busybox

/* SHA256 and SHA512-based Unix crypt implementation.

 * Released into the Public Domain by Ulrich Drepper <drepper@redhat.com>.

 */

​

/* Prefix for optional rounds specification.  */

static const char str_rounds[] = "rounds=%u$";

​

/* Maximum salt string length.  */

#define SALT_LEN_MAX 16

/* Default number of rounds if not explicitly specified.  */

#define ROUNDS_DEFAULT 5000

/* Minimum number of rounds.  */

#define ROUNDS_MIN 1000

/* Maximum number of rounds.  */

#define ROUNDS_MAX 999999999

​

static char *

NOINLINE

sha_crypt(/*const*/ char *key_data, /*const*/ char *salt_data)

{

    void (*sha_begin)(void *ctx) FAST_FUNC;

    void (*sha_hash)(const void *buffer, size_t len, void *ctx) FAST_FUNC;

    void (*sha_end)(void *resbuf, void *ctx) FAST_FUNC;

    int _32or64;

​

    char *result, *resptr;

​

    /* btw, sha256 needs [32] and uint32_t only */

    struct {

        unsigned char alt_result[64];

        unsigned char temp_result[64];

        union {

            sha256_ctx_t x;

            sha512_ctx_t y;

        } ctx;

        union {

            sha256_ctx_t x;

            sha512_ctx_t y;

        } alt_ctx;

    } L __attribute__((__aligned__(__alignof__(uint64_t))));

#define alt_result  (L.alt_result )

#define temp_result (L.temp_result)

#define ctx         (L.ctx        )

#define alt_ctx     (L.alt_ctx    )

    unsigned salt_len;

    unsigned key_len;

    unsigned cnt;

    unsigned rounds;

    char *cp;

    char is_sha512;

​

    /* Analyze salt, construct already known part of result */

    cnt = strlen(salt_data) + 1 + 43 + 1;

    is_sha512 = salt_data[1];

    if (is_sha512 == '6')

        cnt += 43;

    result = resptr = xzalloc(cnt); /* will provide NUL terminator */

    *resptr++ = '$';

    *resptr++ = is_sha512;

    *resptr++ = '$';

    rounds = ROUNDS_DEFAULT;

    salt_data += 3;

    if (strncmp(salt_data, str_rounds, 7) == 0) {