LibreSSL support

not use des_old.h merged from OpenBSD http://cvsweb.openbsd.org/cgi-bin/cvsweb/ports/net/netatalk3/patches/
Netatalk · Jan 10, 2016 · ee2dee2 · ee2dee2
1 parent 988664a
commit ee2dee2
Show file tree

Hide file tree

Showing 4 changed files with 26 additions and 24 deletions.
diff --git a/NEWS b/NEWS
@@ -4,6 +4,7 @@ Changes in 3.1.9
 * NEW: afpd: new options "force user" and "force group"
 * FIX: listening on IPv6 wildcard address may fail if IPv6 is
        disabled, bug #606
+* NEW: LibreSSL support, FR #98
 
 Changes in 3.1.8
 ================

diff --git a/bin/afppasswd/afppasswd.c b/bin/afppasswd/afppasswd.c
@@ -65,7 +65,7 @@ static char buf[MAXPATHLEN + 1];
 static void convert_passwd(char *buf, char *newpwd, const int keyfd)
 {
   uint8_t key[HEXPASSWDLEN];
-  Key_schedule schedule;
+  DES_key_schedule schedule;
   unsigned int i, j;
 
   if (!newpwd) {
@@ -84,14 +84,14 @@ static void convert_passwd(char *buf, char *newpwd, const int keyfd)
       key[j] = (unhex(key[i]) << 4) | unhex(key[i + 1]);
     if (j <= DES_KEY_SZ)
       memset(key + j, 0, sizeof(key) - j);
-    key_sched((C_Block *) key, schedule);
+    DES_key_sched((DES_cblock *) key, &schedule);
     memset(key, 0, sizeof(key));   
     if (newpwd) {
-	ecb_encrypt((C_Block *) newpwd, (C_Block *) newpwd, schedule,
+	DES_ecb_encrypt((DES_cblock *) newpwd, (DES_cblock *) newpwd, &schedule,
 		    DES_ENCRYPT);
     } else {
       /* decrypt the password */
-      ecb_encrypt((C_Block *) buf, (C_Block *) buf, schedule, DES_DECRYPT);
+      DES_ecb_encrypt((DES_cblock *) buf, (DES_cblock *) buf, &schedule, DES_DECRYPT);
     }
     memset(&schedule, 0, sizeof(schedule));      
   }

diff --git a/doc/DEVELOPER b/doc/DEVELOPER
@@ -86,15 +86,16 @@ Currently, Netatalk supports BDB 4.6 and later.
 
 Optional
 ========
-6. OpenSSL and/or Libgcrypt
+6. OpenSSL, LibreSSL and/or Libgcrypt
 The OpenSSL Project is a collaborative effort to develop a robust,
 commercial-grade, full-featured, and Open Source toolkit implementing
 the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS
 v1) protocols as well as a full-strength general purpose cryptography
 library.
+LibreSSL is a version of the TLS/crypto stack forked from OpenSSL.
 This is required to enable DHX login support.
 
-Get everything at http://www.openssl.org/
+Get everything at http://www.openssl.org/ or http://www.libressl.org/
 
 The Libgcrypt is a general purpose cryptographic library based on
 the code from GnuPG.

diff --git a/etc/uams/uams_randnum.c b/etc/uams/uams_randnum.c
@@ -33,8 +33,8 @@
 
 #define PASSWDLEN 8
 
-static C_Block		seskey;
-static Key_schedule	seskeysched;
+static DES_cblock	seskey;
+static DES_key_schedule	seskeysched;
 static struct passwd	*randpwd;
 static uint8_t         randbuf[8];
 
@@ -124,7 +124,7 @@ static int afppasswd(const struct passwd *pwd,
 {
   uint8_t key[DES_KEY_SZ*2];
   char buf[MAXPATHLEN + 1], *p;
-  Key_schedule	schedule;
+  DES_key_schedule schedule;
   FILE *fp;
   unsigned int i, j;
   int keyfd = -1, err = 0;
@@ -181,17 +181,17 @@ static int afppasswd(const struct passwd *pwd,
 	key[j] = (unhex(key[i]) << 4) | unhex(key[i + 1]);
       if (j <= DES_KEY_SZ)
 	memset(key + j, 0, sizeof(key) - j);
-      key_sched((C_Block *) key, schedule);
+      DES_key_sched((DES_cblock *) key, &schedule);
       memset(key, 0, sizeof(key));
 
       if (set) {
 	/* NOTE: this takes advantage of the fact that passwd doesn't
 	 *       get used after this call if it's being set. */
-	ecb_encrypt((C_Block *) passwd, (C_Block *) passwd, schedule,
+	DES_ecb_encrypt((DES_cblock *) passwd, (DES_cblock *) passwd, &schedule,
 		    DES_ENCRYPT);
       } else {
 	/* decrypt the password */
-	ecb_encrypt((C_Block *) p, (C_Block *) p, schedule, DES_DECRYPT);
+	DES_ecb_encrypt((DES_cblock *) p, (DES_cblock *) p, &schedule, DES_DECRYPT);
       }
       memset(&schedule, 0, sizeof(schedule));
   }
@@ -340,10 +340,10 @@ static int randnum_logincont(void *obj, struct passwd **uam_pwd,
 
   /* encrypt. this saves a little space by using the fact that
    * des can encrypt in-place without side-effects. */
-  key_sched((C_Block *) seskey, seskeysched);
+  DES_key_sched((DES_cblock *) seskey, &seskeysched);
   memset(seskey, 0, sizeof(seskey));
-  ecb_encrypt((C_Block *) randbuf, (C_Block *) randbuf,
-	       seskeysched, DES_ENCRYPT);
+  DES_ecb_encrypt((DES_cblock *) randbuf, (DES_cblock *) randbuf,
+	       &seskeysched, DES_ENCRYPT);
   memset(&seskeysched, 0, sizeof(seskeysched));
 
   /* test against what the client sent */
@@ -384,10 +384,10 @@ static int rand2num_logincont(void *obj, struct passwd **uam_pwd,
     seskey[i] <<= 1;
 
   /* encrypt randbuf */
-  key_sched((C_Block *) seskey, seskeysched);
+  DES_key_sched((DES_cblock *) seskey, &seskeysched);
   memset(seskey, 0, sizeof(seskey));
-  ecb_encrypt( (C_Block *) randbuf, (C_Block *) randbuf,
-	       seskeysched, DES_ENCRYPT);
+  DES_ecb_encrypt( (DES_cblock *) randbuf, (DES_cblock *) randbuf,
+	       &seskeysched, DES_ENCRYPT);
 
   /* test against client's reply */
   if (memcmp(randbuf, ibuf, sizeof(randbuf))) { /* != */
@@ -399,8 +399,8 @@ static int rand2num_logincont(void *obj, struct passwd **uam_pwd,
   memset(randbuf, 0, sizeof(randbuf));
 
   /* encrypt client's challenge and send back */
-  ecb_encrypt( (C_Block *) ibuf, (C_Block *) rbuf,
-	       seskeysched, DES_ENCRYPT);
+  DES_ecb_encrypt( (DES_cblock *) ibuf, (DES_cblock *) rbuf,
+	       &seskeysched, DES_ENCRYPT);
   memset(&seskeysched, 0, sizeof(seskeysched));
   *rbuflen = sizeof(randbuf);
 
@@ -435,15 +435,15 @@ static int randnum_changepw(void *obj, const char *username _U_,
       return err;
 
     /* use old passwd to decrypt new passwd */
-    key_sched((C_Block *) seskey, seskeysched);
+    DES_key_sched((DES_cblock *) seskey, &seskeysched);
     ibuf += PASSWDLEN; /* new passwd */
     ibuf[PASSWDLEN] = '\0';
-    ecb_encrypt( (C_Block *) ibuf, (C_Block *) ibuf, seskeysched, DES_DECRYPT);
+    DES_ecb_encrypt( (DES_cblock *) ibuf, (DES_cblock *) ibuf, &seskeysched, DES_DECRYPT);
 
     /* now use new passwd to decrypt old passwd */
-    key_sched((C_Block *) ibuf, seskeysched);
+    DES_key_sched((DES_cblock *) ibuf, &seskeysched);
     ibuf -= PASSWDLEN; /* old passwd */
-    ecb_encrypt((C_Block *) ibuf, (C_Block *) ibuf, seskeysched, DES_DECRYPT);
+    DES_ecb_encrypt((DES_cblock *) ibuf, (DES_cblock *) ibuf, &seskeysched, DES_DECRYPT);
     if (memcmp(seskey, ibuf, sizeof(seskey))) 
 	err = AFPERR_NOTAUTH;
     else if (memcmp(seskey, ibuf + PASSWDLEN, sizeof(seskey)) == 0)