Check for crypt_gensalt_ra() instead of relying on libxcrypt presence

Since the loop to check various xcrypt functions is already in place, adding one more is cheap. And it is nicer to check for the function directly. People like to backport things, so we might get lucky even without having libxcrypt.
2025-03-14 04:58:28 +03:00 · 2020-09-10 18:21:41 +02:00 · 2020-09-10 18:21:41 +02:00 · 2b49f0ca83
commit 2b49f0ca83
parent e8644a414a
2 changed files with 6 additions and 6 deletions
--- a/meson.build
+++ b/meson.build
@ -884,7 +884,8 @@ libcrypt = cc.find_library('crypt')
 crypt_header = conf.get('HAVE_CRYPT_H') == 1 ? \
               '''#include <crypt.h>''' : '''#include <unistd.h>'''
 foreach ident : [
-        ['crypt_ra',          crypt_header]]
+        ['crypt_ra',          crypt_header],
+        ['crypt_gensalt_ra',  crypt_header]]

        have = cc.has_function(ident[0], prefix : ident[1], args : '-D_GNU_SOURCE',
                               dependencies : libcrypt)
--- a/src/shared/libcrypt-util.c
+++ b/src/shared/libcrypt-util.c
@ -31,12 +31,12 @@

 int make_salt(char **ret) {

-#ifdef XCRYPT_VERSION_MAJOR
+#if HAVE_CRYPT_GENSALT_RA
        const char *e;
        char *salt;

-        /* If we have libxcrypt we default to the "preferred method" (i.e. usually yescrypt), and generate it
-         * with crypt_gensalt_ra(). */
+        /* If we have crypt_gensalt_ra() we default to the "preferred method" (i.e. usually yescrypt).
+         * crypt_gensalt_ra() is usually provided by libxcrypt. */

        e = secure_getenv("SYSTEMD_CRYPT_PREFIX");
        if (!e)
@ -51,8 +51,7 @@ int make_salt(char **ret) {
        *ret = salt;
        return 0;
 #else
-        /* If libxcrypt is not used, we use SHA512 and generate the salt on our own since crypt_gensalt_ra()
-         * is not available. */
+        /* If crypt_gensalt_ra() is not available, we use SHA512 and generate the salt on our own. */

        static const char table[] =
                "abcdefghijklmnopqrstuvwxyz"