rpms / cyrus-sasl

Clone
Source Code
GIT

Blame SOURCES/cyrus-sasl-pr559-RC4-openssl.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8 c8-beta c8s c9 c9-beta
  1.   1ddeb0879e678ef6bc4ae68f621541d5da9537f2
  2.   SOURCES
  3.   cyrus-sasl-pr559-RC4-openssl.patch
Blob History Raw
1ddeb0 
From 8aa9ae816ddf66921b4a8a0f422517e6f2e55ac6 Mon Sep 17 00:00:00 2001
1ddeb0 
From: Simo Sorce <simo@redhat.com>
1ddeb0 
Date: Wed, 27 Mar 2019 14:29:08 -0400
1ddeb0 
Subject: [PATCH] Use Openssl RC4 when available
1ddeb0
1ddeb0 
Signed-off-by: Simo Sorce <simo@redhat.com>
1ddeb0 
---
1ddeb0 
 configure.ac        |   5 +--
1ddeb0 
 plugins/digestmd5.c | 107 +++++++++++++++++++++++++++++++++++++++++++-
1ddeb0 
 2 files changed, 108 insertions(+), 4 deletions(-)
1ddeb0
1ddeb0 
diff --git a/configure.ac b/configure.ac
1ddeb0 
index 388f5d02..cfdee4a2 100644
1ddeb0 
--- a/configure.ac
1ddeb0 
+++ b/configure.ac
1ddeb0 
@@ -1102,12 +1102,11 @@ AC_ARG_WITH(configdir, [   --with-configdir=DIR    set the directory where confi
1ddeb0 
 AC_SUBST(configdir)
1ddeb0
1ddeb0 
-dnl look for rc4 libraries. we accept the CMU one or one from openSSL
1ddeb0 
-AC_ARG_WITH(rc4, [  --with-rc4              use internal rc4 routines [[yes]] ],
1ddeb0 
+AC_ARG_WITH(rc4, [  --with-rc4              use rc4 routines [[yes]] ],
1ddeb0 
 	with_rc4=$withval,
1ddeb0 
 	with_rc4=yes)
1ddeb0
1ddeb0 
 if test "$with_rc4" != no; then
1ddeb0 
-    AC_DEFINE(WITH_RC4,[],[Use internal RC4 implementation?])
1ddeb0 
+    AC_DEFINE(WITH_RC4,[],[Use RC4])
1ddeb0 
 fi
1ddeb0
1ddeb0 
 building_for_macosx=no
1ddeb0 
diff --git a/plugins/digestmd5.c b/plugins/digestmd5.c
1ddeb0 
index df35093d..c6b54317 100644
1ddeb0 
--- a/plugins/digestmd5.c
1ddeb0 
+++ b/plugins/digestmd5.c
1ddeb0 
@@ -1117,6 +1117,111 @@ static void free_des(context_t *text)
1ddeb0 
 #endif /* WITH_DES */
1ddeb0
1ddeb0 
 #ifdef WITH_RC4
1ddeb0 
+#ifdef HAVE_OPENSSL
1ddeb0 
+#include <openssl/evp.h>
1ddeb0 
+
1ddeb0 
+static void free_rc4(context_t *text)
1ddeb0 
+{
1ddeb0 
+    if (text->cipher_enc_context) {
1ddeb0 
+        EVP_CIPHER_CTX_free((EVP_CIPHER_CTX *)text->cipher_enc_context);
1ddeb0 
+        text->cipher_enc_context = NULL;
1ddeb0 
+    }
1ddeb0 
+    if (text->cipher_dec_context) {
1ddeb0 
+        EVP_CIPHER_CTX_free((EVP_CIPHER_CTX *)text->cipher_dec_context);
1ddeb0 
+        text->cipher_dec_context = NULL;
1ddeb0 
+    }
1ddeb0 
+}
1ddeb0 
+
1ddeb0 
+static int init_rc4(context_t *text,
1ddeb0 
+		    unsigned char enckey[16],
1ddeb0 
+		    unsigned char deckey[16])
1ddeb0 
+{
1ddeb0 
+    EVP_CIPHER_CTX *ctx;
1ddeb0 
+    int rc;
1ddeb0 
+
1ddeb0 
+    ctx = EVP_CIPHER_CTX_new();
1ddeb0 
+    if (ctx == NULL) return SASL_NOMEM;
1ddeb0 
+
1ddeb0 
+    rc = EVP_EncryptInit_ex(ctx, EVP_rc4(), NULL, enckey, NULL);
1ddeb0 
+    if (rc != 1) return SASL_FAIL;
1ddeb0 
+
1ddeb0 
+    text->cipher_enc_context = (void *)ctx;
1ddeb0 
+
1ddeb0 
+    ctx = EVP_CIPHER_CTX_new();
1ddeb0 
+    if (ctx == NULL) return SASL_NOMEM;
1ddeb0 
+
1ddeb0 
+    rc = EVP_DecryptInit_ex(ctx, EVP_rc4(), NULL, deckey, NULL);
1ddeb0 
+    if (rc != 1) return SASL_FAIL;
1ddeb0 
+
1ddeb0 
+    text->cipher_dec_context = (void *)ctx;
1ddeb0 
+
1ddeb0 
+    return SASL_OK;
1ddeb0 
+}
1ddeb0 
+
1ddeb0 
+static int dec_rc4(context_t *text,
1ddeb0 
+		   const char *input,
1ddeb0 
+		   unsigned inputlen,
1ddeb0 
+		   unsigned char digest[16] __attribute__((unused)),
1ddeb0 
+		   char *output,
1ddeb0 
+		   unsigned *outputlen)
1ddeb0 
+{
1ddeb0 
+    int len;
1ddeb0 
+    int rc;
1ddeb0 
+
1ddeb0 
+    /* decrypt the text part & HMAC */
1ddeb0 
+    rc = EVP_DecryptUpdate((EVP_CIPHER_CTX *)text->cipher_dec_context,
1ddeb0 
+                           (unsigned char *)output, &len,
1ddeb0 
+                           (const unsigned char *)input, inputlen);
1ddeb0 
+    if (rc != 1) return SASL_FAIL;
1ddeb0 
+
1ddeb0 
+    *outputlen = len;
1ddeb0 
+
1ddeb0 
+    rc = EVP_DecryptFinal_ex((EVP_CIPHER_CTX *)text->cipher_dec_context,
1ddeb0 
+                             (unsigned char *)output + len, &len;;
1ddeb0 
+    if (rc != 1) return SASL_FAIL;
1ddeb0 
+
1ddeb0 
+    *outputlen += len;
1ddeb0 
+
1ddeb0 
+    /* subtract the HMAC to get the text length */
1ddeb0 
+    *outputlen -= 10;
1ddeb0 
+
1ddeb0 
+    return SASL_OK;
1ddeb0 
+}
1ddeb0 
+
1ddeb0 
+static int enc_rc4(context_t *text,
1ddeb0 
+		   const char *input,
1ddeb0 
+		   unsigned inputlen,
1ddeb0 
+		   unsigned char digest[16],
1ddeb0 
+		   char *output,
1ddeb0 
+		   unsigned *outputlen)
1ddeb0 
+{
1ddeb0 
+    int len;
1ddeb0 
+    int rc;
1ddeb0 
+    /* encrypt the text part */
1ddeb0 
+    rc = EVP_EncryptUpdate((EVP_CIPHER_CTX *)text->cipher_enc_context,
1ddeb0 
+                           (unsigned char *)output, &len,
1ddeb0 
+                           (const unsigned char *)input, inputlen);
1ddeb0 
+    if (rc != 1) return SASL_FAIL;
1ddeb0 
+
1ddeb0 
+    *outputlen = len;
1ddeb0 
+
1ddeb0 
+    /* encrypt the `MAC part */
1ddeb0 
+    rc = EVP_EncryptUpdate((EVP_CIPHER_CTX *)text->cipher_enc_context,
1ddeb0 
+                           (unsigned char *)output + *outputlen, &len,
1ddeb0 
+                           digest, 10);
1ddeb0 
+    if (rc != 1) return SASL_FAIL;
1ddeb0 
+
1ddeb0 
+    *outputlen += len;
1ddeb0 
+
1ddeb0 
+    rc = EVP_EncryptFinal_ex((EVP_CIPHER_CTX *)text->cipher_enc_context,
1ddeb0 
+                             (unsigned char *)output + *outputlen, &len;;
1ddeb0 
+    if (rc != 1) return SASL_FAIL;
1ddeb0 
+
1ddeb0 
+    *outputlen += len;
1ddeb0 
+
1ddeb0 
+    return SASL_OK;
1ddeb0 
+}
1ddeb0 
+#else
1ddeb0 
 /* quick generic implementation of RC4 */
1ddeb0 
 struct rc4_context_s {
1ddeb0 
     unsigned char sbox[256];
1ddeb0 
@@ -1296,7 +1401,7 @@ static int enc_rc4(context_t *text,
1ddeb0
1ddeb0 
     return SASL_OK;
1ddeb0 
 }
1ddeb0 
-
1ddeb0 
+#endif /* HAVE_OPENSSL */
1ddeb0 
 #endif /* WITH_RC4 */
1ddeb0
1ddeb0 
 struct digest_cipher available_ciphers[] =

Powered by Pagure 5.13.3

SSH Hostkey/Fingerprint | Documentation