From 05e42f7dbb86105db312c8059ddf642c59cd5d23 Mon Sep 17 00:00:00 2001
From: "Roger A. Light" <roger@atchoo.org>
Date: Tue, 21 Nov 2023 22:53:18 +0000
Subject: [PATCH] Default to using argon2 for passwords

---
 apps/mosquitto_ctrl/dynsec.c           |  3 ---
 common/password_mosq.c                 | 10 ++++++++++
 plugins/dynamic-security/config_init.c |  4 ----
 3 files changed, 10 insertions(+), 7 deletions(-)

diff --git a/apps/mosquitto_ctrl/dynsec.c b/apps/mosquitto_ctrl/dynsec.c
index 00ce0357b..4e175f813 100644
--- a/apps/mosquitto_ctrl/dynsec.c
+++ b/apps/mosquitto_ctrl/dynsec.c
@@ -564,10 +564,8 @@ static cJSON *init_add_client(const char *username, const char *password, const
 {
 	cJSON *j_client, *j_roles, *j_role;
 	struct mosquitto_pw pw;
-	char buf[10];
 
 	memset(&pw, 0, sizeof(pw));
-	pw.hashtype = pw_sha512_pbkdf2;
 
 	if(pw__create(&pw, password) != MOSQ_ERR_SUCCESS){
 		return NULL;
@@ -578,7 +576,6 @@ static cJSON *init_add_client(const char *username, const char *password, const
 		return NULL;
 	}
 
-	snprintf(buf, sizeof(buf), "%d", PW_DEFAULT_ITERATIONS);
 	if(cJSON_AddStringToObject(j_client, "username", username) == NULL
 			|| cJSON_AddStringToObject(j_client, "textName", "Dynsec admin user") == NULL
 			){
diff --git a/common/password_mosq.c b/common/password_mosq.c
index 18b0f2e23..dabe274c2 100644
--- a/common/password_mosq.c
+++ b/common/password_mosq.c
@@ -106,6 +106,8 @@ static int pw__create_argon2id(struct mosquitto_pw *pw, const char *password)
 		return MOSQ_ERR_UNKNOWN;
 	}
 #else
+	UNUSED(pw);
+	UNUSED(password);
 	return MOSQ_ERR_NOT_SUPPORTED;
 #endif
 }
@@ -122,6 +124,8 @@ static int pw__verify_argon2id(struct mosquitto_pw *pw, const char *password)
 		return MOSQ_ERR_AUTH;
 	}
 #else
+	UNUSED(pw);
+	UNUSED(password);
 	return MOSQ_ERR_NOT_SUPPORTED;
 #endif
 }
@@ -139,6 +143,8 @@ static int pw__decode_argon2id(struct mosquitto_pw *pw, const char *password)
 		return MOSQ_ERR_NOMEM;
 	}
 #else
+	UNUSED(pw);
+	UNUSED(password);
 	return MOSQ_ERR_NOT_SUPPORTED;
 #endif
 }
@@ -471,7 +477,11 @@ int pw__create(struct mosquitto_pw *pw, const char *password)
 		case pw_sha512:
 			return pw__create_sha512(pw, password);
 		default:
+#ifdef WITH_ARGON2
 			return pw__create_argon2id(pw, password);
+#else
+			return pw__create_sha512_pbkdf2(pw, password);
+#endif
 	}
 
 	return MOSQ_ERR_INVAL;
diff --git a/plugins/dynamic-security/config_init.c b/plugins/dynamic-security/config_init.c
index 7438a92e8..2053d742c 100644
--- a/plugins/dynamic-security/config_init.c
+++ b/plugins/dynamic-security/config_init.c
@@ -118,7 +118,6 @@ static int generate_password(struct dynsec__data *data, cJSON *j_client, char **
 	char *pwenv;
 
 	memset(&pw, 0, sizeof(struct mosquitto_pw));
-	pw.hashtype = pw_sha512_pbkdf2;
 
 	if(data->init_mode == dpwim_file){
 		if(get_password_from_init_file(data, password)){
@@ -153,9 +152,6 @@ static int generate_password(struct dynsec__data *data, cJSON *j_client, char **
 		(*password)[20] = '\0';
 	}
 
-	pw.hashtype = pw_sha512_pbkdf2;
-	pw.params.sha512_pbkdf2.iterations = PW_DEFAULT_ITERATIONS + 1;
-
 	if(pw__create(&pw, *password) != MOSQ_ERR_SUCCESS){
 		free(*password);
 		*password = NULL;