ITS#7877 use nettle instead of gcrypt

This commit is contained in:
Ryan Tandy 2014-06-30 11:02:15 -07:00 committed by Howard Chu
parent d10652d33c
commit 829027945f
2 changed files with 18 additions and 50 deletions

View File

@ -66,7 +66,8 @@ static ObjectClass *oc_krb5KDCEntry;
#ifdef DO_SAMBA
#ifdef HAVE_GNUTLS
#include <gcrypt.h>
#include <nettle/des.h>
#include <nettle/md4.h>
typedef unsigned char DES_cblock[8];
#elif HAVE_OPENSSL
#include <openssl/des.h>
@ -193,11 +194,7 @@ static void lmhash(
#ifdef HAVE_OPENSSL
DES_key_schedule schedule;
#elif defined(HAVE_GNUTLS)
gcry_cipher_hd_t h = NULL;
gcry_error_t err;
err = gcry_cipher_open( &h, GCRY_CIPHER_DES, GCRY_CIPHER_MODE_CBC, 0 );
if ( err ) return;
struct des_ctx ctx;
#endif
strncpy( UcasePassword, passwd->bv_val, 14 );
@ -206,19 +203,12 @@ static void lmhash(
lmPasswd_to_key( UcasePassword, &key );
#ifdef HAVE_GNUTLS
err = gcry_cipher_setkey( h, &key, sizeof(key) );
if ( err == 0 ) {
err = gcry_cipher_encrypt( h, &hbuf[0], sizeof(key), &StdText, sizeof(key) );
if ( err == 0 ) {
gcry_cipher_reset( h );
lmPasswd_to_key( &UcasePassword[7], &key );
err = gcry_cipher_setkey( h, &key, sizeof(key) );
if ( err == 0 ) {
err = gcry_cipher_encrypt( h, &hbuf[1], sizeof(key), &StdText, sizeof(key) );
}
}
gcry_cipher_close( h );
}
des_set_key( &ctx, &key );
des_encrypt( &ctx, sizeof(key), &hbuf[0], &StdText );
lmPasswd_to_key( &UcasePassword[7], &key );
des_set_key( &ctx, &key );
des_encrypt( &ctx, sizeof(key), &hbuf[1], &StdText );
#elif defined(HAVE_OPENSSL)
des_set_key_unchecked( &key, schedule );
des_ecb_encrypt( &StdText, &hbuf[0], schedule , DES_ENCRYPT );
@ -243,6 +233,8 @@ static void nthash(
char hbuf[HASHLEN];
#ifdef HAVE_OPENSSL
MD4_CTX ctx;
#elif defined(HAVE_GNUTLS)
struct md4_ctx ctx;
#endif
if (passwd->bv_len > MAX_PWLEN*2)
@ -253,7 +245,9 @@ static void nthash(
MD4_Update( &ctx, passwd->bv_val, passwd->bv_len );
MD4_Final( (unsigned char *)hbuf, &ctx );
#elif defined(HAVE_GNUTLS)
gcry_md_hash_buffer(GCRY_MD_MD4, hbuf, passwd->bv_val, passwd->bv_len );
md4_init( &ctx );
md4_update( &ctx, passwd->bv_len, passwd->bv_val );
md4_digest( &ctx, sizeof(hbuf), (unsigned char *)hbuf );
#endif
hexify( hbuf, hash );

View File

@ -43,19 +43,11 @@
#include <gnutls/gnutls.h>
#include <gnutls/x509.h>
#include <gcrypt.h>
#if LIBGNUTLS_VERSION_NUMBER >= 0x020200
#define HAVE_CIPHERSUITES 1
/* This is a kludge. gcrypt 1.4.x has support. Recent GnuTLS requires gcrypt 1.4.x
* but that dependency isn't reflected in their configure script, resulting in
* build errors on older gcrypt. So, if they have a working build environment,
* assume gcrypt is new enough.
*/
#define HAVE_GCRYPT_RAND 1
#else
#undef HAVE_CIPHERSUITES
#undef HAVE_GCRYPT_RAND
#endif
#ifndef HAVE_CIPHERSUITES
@ -143,20 +135,13 @@ tlsg_mutex_unlock( void **lock )
return ldap_pvt_thread_mutex_unlock( *lock );
}
static struct gcry_thread_cbs tlsg_thread_cbs = {
GCRY_THREAD_OPTION_USER,
NULL,
tlsg_mutex_init,
tlsg_mutex_destroy,
tlsg_mutex_lock,
tlsg_mutex_unlock,
NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL
};
static void
tlsg_thr_init( void )
{
gcry_control (GCRYCTL_SET_THREAD_CBS, &tlsg_thread_cbs);
gnutls_global_set_mutex (tlsg_mutex_init,
tlsg_mutex_destroy,
tlsg_mutex_lock,
tlsg_mutex_unlock);
}
#endif /* LDAP_R_COMPILE */
@ -166,17 +151,6 @@ tlsg_thr_init( void )
static int
tlsg_init( void )
{
#ifdef HAVE_GCRYPT_RAND
struct ldapoptions *lo = LDAP_INT_GLOBAL_OPT();
if ( lo->ldo_tls_randfile &&
gcry_control( GCRYCTL_SET_RNDEGD_SOCKET, lo->ldo_tls_randfile )) {
Debug( LDAP_DEBUG_ANY,
"TLS: gcry_control GCRYCTL_SET_RNDEGD_SOCKET failed\n",
0, 0, 0);
return -1;
}
#endif
gnutls_global_init();
#ifndef HAVE_CIPHERSUITES