#ifdef DO_SAMBA
#ifdef HAVE_GNUTLS
-#include <gcrypt.h>
+#include <nettle/des.h>
+#include <nettle/md4.h>
typedef unsigned char DES_cblock[8];
#elif HAVE_OPENSSL
#include <openssl/des.h>
#ifdef HAVE_OPENSSL
DES_key_schedule schedule;
#elif defined(HAVE_GNUTLS)
- gcry_cipher_hd_t h = NULL;
- gcry_error_t err;
-
- err = gcry_cipher_open( &h, GCRY_CIPHER_DES, GCRY_CIPHER_MODE_CBC, 0 );
- if ( err ) return;
+ struct des_ctx ctx;
#endif
strncpy( UcasePassword, passwd->bv_val, 14 );
lmPasswd_to_key( UcasePassword, &key );
#ifdef HAVE_GNUTLS
- err = gcry_cipher_setkey( h, &key, sizeof(key) );
- if ( err == 0 ) {
- err = gcry_cipher_encrypt( h, &hbuf[0], sizeof(key), &StdText, sizeof(key) );
- if ( err == 0 ) {
- gcry_cipher_reset( h );
- lmPasswd_to_key( &UcasePassword[7], &key );
- err = gcry_cipher_setkey( h, &key, sizeof(key) );
- if ( err == 0 ) {
- err = gcry_cipher_encrypt( h, &hbuf[1], sizeof(key), &StdText, sizeof(key) );
- }
- }
- gcry_cipher_close( h );
- }
+ des_set_key( &ctx, &key );
+ des_encrypt( &ctx, sizeof(key), &hbuf[0], &StdText );
+
+ lmPasswd_to_key( &UcasePassword[7], &key );
+ des_set_key( &ctx, &key );
+ des_encrypt( &ctx, sizeof(key), &hbuf[1], &StdText );
#elif defined(HAVE_OPENSSL)
des_set_key_unchecked( &key, schedule );
des_ecb_encrypt( &StdText, &hbuf[0], schedule , DES_ENCRYPT );
char hbuf[HASHLEN];
#ifdef HAVE_OPENSSL
MD4_CTX ctx;
+#elif defined(HAVE_GNUTLS)
+ struct md4_ctx ctx;
#endif
if (passwd->bv_len > MAX_PWLEN*2)
MD4_Update( &ctx, passwd->bv_val, passwd->bv_len );
MD4_Final( (unsigned char *)hbuf, &ctx );
#elif defined(HAVE_GNUTLS)
- gcry_md_hash_buffer(GCRY_MD_MD4, hbuf, passwd->bv_val, passwd->bv_len );
+ md4_init( &ctx );
+ md4_update( &ctx, passwd->bv_len, passwd->bv_val );
+ md4_digest( &ctx, sizeof(hbuf), (unsigned char *)hbuf );
#endif
hexify( hbuf, hash );
#include <gnutls/gnutls.h>
#include <gnutls/x509.h>
-#include <gcrypt.h>
#if LIBGNUTLS_VERSION_NUMBER >= 0x020200
#define HAVE_CIPHERSUITES 1
-/* This is a kludge. gcrypt 1.4.x has support. Recent GnuTLS requires gcrypt 1.4.x
- * but that dependency isn't reflected in their configure script, resulting in
- * build errors on older gcrypt. So, if they have a working build environment,
- * assume gcrypt is new enough.
- */
-#define HAVE_GCRYPT_RAND 1
#else
#undef HAVE_CIPHERSUITES
-#undef HAVE_GCRYPT_RAND
#endif
#ifndef HAVE_CIPHERSUITES
return ldap_pvt_thread_mutex_unlock( *lock );
}
-static struct gcry_thread_cbs tlsg_thread_cbs = {
- GCRY_THREAD_OPTION_USER,
- NULL,
- tlsg_mutex_init,
- tlsg_mutex_destroy,
- tlsg_mutex_lock,
- tlsg_mutex_unlock,
- NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL
-};
-
static void
tlsg_thr_init( void )
{
- gcry_control (GCRYCTL_SET_THREAD_CBS, &tlsg_thread_cbs);
+ gnutls_global_set_mutex (tlsg_mutex_init,
+ tlsg_mutex_destroy,
+ tlsg_mutex_lock,
+ tlsg_mutex_unlock);
}
#endif /* LDAP_R_COMPILE */
static int
tlsg_init( void )
{
-#ifdef HAVE_GCRYPT_RAND
- struct ldapoptions *lo = LDAP_INT_GLOBAL_OPT();
- if ( lo->ldo_tls_randfile &&
- gcry_control( GCRYCTL_SET_RNDEGD_SOCKET, lo->ldo_tls_randfile )) {
- Debug( LDAP_DEBUG_ANY,
- "TLS: gcry_control GCRYCTL_SET_RNDEGD_SOCKET failed\n",
- 0, 0, 0);
- return -1;
- }
-#endif
-
gnutls_global_init();
#ifndef HAVE_CIPHERSUITES
projects / openldap / commitdiff