1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
|
The built-in SHA1 code is broken on 64 bit systems.
Using a system library may be considered a good idea anyway.
diff -ruNp ppp.orig/pppd/chap-md5.c ppp/pppd/chap-md5.c
--- ppp.orig/pppd/chap-md5.c 2003-11-27 23:25:17.000000000 +0100
+++ ppp/pppd/chap-md5.c 2004-07-14 16:45:46.000000000 +0200
@@ -41,7 +41,14 @@
#include "chap-new.h"
#include "chap-md5.h"
#include "magic.h"
+#ifdef USE_OPENSSL
+#include <openssl/md5.h>
+#define MD5Init MD5_Init
+#define MD5Update MD5_Update
+#define MD5Final MD5_Final
+#else
#include "md5.h"
+#endif
#define MD5_HASH_SIZE 16
#define MD5_MIN_CHALLENGE 16
diff -ruNp ppp.orig/pppd/chap_ms.c ppp/pppd/chap_ms.c
--- ppp.orig/pppd/chap_ms.c 2004-04-14 04:40:21.000000000 +0200
+++ ppp/pppd/chap_ms.c 2004-07-14 16:46:03.000000000 +0200
@@ -89,8 +89,21 @@
#include "pppd.h"
#include "chap-new.h"
#include "chap_ms.h"
+#ifdef USE_OPENSSL
+#include <openssl/md4.h>
+#define MD4Init MD4_Init
+#define MD4Update MD4_Update
+#define MD4Final MD4_Final
+#else
#include "md4.h"
+#endif
+#ifdef USE_OPENSSL
+#include <openssl/sha.h>
+#define SHA1_SIGNATURE_SIZE SHA_DIGEST_LENGTH
+#define SHA1_CTX SHA_CTX
+#else
#include "sha1.h"
+#endif
#include "pppcrypt.h"
#include "magic.h"
@@ -513,7 +526,7 @@ ascii2unicode(char ascii[], int ascii_le
static void
NTPasswordHash(char *secret, int secret_len, u_char hash[MD4_SIGNATURE_SIZE])
{
-#ifdef __NetBSD__
+#if defined __NetBSD__ || defined USE_OPENSSL
/* NetBSD uses the libc md4 routines which take bytes instead of bits */
int mdlen = secret_len;
#else
diff -ruNp ppp.orig/pppd/eap.c ppp/pppd/eap.c
--- ppp.orig/pppd/eap.c 2003-06-12 02:01:21.000000000 +0200
+++ ppp/pppd/eap.c 2004-07-14 16:45:46.000000000 +0200
@@ -62,7 +62,14 @@
#include "pppd.h"
#include "pathnames.h"
+#ifdef USE_OPENSSL
+#include <openssl/md5.h>
+#define MD5Init MD5_Init
+#define MD5Update MD5_Update
+#define MD5Final MD5_Final
+#else
#include "md5.h"
+#endif
#include "eap.h"
#ifdef USE_SRP
diff -ruNp ppp.orig/pppd/Makefile.linux ppp/pppd/Makefile.linux
--- ppp.orig/pppd/Makefile.linux 2004-07-14 16:46:44.000000000 +0200
+++ ppp/pppd/Makefile.linux 2004-07-14 16:45:46.000000000 +0200
@@ -10,7 +10,7 @@ INCDIR = $(DESTDIR)/usr/include
TARGETS = pppd
-PPPDSRCS = main.c magic.c fsm.c lcp.c ipcp.c upap.c chap-new.c md5.c ccp.c \
+PPPDSRCS = main.c magic.c fsm.c lcp.c ipcp.c upap.c chap-new.c ccp.c \
ecp.c ipxcp.c auth.c options.c sys-linux.c md4.c chap_ms.c \
demand.c utils.c tty.c eap.c chap-md5.c
@@ -19,7 +19,7 @@ HEADERS = ccp.h chap-new.h ecp.h fsm.h i
upap.h eap.h
MANPAGES = pppd.8
-PPPDOBJS = main.o magic.o fsm.o lcp.o ipcp.o upap.o chap-new.o md5.o ccp.o \
+PPPDOBJS = main.o magic.o fsm.o lcp.o ipcp.o upap.o chap-new.o ccp.o \
ecp.o auth.o options.o demand.o utils.o sys-linux.o ipxcp.o tty.o \
eap.o chap-md5.o
@@ -83,8 +83,14 @@ CFLAGS= $(COPTS) $(COMPILE_FLAGS) $(INCL
ifdef CHAPMS
CFLAGS += -DCHAPMS=1
NEEDDES=y
+ifdef USE_BUILTIN_CRYPTO
PPPDOBJS += md4.o chap_ms.o
-HEADERS += md4.h chap_ms.h
+HEADERS += md4.h chap_ms.h
+else
+PPPDOBJS += chap_ms.o
+HEADERS += chap_ms.h
+NEED_OPENSSL=y
+endif
ifdef MSLANMAN
CFLAGS += -DMSLANMAN=1
endif
@@ -95,20 +101,36 @@ endif
# EAP SRP-SHA1
ifdef USE_SRP
-CFLAGS += -DUSE_SRP -DOPENSSL -I/usr/local/ssl/include
-LIBS += -lsrp -L/usr/local/ssl/lib -lcrypto
+CFLAGS += -DUSE_SRP
TARGETS += srp-entry
EXTRAINSTALL = $(INSTALL) -s -c -m 555 srp-entry $(BINDIR)/srp-entry
MANPAGES += srp-entry.8
EXTRACLEAN += srp-entry.o
NEEDDES=y
+NEED_OPENSSL=y
else
# OpenSSL has an integrated version of SHA-1, and its implementation
# is incompatible with this local SHA-1 implementation. We must use
# one or the other, not both.
+ifdef USE_BUILTIN_CRYPTO
PPPDSRCS += sha1.c
HEADERS += sha1.h
PPPDOBJS += sha1.o
+else
+NEED_OPENSSL=y
+endif
+endif
+
+ifdef USE_BUILTIN_CRYPTO
+PPPDSRCS += md5.c
+PPPDOBJS += md5.o
+else
+NEED_OPENSSL=y
+endif
+
+ifdef NEED_OPENSSL
+CFLAGS += -DUSE_OPENSSL
+LIBS += -lcrypto
endif
ifdef HAS_SHADOW
|
