mirror of
https://git.openldap.org/openldap/openldap.git
synced 2024-12-09 02:52:04 +08:00
ITS#7877 use nettle instead of gcrypt
This commit is contained in:
parent
d10652d33c
commit
829027945f
@ -66,7 +66,8 @@ static ObjectClass *oc_krb5KDCEntry;
|
||||
|
||||
#ifdef DO_SAMBA
|
||||
#ifdef HAVE_GNUTLS
|
||||
#include <gcrypt.h>
|
||||
#include <nettle/des.h>
|
||||
#include <nettle/md4.h>
|
||||
typedef unsigned char DES_cblock[8];
|
||||
#elif HAVE_OPENSSL
|
||||
#include <openssl/des.h>
|
||||
@ -193,11 +194,7 @@ static void lmhash(
|
||||
#ifdef HAVE_OPENSSL
|
||||
DES_key_schedule schedule;
|
||||
#elif defined(HAVE_GNUTLS)
|
||||
gcry_cipher_hd_t h = NULL;
|
||||
gcry_error_t err;
|
||||
|
||||
err = gcry_cipher_open( &h, GCRY_CIPHER_DES, GCRY_CIPHER_MODE_CBC, 0 );
|
||||
if ( err ) return;
|
||||
struct des_ctx ctx;
|
||||
#endif
|
||||
|
||||
strncpy( UcasePassword, passwd->bv_val, 14 );
|
||||
@ -206,19 +203,12 @@ static void lmhash(
|
||||
|
||||
lmPasswd_to_key( UcasePassword, &key );
|
||||
#ifdef HAVE_GNUTLS
|
||||
err = gcry_cipher_setkey( h, &key, sizeof(key) );
|
||||
if ( err == 0 ) {
|
||||
err = gcry_cipher_encrypt( h, &hbuf[0], sizeof(key), &StdText, sizeof(key) );
|
||||
if ( err == 0 ) {
|
||||
gcry_cipher_reset( h );
|
||||
lmPasswd_to_key( &UcasePassword[7], &key );
|
||||
err = gcry_cipher_setkey( h, &key, sizeof(key) );
|
||||
if ( err == 0 ) {
|
||||
err = gcry_cipher_encrypt( h, &hbuf[1], sizeof(key), &StdText, sizeof(key) );
|
||||
}
|
||||
}
|
||||
gcry_cipher_close( h );
|
||||
}
|
||||
des_set_key( &ctx, &key );
|
||||
des_encrypt( &ctx, sizeof(key), &hbuf[0], &StdText );
|
||||
|
||||
lmPasswd_to_key( &UcasePassword[7], &key );
|
||||
des_set_key( &ctx, &key );
|
||||
des_encrypt( &ctx, sizeof(key), &hbuf[1], &StdText );
|
||||
#elif defined(HAVE_OPENSSL)
|
||||
des_set_key_unchecked( &key, schedule );
|
||||
des_ecb_encrypt( &StdText, &hbuf[0], schedule , DES_ENCRYPT );
|
||||
@ -243,6 +233,8 @@ static void nthash(
|
||||
char hbuf[HASHLEN];
|
||||
#ifdef HAVE_OPENSSL
|
||||
MD4_CTX ctx;
|
||||
#elif defined(HAVE_GNUTLS)
|
||||
struct md4_ctx ctx;
|
||||
#endif
|
||||
|
||||
if (passwd->bv_len > MAX_PWLEN*2)
|
||||
@ -253,7 +245,9 @@ static void nthash(
|
||||
MD4_Update( &ctx, passwd->bv_val, passwd->bv_len );
|
||||
MD4_Final( (unsigned char *)hbuf, &ctx );
|
||||
#elif defined(HAVE_GNUTLS)
|
||||
gcry_md_hash_buffer(GCRY_MD_MD4, hbuf, passwd->bv_val, passwd->bv_len );
|
||||
md4_init( &ctx );
|
||||
md4_update( &ctx, passwd->bv_len, passwd->bv_val );
|
||||
md4_digest( &ctx, sizeof(hbuf), (unsigned char *)hbuf );
|
||||
#endif
|
||||
|
||||
hexify( hbuf, hash );
|
||||
|
@ -43,19 +43,11 @@
|
||||
|
||||
#include <gnutls/gnutls.h>
|
||||
#include <gnutls/x509.h>
|
||||
#include <gcrypt.h>
|
||||
|
||||
#if LIBGNUTLS_VERSION_NUMBER >= 0x020200
|
||||
#define HAVE_CIPHERSUITES 1
|
||||
/* This is a kludge. gcrypt 1.4.x has support. Recent GnuTLS requires gcrypt 1.4.x
|
||||
* but that dependency isn't reflected in their configure script, resulting in
|
||||
* build errors on older gcrypt. So, if they have a working build environment,
|
||||
* assume gcrypt is new enough.
|
||||
*/
|
||||
#define HAVE_GCRYPT_RAND 1
|
||||
#else
|
||||
#undef HAVE_CIPHERSUITES
|
||||
#undef HAVE_GCRYPT_RAND
|
||||
#endif
|
||||
|
||||
#ifndef HAVE_CIPHERSUITES
|
||||
@ -143,20 +135,13 @@ tlsg_mutex_unlock( void **lock )
|
||||
return ldap_pvt_thread_mutex_unlock( *lock );
|
||||
}
|
||||
|
||||
static struct gcry_thread_cbs tlsg_thread_cbs = {
|
||||
GCRY_THREAD_OPTION_USER,
|
||||
NULL,
|
||||
tlsg_mutex_init,
|
||||
tlsg_mutex_destroy,
|
||||
tlsg_mutex_lock,
|
||||
tlsg_mutex_unlock,
|
||||
NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL
|
||||
};
|
||||
|
||||
static void
|
||||
tlsg_thr_init( void )
|
||||
{
|
||||
gcry_control (GCRYCTL_SET_THREAD_CBS, &tlsg_thread_cbs);
|
||||
gnutls_global_set_mutex (tlsg_mutex_init,
|
||||
tlsg_mutex_destroy,
|
||||
tlsg_mutex_lock,
|
||||
tlsg_mutex_unlock);
|
||||
}
|
||||
#endif /* LDAP_R_COMPILE */
|
||||
|
||||
@ -166,17 +151,6 @@ tlsg_thr_init( void )
|
||||
static int
|
||||
tlsg_init( void )
|
||||
{
|
||||
#ifdef HAVE_GCRYPT_RAND
|
||||
struct ldapoptions *lo = LDAP_INT_GLOBAL_OPT();
|
||||
if ( lo->ldo_tls_randfile &&
|
||||
gcry_control( GCRYCTL_SET_RNDEGD_SOCKET, lo->ldo_tls_randfile )) {
|
||||
Debug( LDAP_DEBUG_ANY,
|
||||
"TLS: gcry_control GCRYCTL_SET_RNDEGD_SOCKET failed\n",
|
||||
0, 0, 0);
|
||||
return -1;
|
||||
}
|
||||
#endif
|
||||
|
||||
gnutls_global_init();
|
||||
|
||||
#ifndef HAVE_CIPHERSUITES
|
||||
|
Loading…
Reference in New Issue
Block a user