bughz/3proxy
1
0
Fork 0
mirror of https://github.com/3proxy/3proxy.git synced 2026-05-13 13:30:12 +08:00
Code Issues Actions 4 Packages Projects Releases Wiki Activity

Fix: symbols collision with openssl, could lead to crash
Some checks are pending
C/C++ CI Linux / ${{ matrix.target }} (ubuntu-24.04-arm) (push) Waiting to run
Details
C/C++ CI Linux / ${{ matrix.target }} (ubuntu-latest) (push) Waiting to run
Details
C/C++ CI MacOS / ${{ matrix.target }} (macos-15) (push) Waiting to run
Details
C/C++ CI Windows / ${{ matrix.target }} (windows-2022) (push) Waiting to run
Details
C/C++ CI cmake / ${{ matrix.target }} (macos-15) (push) Waiting to run
Details
C/C++ CI cmake / ${{ matrix.target }} (ubuntu-24.04-arm) (push) Waiting to run
Details
C/C++ CI cmake / ${{ matrix.target }} (ubuntu-latest) (push) Waiting to run
Details
C/C++ CI cmake / ${{ matrix.target }} (windows-2022) (push) Waiting to run
Details

Browse Source
This commit is contained in:
Vladimir Dubrovin 2026-05-08 14:03:47 +03:00
parent c104203765
commit f8c22d5f91
7 changed files with 89 additions and 100 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
CMakeLists.txt
View File

@ -405,7 +405,6 @@ endif()
add_executable(3proxy
${3PROXY_CORE_SOURCES}
${MD_SOURCES}
$<TARGET_OBJECTS:srv_modules>
$<TARGET_OBJECTS:srvudppm_obj>
$<TARGET_OBJECTS:mainfunc>
@ -415,6 +414,9 @@ add_executable(3proxy
$<TARGET_OBJECTS:ftp_obj>
$<TARGET_OBJECTS:3proxy_crypt_obj>
)
if(NOT OpenSSL_FOUND)
target_sources(3proxy PRIVATE ${MD_SOURCES})
endif()
if(OpenSSL_FOUND)
target_sources(3proxy PRIVATE src/ssllib.c src/ssl.c)
@ -519,9 +521,11 @@ endif()
# Build 3proxy_crypt utility
add_executable(3proxy_crypt
src/3proxy_crypt.c
${MD_SOURCES}
$<TARGET_OBJECTS:base64_obj>
)
if(NOT OpenSSL_FOUND)
target_sources(3proxy_crypt PRIVATE ${MD_SOURCES})
endif()
target_compile_definitions(3proxy_crypt PRIVATE WITHMAIN)
target_include_directories(3proxy_crypt PRIVATE
${CMAKE_CURRENT_SOURCE_DIR}/src

59
src/3proxy_crypt.c
View File

@ -8,7 +8,9 @@
#include "blake2_compat.h"
#ifdef WITH_SSL
#include <openssl/evp.h>
#ifndef WITHMAIN
#if OPENSSL_VERSION_NUMBER >= 0x30000000L
#include <openssl/params.h>
#include <openssl/core_names.h>
#endif
#endif
#include <string.h>
@ -29,9 +31,50 @@ static unsigned char itoa64[] =
#if defined(WITH_SSL)
EVP_MD *md4_hash = NULL;
EVP_MD *md5_hash = NULL;
EVP_MD *blake2_hash = NULL;
#endif
#if defined(WITH_SSL) && OPENSSL_VERSION_NUMBER >= 0x10100000L
int blake2b_init_3p(blake2b_state *S, size_t outlen) {
*S = EVP_MD_CTX_new();
if (!*S) return -1;
#if OPENSSL_VERSION_NUMBER >= 0x30000000L
size_t sz = outlen;
OSSL_PARAM params[2];
params[0] = OSSL_PARAM_construct_size_t(OSSL_DIGEST_PARAM_SIZE, &sz);
params[1] = OSSL_PARAM_construct_end();
if (!EVP_DigestInit_ex2(*S, EVP_blake2b512(), params)) {
#else
(void)outlen;
if (!EVP_DigestInit_ex(*S, EVP_blake2b512(), NULL)) {
#endif
EVP_MD_CTX_free(*S);
*S = NULL;
return -1;
}
return 0;
}
int blake2b_update_3p(blake2b_state *S, const void *in, size_t inlen) {
if (inlen == 0) return 0;
return EVP_DigestUpdate(*S, in, inlen) ? 0 : -1;
}
int blake2b_final_3p(blake2b_state *S, void *out, size_t outlen) {
#if OPENSSL_VERSION_NUMBER >= 0x30000000L
unsigned int len = 0;
int ret = EVP_DigestFinal_ex(*S, out, &len) ? 0 : -1;
#else
unsigned char tmp[64];
unsigned int len = 0;
int ret = EVP_DigestFinal_ex(*S, tmp, &len) ? 0 : -1;
if (ret == 0) memcpy(out, tmp, outlen);
#endif
EVP_MD_CTX_free(*S);
*S = NULL;
return ret;
}
#endif /* WITH_SSL && OPENSSL >= 1.1 */
void
_crypt_to64(unsigned char *s, unsigned long v, int n)
{
@ -189,10 +232,10 @@ unsigned char * mycrypt(const unsigned char *pw, const unsigned char *salt, unsi
magic = (unsigned char *)"$3$";
{
blake2b_state S;
if(blake2b_init(&S, MD5_SIZE) != 0 ||
blake2b_update(&S, pw, strlen((char *)pw) + 1) != 0 ||
blake2b_update(&S, sp, sl) != 0 ||
blake2b_final(&S, final, MD5_SIZE) != 0) {
if(blake2b_init_3p(&S, MD5_SIZE) != 0 ||
blake2b_update_3p(&S, pw, strlen((char *)pw) + 1) != 0 ||
blake2b_update_3p(&S, sp, sl) != 0 ||
blake2b_final_3p(&S, final, MD5_SIZE) != 0) {
*passwd = 0;
return NULL;
}
@ -268,10 +311,6 @@ int main(int argc, char* argv[]){
if (md5_hash == NULL) {
fprintf(stderr, "Error fetching MD5\n");
}
blake2_hash = EVP_blake2b512();
if (blake2_hash == NULL) {
fprintf(stderr, "Error fetching Blake2\n");
}
#endif
if(argc == 2) {
#ifdef WITH_SSL

6
src/auth.c
View File

@ -234,9 +234,9 @@ int strongauth(struct clientparam * param){
unsigned hashsz;
hashsz = pwl_table.recsize - 1 < 64 ? pwl_table.recsize - 1 : 64;
memset(buf, 0, pwl_table.recsize - 1);
blake2b_init(&S, hashsz);
blake2b_update(&S, param->password, pwlen + 1);
blake2b_final(&S, buf, hashsz);
blake2b_init_3p(&S, hashsz);
blake2b_update_3p(&S, param->password, pwlen + 1);
blake2b_final_3p(&S, buf, hashsz);
if(!memcmp(pass + 1, buf, pwl_table.recsize - 1)) return 0;
}
return 6;

63
src/blake2_compat.h
View File

@ -8,70 +8,21 @@
#if defined(WITH_SSL) && OPENSSL_VERSION_NUMBER >= 0x10100000L
#include <openssl/evp.h>
#include <string.h>
#if OPENSSL_VERSION_NUMBER >= 0x30000000L
#include <openssl/params.h>
#include <openssl/core_names.h>
#endif
/*
* OpenSSL 1.1.0+ BLAKE2b implementation.
* Provides the same streaming API as libs/blake2.h but uses EVP internally.
*
* OpenSSL 3.0+: uses OSSL_DIGEST_PARAM_SIZE for proper custom output sizes.
* OpenSSL 1.1.x: computes full 64-byte output and truncates in blake2b_final.
*/
typedef EVP_MD_CTX *blake2b_state;
extern EVP_MD *blake2_hash;
static int blake2b_init(blake2b_state *S, size_t outlen) {
*S = EVP_MD_CTX_new();
if (!*S) return -1;
#if OPENSSL_VERSION_NUMBER >= 0x30000000L
size_t sz = outlen;
OSSL_PARAM params[2];
params[0] = OSSL_PARAM_construct_size_t(OSSL_DIGEST_PARAM_SIZE, &sz);
params[1] = OSSL_PARAM_construct_end();
if (!EVP_DigestInit_ex2(*S, blake2_hash, params)) {
#else
(void)outlen;
if (!EVP_DigestInit_ex(*S, blake2_hash, NULL)) {
#endif
EVP_MD_CTX_free(*S);
*S = NULL;
return -1;
}
return 0;
}
static int blake2b_update(blake2b_state *S, const void *in, size_t inlen) {
if (inlen == 0) return 0;
return EVP_DigestUpdate(*S, in, inlen) ? 0 : -1;
}
static int blake2b_final(blake2b_state *S, void *out, size_t outlen) {
#if OPENSSL_VERSION_NUMBER >= 0x30000000L
unsigned int len = 0;
int ret = EVP_DigestFinal_ex(*S, out, &len) ? 0 : -1;
#else
unsigned char tmp[64];
unsigned int len = 0;
int ret = EVP_DigestFinal_ex(*S, tmp, &len) ? 0 : -1;
if (ret == 0) memcpy(out, tmp, outlen);
#endif
EVP_MD_CTX_free(*S);
*S = NULL;
return ret;
}
int blake2b_init_3p(blake2b_state *S, size_t outlen);
int blake2b_update_3p(blake2b_state *S, const void *in, size_t inlen);
int blake2b_final_3p(blake2b_state *S, void *out, size_t outlen);
#else
#include "libs/blake2.h"
#define blake2b_init_3p blake2b_init
#define blake2b_update_3p blake2b_update
#define blake2b_final_3p blake2b_final
#endif
#endif /* BLAKE2_COMPAT_H */

6
src/conf.c
View File

@ -561,9 +561,9 @@ static int h_users(int argc, unsigned char **argv){
blake2b_state S;
unsigned hashsz;
hashsz = pwl_table.recsize - 1 < 64 ? pwl_table.recsize - 1 : 64;
blake2b_init(&S, hashsz);
blake2b_update(&S, pw[1], l + 1);
blake2b_final(&S, (uint8_t *)(pass + 1), hashsz);
blake2b_init_3p(&S, hashsz);
blake2b_update_3p(&S, pw[1], l + 1);
blake2b_final_3p(&S, (uint8_t *)(pass + 1), hashsz);
} else {
memcpy(pass + 1, pw[1], l);
}

42
src/hashtables.c
View File

@ -10,9 +10,9 @@ static void char_index2hash(const struct hashtable *ht, void *index, uint8_t *ha
memset(hash, 0, ht->hash_size);
if(len <= ht->hash_size) memcpy(hash, index, len);
else {
blake2b_init(&S, ht->hash_size);
blake2b_update(&S, index, strlen((const char*)index) + 1);
blake2b_final(&S, hash, ht->hash_size);
blake2b_init_3p(&S, ht->hash_size);
blake2b_update_3p(&S, index, strlen((const char*)index) + 1);
blake2b_final_3p(&S, hash, ht->hash_size);
}
}
@ -49,18 +49,18 @@ static void param2hash_add(const struct hashtable *ht, void *index, uint8_t *has
if((type & 2048)){ memcpy(hash + offset, SAPORT(&param->srv->intsa), p2len); offset += 2; }
}
else {
blake2b_init(&S, ht->hash_size);
if((type & 2) && param->username)blake2b_update(&S, param->username, ulen);
if((type & 4) && param->password)blake2b_update(&S, param->password, plen);
if((type & 1) && !(type & 8))blake2b_update(&S, SAADDR(&param->sincr), a1len);
if((type & 16))blake2b_update(&S, &param->srv->acl, acllen);
if((type & 64))blake2b_update(&S, SAADDR(&param->req), a2len);
if((type & 128))blake2b_update(&S, SAPORT(&param->req), 2);
if((type & 256) && param->hostname)blake2b_update(&S, param->hostname, hlen);
if((type & 512))blake2b_update(&S, &param->operation, sizeof(param->operation));
if((type & 1024))blake2b_update(&S, SAADDR(&param->srv->intsa), a3len);
if((type & 2048))blake2b_update(&S, SAPORT(&param->srv->intsa), 2);
blake2b_final(&S, hash, ht->hash_size);
blake2b_init_3p(&S, ht->hash_size);
if((type & 2) && param->username)blake2b_update_3p(&S, param->username, ulen);
if((type & 4) && param->password)blake2b_update_3p(&S, param->password, plen);
if((type & 1) && !(type & 8))blake2b_update_3p(&S, SAADDR(&param->sincr), a1len);
if((type & 16))blake2b_update_3p(&S, &param->srv->acl, acllen);
if((type & 64))blake2b_update_3p(&S, SAADDR(&param->req), a2len);
if((type & 128))blake2b_update_3p(&S, SAPORT(&param->req), 2);
if((type & 256) && param->hostname)blake2b_update_3p(&S, param->hostname, hlen);
if((type & 512))blake2b_update_3p(&S, &param->operation, sizeof(param->operation));
if((type & 1024))blake2b_update_3p(&S, SAADDR(&param->srv->intsa), a3len);
if((type & 2048))blake2b_update_3p(&S, SAPORT(&param->srv->intsa), 2);
blake2b_final_3p(&S, hash, ht->hash_size);
}
memcpy(param->hash, hash, ht->hash_size);
}
@ -74,12 +74,12 @@ void param2hash_search(const struct hashtable *ht, void *index, uint8_t *hash){
static void udpparam2hash(const struct hashtable *ht, void *index, uint8_t *hash){
struct clientparam *param = (struct clientparam *)index;
blake2b_state S;
blake2b_init(&S, ht->hash_size);
blake2b_update(&S, SAADDR(&param->srv->intsa), SAADDRLEN(&param->srv->intsa));
blake2b_update(&S, SAPORT(&param->srv->intsa), 2);
blake2b_update(&S, SAADDR(&param->sincr), SAADDRLEN(&param->sincr));
blake2b_update(&S, SAPORT(&param->sincr), 2);
blake2b_final(&S, hash, ht->hash_size);
blake2b_init_3p(&S, ht->hash_size);
blake2b_update_3p(&S, SAADDR(&param->srv->intsa), SAADDRLEN(&param->srv->intsa));
blake2b_update_3p(&S, SAPORT(&param->srv->intsa), 2);
blake2b_update_3p(&S, SAADDR(&param->sincr), SAADDRLEN(&param->sincr));
blake2b_update_3p(&S, SAPORT(&param->sincr), 2);
blake2b_final_3p(&S, hash, ht->hash_size);
}
struct hashtable dns_table = {char_index2hash, char_index2hash, 4, 32};

5
src/ssllib.c
View File

@ -281,7 +281,6 @@ int ssl_init_done = 0;
OSSL_LIB_CTX *library_ctx = NULL;
extern EVP_MD *md4_hash;
extern EVP_MD *md5_hash;
extern EVP_MD *blake2_hash;
void ssl_init()
@ -305,10 +304,6 @@ void ssl_init()
if (md5_hash == NULL) {
fprintf(stderr, "Error fetching MD5\n");
}
blake2_hash = EVP_blake2b512();
if (blake2_hash == NULL) {
fprintf(stderr, "Error fetching Blake2\n");
}
}
}