[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: (ITS#8634) OpenLDAP fails to build against OpenSSL 1.1
Perhaps we should use this ITS to track removal of this code entirely from O=
penLDAP.=20
> On Apr 10, 2017, at 12:54 PM, hyc@symas.com wrote:
>=20
> hristo@venev.name wrote:
>> Full_Name: Hristo Venev
>> Version: Unreleased Release Candidate 2.4.45
>> OS:
>> URL: ftp://ftp.openldap.org/incoming/
>> Submission from: (NULL) (95.111.59.55)
>>=20
>>=20
>> Another user of the old DES API. Here's a patch (compiles, not tested):
>=20
> Thanks. Looks like you're compiling the old NT/LANMAN password hash suppor=
t.=20
> Nobody should still be using that code, LANMAN hashes are trivially cracka=
ble=20
> on modern GPUs.
>>=20
>> diff --git a/libraries/liblutil/passwd.c b/libraries/liblutil/passwd.c
>> index 7aab344..c481326 100644
>> --- a/libraries/liblutil/passwd.c
>> +++ b/libraries/liblutil/passwd.c
>> @@ -38,9 +38,9 @@
>> # include <openssl/des.h>
>>=20
>>=20
>> -typedef des_cblock des_key;
>> -typedef des_cblock des_data_block;
>> -typedef des_key_schedule des_context;
>> +typedef DES_cblock des_key;
>> +typedef DES_cblock des_data_block;
>> +typedef DES_key_schedule des_context[1];
>> #define des_failed(encrypted) 0
>> #define des_finish(key, schedule)
>>=20
>> @@ -667,7 +667,7 @@ static void
>> des_set_key_and_parity( des_key *key, unsigned char *keyData)
>> {
>> memcpy(key, keyData, 8);
>> - des_set_odd_parity( key );
>> + DES_set_odd_parity( key );
>> }
>>=20
>>=20
>> @@ -699,7 +699,7 @@ des_set_key_and_parity( des_key *key, unsigned char
>> *keyData)
>> }
>>=20
>> static void
>> -des_set_key_unchecked( des_key *key, des_context ctxt )
>> +DES_set_key_unchecked( des_key *key, des_context ctxt )
>> {
>> ctxt[0] =3D NULL;
>>=20
>> @@ -712,7 +712,7 @@ des_set_key_unchecked( des_key *key, des_context ctxt=
)
>> }
>>=20
>> static void
>> -des_ecb_encrypt( des_data_block *plain, des_data_block *encrypted,
>> +DES_ecb_encrypt( des_data_block *plain, des_data_block *encrypted,
>> des_context ctxt, int op)
>> {
>> SECStatus rv;
>> @@ -864,16 +864,16 @@ static int chk_lanman(
>> ldap_pvt_str2upper( UcasePassword );
>> =20
>> lmPasswd_to_key( UcasePassword, &key );
>> - des_set_key_unchecked( &key, schedule );
>> - des_ecb_encrypt( &StdText, &PasswordHash1, schedule , DES_ENCRYPT );=
>> + DES_set_key_unchecked( &key, schedule );
>> + DES_ecb_encrypt( &StdText, &PasswordHash1, schedule , DES_ENCRYPT );=
>>=20
>> if (des_failed(&PasswordHash1)) {
>> return LUTIL_PASSWD_ERR;
>> }
>> =20
>> lmPasswd_to_key( &UcasePassword[7], &key );
>> - des_set_key_unchecked( &key, schedule );
>> - des_ecb_encrypt( &StdText, &PasswordHash2, schedule , DES_ENCRYPT );=
>> + DES_set_key_unchecked( &key, schedule );
>> + DES_ecb_encrypt( &StdText, &PasswordHash2, schedule , DES_ENCRYPT );=
>> if (des_failed(&PasswordHash2)) {
>> return LUTIL_PASSWD_ERR;
>> }
>> @@ -1160,12 +1160,12 @@ static int hash_lanman(
>> ldap_pvt_str2upper( UcasePassword );
>> =20
>> lmPasswd_to_key( UcasePassword, &key );
>> - des_set_key_unchecked( &key, schedule );
>> - des_ecb_encrypt( &StdText, &PasswordHash1, schedule , DES_ENCRYPT );=
>> + DES_set_key_unchecked( &key, schedule );
>> + DES_ecb_encrypt( &StdText, &PasswordHash1, schedule , DES_ENCRYPT );=
>> =20
>> lmPasswd_to_key( &UcasePassword[7], &key );
>> - des_set_key_unchecked( &key, schedule );
>> - des_ecb_encrypt( &StdText, &PasswordHash2, schedule , DES_ENCRYPT );=
>> + DES_set_key_unchecked( &key, schedule );
>> + DES_ecb_encrypt( &StdText, &PasswordHash2, schedule , DES_ENCRYPT );=
>> =20
>> sprintf( PasswordHash,
>> "%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x",
>> PasswordHash1[0],PasswordHash1[1],PasswordHash1[2],PasswordHash1[3=
],
>>=20
>>=20
>>=20
>=20
>=20
> --=20
> -- Howard Chu
> CTO, Symas Corp. http://www.symas.com
> Director, Highland Sun http://highlandsun.com/hyc/
> Chief Architect, OpenLDAP http://www.openldap.org/project/
>=20
>=20
>=20