Message ID | 06c361481025023e6ad962759e5968bd9c19c0b7.1533595822.git.raj.khem@gmail.com |
---|---|
State | Superseded |
Headers | show |
Series | Update to glibc 2.28 | expand |
Why not use libxcrypt? Ross On 6 August 2018 at 23:57, Khem Raj <raj.khem@gmail.com> wrote: > Signed-off-by: Khem Raj <raj.khem@gmail.com> > --- > .../ppp/ppp/ppp-2.4.7-DES-openssl.patch | 84 +++++++++++++++++++ > meta/recipes-connectivity/ppp/ppp_2.4.7.bb | 5 +- > 2 files changed, 87 insertions(+), 2 deletions(-) > create mode 100644 meta/recipes-connectivity/ppp/ppp/ppp-2.4.7-DES-openssl.patch > > diff --git a/meta/recipes-connectivity/ppp/ppp/ppp-2.4.7-DES-openssl.patch b/meta/recipes-connectivity/ppp/ppp/ppp-2.4.7-DES-openssl.patch > new file mode 100644 > index 0000000000..e53f240543 > --- /dev/null > +++ b/meta/recipes-connectivity/ppp/ppp/ppp-2.4.7-DES-openssl.patch > @@ -0,0 +1,84 @@ > +Used openssl for the DES instead of the libcrypt / glibc > + > +Upstream-Status: Pending > + > +Signed-off-by: Khem Raj <raj.khem@gmail.com> > + > +Index: ppp-2.4.7/pppd/Makefile.linux > +=================================================================== > +--- ppp-2.4.7.orig/pppd/Makefile.linux > ++++ ppp-2.4.7/pppd/Makefile.linux > +@@ -38,7 +38,7 @@ LIBS = > + # Uncomment the next 2 lines to include support for Microsoft's > + # MS-CHAP authentication protocol. Also, edit plugins/radius/Makefile.linux. > + CHAPMS=y > +-USE_CRYPT=y > ++#USE_CRYPT=y > + # Don't use MSLANMAN unless you really know what you're doing. > + #MSLANMAN=y > + # Uncomment the next line to include support for MPPE. CHAPMS (above) must > +@@ -132,7 +132,7 @@ endif > + > + ifdef NEEDDES > + ifndef USE_CRYPT > +-LIBS += -ldes $(LIBS) > ++LIBS += -lcrypto > + else > + CFLAGS += -DUSE_CRYPT=1 > + endif > +Index: ppp-2.4.7/pppd/pppcrypt.c > +=================================================================== > +--- ppp-2.4.7.orig/pppd/pppcrypt.c > ++++ ppp-2.4.7/pppd/pppcrypt.c > +@@ -64,7 +64,7 @@ u_char *des_key; /* OUT 64 bit DES key w > + des_key[7] = Get7Bits(key, 49); > + > + #ifndef USE_CRYPT > +- des_set_odd_parity((des_cblock *)des_key); > ++ DES_set_odd_parity((DES_cblock *)des_key); > + #endif > + } > + > +@@ -158,25 +158,25 @@ u_char *clear; /* OUT 8 octets */ > + } > + > + #else /* USE_CRYPT */ > +-static des_key_schedule key_schedule; > ++static DES_key_schedule key_schedule; > + > + bool > + DesSetkey(key) > + u_char *key; > + { > +- des_cblock des_key; > ++ DES_cblock des_key; > + MakeKey(key, des_key); > +- des_set_key(&des_key, key_schedule); > ++ DES_set_key(&des_key, &key_schedule); > + return (1); > + } > + > + bool > +-DesEncrypt(clear, key, cipher) > ++DesEncrypt(clear, cipher) > + u_char *clear; /* IN 8 octets */ > + u_char *cipher; /* OUT 8 octets */ > + { > +- des_ecb_encrypt((des_cblock *)clear, (des_cblock *)cipher, > +- key_schedule, 1); > ++ DES_ecb_encrypt((DES_cblock *)clear, (DES_cblock *)cipher, > ++ &key_schedule, 1); > + return (1); > + } > + > +@@ -185,8 +185,8 @@ DesDecrypt(cipher, clear) > + u_char *cipher; /* IN 8 octets */ > + u_char *clear; /* OUT 8 octets */ > + { > +- des_ecb_encrypt((des_cblock *)cipher, (des_cblock *)clear, > +- key_schedule, 0); > ++ DES_ecb_encrypt((DES_cblock *)cipher, (DES_cblock *)clear, > ++ &key_schedule, 0); > + return (1); > + } > + > diff --git a/meta/recipes-connectivity/ppp/ppp_2.4.7.bb b/meta/recipes-connectivity/ppp/ppp_2.4.7.bb > index a1bb7d71c1..f4646bd693 100644 > --- a/meta/recipes-connectivity/ppp/ppp_2.4.7.bb > +++ b/meta/recipes-connectivity/ppp/ppp_2.4.7.bb > @@ -4,7 +4,7 @@ the Point-to-Point Protocol (PPP) on Linux and Solaris systems." > SECTION = "console/network" > HOMEPAGE = "http://samba.org/ppp/" > BUGTRACKER = "http://ppp.samba.org/cgi-bin/ppp-bugs" > -DEPENDS = "libpcap" > +DEPENDS = "libpcap openssl" > LICENSE = "BSD & GPLv2+ & LGPLv2+ & PD" > LIC_FILES_CHKSUM = "file://pppd/ccp.c;beginline=1;endline=29;md5=e2c43fe6e81ff77d87dc9c290a424dea \ > file://pppd/plugins/passprompt.c;beginline=1;endline=10;md5=3bcbcdbf0e369c9a3e0b8c8275b065d8 \ > @@ -32,6 +32,7 @@ SRC_URI = "https://download.samba.org/pub/${BPN}/${BP}.tar.gz \ > file://fix-CVE-2015-3310.patch \ > file://0001-pppoe-include-netinet-in.h-before-linux-in.h.patch \ > file://0001-ppp-Remove-unneeded-include.patch \ > + file://ppp-2.4.7-DES-openssl.patch \ > " > > SRC_URI_append_libc-musl = "\ > @@ -49,7 +50,7 @@ EXTRA_OECONF = "--disable-strip" > # Package Makefile computes CFLAGS, referencing COPTS. > # Typically hard-coded to '-O2 -g' in the Makefile's. > # > -EXTRA_OEMAKE += ' COPTS="${CFLAGS} -I${S}/include"' > +EXTRA_OEMAKE += ' COPTS="${CFLAGS} -I${STAGING_INCDIR}/openssl -I${S}/include"' > > do_configure () { > oe_runconf > -- > 2.18.0 > > -- > _______________________________________________ > Openembedded-core mailing list > Openembedded-core@lists.openembedded.org > http://lists.openembedded.org/mailman/listinfo/openembedded-core -- _______________________________________________ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
Does it provide DES implementation I am not sure but if it does then it might be another option On Wed, Aug 8, 2018 at 3:40 AM Burton, Ross <ross.burton@intel.com> wrote: > Why not use libxcrypt? > > Ross > > On 6 August 2018 at 23:57, Khem Raj <raj.khem@gmail.com> wrote: > > Signed-off-by: Khem Raj <raj.khem@gmail.com> > > --- > > .../ppp/ppp/ppp-2.4.7-DES-openssl.patch | 84 +++++++++++++++++++ > > meta/recipes-connectivity/ppp/ppp_2.4.7.bb | 5 +- > > 2 files changed, 87 insertions(+), 2 deletions(-) > > create mode 100644 > meta/recipes-connectivity/ppp/ppp/ppp-2.4.7-DES-openssl.patch > > > > diff --git > a/meta/recipes-connectivity/ppp/ppp/ppp-2.4.7-DES-openssl.patch > b/meta/recipes-connectivity/ppp/ppp/ppp-2.4.7-DES-openssl.patch > > new file mode 100644 > > index 0000000000..e53f240543 > > --- /dev/null > > +++ b/meta/recipes-connectivity/ppp/ppp/ppp-2.4.7-DES-openssl.patch > > @@ -0,0 +1,84 @@ > > +Used openssl for the DES instead of the libcrypt / glibc > > + > > +Upstream-Status: Pending > > + > > +Signed-off-by: Khem Raj <raj.khem@gmail.com> > > + > > +Index: ppp-2.4.7/pppd/Makefile.linux > > +=================================================================== > > +--- ppp-2.4.7.orig/pppd/Makefile.linux > > ++++ ppp-2.4.7/pppd/Makefile.linux > > +@@ -38,7 +38,7 @@ LIBS = > > + # Uncomment the next 2 lines to include support for Microsoft's > > + # MS-CHAP authentication protocol. Also, edit > plugins/radius/Makefile.linux. > > + CHAPMS=y > > +-USE_CRYPT=y > > ++#USE_CRYPT=y > > + # Don't use MSLANMAN unless you really know what you're doing. > > + #MSLANMAN=y > > + # Uncomment the next line to include support for MPPE. CHAPMS (above) > must > > +@@ -132,7 +132,7 @@ endif > > + > > + ifdef NEEDDES > > + ifndef USE_CRYPT > > +-LIBS += -ldes $(LIBS) > > ++LIBS += -lcrypto > > + else > > + CFLAGS += -DUSE_CRYPT=1 > > + endif > > +Index: ppp-2.4.7/pppd/pppcrypt.c > > +=================================================================== > > +--- ppp-2.4.7.orig/pppd/pppcrypt.c > > ++++ ppp-2.4.7/pppd/pppcrypt.c > > +@@ -64,7 +64,7 @@ u_char *des_key; /* OUT 64 bit DES key w > > + des_key[7] = Get7Bits(key, 49); > > + > > + #ifndef USE_CRYPT > > +- des_set_odd_parity((des_cblock *)des_key); > > ++ DES_set_odd_parity((DES_cblock *)des_key); > > + #endif > > + } > > + > > +@@ -158,25 +158,25 @@ u_char *clear; /* OUT 8 octets */ > > + } > > + > > + #else /* USE_CRYPT */ > > +-static des_key_schedule key_schedule; > > ++static DES_key_schedule key_schedule; > > + > > + bool > > + DesSetkey(key) > > + u_char *key; > > + { > > +- des_cblock des_key; > > ++ DES_cblock des_key; > > + MakeKey(key, des_key); > > +- des_set_key(&des_key, key_schedule); > > ++ DES_set_key(&des_key, &key_schedule); > > + return (1); > > + } > > + > > + bool > > +-DesEncrypt(clear, key, cipher) > > ++DesEncrypt(clear, cipher) > > + u_char *clear; /* IN 8 octets */ > > + u_char *cipher; /* OUT 8 octets */ > > + { > > +- des_ecb_encrypt((des_cblock *)clear, (des_cblock *)cipher, > > +- key_schedule, 1); > > ++ DES_ecb_encrypt((DES_cblock *)clear, (DES_cblock *)cipher, > > ++ &key_schedule, 1); > > + return (1); > > + } > > + > > +@@ -185,8 +185,8 @@ DesDecrypt(cipher, clear) > > + u_char *cipher; /* IN 8 octets */ > > + u_char *clear; /* OUT 8 octets */ > > + { > > +- des_ecb_encrypt((des_cblock *)cipher, (des_cblock *)clear, > > +- key_schedule, 0); > > ++ DES_ecb_encrypt((DES_cblock *)cipher, (DES_cblock *)clear, > > ++ &key_schedule, 0); > > + return (1); > > + } > > + > > diff --git a/meta/recipes-connectivity/ppp/ppp_2.4.7.bb > b/meta/recipes-connectivity/ppp/ppp_2.4.7.bb > > index a1bb7d71c1..f4646bd693 100644 > > --- a/meta/recipes-connectivity/ppp/ppp_2.4.7.bb > > +++ b/meta/recipes-connectivity/ppp/ppp_2.4.7.bb > > @@ -4,7 +4,7 @@ the Point-to-Point Protocol (PPP) on Linux and Solaris > systems." > > SECTION = "console/network" > > HOMEPAGE = "http://samba.org/ppp/" > > BUGTRACKER = "http://ppp.samba.org/cgi-bin/ppp-bugs" > > -DEPENDS = "libpcap" > > +DEPENDS = "libpcap openssl" > > LICENSE = "BSD & GPLv2+ & LGPLv2+ & PD" > > LIC_FILES_CHKSUM = > "file://pppd/ccp.c;beginline=1;endline=29;md5=e2c43fe6e81ff77d87dc9c290a424dea > \ > > > file://pppd/plugins/passprompt.c;beginline=1;endline=10;md5=3bcbcdbf0e369c9a3e0b8c8275b065d8 > \ > > @@ -32,6 +32,7 @@ SRC_URI = " > https://download.samba.org/pub/${BPN}/${BP}.tar.gz \ > > file://fix-CVE-2015-3310.patch \ > > > file://0001-pppoe-include-netinet-in.h-before-linux-in.h.patch \ > > file://0001-ppp-Remove-unneeded-include.patch \ > > + file://ppp-2.4.7-DES-openssl.patch \ > > " > > > > SRC_URI_append_libc-musl = "\ > > @@ -49,7 +50,7 @@ EXTRA_OECONF = "--disable-strip" > > # Package Makefile computes CFLAGS, referencing COPTS. > > # Typically hard-coded to '-O2 -g' in the Makefile's. > > # > > -EXTRA_OEMAKE += ' COPTS="${CFLAGS} -I${S}/include"' > > +EXTRA_OEMAKE += ' COPTS="${CFLAGS} -I${STAGING_INCDIR}/openssl > -I${S}/include"' > > > > do_configure () { > > oe_runconf > > -- > > 2.18.0 > > > > -- > > _______________________________________________ > > Openembedded-core mailing list > > Openembedded-core@lists.openembedded.org > > http://lists.openembedded.org/mailman/listinfo/openembedded-core > <div><div dir="auto">Does it provide DES implementation I am not sure but if it does then it might be another option </div></div><div><br><div class="gmail_quote"><div dir="ltr">On Wed, Aug 8, 2018 at 3:40 AM Burton, Ross <<a href="mailto:ross.burton@intel.com">ross.burton@intel.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Why not use libxcrypt?<br> <br> Ross<br> <br> On 6 August 2018 at 23:57, Khem Raj <<a href="mailto:raj.khem@gmail.com" target="_blank">raj.khem@gmail.com</a>> wrote:<br> > Signed-off-by: Khem Raj <<a href="mailto:raj.khem@gmail.com" target="_blank">raj.khem@gmail.com</a>><br> > ---<br> > .../ppp/ppp/ppp-2.4.7-DES-openssl.patch | 84 +++++++++++++++++++<br> > meta/recipes-connectivity/ppp/<a href="http://ppp_2.4.7.bb" rel="noreferrer" target="_blank">ppp_2.4.7.bb</a> | 5 +-<br> > 2 files changed, 87 insertions(+), 2 deletions(-)<br> > create mode 100644 meta/recipes-connectivity/ppp/ppp/ppp-2.4.7-DES-openssl.patch<br> ><br> > diff --git a/meta/recipes-connectivity/ppp/ppp/ppp-2.4.7-DES-openssl.patch b/meta/recipes-connectivity/ppp/ppp/ppp-2.4.7-DES-openssl.patch<br> > new file mode 100644<br> > index 0000000000..e53f240543<br> > --- /dev/null<br> > +++ b/meta/recipes-connectivity/ppp/ppp/ppp-2.4.7-DES-openssl.patch<br> > @@ -0,0 +1,84 @@<br> > +Used openssl for the DES instead of the libcrypt / glibc<br> > +<br> > +Upstream-Status: Pending<br> > +<br> > +Signed-off-by: Khem Raj <<a href="mailto:raj.khem@gmail.com" target="_blank">raj.khem@gmail.com</a>><br> > +<br> > +Index: ppp-2.4.7/pppd/Makefile.linux<br> > +===================================================================<br> > +--- ppp-2.4.7.orig/pppd/Makefile.linux<br> > ++++ ppp-2.4.7/pppd/Makefile.linux<br> > +@@ -38,7 +38,7 @@ LIBS =<br> > + # Uncomment the next 2 lines to include support for Microsoft's<br> > + # MS-CHAP authentication protocol. Also, edit plugins/radius/Makefile.linux.<br> > + CHAPMS=y<br> > +-USE_CRYPT=y<br> > ++#USE_CRYPT=y<br> > + # Don't use MSLANMAN unless you really know what you're doing.<br> > + #MSLANMAN=y<br> > + # Uncomment the next line to include support for MPPE. CHAPMS (above) must<br> > +@@ -132,7 +132,7 @@ endif<br> > +<br> > + ifdef NEEDDES<br> > + ifndef USE_CRYPT<br> > +-LIBS += -ldes $(LIBS)<br> > ++LIBS += -lcrypto<br> > + else<br> > + CFLAGS += -DUSE_CRYPT=1<br> > + endif<br> > +Index: ppp-2.4.7/pppd/pppcrypt.c<br> > +===================================================================<br> > +--- ppp-2.4.7.orig/pppd/pppcrypt.c<br> > ++++ ppp-2.4.7/pppd/pppcrypt.c<br> > +@@ -64,7 +64,7 @@ u_char *des_key; /* OUT 64 bit DES key w<br> > + des_key[7] = Get7Bits(key, 49);<br> > +<br> > + #ifndef USE_CRYPT<br> > +- des_set_odd_parity((des_cblock *)des_key);<br> > ++ DES_set_odd_parity((DES_cblock *)des_key);<br> > + #endif<br> > + }<br> > +<br> > +@@ -158,25 +158,25 @@ u_char *clear; /* OUT 8 octets */<br> > + }<br> > +<br> > + #else /* USE_CRYPT */<br> > +-static des_key_schedule key_schedule;<br> > ++static DES_key_schedule key_schedule;<br> > +<br> > + bool<br> > + DesSetkey(key)<br> > + u_char *key;<br> > + {<br> > +- des_cblock des_key;<br> > ++ DES_cblock des_key;<br> > + MakeKey(key, des_key);<br> > +- des_set_key(&des_key, key_schedule);<br> > ++ DES_set_key(&des_key, &key_schedule);<br> > + return (1);<br> > + }<br> > +<br> > + bool<br> > +-DesEncrypt(clear, key, cipher)<br> > ++DesEncrypt(clear, cipher)<br> > + u_char *clear; /* IN 8 octets */<br> > + u_char *cipher; /* OUT 8 octets */<br> > + {<br> > +- des_ecb_encrypt((des_cblock *)clear, (des_cblock *)cipher,<br> > +- key_schedule, 1);<br> > ++ DES_ecb_encrypt((DES_cblock *)clear, (DES_cblock *)cipher,<br> > ++ &key_schedule, 1);<br> > + return (1);<br> > + }<br> > +<br> > +@@ -185,8 +185,8 @@ DesDecrypt(cipher, clear)<br> > + u_char *cipher; /* IN 8 octets */<br> > + u_char *clear; /* OUT 8 octets */<br> > + {<br> > +- des_ecb_encrypt((des_cblock *)cipher, (des_cblock *)clear,<br> > +- key_schedule, 0);<br> > ++ DES_ecb_encrypt((DES_cblock *)cipher, (DES_cblock *)clear,<br> > ++ &key_schedule, 0);<br> > + return (1);<br> > + }<br> > +<br> > diff --git a/meta/recipes-connectivity/ppp/<a href="http://ppp_2.4.7.bb" rel="noreferrer" target="_blank">ppp_2.4.7.bb</a> b/meta/recipes-connectivity/ppp/<a href="http://ppp_2.4.7.bb" rel="noreferrer" target="_blank">ppp_2.4.7.bb</a><br> > index a1bb7d71c1..f4646bd693 100644<br> > --- a/meta/recipes-connectivity/ppp/<a href="http://ppp_2.4.7.bb" rel="noreferrer" target="_blank">ppp_2.4.7.bb</a><br> > +++ b/meta/recipes-connectivity/ppp/<a href="http://ppp_2.4.7.bb" rel="noreferrer" target="_blank">ppp_2.4.7.bb</a><br> > @@ -4,7 +4,7 @@ the Point-to-Point Protocol (PPP) on Linux and Solaris systems."<br> > SECTION = "console/network"<br> > HOMEPAGE = "<a href="http://samba.org/ppp/" rel="noreferrer" target="_blank">http://samba.org/ppp/</a>"<br> > BUGTRACKER = "<a href="http://ppp.samba.org/cgi-bin/ppp-bugs" rel="noreferrer" target="_blank">http://ppp.samba.org/cgi-bin/ppp-bugs</a>"<br> > -DEPENDS = "libpcap"<br> > +DEPENDS = "libpcap openssl"<br> > LICENSE = "BSD & GPLv2+ & LGPLv2+ & PD"<br> > LIC_FILES_CHKSUM = "file://pppd/ccp.c;beginline=1;endline=29;md5=e2c43fe6e81ff77d87dc9c290a424dea \<br> > file://pppd/plugins/passprompt.c;beginline=1;endline=10;md5=3bcbcdbf0e369c9a3e0b8c8275b065d8 \<br> > @@ -32,6 +32,7 @@ SRC_URI = "<a href="https://download.samba.org/pub/$%7BBPN%7D/$%7BBP%7D.tar.gz" rel="noreferrer" target="_blank">https://download.samba.org/pub/${BPN}/${BP}.tar.gz</a> \<br> > file://fix-CVE-2015-3310.patch \<br> > file://0001-pppoe-include-netinet-in.h-before-linux-in.h.patch \<br> > file://0001-ppp-Remove-unneeded-include.patch \<br> > + file://ppp-2.4.7-DES-openssl.patch \<br> > "<br> ><br> > SRC_URI_append_libc-musl = "\<br> > @@ -49,7 +50,7 @@ EXTRA_OECONF = "--disable-strip"<br> > # Package Makefile computes CFLAGS, referencing COPTS.<br> > # Typically hard-coded to '-O2 -g' in the Makefile's.<br> > #<br> > -EXTRA_OEMAKE += ' COPTS="${CFLAGS} -I${S}/include"'<br> > +EXTRA_OEMAKE += ' COPTS="${CFLAGS} -I${STAGING_INCDIR}/openssl -I${S}/include"'<br> ><br> > do_configure () {<br> > oe_runconf<br> > --<br> > 2.18.0<br> ><br> > --<br> > _______________________________________________<br> > Openembedded-core mailing list<br> > <a href="mailto:Openembedded-core@lists.openembedded.org" target="_blank">Openembedded-core@lists.openembedded.org</a><br> > <a href="http://lists.openembedded.org/mailman/listinfo/openembedded-core" rel="noreferrer" target="_blank">http://lists.openembedded.org/mailman/listinfo/openembedded-core</a><br> </blockquote></div></div> -- _______________________________________________ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
My understanding is that libxcrypt was basically the crypto pieces ripped out of glibc, but the github page lists DES as an implemented algorithm. Ross On 8 August 2018 at 16:01, Khem Raj <raj.khem@gmail.com> wrote: > Does it provide DES implementation I am not sure but if it does then it > might be another option > > On Wed, Aug 8, 2018 at 3:40 AM Burton, Ross <ross.burton@intel.com> wrote: >> >> Why not use libxcrypt? >> >> Ross >> >> On 6 August 2018 at 23:57, Khem Raj <raj.khem@gmail.com> wrote: >> > Signed-off-by: Khem Raj <raj.khem@gmail.com> >> > --- >> > .../ppp/ppp/ppp-2.4.7-DES-openssl.patch | 84 +++++++++++++++++++ >> > meta/recipes-connectivity/ppp/ppp_2.4.7.bb | 5 +- >> > 2 files changed, 87 insertions(+), 2 deletions(-) >> > create mode 100644 >> > meta/recipes-connectivity/ppp/ppp/ppp-2.4.7-DES-openssl.patch >> > >> > diff --git >> > a/meta/recipes-connectivity/ppp/ppp/ppp-2.4.7-DES-openssl.patch >> > b/meta/recipes-connectivity/ppp/ppp/ppp-2.4.7-DES-openssl.patch >> > new file mode 100644 >> > index 0000000000..e53f240543 >> > --- /dev/null >> > +++ b/meta/recipes-connectivity/ppp/ppp/ppp-2.4.7-DES-openssl.patch >> > @@ -0,0 +1,84 @@ >> > +Used openssl for the DES instead of the libcrypt / glibc >> > + >> > +Upstream-Status: Pending >> > + >> > +Signed-off-by: Khem Raj <raj.khem@gmail.com> >> > + >> > +Index: ppp-2.4.7/pppd/Makefile.linux >> > +=================================================================== >> > +--- ppp-2.4.7.orig/pppd/Makefile.linux >> > ++++ ppp-2.4.7/pppd/Makefile.linux >> > +@@ -38,7 +38,7 @@ LIBS = >> > + # Uncomment the next 2 lines to include support for Microsoft's >> > + # MS-CHAP authentication protocol. Also, edit >> > plugins/radius/Makefile.linux. >> > + CHAPMS=y >> > +-USE_CRYPT=y >> > ++#USE_CRYPT=y >> > + # Don't use MSLANMAN unless you really know what you're doing. >> > + #MSLANMAN=y >> > + # Uncomment the next line to include support for MPPE. CHAPMS (above) >> > must >> > +@@ -132,7 +132,7 @@ endif >> > + >> > + ifdef NEEDDES >> > + ifndef USE_CRYPT >> > +-LIBS += -ldes $(LIBS) >> > ++LIBS += -lcrypto >> > + else >> > + CFLAGS += -DUSE_CRYPT=1 >> > + endif >> > +Index: ppp-2.4.7/pppd/pppcrypt.c >> > +=================================================================== >> > +--- ppp-2.4.7.orig/pppd/pppcrypt.c >> > ++++ ppp-2.4.7/pppd/pppcrypt.c >> > +@@ -64,7 +64,7 @@ u_char *des_key; /* OUT 64 bit DES key w >> > + des_key[7] = Get7Bits(key, 49); >> > + >> > + #ifndef USE_CRYPT >> > +- des_set_odd_parity((des_cblock *)des_key); >> > ++ DES_set_odd_parity((DES_cblock *)des_key); >> > + #endif >> > + } >> > + >> > +@@ -158,25 +158,25 @@ u_char *clear; /* OUT 8 octets */ >> > + } >> > + >> > + #else /* USE_CRYPT */ >> > +-static des_key_schedule key_schedule; >> > ++static DES_key_schedule key_schedule; >> > + >> > + bool >> > + DesSetkey(key) >> > + u_char *key; >> > + { >> > +- des_cblock des_key; >> > ++ DES_cblock des_key; >> > + MakeKey(key, des_key); >> > +- des_set_key(&des_key, key_schedule); >> > ++ DES_set_key(&des_key, &key_schedule); >> > + return (1); >> > + } >> > + >> > + bool >> > +-DesEncrypt(clear, key, cipher) >> > ++DesEncrypt(clear, cipher) >> > + u_char *clear; /* IN 8 octets */ >> > + u_char *cipher; /* OUT 8 octets */ >> > + { >> > +- des_ecb_encrypt((des_cblock *)clear, (des_cblock *)cipher, >> > +- key_schedule, 1); >> > ++ DES_ecb_encrypt((DES_cblock *)clear, (DES_cblock *)cipher, >> > ++ &key_schedule, 1); >> > + return (1); >> > + } >> > + >> > +@@ -185,8 +185,8 @@ DesDecrypt(cipher, clear) >> > + u_char *cipher; /* IN 8 octets */ >> > + u_char *clear; /* OUT 8 octets */ >> > + { >> > +- des_ecb_encrypt((des_cblock *)cipher, (des_cblock *)clear, >> > +- key_schedule, 0); >> > ++ DES_ecb_encrypt((DES_cblock *)cipher, (DES_cblock *)clear, >> > ++ &key_schedule, 0); >> > + return (1); >> > + } >> > + >> > diff --git a/meta/recipes-connectivity/ppp/ppp_2.4.7.bb >> > b/meta/recipes-connectivity/ppp/ppp_2.4.7.bb >> > index a1bb7d71c1..f4646bd693 100644 >> > --- a/meta/recipes-connectivity/ppp/ppp_2.4.7.bb >> > +++ b/meta/recipes-connectivity/ppp/ppp_2.4.7.bb >> > @@ -4,7 +4,7 @@ the Point-to-Point Protocol (PPP) on Linux and Solaris >> > systems." >> > SECTION = "console/network" >> > HOMEPAGE = "http://samba.org/ppp/" >> > BUGTRACKER = "http://ppp.samba.org/cgi-bin/ppp-bugs" >> > -DEPENDS = "libpcap" >> > +DEPENDS = "libpcap openssl" >> > LICENSE = "BSD & GPLv2+ & LGPLv2+ & PD" >> > LIC_FILES_CHKSUM = >> > "file://pppd/ccp.c;beginline=1;endline=29;md5=e2c43fe6e81ff77d87dc9c290a424dea >> > \ >> > >> > file://pppd/plugins/passprompt.c;beginline=1;endline=10;md5=3bcbcdbf0e369c9a3e0b8c8275b065d8 >> > \ >> > @@ -32,6 +32,7 @@ SRC_URI = >> > "https://download.samba.org/pub/${BPN}/${BP}.tar.gz \ >> > file://fix-CVE-2015-3310.patch \ >> > >> > file://0001-pppoe-include-netinet-in.h-before-linux-in.h.patch \ >> > file://0001-ppp-Remove-unneeded-include.patch \ >> > + file://ppp-2.4.7-DES-openssl.patch \ >> > " >> > >> > SRC_URI_append_libc-musl = "\ >> > @@ -49,7 +50,7 @@ EXTRA_OECONF = "--disable-strip" >> > # Package Makefile computes CFLAGS, referencing COPTS. >> > # Typically hard-coded to '-O2 -g' in the Makefile's. >> > # >> > -EXTRA_OEMAKE += ' COPTS="${CFLAGS} -I${S}/include"' >> > +EXTRA_OEMAKE += ' COPTS="${CFLAGS} -I${STAGING_INCDIR}/openssl >> > -I${S}/include"' >> > >> > do_configure () { >> > oe_runconf >> > -- >> > 2.18.0 >> > >> > -- >> > _______________________________________________ >> > Openembedded-core mailing list >> > Openembedded-core@lists.openembedded.org >> > http://lists.openembedded.org/mailman/listinfo/openembedded-core -- _______________________________________________ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
Looking a bit more I see that ppp upstream has switched to using openssl as well see https://github.com/paulusmack/ppp/commit/3c7b86229f7bd2600d74db14b1fe5b3896be3875 so we are inline secondly, using libxcrypt would either mean that we enable obsolete APIs to support existing functionality in ppp. I would not like to do that, infact eventually I would suggest to even disable weak hashes as we move along. This also would mean at one point we have to switch back to whatever upstream ppp is doing when we upgrade ppp.This will be throw away work. On Wed, Aug 8, 2018 at 8:15 AM Burton, Ross <ross.burton@intel.com> wrote: > > My understanding is that libxcrypt was basically the crypto pieces > ripped out of glibc, but the github page lists DES as an implemented > algorithm. > > Ross > > On 8 August 2018 at 16:01, Khem Raj <raj.khem@gmail.com> wrote: > > Does it provide DES implementation I am not sure but if it does then it > > might be another option > > > > On Wed, Aug 8, 2018 at 3:40 AM Burton, Ross <ross.burton@intel.com> wrote: > >> > >> Why not use libxcrypt? > >> > >> Ross > >> > >> On 6 August 2018 at 23:57, Khem Raj <raj.khem@gmail.com> wrote: > >> > Signed-off-by: Khem Raj <raj.khem@gmail.com> > >> > --- > >> > .../ppp/ppp/ppp-2.4.7-DES-openssl.patch | 84 +++++++++++++++++++ > >> > meta/recipes-connectivity/ppp/ppp_2.4.7.bb | 5 +- > >> > 2 files changed, 87 insertions(+), 2 deletions(-) > >> > create mode 100644 > >> > meta/recipes-connectivity/ppp/ppp/ppp-2.4.7-DES-openssl.patch > >> > > >> > diff --git > >> > a/meta/recipes-connectivity/ppp/ppp/ppp-2.4.7-DES-openssl.patch > >> > b/meta/recipes-connectivity/ppp/ppp/ppp-2.4.7-DES-openssl.patch > >> > new file mode 100644 > >> > index 0000000000..e53f240543 > >> > --- /dev/null > >> > +++ b/meta/recipes-connectivity/ppp/ppp/ppp-2.4.7-DES-openssl.patch > >> > @@ -0,0 +1,84 @@ > >> > +Used openssl for the DES instead of the libcrypt / glibc > >> > + > >> > +Upstream-Status: Pending > >> > + > >> > +Signed-off-by: Khem Raj <raj.khem@gmail.com> > >> > + > >> > +Index: ppp-2.4.7/pppd/Makefile.linux > >> > +=================================================================== > >> > +--- ppp-2.4.7.orig/pppd/Makefile.linux > >> > ++++ ppp-2.4.7/pppd/Makefile.linux > >> > +@@ -38,7 +38,7 @@ LIBS = > >> > + # Uncomment the next 2 lines to include support for Microsoft's > >> > + # MS-CHAP authentication protocol. Also, edit > >> > plugins/radius/Makefile.linux. > >> > + CHAPMS=y > >> > +-USE_CRYPT=y > >> > ++#USE_CRYPT=y > >> > + # Don't use MSLANMAN unless you really know what you're doing. > >> > + #MSLANMAN=y > >> > + # Uncomment the next line to include support for MPPE. CHAPMS (above) > >> > must > >> > +@@ -132,7 +132,7 @@ endif > >> > + > >> > + ifdef NEEDDES > >> > + ifndef USE_CRYPT > >> > +-LIBS += -ldes $(LIBS) > >> > ++LIBS += -lcrypto > >> > + else > >> > + CFLAGS += -DUSE_CRYPT=1 > >> > + endif > >> > +Index: ppp-2.4.7/pppd/pppcrypt.c > >> > +=================================================================== > >> > +--- ppp-2.4.7.orig/pppd/pppcrypt.c > >> > ++++ ppp-2.4.7/pppd/pppcrypt.c > >> > +@@ -64,7 +64,7 @@ u_char *des_key; /* OUT 64 bit DES key w > >> > + des_key[7] = Get7Bits(key, 49); > >> > + > >> > + #ifndef USE_CRYPT > >> > +- des_set_odd_parity((des_cblock *)des_key); > >> > ++ DES_set_odd_parity((DES_cblock *)des_key); > >> > + #endif > >> > + } > >> > + > >> > +@@ -158,25 +158,25 @@ u_char *clear; /* OUT 8 octets */ > >> > + } > >> > + > >> > + #else /* USE_CRYPT */ > >> > +-static des_key_schedule key_schedule; > >> > ++static DES_key_schedule key_schedule; > >> > + > >> > + bool > >> > + DesSetkey(key) > >> > + u_char *key; > >> > + { > >> > +- des_cblock des_key; > >> > ++ DES_cblock des_key; > >> > + MakeKey(key, des_key); > >> > +- des_set_key(&des_key, key_schedule); > >> > ++ DES_set_key(&des_key, &key_schedule); > >> > + return (1); > >> > + } > >> > + > >> > + bool > >> > +-DesEncrypt(clear, key, cipher) > >> > ++DesEncrypt(clear, cipher) > >> > + u_char *clear; /* IN 8 octets */ > >> > + u_char *cipher; /* OUT 8 octets */ > >> > + { > >> > +- des_ecb_encrypt((des_cblock *)clear, (des_cblock *)cipher, > >> > +- key_schedule, 1); > >> > ++ DES_ecb_encrypt((DES_cblock *)clear, (DES_cblock *)cipher, > >> > ++ &key_schedule, 1); > >> > + return (1); > >> > + } > >> > + > >> > +@@ -185,8 +185,8 @@ DesDecrypt(cipher, clear) > >> > + u_char *cipher; /* IN 8 octets */ > >> > + u_char *clear; /* OUT 8 octets */ > >> > + { > >> > +- des_ecb_encrypt((des_cblock *)cipher, (des_cblock *)clear, > >> > +- key_schedule, 0); > >> > ++ DES_ecb_encrypt((DES_cblock *)cipher, (DES_cblock *)clear, > >> > ++ &key_schedule, 0); > >> > + return (1); > >> > + } > >> > + > >> > diff --git a/meta/recipes-connectivity/ppp/ppp_2.4.7.bb > >> > b/meta/recipes-connectivity/ppp/ppp_2.4.7.bb > >> > index a1bb7d71c1..f4646bd693 100644 > >> > --- a/meta/recipes-connectivity/ppp/ppp_2.4.7.bb > >> > +++ b/meta/recipes-connectivity/ppp/ppp_2.4.7.bb > >> > @@ -4,7 +4,7 @@ the Point-to-Point Protocol (PPP) on Linux and Solaris > >> > systems." > >> > SECTION = "console/network" > >> > HOMEPAGE = "http://samba.org/ppp/" > >> > BUGTRACKER = "http://ppp.samba.org/cgi-bin/ppp-bugs" > >> > -DEPENDS = "libpcap" > >> > +DEPENDS = "libpcap openssl" > >> > LICENSE = "BSD & GPLv2+ & LGPLv2+ & PD" > >> > LIC_FILES_CHKSUM = > >> > "file://pppd/ccp.c;beginline=1;endline=29;md5=e2c43fe6e81ff77d87dc9c290a424dea > >> > \ > >> > > >> > file://pppd/plugins/passprompt.c;beginline=1;endline=10;md5=3bcbcdbf0e369c9a3e0b8c8275b065d8 > >> > \ > >> > @@ -32,6 +32,7 @@ SRC_URI = > >> > "https://download.samba.org/pub/${BPN}/${BP}.tar.gz \ > >> > file://fix-CVE-2015-3310.patch \ > >> > > >> > file://0001-pppoe-include-netinet-in.h-before-linux-in.h.patch \ > >> > file://0001-ppp-Remove-unneeded-include.patch \ > >> > + file://ppp-2.4.7-DES-openssl.patch \ > >> > " > >> > > >> > SRC_URI_append_libc-musl = "\ > >> > @@ -49,7 +50,7 @@ EXTRA_OECONF = "--disable-strip" > >> > # Package Makefile computes CFLAGS, referencing COPTS. > >> > # Typically hard-coded to '-O2 -g' in the Makefile's. > >> > # > >> > -EXTRA_OEMAKE += ' COPTS="${CFLAGS} -I${S}/include"' > >> > +EXTRA_OEMAKE += ' COPTS="${CFLAGS} -I${STAGING_INCDIR}/openssl > >> > -I${S}/include"' > >> > > >> > do_configure () { > >> > oe_runconf > >> > -- > >> > 2.18.0 > >> > > >> > -- > >> > _______________________________________________ > >> > Openembedded-core mailing list > >> > Openembedded-core@lists.openembedded.org > >> > http://lists.openembedded.org/mailman/listinfo/openembedded-core -- _______________________________________________ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
diff --git a/meta/recipes-connectivity/ppp/ppp/ppp-2.4.7-DES-openssl.patch b/meta/recipes-connectivity/ppp/ppp/ppp-2.4.7-DES-openssl.patch new file mode 100644 index 0000000000..e53f240543 --- /dev/null +++ b/meta/recipes-connectivity/ppp/ppp/ppp-2.4.7-DES-openssl.patch @@ -0,0 +1,84 @@ +Used openssl for the DES instead of the libcrypt / glibc + +Upstream-Status: Pending + +Signed-off-by: Khem Raj <raj.khem@gmail.com> + +Index: ppp-2.4.7/pppd/Makefile.linux +=================================================================== +--- ppp-2.4.7.orig/pppd/Makefile.linux ++++ ppp-2.4.7/pppd/Makefile.linux +@@ -38,7 +38,7 @@ LIBS = + # Uncomment the next 2 lines to include support for Microsoft's + # MS-CHAP authentication protocol. Also, edit plugins/radius/Makefile.linux. + CHAPMS=y +-USE_CRYPT=y ++#USE_CRYPT=y + # Don't use MSLANMAN unless you really know what you're doing. + #MSLANMAN=y + # Uncomment the next line to include support for MPPE. CHAPMS (above) must +@@ -132,7 +132,7 @@ endif + + ifdef NEEDDES + ifndef USE_CRYPT +-LIBS += -ldes $(LIBS) ++LIBS += -lcrypto + else + CFLAGS += -DUSE_CRYPT=1 + endif +Index: ppp-2.4.7/pppd/pppcrypt.c +=================================================================== +--- ppp-2.4.7.orig/pppd/pppcrypt.c ++++ ppp-2.4.7/pppd/pppcrypt.c +@@ -64,7 +64,7 @@ u_char *des_key; /* OUT 64 bit DES key w + des_key[7] = Get7Bits(key, 49); + + #ifndef USE_CRYPT +- des_set_odd_parity((des_cblock *)des_key); ++ DES_set_odd_parity((DES_cblock *)des_key); + #endif + } + +@@ -158,25 +158,25 @@ u_char *clear; /* OUT 8 octets */ + } + + #else /* USE_CRYPT */ +-static des_key_schedule key_schedule; ++static DES_key_schedule key_schedule; + + bool + DesSetkey(key) + u_char *key; + { +- des_cblock des_key; ++ DES_cblock des_key; + MakeKey(key, des_key); +- des_set_key(&des_key, key_schedule); ++ DES_set_key(&des_key, &key_schedule); + return (1); + } + + bool +-DesEncrypt(clear, key, cipher) ++DesEncrypt(clear, cipher) + u_char *clear; /* IN 8 octets */ + u_char *cipher; /* OUT 8 octets */ + { +- des_ecb_encrypt((des_cblock *)clear, (des_cblock *)cipher, +- key_schedule, 1); ++ DES_ecb_encrypt((DES_cblock *)clear, (DES_cblock *)cipher, ++ &key_schedule, 1); + return (1); + } + +@@ -185,8 +185,8 @@ DesDecrypt(cipher, clear) + u_char *cipher; /* IN 8 octets */ + u_char *clear; /* OUT 8 octets */ + { +- des_ecb_encrypt((des_cblock *)cipher, (des_cblock *)clear, +- key_schedule, 0); ++ DES_ecb_encrypt((DES_cblock *)cipher, (DES_cblock *)clear, ++ &key_schedule, 0); + return (1); + } + diff --git a/meta/recipes-connectivity/ppp/ppp_2.4.7.bb b/meta/recipes-connectivity/ppp/ppp_2.4.7.bb index a1bb7d71c1..f4646bd693 100644 --- a/meta/recipes-connectivity/ppp/ppp_2.4.7.bb +++ b/meta/recipes-connectivity/ppp/ppp_2.4.7.bb @@ -4,7 +4,7 @@ the Point-to-Point Protocol (PPP) on Linux and Solaris systems." SECTION = "console/network" HOMEPAGE = "http://samba.org/ppp/" BUGTRACKER = "http://ppp.samba.org/cgi-bin/ppp-bugs" -DEPENDS = "libpcap" +DEPENDS = "libpcap openssl" LICENSE = "BSD & GPLv2+ & LGPLv2+ & PD" LIC_FILES_CHKSUM = "file://pppd/ccp.c;beginline=1;endline=29;md5=e2c43fe6e81ff77d87dc9c290a424dea \ file://pppd/plugins/passprompt.c;beginline=1;endline=10;md5=3bcbcdbf0e369c9a3e0b8c8275b065d8 \ @@ -32,6 +32,7 @@ SRC_URI = "https://download.samba.org/pub/${BPN}/${BP}.tar.gz \ file://fix-CVE-2015-3310.patch \ file://0001-pppoe-include-netinet-in.h-before-linux-in.h.patch \ file://0001-ppp-Remove-unneeded-include.patch \ + file://ppp-2.4.7-DES-openssl.patch \ " SRC_URI_append_libc-musl = "\ @@ -49,7 +50,7 @@ EXTRA_OECONF = "--disable-strip" # Package Makefile computes CFLAGS, referencing COPTS. # Typically hard-coded to '-O2 -g' in the Makefile's. # -EXTRA_OEMAKE += ' COPTS="${CFLAGS} -I${S}/include"' +EXTRA_OEMAKE += ' COPTS="${CFLAGS} -I${STAGING_INCDIR}/openssl -I${S}/include"' do_configure () { oe_runconf
Signed-off-by: Khem Raj <raj.khem@gmail.com> --- .../ppp/ppp/ppp-2.4.7-DES-openssl.patch | 84 +++++++++++++++++++ meta/recipes-connectivity/ppp/ppp_2.4.7.bb | 5 +- 2 files changed, 87 insertions(+), 2 deletions(-) create mode 100644 meta/recipes-connectivity/ppp/ppp/ppp-2.4.7-DES-openssl.patch -- 2.18.0 -- _______________________________________________ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core