_size);
+ return -errno;
+}
+
/* Subroutine of _xcrypt_crypt_sha512crypt_rn: Feed CTX with LEN bytes of a
virtual byte sequence consisting of BLOCK repeated over and over
indefinitely. */
#include <crypt.h>
#include "crypt-port.h"
-typedef void (*crypt_fn)(const char *, size_t, const char *, size_t, uint8_t *,
- size_t, void *, size_t);
+typedef int (*crypt_fn)(const char *, size_t, const char *, size_t, uint8_t *,
+ size_t, void *, size_t);
const unsigned char ascii64[65] =
"./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
*equal = ret ^ 1;
}
-void crypt_compare(const char *should, const char *passphrase, int *equal)
+int crypt_compare(const char *should, const char *passphrase, int *equal)
{
u8 output[CRYPT_OUTPUT_SIZE], scratch[ALG_SPECIFIC_SIZE];
size_t n;
+ int err;
struct {
const char *prefix;
crypt_fn crypt;
} crypt_algos[] = {
#if defined(CONFIG_CRYPT_PW_SHA256)
- { "$5$", crypt_sha256crypt_rn },
+ { "$5$", crypt_sha256crypt_rn_wrapped },
#endif
#if defined(CONFIG_CRYPT_PW_SHA512)
- { "$6$", crypt_sha512crypt_rn },
+ { "$6$", crypt_sha512crypt_rn_wrapped },
#endif
{ NULL, NULL }
};
}
if (n >= ARRAY_SIZE(crypt_algos))
- return;
-
- crypt_algos[n].crypt(passphrase, strlen(passphrase), should, 0, output,
- sizeof(output), scratch, sizeof(scratch));
+ return -EINVAL;
+ err = crypt_algos[n].crypt(passphrase, strlen(passphrase), should, 0,
+ output, sizeof(output), scratch,
+ sizeof(scratch));
/* early return on error, nothing really happened inside the crypt() function */
- if (errno == ERANGE || errno == EINVAL)
- return;
+ if (err)
+ return err;
equals_constant_time(should, output, strlen((const char *)output),
equal);
memset(scratch, 0, sizeof(scratch));
memset(output, 0, sizeof(output));
+
+ return 0;
}
static int lib_crypt(struct unit_test_state *uts)
{
int equals = 0;
+ int err;
+
+ err = crypt_compare("", "password", &equals);
+ ut_assertf(err != 0, "crypt_compare successful but should not\n");
+ ut_assertf(equals != 1,
+ "crypt_compare password hash matched but should not\n");
if (IS_ENABLED(CONFIG_CRYPT_PW_SHA256)) {
- crypt_compare(
+ err = crypt_compare("$5$", "password", &equals);
+ ut_assertf(err == 0, "crypt-sha256 not successful\n");
+ ut_assertf(
+ equals != 1,
+ "crypt-sha256 password hash matched but should not\n");
+
+ err = crypt_compare(
"$5$rounds=640000$TM4lL4zXDG7F4aRX$JM7a9wmvodnA0WasjTztj6mxg.KVuk6doQ/eBhdcapB",
"password", &equals);
+ ut_assertf(err == 0, "crypt-sha256 failed: %d\n", err);
ut_assertf(equals == 1,
"crypt-sha256 password hash didn't match\n");
}
equals = 0;
if (IS_ENABLED(CONFIG_CRYPT_PW_SHA512)) {
- crypt_compare(
+ err = crypt_compare("$6$", "password", &equals);
+ ut_assertf(err == 0, "crypt-sha512 not successful\n");
+ ut_assertf(
+ equals != 1,
+ "crypt-sha512 password hash matched but should not\n");
+
+ err = crypt_compare(
"$6$rounds=640000$fCTP1F0N5JLq2eND$z5EzK5KZJA9JnOaj5d1Gg/2v6VqFOQJ3bVekWuCPauabutBt/8qzV1exJnytUyhbq3H0bSBXtodwNbtGEi/Tm/",
"password", &equals);
+ ut_assertf(err == 0, "crypt-sha512 failed: %d\n", err);
ut_assertf(equals == 1,
"crypt-sha512 password hash didn't match\n");
}