Specially for Bernhard Fischer introduce USE_BB_CRYPT

which selects between libc/custom crypt routines.

include/libbb.h

@@ -1032,6 +1032,9 @@ extern int restricted_shell(const char *shell);
 extern void setup_environment(const char *shell, int clear_env, int change_env, const struct passwd *pw);
 extern int correct_password(const struct passwd *pw);
 /* Returns a malloced string */
+#if !ENABLE_USE_BB_CRYPT
+#define pw_encrypt(clear, salt, cleanup) pw_encrypt(clear, salt)
+#endif
 extern char *pw_encrypt(const char *clear, const char *salt, int cleanup);
 extern int obscure(const char *old, const char *newval, const struct passwd *pwdp);
 /* rnd is additional random input. New one is returned.

libbb/pw_encrypt.c

@@ -9,6 +9,8 @@
 
 #include "libbb.h"
 
+#if ENABLE_USE_BB_CRYPT
+
 /*
  * DES and MD5 crypt implementations are taken from uclibc.
  * They were modified to not use static buffers.
@@ -69,3 +71,18 @@ char *pw_encrypt(const char *clear, const char *salt, int cleanup)
 
 	return encrypted;
 }
+
+#else /* if !ENABLE_USE_BB_CRYPT */
+
+char *pw_encrypt(const char *clear, const char *salt, int cleanup)
+{
+#if 0 /* was CONFIG_FEATURE_SHA1_PASSWORDS, but there is no such thing??? */
+	if (strncmp(salt, "$2$", 3) == 0) {
+		return xstrdup(sha1_crypt(clear));
+	}
+#endif
+
+	return xstrdup(crypt(clear, salt));
+}
+
+#endif

loginutils/Config.in

@@ -13,45 +13,67 @@ config FEATURE_SHADOWPASSWDS
 	  readable by root and thus the encrypted passwords are no longer
 	  publicly readable.
 
+config USE_BB_PWD_GRP
+	bool "Use internal password and group functions rather than system functions"
+	default n
+	help
+	  If you leave this disabled, busybox will use the system's password
+	  and group functions.  And if you are using the GNU C library
+	  (glibc), you will then need to install the /etc/nsswitch.conf
+	  configuration file and the required /lib/libnss_* libraries in
+	  order for the password and group functions to work.  This generally
+	  makes your embedded system quite a bit larger.
+
+	  Enabling this option will cause busybox to directly access the
+	  system's /etc/password, /etc/group files (and your system will be
+	  smaller, and I will get fewer emails asking about how glibc NSS
+	  works).  When this option is enabled, you will not be able to use
+	  PAM to access remote LDAP password servers and whatnot.  And if you
+	  want hostname resolution to work with glibc, you still need the
+	  /lib/libnss_* libraries.
+
+	  If you need to use glibc's nsswitch.conf mechanism
+	  (e.g. if user/group database is NOT stored in /etc/passwd etc),
+	  you must NOT use this option.
+
+	  If you enable this option, it will add about 1.5k to busybox.
+
 config USE_BB_SHADOW
 	bool "Use busybox shadow password functions"
 	default y
 	depends on USE_BB_PWD_GRP && FEATURE_SHADOWPASSWDS
 	help
-	    If you leave this disabled, busybox will use the system's shadow
-	    password handling functions.  And if you are using the GNU C library
-	    (glibc), you will then need to install the /etc/nsswitch.conf
-	    configuration file and the required /lib/libnss_* libraries in
-	    order for the shadow password functions to work.  This generally
-	    makes your embedded system quite a bit larger.
+	  If you leave this disabled, busybox will use the system's shadow
+	  password handling functions.  And if you are using the GNU C library
+	  (glibc), you will then need to install the /etc/nsswitch.conf
+	  configuration file and the required /lib/libnss_* libraries in
+	  order for the shadow password functions to work.  This generally
+	  makes your embedded system quite a bit larger.
 
-	    Enabling this option will cause busybox to directly access the
-	    system's /etc/shadow file when handling shadow passwords.  This
-	    makes your system smaller and I will get fewer emails asking about
-	    how glibc NSS works).  When this option is enabled, you will not be
-	    able to use PAM to access shadow passwords from remote LDAP
-	    password servers and whatnot.
+	  Enabling this option will cause busybox to directly access the
+	  system's /etc/shadow file when handling shadow passwords.  This
+	  makes your system smaller and I will get fewer emails asking about
+	  how glibc NSS works).  When this option is enabled, you will not be
+	  able to use PAM to access shadow passwords from remote LDAP
+	  password servers and whatnot.
 
-config USE_BB_PWD_GRP
-	bool "Use internal password and group functions rather than system functions"
-	default n
+config USE_BB_CRYPT
+	bool "Use internal DES and MD5 crypt functions rather than system functions"
+	default y
 	help
-	    If you leave this disabled, busybox will use the system's password
-	    and group functions.  And if you are using the GNU C library
-	    (glibc), you will then need to install the /etc/nsswitch.conf
-	    configuration file and the required /lib/libnss_* libraries in
-	    order for the password and group functions to work.  This generally
-	    makes your embedded system quite a bit larger.
+	  If you leave this disabled, busybox will use the system's password
+	  and group functions.  Most C libraries use large (~70k)
+	  static buffers in these functions, and also combine them
+	  with more general DES encryption/decryption routines.
+	  For busybox, having large static buffers is undesirable,
+	  especially so on NOMMU machines.
 
-	    Enabling this option will cause busybox to directly access the
-	    system's /etc/password, /etc/group files (and your system will be
-	    smaller, and I will get fewer emails asking about how glibc NSS
-	    works).  When this option is enabled, you will not be able to use
-	    PAM to access remote LDAP password servers and whatnot.  And if you
-	    want hostname resolution to work with glibc, you still need the
-	    /lib/libnss_* libraries.
+	  These functions produce results which are identical
+	  to corresponding C library functions.
 
-	    If you enable this option, it will add about 1.5k to busybox.
+	  If you enable this option, it will add about 4.8k to busybox
+	  if you are building dynamically linked executable.
+	  In static build, it makes executable _smaller_ by about 1.2k.
 
 config ADDGROUP
 	bool "addgroup"
@@ -255,4 +277,3 @@ config VLOCK
 	  work properly.
 
 endmenu
-