Perhaps we should use this ITS to track removal of this code entirely from O= penLDAP.=20
> On Apr 10, 2017, at 12:54 PM, [email protected] wrote: >=20 > [email protected] wrote: >> Full_Name: Hristo Venev >> Version: Unreleased Release Candidate 2.4.45 >> OS: >> URL: ftp://ftp.openldap.org/incoming/ >> Submission from: (NULL) (95.111.59.55) >>=20 >>=20 >> Another user of the old DES API. Here's a patch (compiles, not tested): >=20 > Thanks. Looks like you're compiling the old NT/LANMAN password hash suppor= t.=20 > Nobody should still be using that code, LANMAN hashes are trivially cracka= ble=20 > on modern GPUs. >>=20 >> diff --git a/libraries/liblutil/passwd.c b/libraries/liblutil/passwd.c >> index 7aab344..c481326 100644 >> --- a/libraries/liblutil/passwd.c >> +++ b/libraries/liblutil/passwd.c >> @@ -38,9 +38,9 @@ >> # include <openssl/des.h> >>=20 >>=20 >> -typedef des_cblock des_key; >> -typedef des_cblock des_data_block; >> -typedef des_key_schedule des_context; >> +typedef DES_cblock des_key; >> +typedef DES_cblock des_data_block; >> +typedef DES_key_schedule des_context[1]; >> #define des_failed(encrypted) 0 >> #define des_finish(key, schedule) >>=20 >> @@ -667,7 +667,7 @@ static void >> des_set_key_and_parity( des_key *key, unsigned char *keyData) >> { >> memcpy(key, keyData, 8); >> - des_set_odd_parity( key ); >> + DES_set_odd_parity( key ); >> } >>=20 >>=20 >> @@ -699,7 +699,7 @@ des_set_key_and_parity( des_key *key, unsigned char >> *keyData) >> } >>=20 >> static void >> -des_set_key_unchecked( des_key *key, des_context ctxt ) >> +DES_set_key_unchecked( des_key *key, des_context ctxt ) >> { >> ctxt[0] =3D NULL; >>=20 >> @@ -712,7 +712,7 @@ des_set_key_unchecked( des_key *key, des_context ctxt= ) >> } >>=20 >> static void >> -des_ecb_encrypt( des_data_block *plain, des_data_block *encrypted, >> +DES_ecb_encrypt( des_data_block *plain, des_data_block *encrypted, >> des_context ctxt, int op) >> { >> SECStatus rv; >> @@ -864,16 +864,16 @@ static int chk_lanman( >> ldap_pvt_str2upper( UcasePassword ); >> =20 >> lmPasswd_to_key( UcasePassword, &key ); >> - des_set_key_unchecked( &key, schedule ); >> - des_ecb_encrypt( &StdText, &PasswordHash1, schedule , DES_ENCRYPT );= >> + DES_set_key_unchecked( &key, schedule ); >> + DES_ecb_encrypt( &StdText, &PasswordHash1, schedule , DES_ENCRYPT );= >>=20 >> if (des_failed(&PasswordHash1)) { >> return LUTIL_PASSWD_ERR; >> } >> =20 >> lmPasswd_to_key( &UcasePassword[7], &key ); >> - des_set_key_unchecked( &key, schedule ); >> - des_ecb_encrypt( &StdText, &PasswordHash2, schedule , DES_ENCRYPT );= >> + DES_set_key_unchecked( &key, schedule ); >> + DES_ecb_encrypt( &StdText, &PasswordHash2, schedule , DES_ENCRYPT );= >> if (des_failed(&PasswordHash2)) { >> return LUTIL_PASSWD_ERR; >> } >> @@ -1160,12 +1160,12 @@ static int hash_lanman( >> ldap_pvt_str2upper( UcasePassword ); >> =20 >> lmPasswd_to_key( UcasePassword, &key ); >> - des_set_key_unchecked( &key, schedule ); >> - des_ecb_encrypt( &StdText, &PasswordHash1, schedule , DES_ENCRYPT );= >> + DES_set_key_unchecked( &key, schedule ); >> + DES_ecb_encrypt( &StdText, &PasswordHash1, schedule , DES_ENCRYPT );= >> =20 >> lmPasswd_to_key( &UcasePassword[7], &key ); >> - des_set_key_unchecked( &key, schedule ); >> - des_ecb_encrypt( &StdText, &PasswordHash2, schedule , DES_ENCRYPT );= >> + DES_set_key_unchecked( &key, schedule ); >> + DES_ecb_encrypt( &StdText, &PasswordHash2, schedule , DES_ENCRYPT );= >> =20 >> sprintf( PasswordHash, >> "%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x", >> PasswordHash1[0],PasswordHash1[1],PasswordHash1[2],PasswordHash1[3= ], >>=20 >>=20 >>=20 >=20 >=20 > --=20 > -- Howard Chu > CTO, Symas Corp. http://www.symas.com > Director, Highland Sun http://highlandsun.com/hyc/ > Chief Architect, OpenLDAP http://www.openldap.org/project/ >=20 >=20 >=20
