Switch ppp(8) to use the "modern" DES_ functions
Needs ReviewPublic
Actions

Authored by sevan on Jan 8 2017, 11:26 PM.

Details

Reviewers

bcr

Group Reviewers

Src Committers

Summary

The original des_ prefixed functions were renamed to use a DES_prefix in OpenSSL 0.9.7. Attached patch switches over to the new format.
This allows ppp to be built against LibreSSL.
DES_set_key() & DES_ecb_encrypt() need to be passed the address of the key_schedule pointer.
Bug 205004

Diff Detail

Repository

rS FreeBSD src repository - subversion

Lint

Lint Skipped

Unit

Tests Skipped

Event Timeline

sevan updated this revision to Diff 23749.Jan 8 2017, 11:26 PM

sevan retitled this revision from to Switch ppp(8) to use the "modern" DES_ functions.

sevan updated this object.

sevan edited the test plan for this revision. (Show Details)

sevan added reviewers: bcr, Src Committers.

sevan set the repository for this revision to rS FreeBSD src repository - subversion.

sevan added a project: Src Committers.

Herald added a subscriber: imp. · View Herald TranscriptJan 8 2017, 11:26 PM

Apart from the one minor issue I do not see problems (which does not mean there aren't any).

It looks like testing requires some setup with different software, since ppp(8) only implements the client side for some of the MSCHAP protocols. This should not need modems though, since ppp(8) seems to support the protocols for VPNs.

usr.sbin/ppp/chap_ms.c
116	The man page suggests using `DES_set_key_checked()` or `DES_set_key_unchecked()` since `DES_set_key()` behaves as one of those depending on a global variable. It seems best to use `DES_set_key_unchecked()` since these keys are definitely not random and weak keys cannot be avoided other than by picking a different password.

I have a cardbus 3G modem which I can try it with. If only I could find it. :)

Revision Contents
Changeset List

Path

Size

usr.sbin/

ppp/

chap_ms.c

10 lines

Diff 23749

View Options

Switch ppp(8) to use the "modern" DES_ functionsNeeds ReviewPublicActions