Re: [Bulk] Re: claws-mail: stop using encrypt()
On Mon, 26 Jan 2015 13:30:23 + Kevin Chadwick wrote: > > > Sorry for that. > > > And yes I'm running claws with this diff and it reads and writes my old > > > config > > > file just fine, since Jan 4 now. > > > > Thanks, commited! > > Since I updated to the Jan 18th snapshot I have had the password field > of the first used account (maybe last used before close) get overwritten > with "A"s in accountrc but it only happens occasionally. > > password=!b+lVQCP/ > > I've uchg accountrc as a workaround I've found out how to repeat the problem and may look into a fix sometime. If you start a password with )1 then you get all AAAs in accountrc but if you start with 1) then it looks like it works as it should.
Re: claws-mail: stop using encrypt()
On Mon, 12 Jan 2015 22:49:00 +0100 Landry Breuil wrote: > > Sorry for that. > > And yes I'm running claws with this diff and it reads and writes my old > > config > > file just fine, since Jan 4 now. > > Thanks, commited! Since I updated to the Jan 18th snapshot I have had the password field of the first used account (maybe last used before close) get overwritten with "A"s in accountrc but it only happens occasionally. password=!b+lVQCP/ I've uchg accountrc as a workaround
Re: claws-mail: stop using encrypt()
On Mon, Jan 12, 2015 at 10:31:09PM +0100, Benjamin Baier wrote: > > > On Sun, 11 Jan 2015 23:00:15 +0100 > j...@wxcvbn.org (Jérémie Courrèges-Anglas) wrote: > > > Your diff does not apply cleanly, I guess that's why nobody replied > > (boo!). Did you test that the resulting format is actually backwards > > compatible? > > Sorry for that. > And yes I'm running claws with this diff and it reads and writes my old config > file just fine, since Jan 4 now. Thanks, commited!
Re: claws-mail: stop using encrypt()
On Sun, 11 Jan 2015 23:00:15 +0100
j...@wxcvbn.org (Jérémie Courrèges-Anglas) wrote:
> Your diff does not apply cleanly, I guess that's why nobody replied
> (boo!). Did you test that the resulting format is actually backwards
> compatible?
Sorry for that.
And yes I'm running claws with this diff and it reads and writes my old config
file just fine, since Jan 4 now.
> I guess this is the way to go, if the diff actually is correct. I'd
> like to point out that the claws-mail port is lagging behind upstream;
> it seems that no one has talked to the claws-mail developers about this
> issue either.
It's on my list to send a patch upstream, but seeing them swap out openssl
code in favour of gnutls, it's just luck that it still links against openssl.
So this is not the final solution.
> Here's a diff that applies.
>
> Index: patches/patch-configure_ac
> ===
> RCS file: /cvs/ports/mail/claws-mail/patches/patch-configure_ac,v
> retrieving revision 1.9
> diff -u -p -r1.9 patch-configure_ac
> --- patches/patch-configure_ac21 Apr 2014 17:40:19 - 1.9
> +++ patches/patch-configure_ac11 Jan 2015 21:43:05 -
> @@ -1,6 +1,6 @@
> $OpenBSD: patch-configure_ac,v 1.9 2014/04/21 17:40:19 sthen Exp $
> configure.ac.origSat Dec 14 10:14:50 2013
> -+++ configure.ac Mon Apr 21 18:40:04 2014
> +--- configure.ac.origSat Dec 14 11:14:50 2013
> configure.ac Sun Jan 11 22:42:57 2015
> @@ -152,7 +152,7 @@ AM_CONDITIONAL(CYGWIN, test x"$env_cygwin" = x"yes")
>
> if test "$GCC" = "yes"
> @@ -10,7 +10,16 @@ $OpenBSD: patch-configure_ac,v 1.9 2014/
> #CFLAGS="-g -Wall -Wno-unused-function"
> fi
>
> -@@ -737,6 +737,7 @@ if test x"$enable_new_addrbook" = xno; then
> +@@ -494,6 +494,8 @@ dnl password encryption
> + OLDLIBS=$LIBS
> + LIBS=
> + case $host_os in
> ++*openbsd*)
> ++;;
> + *dragonfly*)
> + AC_SEARCH_LIBS(encrypt, cipher, [],
> AC_MSG_ERROR(['encrypt'-function not found.]))
> + ;;
> +@@ -737,6 +739,7 @@ if test x"$enable_new_addrbook" = xno; then
> AC_CHECK_LIB(resolv, res_query, LDAP_LIBS="$LDAP_LIBS
> -lresolv") AC_CHECK_LIB(socket, bind, LDAP_LIBS="$LDAP_LIBS -lsocket")
> AC_CHECK_LIB(nsl, gethostbyaddr, LDAP_LIBS="$LDAP_LIBS
> -lnsl") @@ -18,7 +27,7 @@ $OpenBSD: patch-configure_ac,v 1.9 2014/
> AC_CHECK_LIB(lber, ber_get_tag, LDAP_LIBS="$LDAP_LIBS
> -llber",, $LDAP_LIBS)
>
> -@@ -809,7 +810,7 @@ if test x"$enable_new_addrbook" = xno; then
> +@@ -809,7 +812,7 @@ if test x"$enable_new_addrbook" = xno; then
> AC_DEFINE(USE_JPILOT, 1, Define
> if you want JPilot support in addressbook.) ]) fi
>
> Index: patches/patch-src_common_passcrypt_c
> ===
> RCS file: patches/patch-src_common_passcrypt_c
> diff -N patches/patch-src_common_passcrypt_c
> --- /dev/null 1 Jan 1970 00:00:00 -
> +++ patches/patch-src_common_passcrypt_c 11 Jan 2015 21:58:57 -
> @@ -0,0 +1,131 @@
> +$OpenBSD$
> +--- src/common/passcrypt.c.orig Sat Dec 14 11:15:06 2013
> src/common/passcrypt.c Sun Jan 11 22:32:43 2015
> +@@ -35,6 +35,7 @@
> + #endif
> +
> + #include
> ++#include
> +
> + #include "passcrypt.h"
> +
> +@@ -72,100 +73,30 @@ crypt_cfb_buf(const char key[8], unsigned char *buf, u
> + ecb_crypt(des_key, buf, len, DES_ENCRYPT);
> + }
> + #else
> +-static void crypt_cfb_shift(unsigned char *to,
> +-const unsigned char *from, unsigned len);
> +-static void crypt_cfb_xor(unsigned char *to, const unsigned char *from,
> +- unsigned len);
> +-static void crypt_unpack(unsigned char *a);
> +-
> + static void
> + crypt_cfb_buf(const char key[8], unsigned char *buf, unsigned len,
> + unsigned chunksize, int decrypt)
> + {
> +-unsigned char temp[64];
> ++unsigned char *out;
> ++char des_key[8];
> ++DES_key_schedule keysched;
> +
> +-memcpy(temp, key, 8);
> +-crypt_unpack(temp);
> +-setkey((const char *) temp);
> +-memset(temp, 0, sizeof(temp));
> ++out = malloc(len);
> ++if(out == NULL)
> ++return;
> ++strncpy(des_key, PASSCRYPT_KEY, 8);
> ++memset(&crypt_cfb_iv, 0, sizeof(crypt_cfb_iv));
> ++
> ++DES_set_odd_parity(&des_key);
> ++DES_set_key_unchecked(&des_key, &keysched);
> ++if (decrypt)
> ++DES_cfb_encrypt(buf, out, crypt_cfb_blocksize,\
> ++len, &keysched, &crypt_cfb_iv, DES_DECRYPT);
> ++else
> ++DES_cfb_encrypt(buf, out, crypt_cfb_blocksize,\
> ++len, &keysched, &crypt_cfb_iv, DES_ENCRYPT);
> +
> +-memset(crypt_cfb_iv, 0, sizeof(crypt_cfb_iv));
> +-
> +-if (chunksize > crypt_cfb_blocksize)
> +-chunksize = crypt_cfb_blocksize;
> +-
> +-while (len) {
> +-memcpy(temp, crypt
Re: claws-mail: stop using encrypt()
On 2015/01/11 23:00, Jérémie Courrèges-Anglas wrote:
> Benjamin Baier writes:
>
> > On Tue, 30 Dec 2014 21:35:06 +0100
> > Daniel Jakots wrote:
> >
> >> On Wed, 17 Dec 2014 13:56:18 +, Stuart Henderson
> >> wrote:
> >>
> >> > So an alternative diff below. It isn't particularly nice but does
> >> > unbreak the port... Does anyone have a better idea?
> >>
> >> Hi,
> >>
> >> I'm a claws-mail user. Would the test of the diff help?
> >> (looking for a way to unblock the situation :))
> >>
> >> Cheers,
> >> Daniel
> >>
> >
> > Hi, this replaces the self-rolled code with LibreSSL DES.
> > This was done in a hurry, but then this could just use rot13,
> > which would be equally secure, but not backwards compatible.
>
> Your diff does not apply cleanly, I guess that's why nobody replied
> (boo!).
Either that, or people didn't notice it ;)
> Did you test that the resulting format is actually backwards
> compatible?
>
> I guess this is the way to go, if the diff actually is correct. I'd
> like to point out that the claws-mail port is lagging behind upstream;
> it seems that no one has talked to the claws-mail developers about this
> issue either.
No big surprise, the port doesn't have anybody interested enough in it
to be listed as maintainer ..
> Here's a diff that applies.
If this can read a password stored with claws-mail from 5.6 then it's
ok with me.
> Index: patches/patch-configure_ac
> ===
> RCS file: /cvs/ports/mail/claws-mail/patches/patch-configure_ac,v
> retrieving revision 1.9
> diff -u -p -r1.9 patch-configure_ac
> --- patches/patch-configure_ac21 Apr 2014 17:40:19 - 1.9
> +++ patches/patch-configure_ac11 Jan 2015 21:43:05 -
> @@ -1,6 +1,6 @@
> $OpenBSD: patch-configure_ac,v 1.9 2014/04/21 17:40:19 sthen Exp $
> configure.ac.origSat Dec 14 10:14:50 2013
> -+++ configure.ac Mon Apr 21 18:40:04 2014
> +--- configure.ac.origSat Dec 14 11:14:50 2013
> configure.ac Sun Jan 11 22:42:57 2015
> @@ -152,7 +152,7 @@ AM_CONDITIONAL(CYGWIN, test x"$env_cygwin" = x"yes")
>
> if test "$GCC" = "yes"
> @@ -10,7 +10,16 @@ $OpenBSD: patch-configure_ac,v 1.9 2014/
> #CFLAGS="-g -Wall -Wno-unused-function"
> fi
>
> -@@ -737,6 +737,7 @@ if test x"$enable_new_addrbook" = xno; then
> +@@ -494,6 +494,8 @@ dnl password encryption
> + OLDLIBS=$LIBS
> + LIBS=
> + case $host_os in
> ++*openbsd*)
> ++;;
> + *dragonfly*)
> + AC_SEARCH_LIBS(encrypt, cipher, [],
> AC_MSG_ERROR(['encrypt'-function not found.]))
> + ;;
> +@@ -737,6 +739,7 @@ if test x"$enable_new_addrbook" = xno; then
> AC_CHECK_LIB(resolv, res_query, LDAP_LIBS="$LDAP_LIBS -lresolv")
> AC_CHECK_LIB(socket, bind, LDAP_LIBS="$LDAP_LIBS -lsocket")
> AC_CHECK_LIB(nsl, gethostbyaddr, LDAP_LIBS="$LDAP_LIBS -lnsl")
> @@ -18,7 +27,7 @@ $OpenBSD: patch-configure_ac,v 1.9 2014/
> AC_CHECK_LIB(lber, ber_get_tag, LDAP_LIBS="$LDAP_LIBS -llber",,
>$LDAP_LIBS)
>
> -@@ -809,7 +810,7 @@ if test x"$enable_new_addrbook" = xno; then
> +@@ -809,7 +812,7 @@ if test x"$enable_new_addrbook" = xno; then
> AC_DEFINE(USE_JPILOT, 1, Define if
> you want JPilot support in addressbook.) ])
> fi
>
> Index: patches/patch-src_common_passcrypt_c
> ===
> RCS file: patches/patch-src_common_passcrypt_c
> diff -N patches/patch-src_common_passcrypt_c
> --- /dev/null 1 Jan 1970 00:00:00 -
> +++ patches/patch-src_common_passcrypt_c 11 Jan 2015 21:58:57 -
> @@ -0,0 +1,131 @@
> +$OpenBSD$
> +--- src/common/passcrypt.c.orig Sat Dec 14 11:15:06 2013
> src/common/passcrypt.c Sun Jan 11 22:32:43 2015
> +@@ -35,6 +35,7 @@
> + #endif
> +
> + #include
> ++#include
> +
> + #include "passcrypt.h"
> +
> +@@ -72,100 +73,30 @@ crypt_cfb_buf(const char key[8], unsigned char *buf, u
> + ecb_crypt(des_key, buf, len, DES_ENCRYPT);
> + }
> + #else
> +-static void crypt_cfb_shift(unsigned char *to,
> +-const unsigned char *from, unsigned len);
> +-static void crypt_cfb_xor(unsigned char *to, const unsigned char *from,
> +- unsigned len);
> +-static void crypt_unpack(unsigned char *a);
> +-
> + static void
> + crypt_cfb_buf(const char key[8], unsigned char *buf, unsigned len,
> + unsigned chunksize, int decrypt)
> + {
> +-unsigned char temp[64];
> ++unsigned char *out;
> ++char des_key[8];
> ++DES_key_schedule keysched;
> +
> +-memcpy(temp, key, 8);
> +-crypt_unpack(temp);
> +-setkey((const char *) temp);
> +-memset(temp, 0, sizeof(temp));
> ++out = malloc(len);
> ++if(out == NULL)
> ++return;
> ++strncpy(des_key, PASSCRYPT_KEY, 8);
> ++memset(&crypt_cfb_iv, 0, sizeof(crypt_
Re: claws-mail: stop using encrypt()
Benjamin Baier writes:
> On Tue, 30 Dec 2014 21:35:06 +0100
> Daniel Jakots wrote:
>
>> On Wed, 17 Dec 2014 13:56:18 +, Stuart Henderson
>> wrote:
>>
>> > So an alternative diff below. It isn't particularly nice but does
>> > unbreak the port... Does anyone have a better idea?
>>
>> Hi,
>>
>> I'm a claws-mail user. Would the test of the diff help?
>> (looking for a way to unblock the situation :))
>>
>> Cheers,
>> Daniel
>>
>
> Hi, this replaces the self-rolled code with LibreSSL DES.
> This was done in a hurry, but then this could just use rot13,
> which would be equally secure, but not backwards compatible.
Your diff does not apply cleanly, I guess that's why nobody replied
(boo!). Did you test that the resulting format is actually backwards
compatible?
I guess this is the way to go, if the diff actually is correct. I'd
like to point out that the claws-mail port is lagging behind upstream;
it seems that no one has talked to the claws-mail developers about this
issue either.
Here's a diff that applies.
Index: patches/patch-configure_ac
===
RCS file: /cvs/ports/mail/claws-mail/patches/patch-configure_ac,v
retrieving revision 1.9
diff -u -p -r1.9 patch-configure_ac
--- patches/patch-configure_ac 21 Apr 2014 17:40:19 - 1.9
+++ patches/patch-configure_ac 11 Jan 2015 21:43:05 -
@@ -1,6 +1,6 @@
$OpenBSD: patch-configure_ac,v 1.9 2014/04/21 17:40:19 sthen Exp $
configure.ac.orig Sat Dec 14 10:14:50 2013
-+++ configure.ac Mon Apr 21 18:40:04 2014
+--- configure.ac.orig Sat Dec 14 11:14:50 2013
configure.ac Sun Jan 11 22:42:57 2015
@@ -152,7 +152,7 @@ AM_CONDITIONAL(CYGWIN, test x"$env_cygwin" = x"yes")
if test "$GCC" = "yes"
@@ -10,7 +10,16 @@ $OpenBSD: patch-configure_ac,v 1.9 2014/
#CFLAGS="-g -Wall -Wno-unused-function"
fi
-@@ -737,6 +737,7 @@ if test x"$enable_new_addrbook" = xno; then
+@@ -494,6 +494,8 @@ dnl password encryption
+ OLDLIBS=$LIBS
+ LIBS=
+ case $host_os in
++ *openbsd*)
++ ;;
+ *dragonfly*)
+ AC_SEARCH_LIBS(encrypt, cipher, [],
AC_MSG_ERROR(['encrypt'-function not found.]))
+ ;;
+@@ -737,6 +739,7 @@ if test x"$enable_new_addrbook" = xno; then
AC_CHECK_LIB(resolv, res_query, LDAP_LIBS="$LDAP_LIBS -lresolv")
AC_CHECK_LIB(socket, bind, LDAP_LIBS="$LDAP_LIBS -lsocket")
AC_CHECK_LIB(nsl, gethostbyaddr, LDAP_LIBS="$LDAP_LIBS -lnsl")
@@ -18,7 +27,7 @@ $OpenBSD: patch-configure_ac,v 1.9 2014/
AC_CHECK_LIB(lber, ber_get_tag, LDAP_LIBS="$LDAP_LIBS -llber",,
$LDAP_LIBS)
-@@ -809,7 +810,7 @@ if test x"$enable_new_addrbook" = xno; then
+@@ -809,7 +812,7 @@ if test x"$enable_new_addrbook" = xno; then
AC_DEFINE(USE_JPILOT, 1, Define if
you want JPilot support in addressbook.) ])
fi
Index: patches/patch-src_common_passcrypt_c
===
RCS file: patches/patch-src_common_passcrypt_c
diff -N patches/patch-src_common_passcrypt_c
--- /dev/null 1 Jan 1970 00:00:00 -
+++ patches/patch-src_common_passcrypt_c11 Jan 2015 21:58:57 -
@@ -0,0 +1,131 @@
+$OpenBSD$
+--- src/common/passcrypt.c.origSat Dec 14 11:15:06 2013
src/common/passcrypt.c Sun Jan 11 22:32:43 2015
+@@ -35,6 +35,7 @@
+ #endif
+
+ #include
++#include
+
+ #include "passcrypt.h"
+
+@@ -72,100 +73,30 @@ crypt_cfb_buf(const char key[8], unsigned char *buf, u
+ ecb_crypt(des_key, buf, len, DES_ENCRYPT);
+ }
+ #else
+-static void crypt_cfb_shift(unsigned char *to,
+- const unsigned char *from, unsigned len);
+-static void crypt_cfb_xor(unsigned char *to, const unsigned char *from,
+-unsigned len);
+-static void crypt_unpack(unsigned char *a);
+-
+ static void
+ crypt_cfb_buf(const char key[8], unsigned char *buf, unsigned len,
+ unsigned chunksize, int decrypt)
+ {
+- unsigned char temp[64];
++ unsigned char *out;
++ char des_key[8];
++ DES_key_schedule keysched;
+
+- memcpy(temp, key, 8);
+- crypt_unpack(temp);
+- setkey((const char *) temp);
+- memset(temp, 0, sizeof(temp));
++ out = malloc(len);
++ if(out == NULL)
++ return;
++ strncpy(des_key, PASSCRYPT_KEY, 8);
++ memset(&crypt_cfb_iv, 0, sizeof(crypt_cfb_iv));
++
++ DES_set_odd_parity(&des_key);
++ DES_set_key_unchecked(&des_key, &keysched);
++ if (decrypt)
++ DES_cfb_encrypt(buf, out, crypt_cfb_blocksize,\
++ len, &keysched, &crypt_cfb_iv, DES_DECRYPT);
++ else
++ DES_cfb_encrypt(buf, out, crypt_cfb_blocksize,\
++ len, &keysched, &crypt_cfb_iv, DES_ENCRYPT);
+
+- memset(crypt_cfb_iv, 0, sizeof(crypt_cfb_iv));
+-
+- if (chunksize >
Re: claws-mail: stop using encrypt()
On Tue, 30 Dec 2014 21:35:06 +0100
Daniel Jakots wrote:
> On Wed, 17 Dec 2014 13:56:18 +, Stuart Henderson
> wrote:
>
> > So an alternative diff below. It isn't particularly nice but does
> > unbreak the port... Does anyone have a better idea?
>
> Hi,
>
> I'm a claws-mail user. Would the test of the diff help?
> (looking for a way to unblock the situation :))
>
> Cheers,
> Daniel
>
Hi, this replaces the self-rolled code with LibreSSL DES.
This was done in a hurry, but then this could just use rot13,
which would be equally secure, but not backwards compatible.
Greetings ben
Index: patch-configure_ac
===
RCS file: /cvs/ports/mail/claws-mail/patches/patch-configure_ac,v
retrieving revision 1.9
diff -u -p -r1.9 patch-configure_ac
--- patch-configure_ac 21 Apr 2014 17:40:19 - 1.9
+++ patch-configure_ac 4 Jan 2015 17:50:33 -
@@ -1,6 +1,6 @@
$OpenBSD: patch-configure_ac,v 1.9 2014/04/21 17:40:19 sthen Exp $
--- configure.ac.orig Sat Dec 14 10:14:50 2013
-+++ configure.ac Mon Apr 21 18:40:04 2014
configure.ac Wed Dec 17 12:00:37 2014
@@ -152,7 +152,7 @@ AM_CONDITIONAL(CYGWIN, test x"$env_cygwin" = x"yes")
if test "$GCC" = "yes"
@@ -10,7 +10,16 @@ $OpenBSD: patch-configure_ac,v 1.9 2014/
#CFLAGS="-g -Wall -Wno-unused-function"
fi
-@@ -737,6 +737,7 @@ if test x"$enable_new_addrbook" = xno; then
+@@ -494,6 +494,8 @@ dnl password encryption
+ OLDLIBS=$LIBS
+ LIBS=
+ case $host_os in
++ *openbsd*)
++ ;;
+ *dragonfly*)
+ AC_SEARCH_LIBS(encrypt, cipher, [],
AC_MSG_ERROR(['encrypt'-function not found.]))
+ ;;
+@@ -737,6 +739,7 @@ if test x"$enable_new_addrbook" = xno; then
AC_CHECK_LIB(resolv, res_query, LDAP_LIBS="$LDAP_LIBS
-lresolv") AC_CHECK_LIB(socket, bind, LDAP_LIBS="$LDAP_LIBS -lsocket")
AC_CHECK_LIB(nsl, gethostbyaddr, LDAP_LIBS="$LDAP_LIBS -lnsl")
@@ -18,7 +27,7 @@ $OpenBSD: patch-configure_ac,v 1.9 2014/
AC_CHECK_LIB(lber, ber_get_tag, LDAP_LIBS="$LDAP_LIBS
-llber",, $LDAP_LIBS)
-@@ -809,7 +810,7 @@ if test x"$enable_new_addrbook" = xno; then
+@@ -809,7 +812,7 @@ if test x"$enable_new_addrbook" = xno; then
AC_DEFINE(USE_JPILOT, 1, Define if
you want JPilot support in addressbook.) ]) fi
Index: patch-src_common_passcrypt_c
===
RCS file: patch-src_common_passcrypt_c
diff -N patch-src_common_passcrypt_c
--- /dev/null 1 Jan 1970 00:00:00 -
+++ patch-src_common_passcrypt_c4 Jan 2015 17:53:56 -
@@ -0,0 +1,131 @@
+--- src/common/passcrypt.c.origSat Dec 14 11:15:06 2013
src/common/passcrypt.c Sun Jan 4 17:47:05 2015
+@@ -35,6 +35,7 @@
+ #endif
+
+ #include
++#include
+
+ #include "passcrypt.h"
+
+@@ -72,100 +73,30 @@ crypt_cfb_buf(const char key[8], unsigned char *buf, u
+ ecb_crypt(des_key, buf, len, DES_ENCRYPT);
+ }
+ #else
+-static void crypt_cfb_shift(unsigned char *to,
+- const unsigned char *from, unsigned len);
+-static void crypt_cfb_xor(unsigned char *to, const unsigned char *from,
+-unsigned len);
+-static void crypt_unpack(unsigned char *a);
+-
+ static void
+ crypt_cfb_buf(const char key[8], unsigned char *buf, unsigned len,
+ unsigned chunksize, int decrypt)
+ {
+- unsigned char temp[64];
++ unsigned char *out;
++ char des_key[8];
++ DES_key_schedule keysched;
++
++ out = malloc(len);
++ if(out == NULL)
++ return;
++ strncpy(des_key, PASSCRYPT_KEY, 8);
++ memset(&crypt_cfb_iv, 0, sizeof(crypt_cfb_iv));
++
++ DES_set_odd_parity(&des_key);
++ DES_set_key_unchecked(&des_key, &keysched);
++ if (decrypt)
++ DES_cfb_encrypt(buf, out, crypt_cfb_blocksize,\
++ len, &keysched, &crypt_cfb_iv, DES_DECRYPT);
++ else
++ DES_cfb_encrypt(buf, out, crypt_cfb_blocksize,\
++ len, &keysched, &crypt_cfb_iv, DES_ENCRYPT);
+
+- memcpy(temp, key, 8);
+- crypt_unpack(temp);
+- setkey((const char *) temp);
+- memset(temp, 0, sizeof(temp));
+-
+- memset(crypt_cfb_iv, 0, sizeof(crypt_cfb_iv));
+-
+- if (chunksize > crypt_cfb_blocksize)
+- chunksize = crypt_cfb_blocksize;
+-
+- while (len) {
+- memcpy(temp, crypt_cfb_iv, sizeof(temp));
+- encrypt((char *) temp, 0);
+- if (chunksize > len)
+- chunksize = len;
+- if (decrypt)
+- crypt_cfb_shift(crypt_cfb_iv, buf, chunksize);
+- crypt_cfb_xor((unsigned char *) buf, temp, chunksize);
+- if (!decrypt)
+- crypt_cfb_shift(crypt_cfb_iv, buf, chunksize);
+- len -= chunksize;
+- buf += chunksize;
+- }
Re: claws-mail: stop using encrypt()
On Wed, 17 Dec 2014 13:56:18 +, Stuart Henderson wrote: > So an alternative diff below. It isn't particularly nice but does > unbreak the port... Does anyone have a better idea? Hi, I'm a claws-mail user. Would the test of the diff help? (looking for a way to unblock the situation :)) Cheers, Daniel
Re: claws-mail: stop using encrypt()
On Thu, Dec 18, 2014 at 02:09:24PM +, Stuart Henderson wrote: > On 2014/12/18 13:40, John Long wrote: > > On Thu, Dec 18, 2014 at 01:30:23PM +, Stuart Henderson wrote: > > > On 2014/12/18 12:38, Christian Weisgerber wrote: > > > > On 2014-12-17, Stuart Henderson wrote: > > > > > > > > > claws-mail uses encrypt() for password obfuscation in the saved config > > > > > file (.claws-mail/accountrc), which was removed from libc. > > > > > > > > > > So an alternative diff below. It isn't particularly nice but does > > > > > unbreak the port... Does anyone have a better idea? > > > > > > > > Doesn't changing the obfuscation, including removing it, mean that > > > > a user's saved passwords are now lost? > > > > > > Yes. > > > > This could be very problematical since Claws doesn't offer the user a way to > > view the password they saved and there is no warning when you type one in > > that it's a one-way deal. I know of at least one person who didn't save his > > email account passwords elsewhere, figuring Claws would surely allow him to > > view/edit them later. He had to patch the code to spit out all the decrypted > > passwords > > https://github.com/b4n/clawsmail-password-decrypter I patched my copy to write out a file of userids and passwords but that would have been nice if it existed at the time. > > > > I suppose the other option would be to add the removed DES code as a > > > patch in the port.. > > > > I see no valid reason for encrypting them in the first place and would be > > happy for this feature to go away transparently. But if you fixup > > accountrc that would break Claws on other platforms when trying to import an > > accountrc from OpenBSD with unencrypted passwords. That would be A Bad > > Thing. > > That's already the case with FreeBSD. No further objections, Your Honor ;-) /jl -- ASCII ribbon campaign ( ) Powered by Lemote Fuloong against HTML e-mail X Loongson MIPS and OpenBSD and proprietary/ \http://www.mutt.org attachments / \ Code Blue or Go Home! Encrypted email preferred PGP Key 2048R/DA65BC04
Re: claws-mail: stop using encrypt()
On 2014-12-18, Stuart Henderson wrote: > https://github.com/b4n/clawsmail-password-decrypter Should we bundle this with claws-mail? Would people who need it find the bundled script? -- Christian "naddy" Weisgerber na...@mips.inka.de
Re: claws-mail: stop using encrypt()
On 2014-12-18, Stuart Henderson wrote: >> Doesn't changing the obfuscation, including removing it, mean that >> a user's saved passwords are now lost? > > Yes. > > I suppose the other option would be to add the removed DES code as a > patch in the port.. Isn't this stuff available in libcrypto? -- Christian "naddy" Weisgerber na...@mips.inka.de
Re: claws-mail: stop using encrypt()
On 2014/12/18 13:40, John Long wrote: > On Thu, Dec 18, 2014 at 01:30:23PM +, Stuart Henderson wrote: > > On 2014/12/18 12:38, Christian Weisgerber wrote: > > > On 2014-12-17, Stuart Henderson wrote: > > > > > > > claws-mail uses encrypt() for password obfuscation in the saved config > > > > file (.claws-mail/accountrc), which was removed from libc. > > > > > > > > So an alternative diff below. It isn't particularly nice but does > > > > unbreak the port... Does anyone have a better idea? > > > > > > Doesn't changing the obfuscation, including removing it, mean that > > > a user's saved passwords are now lost? > > > > Yes. > > This could be very problematical since Claws doesn't offer the user a way to > view the password they saved and there is no warning when you type one in > that it's a one-way deal. I know of at least one person who didn't save his > email account passwords elsewhere, figuring Claws would surely allow him to > view/edit them later. He had to patch the code to spit out all the decrypted > passwords https://github.com/b4n/clawsmail-password-decrypter > > I suppose the other option would be to add the removed DES code as a > > patch in the port.. > > I see no valid reason for encrypting them in the first place and would be > happy for this feature to go away transparently. But if you fixup > accountrc that would break Claws on other platforms when trying to import an > accountrc from OpenBSD with unencrypted passwords. That would be A Bad Thing. That's already the case with FreeBSD.
Re: claws-mail: stop using encrypt()
On Thu, Dec 18, 2014 at 01:30:23PM +, Stuart Henderson wrote: > On 2014/12/18 12:38, Christian Weisgerber wrote: > > On 2014-12-17, Stuart Henderson wrote: > > > > > claws-mail uses encrypt() for password obfuscation in the saved config > > > file (.claws-mail/accountrc), which was removed from libc. > > > > > > So an alternative diff below. It isn't particularly nice but does > > > unbreak the port... Does anyone have a better idea? > > > > Doesn't changing the obfuscation, including removing it, mean that > > a user's saved passwords are now lost? > > Yes. This could be very problematical since Claws doesn't offer the user a way to view the password they saved and there is no warning when you type one in that it's a one-way deal. I know of at least one person who didn't save his email account passwords elsewhere, figuring Claws would surely allow him to view/edit them later. He had to patch the code to spit out all the decrypted passwords > I suppose the other option would be to add the removed DES code as a > patch in the port.. I see no valid reason for encrypting them in the first place and would be happy for this feature to go away transparently. But if you fixup accountrc that would break Claws on other platforms when trying to import an accountrc from OpenBSD with unencrypted passwords. That would be A Bad Thing. /jl -- ASCII ribbon campaign ( ) Powered by Lemote Fuloong against HTML e-mail X Loongson MIPS and OpenBSD and proprietary/ \http://www.mutt.org attachments / \ Code Blue or Go Home! Encrypted email preferred PGP Key 2048R/DA65BC04
Re: claws-mail: stop using encrypt()
On 2014/12/18 12:38, Christian Weisgerber wrote: > On 2014-12-17, Stuart Henderson wrote: > > > claws-mail uses encrypt() for password obfuscation in the saved config > > file (.claws-mail/accountrc), which was removed from libc. > > > > So an alternative diff below. It isn't particularly nice but does > > unbreak the port... Does anyone have a better idea? > > Doesn't changing the obfuscation, including removing it, mean that > a user's saved passwords are now lost? Yes. I suppose the other option would be to add the removed DES code as a patch in the port..
Re: claws-mail: stop using encrypt()
On 2014-12-17, Stuart Henderson wrote: > claws-mail uses encrypt() for password obfuscation in the saved config > file (.claws-mail/accountrc), which was removed from libc. > > So an alternative diff below. It isn't particularly nice but does > unbreak the port... Does anyone have a better idea? Doesn't changing the obfuscation, including removing it, mean that a user's saved passwords are now lost? -- Christian "naddy" Weisgerber na...@mips.inka.de
