diff options
author | Richard Ipsum <richardipsum@fastmail.co.uk> | 2017-05-28 19:36:01 +0100 |
---|---|---|
committer | Richard Ipsum <richardipsum@fastmail.co.uk> | 2017-06-05 21:29:23 +0100 |
commit | f848a19d352121a00b8526ed5c2ec60330e25ab2 (patch) | |
tree | 1000ccff4dd7e05de9bda3a91eb5c89eabd78463 | |
parent | 55e859083e94dc052791bb7329af2149eded470c (diff) | |
download | lua-scrypt-git-f848a19d352121a00b8526ed5c2ec60330e25ab2.tar.gz |
Add TRUST_LIBSCRYPT_SALT_GEN build option
Modern versions of libscrypt now generate salt correctly,
indeed using the very method currently used by lua-scrypt.[1]
This patch adds a build option that is disabled by default,
when enabled lua-scrypt will use libscrypt's salt generation code
rather than its own.
[1]: https://sources.debian.net/src/libscrypt/1.21-3/crypto-scrypt-saltgen.c/
-rw-r--r-- | Makefile | 3 | ||||
-rw-r--r-- | luascrypt.c | 11 |
2 files changed, 10 insertions, 4 deletions
@@ -100,11 +100,10 @@ LIBCRYPT_C := lib/crypto/crypto_aesctr.c \ lib/crypto/crypto_scrypt-ref.c \ lib/crypto/sha256.c -CFLAGS ?= -O2 -Wall INSTALL := /usr/bin/install SCRYPT_LIBS := -lscrypt -CFLAGS := $(CFLAGS) -fPIC +override CFLAGS := $(CFLAGS) -O2 -Wall -fPIC all: lua-5.1-try lua-5.2-try diff --git a/luascrypt.c b/luascrypt.c index 181f1e8..9fad808 100644 --- a/luascrypt.c +++ b/luascrypt.c @@ -34,7 +34,7 @@ luascrypt_salt_gen(char *salt, int saltlen) * if we can... */ libscrypt_salt_gen(salt, saltlen); - + fd = open("/dev/urandom", O_RDONLY); if (fd >= 0) { read(fd, salt, saltlen); /* Ignore errors in these two calls */ @@ -70,8 +70,15 @@ luascrypt_hash_password(lua_State *L) return luaL_error(L, "Unable to generate password hash: %s", "N is too large (limited to 2^15)"); } - + +#ifdef TRUST_LIBSCRYPT_SALT_GEN + /* Modern versions of libscrypt generate sufficiently random salts + * and take a uint8_t * instead of char * + */ + libscrypt_salt_gen((uint8_t *) salt, sizeof(salt)); +#else luascrypt_salt_gen(salt, sizeof(salt)); +#endif if (libscrypt_scrypt((uint8_t*)passwd, passwd_len, (uint8_t*)salt, sizeof(salt), |