[prev in list] [next in list] [prev in thread] [next in thread] 

List:       pamldap
Subject:    [pamldap] Re: [patch] pam-ccreds: use gcrypt instead of openssl
From:       Guido Guenther <agx () sigxcpu ! org>
Date:       2005-04-13 21:02:36
Message-ID: 20050413210236.GA10258 () bogon ! ms20 ! nix
[Download RAW message or body]

On Wed, Apr 13, 2005 at 10:59:01PM +0200, Guido Guenther wrote:
Hi,
This patch uses gcrypt instead of openssl (which might be usefull due to
the GPL vs. OpenSSL license issues). I'm no gcrypt expert so feedback is
very welcome.

diff -u --exclude=debian -Naur libpam-ccreds-1.openssl/configure.in \
                libpam-ccreds-1/configure.in
--- libpam-ccreds-1.openssl/configure.in	2004-02-09 09:04:43.000000000 +0100
+++ libpam-ccreds-1/configure.in	2005-04-07 22:44:15.000000000 +0200
@@ -9,7 +9,6 @@
 AC_PROG_CPP
 AC_PROG_INSTALL
 
-AC_ARG_WITH(openssl-dir, [  --with-openssl-dir=DIR  base directory of OpenSSL \
library])  AC_ARG_WITH(ccreds-file, [  --with-ccreds-file      path to cached \
credentials file], [AC_DEFINE_UNQUOTED(CCREDS_FILE, "$with_ccreds_file")])  
 if test "$ac_cv_prog_gcc" = "yes"; then CFLAGS="$CFLAGS -Wall -fPIC"; fi
@@ -41,23 +40,8 @@
 AM_CONDITIONAL(EXTENSION_SO, test "$target_os" = "linux" -o "$target_os" = \
"linux-gnu")  AM_CONDITIONAL(EXTENSION_1, test "$TARGET_OS" = "HPUX")
 
-if test -n "$with_openssl_dir"; then
-  CPPFLAGS="$CPPFLAGS -I$with_openssl_dir/include"
-  LDFLAGS="$LDFLAGS -L$with_openssl_dir/lib"
-  case "$target_os" in  
-  aix*) LDFLAGS="$LDFLAGS -Wl,-brtl -Wl,-blibpath:$with_openssl_dir/lib"
-    pam_ccreds_so_LDFLAGS="$pam_ccreds_so_LDFLAGS -L$with_openssl_dir/lib -brtl \
                -blibpath:$with_openssl_dir/lib" ;;
-  hpux*) LDFLAGS="$LDFLAGS -Wl,+b$with_openssl_dir/lib"
-    pam_ccreds_so_LDFLAGS="$pam_ccreds_so_LDFLAGS -L$with_openssl_dir/lib \
                +b$with_openssl_dir/lib" ;;
-  solaris*) LDFLAGS="$LDFLAGS -R$with_openssl_dir/lib" 
-    pam_ccreds_so_LDFLAGS="$pam_ccreds_so_LDFLAGS -L$with_openssl_dir/lib \
                -R$with_openssl_dir/lib" ;;
-  *) LDFLAGS="$LDFLAGS -Wl,-rpath,$with_openssl_dir/lib" ;;
-  esac  
-fi
-
 AC_CHECK_HEADERS(security/pam_appl.h security/pam_misc.h security/pam_modules.h)
 AC_CHECK_HEADERS(pam/pam_appl.h pam/pam_misc.h pam/pam_modules.h)
-AC_CHECK_HEADERS(openssl/opensslconf.h, , AC_MSG_ERROR(could not locate \
<openssl/opensslconf.h>))  
 AC_CHECK_HEADERS(db.h)
 dnl AC_CHECK_HEADERS(db1/db.h)
@@ -70,9 +54,9 @@
 	AC_CHECK_LIB(db1, main,[LIBS="-ldb1 $LIBS" found_db_lib=yes],,$LIBS)
 fi
 
-AC_CHECK_LIB(crypto, SHA1_Init,[LIBS="-lcrypto $LIBS"],,$LIBS)
 AC_CHECK_LIB(pam, pam_start)
 AC_CHECK_LIB(pam_misc, misc_conv)
+AM_PATH_LIBGCRYPT(1.2.0,:, AC_MSG_ERROR(could not locate gcrypt library))
 
 AC_OUTPUT(Makefile)
 
diff -u --exclude=debian -Naur libpam-ccreds-1.openssl/Makefile.am \
                libpam-ccreds-1/Makefile.am
--- libpam-ccreds-1.openssl/Makefile.am	2004-02-09 09:04:43.000000000 +0100
+++ libpam-ccreds-1/Makefile.am	2005-04-07 22:37:55.000000000 +0200
@@ -2,7 +2,9 @@
 EXTRA_DIST = COPYING.LIB CVSVersionInfo.txt ChangeLog README \
 	     ldap.conf pam.conf pam_ccreds.spec
 
+AM_CPPFLAGS = $(LIBGCRYPT_CFLAGS)
 AM_CFLAGS = -fno-strict-aliasing
+LDADD = $(LIBGCRYPT_LIBS)
 
 pam_ccreds_so_SOURCES = cc_db.c cc_lib.c cc_pam.c cc.h
 pam_ccreds_so_LDFLAGS = @pam_ccreds_so_LDFLAGS@
--- libpam-ccreds-1.openssl/cc_lib.c	2004-02-09 09:04:43.000000000 +0100
+++ libpam-ccreds-1/cc_lib.c	2005-04-07 22:58:59.000000000 +0200
@@ -16,7 +16,7 @@
 #include <errno.h>
 #include <limits.h>
 
-#include <openssl/sha.h>
+#include <gcrypt.h>
 
 #include "cc_private.h"
 
@@ -27,7 +27,7 @@
 				    char **derived_key_p,
 				    size_t *derived_key_length_p)
 {
-	SHA_CTX sha_ctx;
+	gcry_md_hd_t handle;
 	unsigned char T[4];
 
 	T[0] = (type >> 24) & 0xFF;
@@ -35,25 +35,24 @@
 	T[2] = (type >> 8)  & 0xFF;
 	T[3] = (type >> 0)  & 0xFF;
 
-	SHA1_Init(&sha_ctx);
+	gcry_md_open (&handle, GCRY_MD_SHA1, 0);
 
-	*derived_key_p = malloc(SHA_DIGEST_LENGTH);
+	*derived_key_length_p = gcry_md_get_algo_dlen (GCRY_MD_SHA1);
+	*derived_key_p = malloc(*derived_key_length_p);
 	if (*derived_key_p == NULL) {
 		return PAM_BUF_ERR;
 	}
 
-	*derived_key_length_p = SHA_DIGEST_LENGTH;
-
 	/*
 	 * Salt with key type, service and user names
 	 */
-	SHA1_Update(&sha_ctx, T, sizeof(T));
+	gcry_md_write (handle, T, sizeof(T));
 	if (pamcch->service != NULL) {
-		SHA1_Update(&sha_ctx, pamcch->service, strlen(pamcch->service));
+		gcry_md_write (handle, pamcch->service, strlen(pamcch->service));
 	}
-	SHA1_Update(&sha_ctx, pamcch->user, strlen(pamcch->user));
-	SHA1_Update(&sha_ctx, credentials, length);
-	SHA1_Final(*derived_key_p, &sha_ctx);
+	gcry_md_write (handle, pamcch->user, strlen(pamcch->user));
+	gcry_md_write (handle, credentials, length);
+	memcpy(*derived_key_p, gcry_md_read(handle, 0), *derived_key_length_p); 
 
 	return PAM_SUCCESS;
 }

It doesn't really belong here, but since there's no dedicated list for
this really nice pam module I'd thought I post it here.
Cheers,
  -- Guido


[prev in list] [next in list] [prev in thread] [next in thread]