On Tue, 30 Dec 2014 21:35:06 +0100
Daniel Jakots <vigdis+o...@chown.me> wrote:
> On Wed, 17 Dec 2014 13:56:18 +0000, Stuart Henderson
> <st...@openbsd.org> wrote:
>
> > So an alternative diff below. It isn't particularly nice but does
> > unbreak the port... Does anyone have a better idea?
>
> Hi,
>
> I'm a claws-mail user. Would the test of the diff help?
> (looking for a way to unblock the situation :))
>
> Cheers,
> Daniel
>
Hi, this replaces the self-rolled code with LibreSSL DES.
This was done in a hurry, but then this could just use rot13,
which would be equally secure, but not backwards compatible.
Greetings ben
Index: patch-configure_ac
===================================================================
RCS file: /cvs/ports/mail/claws-mail/patches/patch-configure_ac,v
retrieving revision 1.9
diff -u -p -r1.9 patch-configure_ac
--- patch-configure_ac 21 Apr 2014 17:40:19 -0000 1.9
+++ patch-configure_ac 4 Jan 2015 17:50:33 -0000
@@ -1,6 +1,6 @@
$OpenBSD: patch-configure_ac,v 1.9 2014/04/21 17:40:19 sthen Exp $
--- configure.ac.orig Sat Dec 14 10:14:50 2013
-+++ configure.ac Mon Apr 21 18:40:04 2014
++++ configure.ac Wed Dec 17 12:00:37 2014
@@ -152,7 +152,7 @@ AM_CONDITIONAL(CYGWIN, test x"$env_cygwin" = x"yes")
if test "$GCC" = "yes"
@@ -10,7 +10,16 @@ $OpenBSD: patch-configure_ac,v 1.9 2014/
#CFLAGS="-g -Wall -Wno-unused-function"
fi
-@@ -737,6 +737,7 @@ if test x"$enable_new_addrbook" = xno; then
+@@ -494,6 +494,8 @@ dnl password encryption
+ OLDLIBS=$LIBS
+ LIBS=
+ case $host_os in
++ *openbsd*)
++ ;;
+ *dragonfly*)
+ AC_SEARCH_LIBS(encrypt, cipher, [],
AC_MSG_ERROR(['encrypt'-function not found.]))
+ ;;
+@@ -737,6 +739,7 @@ if test x"$enable_new_addrbook" = xno; then
AC_CHECK_LIB(resolv, res_query, LDAP_LIBS="$LDAP_LIBS
-lresolv") AC_CHECK_LIB(socket, bind, LDAP_LIBS="$LDAP_LIBS -lsocket")
AC_CHECK_LIB(nsl, gethostbyaddr, LDAP_LIBS="$LDAP_LIBS -lnsl")
@@ -18,7 +27,7 @@ $OpenBSD: patch-configure_ac,v 1.9 2014/
AC_CHECK_LIB(lber, ber_get_tag, LDAP_LIBS="$LDAP_LIBS
-llber",, $LDAP_LIBS)
-@@ -809,7 +810,7 @@ if test x"$enable_new_addrbook" = xno; then
+@@ -809,7 +812,7 @@ if test x"$enable_new_addrbook" = xno; then
AC_DEFINE(USE_JPILOT, 1, Define if
you want JPilot support in addressbook.) ]) fi
Index: patch-src_common_passcrypt_c
===================================================================
RCS file: patch-src_common_passcrypt_c
diff -N patch-src_common_passcrypt_c
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ patch-src_common_passcrypt_c 4 Jan 2015 17:53:56 -0000
@@ -0,0 +1,131 @@
+--- src/common/passcrypt.c.orig Sat Dec 14 11:15:06 2013
++++ src/common/passcrypt.c Sun Jan 4 17:47:05 2015
+@@ -35,6 +35,7 @@
+ #endif
+
+ #include <glib.h>
++#include <openssl/des.h>
+
+ #include "passcrypt.h"
+
+@@ -72,100 +73,30 @@ crypt_cfb_buf(const char key[8], unsigned char *buf, u
+ ecb_crypt(des_key, buf, len, DES_ENCRYPT);
+ }
+ #else
+-static void crypt_cfb_shift(unsigned char *to,
+- const unsigned char *from, unsigned len);
+-static void crypt_cfb_xor(unsigned char *to, const unsigned char *from,
+- unsigned len);
+-static void crypt_unpack(unsigned char *a);
+-
+ static void
+ crypt_cfb_buf(const char key[8], unsigned char *buf, unsigned len,
+ unsigned chunksize, int decrypt)
+ {
+- unsigned char temp[64];
++ unsigned char *out;
++ char des_key[8];
++ DES_key_schedule keysched;
++
++ out = malloc(len);
++ if(out == NULL)
++ return;
++ strncpy(des_key, PASSCRYPT_KEY, 8);
++ memset(&crypt_cfb_iv, 0, sizeof(crypt_cfb_iv));
++
++ DES_set_odd_parity(&des_key);
++ DES_set_key_unchecked(&des_key, &keysched);
++ if (decrypt)
++ DES_cfb_encrypt(buf, out, crypt_cfb_blocksize,\
++ len, &keysched, &crypt_cfb_iv, DES_DECRYPT);
++ else
++ DES_cfb_encrypt(buf, out, crypt_cfb_blocksize,\
++ len, &keysched, &crypt_cfb_iv, DES_ENCRYPT);
+
+- memcpy(temp, key, 8);
+- crypt_unpack(temp);
+- setkey((const char *) temp);
+- memset(temp, 0, sizeof(temp));
+-
+- memset(crypt_cfb_iv, 0, sizeof(crypt_cfb_iv));
+-
+- if (chunksize > crypt_cfb_blocksize)
+- chunksize = crypt_cfb_blocksize;
+-
+- while (len) {
+- memcpy(temp, crypt_cfb_iv, sizeof(temp));
+- encrypt((char *) temp, 0);
+- if (chunksize > len)
+- chunksize = len;
+- if (decrypt)
+- crypt_cfb_shift(crypt_cfb_iv, buf, chunksize);
+- crypt_cfb_xor((unsigned char *) buf, temp, chunksize);
+- if (!decrypt)
+- crypt_cfb_shift(crypt_cfb_iv, buf, chunksize);
+- len -= chunksize;
+- buf += chunksize;
+- }
+-}
+-
+-/*
+-* Shift len bytes from end of to buffer to beginning, then put len
+-* bytes from from at the end. Caution: the to buffer is unpacked,
+-* but the from buffer is not.
+-*/
+-static void
+-crypt_cfb_shift(unsigned char *to, const unsigned char *from, unsigned len)
+-{
+- unsigned i;
+- unsigned j;
+- unsigned k;
+-
+- if (len < crypt_cfb_blocksize) {
+- i = len * 8;
+- j = crypt_cfb_blocksize * 8;
+- for (k = i; k < j; k++) {
+- to[0] = to[i];
+- ++to;
+- }
+- }
+-
+- for (i = 0; i < len; i++) {
+- j = *from++;
+- for (k = 0x80; k; k >>= 1)
+- *to++ = ((j & k) != 0);
+- }
+-}
+-
+-/*
+-* XOR len bytes from from into the data at to. Caution: the from buffer
+-* is unpacked, but the to buffer is not.
+-*/
+-static void
+-crypt_cfb_xor(unsigned char *to, const unsigned char *from, unsigned len)
+-{
+- unsigned i;
+- unsigned j;
+- unsigned char c;
+-
+- for (i = 0; i < len; i++) {
+- c = 0;
+- for (j = 0; j < 8; j++)
+- c = (c << 1) | *from++;
+- *to++ ^= c;
+- }
+-}
+-
+-/*
+-* Take the 8-byte array at *a (must be able to hold 64 bytes!) and unpack
+-* each bit into its own byte.
+-*/
+-static void crypt_unpack(unsigned char *a)
+-{
+- int i, j;
+-
+- for (i = 7; i >= 0; --i)
+- for (j = 7; j >= 0; --j)
+- a[(i << 3) + j] = (a[i] & (0x80 >> j)) != 0;
++ strncpy(buf, out, len);
++ free(out);
+ }
+ #endif
