Hi, A FreeBSD user have proposed the patch below to solve OpenLDAP compile issue when using LibreSSL, which I think would be good to share with upstream.
The patch can be found at: https://svnweb.freebsd.org/ports/head/net/openldap24-server/files/patch-des?revision=372499&view=co The patch was created by "Spil Oss <[email protected]>" so credit should go to the submitter: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=194841 Cheers, --- libraries/liblutil/passwd.c.orig 2014-09-19 03:48:49.000000000 +0200 +++ libraries/liblutil/passwd.c 2014-11-05 19:57:10.807555025 +0100 @@ -38,11 +38,11 @@ # include <openssl/des.h> -typedef des_cblock des_key; -typedef des_cblock des_data_block; -typedef des_key_schedule des_context; -#define des_failed(encrypted) 0 -#define des_finish(key, schedule) +typedef DES_cblock DES_key; +typedef DES_cblock DES_data_block; +typedef DES_key_schedule DES_context; +#define DES_failed(encrypted) 0 +#define DES_finish(key, schedule) #elif defined(HAVE_MOZNSS) /* @@ -53,9 +53,9 @@ */ #define PROTYPES_H 1 # include <nss/pk11pub.h> -typedef PK11SymKey *des_key; -typedef unsigned char des_data_block[8]; -typedef PK11Context *des_context[1]; +typedef PK11SymKey *DES_key; +typedef unsigned char DES_data_block[8]; +typedef PK11Context *DES_context[1]; #define DES_ENCRYPT CKA_ENCRYPT #endif @@ -664,10 +664,10 @@ * abstract away setting the parity. */ static void -des_set_key_and_parity( des_key *key, unsigned char *keyData) +DES_set_key_and_parity( DES_key *key, unsigned char *keyData) { memcpy(key, keyData, 8); - des_set_odd_parity( key ); + DES_set_odd_parity( key ); } @@ -677,7 +677,7 @@ * implement MozNSS wrappers for the openSSL calls */ static void -des_set_key_and_parity( des_key *key, unsigned char *keyData) +DES_set_key_and_parity( DES_key *key, unsigned char *keyData) { SECItem keyDataItem; PK11SlotInfo *slot; @@ -699,7 +699,7 @@ } static void -des_set_key_unchecked( des_key *key, des_context ctxt ) +DES_set_key_unchecked( DES_key *key, DES_context ctxt ) { ctxt[0] = NULL; @@ -712,37 +712,37 @@ } static void -des_ecb_encrypt( des_data_block *plain, des_data_block *encrypted, - des_context ctxt, int op) +DES_ecb_encrypt( DES_data_block *plain, DES_data_block *encrypted, + DES_context ctxt, int op) { SECStatus rv; int size; if (ctxt[0] == NULL) { /* need to fail here... */ - memset(encrypted, 0, sizeof(des_data_block)); + memset(encrypted, 0, sizeof(DES_data_block)); return; } rv = PK11_CipherOp(ctxt[0], (unsigned char *)&encrypted[0], - &size, sizeof(des_data_block), - (unsigned char *)&plain[0], sizeof(des_data_block)); + &size, sizeof(DES_data_block), + (unsigned char *)&plain[0], sizeof(DES_data_block)); if (rv != SECSuccess) { /* signal failure */ - memset(encrypted, 0, sizeof(des_data_block)); + memset(encrypted, 0, sizeof(DES_data_block)); return; } return; } static int -des_failed(des_data_block *encrypted) +DES_failed(DES_data_block *encrypted) { - static const des_data_block zero = { 0 }; + static const DES_data_block zero = { 0 }; return memcmp(encrypted, zero, sizeof(zero)) == 0; } static void -des_finish(des_key *key, des_context ctxt) +DES_finish(DES_key *key, DES_context ctxt) { if (*key) { PK11_FreeSymKey(*key); @@ -817,7 +817,7 @@ static void lmPasswd_to_key( const char *lmPasswd, - des_key *key) + DES_key *key) { const unsigned char *lpw = (const unsigned char *) lmPasswd; unsigned char k[8]; @@ -832,7 +832,7 @@ k[6] = ((lpw[5] & 0x3F) << 2) | (lpw[6] >> 6); k[7] = ((lpw[6] & 0x7F) << 1); - des_set_key_and_parity( key, k ); + DES_set_key_and_parity( key, k ); } static int chk_lanman( @@ -843,10 +843,10 @@ { ber_len_t i; char UcasePassword[15]; - des_key key; - des_context schedule; - des_data_block StdText = "KGS!@#$%"; - des_data_block PasswordHash1, PasswordHash2; + DES_key key; + DES_context schedule; + DES_data_block StdText = "KGS!@#$%"; + DES_data_block PasswordHash1, PasswordHash2; char PasswordHash[33], storedPasswordHash[33]; for( i=0; i<cred->bv_len; i++) { @@ -864,21 +864,21 @@ ldap_pvt_str2upper( UcasePassword ); lmPasswd_to_key( UcasePassword, &key ); - des_set_key_unchecked( &key, schedule ); - des_ecb_encrypt( &StdText, &PasswordHash1, schedule , DES_ENCRYPT ); + DES_set_key_unchecked( &key, &schedule ); + DES_ecb_encrypt( &StdText, &PasswordHash1, &schedule , DES_ENCRYPT ); - if (des_failed(&PasswordHash1)) { + if (DES_failed(&PasswordHash1)) { return LUTIL_PASSWD_ERR; } lmPasswd_to_key( &UcasePassword[7], &key ); - des_set_key_unchecked( &key, schedule ); - des_ecb_encrypt( &StdText, &PasswordHash2, schedule , DES_ENCRYPT ); - if (des_failed(&PasswordHash2)) { + DES_set_key_unchecked( &key, &schedule ); + DES_ecb_encrypt( &StdText, &PasswordHash2, &schedule , DES_ENCRYPT ); + if (DES_failed(&PasswordHash2)) { return LUTIL_PASSWD_ERR; } - des_finish( &key, schedule ); + DES_finish( &key, schedule ); sprintf( PasswordHash, "%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x", PasswordHash1[0],PasswordHash1[1],PasswordHash1[2],PasswordHash1[3], @@ -1139,10 +1139,10 @@ ber_len_t i; char UcasePassword[15]; - des_key key; - des_context schedule; - des_data_block StdText = "KGS!@#$%"; - des_data_block PasswordHash1, PasswordHash2; + DES_key key; + DES_context schedule; + DES_data_block StdText = "KGS!@#$%"; + DES_data_block PasswordHash1, PasswordHash2; char PasswordHash[33]; for( i=0; i<passwd->bv_len; i++) { @@ -1160,12 +1160,12 @@ ldap_pvt_str2upper( UcasePassword ); lmPasswd_to_key( UcasePassword, &key ); - des_set_key_unchecked( &key, schedule ); - des_ecb_encrypt( &StdText, &PasswordHash1, schedule , DES_ENCRYPT ); + DES_set_key_unchecked( &key, &schedule ); + DES_ecb_encrypt( &StdText, &PasswordHash1, &schedule , DES_ENCRYPT ); lmPasswd_to_key( &UcasePassword[7], &key ); - des_set_key_unchecked( &key, schedule ); - des_ecb_encrypt( &StdText, &PasswordHash2, schedule , DES_ENCRYPT ); + DES_set_key_unchecked( &key, &schedule ); + DES_ecb_encrypt( &StdText, &PasswordHash2, &schedule , DES_ENCRYPT ); sprintf( PasswordHash, "%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x", PasswordHash1[0],PasswordHash1[1],PasswordHash1[2],PasswordHash1[3], -- Xin LI <[email protected]> https://www.delphij.net/ FreeBSD - The Power to Serve! Live free or die
