cyrus-sasl/cyrus-sasl-2.1.27-cumulative-ossl3.patch

110 lines
3.1 KiB
Diff
Raw Permalink Normal View History

diff -uPr cyrus-sasl-2.1.27/configure.ac cyrus-sasl-2.1.27.ossl3/configure.ac
--- cyrus-sasl-2.1.27/configure.ac 2021-10-06 11:29:53.274375206 -0400
+++ cyrus-sasl-2.1.27.ossl3/configure.ac 2021-10-06 11:31:19.966726775 -0400
@@ -1115,7 +1115,11 @@
with_rc4=yes)
if test "$with_rc4" != no; then
- AC_DEFINE(WITH_RC4,[],[Use RC4])
+ if test "$with_openssl" = no; then
+ AC_WARN([OpenSSL not found -- RC4 will be disabled])
+ else
+ AC_DEFINE(WITH_RC4,[],[Use RC4])
+ fi
fi
building_for_macosx=no
diff -uPr cyrus-sasl-2.1.27/plugins/scram.c cyrus-sasl-2.1.27.ossl3/plugins/scram.c
--- cyrus-sasl-2.1.27/plugins/scram.c 2018-11-08 12:29:57.000000000 -0500
+++ cyrus-sasl-2.1.27.ossl3/plugins/scram.c 2021-10-06 11:31:04.407484201 -0400
@@ -65,7 +65,9 @@
#include <openssl/sha.h>
#include <openssl/evp.h>
+#if OPENSSL_VERSION_NUMBER < 0x30000000L
#include <openssl/hmac.h>
+#endif
/***************************** Common Section *****************************/
@@ -291,6 +293,32 @@
}
#endif
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+
+/* Decalre as void given functions never use the result */
+void *HMAC(const EVP_MD *evp_md, const void *key, int key_len,
+ const unsigned char *data, size_t data_len,
+ unsigned char *md, unsigned int *md_len)
+{
+ const char *digest;
+ size_t digest_size;
+ size_t out_len;
+ void *ret = NULL;
+
+ digest = EVP_MD_get0_name(evp_md);
+ if (digest == NULL) {
+ return NULL;
+ }
+ digest_size = EVP_MD_size(evp_md);
+
+ ret = EVP_Q_mac(NULL, "hmac", NULL, digest, NULL, key, key_len,
+ data, data_len, md, digest_size, &out_len);
+ if (ret != NULL) {
+ *md_len = (unsigned int)out_len;
+ }
+ return ret;
+}
+#endif
/* The result variable need to point to a buffer big enough for the [SHA-*] hash */
static void
diff -uPr cyrus-sasl-2.1.27/saslauthd/lak.c cyrus-sasl-2.1.27.ossl3/saslauthd/lak.c
--- cyrus-sasl-2.1.27/saslauthd/lak.c 2022-01-09 11:30:50.000000000 -0400
+++ cyrus-sasl-2.1.27.ossl3/saslauthd/lak.c 2022-01-09 11:30:50.000000001 -0400
@@ -1806,18 +1806,36 @@
return rc;
}
- EVP_DigestInit(mdctx, md);
- EVP_DigestUpdate(mdctx, passwd, strlen(passwd));
+ rc = EVP_DigestInit(mdctx, md);
+ if (rc != 1) {
+ rc = LAK_FAIL;
+ goto done;
+ }
+ rc = EVP_DigestUpdate(mdctx, passwd, strlen(passwd));
+ if (rc != 1) {
+ rc = LAK_FAIL;
+ goto done;
+ }
if (hrock->salted) {
- EVP_DigestUpdate(mdctx, &cred[EVP_MD_size(md)],
- clen - EVP_MD_size(md));
+ rc = EVP_DigestUpdate(mdctx, &cred[EVP_MD_size(md)],
+ clen - EVP_MD_size(md));
+ if (rc != 1) {
+ rc = LAK_FAIL;
+ goto done;
+ }
+ }
+ rc = EVP_DigestFinal(mdctx, digest, NULL);
+ if (rc != 1) {
+ rc = LAK_FAIL;
+ goto done;
}
- EVP_DigestFinal(mdctx, digest, NULL);
- EVP_MD_CTX_free(mdctx);
rc = memcmp((char *)cred, (char *)digest, EVP_MD_size(md));
+ rc = rc ? LAK_INVALID_PASSWORD : LAK_OK;
+done:
+ EVP_MD_CTX_free(mdctx);
free(cred);
- return rc ? LAK_INVALID_PASSWORD : LAK_OK;
+ return rc;
}
#endif /* HAVE_OPENSSL */