bughz/3proxy
1
0
Fork 0
mirror of https://github.com/3proxy/3proxy.git synced 2026-05-13 13:30:12 +08:00
Code Issues Actions 4 Packages Projects Releases Wiki Activity

Revert usage of OpenSSL blake2 implementation

Browse Source
This commit is contained in:
Vladimir Dubrovin 2026-05-08 16:45:44 +03:00
parent 6963af7614
commit 8c638fcaff
7 changed files with 52 additions and 115 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
CMakeLists.txt
View File

@ -414,9 +414,7 @@ add_executable(3proxy
$<TARGET_OBJECTS:ftp_obj> $<TARGET_OBJECTS:ftp_obj>
$<TARGET_OBJECTS:3proxy_crypt_obj> $<TARGET_OBJECTS:3proxy_crypt_obj>
) )
if(NOT OpenSSL_FOUND)
target_sources(3proxy PRIVATE ${MD_SOURCES}) target_sources(3proxy PRIVATE ${MD_SOURCES})
endif()
if(OpenSSL_FOUND) if(OpenSSL_FOUND)
target_sources(3proxy PRIVATE src/ssllib.c src/ssl.c) target_sources(3proxy PRIVATE src/ssllib.c src/ssl.c)
@ -523,9 +521,7 @@ add_executable(3proxy_crypt
src/3proxy_crypt.c src/3proxy_crypt.c
$<TARGET_OBJECTS:base64_obj> $<TARGET_OBJECTS:base64_obj>
) )
if(NOT OpenSSL_FOUND)
target_sources(3proxy_crypt PRIVATE ${MD_SOURCES}) target_sources(3proxy_crypt PRIVATE ${MD_SOURCES})
endif()
target_compile_definitions(3proxy_crypt PRIVATE WITHMAIN) target_compile_definitions(3proxy_crypt PRIVATE WITHMAIN)
target_include_directories(3proxy_crypt PRIVATE target_include_directories(3proxy_crypt PRIVATE
${CMAKE_CURRENT_SOURCE_DIR}/src ${CMAKE_CURRENT_SOURCE_DIR}/src

56
src/3proxy_crypt.c
View File

@ -5,7 +5,7 @@
please read License Agreement please read License Agreement
*/ */
#include "blake2_compat.h" #include "libs/blake2.h"
#ifdef WITH_SSL #ifdef WITH_SSL
#include <openssl/evp.h> #include <openssl/evp.h>
#if OPENSSL_VERSION_NUMBER >= 0x30000000L #if OPENSSL_VERSION_NUMBER >= 0x30000000L
@ -33,50 +33,6 @@ EVP_MD *md4_hash = NULL;
EVP_MD *md5_hash = NULL; EVP_MD *md5_hash = NULL;
#endif #endif
#if defined(WITH_SSL) && OPENSSL_VERSION_NUMBER >= 0x10100000L
int blake2b_init_3p(blake2b_state *S, size_t outlen) {
*S = EVP_MD_CTX_new();
if (!*S) return -1;
(void)outlen;
if (!EVP_DigestInit_ex(*S, EVP_blake2b512(), NULL)) {
EVP_MD_CTX_free(*S);
*S = NULL;
return -1;
}
return 0;
}
int blake2b_update_3p(blake2b_state *S, const void *in, size_t inlen) {
if (inlen == 0) return 0;
return EVP_DigestUpdate(*S, in, inlen) ? 0 : -1;
}
int blake2b_final_3p(blake2b_state *S, void *out, size_t outlen) {
unsigned char tmp[64];
unsigned int len = 0;
int ret = EVP_DigestFinal_ex(*S, tmp, &len) ? 0 : -1;
memset(out, 0, outlen);
if (ret == 0) memcpy(out, tmp, outlen);
EVP_MD_CTX_free(*S);
*S = NULL;
return ret;
}
#else
int blake2b_final_3p(blake2b_state *S, void *out, size_t outlen) {
int res;
if(outlen < 64){
unsigned char tmp[64];
res = blake2b_final(S, tmp, 64);
memcpy(out, tmp, outlen > 64? 64 : outlen);
return res;
}
res = blake2b_final(S, out, 64);
if(outlen > 64) memset(out + 64, 0, outlen - 64);
return res;
}
#endif /* WITH_SSL && OPENSSL >= 1.1 */
void void
_crypt_to64(unsigned char *s, unsigned long v, int n) _crypt_to64(unsigned char *s, unsigned long v, int n)
{ {
@ -234,13 +190,15 @@ unsigned char * mycrypt(const unsigned char *pw, const unsigned char *salt, unsi
magic = (unsigned char *)"$3$"; magic = (unsigned char *)"$3$";
{ {
blake2b_state S; blake2b_state S;
if(blake2b_init_3p(&S, MD5_SIZE) != 0 || unsigned char _b2tmp[64];
blake2b_update_3p(&S, pw, strlen((char *)pw) + 1) != 0 || if(blake2b_init(&S, 64) != 0 ||
blake2b_update_3p(&S, sp, sl) != 0 || blake2b_update(&S, pw, strlen((char *)pw) + 1) != 0 ||
blake2b_final_3p(&S, final, MD5_SIZE) != 0) { blake2b_update(&S, sp, sl) != 0 ||
blake2b_final(&S, _b2tmp, 64) != 0) {
*passwd = 0; *passwd = 0;
return NULL; return NULL;
} }
memcpy(final, _b2tmp, MD5_SIZE);
} }
} }
else { else {

6
src/Makefile.inc
View File

@ -128,7 +128,7 @@ redirect$(OBJSUFFICS): redirect.c proxy.h structures.h
hash$(OBJSUFFICS): hash.c proxy.h structures.h hash$(OBJSUFFICS): hash.c proxy.h structures.h
$(CC) $(COUT)hash$(OBJSUFFICS) $(CFLAGS) hash.c $(CC) $(COUT)hash$(OBJSUFFICS) $(CFLAGS) hash.c
hashtables$(OBJSUFFICS): hashtables.c proxy.h structures.h blake2_compat.h hashtables$(OBJSUFFICS): hashtables.c proxy.h structures.h libs/blake2.h
$(CC) $(COUT)hashtables$(OBJSUFFICS) $(CFLAGS) hashtables.c $(CC) $(COUT)hashtables$(OBJSUFFICS) $(CFLAGS) hashtables.c
resolve$(OBJSUFFICS): resolve.c proxy.h structures.h resolve$(OBJSUFFICS): resolve.c proxy.h structures.h
@ -146,10 +146,10 @@ log$(OBJSUFFICS): log.c proxy.h structures.h
datatypes$(OBJSUFFICS): datatypes.c proxy.h structures.h datatypes$(OBJSUFFICS): datatypes.c proxy.h structures.h
$(CC) $(COUT)datatypes$(OBJSUFFICS) $(CFLAGS) datatypes.c $(CC) $(COUT)datatypes$(OBJSUFFICS) $(CFLAGS) datatypes.c
3proxy_crypt$(OBJSUFFICS): 3proxy_crypt.c blake2_compat.h 3proxy_crypt$(OBJSUFFICS): 3proxy_crypt.c libs/blake2.h
$(CC) $(COUT)3proxy_crypt$(OBJSUFFICS) $(CFLAGS) 3proxy_crypt.c $(CC) $(COUT)3proxy_crypt$(OBJSUFFICS) $(CFLAGS) 3proxy_crypt.c
3proxy_cryptmain$(OBJSUFFICS): 3proxy_crypt.c blake2_compat.h 3proxy_cryptmain$(OBJSUFFICS): 3proxy_crypt.c libs/blake2.h
$(CC) $(COUT)3proxy_cryptmain$(OBJSUFFICS) $(CFLAGS) $(DEFINEOPTION)WITHMAIN 3proxy_crypt.c $(CC) $(COUT)3proxy_cryptmain$(OBJSUFFICS) $(CFLAGS) $(DEFINEOPTION)WITHMAIN 3proxy_crypt.c
blake2$(OBJSUFFICS): libs/blake2b-ref.c blake2$(OBJSUFFICS): libs/blake2b-ref.c

10
src/auth.c
View File

@ -7,7 +7,7 @@
*/ */
#include "proxy.h" #include "proxy.h"
#include "blake2_compat.h" #include "libs/blake2.h"
void initbandlims(struct clientparam *param); void initbandlims(struct clientparam *param);
@ -231,12 +231,14 @@ int strongauth(struct clientparam * param){
if(!strncmp(pass + 1, (char *)param->password, pwl_table.recsize - 1)) return 0; if(!strncmp(pass + 1, (char *)param->password, pwl_table.recsize - 1)) return 0;
} else { } else {
blake2b_state S; blake2b_state S;
unsigned char _b2tmp[64];
unsigned hashsz; unsigned hashsz;
hashsz = pwl_table.recsize - 1 < 64 ? pwl_table.recsize - 1 : 64; hashsz = pwl_table.recsize - 1 < 64 ? pwl_table.recsize - 1 : 64;
memset(buf, 0, pwl_table.recsize - 1); memset(buf, 0, pwl_table.recsize - 1);
blake2b_init_3p(&S, hashsz); blake2b_init(&S, 64);
blake2b_update_3p(&S, param->password, pwlen + 1); blake2b_update(&S, param->password, pwlen + 1);
blake2b_final_3p(&S, buf, hashsz); blake2b_final(&S, _b2tmp, 64);
memcpy(buf, _b2tmp, hashsz);
if(!memcmp(pass + 1, buf, pwl_table.recsize - 1)) return 0; if(!memcmp(pass + 1, buf, pwl_table.recsize - 1)) return 0;
} }
return 6; return 6;

27
src/blake2_compat.h
View File

@ -1,27 +0,0 @@
#ifndef BLAKE2_COMPAT_H
#define BLAKE2_COMPAT_H
#if defined(WITH_SSL)
#include <openssl/opensslv.h>
#endif
#if defined(WITH_SSL) && OPENSSL_VERSION_NUMBER >= 0x10100000L
#include <openssl/evp.h>
typedef EVP_MD_CTX *blake2b_state;
int blake2b_init_3p(blake2b_state *S, size_t outlen);
int blake2b_update_3p(blake2b_state *S, const void *in, size_t inlen);
#else
#include "libs/blake2.h"
#define blake2b_init_3p(A,b) blake2b_init(A,64)
#define blake2b_update_3p blake2b_update
#endif
int blake2b_final_3p(blake2b_state *S, void *out, size_t outlen);
#endif /* BLAKE2_COMPAT_H */

10
src/conf.c
View File

@ -7,7 +7,7 @@
*/ */
#include "proxy.h" #include "proxy.h"
#include "blake2_compat.h" #include "libs/blake2.h"
#ifdef WITH_SSL #ifdef WITH_SSL
void ssl_install(void); void ssl_install(void);
#endif #endif
@ -559,11 +559,13 @@ static int h_users(int argc, unsigned char **argv){
if((unsigned)l >= pwl_table.recsize) { if((unsigned)l >= pwl_table.recsize) {
if(*pass != CL) continue; if(*pass != CL) continue;
blake2b_state S; blake2b_state S;
unsigned char _b2tmp[64];
unsigned hashsz; unsigned hashsz;
hashsz = pwl_table.recsize - 1 < 64 ? pwl_table.recsize - 1 : 64; hashsz = pwl_table.recsize - 1 < 64 ? pwl_table.recsize - 1 : 64;
blake2b_init_3p(&S, hashsz); blake2b_init(&S, 64);
blake2b_update_3p(&S, pw[1], l + 1); blake2b_update(&S, pw[1], l + 1);
blake2b_final_3p(&S, (uint8_t *)(pass + 1), hashsz); blake2b_final(&S, _b2tmp, 64);
memcpy((uint8_t *)(pass + 1), _b2tmp, hashsz);
} else { } else {
memcpy(pass + 1, pw[1], l); memcpy(pass + 1, pw[1], l);
} }

50
src/hashtables.c
View File

@ -1,5 +1,5 @@
#include "proxy.h" #include "proxy.h"
#include "blake2_compat.h" #include "libs/blake2.h"
static void char_index2hash(const struct hashtable *ht, void *index, uint8_t *hash){ static void char_index2hash(const struct hashtable *ht, void *index, uint8_t *hash){
@ -10,9 +10,11 @@ static void char_index2hash(const struct hashtable *ht, void *index, uint8_t *ha
memset(hash, 0, ht->hash_size); memset(hash, 0, ht->hash_size);
if(len <= ht->hash_size) memcpy(hash, index, len); if(len <= ht->hash_size) memcpy(hash, index, len);
else { else {
blake2b_init_3p(&S, ht->hash_size); unsigned char _b2tmp[64];
blake2b_update_3p(&S, index, strlen((const char*)index) + 1); blake2b_init(&S, 64);
blake2b_final_3p(&S, hash, ht->hash_size); blake2b_update(&S, index, strlen((const char*)index) + 1);
blake2b_final(&S, _b2tmp, 64);
memcpy(hash, _b2tmp, ht->hash_size);
} }
} }
@ -49,18 +51,20 @@ static void param2hash_add(const struct hashtable *ht, void *index, uint8_t *has
if((type & 2048)){ memcpy(hash + offset, SAPORT(&param->srv->intsa), p2len); offset += 2; } if((type & 2048)){ memcpy(hash + offset, SAPORT(&param->srv->intsa), p2len); offset += 2; }
} }
else { else {
blake2b_init_3p(&S, ht->hash_size); unsigned char _b2tmp[64];
if((type & 2) && param->username)blake2b_update_3p(&S, param->username, ulen); blake2b_init(&S, 64);
if((type & 4) && param->password)blake2b_update_3p(&S, param->password, plen); if((type & 2) && param->username)blake2b_update(&S, param->username, ulen);
if((type & 1) && !(type & 8))blake2b_update_3p(&S, SAADDR(&param->sincr), a1len); if((type & 4) && param->password)blake2b_update(&S, param->password, plen);
if((type & 16))blake2b_update_3p(&S, &param->srv->acl, acllen); if((type & 1) && !(type & 8))blake2b_update(&S, SAADDR(&param->sincr), a1len);
if((type & 64))blake2b_update_3p(&S, SAADDR(&param->req), a2len); if((type & 16))blake2b_update(&S, &param->srv->acl, acllen);
if((type & 128))blake2b_update_3p(&S, SAPORT(&param->req), 2); if((type & 64))blake2b_update(&S, SAADDR(&param->req), a2len);
if((type & 256) && param->hostname)blake2b_update_3p(&S, param->hostname, hlen); if((type & 128))blake2b_update(&S, SAPORT(&param->req), 2);
if((type & 512))blake2b_update_3p(&S, &param->operation, sizeof(param->operation)); if((type & 256) && param->hostname)blake2b_update(&S, param->hostname, hlen);
if((type & 1024))blake2b_update_3p(&S, SAADDR(&param->srv->intsa), a3len); if((type & 512))blake2b_update(&S, &param->operation, sizeof(param->operation));
if((type & 2048))blake2b_update_3p(&S, SAPORT(&param->srv->intsa), 2); if((type & 1024))blake2b_update(&S, SAADDR(&param->srv->intsa), a3len);
blake2b_final_3p(&S, hash, ht->hash_size); if((type & 2048))blake2b_update(&S, SAPORT(&param->srv->intsa), 2);
blake2b_final(&S, _b2tmp, 64);
memcpy(hash, _b2tmp, ht->hash_size);
} }
memcpy(param->hash, hash, ht->hash_size); memcpy(param->hash, hash, ht->hash_size);
} }
@ -74,12 +78,14 @@ void param2hash_search(const struct hashtable *ht, void *index, uint8_t *hash){
static void udpparam2hash(const struct hashtable *ht, void *index, uint8_t *hash){ static void udpparam2hash(const struct hashtable *ht, void *index, uint8_t *hash){
struct clientparam *param = (struct clientparam *)index; struct clientparam *param = (struct clientparam *)index;
blake2b_state S; blake2b_state S;
blake2b_init_3p(&S, ht->hash_size); unsigned char _b2tmp[64];
blake2b_update_3p(&S, SAADDR(&param->srv->intsa), SAADDRLEN(&param->srv->intsa)); blake2b_init(&S, 64);
blake2b_update_3p(&S, SAPORT(&param->srv->intsa), 2); blake2b_update(&S, SAADDR(&param->srv->intsa), SAADDRLEN(&param->srv->intsa));
blake2b_update_3p(&S, SAADDR(&param->sincr), SAADDRLEN(&param->sincr)); blake2b_update(&S, SAPORT(&param->srv->intsa), 2);
blake2b_update_3p(&S, SAPORT(&param->sincr), 2); blake2b_update(&S, SAADDR(&param->sincr), SAADDRLEN(&param->sincr));
blake2b_final_3p(&S, hash, ht->hash_size); blake2b_update(&S, SAPORT(&param->sincr), 2);
blake2b_final(&S, _b2tmp, 64);
memcpy(hash, _b2tmp, ht->hash_size);
} }
struct hashtable dns_table = {char_index2hash, char_index2hash, 4, 32}; struct hashtable dns_table = {char_index2hash, char_index2hash, 4, 32};