From: Timo Sirainen <tss@iki.fi>
Date: Sun, 30 May 2004 01:39:58 +0000 (+0300)
Subject: SHA1 support via OpenSSL
X-Git-Tag: 1.1.alpha1~4026
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=80c035e5559f877a7f5058589c41164995919a71;p=thirdparty%2Fdovecot%2Fcore.git

SHA1 support via OpenSSL

--HG--
branch : HEAD
---

diff --git a/configure.in b/configure.in
index 03400b450e..0c32ec4a8e 100644
--- a/configure.in
+++ b/configure.in
@@ -580,6 +580,13 @@ else
 fi
 AC_SUBST(RAND_LIBS)
 
+AC_CHECK_LIB(crypto, SHA1_Init, [
+  AC_CHECK_HEADER(openssl/sha.h, [
+    AC_DEFINE(HAVE_OPENSSL_SHA1,, Define if you have SHA1 in OpenSSL)
+    AUTH_LIBS=-lcrypto
+  ])
+])
+
 dnl * do we have tm_gmtoff
 AC_MSG_CHECKING([for tm_gmtoff])
 AC_CACHE_VAL(i_cv_field_tm_gmtoff,
diff --git a/src/auth/password-scheme.c b/src/auth/password-scheme.c
index dfcfe99b31..8d01a9da2d 100644
--- a/src/auth/password-scheme.c
+++ b/src/auth/password-scheme.c
@@ -1,19 +1,25 @@
 /* Copyright (C) 2003 Timo Sirainen */
 
 #include "lib.h"
+#include "base64.h"
 #include "hex-binary.h"
 #include "md5.h"
 #include "mycrypt.h"
 #include "randgen.h"
+#include "str.h"
 #include "password-scheme.h"
 
+#ifdef HAVE_OPENSSL_SHA1
+#  include <openssl/sha.h>
+#endif
+
 static const char *salt_chars =
 	"./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
 
 int password_verify(const char *plaintext, const char *password,
 		    const char *scheme, const char *user)
 {
-	unsigned char digest[16];
+	unsigned char md5_digest[16];
 	const char *realm, *str;
 
 	if (password == NULL)
@@ -26,6 +32,18 @@ int password_verify(const char *plaintext, const char *password,
                 str = password_generate_md5_crypt(plaintext, password);
 		return strcmp(str, password) == 0;
 	}
+#ifdef HAVE_OPENSSL_SHA1
+	if (strcasecmp(scheme, "SHA1") == 0) {
+		unsigned char sha1_digest[SHA_DIGEST_LENGTH];
+		string_t *str;
+
+		SHA1(plaintext, strlen(plaintext), sha1_digest);
+
+		str = t_str_new(64);
+		base64_encode(sha1_digest, sizeof(sha1_digest), str);
+		return strcasecmp(str_c(str), password) == 0;
+	}
+#endif
 
 	if (strcasecmp(scheme, "PLAIN") == 0)
 		return strcmp(password, plaintext) == 0;
@@ -42,15 +60,15 @@ int password_verify(const char *plaintext, const char *password,
 
 		str = t_strconcat(t_strcut(user, '@'), ":", realm,  ":",
 				  plaintext, NULL);
-		md5_get_digest(str, strlen(str), digest);
-		str = binary_to_hex(digest, sizeof(digest));
+		md5_get_digest(str, strlen(str), md5_digest);
+		str = binary_to_hex(md5_digest, sizeof(md5_digest));
 
 		return strcasecmp(str, password) == 0;
 	}
 
 	if (strcasecmp(scheme, "PLAIN-MD5") == 0) {
-		md5_get_digest(plaintext, strlen(plaintext), digest);
-		str = binary_to_hex(digest, sizeof(digest));
+		md5_get_digest(plaintext, strlen(plaintext), md5_digest);
+		str = binary_to_hex(md5_digest, sizeof(md5_digest));
 		return strcasecmp(str, password) == 0;
 	}