On 2015/01/11 23:00, Jérémie Courrèges-Anglas wrote: > Benjamin Baier <program...@netzbasis.de> writes: > > > On Tue, 30 Dec 2014 21:35:06 +0100 > > Daniel Jakots <vigdis+o...@chown.me> wrote: > > > >> On Wed, 17 Dec 2014 13:56:18 +0000, Stuart Henderson > >> <st...@openbsd.org> wrote: > >> > >> > So an alternative diff below. It isn't particularly nice but does > >> > unbreak the port... Does anyone have a better idea? > >> > >> Hi, > >> > >> I'm a claws-mail user. Would the test of the diff help? > >> (looking for a way to unblock the situation :)) > >> > >> Cheers, > >> Daniel > >> > > > > Hi, this replaces the self-rolled code with LibreSSL DES. > > This was done in a hurry, but then this could just use rot13, > > which would be equally secure, but not backwards compatible. > > Your diff does not apply cleanly, I guess that's why nobody replied > (boo!).
Either that, or people didn't notice it ;) > Did you test that the resulting format is actually backwards > compatible? > > I guess this is the way to go, if the diff actually is correct. I'd > like to point out that the claws-mail port is lagging behind upstream; > it seems that no one has talked to the claws-mail developers about this > issue either. No big surprise, the port doesn't have anybody interested enough in it to be listed as maintainer .. > Here's a diff that applies. If this can read a password stored with claws-mail from 5.6 then it's ok with me. > Index: patches/patch-configure_ac > =================================================================== > RCS file: /cvs/ports/mail/claws-mail/patches/patch-configure_ac,v > retrieving revision 1.9 > diff -u -p -r1.9 patch-configure_ac > --- patches/patch-configure_ac 21 Apr 2014 17:40:19 -0000 1.9 > +++ patches/patch-configure_ac 11 Jan 2015 21:43:05 -0000 > @@ -1,6 +1,6 @@ > $OpenBSD: patch-configure_ac,v 1.9 2014/04/21 17:40:19 sthen Exp $ > ---- configure.ac.orig Sat Dec 14 10:14:50 2013 > -+++ configure.ac Mon Apr 21 18:40:04 2014 > +--- configure.ac.orig Sat Dec 14 11:14:50 2013 > ++++ configure.ac Sun Jan 11 22:42:57 2015 > @@ -152,7 +152,7 @@ AM_CONDITIONAL(CYGWIN, test x"$env_cygwin" = x"yes") > > if test "$GCC" = "yes" > @@ -10,7 +10,16 @@ $OpenBSD: patch-configure_ac,v 1.9 2014/ > #CFLAGS="-g -Wall -Wno-unused-function" > fi > > -@@ -737,6 +737,7 @@ if test x"$enable_new_addrbook" = xno; then > +@@ -494,6 +494,8 @@ dnl password encryption > + OLDLIBS=$LIBS > + LIBS= > + case $host_os in > ++ *openbsd*) > ++ ;; > + *dragonfly*) > + AC_SEARCH_LIBS(encrypt, cipher, [], > AC_MSG_ERROR(['encrypt'-function not found.])) > + ;; > +@@ -737,6 +739,7 @@ if test x"$enable_new_addrbook" = xno; then > AC_CHECK_LIB(resolv, res_query, LDAP_LIBS="$LDAP_LIBS -lresolv") > AC_CHECK_LIB(socket, bind, LDAP_LIBS="$LDAP_LIBS -lsocket") > AC_CHECK_LIB(nsl, gethostbyaddr, LDAP_LIBS="$LDAP_LIBS -lnsl") > @@ -18,7 +27,7 @@ $OpenBSD: patch-configure_ac,v 1.9 2014/ > AC_CHECK_LIB(lber, ber_get_tag, LDAP_LIBS="$LDAP_LIBS -llber",, > $LDAP_LIBS) > > -@@ -809,7 +810,7 @@ if test x"$enable_new_addrbook" = xno; then > +@@ -809,7 +812,7 @@ if test x"$enable_new_addrbook" = xno; then > AC_DEFINE(USE_JPILOT, 1, Define if > you want JPilot support in addressbook.) ]) > fi > > Index: patches/patch-src_common_passcrypt_c > =================================================================== > RCS file: patches/patch-src_common_passcrypt_c > diff -N patches/patch-src_common_passcrypt_c > --- /dev/null 1 Jan 1970 00:00:00 -0000 > +++ patches/patch-src_common_passcrypt_c 11 Jan 2015 21:58:57 -0000 > @@ -0,0 +1,131 @@ > +$OpenBSD$ > +--- src/common/passcrypt.c.orig Sat Dec 14 11:15:06 2013 > ++++ src/common/passcrypt.c Sun Jan 11 22:32:43 2015 > +@@ -35,6 +35,7 @@ > + #endif > + > + #include <glib.h> > ++#include <openssl/des.h> > + > + #include "passcrypt.h" > + > +@@ -72,100 +73,30 @@ crypt_cfb_buf(const char key[8], unsigned char *buf, u > + ecb_crypt(des_key, buf, len, DES_ENCRYPT); > + } > + #else > +-static void crypt_cfb_shift(unsigned char *to, > +- const unsigned char *from, unsigned len); > +-static void crypt_cfb_xor(unsigned char *to, const unsigned char *from, > +- unsigned len); > +-static void crypt_unpack(unsigned char *a); > +- > + static void > + crypt_cfb_buf(const char key[8], unsigned char *buf, unsigned len, > + unsigned chunksize, int decrypt) > + { > +- unsigned char temp[64]; > ++ unsigned char *out; > ++ char des_key[8]; > ++ DES_key_schedule keysched; > + > +- memcpy(temp, key, 8); > +- crypt_unpack(temp); > +- setkey((const char *) temp); > +- memset(temp, 0, sizeof(temp)); > ++ out = malloc(len); > ++ if(out == NULL) > ++ return; > ++ strncpy(des_key, PASSCRYPT_KEY, 8); > ++ memset(&crypt_cfb_iv, 0, sizeof(crypt_cfb_iv)); > ++ > ++ DES_set_odd_parity(&des_key); > ++ DES_set_key_unchecked(&des_key, &keysched); > ++ if (decrypt) > ++ DES_cfb_encrypt(buf, out, crypt_cfb_blocksize,\ > ++ len, &keysched, &crypt_cfb_iv, DES_DECRYPT); > ++ else > ++ DES_cfb_encrypt(buf, out, crypt_cfb_blocksize,\ > ++ len, &keysched, &crypt_cfb_iv, DES_ENCRYPT); > + > +- memset(crypt_cfb_iv, 0, sizeof(crypt_cfb_iv)); > +- > +- if (chunksize > crypt_cfb_blocksize) > +- chunksize = crypt_cfb_blocksize; > +- > +- while (len) { > +- memcpy(temp, crypt_cfb_iv, sizeof(temp)); > +- encrypt((char *) temp, 0); > +- if (chunksize > len) > +- chunksize = len; > +- if (decrypt) > +- crypt_cfb_shift(crypt_cfb_iv, buf, chunksize); > +- crypt_cfb_xor((unsigned char *) buf, temp, chunksize); > +- if (!decrypt) > +- crypt_cfb_shift(crypt_cfb_iv, buf, chunksize); > +- len -= chunksize; > +- buf += chunksize; > +- } > +-} > +- > +-/* > +-* Shift len bytes from end of to buffer to beginning, then put len > +-* bytes from from at the end. Caution: the to buffer is unpacked, > +-* but the from buffer is not. > +-*/ > +-static void > +-crypt_cfb_shift(unsigned char *to, const unsigned char *from, unsigned len) > +-{ > +- unsigned i; > +- unsigned j; > +- unsigned k; > +- > +- if (len < crypt_cfb_blocksize) { > +- i = len * 8; > +- j = crypt_cfb_blocksize * 8; > +- for (k = i; k < j; k++) { > +- to[0] = to[i]; > +- ++to; > +- } > +- } > +- > +- for (i = 0; i < len; i++) { > +- j = *from++; > +- for (k = 0x80; k; k >>= 1) > +- *to++ = ((j & k) != 0); > +- } > +-} > +- > +-/* > +-* XOR len bytes from from into the data at to. Caution: the from buffer > +-* is unpacked, but the to buffer is not. > +-*/ > +-static void > +-crypt_cfb_xor(unsigned char *to, const unsigned char *from, unsigned len) > +-{ > +- unsigned i; > +- unsigned j; > +- unsigned char c; > +- > +- for (i = 0; i < len; i++) { > +- c = 0; > +- for (j = 0; j < 8; j++) > +- c = (c << 1) | *from++; > +- *to++ ^= c; > +- } > +-} > +- > +-/* > +-* Take the 8-byte array at *a (must be able to hold 64 bytes!) and unpack > +-* each bit into its own byte. > +-*/ > +-static void crypt_unpack(unsigned char *a) > +-{ > +- int i, j; > +- > +- for (i = 7; i >= 0; --i) > +- for (j = 7; j >= 0; --j) > +- a[(i << 3) + j] = (a[i] & (0x80 >> j)) != 0; > ++ strncpy(buf, out, len); > ++ free(out); > + } > + #endif > > -- > jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF DDCC 0DFA 74AE 1524 E7EE >