From 10e42591ac72285736d5cc4ee5e7c2f68dbf1e4b Mon Sep 17 00:00:00 2001
From: Xavier Del Campo Romero <xavi92@disroot.org>
Date: Wed, 8 Oct 2025 13:50:52 +0200
Subject: Replace OpenSSL with libsodium and argon2id

The SHA256-based password hashing algorithm used by slcl(1) and
usergen(1) is considered insecure against several kinds of attacks,
including brute force attacks. [1]

Therefore, a stronger password hashing algorithm based on the Argon2id
key derivation function is now used by default. While OpenSSL does
support Argon2id, it is only supported by very recent versions [2],
which are still not packaged by most distributions as of the time of
this writing. [3]

As an alternative to OpenSSL, libsodium [4] had several benefits:

- It provides easy-to-use functions for password hashing, base64
encoding/decoding and other cryptographic primitives used by slcl(1)
and usergen(1).

- It is packaged by most distributions [5], and most often only the patch
version differs, which ensures good compatibility across distributions.

Unfortunately, and as opposed to OpenSSL, libsodium does not come with
command-line tools. Therefore, usergen(1) had to be rewritten in C.

In order to maintain backwards compatiblity with existing databases,
slcl(1) and usergen(1) shall support the insecure, SHA256-based password
hashing algorithm. However, Argon2id shall now be the default choice for
usergen(1).

[1]: https://security.stackexchange.com/questions/195563/why-is-sha-256-not-good-for-passwords
[2]: https://docs.openssl.org/3.3/man7/EVP_KDF-ARGON2/
[3]: https://repology.org/project/openssl/versions
[4]: https://www.libsodium.org/
[5]: https://repology.org/project/libsodium/versions
---
 base64.c | 126 ---------------------------------------------------------------
 1 file changed, 126 deletions(-)
 delete mode 100644 base64.c

(limited to 'base64.c')

diff --git a/base64.c b/base64.c
deleted file mode 100644
index b1d4737..0000000
--- a/base64.c
+++ /dev/null
@@ -1,126 +0,0 @@
-#include "base64.h"
-#include <openssl/evp.h>
-#include <errno.h>
-#include <stddef.h>
-#include <stdlib.h>
-#include <stdio.h>
-#include <string.h>
-
-static void remove_lf(char *b64)
-{
-    while ((b64 = strchr(b64, '\n')))
-        memcpy(b64, b64 + 1, strlen(b64));
-}
-
-static size_t base64len(const size_t n)
-{
-    /* Read EVP_EncodeInit(3) for further reference. */
-    return ((n / 48) * 65) + (n % 48 ? 1 + ((n / 3) + 1) * 4 : 0);
-}
-
-static size_t decodedlen(const size_t n)
-{
-    return ((n / 64) * 48) + (n % 64 ? (n / 4) * 3 : 0);
-}
-
-char *base64_encode(const void *const buf, const size_t n)
-{
-    EVP_ENCODE_CTX *const ctx = EVP_ENCODE_CTX_new();
-    char *ret = NULL;
-    unsigned char *b64 = NULL;
-
-    if (!ctx)
-    {
-        fprintf(stderr, "%s: EVP_ENCODE_CTX_new failed\n", __func__);
-        goto end;
-    }
-
-    const size_t b64len = base64len(n);
-
-    if (!(b64 = malloc(b64len + 1)))
-    {
-        fprintf(stderr, "%s: malloc(3): %s\n", __func__, strerror(errno));
-        goto end;
-    }
-
-    EVP_EncodeInit(ctx);
-
-    size_t rem = n, done = 0;
-    int outl = b64len;
-
-    while (rem)
-    {
-        const size_t i = n - rem, inl = rem > 48 ? 48 : rem;
-        const unsigned char *const in = buf;
-
-        if (!EVP_EncodeUpdate(ctx, &b64[done], &outl, &in[i], inl))
-        {
-            fprintf(stderr, "%s: EVP_EncodeUpdate failed\n", __func__);
-            goto end;
-        }
-
-        done += outl;
-        rem -= inl;
-    }
-
-    EVP_EncodeFinal(ctx, b64, &outl);
-    ret = (char *)b64;
-    remove_lf(ret);
-
-end:
-    if (!ret)
-        free(b64);
-
-    EVP_ENCODE_CTX_free(ctx);
-    return ret;
-}
-
-void *base64_decode(const char *const b64, size_t *const n)
-{
-    void *ret = NULL;
-    const size_t len = strlen(b64), dlen = decodedlen(len);
-    EVP_ENCODE_CTX *const ctx = EVP_ENCODE_CTX_new();
-    unsigned char *const buf = malloc(dlen);
-
-    if (!buf)
-    {
-        fprintf(stderr, "%s: malloc(3): %s\n", __func__, strerror(errno));
-        goto end;
-    }
-    else if (!ctx)
-    {
-        fprintf(stderr, "%s: EVP_ENCODE_CTX_new failed\n", __func__);
-        goto end;
-    }
-
-    EVP_DecodeInit(ctx);
-
-    size_t rem = len, done = 0;
-    int outl = dlen;
-
-    while (rem)
-    {
-        const size_t i = len - rem, inl = rem > 64 ? 64 : rem;
-        const unsigned char *const in = (const unsigned char *)b64;
-
-        if (EVP_DecodeUpdate(ctx, &buf[done], &outl, &in[i], inl) < 0)
-        {
-            fprintf(stderr, "%s: EVP_EncodeUpdate failed\n", __func__);
-            goto end;
-        }
-
-        done += outl;
-        rem -= inl;
-    }
-
-    EVP_DecodeFinal(ctx, buf, &outl);
-    *n = done;
-    ret = buf;
-
-end:
-    if (!ret)
-        free(buf);
-
-    EVP_ENCODE_CTX_free(ctx);
-    return ret;
-}
-- 
cgit v1.2.3