01_port_to_gcrypt.patch

Paul Wise <pabs@debian.org>

Placed in the public domain

Port to libgcrypt to avoid GPL/OpenSSL incompatibility

Forwarded to Petter Nordahl-Hagen <pnordahl@eunet.no>

Updated by Philippe Coval <rzr@gna.org> for debian

--- a/chntpw.c

+++ b/chntpw.c

@@ -16,6 +16,7 @@

  * 2010-jun: Syskey not visible in menu, but is selectable (2)

  * 2010-apr: Interactive menu adapts to show most relevant

  *           selections based on what is loaded

+ * 2008-may: port to libgcrypt to avoid GPL/OpenSSL incompatibility [Debian]

  * 2008-mar: Minor other tweaks

  * 2008-mar: Interactive reg ed moved out of this file, into edlib.c

  * 2008-mar: 64 bit compatible patch by Mike Doty, via Alon Bar-Lev

@@ -79,8 +80,14 @@

  */

 #ifdef DOCRYPTO

+#if defined(USEOPENSSL)

 #include <openssl/des.h>

 #include <openssl/md4.h>

+#elif defined(USELIBGCRYPT)

+  #include <gcrypt.h>

+#else

+  #error No DES encryption and MD4 hashing library found

+#endif

 #endif

 #define uchar u_char

@@ -155,7 +162,9 @@

 	for (i=0;i<8;i++) {

 		key[i] = (key[i]<<1);

 	}

+#if defined(USEOPENSSL)

 	DES_set_odd_parity((des_cblock *)key);

+#endif

 }

 /*

@@ -200,6 +209,7 @@

 void E1(uchar *k, uchar *d, uchar *out)

 {

+#if defined(USEOPENSSL)

   des_key_schedule ks;

   des_cblock deskey;

@@ -210,6 +220,15 @@

   des_set_key((des_cblock *)deskey,ks);

 #endif /* __FreeBsd__ */

   des_ecb_encrypt((des_cblock *)d,(des_cblock *)out, ks, DES_ENCRYPT);

+#elif defined(USELIBGCRYPT)

+  gcry_cipher_hd_t ks;

+  uchar deskey[8];

+  str_to_key(k,deskey);

+  gcry_cipher_open(&ks, GCRY_CIPHER_DES, GCRY_CIPHER_MODE_ECB, 0);

+  gcry_cipher_setkey(ks, deskey, 8);

+  gcry_cipher_encrypt(ks, out, 8, d, 8);

+  gcry_cipher_close(ks);

+#endif

 }

 #endif   /* DOCRYPTO */

@@ -343,9 +362,16 @@

    int i;

    char md4[32],lanman[32];

    char newunipw[34], despw[20], newlanpw[16], newlandes[20];

+#ifdef USEOPENSSL

    des_key_schedule ks1, ks2;

    des_cblock deskey1, deskey2;

    MD4_CTX context;

+#elif defined(USELIBGCRYPT)

+   gcry_cipher_hd_t ks1, ks2;

+   uchar deskey1[8], deskey2[8];

+   unsigned char *p;

+   gcry_md_hd_t context;

+#endif

    unsigned char digest[16];

    uchar x1[] = {0x4B,0x47,0x53,0x21,0x40,0x23,0x24,0x25};

 #endif

@@ -460,6 +486,7 @@

    }

 #ifdef DOCRYPTO

+#if defined(USEOPENSSL)

    /* Get the two decrpt keys. */

    sid_to_key1(rid,(unsigned char *)deskey1);

    des_set_key((des_cblock *)deskey1,ks1);

@@ -477,6 +504,25 @@

 		   (des_cblock *)lanman, ks1, DES_DECRYPT);

    des_ecb_encrypt((des_cblock *)(vp+lmpw_offs + 8),

 		   (des_cblock *)&lanman[8], ks2, DES_DECRYPT);

+#elif defined(USELIBGCRYPT)

+   /* Start the keys */

+   gcry_cipher_open(&ks1, GCRY_CIPHER_DES, GCRY_CIPHER_MODE_ECB, 0);

+   gcry_cipher_open(&ks2, GCRY_CIPHER_DES, GCRY_CIPHER_MODE_ECB, 0);

+

+   /* Get the two decrpt keys. */

+   sid_to_key1(rid,deskey1);

+   gcry_cipher_setkey(ks1, deskey1, 8);

+   sid_to_key2(rid,deskey2);

+   gcry_cipher_setkey(ks2, deskey2, 8);

+

+   /* Decrypt the NT md4 password hash as two 8 byte blocks. */

+   gcry_cipher_decrypt(ks1, md4, 8, vp+ntpw_offs, 8);

+   gcry_cipher_decrypt(ks2, &md4[8], 8, vp+ntpw_offs+8, 8);

+

+   /* Decrypt the lanman password hash as two 8 byte blocks. */

+   gcry_cipher_decrypt(ks1, lanman, 8, vp+lmpw_offs, 8);

+   gcry_cipher_decrypt(ks2, &lanman[8], 8, vp+lmpw_offs+8, 8);

+#endif

    if (gverbose) {

      hexprnt("MD4 hash     : ",(unsigned char *)md4,16);

@@ -544,9 +590,17 @@

      /*   printf("Ucase Lanman: %s\n",newlanpw); */

+#if defined(USEOPENSSL)

      MD4Init (&context);

      MD4Update (&context, newunipw, pl<<1);

      MD4Final (digest, &context);

+#elif defined(USELIBGCRYPT)

+     gcry_md_open(&context, GCRY_MD_MD4, 0);

+     gcry_md_write(context, newunipw, pl<<1);

+     p = gcry_md_read(context, GCRY_MD_MD4);

+     if(p) memcpy(digest, p, gcry_md_get_algo_dlen(GCRY_MD_MD4));

+     gcry_md_close(context);

+#endif

      if (gverbose) hexprnt("\nNEW MD4 hash    : ",digest,16);

@@ -555,6 +609,7 @@

      if (gverbose) hexprnt("NEW LANMAN hash : ",(unsigned char *)lanman,16);

+#if defined(USEOPENSSL)

      /* Encrypt the NT md4 password hash as two 8 byte blocks. */

      des_ecb_encrypt((des_cblock *)digest,

 		     (des_cblock *)despw, ks1, DES_ENCRYPT);

@@ -565,6 +620,18 @@

 		     (des_cblock *)newlandes, ks1, DES_ENCRYPT);

      des_ecb_encrypt((des_cblock *)(lanman+8),

 		     (des_cblock *)&newlandes[8], ks2, DES_ENCRYPT);

+#elif defined(USELIBGCRYPT)

+     /* Encrypt the NT md4 password hash as two 8 byte blocks. */

+     gcry_cipher_encrypt(ks1, despw, 8, digest, 8);

+     gcry_cipher_encrypt(ks2, &despw[8], 8, digest+8, 8);

+

+     gcry_cipher_encrypt(ks1, newlandes, 8, lanman, 8);

+     gcry_cipher_encrypt(ks2, &newlandes[8], 8, lanman+8, 8);

+

+     /* Close keys, not needed after this */

+     gcry_cipher_close(ks1);

+     gcry_cipher_close(ks2);

+#endif

      if (gverbose) {

        hexprnt("NEW DES crypt   : ",(unsigned char *)despw,16);

--- a/Makefile

+++ b/Makefile

@@ -2,28 +2,10 @@

 # Makefile for the Offline NT Password Editor

 #

-#

-# Change here to point to the needed OpenSSL libraries & .h files

-# See INSTALL for more info.

-#

-

-#SSLPATH=/usr/local/ssl

-OSSLPATH=/usr

-OSSLINC=$(OSSLPATH)/include

 CC=gcc

+CFLAGS=-DUSELIBGCRYPT -g -I. $(shell libgcrypt-config --cflags) -Wall $(EXTRA_CFLAGS)

-# Force 32 bit

-CFLAGS= -DUSEOPENSSL -g -I. -I$(OSSLINC) -Wall -m32 

-OSSLLIB=$(OSSLPATH)/lib

-

-# 64 bit if default for compiler setup

-#CFLAGS= -DUSEOPENSSL -g -I. -I$(OSSLINC) -Wall

-#OSSLLIB=$(OSSLPATH)/lib64

-

-

-# This is to link with whatever we have, SSL crypto lib we put in static

-#LIBS=-L$(OSSLLIB) $(OSSLLIB)/libcrypto.a

-LIBS=-L$(OSSLLIB)

+LIBS=$(shell libgcrypt-config --libs)

 all: chntpw chntpw.static cpnt reged reged.static samusrgrp samusrgrp.static sampasswd sampasswd.static