From owner-svn-ports-all@freebsd.org Thu Mar 7 14:21:42 2019 Return-Path: Delivered-To: svn-ports-all@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 4D0381530C56; Thu, 7 Mar 2019 14:21:42 +0000 (UTC) (envelope-from danfe@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id DDBFB8820A; Thu, 7 Mar 2019 14:21:41 +0000 (UTC) (envelope-from danfe@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id CB0301CE67; Thu, 7 Mar 2019 14:21:41 +0000 (UTC) (envelope-from danfe@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id x27ELfKN047559; Thu, 7 Mar 2019 14:21:41 GMT (envelope-from danfe@FreeBSD.org) Received: (from danfe@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id x27ELfx4047556; Thu, 7 Mar 2019 14:21:41 GMT (envelope-from danfe@FreeBSD.org) Message-Id: <201903071421.x27ELfx4047556@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: danfe set sender to danfe@FreeBSD.org using -f From: Alexey Dokuchaev Date: Thu, 7 Mar 2019 14:21:41 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r494949 - head/security/john/files X-SVN-Group: ports-head X-SVN-Commit-Author: danfe X-SVN-Commit-Paths: head/security/john/files X-SVN-Commit-Revision: 494949 X-SVN-Commit-Repository: ports MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Rspamd-Queue-Id: DDBFB8820A X-Spamd-Bar: -- Authentication-Results: mx1.freebsd.org X-Spamd-Result: default: False [-2.93 / 15.00]; local_wl_from(0.00)[FreeBSD.org]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; NEURAL_HAM_SHORT(-0.93)[-0.933,0]; ASN(0.00)[asn:11403, ipnet:2610:1c1:1::/48, country:US]; NEURAL_HAM_LONG(-1.00)[-1.000,0] X-BeenThere: svn-ports-all@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SVN commit messages for the ports tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 07 Mar 2019 14:21:42 -0000 Author: danfe Date: Thu Mar 7 14:21:40 2019 New Revision: 494949 URL: https://svnweb.freebsd.org/changeset/ports/494949 Log: Stop using (old) OpenSSL EVP in RAR3 format support code. Obtained from: https://github.com/magnumripper/JohnTheRipper/commit/6fcc147 Added: head/security/john/files/patch-rar__fmt__plug.c (contents, props changed) head/security/john/files/patch-unrar.c (contents, props changed) head/security/john/files/patch-unrar.h (contents, props changed) Added: head/security/john/files/patch-rar__fmt__plug.c ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/john/files/patch-rar__fmt__plug.c Thu Mar 7 14:21:40 2019 (r494949) @@ -0,0 +1,254 @@ +--- rar_fmt_plug.c.orig 2014-12-18 07:59:02 UTC ++++ rar_fmt_plug.c +@@ -48,15 +48,7 @@ john_register_one(&fmt_rar); + #else + + #include +-#include + #include +-#include +-#include +-#include +- +-#include "arch.h" +-#include "sha.h" +- + #if AC_BUILT + #include "autoconfig.h" + #endif +@@ -71,6 +63,8 @@ john_register_one(&fmt_rar); + #include + #endif + ++#include "arch.h" ++#include "sha.h" + #include "crc32.h" + #include "misc.h" + #include "common.h" +@@ -119,9 +113,7 @@ john_register_one(&fmt_rar); + + #ifdef _OPENMP + #include +-#include + #define OMP_SCALE 4 +-static pthread_mutex_t *lockarray; + #endif + + #include "memdbg.h" +@@ -198,71 +190,6 @@ static struct fmt_tests cpu_tests[] = { + {NULL} + }; + +-#if defined (_OPENMP) +-static void lock_callback(int mode, int type, const char *file, int line) +-{ +- (void)file; +- (void)line; +- if (mode & CRYPTO_LOCK) +- pthread_mutex_lock(&(lockarray[type])); +- else +- pthread_mutex_unlock(&(lockarray[type])); +-} +- +-static unsigned long thread_id(void) +-{ +- return omp_get_thread_num(); +-} +- +-static void init_locks(void) +-{ +- int i; +- lockarray = (pthread_mutex_t*) OPENSSL_malloc(CRYPTO_num_locks() * sizeof(pthread_mutex_t)); +- for (i = 0; i < CRYPTO_num_locks(); i++) +- pthread_mutex_init(&(lockarray[i]), NULL); +- CRYPTO_set_id_callback(thread_id); +- CRYPTO_set_locking_callback(lock_callback); +-} +-#endif /* _OPENMP */ +- +-/* Use AES-NI if available. This is not supported with low-level calls, +- we have to use EVP) */ +-static void init_aesni(void) +-{ +- ENGINE *e; +- const char *engine_id = "aesni"; +- +- ENGINE_load_builtin_engines(); +- e = ENGINE_by_id(engine_id); +- if (!e) { +- //fprintf(stderr, "AES-NI engine not available\n"); +- return; +- } +- if (!ENGINE_init(e)) { +- fprintf(stderr, "AES-NI engine could not init\n"); +- ENGINE_free(e); +- return; +- } +- if (!ENGINE_set_default(e, ENGINE_METHOD_ALL & ~ENGINE_METHOD_RAND)) { +- /* This should only happen when 'e' can't initialise, but the +- * previous statement suggests it did. */ +- fprintf(stderr, "AES-NI engine initialized but then failed\n"); +- abort(); +- } +- ENGINE_finish(e); +- ENGINE_free(e); +-} +- +-#ifndef __APPLE__ /* Apple segfaults on this :) */ +-static void openssl_cleanup(void) +-{ +- ENGINE_cleanup(); +- ERR_free_strings(); +- CRYPTO_cleanup_all_ex_data(); +- EVP_cleanup(); +-} +-#endif +- + #undef set_key + static void set_key(char *key, int index) + { +@@ -418,7 +345,6 @@ static void init(struct fmt_main *self) + omp_t = omp_get_max_threads(); + self->params.min_keys_per_crypt *= omp_t; + self->params.max_keys_per_crypt = omp_t * OMP_SCALE * MAX_KEYS_PER_CRYPT; +- init_locks(); + #endif /* _OPENMP */ + + if (pers_opts.target_enc == UTF_8) +@@ -436,14 +362,6 @@ static void init(struct fmt_main *self) + self->params.benchmark_comment = " (1-16 characters)"; + #endif + +- /* OpenSSL init */ +- init_aesni(); +- SSL_load_error_strings(); +- SSL_library_init(); +- OpenSSL_add_all_algorithms(); +-#ifndef __APPLE__ +- atexit(openssl_cleanup); +-#endif + /* CRC-32 table init, do it before we start multithreading */ + { + CRC32_t crc; +@@ -716,53 +634,43 @@ static int crypt_all(int *pcount, struct db_salt *salt + #pragma omp parallel for + #endif + for (index = 0; index < count; index++) { +- int i16 = index*16; +- unsigned int inlen = 16; +- int outlen; +- EVP_CIPHER_CTX aes_ctx; ++ AES_KEY aes_ctx; ++ unsigned char *key = &aes_key[index * 16]; ++ unsigned char *iv = &aes_iv[index * 16]; + +- EVP_CIPHER_CTX_init(&aes_ctx); +- EVP_DecryptInit_ex(&aes_ctx, EVP_aes_128_cbc(), NULL, &aes_key[i16], &aes_iv[i16]); +- EVP_CIPHER_CTX_set_padding(&aes_ctx, 0); ++ AES_set_decrypt_key(key, 128, &aes_ctx); + + //fprintf(stderr, "key %s\n", utf16_to_enc((UTF16*)&saved_key[index * UNICODE_LENGTH])); + /* AES decrypt, uses aes_iv, aes_key and blob */ + if (cur_file->type == 0) { /* rar-hp mode */ + unsigned char plain[16]; + +- outlen = 0; ++ AES_cbc_encrypt(cur_file->blob, plain, 16, ++ &aes_ctx, iv, AES_DECRYPT); + +- EVP_DecryptUpdate(&aes_ctx, plain, &outlen, cur_file->blob, inlen); +- EVP_DecryptFinal_ex(&aes_ctx, &plain[outlen], &outlen); +- + cracked[index] = !memcmp(plain, "\xc4\x3d\x7b\x00\x40\x07\x00", 7); +- + } else { +- + if (cur_file->method == 0x30) { /* stored, not deflated */ + CRC32_t crc; + unsigned char crc_out[4]; +- unsigned char plain[0x8010]; ++ unsigned char plain[0x8000]; + unsigned long long size = cur_file->unp_size; + unsigned char *cipher = cur_file->blob; + + /* Use full decryption with CRC check. + Compute CRC of the decompressed plaintext */ + CRC32_Init(&crc); +- outlen = 0; + +- while (size > 0x8000) { +- inlen = 0x8000; ++ while (size) { ++ unsigned int inlen = (size > 0x8000) ? 0x8000 : size; + +- EVP_DecryptUpdate(&aes_ctx, plain, &outlen, cipher, inlen); +- CRC32_Update(&crc, plain, outlen > size ? size : outlen); +- size -= outlen; ++ AES_cbc_encrypt(cipher, plain, inlen, ++ &aes_ctx, iv, AES_DECRYPT); ++ ++ CRC32_Update(&crc, plain, inlen); ++ size -= inlen; + cipher += inlen; + } +- EVP_DecryptUpdate(&aes_ctx, plain, &outlen, cipher, (size + 15) & ~0xf); +- EVP_DecryptFinal_ex(&aes_ctx, &plain[outlen], &outlen); +- size += outlen; +- CRC32_Update(&crc, plain, size); + CRC32_Final(crc_out, crc); + + /* Compare computed CRC with stored CRC */ +@@ -771,15 +679,16 @@ static int crypt_all(int *pcount, struct db_salt *salt + const int solid = 0; + unpack_data_t *unpack_t; + unsigned char plain[20]; ++ unsigned char pre_iv[16]; + + cracked[index] = 0; + ++ memcpy(pre_iv, iv, 16); ++ + /* Decrypt just one block for early rejection */ +- outlen = 0; +- EVP_DecryptUpdate(&aes_ctx, plain, &outlen, cur_file->blob, 16); +- EVP_DecryptFinal_ex(&aes_ctx, &plain[outlen], &outlen); ++ AES_cbc_encrypt(cur_file->blob, plain, 16, ++ &aes_ctx, pre_iv, AES_DECRYPT); + +-#if 1 + /* Early rejection */ + if (plain[0] & 0x80) { + // PPM checks here. +@@ -792,10 +701,10 @@ static int crypt_all(int *pcount, struct db_salt *salt + !check_huffman(plain)) // Huffman table check + goto bailOut; + } +-#endif ++ + /* Reset stuff for full check */ +- EVP_DecryptInit_ex(&aes_ctx, EVP_aes_128_cbc(), NULL, &aes_key[i16], &aes_iv[i16]); +- EVP_CIPHER_CTX_set_padding(&aes_ctx, 0); ++ AES_set_decrypt_key(key, 128, &aes_ctx); ++ + #ifdef _OPENMP + unpack_t = &unpack_data[omp_get_thread_num()]; + #else +@@ -804,16 +713,15 @@ static int crypt_all(int *pcount, struct db_salt *salt + unpack_t->max_size = cur_file->unp_size; + unpack_t->dest_unp_size = cur_file->unp_size; + unpack_t->pack_size = cur_file->pack_size; +- unpack_t->iv = &aes_iv[i16]; ++ unpack_t->iv = iv; + unpack_t->ctx = &aes_ctx; +- unpack_t->key = &aes_key[i16]; ++ unpack_t->key = key; + + if (rar_unpack29(cur_file->blob, solid, unpack_t)) + cracked[index] = !memcmp(&unpack_t->unp_crc, &cur_file->crc.c, 4); + bailOut:; + } + } +- EVP_CIPHER_CTX_cleanup(&aes_ctx); + } + return count; + } Added: head/security/john/files/patch-unrar.c ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/john/files/patch-unrar.c Thu Mar 7 14:21:40 2019 (r494949) @@ -0,0 +1,25 @@ +--- unrar.c.orig 2014-09-19 16:40:51 UTC ++++ unrar.c +@@ -31,7 +31,6 @@ + #include + #include + #include +-#include + + #include "unrar.h" + #include "unrarppm.h" +@@ -136,13 +135,7 @@ int rar_unp_read_buf(const unsigned char **fd, unpack_ + } + + if (read_size) { +- int outlen; +- +- EVP_DecryptUpdate(unpack_data->ctx, unpack_data->in_buf + data_size, &outlen, *fd, read_size); +- if (outlen > read_size - 16) { +- EVP_DecryptFinal_ex(unpack_data->ctx, unpack_data->in_buf + data_size + outlen, &outlen); +- } else +- read_size = outlen; ++ AES_cbc_encrypt(*fd, unpack_data->in_buf + data_size, read_size, unpack_data->ctx, unpack_data->iv, AES_DECRYPT); + *fd += read_size; + unpack_data->read_top += read_size; + unpack_data->pack_size -= read_size; Added: head/security/john/files/patch-unrar.h ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/john/files/patch-unrar.h Thu Mar 7 14:21:40 2019 (r494949) @@ -0,0 +1,25 @@ +--- unrar.h.orig 2014-05-16 13:40:40 UTC ++++ unrar.h +@@ -24,12 +24,12 @@ + #define UNRAR_H 1 + + #include "arch.h" +-#include + + #include + + struct unpack_data_tag; + ++#include "aes/aes.h" + #include "unrarhlp.h" + #include "unrarppm.h" + #include "unrarvm.h" +@@ -198,7 +198,7 @@ typedef struct unpack_data_tag + rarvm_data_t rarvm_data; + unsigned int unp_crc; + unsigned int pack_size; +- EVP_CIPHER_CTX *ctx; ++ AES_KEY *ctx; + unsigned char *key; + unsigned char *iv; + } unpack_data_t;