|
|
634b69 |
From 8aa9ae816ddf66921b4a8a0f422517e6f2e55ac6 Mon Sep 17 00:00:00 2001
|
|
|
634b69 |
From: Simo Sorce <simo@redhat.com>
|
|
|
634b69 |
Date: Wed, 27 Mar 2019 14:29:08 -0400
|
|
|
634b69 |
Subject: [PATCH] Use Openssl RC4 when available
|
|
|
634b69 |
|
|
|
634b69 |
Signed-off-by: Simo Sorce <simo@redhat.com>
|
|
|
634b69 |
---
|
|
|
634b69 |
configure.ac | 5 +--
|
|
|
634b69 |
plugins/digestmd5.c | 107 +++++++++++++++++++++++++++++++++++++++++++-
|
|
|
634b69 |
2 files changed, 108 insertions(+), 4 deletions(-)
|
|
|
634b69 |
|
|
|
634b69 |
diff --git a/configure.ac b/configure.ac
|
|
|
634b69 |
index 388f5d02..cfdee4a2 100644
|
|
|
634b69 |
--- a/configure.ac
|
|
|
634b69 |
+++ b/configure.ac
|
|
|
634b69 |
@@ -1102,12 +1102,11 @@ AC_ARG_WITH(configdir, [ --with-configdir=DIR set the directory where confi
|
|
|
634b69 |
AC_SUBST(configdir)
|
|
|
634b69 |
|
|
|
634b69 |
-dnl look for rc4 libraries. we accept the CMU one or one from openSSL
|
|
|
634b69 |
-AC_ARG_WITH(rc4, [ --with-rc4 use internal rc4 routines [[yes]] ],
|
|
|
634b69 |
+AC_ARG_WITH(rc4, [ --with-rc4 use rc4 routines [[yes]] ],
|
|
|
634b69 |
with_rc4=$withval,
|
|
|
634b69 |
with_rc4=yes)
|
|
|
634b69 |
|
|
|
634b69 |
if test "$with_rc4" != no; then
|
|
|
634b69 |
- AC_DEFINE(WITH_RC4,[],[Use internal RC4 implementation?])
|
|
|
634b69 |
+ AC_DEFINE(WITH_RC4,[],[Use RC4])
|
|
|
634b69 |
fi
|
|
|
634b69 |
|
|
|
634b69 |
building_for_macosx=no
|
|
|
634b69 |
diff --git a/plugins/digestmd5.c b/plugins/digestmd5.c
|
|
|
634b69 |
index df35093d..c6b54317 100644
|
|
|
634b69 |
--- a/plugins/digestmd5.c
|
|
|
634b69 |
+++ b/plugins/digestmd5.c
|
|
|
634b69 |
@@ -1117,6 +1117,111 @@ static void free_des(context_t *text)
|
|
|
634b69 |
#endif /* WITH_DES */
|
|
|
634b69 |
|
|
|
634b69 |
#ifdef WITH_RC4
|
|
|
634b69 |
+#ifdef HAVE_OPENSSL
|
|
|
634b69 |
+#include <openssl/evp.h>
|
|
|
634b69 |
+
|
|
|
634b69 |
+static void free_rc4(context_t *text)
|
|
|
634b69 |
+{
|
|
|
634b69 |
+ if (text->cipher_enc_context) {
|
|
|
634b69 |
+ EVP_CIPHER_CTX_free((EVP_CIPHER_CTX *)text->cipher_enc_context);
|
|
|
634b69 |
+ text->cipher_enc_context = NULL;
|
|
|
634b69 |
+ }
|
|
|
634b69 |
+ if (text->cipher_dec_context) {
|
|
|
634b69 |
+ EVP_CIPHER_CTX_free((EVP_CIPHER_CTX *)text->cipher_dec_context);
|
|
|
634b69 |
+ text->cipher_dec_context = NULL;
|
|
|
634b69 |
+ }
|
|
|
634b69 |
+}
|
|
|
634b69 |
+
|
|
|
634b69 |
+static int init_rc4(context_t *text,
|
|
|
634b69 |
+ unsigned char enckey[16],
|
|
|
634b69 |
+ unsigned char deckey[16])
|
|
|
634b69 |
+{
|
|
|
634b69 |
+ EVP_CIPHER_CTX *ctx;
|
|
|
634b69 |
+ int rc;
|
|
|
634b69 |
+
|
|
|
634b69 |
+ ctx = EVP_CIPHER_CTX_new();
|
|
|
634b69 |
+ if (ctx == NULL) return SASL_NOMEM;
|
|
|
634b69 |
+
|
|
|
634b69 |
+ rc = EVP_EncryptInit_ex(ctx, EVP_rc4(), NULL, enckey, NULL);
|
|
|
634b69 |
+ if (rc != 1) return SASL_FAIL;
|
|
|
634b69 |
+
|
|
|
634b69 |
+ text->cipher_enc_context = (void *)ctx;
|
|
|
634b69 |
+
|
|
|
634b69 |
+ ctx = EVP_CIPHER_CTX_new();
|
|
|
634b69 |
+ if (ctx == NULL) return SASL_NOMEM;
|
|
|
634b69 |
+
|
|
|
634b69 |
+ rc = EVP_DecryptInit_ex(ctx, EVP_rc4(), NULL, deckey, NULL);
|
|
|
634b69 |
+ if (rc != 1) return SASL_FAIL;
|
|
|
634b69 |
+
|
|
|
634b69 |
+ text->cipher_dec_context = (void *)ctx;
|
|
|
634b69 |
+
|
|
|
634b69 |
+ return SASL_OK;
|
|
|
634b69 |
+}
|
|
|
634b69 |
+
|
|
|
634b69 |
+static int dec_rc4(context_t *text,
|
|
|
634b69 |
+ const char *input,
|
|
|
634b69 |
+ unsigned inputlen,
|
|
|
634b69 |
+ unsigned char digest[16] __attribute__((unused)),
|
|
|
634b69 |
+ char *output,
|
|
|
634b69 |
+ unsigned *outputlen)
|
|
|
634b69 |
+{
|
|
|
634b69 |
+ int len;
|
|
|
634b69 |
+ int rc;
|
|
|
634b69 |
+
|
|
|
634b69 |
+ /* decrypt the text part & HMAC */
|
|
|
634b69 |
+ rc = EVP_DecryptUpdate((EVP_CIPHER_CTX *)text->cipher_dec_context,
|
|
|
634b69 |
+ (unsigned char *)output, &len,
|
|
|
634b69 |
+ (const unsigned char *)input, inputlen);
|
|
|
634b69 |
+ if (rc != 1) return SASL_FAIL;
|
|
|
634b69 |
+
|
|
|
634b69 |
+ *outputlen = len;
|
|
|
634b69 |
+
|
|
|
634b69 |
+ rc = EVP_DecryptFinal_ex((EVP_CIPHER_CTX *)text->cipher_dec_context,
|
|
|
634b69 |
+ (unsigned char *)output + len, &len;;
|
|
|
634b69 |
+ if (rc != 1) return SASL_FAIL;
|
|
|
634b69 |
+
|
|
|
634b69 |
+ *outputlen += len;
|
|
|
634b69 |
+
|
|
|
634b69 |
+ /* subtract the HMAC to get the text length */
|
|
|
634b69 |
+ *outputlen -= 10;
|
|
|
634b69 |
+
|
|
|
634b69 |
+ return SASL_OK;
|
|
|
634b69 |
+}
|
|
|
634b69 |
+
|
|
|
634b69 |
+static int enc_rc4(context_t *text,
|
|
|
634b69 |
+ const char *input,
|
|
|
634b69 |
+ unsigned inputlen,
|
|
|
634b69 |
+ unsigned char digest[16],
|
|
|
634b69 |
+ char *output,
|
|
|
634b69 |
+ unsigned *outputlen)
|
|
|
634b69 |
+{
|
|
|
634b69 |
+ int len;
|
|
|
634b69 |
+ int rc;
|
|
|
634b69 |
+ /* encrypt the text part */
|
|
|
634b69 |
+ rc = EVP_EncryptUpdate((EVP_CIPHER_CTX *)text->cipher_enc_context,
|
|
|
634b69 |
+ (unsigned char *)output, &len,
|
|
|
634b69 |
+ (const unsigned char *)input, inputlen);
|
|
|
634b69 |
+ if (rc != 1) return SASL_FAIL;
|
|
|
634b69 |
+
|
|
|
634b69 |
+ *outputlen = len;
|
|
|
634b69 |
+
|
|
|
634b69 |
+ /* encrypt the `MAC part */
|
|
|
634b69 |
+ rc = EVP_EncryptUpdate((EVP_CIPHER_CTX *)text->cipher_enc_context,
|
|
|
634b69 |
+ (unsigned char *)output + *outputlen, &len,
|
|
|
634b69 |
+ digest, 10);
|
|
|
634b69 |
+ if (rc != 1) return SASL_FAIL;
|
|
|
634b69 |
+
|
|
|
634b69 |
+ *outputlen += len;
|
|
|
634b69 |
+
|
|
|
634b69 |
+ rc = EVP_EncryptFinal_ex((EVP_CIPHER_CTX *)text->cipher_enc_context,
|
|
|
634b69 |
+ (unsigned char *)output + *outputlen, &len;;
|
|
|
634b69 |
+ if (rc != 1) return SASL_FAIL;
|
|
|
634b69 |
+
|
|
|
634b69 |
+ *outputlen += len;
|
|
|
634b69 |
+
|
|
|
634b69 |
+ return SASL_OK;
|
|
|
634b69 |
+}
|
|
|
634b69 |
+#else
|
|
|
634b69 |
/* quick generic implementation of RC4 */
|
|
|
634b69 |
struct rc4_context_s {
|
|
|
634b69 |
unsigned char sbox[256];
|
|
|
634b69 |
@@ -1296,7 +1401,7 @@ static int enc_rc4(context_t *text,
|
|
|
634b69 |
|
|
|
634b69 |
return SASL_OK;
|
|
|
634b69 |
}
|
|
|
634b69 |
-
|
|
|
634b69 |
+#endif /* HAVE_OPENSSL */
|
|
|
634b69 |
#endif /* WITH_RC4 */
|
|
|
634b69 |
|
|
|
634b69 |
struct digest_cipher available_ciphers[] =
|