[OE-core] [PATCH 10/18] ppp: Use openssl for the DES instead of the libcrypt / glibc

Khem Raj raj.khem at gmail.com
Wed Aug 8 17:00:56 UTC 2018 

Looking a bit more I see that ppp upstream has switched to using
openssl as well see
https://github.com/paulusmack/ppp/commit/3c7b86229f7bd2600d74db14b1fe5b3896be3875

so we are inline

secondly, using libxcrypt would either mean that we enable obsolete
APIs to support existing functionality in ppp. I would not like to do
that, infact eventually I would suggest to even disable weak hashes as
we move along.
This also would mean at one point we have to switch back to whatever
upstream ppp is doing when we upgrade ppp.This will be throw away
work.


On Wed, Aug 8, 2018 at 8:15 AM Burton, Ross <ross.burton at intel.com> wrote:
>
> My understanding is that libxcrypt was basically the crypto pieces
> ripped out of glibc, but the github page lists DES as an implemented
> algorithm.
>
> Ross
>
> On 8 August 2018 at 16:01, Khem Raj <raj.khem at gmail.com> wrote:
> > Does it provide DES implementation I am not sure but if it does then it
> > might be another option
> >
> > On Wed, Aug 8, 2018 at 3:40 AM Burton, Ross <ross.burton at intel.com> wrote:
> >>
> >> Why not use libxcrypt?
> >>
> >> Ross
> >>
> >> On 6 August 2018 at 23:57, Khem Raj <raj.khem at gmail.com> wrote:
> >> > Signed-off-by: Khem Raj <raj.khem at gmail.com>
> >> > ---
> >> >  .../ppp/ppp/ppp-2.4.7-DES-openssl.patch       | 84 +++++++++++++++++++
> >> >  meta/recipes-connectivity/ppp/ppp_2.4.7.bb    |  5 +-
> >> >  2 files changed, 87 insertions(+), 2 deletions(-)
> >> >  create mode 100644
> >> > meta/recipes-connectivity/ppp/ppp/ppp-2.4.7-DES-openssl.patch
> >> >
> >> > diff --git
> >> > a/meta/recipes-connectivity/ppp/ppp/ppp-2.4.7-DES-openssl.patch
> >> > b/meta/recipes-connectivity/ppp/ppp/ppp-2.4.7-DES-openssl.patch
> >> > new file mode 100644
> >> > index 0000000000..e53f240543
> >> > --- /dev/null
> >> > +++ b/meta/recipes-connectivity/ppp/ppp/ppp-2.4.7-DES-openssl.patch
> >> > @@ -0,0 +1,84 @@
> >> > +Used openssl for the DES instead of the libcrypt / glibc
> >> > +
> >> > +Upstream-Status: Pending
> >> > +
> >> > +Signed-off-by: Khem Raj <raj.khem at gmail.com>
> >> > +
> >> > +Index: ppp-2.4.7/pppd/Makefile.linux
> >> > +===================================================================
> >> > +--- ppp-2.4.7.orig/pppd/Makefile.linux
> >> > ++++ ppp-2.4.7/pppd/Makefile.linux
> >> > +@@ -38,7 +38,7 @@ LIBS =
> >> > + # Uncomment the next 2 lines to include support for Microsoft's
> >> > + # MS-CHAP authentication protocol.  Also, edit
> >> > plugins/radius/Makefile.linux.
> >> > + CHAPMS=y
> >> > +-USE_CRYPT=y
> >> > ++#USE_CRYPT=y
> >> > + # Don't use MSLANMAN unless you really know what you're doing.
> >> > + #MSLANMAN=y
> >> > + # Uncomment the next line to include support for MPPE.  CHAPMS (above)
> >> > must
> >> > +@@ -132,7 +132,7 @@ endif
> >> > +
> >> > + ifdef NEEDDES
> >> > + ifndef USE_CRYPT
> >> > +-LIBS     += -ldes $(LIBS)
> >> > ++LIBS     += -lcrypto
> >> > + else
> >> > + CFLAGS   += -DUSE_CRYPT=1
> >> > + endif
> >> > +Index: ppp-2.4.7/pppd/pppcrypt.c
> >> > +===================================================================
> >> > +--- ppp-2.4.7.orig/pppd/pppcrypt.c
> >> > ++++ ppp-2.4.7/pppd/pppcrypt.c
> >> > +@@ -64,7 +64,7 @@ u_char *des_key;     /* OUT 64 bit DES key w
> >> > +       des_key[7] = Get7Bits(key, 49);
> >> > +
> >> > + #ifndef USE_CRYPT
> >> > +-      des_set_odd_parity((des_cblock *)des_key);
> >> > ++      DES_set_odd_parity((DES_cblock *)des_key);
> >> > + #endif
> >> > + }
> >> > +
> >> > +@@ -158,25 +158,25 @@ u_char *clear;   /* OUT 8 octets */
> >> > + }
> >> > +
> >> > + #else /* USE_CRYPT */
> >> > +-static des_key_schedule       key_schedule;
> >> > ++static DES_key_schedule       key_schedule;
> >> > +
> >> > + bool
> >> > + DesSetkey(key)
> >> > + u_char *key;
> >> > + {
> >> > +-      des_cblock des_key;
> >> > ++      DES_cblock des_key;
> >> > +       MakeKey(key, des_key);
> >> > +-      des_set_key(&des_key, key_schedule);
> >> > ++      DES_set_key(&des_key, &key_schedule);
> >> > +       return (1);
> >> > + }
> >> > +
> >> > + bool
> >> > +-DesEncrypt(clear, key, cipher)
> >> > ++DesEncrypt(clear, cipher)
> >> > + u_char *clear;        /* IN  8 octets */
> >> > + u_char *cipher;       /* OUT 8 octets */
> >> > + {
> >> > +-      des_ecb_encrypt((des_cblock *)clear, (des_cblock *)cipher,
> >> > +-          key_schedule, 1);
> >> > ++      DES_ecb_encrypt((DES_cblock *)clear, (DES_cblock *)cipher,
> >> > ++          &key_schedule, 1);
> >> > +       return (1);
> >> > + }
> >> > +
> >> > +@@ -185,8 +185,8 @@ DesDecrypt(cipher, clear)
> >> > + u_char *cipher;       /* IN  8 octets */
> >> > + u_char *clear;        /* OUT 8 octets */
> >> > + {
> >> > +-      des_ecb_encrypt((des_cblock *)cipher, (des_cblock *)clear,
> >> > +-          key_schedule, 0);
> >> > ++      DES_ecb_encrypt((DES_cblock *)cipher, (DES_cblock *)clear,
> >> > ++          &key_schedule, 0);
> >> > +       return (1);
> >> > + }
> >> > +
> >> > diff --git a/meta/recipes-connectivity/ppp/ppp_2.4.7.bb
> >> > b/meta/recipes-connectivity/ppp/ppp_2.4.7.bb
> >> > index a1bb7d71c1..f4646bd693 100644
> >> > --- a/meta/recipes-connectivity/ppp/ppp_2.4.7.bb
> >> > +++ b/meta/recipes-connectivity/ppp/ppp_2.4.7.bb
> >> > @@ -4,7 +4,7 @@ the Point-to-Point Protocol (PPP) on Linux and Solaris
> >> > systems."
> >> >  SECTION = "console/network"
> >> >  HOMEPAGE = "http://samba.org/ppp/"
> >> >  BUGTRACKER = "http://ppp.samba.org/cgi-bin/ppp-bugs"
> >> > -DEPENDS = "libpcap"
> >> > +DEPENDS = "libpcap openssl"
> >> >  LICENSE = "BSD & GPLv2+ & LGPLv2+ & PD"
> >> >  LIC_FILES_CHKSUM =
> >> > "file://pppd/ccp.c;beginline=1;endline=29;md5=e2c43fe6e81ff77d87dc9c290a424dea
> >> > \
> >> >
> >> > file://pppd/plugins/passprompt.c;beginline=1;endline=10;md5=3bcbcdbf0e369c9a3e0b8c8275b065d8
> >> > \
> >> > @@ -32,6 +32,7 @@ SRC_URI =
> >> > "https://download.samba.org/pub/${BPN}/${BP}.tar.gz \
> >> >             file://fix-CVE-2015-3310.patch \
> >> >
> >> > file://0001-pppoe-include-netinet-in.h-before-linux-in.h.patch \
> >> >             file://0001-ppp-Remove-unneeded-include.patch \
> >> > +           file://ppp-2.4.7-DES-openssl.patch \
> >> >  "
> >> >
> >> >  SRC_URI_append_libc-musl = "\
> >> > @@ -49,7 +50,7 @@ EXTRA_OECONF = "--disable-strip"
> >> >  # Package Makefile computes CFLAGS, referencing COPTS.
> >> >  # Typically hard-coded to '-O2 -g' in the Makefile's.
> >> >  #
> >> > -EXTRA_OEMAKE += ' COPTS="${CFLAGS} -I${S}/include"'
> >> > +EXTRA_OEMAKE += ' COPTS="${CFLAGS} -I${STAGING_INCDIR}/openssl
> >> > -I${S}/include"'
> >> >
> >> >  do_configure () {
> >> >         oe_runconf
> >> > --
> >> > 2.18.0
> >> >
> >> > --
> >> > _______________________________________________
> >> > Openembedded-core mailing list
> >> > Openembedded-core at lists.openembedded.org
> >> > http://lists.openembedded.org/mailman/listinfo/openembedded-core

More information about the Openembedded-core mailing list