On Tue, 30 Dec 2014 21:35:06 +0100 Daniel Jakots <vigdis+o...@chown.me> wrote:
> On Wed, 17 Dec 2014 13:56:18 +0000, Stuart Henderson > <st...@openbsd.org> wrote: > > > So an alternative diff below. It isn't particularly nice but does > > unbreak the port... Does anyone have a better idea? > > Hi, > > I'm a claws-mail user. Would the test of the diff help? > (looking for a way to unblock the situation :)) > > Cheers, > Daniel > Hi, this replaces the self-rolled code with LibreSSL DES. This was done in a hurry, but then this could just use rot13, which would be equally secure, but not backwards compatible. Greetings ben Index: patch-configure_ac =================================================================== RCS file: /cvs/ports/mail/claws-mail/patches/patch-configure_ac,v retrieving revision 1.9 diff -u -p -r1.9 patch-configure_ac --- patch-configure_ac 21 Apr 2014 17:40:19 -0000 1.9 +++ patch-configure_ac 4 Jan 2015 17:50:33 -0000 @@ -1,6 +1,6 @@ $OpenBSD: patch-configure_ac,v 1.9 2014/04/21 17:40:19 sthen Exp $ --- configure.ac.orig Sat Dec 14 10:14:50 2013 -+++ configure.ac Mon Apr 21 18:40:04 2014 ++++ configure.ac Wed Dec 17 12:00:37 2014 @@ -152,7 +152,7 @@ AM_CONDITIONAL(CYGWIN, test x"$env_cygwin" = x"yes") if test "$GCC" = "yes" @@ -10,7 +10,16 @@ $OpenBSD: patch-configure_ac,v 1.9 2014/ #CFLAGS="-g -Wall -Wno-unused-function" fi -@@ -737,6 +737,7 @@ if test x"$enable_new_addrbook" = xno; then +@@ -494,6 +494,8 @@ dnl password encryption + OLDLIBS=$LIBS + LIBS= + case $host_os in ++ *openbsd*) ++ ;; + *dragonfly*) + AC_SEARCH_LIBS(encrypt, cipher, [], AC_MSG_ERROR(['encrypt'-function not found.])) + ;; +@@ -737,6 +739,7 @@ if test x"$enable_new_addrbook" = xno; then AC_CHECK_LIB(resolv, res_query, LDAP_LIBS="$LDAP_LIBS -lresolv") AC_CHECK_LIB(socket, bind, LDAP_LIBS="$LDAP_LIBS -lsocket") AC_CHECK_LIB(nsl, gethostbyaddr, LDAP_LIBS="$LDAP_LIBS -lnsl") @@ -18,7 +27,7 @@ $OpenBSD: patch-configure_ac,v 1.9 2014/ AC_CHECK_LIB(lber, ber_get_tag, LDAP_LIBS="$LDAP_LIBS -llber",, $LDAP_LIBS) -@@ -809,7 +810,7 @@ if test x"$enable_new_addrbook" = xno; then +@@ -809,7 +812,7 @@ if test x"$enable_new_addrbook" = xno; then AC_DEFINE(USE_JPILOT, 1, Define if you want JPilot support in addressbook.) ]) fi Index: patch-src_common_passcrypt_c =================================================================== RCS file: patch-src_common_passcrypt_c diff -N patch-src_common_passcrypt_c --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ patch-src_common_passcrypt_c 4 Jan 2015 17:53:56 -0000 @@ -0,0 +1,131 @@ +--- src/common/passcrypt.c.orig Sat Dec 14 11:15:06 2013 ++++ src/common/passcrypt.c Sun Jan 4 17:47:05 2015 +@@ -35,6 +35,7 @@ + #endif + + #include <glib.h> ++#include <openssl/des.h> + + #include "passcrypt.h" + +@@ -72,100 +73,30 @@ crypt_cfb_buf(const char key[8], unsigned char *buf, u + ecb_crypt(des_key, buf, len, DES_ENCRYPT); + } + #else +-static void crypt_cfb_shift(unsigned char *to, +- const unsigned char *from, unsigned len); +-static void crypt_cfb_xor(unsigned char *to, const unsigned char *from, +- unsigned len); +-static void crypt_unpack(unsigned char *a); +- + static void + crypt_cfb_buf(const char key[8], unsigned char *buf, unsigned len, + unsigned chunksize, int decrypt) + { +- unsigned char temp[64]; ++ unsigned char *out; ++ char des_key[8]; ++ DES_key_schedule keysched; ++ ++ out = malloc(len); ++ if(out == NULL) ++ return; ++ strncpy(des_key, PASSCRYPT_KEY, 8); ++ memset(&crypt_cfb_iv, 0, sizeof(crypt_cfb_iv)); ++ ++ DES_set_odd_parity(&des_key); ++ DES_set_key_unchecked(&des_key, &keysched); ++ if (decrypt) ++ DES_cfb_encrypt(buf, out, crypt_cfb_blocksize,\ ++ len, &keysched, &crypt_cfb_iv, DES_DECRYPT); ++ else ++ DES_cfb_encrypt(buf, out, crypt_cfb_blocksize,\ ++ len, &keysched, &crypt_cfb_iv, DES_ENCRYPT); + +- memcpy(temp, key, 8); +- crypt_unpack(temp); +- setkey((const char *) temp); +- memset(temp, 0, sizeof(temp)); +- +- memset(crypt_cfb_iv, 0, sizeof(crypt_cfb_iv)); +- +- if (chunksize > crypt_cfb_blocksize) +- chunksize = crypt_cfb_blocksize; +- +- while (len) { +- memcpy(temp, crypt_cfb_iv, sizeof(temp)); +- encrypt((char *) temp, 0); +- if (chunksize > len) +- chunksize = len; +- if (decrypt) +- crypt_cfb_shift(crypt_cfb_iv, buf, chunksize); +- crypt_cfb_xor((unsigned char *) buf, temp, chunksize); +- if (!decrypt) +- crypt_cfb_shift(crypt_cfb_iv, buf, chunksize); +- len -= chunksize; +- buf += chunksize; +- } +-} +- +-/* +-* Shift len bytes from end of to buffer to beginning, then put len +-* bytes from from at the end. Caution: the to buffer is unpacked, +-* but the from buffer is not. +-*/ +-static void +-crypt_cfb_shift(unsigned char *to, const unsigned char *from, unsigned len) +-{ +- unsigned i; +- unsigned j; +- unsigned k; +- +- if (len < crypt_cfb_blocksize) { +- i = len * 8; +- j = crypt_cfb_blocksize * 8; +- for (k = i; k < j; k++) { +- to[0] = to[i]; +- ++to; +- } +- } +- +- for (i = 0; i < len; i++) { +- j = *from++; +- for (k = 0x80; k; k >>= 1) +- *to++ = ((j & k) != 0); +- } +-} +- +-/* +-* XOR len bytes from from into the data at to. Caution: the from buffer +-* is unpacked, but the to buffer is not. +-*/ +-static void +-crypt_cfb_xor(unsigned char *to, const unsigned char *from, unsigned len) +-{ +- unsigned i; +- unsigned j; +- unsigned char c; +- +- for (i = 0; i < len; i++) { +- c = 0; +- for (j = 0; j < 8; j++) +- c = (c << 1) | *from++; +- *to++ ^= c; +- } +-} +- +-/* +-* Take the 8-byte array at *a (must be able to hold 64 bytes!) and unpack +-* each bit into its own byte. +-*/ +-static void crypt_unpack(unsigned char *a) +-{ +- int i, j; +- +- for (i = 7; i >= 0; --i) +- for (j = 7; j >= 0; --j) +- a[(i << 3) + j] = (a[i] & (0x80 >> j)) != 0; ++ strncpy(buf, out, len); ++ free(out); + } + #endif