external/ppp: update for BoringSSL.
This change updates the Android specific changes for BoringSSL, which is
Google's cleaned up version of OpenSSL. The change also works with the
current OpenSSL in Android.
Significant changes:
* Removal of wrapper functions for the OpenSSL hash functions – these
aren't needed.
* Use of the OpenSSL DES API. The code currently uses the SSLeay DES
functions which are supported by current OpenSSL but were deprecated
sometime in the 1990's. The OpenSSL DES API is the supported API for
both OpenSSL and the only API in BoringSSL.
This change has been proposed upstream in
https://github.com/paulusmack/ppp/pull/24.
Change-Id: I06c87ae4b5175a268739300eab59d65ddac8a2cc
diff --git a/pppd/Android.mk b/pppd/Android.mk
index 0a564d9..22bc6b1 100644
--- a/pppd/Android.mk
+++ b/pppd/Android.mk
@@ -17,7 +17,6 @@
lcp.c \
magic.c \
main.c \
- openssl-hash.c \
options.c \
pppcrypt.c \
pppox.c \
@@ -33,7 +32,7 @@
LOCAL_C_INCLUDES := \
$(LOCAL_PATH)/include
-LOCAL_CFLAGS := -DCHAPMS=1 -DMPPE=1 -DINET6=1 -Iexternal/openssl/include -Wno-unused-parameter -Wno-empty-body -Wno-missing-field-initializers -Wno-attributes -Wno-sign-compare -Wno-pointer-sign -Werror
+LOCAL_CFLAGS := -DCHAPMS=1 -DMPPE=1 -DINET6=1 -DUSE_OPENSSL=1 -Iexternal/openssl/include -Wno-unused-parameter -Wno-empty-body -Wno-missing-field-initializers -Wno-attributes -Wno-sign-compare -Wno-pointer-sign -Werror
LOCAL_MODULE:= pppd
diff --git a/pppd/Makefile.linux b/pppd/Makefile.linux
index a74c914..6194ea5 100644
--- a/pppd/Makefile.linux
+++ b/pppd/Makefile.linux
@@ -39,6 +39,9 @@
# MS-CHAP authentication protocol. Also, edit plugins/radius/Makefile.linux.
CHAPMS=y
USE_CRYPT=y
+# Alternatively, if you want to use OpenSSL for DES functions, comment out
+# USE_CRYPT, above, and uncomment this line.
+#USE_OPENSSL=y
# Don't use MSLANMAN unless you really know what you're doing.
#MSLANMAN=y
# Uncomment the next line to include support for MPPE. CHAPMS (above) must
@@ -122,7 +125,7 @@
ifneq ($(wildcard /usr/include/crypt.h),)
CFLAGS += -DHAVE_CRYPT_H=1
-LIBS += -lcrypt
+LIBS += -lcrypt
endif
ifdef USE_LIBUTIL
@@ -131,10 +134,17 @@
endif
ifdef NEEDDES
+ifdef USE_OPENSSL
+CFLAGS += -DUSE_OPENSSL=1
+LIBS += -lcrypto
+else
ifndef USE_CRYPT
-LIBS += -ldes $(LIBS)
+CFLAGS += -DUSE_LIBDES=1
+LIBS += -ldes
else
CFLAGS += -DUSE_CRYPT=1
+LIBS += -lcrypt
+endif
endif
PPPDOBJS += pppcrypt.o
HEADERS += pppcrypt.h
diff --git a/pppd/chap-new.c b/pppd/chap-new.c
index a3b7937..4730ce2 100644
--- a/pppd/chap-new.c
+++ b/pppd/chap-new.c
@@ -146,9 +146,6 @@
memset(&client, 0, sizeof(client));
memset(&server, 0, sizeof(server));
-#if defined(__ANDROID__)
- openssl_hash_init();
-#endif
chap_md5_init();
#ifdef CHAPMS
chapms_init();
diff --git a/pppd/openssl-hash.c b/pppd/openssl-hash.c
deleted file mode 100644
index 76b2af2..0000000
--- a/pppd/openssl-hash.c
+++ /dev/null
@@ -1,43 +0,0 @@
-/*
- * Copyright (C) 2009 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#include <openssl/evp.h>
-
-#include "pppd.h"
-
-const EVP_MD *sha1_md;
-const EVP_MD *md4_md;
-const EVP_MD *md5_md;
-
-void openssl_hash_init() {
- /* Use the SHA1 functions in openssl to save the flash space.*/
- OpenSSL_add_all_digests();
- sha1_md = EVP_get_digestbyname("sha1");
- if (!sha1_md) {
- dbglog("Error Unknown message digest SHA1\n");
- exit(1);
- }
- md4_md = EVP_get_digestbyname("md4");
- if (!md4_md) {
- dbglog("Error Unknown message digest MD4\n");
- exit(1);
- }
- md5_md = EVP_get_digestbyname("md5");
- if (!md5_md) {
- dbglog("Error Unknown message digest MD5\n");
- exit(1);
- }
-}
diff --git a/pppd/openssl-hash.h b/pppd/openssl-hash.h
index a2a5abe..a38cc7c 100644
--- a/pppd/openssl-hash.h
+++ b/pppd/openssl-hash.h
@@ -18,38 +18,14 @@
#define __OPENSSL_HASH__
#include <openssl/evp.h>
+#include <openssl/md4.h>
+#include <openssl/md5.h>
+#include <openssl/sha.h>
-extern const EVP_MD *sha1_md;
#define SHA1_SIGNATURE_SIZE 20
-#define SHA1_CTX EVP_MD_CTX
-#define SHA1_Init(ctx) { \
- EVP_MD_CTX_init(ctx); \
- EVP_DigestInit_ex(ctx, sha1_md, NULL); \
-}
-#define SHA1_Update EVP_DigestUpdate
-#define SHA1_Final(digest, ctx) { \
- int md_len; \
- EVP_DigestFinal_ex(ctx, digest, &md_len); \
-}
-
-extern const EVP_MD *md4_md;
-#define MD4_CTX EVP_MD_CTX
-#define MD4Init(ctx) { \
- EVP_MD_CTX_init(ctx); \
- EVP_DigestInit_ex(ctx, md4_md, NULL); \
-}
-#define MD4Update EVP_DigestUpdate
-#define MD4Final SHA1_Final
-
-extern const EVP_MD *md5_md;
-#define MD5_CTX EVP_MD_CTX
-#define MD5_Init(ctx) { \
- EVP_MD_CTX_init(ctx); \
- EVP_DigestInit_ex(ctx, md5_md, NULL); \
-}
-#define MD5_Update EVP_DigestUpdate
-#define MD5_Final SHA1_Final
-
-extern void openssl_hash_init();
+#define SHA1_CTX SHA_CTX
+#define MD4Init MD4_Init
+#define MD4Update MD4_Update
+#define MD4Final MD4_Final
#endif
diff --git a/pppd/pppcrypt.c b/pppd/pppcrypt.c
index 65e7282..0b2a11b 100644
--- a/pppd/pppcrypt.c
+++ b/pppd/pppcrypt.c
@@ -34,6 +34,25 @@
#include "pppd.h"
#include "pppcrypt.h"
+#if defined(__ANDROID__)
+/* This code can use one of three DES libraries. The first, if USE_LIBDES is
+ * defined, are the libdes functions. This interface is still supported by
+ * OpenSSL as backwards compatibility. If USE_CRYPT is defined then the
+ * libcrypt functions are used. Lastly, if USE_OPENSSL is defined the "modern"
+ * OpenSSL interface is used. */
+
+#if defined(USE_CRYPT)
+#include <crypt.h>
+#elif defined(USE_OPENSSL)
+#include <openssl/des.h>
+#elif defined(USE_LIBDES)
+#include <des.h>
+#else
+#error "Must define one of USE_CRYPT, USE_LIBDES or USE_OPENSSL"
+#endif
+
+#endif
+
static u_char
Get7Bits(input, startBit)
u_char *input;
@@ -63,12 +82,12 @@
des_key[6] = Get7Bits(key, 42);
des_key[7] = Get7Bits(key, 49);
-#ifndef USE_CRYPT
+#if defined(USE_LIBDES)
des_set_odd_parity((des_cblock *)des_key);
#endif
}
-#ifdef USE_CRYPT
+#if defined(USE_CRYPT)
/*
* in == 8-byte string (expanded version of the 56-bit key)
* out == 64-byte string where each byte is either 1 or 0
@@ -157,7 +176,40 @@
return (1);
}
-#else /* USE_CRYPT */
+#elif defined(USE_OPENSSL)
+static DES_key_schedule key_schedule;
+
+bool
+DesSetkey(key)
+u_char *key;
+{
+ DES_cblock des_key;
+ MakeKey(key, (u_char*) &des_key);
+ DES_set_key(&des_key, &key_schedule);
+ return (1);
+}
+
+bool
+DesEncrypt(clear, cipher)
+u_char *clear; /* IN 8 octets */
+u_char *cipher; /* OUT 8 octets */
+{
+ DES_ecb_encrypt((DES_cblock *)clear, (DES_cblock *)cipher,
+ &key_schedule, 1 /* encrypt */);
+ return (1);
+}
+
+bool
+DesDecrypt(cipher, clear)
+u_char *cipher; /* IN 8 octets */
+u_char *clear; /* OUT 8 octets */
+{
+ DES_ecb_encrypt((DES_cblock *)cipher, (DES_cblock *)clear,
+ &key_schedule, 0 /* decrypt */);
+ return (1);
+}
+
+#elif defined(USE_LIBDES)
static des_key_schedule key_schedule;
bool
@@ -194,4 +246,8 @@
return (1);
}
+#else
+
+#error "Must define one of USE_CRYPT, USE_LIBDES or USE_OPENSSL"
+
#endif /* USE_CRYPT */
diff --git a/pppd/pppcrypt.h b/pppd/pppcrypt.h
index 37968c4..d5deccd 100644
--- a/pppd/pppcrypt.h
+++ b/pppd/pppcrypt.h
@@ -33,18 +33,6 @@
#ifndef PPPCRYPT_H
#define PPPCRYPT_H
-#ifdef HAVE_CRYPT_H
-#include <crypt.h>
-#endif
-
-#ifndef USE_CRYPT
-#if defined(__ANDROID__)
-#include <openssl/des.h>
-#else
-#include <des.h>
-#endif
-#endif
-
extern bool DesSetkey __P((u_char *));
extern bool DesEncrypt __P((u_char *, u_char *));
extern bool DesDecrypt __P((u_char *, u_char *));
