Add TRUST_LIBSCRYPT_SALT_GEN build option

Modern versions of libscrypt now generate salt correctly,
indeed using the very method currently used by lua-scrypt.[1]

This patch adds a build option that is disabled by default,
when enabled lua-scrypt will use libscrypt's salt generation code
rather than its own.

[1]: https://sources.debian.net/src/libscrypt/1.21-3/crypto-scrypt-saltgen.c/

2 files changed, 10 insertions, 4 deletions

diff --git a/Makefile b/Makefile
index 8e756c1..e32ab37 100644
--- a/Makefile
+++ b/Makefile
@@ -100,11 +100,10 @@ LIBCRYPT_C := lib/crypto/crypto_aesctr.c \
 			   lib/crypto/crypto_scrypt-ref.c \
 			   lib/crypto/sha256.c
 
-CFLAGS ?= -O2 -Wall
 INSTALL := /usr/bin/install
 SCRYPT_LIBS := -lscrypt
 
-CFLAGS := $(CFLAGS) -fPIC
+override CFLAGS := $(CFLAGS) -O2 -Wall -fPIC
 
 all: lua-5.1-try lua-5.2-try
 
diff --git a/luascrypt.c b/luascrypt.c
index 181f1e8..9fad808 100644
--- a/luascrypt.c
+++ b/luascrypt.c
@@ -34,7 +34,7 @@ luascrypt_salt_gen(char *salt, int saltlen)
 	 * if we can...
 	 */
 	libscrypt_salt_gen(salt, saltlen);
-	
+
 	fd = open("/dev/urandom", O_RDONLY);
 	if (fd >= 0) {
 		read(fd, salt, saltlen); /* Ignore errors in these two calls */
@@ -70,8 +70,15 @@ luascrypt_hash_password(lua_State *L)
 		return luaL_error(L, "Unable to generate password hash: %s",
 				  "N is too large (limited to 2^15)");
 	}
-	
+
+#ifdef TRUST_LIBSCRYPT_SALT_GEN
+	/* Modern versions of libscrypt generate sufficiently random salts
+	 * and take a uint8_t * instead of char *
+	 */
+	libscrypt_salt_gen((uint8_t *) salt, sizeof(salt));
+#else
 	luascrypt_salt_gen(salt, sizeof(salt));
+#endif
 	
 	if (libscrypt_scrypt((uint8_t*)passwd, passwd_len,
 			     (uint8_t*)salt, sizeof(salt),