On 2015/01/11 23:00, Jérémie Courrèges-Anglas wrote:
> Benjamin Baier <program...@netzbasis.de> writes:
>
> > On Tue, 30 Dec 2014 21:35:06 +0100
> > Daniel Jakots <vigdis+o...@chown.me> wrote:
> >
> >> On Wed, 17 Dec 2014 13:56:18 +0000, Stuart Henderson
> >> <st...@openbsd.org> wrote:
> >>
> >> > So an alternative diff below. It isn't particularly nice but does
> >> > unbreak the port... Does anyone have a better idea?
> >>
> >> Hi,
> >>
> >> I'm a claws-mail user. Would the test of the diff help?
> >> (looking for a way to unblock the situation :))
> >>
> >> Cheers,
> >> Daniel
> >>
> >
> > Hi, this replaces the self-rolled code with LibreSSL DES.
> > This was done in a hurry, but then this could just use rot13,
> > which would be equally secure, but not backwards compatible.
>
> Your diff does not apply cleanly, I guess that's why nobody replied
> (boo!).
Either that, or people didn't notice it ;)
> Did you test that the resulting format is actually backwards
> compatible?
>
> I guess this is the way to go, if the diff actually is correct. I'd
> like to point out that the claws-mail port is lagging behind upstream;
> it seems that no one has talked to the claws-mail developers about this
> issue either.
No big surprise, the port doesn't have anybody interested enough in it
to be listed as maintainer ..
> Here's a diff that applies.
If this can read a password stored with claws-mail from 5.6 then it's
ok with me.
> Index: patches/patch-configure_ac
> ===================================================================
> RCS file: /cvs/ports/mail/claws-mail/patches/patch-configure_ac,v
> retrieving revision 1.9
> diff -u -p -r1.9 patch-configure_ac
> --- patches/patch-configure_ac 21 Apr 2014 17:40:19 -0000 1.9
> +++ patches/patch-configure_ac 11 Jan 2015 21:43:05 -0000
> @@ -1,6 +1,6 @@
> $OpenBSD: patch-configure_ac,v 1.9 2014/04/21 17:40:19 sthen Exp $
> ---- configure.ac.orig Sat Dec 14 10:14:50 2013
> -+++ configure.ac Mon Apr 21 18:40:04 2014
> +--- configure.ac.orig Sat Dec 14 11:14:50 2013
> ++++ configure.ac Sun Jan 11 22:42:57 2015
> @@ -152,7 +152,7 @@ AM_CONDITIONAL(CYGWIN, test x"$env_cygwin" = x"yes")
>
> if test "$GCC" = "yes"
> @@ -10,7 +10,16 @@ $OpenBSD: patch-configure_ac,v 1.9 2014/
> #CFLAGS="-g -Wall -Wno-unused-function"
> fi
>
> -@@ -737,6 +737,7 @@ if test x"$enable_new_addrbook" = xno; then
> +@@ -494,6 +494,8 @@ dnl password encryption
> + OLDLIBS=$LIBS
> + LIBS=
> + case $host_os in
> ++ *openbsd*)
> ++ ;;
> + *dragonfly*)
> + AC_SEARCH_LIBS(encrypt, cipher, [],
> AC_MSG_ERROR(['encrypt'-function not found.]))
> + ;;
> +@@ -737,6 +739,7 @@ if test x"$enable_new_addrbook" = xno; then
> AC_CHECK_LIB(resolv, res_query, LDAP_LIBS="$LDAP_LIBS -lresolv")
> AC_CHECK_LIB(socket, bind, LDAP_LIBS="$LDAP_LIBS -lsocket")
> AC_CHECK_LIB(nsl, gethostbyaddr, LDAP_LIBS="$LDAP_LIBS -lnsl")
> @@ -18,7 +27,7 @@ $OpenBSD: patch-configure_ac,v 1.9 2014/
> AC_CHECK_LIB(lber, ber_get_tag, LDAP_LIBS="$LDAP_LIBS -llber",,
> $LDAP_LIBS)
>
> -@@ -809,7 +810,7 @@ if test x"$enable_new_addrbook" = xno; then
> +@@ -809,7 +812,7 @@ if test x"$enable_new_addrbook" = xno; then
> AC_DEFINE(USE_JPILOT, 1, Define if
> you want JPilot support in addressbook.) ])
> fi
>
> Index: patches/patch-src_common_passcrypt_c
> ===================================================================
> RCS file: patches/patch-src_common_passcrypt_c
> diff -N patches/patch-src_common_passcrypt_c
> --- /dev/null 1 Jan 1970 00:00:00 -0000
> +++ patches/patch-src_common_passcrypt_c 11 Jan 2015 21:58:57 -0000
> @@ -0,0 +1,131 @@
> +$OpenBSD$
> +--- src/common/passcrypt.c.orig Sat Dec 14 11:15:06 2013
> ++++ src/common/passcrypt.c Sun Jan 11 22:32:43 2015
> +@@ -35,6 +35,7 @@
> + #endif
> +
> + #include <glib.h>
> ++#include <openssl/des.h>
> +
> + #include "passcrypt.h"
> +
> +@@ -72,100 +73,30 @@ crypt_cfb_buf(const char key[8], unsigned char *buf, u
> + ecb_crypt(des_key, buf, len, DES_ENCRYPT);
> + }
> + #else
> +-static void crypt_cfb_shift(unsigned char *to,
> +- const unsigned char *from, unsigned len);
> +-static void crypt_cfb_xor(unsigned char *to, const unsigned char *from,
> +- unsigned len);
> +-static void crypt_unpack(unsigned char *a);
> +-
> + static void
> + crypt_cfb_buf(const char key[8], unsigned char *buf, unsigned len,
> + unsigned chunksize, int decrypt)
> + {
> +- unsigned char temp[64];
> ++ unsigned char *out;
> ++ char des_key[8];
> ++ DES_key_schedule keysched;
> +
> +- memcpy(temp, key, 8);
> +- crypt_unpack(temp);
> +- setkey((const char *) temp);
> +- memset(temp, 0, sizeof(temp));
> ++ out = malloc(len);
> ++ if(out == NULL)
> ++ return;
> ++ strncpy(des_key, PASSCRYPT_KEY, 8);
> ++ memset(&crypt_cfb_iv, 0, sizeof(crypt_cfb_iv));
> ++
> ++ DES_set_odd_parity(&des_key);
> ++ DES_set_key_unchecked(&des_key, &keysched);
> ++ if (decrypt)
> ++ DES_cfb_encrypt(buf, out, crypt_cfb_blocksize,\
> ++ len, &keysched, &crypt_cfb_iv, DES_DECRYPT);
> ++ else
> ++ DES_cfb_encrypt(buf, out, crypt_cfb_blocksize,\
> ++ len, &keysched, &crypt_cfb_iv, DES_ENCRYPT);
> +
> +- memset(crypt_cfb_iv, 0, sizeof(crypt_cfb_iv));
> +-
> +- if (chunksize > crypt_cfb_blocksize)
> +- chunksize = crypt_cfb_blocksize;
> +-
> +- while (len) {
> +- memcpy(temp, crypt_cfb_iv, sizeof(temp));
> +- encrypt((char *) temp, 0);
> +- if (chunksize > len)
> +- chunksize = len;
> +- if (decrypt)
> +- crypt_cfb_shift(crypt_cfb_iv, buf, chunksize);
> +- crypt_cfb_xor((unsigned char *) buf, temp, chunksize);
> +- if (!decrypt)
> +- crypt_cfb_shift(crypt_cfb_iv, buf, chunksize);
> +- len -= chunksize;
> +- buf += chunksize;
> +- }
> +-}
> +-
> +-/*
> +-* Shift len bytes from end of to buffer to beginning, then put len
> +-* bytes from from at the end. Caution: the to buffer is unpacked,
> +-* but the from buffer is not.
> +-*/
> +-static void
> +-crypt_cfb_shift(unsigned char *to, const unsigned char *from, unsigned len)
> +-{
> +- unsigned i;
> +- unsigned j;
> +- unsigned k;
> +-
> +- if (len < crypt_cfb_blocksize) {
> +- i = len * 8;
> +- j = crypt_cfb_blocksize * 8;
> +- for (k = i; k < j; k++) {
> +- to[0] = to[i];
> +- ++to;
> +- }
> +- }
> +-
> +- for (i = 0; i < len; i++) {
> +- j = *from++;
> +- for (k = 0x80; k; k >>= 1)
> +- *to++ = ((j & k) != 0);
> +- }
> +-}
> +-
> +-/*
> +-* XOR len bytes from from into the data at to. Caution: the from buffer
> +-* is unpacked, but the to buffer is not.
> +-*/
> +-static void
> +-crypt_cfb_xor(unsigned char *to, const unsigned char *from, unsigned len)
> +-{
> +- unsigned i;
> +- unsigned j;
> +- unsigned char c;
> +-
> +- for (i = 0; i < len; i++) {
> +- c = 0;
> +- for (j = 0; j < 8; j++)
> +- c = (c << 1) | *from++;
> +- *to++ ^= c;
> +- }
> +-}
> +-
> +-/*
> +-* Take the 8-byte array at *a (must be able to hold 64 bytes!) and unpack
> +-* each bit into its own byte.
> +-*/
> +-static void crypt_unpack(unsigned char *a)
> +-{
> +- int i, j;
> +-
> +- for (i = 7; i >= 0; --i)
> +- for (j = 7; j >= 0; --j)
> +- a[(i << 3) + j] = (a[i] & (0x80 >> j)) != 0;
> ++ strncpy(buf, out, len);
> ++ free(out);
> + }
> + #endif
>
> --
> jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF DDCC 0DFA 74AE 1524 E7EE
>
