--- john/Makefile 2021-04-09 16:55:04.889319000 +0200 +++ john/Makefile 2021-04-09 18:25:35.316147000 +0200 @@ -4,7 +4,7 @@ PORTNAME= john # NB: starting from the next version, community-enhanced (jumbo) patch # should be offered as an option (suggested by Solar Designer himself). -DISTVERSION= 1.8.0-jumbo-1 +DISTVERSION= 1.9.0-jumbo-1 PORTREVISION= 6 CATEGORIES= security MASTER_SITES= http://www.openwall.com/john/j/ \ @@ -30,7 +30,7 @@ ALL_TARGET= default -BINARIES= calc_stat cprepair genmkvpwd john luks2john mkvcalcproba \ +BINARIES= calc_stat cprepair genmkvpwd john mkvcalcproba \ raw2dyna SIPdump tgtsnarf uaf2john vncpcap2john wpapcap2john BINLINKS= base64conv dmg2john gpg2john hccap2john keepass2john \ @@ -50,27 +50,6 @@ OPENCL_CONFIGURE_ENABLE= opencl OPENCL_DESC= Build with OpenCL support -post-extract: - @${RM} ${WRKSRC}/pfx_fmt_plug.c ${WRKSRC}/rawSHA0_fmt_plug.c \ - ${WRKSRC}/ssh_fmt_plug.c \ - -post-patch: - @${REINPLACE_CMD} -e 's|/usr|${PREFIX}|' ${WRKSRC}/params.h -# Replace methods and types that were marked deprecated by OpenSSL 0.9.7 -# and removed in OpenSSL 1.1.0 and LibreSSL - @${REINPLACE_CMD} -e 's|des_string_to_key|DES_string_to_key|' \ - ${WRKSRC}/KRB4_fmt_plug.c - @${REINPLACE_CMD} -e 's|des_set_odd_parity|DES_set_odd_parity|' \ - ${WRKSRC}/KRB4_std_plug.c - @${REINPLACE_CMD} -e 's|C_Block|DES_cblock|' \ - ${WRKSRC}/efs_fmt_plug.c \ - ${WRKSRC}/gpg_fmt_plug.c \ - ${WRKSRC}/keychain_fmt_plug.c \ - ${WRKSRC}/mozilla_ng_fmt_plug.c \ - ${WRKSRC}/opencl_gpg_fmt_plug.c \ - ${WRKSRC}/opencl_keychain_fmt_plug.c \ - ${WRKSRC}/ssh_ng_fmt_plug.c - do-install: .for b in ${BINARIES} ${INSTALL_PROGRAM} ${WRKSRC}/../run/${b} ${STAGEDIR}${PREFIX}/bin @@ -79,15 +58,30 @@ ${LN} -sf john ${STAGEDIR}${PREFIX}/bin/${l} .endfor @${MKDIR} ${STAGEDIR}${DATADIR}/extra + @${MKDIR} ${STAGEDIR}${DATADIR}/rules + @${MKDIR} ${STAGEDIR}${DATADIR}/extra/lib + @${MKDIR} ${STAGEDIR}${DATADIR}/extra/dns + @${MKDIR} ${STAGEDIR}${DATADIR}/extra/ztex cd ${WRKSRC}/../run && ${INSTALL_DATA} *.chr *.conf *.lst \ ${STAGEDIR}${DATADIR} - cd ${WRKSRC}/../run && ${INSTALL_DATA} *.?? benchmark-unify \ + cd ${WRKSRC}/../run && ${INSTALL_DATA} *.?? *.lua benchmark-unify \ dictionary.rfc2865 john.*sh_completion mailer makechr \ - relbench stats ${STAGEDIR}${DATADIR}/extra + bitlocker2john eapmd5tojohn relbench stats \ + ${STAGEDIR}${DATADIR}/extra + cd ${WRKSRC}/../run/rules && ${INSTALL_DATA} *.rule ${STAGEDIR}${DATADIR}/rules + cd ${WRKSRC}/../run/lib && ${INSTALL_DATA} *.pm ${STAGEDIR}${DATADIR}/extra/lib + cd ${WRKSRC}/../run/dns && ${INSTALL_DATA} README.txt __init__.py \ + _compat.py exception.py flags.py hash.py message.py name.py \ + opcode.py rdata.py rdataclass.py rdataset.py rdatatype.py \ + rrset.py set.py tokenizer.py tsig.py tsigkeyring.py wiredata.py \ + ${STAGEDIR}${DATADIR}/extra/dns + cd ${WRKSRC}/../run/ztex && ${INSTALL_DATA} *.??? ${STAGEDIR}${DATADIR}/extra/ztex do-install-DOCS-on: @${MKDIR} ${STAGEDIR}${DOCSDIR} + @${MKDIR} ${STAGEDIR}${DOCSDIR}/extras @${RM} ${WRKSRC}/../doc/COPYING - ${INSTALL_DATA} ${WRKSRC}/../doc/* ${STAGEDIR}${DOCSDIR} + ${INSTALL_DATA} ${WRKSRC}/../doc/[A-Zdp]* ${STAGEDIR}${DOCSDIR} + ${INSTALL_DATA} ${WRKSRC}/../doc/extras/* ${STAGEDIR}${DOCSDIR}/extras .include --- john/distinfo 2016-11-12 16:16:56.000000000 +0100 +++ john/distinfo 2021-04-09 16:23:54.048227000 +0200 @@ -1,3 +1,3 @@ -TIMESTAMP = 1418916028 -SHA256 (john-1.8.0-jumbo-1.tar.xz) = bac93d025995a051f055adbd7ce2f1975676cac6c74a6c7a3ee4cfdd9c160923 -SIZE (john-1.8.0-jumbo-1.tar.xz) = 23232492 +TIMESTAMP = 1617813899 +SHA256 (john-1.9.0-jumbo-1.tar.xz) = f5d123f82983c53d8cc598e174394b074be7a77756f5fb5ed8515918c81e7f3b +SIZE (john-1.9.0-jumbo-1.tar.xz) = 33638768 --- john/files/patch-Makefile.in 2019-03-07 12:37:55.000000000 +0100 +++ john/files/patch-Makefile.in 1970-01-01 01:00:00.000000000 +0100 @@ -1,61 +0,0 @@ ---- Makefile.in.orig 2014-12-18 13:53:53 UTC -+++ Makefile.in -@@ -84,8 +84,6 @@ JOHN_OBJS = \ - base64.o base64_convert.o \ - md4.o sha2.o \ - dynamic_fmt.o dynamic_parser.o dynamic_preloads.o dynamic_utils.o dynamic_big_crypt.o \ -- ssh2john.o \ -- pfx2john.o \ - unrarcmd.o unrarfilter.o unrarhlp.o unrar.o unrarppm.o unrarvm.o \ - rar2john.o \ - zip2john.o gladman_hmac.o gladman_pwd2key.o \ -@@ -132,10 +130,10 @@ GENMKVPWD_OBJS = \ - genmkvpwd.o mkvlib.o memory.o miscnl.o path.o memdbg.o - - PROJ = ../run/john@EXE_EXT@ ../run/unshadow@EXE_EXT@ ../run/unafs@EXE_EXT@ ../run/unique@EXE_EXT@ ../run/undrop@EXE_EXT@ \ -- ../run/ssh2john@EXE_EXT@ ../run/rar2john@EXE_EXT@ ../run/zip2john@EXE_EXT@ \ -+ ../run/rar2john@EXE_EXT@ ../run/zip2john@EXE_EXT@ \ - ../run/genmkvpwd@EXE_EXT@ ../run/mkvcalcproba@EXE_EXT@ ../run/calc_stat@EXE_EXT@ \ - ../run/tgtsnarf@EXE_EXT@ ../run/racf2john@EXE_EXT@ ../run/hccap2john@EXE_EXT@ \ -- ../run/pwsafe2john@EXE_EXT@ ../run/raw2dyna@EXE_EXT@ ../run/keepass2john@EXE_EXT@ ../run/pfx2john@EXE_EXT@ \ -+ ../run/pwsafe2john@EXE_EXT@ ../run/raw2dyna@EXE_EXT@ ../run/keepass2john@EXE_EXT@ \ - ../run/keychain2john@EXE_EXT@ ../run/keyring2john@EXE_EXT@ ../run/kwallet2john@EXE_EXT@ \ - ../run/dmg2john@EXE_EXT@ ../run/putty2john@EXE_EXT@ ../run/uaf2john@EXE_EXT@ \ - ../run/truecrypt_volume2john@EXE_EXT@ ../run/keystore2john@EXE_EXT@ ../run/wpapcap2john@EXE_EXT@ \ -@@ -305,18 +303,10 @@ miscnl.o: misc.c - $(RM) ../run/undrop - $(LN) john ../run/undrop - --../run/ssh2john: ../run/john -- $(RM) ../run/ssh2john -- $(LN) john ../run/ssh2john -- - ../run/putty2john: ../run/john - $(RM) ../run/putty2john - $(LN) john ../run/putty2john - --../run/pfx2john: ../run/john -- $(RM) ../run/pfx2john -- $(LN) john ../run/pfx2john -- - ../run/keepass2john: ../run/john - $(RM) ../run/keepass2john - $(LN) john ../run/keepass2john -@@ -397,17 +387,9 @@ miscnl.o: misc.c - $(CC) symlink.c -o ../run/undrop.exe - $(STRIP) ../run/undrop.exe - --../run/ssh2john.exe: symlink.c -- $(CC) symlink.c -o ../run/ssh2john.exe -- $(STRIP) ../run/ssh2john.exe -- - ../run/putty2john.exe: symlink.c - $(CC) symlink.c -o ../run/putty2john.exe - $(STRIP) ../run/putty2john.exe -- --../run/pfx2john.exe: symlink.c -- $(CC) symlink.c -o ../run/pfx2john.exe -- $(STRIP) ../run/pfx2john.exe - - ../run/keepass2john.exe: symlink.c - $(CC) symlink.c -o ../run/keepass2john.exe --- john/files/patch-Makefile.legacy 2019-03-07 12:37:55.000000000 +0100 +++ john/files/patch-Makefile.legacy 1970-01-01 01:00:00.000000000 +0100 @@ -1,114 +0,0 @@ ---- Makefile.legacy.orig 2014-12-18 07:59:02 UTC -+++ Makefile.legacy -@@ -127,8 +127,6 @@ JOHN_OBJS = \ - base64.o base64_convert.o \ - md4.o sha2.o \ - dynamic_fmt.o dynamic_parser.o dynamic_preloads.o dynamic_utils.o dynamic_big_crypt.o \ -- ssh2john.o \ -- pfx2john.o \ - unrarcmd.o unrarfilter.o unrarhlp.o unrar.o unrarppm.o unrarvm.o \ - rar2john.o \ - zip2john.o gladman_hmac.o gladman_pwd2key.o \ -@@ -209,10 +207,10 @@ GENMKVPWD_OBJS = \ - genmkvpwd.o mkvlib.o memory.o miscnl.o path.o memdbg.o - - PROJ = ../run/john ../run/unshadow ../run/unafs ../run/unique ../run/undrop \ -- ../run/ssh2john ../run/rar2john ../run/zip2john \ -+ ../run/rar2john ../run/zip2john \ - ../run/genmkvpwd ../run/mkvcalcproba ../run/calc_stat \ - ../run/tgtsnarf ../run/racf2john ../run/hccap2john \ -- ../run/pwsafe2john ../run/raw2dyna ../run/keepass2john ../run/pfx2john \ -+ ../run/pwsafe2john ../run/raw2dyna ../run/keepass2john \ - ../run/keychain2john ../run/keyring2john ../run/kwallet2john \ - ../run/dmg2john ../run/putty2john john.local.conf ../run/uaf2john \ - ../run/truecrypt_volume2john ../run/keystore2john ../run/wpapcap2john \ -@@ -220,30 +218,30 @@ PROJ = ../run/john ../run/unshadow ../run/unafs ../run - PROJ_DOS = ../run/john.bin ../run/john.com \ - ../run/unshadow.com ../run/unafs.com ../run/unique.com \ - ../run/undrop.com \ -- ../run/ssh2john.com ../run/rar2john.com ../run/zip2john \ -+ ../run/rar2john.com ../run/zip2john \ - ../run/racf2john.com ../run/hccap2john.com \ -- ../run/pwsafe2john.com ../run/keepass2john.com ../run/pfx2john.com \ -+ ../run/pwsafe2john.com ../run/keepass2john.com \ - ../run/keychain2john.com ../run/keyring2john.com ../run/kwallet2john.com \ - ../run/dmg2john.com ../run/putty2john.com john.local.conf \ - ../run/gpg2john.com - PROJ_WIN32 = ../run/john.exe \ - ../run/unshadow.exe ../run/unafs.exe ../run/unique.exe \ - ../run/undrop.exe \ -- ../run/ssh2john.exe ../run/rar2john.exe ../run/zip2john.exe \ -+ ../run/rar2john.exe ../run/zip2john.exe \ - ../run/genmkvpwd.exe ../run/mkvcalcproba.exe ../run/calc_stat.exe \ - ../run/racf2john.exe ../run/hccap2john.exe \ - ../run/pwsafe2john.exe ../run/raw2dyna.exe ../run/keepass2john.exe \ -- ../run/pfx2john.exe ../run/keychain2john.exe ../run/keyring2john.exe \ -+ ../run/keychain2john.exe ../run/keyring2john.exe \ - ../run/kwallet2john.exe ../run/dmg2john.exe ../run/putty2john.exe \ - john.local.conf ../run/gpg2john.exe ../run/base64conv.exe - PROJ_WIN32_MINGW = ../run/john-mingw.exe \ - ../run/unshadow.exe ../run/unafs.exe ../run/unique.exe \ - ../run/undrop.exe \ -- ../run/ssh2john.exe ../run/rar2john.exe ../run/zip2john.exe \ -+ ../run/rar2john.exe ../run/zip2john.exe \ - ../run/genmkvpwd.exe ../run/mkvcalcproba.exe ../run/calc_stat.exe \ - ../run/racf2john.exe ../run/hccap2john.exe \ - ../run/pwsafe2john.exe ../run/raw2dyna.exe ../run/keepass2john.exe \ -- ../run/pfx2john.exe ../run/keychain2john.exe ../run/keyring2john.exe \ -+ ../run/keychain2john.exe ../run/keyring2john.exe \ - ../run/kwallet2john.exe ../run/putty2john.exe john.local.conf \ - ../run/gpg2john.exe ../run/base64conv.exe - PROJ_PCAP = ../run/SIPdump ../run/vncpcap2john -@@ -2029,18 +2027,10 @@ $(SUBDIRS): - $(RM) ../run/undrop - ln -s john ../run/undrop - --../run/ssh2john: ../run/john -- $(RM) ../run/ssh2john -- ln -s john ../run/ssh2john -- - ../run/putty2john: ../run/john - $(RM) ../run/putty2john - ln -s john ../run/putty2john - --../run/pfx2john: ../run/john -- $(RM) ../run/pfx2john -- ln -s john ../run/pfx2john -- - ../run/keepass2john: ../run/john - $(RM) ../run/keepass2john - ln -s john ../run/keepass2john -@@ -2114,15 +2104,9 @@ $(SUBDIRS): - ../run/undrop.com: john.com - copy john.com ..\run\undrop.com - --../run/ssh2john.com: john.com -- copy john.com ..\run\ssh2john.com -- - ../run/putty2john.com: john.com - copy john.com ..\run\putty2john.com - --../run/pfx2john.com: john.com -- copy john.com ..\run\pfx2john.com -- - ../run/keepass2john.com: john.com - copy john.com ..\run\keepass2john.com - -@@ -2198,17 +2182,9 @@ john.com: john.asm - $(CC) symlink.c -o ../run/undrop.exe - $(STRIP) ../run/undrop.exe - --../run/ssh2john.exe: symlink.c -- $(CC) symlink.c -o ../run/ssh2john.exe -- $(STRIP) ../run/ssh2john.exe -- - ../run/putty2john.exe: symlink.c - $(CC) symlink.c -o ../run/putty2john.exe - $(STRIP) ../run/putty2john.exe -- --../run/pfx2john.exe: symlink.c -- $(CC) symlink.c -o ../run/pfx2john.exe -- $(STRIP) ../run/pfx2john.exe - - ../run/keepass2john.exe: symlink.c - $(CC) symlink.c -o ../run/keepass2john.exe --- john/files/patch-bitcoin__fmt__plug.c 2019-03-05 14:44:23.000000000 +0100 +++ john/files/patch-bitcoin__fmt__plug.c 1970-01-01 01:00:00.000000000 +0100 @@ -1,134 +0,0 @@ ---- bitcoin_fmt_plug.c.orig 2014-12-18 07:59:02 UTC -+++ bitcoin_fmt_plug.c -@@ -15,33 +15,32 @@ - * Thanks to Solar for asking to add support for bitcoin wallet files. - */ - --#include "arch.h" --#include --#if (AC_BUILT && HAVE_EVP_SHA512) || \ -- (!AC_BUILT && OPENSSL_VERSION_NUMBER >= 0x0090708f) -- - #if FMT_EXTERNS_H - extern struct fmt_main fmt_bitcoin; - #elif FMT_REGISTERS_H - john_register_one(&fmt_bitcoin); - #else - --#include - #include -+#ifdef _OPENMP -+#include -+#ifndef OMP_SCALE -+#define OMP_SCALE 1 -+#endif -+static int omp_t = 1; -+#endif -+ -+#include "arch.h" - #include "misc.h" - #include "common.h" - #include "formats.h" - #include "params.h" - #include "options.h" - #include "sha2.h" -+#include "aes/aes.h" - #include "stdint.h" - #include "johnswap.h" - #include "sse-intrinsics.h" --#ifdef _OPENMP --#include --#define OMP_SCALE 1 --static int omp_t = 1; --#endif - #include "memdbg.h" - - #define FORMAT_LABEL "Bitcoin" -@@ -73,6 +72,7 @@ static int omp_t = 1; - #endif - - #define SZ 128 -+#define PADDING "\x10\x10\x10\x10\x10\x10\x10\x10\x10\x10\x10\x10\x10\x10\x10\x10" - - static struct fmt_tests bitcoin_tests[] = { - /* bitcoin wallet hashes */ -@@ -265,10 +265,7 @@ static int crypt_all(int *pcount, struct db_salt *salt - #endif - { - unsigned char output[SZ]; -- int fOk; - SHA512_CTX sha_ctx; -- EVP_CIPHER_CTX ctx; -- int nPLen, nFLen; - int i; - - #ifdef MMX_COEF_SHA512 -@@ -316,6 +313,7 @@ static int crypt_all(int *pcount, struct db_salt *salt - alter_endianity_to_BE64(key_iv, 6 * MAX_KEYS_PER_CRYPT); - - for (index2 = 0; index2 < MAX_KEYS_PER_CRYPT; index2++) { -+ AES_KEY aes_key; - unsigned char key[32]; - unsigned char iv[16]; - -@@ -325,26 +323,21 @@ static int crypt_all(int *pcount, struct db_salt *salt - for (i = 0; i < sizeof(iv)/sizeof(ARCH_WORD_64); i++) // the derived iv - ((ARCH_WORD_64 *)iv)[i] = key_iv[MMX_COEF_SHA512*(sizeof(key)/sizeof(ARCH_WORD_64) + i) + index2]; - -- /* NOTE: write our code instead of using following high-level OpenSSL functions */ -- EVP_CIPHER_CTX_init(&ctx); -- fOk = EVP_DecryptInit_ex(&ctx, EVP_aes_256_cbc(), NULL, key, iv); -- if (fOk) -- fOk = EVP_DecryptUpdate(&ctx, output, &nPLen, cur_salt->cry_master, cur_salt->cry_master_length); -- if (fOk) -- fOk = EVP_DecryptFinal_ex(&ctx, output + nPLen, &nFLen); -- EVP_CIPHER_CTX_cleanup(&ctx); -- // a decrypted mkey is exactly 32 bytes in len; ossl has already checked the padding (16 0x0f's) for us -- if (fOk && nPLen + nFLen == 32) { -+ AES_set_decrypt_key(key, 256, &aes_key); -+ AES_cbc_encrypt(cur_salt->cry_master, output, cur_salt->cry_master_length, &aes_key, iv, AES_DECRYPT); -+ -+ if (!memcmp(output + 32, PADDING, 16)) { - cracked[index + index2] = 1; - #ifdef _OPENMP - #pragma omp atomic - #endif - any_cracked |= 1; - } -- - } - #else -+ AES_KEY aes_key; - unsigned char key_iv[SHA512_DIGEST_LENGTH]; // buffer for both the derived key and iv -+ - SHA512_Init(&sha_ctx); - SHA512_Update(&sha_ctx, saved_key[index], strlen(saved_key[index])); - SHA512_Update(&sha_ctx, cur_salt->cry_salt, cur_salt->cry_salt_length); -@@ -354,16 +347,11 @@ static int crypt_all(int *pcount, struct db_salt *salt - SHA512_Update(&sha_ctx, key_iv, SHA512_DIGEST_LENGTH); - SHA512_Final(key_iv, &sha_ctx); - } -- /* NOTE: write our code instead of using following high-level OpenSSL functions */ -- EVP_CIPHER_CTX_init(&ctx); -- fOk = EVP_DecryptInit_ex(&ctx, EVP_aes_256_cbc(), NULL, key_iv, key_iv+32); -- if (fOk) -- fOk = EVP_DecryptUpdate(&ctx, output, &nPLen, cur_salt->cry_master, cur_salt->cry_master_length); -- if (fOk) -- fOk = EVP_DecryptFinal_ex(&ctx, output + nPLen, &nFLen); -- EVP_CIPHER_CTX_cleanup(&ctx); -- // a decrypted mkey is exactly 32 bytes in len; ossl has already checked the padding (16 0x0f's) for us -- if (fOk && nPLen + nFLen == 32) { -+ -+ AES_set_decrypt_key(key_iv, 256, &aes_key); -+ AES_cbc_encrypt(cur_salt->cry_master, output, cur_salt->cry_master_length, &aes_key, key_iv + 32, AES_DECRYPT); -+ -+ if (!memcmp(output + 32, PADDING, 16)) { - cracked[index] = 1; - #ifdef _OPENMP - #pragma omp atomic -@@ -471,5 +459,3 @@ struct fmt_main fmt_bitcoin = { - }; - - #endif /* plugin stanza */ -- --#endif /* OpenSSL requirement */ --- john/files/patch-dmg__fmt__plug.c 2019-03-07 14:46:10.000000000 +0100 +++ john/files/patch-dmg__fmt__plug.c 1970-01-01 01:00:00.000000000 +0100 @@ -1,156 +0,0 @@ ---- dmg_fmt_plug.c.orig 2014-12-18 07:59:02 UTC -+++ dmg_fmt_plug.c -@@ -56,7 +56,7 @@ john_register_one(&fmt_dmg); - #include - #include "stdint.h" - #include --#include -+#include - #include - #include - #include "filevault.h" -@@ -413,42 +413,36 @@ static void *get_salt(char *ciphertext) - return (void *)&cs; - } - --static int apple_des3_ede_unwrap_key1(unsigned char *wrapped_key, int wrapped_key_len, unsigned char *decryptKey) -+static int apple_des3_ede_unwrap_key1(const unsigned char *wrapped_key, const int wrapped_key_len, const unsigned char *decryptKey) - { -- EVP_CIPHER_CTX ctx; -+ DES_key_schedule ks1, ks2, ks3; - unsigned char TEMP1[sizeof(cur_salt->wrapped_hmac_sha1_key)]; - unsigned char TEMP2[sizeof(cur_salt->wrapped_hmac_sha1_key)]; -- unsigned char CEKICV[sizeof(cur_salt->wrapped_hmac_sha1_key)]; - unsigned char IV[8] = { 0x4a, 0xdd, 0xa2, 0x2c, 0x79, 0xe8, 0x21, 0x05 }; -- int outlen, tmplen, i; -+ int outlen, i; - -- EVP_CIPHER_CTX_init(&ctx); -- EVP_DecryptInit_ex(&ctx, EVP_des_ede3_cbc(), NULL, decryptKey, IV); -- if (!EVP_DecryptUpdate(&ctx, TEMP1, &outlen, wrapped_key, wrapped_key_len)) { -- goto err; -- } -- if (!EVP_DecryptFinal_ex(&ctx, TEMP1 + outlen, &tmplen)) { -- goto err; -- } -- outlen += tmplen; -- EVP_CIPHER_CTX_cleanup(&ctx); -- for (i = 0; i < outlen; i++) { -+ DES_set_key((DES_cblock*)(decryptKey + 0), &ks1); -+ DES_set_key((DES_cblock*)(decryptKey + 8), &ks2); -+ DES_set_key((DES_cblock*)(decryptKey + 16), &ks3); -+ DES_ede3_cbc_encrypt(wrapped_key, TEMP1, wrapped_key_len, &ks1, &ks2, &ks3, -+ (DES_cblock*)IV, DES_DECRYPT); -+ -+ outlen = check_pkcs_pad(TEMP1, wrapped_key_len, 8); -+ if (outlen < 0) -+ return 0; -+ -+ for (i = 0; i < outlen; i++) - TEMP2[i] = TEMP1[outlen - i - 1]; -- } -- EVP_CIPHER_CTX_init(&ctx); -- EVP_DecryptInit_ex(&ctx, EVP_des_ede3_cbc(), NULL, decryptKey, TEMP2); -- if (!EVP_DecryptUpdate(&ctx, CEKICV, &outlen, TEMP2 + 8, outlen - 8)) { -- goto err; -- } -- if (!EVP_DecryptFinal_ex(&ctx, CEKICV + outlen, &tmplen)) { -- goto err; -- } -- outlen += tmplen; -- EVP_CIPHER_CTX_cleanup(&ctx); -- return 0; --err: -- EVP_CIPHER_CTX_cleanup(&ctx); -- return -1; -+ -+ outlen -= 8; -+ DES_ede3_cbc_encrypt(TEMP2 + 8, TEMP1, outlen, &ks1, &ks2, &ks3, -+ (DES_cblock*)TEMP2, DES_DECRYPT); -+ -+ outlen = check_pkcs_pad(TEMP1, outlen, 8); -+ if (outlen < 0) -+ return 0; -+ -+ return 1; - } - - static void hash_plugin_check_hash(int index) -@@ -492,22 +486,20 @@ static void hash_plugin_check_hash(int index) - for(j = 0; j < SSE_GROUP_SZ_SHA1; ++j) { - derived_key = Derived_key[j]; - #endif -- if ((apple_des3_ede_unwrap_key1(cur_salt->wrapped_aes_key, cur_salt->len_wrapped_aes_key, derived_key) == 0) && (apple_des3_ede_unwrap_key1(cur_salt->wrapped_hmac_sha1_key, cur_salt->len_hmac_sha1_key, derived_key) == 0)) { -+ if (apple_des3_ede_unwrap_key1(cur_salt->wrapped_aes_key, cur_salt->len_wrapped_aes_key, derived_key) && -+ apple_des3_ede_unwrap_key1(cur_salt->wrapped_hmac_sha1_key, cur_salt->len_hmac_sha1_key, derived_key)) { - cracked[index+j] = 1; - } - #ifdef MMX_COEF - } - #endif - } else { -- EVP_CIPHER_CTX ctx; -+ DES_key_schedule ks1, ks2, ks3; - unsigned char TEMP1[sizeof(cur_salt->wrapped_hmac_sha1_key)]; -- int outlen, tmplen; - AES_KEY aes_decrypt_key; - unsigned char outbuf[8192 + 1]; - unsigned char outbuf2[4096 + 1]; - unsigned char iv[20]; -- HMAC_CTX hmacsha1_ctx; -- int mdlen; - #ifdef DMG_DEBUG - unsigned char *r; - #endif -@@ -547,27 +539,18 @@ static void hash_plugin_check_hash(int index) - for(j = 0; j < SSE_GROUP_SZ_SHA1; ++j) { - derived_key = Derived_key[j]; - #endif -- EVP_CIPHER_CTX_init(&ctx); -- EVP_DecryptInit_ex(&ctx, EVP_des_ede3_cbc(), NULL, derived_key, cur_salt->iv); -- if (!EVP_DecryptUpdate(&ctx, TEMP1, &outlen, -- cur_salt->encrypted_keyblob, cur_salt->encrypted_keyblob_size)) { -- EVP_CIPHER_CTX_cleanup(&ctx); --#ifdef MMX_COEF -- continue; --#else -- return; --#endif -- } -- EVP_DecryptFinal_ex(&ctx, TEMP1 + outlen, &tmplen); -- EVP_CIPHER_CTX_cleanup(&ctx); -- outlen += tmplen; -+ -+ DES_set_key((DES_cblock*)(derived_key + 0), &ks1); -+ DES_set_key((DES_cblock*)(derived_key + 8), &ks2); -+ DES_set_key((DES_cblock*)(derived_key + 16), &ks3); -+ memcpy(iv, cur_salt->iv, 8); -+ DES_ede3_cbc_encrypt(cur_salt->encrypted_keyblob, TEMP1, -+ cur_salt->encrypted_keyblob_size, &ks1, &ks2, &ks3, -+ (DES_cblock*)iv, DES_DECRYPT); -+ - memcpy(aes_key_, TEMP1, 32); - memcpy(hmacsha1_key_, TEMP1, 20); -- HMAC_CTX_init(&hmacsha1_ctx); -- HMAC_Init_ex(&hmacsha1_ctx, hmacsha1_key_, 20, EVP_sha1(), NULL); -- HMAC_Update(&hmacsha1_ctx, (void *) &cur_salt->cno, 4); -- HMAC_Final(&hmacsha1_ctx, iv, (unsigned int *) &mdlen); -- HMAC_CTX_cleanup(&hmacsha1_ctx); -+ hmac_sha1(hmacsha1_key_, 20, (unsigned char*)&cur_salt->cno, 4, iv, 20); - if (cur_salt->encrypted_keyblob_size == 48) - AES_set_decrypt_key(aes_key_, 128, &aes_decrypt_key); - else -@@ -631,12 +614,7 @@ static void hash_plugin_check_hash(int index) - /* Second buffer test. If present, *this* is the very first block of the DMG */ - if (!cracked[index+j] && cur_salt->scp == 1) { - int cno = 0; -- -- HMAC_CTX_init(&hmacsha1_ctx); -- HMAC_Init_ex(&hmacsha1_ctx, hmacsha1_key_, 20, EVP_sha1(), NULL); -- HMAC_Update(&hmacsha1_ctx, (void *) &cno, 4); -- HMAC_Final(&hmacsha1_ctx, iv, (unsigned int *) &mdlen); -- HMAC_CTX_cleanup(&hmacsha1_ctx); -+ hmac_sha1(hmacsha1_key_, 20, (unsigned char*)&cno, 4, iv, 20); - if (cur_salt->encrypted_keyblob_size == 48) - AES_set_decrypt_key(aes_key_, 128, &aes_decrypt_key); - else --- john/files/patch-encfs__fmt__plug.c 2019-03-07 13:03:20.000000000 +0100 +++ john/files/patch-encfs__fmt__plug.c 1970-01-01 01:00:00.000000000 +0100 @@ -1,113 +0,0 @@ ---- encfs_fmt_plug.c.orig 2014-11-11 14:41:25 UTC -+++ encfs_fmt_plug.c -@@ -90,25 +90,16 @@ static struct fmt_tests encfs_tests[] = { - static void setIVec( unsigned char *ivec, uint64_t seed, - unsigned char *key) - { -- unsigned char md[EVP_MAX_MD_SIZE]; -- unsigned int mdLen = EVP_MAX_MD_SIZE; -+ unsigned char iv_and_seed[MAX_IVLENGTH+8]; - int i; -- HMAC_CTX mac_ctx; - -- memcpy( ivec, &key[cur_salt->keySize], cur_salt->ivLength ); -+ // combine ivec and seed with HMAC -+ memcpy(iv_and_seed, &key[cur_salt->keySize], cur_salt->ivLength); - for(i=0; i<8; ++i) { -- md[i] = (unsigned char)(seed & 0xff); -+ iv_and_seed[i+cur_salt->ivLength] = (unsigned char)(seed & 0xff); - seed >>= 8; - } -- // combine ivec and seed with HMAC -- HMAC_CTX_init(&mac_ctx); -- HMAC_Init_ex( &mac_ctx, key, cur_salt->keySize, EVP_sha1(), 0 ); -- HMAC_Init_ex( &mac_ctx, 0, 0, 0, 0 ); -- HMAC_Update( &mac_ctx, ivec, cur_salt->ivLength ); -- HMAC_Update( &mac_ctx, md, 8 ); -- HMAC_Final( &mac_ctx, md, &mdLen ); -- HMAC_CTX_cleanup(&mac_ctx); -- memcpy( ivec, md, cur_salt->ivLength ); -+ hmac_sha1(key, cur_salt->keySize, iv_and_seed, cur_salt->ivLength+8, ivec, cur_salt->ivLength); - } - - -@@ -144,33 +135,28 @@ static void flipBytes(unsigned char *buf, int size) - static uint64_t _checksum_64(unsigned char *key, - const unsigned char *data, int dataLen, uint64_t *chainedIV) - { -- unsigned char md[EVP_MAX_MD_SIZE]; -+ unsigned char DataIV[128+8]; // max data len is 128 -+ unsigned char md[20]; - unsigned int mdLen = EVP_MAX_MD_SIZE; - int i; - unsigned char h[8] = {0,0,0,0,0,0,0,0}; - uint64_t value; -- HMAC_CTX mac_ctx; - -- HMAC_CTX_init(&mac_ctx); -- HMAC_Init_ex( &mac_ctx, key, cur_salt->keySize, EVP_sha1(), 0 ); -- HMAC_Init_ex( &mac_ctx, 0, 0, 0, 0 ); -- HMAC_Update( &mac_ctx, data, dataLen ); -+ memcpy(DataIV, data, dataLen); - if(chainedIV) - { - // toss in the chained IV as well - uint64_t tmp = *chainedIV; - unsigned char h[8]; - for(i=0; i<8; ++i) { -- h[i] = tmp & 0xff; -+ h[i] = DataIV[dataLen++] = (tmp & 0xff); - tmp >>= 8; - } -- HMAC_Update( &mac_ctx, h, 8 ); - } -- HMAC_Final( &mac_ctx, md, &mdLen ); -- HMAC_CTX_cleanup(&mac_ctx); -+ hmac_sha1(key, cur_salt->keySize, DataIV, dataLen, md, 20); - - // chop this down to a 64bit value.. -- for(i=0; i < (mdLen - 1); ++i) -+ for(i=0; i < 19; ++i) - h[i%8] ^= (unsigned char)(md[i]); - - value = (uint64_t)h[0]; -@@ -202,26 +188,26 @@ static int streamDecode(unsigned char *buf, int size, - { - unsigned char ivec[ MAX_IVLENGTH ]; - int dstLen=0, tmpLen=0; -- EVP_CIPHER_CTX stream_dec; -+ EVP_CIPHER_CTX *stream_dec = EVP_CIPHER_CTX_new(); - - setIVec( ivec, iv64 + 1, key); -- EVP_CIPHER_CTX_init(&stream_dec); -- EVP_DecryptInit_ex( &stream_dec, cur_salt->streamCipher, NULL, NULL, NULL); -- EVP_CIPHER_CTX_set_key_length( &stream_dec, cur_salt->keySize ); -- EVP_CIPHER_CTX_set_padding( &stream_dec, 0 ); -- EVP_DecryptInit_ex( &stream_dec, NULL, NULL, key, NULL); -+ EVP_CIPHER_CTX_init(stream_dec); -+ EVP_DecryptInit_ex( stream_dec, cur_salt->streamCipher, NULL, NULL, NULL); -+ EVP_CIPHER_CTX_set_key_length( stream_dec, cur_salt->keySize ); -+ EVP_CIPHER_CTX_set_padding( stream_dec, 0 ); -+ EVP_DecryptInit_ex( stream_dec, NULL, NULL, key, NULL); - -- EVP_DecryptInit_ex( &stream_dec, NULL, NULL, NULL, ivec); -- EVP_DecryptUpdate( &stream_dec, buf, &dstLen, buf, size ); -- EVP_DecryptFinal_ex( &stream_dec, buf+dstLen, &tmpLen ); -+ EVP_DecryptInit_ex( stream_dec, NULL, NULL, NULL, ivec); -+ EVP_DecryptUpdate( stream_dec, buf, &dstLen, buf, size ); -+ EVP_DecryptFinal_ex( stream_dec, buf+dstLen, &tmpLen ); - unshuffleBytes( buf, size ); - flipBytes( buf, size ); - - setIVec( ivec, iv64, key ); -- EVP_DecryptInit_ex( &stream_dec, NULL, NULL, NULL, ivec); -- EVP_DecryptUpdate( &stream_dec, buf, &dstLen, buf, size ); -- EVP_DecryptFinal_ex( &stream_dec, buf+dstLen, &tmpLen ); -- EVP_CIPHER_CTX_cleanup(&stream_dec); -+ EVP_DecryptInit_ex( stream_dec, NULL, NULL, NULL, ivec); -+ EVP_DecryptUpdate( stream_dec, buf, &dstLen, buf, size ); -+ EVP_DecryptFinal_ex( stream_dec, buf+dstLen, &tmpLen ); -+ EVP_CIPHER_CTX_cleanup(stream_dec); - - unshuffleBytes( buf, size ); - dstLen += tmpLen; --- john/files/patch-gpg__fmt__plug.c 2019-03-07 15:09:35.000000000 +0100 +++ john/files/patch-gpg__fmt__plug.c 1970-01-01 01:00:00.000000000 +0100 @@ -1,117 +0,0 @@ ---- gpg_fmt_plug.c.orig 2014-12-18 07:59:02 UTC -+++ gpg_fmt_plug.c -@@ -930,8 +930,12 @@ static int check_dsa_secret_key(DSA *dsa) - { - int error; - int rc = -1; -+#if OPENSSL_VERSION_NUMBER >= 0x10100000 -+ const BIGNUM *p, *q, *g, *pub_key, *priv_key; -+#endif - BIGNUM *res = BN_new(); - BN_CTX *ctx = BN_CTX_new(); -+ - if (!res) { - fprintf(stderr, "failed to allocate result BN in check_dsa_secret_key()\n"); - exit(-1); -@@ -941,23 +945,35 @@ static int check_dsa_secret_key(DSA *dsa) - exit(-1); - } - -+#if OPENSSL_VERSION_NUMBER >= 0x10100000 -+ DSA_get0_pqg(dsa, &p, &q, &g); -+ DSA_get0_key(dsa, &pub_key, &priv_key); -+ error = BN_mod_exp(res, g, priv_key, p, ctx); -+#else - error = BN_mod_exp(res, dsa->g, dsa->priv_key, dsa->p, ctx); -+#endif -+ - if ( error == 0 ) { - goto freestuff; - } - -+#if OPENSSL_VERSION_NUMBER >= 0x10100000 -+ rc = BN_cmp(res, pub_key); -+#else - rc = BN_cmp(res, dsa->pub_key); -+#endif - - freestuff: - - BN_CTX_free(ctx); - BN_free(res); -+#if OPENSSL_VERSION_NUMBER < 0x10100000 - BN_free(dsa->g); - BN_free(dsa->q); - BN_free(dsa->p); - BN_free(dsa->pub_key); - BN_free(dsa->priv_key); -- -+#endif - return rc; - } - -@@ -1212,9 +1228,7 @@ static int check(unsigned char *keydata, int ks) - return 0; - if (blen < cur_salt->datalen && ((b = BN_bin2bn(out + 2, blen, NULL)) != NULL)) { - char *str = BN_bn2hex(b); -- DSA dsa; -- ElGamal_secret_key elg; -- RSA_secret_key rsa; -+ - if (strlen(str) != blen * 2) { /* verifier 2 */ - OPENSSL_free(str); - return 0; -@@ -1222,6 +1236,28 @@ static int check(unsigned char *keydata, int ks) - OPENSSL_free(str); - - if (cur_salt->pk_algorithm == 17) { /* DSA check */ -+#if OPENSSL_VERSION_NUMBER >= 0x10100000 -+ DSA *dsa = DSA_new(); -+ BIGNUM *p, *q, *g, *pub_key, *priv_key; -+ -+ p = BN_bin2bn(cur_salt->p, cur_salt->pl, NULL); -+ // puts(BN_bn2hex(dsa.p)); -+ q = BN_bin2bn(cur_salt->q, cur_salt->ql, NULL); -+ // puts(BN_bn2hex(dsa.q)); -+ g = BN_bin2bn(cur_salt->g, cur_salt->gl, NULL); -+ // puts(BN_bn2hex(dsa.g)); -+ priv_key = b; -+ pub_key = BN_bin2bn(cur_salt->y, cur_salt->yl, NULL); -+ -+ DSA_set0_pqg(dsa, p, q, g); -+ DSA_set0_key(dsa, pub_key, priv_key); -+ -+ // puts(BN_bn2hex(dsa.pub_key)); -+ ret = check_dsa_secret_key(dsa); /* verifier 3 */ -+ DSA_free(dsa); -+#else -+ DSA dsa; -+ - dsa.p = BN_bin2bn(cur_salt->p, cur_salt->pl, NULL); - // puts(BN_bn2hex(dsa.p)); - dsa.q = BN_bin2bn(cur_salt->q, cur_salt->ql, NULL); -@@ -1232,10 +1268,13 @@ static int check(unsigned char *keydata, int ks) - dsa.pub_key = BN_bin2bn(cur_salt->y, cur_salt->yl, NULL); - // puts(BN_bn2hex(dsa.pub_key)); - ret = check_dsa_secret_key(&dsa); /* verifier 3 */ -+#endif - if (ret != 0) - return 0; - } - if (cur_salt->pk_algorithm == 16 || cur_salt->pk_algorithm == 20) { /* ElGamal check */ -+ ElGamal_secret_key elg; -+ - elg.p = BN_bin2bn(cur_salt->p, cur_salt->pl, NULL); - // puts(BN_bn2hex(elg.p)); - elg.g = BN_bin2bn(cur_salt->g, cur_salt->gl, NULL); -@@ -1249,8 +1288,10 @@ static int check(unsigned char *keydata, int ks) - return 0; - } - if (cur_salt->pk_algorithm == 1) { /* RSA check */ -+ RSA_secret_key rsa; - // http://www.ietf.org/rfc/rfc4880.txt - int length = 0; -+ - length += give_multi_precision_integer(out, length, &cur_salt->dl, cur_salt->d); - length += give_multi_precision_integer(out, length, &cur_salt->pl, cur_salt->p); - length += give_multi_precision_integer(out, length, &cur_salt->ql, cur_salt->q); --- john/files/patch-john.c 2019-03-07 12:37:55.000000000 +0100 +++ john/files/patch-john.c 1970-01-01 01:00:00.000000000 +0100 @@ -1,31 +0,0 @@ ---- john.c.orig 2014-12-18 07:59:02 UTC -+++ john.c -@@ -153,8 +153,6 @@ extern int base64conv(int argc, char **argv); - extern int hccap2john(int argc, char **argv); - extern int zip2john(int argc, char **argv); - extern int gpg2john(int argc, char **argv); --extern int ssh2john(int argc, char **argv); --extern int pfx2john(int argc, char **argv); - extern int keychain2john(int argc, char **argv); - extern int kwallet2john(int argc, char **argv); - extern int keepass2john(int argc, char **argv); -@@ -1542,19 +1540,9 @@ int main(int argc, char **argv) - return unique(argc, argv); - } - -- if (!strcmp(name, "ssh2john")) { -- CPU_detect_or_fallback(argv, 0); -- return ssh2john(argc, argv); -- } -- - if (!strcmp(name, "putty2john")) { - CPU_detect_or_fallback(argv, 0); - return putty2john(argc, argv); -- } -- -- if (!strcmp(name, "pfx2john")) { -- CPU_detect_or_fallback(argv, 0); -- return pfx2john(argc, argv); - } - - if (!strcmp(name, "keychain2john")) { --- john/files/patch-jumbo.c 2019-03-07 14:46:10.000000000 +0100 +++ john/files/patch-jumbo.c 1970-01-01 01:00:00.000000000 +0100 @@ -1,26 +0,0 @@ ---- jumbo.c.orig 2014-12-18 07:59:02 UTC -+++ jumbo.c -@@ -334,3 +334,23 @@ int setenv(const char *name, const char *val, int over - return 0; - } - #endif -+ -+int check_pkcs_pad(const unsigned char* data, size_t len, int blocksize) -+{ -+ int pad_len = data[len - 1]; -+ int padding = pad_len; -+ int real_len = len - pad_len; -+ const unsigned char *p = data + real_len; -+ -+ if (pad_len > blocksize || pad_len < 1) -+ return -1; -+ -+ if (len < blocksize) -+ return -1; -+ -+ while (pad_len--) -+ if (*p++ != padding) -+ return -1; -+ -+ return real_len; -+} --- john/files/patch-jumbo.h 2019-03-07 14:46:10.000000000 +0100 +++ john/files/patch-jumbo.h 1970-01-01 01:00:00.000000000 +0100 @@ -1,13 +0,0 @@ ---- jumbo.h.orig 2014-12-18 07:59:02 UTC -+++ jumbo.h -@@ -388,4 +388,10 @@ extern int setenv(const char *name, const char *val, i - //HAVE_STRTOL - //HAVE_STRTOUL - -+/* -+ * Standard PKCS padding check. On success, returns net length. -+ * On failure, returns -1. -+ */ -+extern int check_pkcs_pad(const unsigned char* data, size_t len, int blocksize); -+ - #endif /* _JTR_JUMBO_H */ --- john/files/patch-rar__fmt__plug.c 2019-03-07 15:21:40.000000000 +0100 +++ john/files/patch-rar__fmt__plug.c 1970-01-01 01:00:00.000000000 +0100 @@ -1,254 +0,0 @@ ---- rar_fmt_plug.c.orig 2014-12-18 07:59:02 UTC -+++ rar_fmt_plug.c -@@ -48,15 +48,7 @@ john_register_one(&fmt_rar); - #else - - #include --#include - #include --#include --#include --#include -- --#include "arch.h" --#include "sha.h" -- - #if AC_BUILT - #include "autoconfig.h" - #endif -@@ -71,6 +63,8 @@ john_register_one(&fmt_rar); - #include - #endif - -+#include "arch.h" -+#include "sha.h" - #include "crc32.h" - #include "misc.h" - #include "common.h" -@@ -119,9 +113,7 @@ john_register_one(&fmt_rar); - - #ifdef _OPENMP - #include --#include - #define OMP_SCALE 4 --static pthread_mutex_t *lockarray; - #endif - - #include "memdbg.h" -@@ -198,71 +190,6 @@ static struct fmt_tests cpu_tests[] = { - {NULL} - }; - --#if defined (_OPENMP) --static void lock_callback(int mode, int type, const char *file, int line) --{ -- (void)file; -- (void)line; -- if (mode & CRYPTO_LOCK) -- pthread_mutex_lock(&(lockarray[type])); -- else -- pthread_mutex_unlock(&(lockarray[type])); --} -- --static unsigned long thread_id(void) --{ -- return omp_get_thread_num(); --} -- --static void init_locks(void) --{ -- int i; -- lockarray = (pthread_mutex_t*) OPENSSL_malloc(CRYPTO_num_locks() * sizeof(pthread_mutex_t)); -- for (i = 0; i < CRYPTO_num_locks(); i++) -- pthread_mutex_init(&(lockarray[i]), NULL); -- CRYPTO_set_id_callback(thread_id); -- CRYPTO_set_locking_callback(lock_callback); --} --#endif /* _OPENMP */ -- --/* Use AES-NI if available. This is not supported with low-level calls, -- we have to use EVP) */ --static void init_aesni(void) --{ -- ENGINE *e; -- const char *engine_id = "aesni"; -- -- ENGINE_load_builtin_engines(); -- e = ENGINE_by_id(engine_id); -- if (!e) { -- //fprintf(stderr, "AES-NI engine not available\n"); -- return; -- } -- if (!ENGINE_init(e)) { -- fprintf(stderr, "AES-NI engine could not init\n"); -- ENGINE_free(e); -- return; -- } -- if (!ENGINE_set_default(e, ENGINE_METHOD_ALL & ~ENGINE_METHOD_RAND)) { -- /* This should only happen when 'e' can't initialise, but the -- * previous statement suggests it did. */ -- fprintf(stderr, "AES-NI engine initialized but then failed\n"); -- abort(); -- } -- ENGINE_finish(e); -- ENGINE_free(e); --} -- --#ifndef __APPLE__ /* Apple segfaults on this :) */ --static void openssl_cleanup(void) --{ -- ENGINE_cleanup(); -- ERR_free_strings(); -- CRYPTO_cleanup_all_ex_data(); -- EVP_cleanup(); --} --#endif -- - #undef set_key - static void set_key(char *key, int index) - { -@@ -418,7 +345,6 @@ static void init(struct fmt_main *self) - omp_t = omp_get_max_threads(); - self->params.min_keys_per_crypt *= omp_t; - self->params.max_keys_per_crypt = omp_t * OMP_SCALE * MAX_KEYS_PER_CRYPT; -- init_locks(); - #endif /* _OPENMP */ - - if (pers_opts.target_enc == UTF_8) -@@ -436,14 +362,6 @@ static void init(struct fmt_main *self) - self->params.benchmark_comment = " (1-16 characters)"; - #endif - -- /* OpenSSL init */ -- init_aesni(); -- SSL_load_error_strings(); -- SSL_library_init(); -- OpenSSL_add_all_algorithms(); --#ifndef __APPLE__ -- atexit(openssl_cleanup); --#endif - /* CRC-32 table init, do it before we start multithreading */ - { - CRC32_t crc; -@@ -716,53 +634,43 @@ static int crypt_all(int *pcount, struct db_salt *salt - #pragma omp parallel for - #endif - for (index = 0; index < count; index++) { -- int i16 = index*16; -- unsigned int inlen = 16; -- int outlen; -- EVP_CIPHER_CTX aes_ctx; -+ AES_KEY aes_ctx; -+ unsigned char *key = &aes_key[index * 16]; -+ unsigned char *iv = &aes_iv[index * 16]; - -- EVP_CIPHER_CTX_init(&aes_ctx); -- EVP_DecryptInit_ex(&aes_ctx, EVP_aes_128_cbc(), NULL, &aes_key[i16], &aes_iv[i16]); -- EVP_CIPHER_CTX_set_padding(&aes_ctx, 0); -+ AES_set_decrypt_key(key, 128, &aes_ctx); - - //fprintf(stderr, "key %s\n", utf16_to_enc((UTF16*)&saved_key[index * UNICODE_LENGTH])); - /* AES decrypt, uses aes_iv, aes_key and blob */ - if (cur_file->type == 0) { /* rar-hp mode */ - unsigned char plain[16]; - -- outlen = 0; -+ AES_cbc_encrypt(cur_file->blob, plain, 16, -+ &aes_ctx, iv, AES_DECRYPT); - -- EVP_DecryptUpdate(&aes_ctx, plain, &outlen, cur_file->blob, inlen); -- EVP_DecryptFinal_ex(&aes_ctx, &plain[outlen], &outlen); -- - cracked[index] = !memcmp(plain, "\xc4\x3d\x7b\x00\x40\x07\x00", 7); -- - } else { -- - if (cur_file->method == 0x30) { /* stored, not deflated */ - CRC32_t crc; - unsigned char crc_out[4]; -- unsigned char plain[0x8010]; -+ unsigned char plain[0x8000]; - unsigned long long size = cur_file->unp_size; - unsigned char *cipher = cur_file->blob; - - /* Use full decryption with CRC check. - Compute CRC of the decompressed plaintext */ - CRC32_Init(&crc); -- outlen = 0; - -- while (size > 0x8000) { -- inlen = 0x8000; -+ while (size) { -+ unsigned int inlen = (size > 0x8000) ? 0x8000 : size; - -- EVP_DecryptUpdate(&aes_ctx, plain, &outlen, cipher, inlen); -- CRC32_Update(&crc, plain, outlen > size ? size : outlen); -- size -= outlen; -+ AES_cbc_encrypt(cipher, plain, inlen, -+ &aes_ctx, iv, AES_DECRYPT); -+ -+ CRC32_Update(&crc, plain, inlen); -+ size -= inlen; - cipher += inlen; - } -- EVP_DecryptUpdate(&aes_ctx, plain, &outlen, cipher, (size + 15) & ~0xf); -- EVP_DecryptFinal_ex(&aes_ctx, &plain[outlen], &outlen); -- size += outlen; -- CRC32_Update(&crc, plain, size); - CRC32_Final(crc_out, crc); - - /* Compare computed CRC with stored CRC */ -@@ -771,15 +679,16 @@ static int crypt_all(int *pcount, struct db_salt *salt - const int solid = 0; - unpack_data_t *unpack_t; - unsigned char plain[20]; -+ unsigned char pre_iv[16]; - - cracked[index] = 0; - -+ memcpy(pre_iv, iv, 16); -+ - /* Decrypt just one block for early rejection */ -- outlen = 0; -- EVP_DecryptUpdate(&aes_ctx, plain, &outlen, cur_file->blob, 16); -- EVP_DecryptFinal_ex(&aes_ctx, &plain[outlen], &outlen); -+ AES_cbc_encrypt(cur_file->blob, plain, 16, -+ &aes_ctx, pre_iv, AES_DECRYPT); - --#if 1 - /* Early rejection */ - if (plain[0] & 0x80) { - // PPM checks here. -@@ -792,10 +701,10 @@ static int crypt_all(int *pcount, struct db_salt *salt - !check_huffman(plain)) // Huffman table check - goto bailOut; - } --#endif -+ - /* Reset stuff for full check */ -- EVP_DecryptInit_ex(&aes_ctx, EVP_aes_128_cbc(), NULL, &aes_key[i16], &aes_iv[i16]); -- EVP_CIPHER_CTX_set_padding(&aes_ctx, 0); -+ AES_set_decrypt_key(key, 128, &aes_ctx); -+ - #ifdef _OPENMP - unpack_t = &unpack_data[omp_get_thread_num()]; - #else -@@ -804,16 +713,15 @@ static int crypt_all(int *pcount, struct db_salt *salt - unpack_t->max_size = cur_file->unp_size; - unpack_t->dest_unp_size = cur_file->unp_size; - unpack_t->pack_size = cur_file->pack_size; -- unpack_t->iv = &aes_iv[i16]; -+ unpack_t->iv = iv; - unpack_t->ctx = &aes_ctx; -- unpack_t->key = &aes_key[i16]; -+ unpack_t->key = key; - - if (rar_unpack29(cur_file->blob, solid, unpack_t)) - cracked[index] = !memcmp(&unpack_t->unp_crc, &cur_file->crc.c, 4); - bailOut:; - } - } -- EVP_CIPHER_CTX_cleanup(&aes_ctx); - } - return count; - } --- john/files/patch-truecrypt__fmt__plug.c 2016-11-12 16:16:56.000000000 +0100 +++ john/files/patch-truecrypt__fmt__plug.c 1970-01-01 01:00:00.000000000 +0100 @@ -1,13 +0,0 @@ ---- truecrypt_fmt_plug.c.orig 2014-12-18 07:59:02 UTC -+++ truecrypt_fmt_plug.c -@@ -310,8 +310,8 @@ static int crypt_all(int *pcount, struct - pbkdf2_sha512_sse((const unsigned char **)pin, lens, psalt->salt, 64, psalt->num_iterations, &(x.poutc), sizeof(key), 0); - } - #else -- if (is_sha512) -- pbkdf2_sha512((const unsigned char*)key_buffer[i], strlen(key_buffer[i]), psalt->salt, 64, num_iterations, key, sizeof(key), 0); -+ if (psalt->hash_type == IS_SHA512) -+ pbkdf2_sha512((const unsigned char*)key_buffer[i], strlen((char*)key_buffer[i]), psalt->salt, 64, psalt->num_iterations, key, sizeof(key), 0); - #endif - else if (psalt->hash_type == IS_RIPEMD160) - pbkdf2_ripemd160(key_buffer[i], strlen((char*)(key_buffer[i])), psalt->salt, 64, psalt->num_iterations, key, sizeof(key), 0); --- john/files/patch-unrar.c 2019-03-07 15:21:40.000000000 +0100 +++ john/files/patch-unrar.c 1970-01-01 01:00:00.000000000 +0100 @@ -1,25 +0,0 @@ ---- unrar.c.orig 2014-09-19 16:40:51 UTC -+++ unrar.c -@@ -31,7 +31,6 @@ - #include - #include - #include --#include - - #include "unrar.h" - #include "unrarppm.h" -@@ -136,13 +135,7 @@ int rar_unp_read_buf(const unsigned char **fd, unpack_ - } - - if (read_size) { -- int outlen; -- -- EVP_DecryptUpdate(unpack_data->ctx, unpack_data->in_buf + data_size, &outlen, *fd, read_size); -- if (outlen > read_size - 16) { -- EVP_DecryptFinal_ex(unpack_data->ctx, unpack_data->in_buf + data_size + outlen, &outlen); -- } else -- read_size = outlen; -+ AES_cbc_encrypt(*fd, unpack_data->in_buf + data_size, read_size, unpack_data->ctx, unpack_data->iv, AES_DECRYPT); - *fd += read_size; - unpack_data->read_top += read_size; - unpack_data->pack_size -= read_size; --- john/files/patch-unrar.h 2019-03-07 15:21:40.000000000 +0100 +++ john/files/patch-unrar.h 1970-01-01 01:00:00.000000000 +0100 @@ -1,25 +0,0 @@ ---- unrar.h.orig 2014-05-16 13:40:40 UTC -+++ unrar.h -@@ -24,12 +24,12 @@ - #define UNRAR_H 1 - - #include "arch.h" --#include - - #include - - struct unpack_data_tag; - -+#include "aes/aes.h" - #include "unrarhlp.h" - #include "unrarppm.h" - #include "unrarvm.h" -@@ -198,7 +198,7 @@ typedef struct unpack_data_tag - rarvm_data_t rarvm_data; - unsigned int unp_crc; - unsigned int pack_size; -- EVP_CIPHER_CTX *ctx; -+ AES_KEY *ctx; - unsigned char *key; - unsigned char *iv; - } unpack_data_t; --- john/files/patch-wordlist.c 2016-11-12 16:16:56.000000000 +0100 +++ john/files/patch-wordlist.c 1970-01-01 01:00:00.000000000 +0100 @@ -1,14 +0,0 @@ ---- wordlist.c.orig 2014-11-11 14:41:25 UTC -+++ wordlist.c -@@ -10,11 +10,6 @@ - * There's ABSOLUTELY NO WARRANTY, express or implied. - */ - --/* NOTE, _POSIX_SOURCE fuk's up solaris 32 bit 64 bit processing!!! */ --#ifndef sparc --#define _POSIX_SOURCE /* for fileno(3) */ --#endif -- - #include - #include - --- john/files/patch-wpapsk.h 2019-03-07 16:02:36.000000000 +0100 +++ john/files/patch-wpapsk.h 1970-01-01 01:00:00.000000000 +0100 @@ -1,62 +0,0 @@ ---- wpapsk.h.orig 2014-10-03 01:08:17 UTC -+++ wpapsk.h -@@ -13,6 +13,9 @@ - #include "arch.h" - #include "common.h" - #include "johnswap.h" -+#include "md5.h" -+#include "hmacmd5.h" -+#include "pbkdf2_hmac_sha1.h" - #include "stdint.h" - - #include -@@ -200,7 +203,6 @@ static int valid(char *ciphertext, struct fmt_main *se - #ifndef JOHN_OCL_WPAPSK - static MAYBE_INLINE void prf_512(uint32_t * key, uint8_t * data, uint32_t * ret) - { -- HMAC_CTX ctx; - char *text = (char*)"Pairwise key expansion"; - unsigned char buff[100]; - -@@ -208,10 +210,7 @@ static MAYBE_INLINE void prf_512(uint32_t * key, uint8 - memcpy(buff + 23, data, 76); - buff[22] = 0; - buff[76 + 23] = 0; -- HMAC_Init(&ctx, key, 32, EVP_sha1()); -- HMAC_Update(&ctx, buff, 100); -- HMAC_Final(&ctx, (unsigned char *) ret, NULL); -- HMAC_CTX_cleanup(&ctx); -+ hmac_sha1((unsigned char*)key, 32, buff, 100, (unsigned char*)ret, 20); - } - #endif - -@@ -346,9 +345,12 @@ static void wpapsk_postprocess(int keys) - #endif - for (i = 0; i < keys; i++) { - uint32_t prf[20/4]; -+ HMACMD5Context ctx; -+ - prf_512(outbuffer[i].v, data, prf); -- HMAC(EVP_md5(), prf, 16, hccap.eapol, hccap.eapol_size, -- mic[i].keymic, NULL); -+ hmac_md5_init_K16((unsigned char*)prf, &ctx); -+ hmac_md5_update(hccap.eapol, hccap.eapol_size, &ctx); -+ hmac_md5_final(mic[i].keymic, &ctx); - } - } else { - #ifdef _OPENMP -@@ -356,11 +358,10 @@ static void wpapsk_postprocess(int keys) - #endif - for (i = 0; i < keys; i++) { - uint32_t prf[20/4]; -- unsigned char keymic[20]; -+ - prf_512(outbuffer[i].v, data, prf); -- HMAC(EVP_sha1(), prf, 16, hccap.eapol, -- hccap.eapol_size, keymic, NULL); -- memcpy(mic[i].keymic, keymic, 16); -+ hmac_sha1((unsigned char*)prf, 16, hccap.eapol, -+ hccap.eapol_size, mic[i].keymic, 16); - } - } - } --- john/pkg-plist 2019-03-08 13:12:57.000000000 +0100 +++ john/pkg-plist 2021-04-09 18:27:53.462090000 +0200 @@ -12,7 +12,6 @@ bin/keyring2john bin/keystore2john bin/kwallet2john -bin/luks2john bin/mkvcalcproba bin/putty2john bin/pwsafe2john @@ -30,7 +29,6 @@ bin/wpapcap2john bin/zip2john %%DATADIR%%/extra/1password2john.py -%%DATADIR%%/extra/7z2john.py %%DATADIR%%/extra/aix2john.pl %%DATADIR%%/extra/aix2john.py %%DATADIR%%/extra/androidfde2john.py @@ -43,7 +41,6 @@ %%DATADIR%%/extra/dictionary.rfc2865 %%DATADIR%%/extra/dmg2john.py %%DATADIR%%/extra/ecryptfs2john.py -%%DATADIR%%/extra/efs2john.py %%DATADIR%%/extra/encfs2john.py %%DATADIR%%/extra/genincstats.rb %%DATADIR%%/extra/hextoraw.pl @@ -65,17 +62,15 @@ %%DATADIR%%/extra/mailer %%DATADIR%%/extra/makechr %%DATADIR%%/extra/mcafee_epo2john.py -%%DATADIR%%/extra/ml2john.py %%DATADIR%%/extra/mozilla2john.py %%DATADIR%%/extra/netntlm.pl %%DATADIR%%/extra/netscreen.py -%%DATADIR%%/extra/odf2john.py %%DATADIR%%/extra/office2john.py %%DATADIR%%/extra/openbsd_softraid2john.py %%DATADIR%%/extra/openssl2john.py %%DATADIR%%/extra/pass_gen.pl %%DATADIR%%/extra/pcap2john.py -%%DATADIR%%/extra/pdf2john.py +%%DATADIR%%/extra/pdf2john.pl %%DATADIR%%/extra/radius2john.pl %%DATADIR%%/extra/relbench %%DATADIR%%/extra/rexgen2rules.pl @@ -83,11 +78,114 @@ %%DATADIR%%/extra/sha-dump.pl %%DATADIR%%/extra/sha-test.pl %%DATADIR%%/extra/sipdump2john.py -%%DATADIR%%/extra/ssh2sshng.py -%%DATADIR%%/extra/sshng2john.py %%DATADIR%%/extra/stats %%DATADIR%%/extra/strip2john.py -%%DATADIR%%/extra/sxc2john.py +%%DATADIR%%/extra/7z2john.pl +%%DATADIR%%/extra/DPAPImk2john.py +%%DATADIR%%/extra/adxcsouf2john.py +%%DATADIR%%/extra/aem2john.py +%%DATADIR%%/extra/andotp2john.py +%%DATADIR%%/extra/androidbackup2john.py +%%DATADIR%%/extra/ansible2john.py +%%DATADIR%%/extra/applenotes2john.py +%%DATADIR%%/extra/aruba2john.py +%%DATADIR%%/extra/axcrypt2john.py +%%DATADIR%%/extra/bestcrypt2john.py +%%DATADIR%%/extra/bitlocker2john +%%DATADIR%%/extra/bitshares2john.py +%%DATADIR%%/extra/bitwarden2john.py +%%DATADIR%%/extra/bks2john.py +%%DATADIR%%/extra/ccache2john.py +%%DATADIR%%/extra/codepage.pl +%%DATADIR%%/extra/dashlane2john.py +%%DATADIR%%/extra/deepsound2john.py +%%DATADIR%%/extra/dns/README.txt +%%DATADIR%%/extra/dns/__init__.py +%%DATADIR%%/extra/dns/_compat.py +%%DATADIR%%/extra/dns/exception.py +%%DATADIR%%/extra/dns/flags.py +%%DATADIR%%/extra/dns/hash.py +%%DATADIR%%/extra/dns/message.py +%%DATADIR%%/extra/dns/name.py +%%DATADIR%%/extra/dns/opcode.py +%%DATADIR%%/extra/dns/rdata.py +%%DATADIR%%/extra/dns/rdataclass.py +%%DATADIR%%/extra/dns/rdataset.py +%%DATADIR%%/extra/dns/rdatatype.py +%%DATADIR%%/extra/dns/rrset.py +%%DATADIR%%/extra/dns/set.py +%%DATADIR%%/extra/dns/tokenizer.py +%%DATADIR%%/extra/dns/tsig.py +%%DATADIR%%/extra/dns/tsigkeyring.py +%%DATADIR%%/extra/dns/wiredata.py +%%DATADIR%%/extra/eapmd5tojohn +%%DATADIR%%/extra/ejabberd2john.py +%%DATADIR%%/extra/electrum2john.py +%%DATADIR%%/extra/enpass2john.py +%%DATADIR%%/extra/ethereum2john.py +%%DATADIR%%/extra/filezilla2john.py +%%DATADIR%%/extra/fuzz_option.pl +%%DATADIR%%/extra/geli2john.py +%%DATADIR%%/extra/hccapx2john.py +%%DATADIR%%/extra/ibmiscanner2john.py +%%DATADIR%%/extra/itunes_backup2john.pl +%%DATADIR%%/extra/iwork2john.py +%%DATADIR%%/extra/keyring2john.py +%%DATADIR%%/extra/kirbi2john.py +%%DATADIR%%/extra/krb2john.py +%%DATADIR%%/extra/lastpass2john.py +%%DATADIR%%/extra/lib/ExifTool.pm +%%DATADIR%%/extra/lib/PDF.pm +%%DATADIR%%/extra/lib/RandomAccess.pm +%%DATADIR%%/extra/libreoffice2john.py +%%DATADIR%%/extra/luks2john.py +%%DATADIR%%/extra/mac2john-alt.py +%%DATADIR%%/extra/mac2john.py +%%DATADIR%%/extra/monero2john.py +%%DATADIR%%/extra/money2john.py +%%DATADIR%%/extra/multibit2john.py +%%DATADIR%%/extra/neo2john.py +%%DATADIR%%/extra/network2john.lua +%%DATADIR%%/extra/padlock2john.py +%%DATADIR%%/extra/pem2john.py +%%DATADIR%%/extra/pfx2john.py +%%DATADIR%%/extra/pgpdisk2john.py +%%DATADIR%%/extra/pgpsda2john.py +%%DATADIR%%/extra/pgpwde2john.py +%%DATADIR%%/extra/potcheck.pl +%%DATADIR%%/extra/prosody2john.py +%%DATADIR%%/extra/ps_token2john.py +%%DATADIR%%/extra/pse2john.py +%%DATADIR%%/extra/pwsafe2john.py +%%DATADIR%%/extra/radius2john.py +%%DATADIR%%/extra/rulestack.pl +%%DATADIR%%/extra/signal2john.py +%%DATADIR%%/extra/ssh2john.py +%%DATADIR%%/extra/sspr2john.py +%%DATADIR%%/extra/staroffice2john.py +%%DATADIR%%/extra/telegram2john.py +%%DATADIR%%/extra/tezos2john.py +%%DATADIR%%/extra/truecrypt2john.py +%%DATADIR%%/extra/unrule.pl +%%DATADIR%%/extra/vdi2john.pl +%%DATADIR%%/extra/vmx2john.py +%%DATADIR%%/extra/ztex/inouttraffic.ihx +%%DATADIR%%/extra/ztex/ztex115y_bcrypt.bit +%%DATADIR%%/extra/ztex/ztex115y_descrypt.bit +%%DATADIR%%/extra/ztex/ztex115y_md5crypt.bit +%%DATADIR%%/extra/ztex/ztex115y_sha256crypt.bit +%%DATADIR%%/extra/ztex/ztex115y_sha512crypt.bit +%%DATADIR%%/rules/InsidePro-PasswordsPro.rule +%%DATADIR%%/rules/T0XlC-insert_top_100_passwords_1_G.rule +%%DATADIR%%/rules/T0XlC.rule +%%DATADIR%%/rules/T0XlCv1.rule +%%DATADIR%%/rules/best64.rule +%%DATADIR%%/rules/d3ad0ne.rule +%%DATADIR%%/rules/dive.rule +%%DATADIR%%/rules/passphrase-rule1.rule +%%DATADIR%%/rules/passphrase-rule2.rule +%%DATADIR%%/rules/rockyou-30000.rule +%%DATADIR%%/rules/specific.rule %%DATADIR%%/alnum.chr %%DATADIR%%/alnumspace.chr %%DATADIR%%/alpha.chr @@ -97,8 +195,8 @@ %%DATADIR%%/dumb32.conf %%DATADIR%%/dynamic.conf %%DATADIR%%/dynamic_flat_sse_formats.conf +%%DATADIR%%/hybrid.conf %%DATADIR%%/john.conf -%%DATADIR%%/john.local.conf %%DATADIR%%/korelogic.conf %%DATADIR%%/lanman.chr %%DATADIR%%/latin1.chr