Perhaps we should use this ITS to track removal of this code entirely from O= penLDAP.=20
On Apr 10, 2017, at 12:54 PM, hyc@symas.com wrote: =20 hristo@venev.name wrote:
Full_Name: Hristo Venev Version: Unreleased Release Candidate 2.4.45 OS: URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (95.111.59.55) =20 =20 Another user of the old DES API. Here's a patch (compiles, not tested):
=20 Thanks. Looks like you're compiling the old NT/LANMAN password hash suppor=
t.=20
Nobody should still be using that code, LANMAN hashes are trivially cracka=
ble=20
on modern GPUs.
=20 diff --git a/libraries/liblutil/passwd.c b/libraries/liblutil/passwd.c index 7aab344..c481326 100644 --- a/libraries/liblutil/passwd.c +++ b/libraries/liblutil/passwd.c @@ -38,9 +38,9 @@ # include <openssl/des.h> =20 =20 -typedef des_cblock des_key; -typedef des_cblock des_data_block; -typedef des_key_schedule des_context; +typedef DES_cblock des_key; +typedef DES_cblock des_data_block; +typedef DES_key_schedule des_context[1]; #define des_failed(encrypted) 0 #define des_finish(key, schedule) =20 @@ -667,7 +667,7 @@ static void des_set_key_and_parity( des_key *key, unsigned char *keyData) { memcpy(key, keyData, 8);
- des_set_odd_parity( key );
- DES_set_odd_parity( key );
} =20 =20 @@ -699,7 +699,7 @@ des_set_key_and_parity( des_key *key, unsigned char *keyData) } =20 static void -des_set_key_unchecked( des_key *key, des_context ctxt ) +DES_set_key_unchecked( des_key *key, des_context ctxt ) { ctxt[0] =3D NULL; =20 @@ -712,7 +712,7 @@ des_set_key_unchecked( des_key *key, des_context ctxt=
)
} =20 static void -des_ecb_encrypt( des_data_block *plain, des_data_block *encrypted, +DES_ecb_encrypt( des_data_block *plain, des_data_block *encrypted, des_context ctxt, int op) { SECStatus rv; @@ -864,16 +864,16 @@ static int chk_lanman( ldap_pvt_str2upper( UcasePassword ); =20 lmPasswd_to_key( UcasePassword, &key );
- des_set_key_unchecked( &key, schedule );
- des_ecb_encrypt( &StdText, &PasswordHash1, schedule , DES_ENCRYPT );=
- DES_set_key_unchecked( &key, schedule );
- DES_ecb_encrypt( &StdText, &PasswordHash1, schedule , DES_ENCRYPT );=
=20 if (des_failed(&PasswordHash1)) { return LUTIL_PASSWD_ERR; } =20 lmPasswd_to_key( &UcasePassword[7], &key );
- des_set_key_unchecked( &key, schedule );
- des_ecb_encrypt( &StdText, &PasswordHash2, schedule , DES_ENCRYPT );=
- DES_set_key_unchecked( &key, schedule );
- DES_ecb_encrypt( &StdText, &PasswordHash2, schedule , DES_ENCRYPT );=
if (des_failed(&PasswordHash2)) { return LUTIL_PASSWD_ERR; } @@ -1160,12 +1160,12 @@ static int hash_lanman( ldap_pvt_str2upper( UcasePassword ); =20 lmPasswd_to_key( UcasePassword, &key );
- des_set_key_unchecked( &key, schedule );
- des_ecb_encrypt( &StdText, &PasswordHash1, schedule , DES_ENCRYPT );=
- DES_set_key_unchecked( &key, schedule );
- DES_ecb_encrypt( &StdText, &PasswordHash1, schedule , DES_ENCRYPT );=
=20 lmPasswd_to_key( &UcasePassword[7], &key );
- des_set_key_unchecked( &key, schedule );
- des_ecb_encrypt( &StdText, &PasswordHash2, schedule , DES_ENCRYPT );=
- DES_set_key_unchecked( &key, schedule );
- DES_ecb_encrypt( &StdText, &PasswordHash2, schedule , DES_ENCRYPT );=
=20 sprintf( PasswordHash, "%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x", PasswordHash1[0],PasswordHash1[1],PasswordHash1[2],PasswordHash1[3=
],
=20 =20 =20
=20 =20 --=20 -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/ =20 =20 =20
-
quanah@symas.com