2022-02-07 18:43:39 +00:00
|
|
|
diff -uPr cyrus-sasl-2.1.27/configure.ac cyrus-sasl-2.1.27.ossl3/configure.ac
|
|
|
|
--- cyrus-sasl-2.1.27/configure.ac 2021-10-06 11:29:53.274375206 -0400
|
|
|
|
+++ cyrus-sasl-2.1.27.ossl3/configure.ac 2021-10-06 11:31:19.966726775 -0400
|
|
|
|
@@ -1115,7 +1115,11 @@
|
|
|
|
with_rc4=yes)
|
|
|
|
|
|
|
|
if test "$with_rc4" != no; then
|
|
|
|
- AC_DEFINE(WITH_RC4,[],[Use RC4])
|
|
|
|
+ if test "$with_openssl" = no; then
|
|
|
|
+ AC_WARN([OpenSSL not found -- RC4 will be disabled])
|
|
|
|
+ else
|
|
|
|
+ AC_DEFINE(WITH_RC4,[],[Use RC4])
|
|
|
|
+ fi
|
|
|
|
fi
|
|
|
|
|
|
|
|
building_for_macosx=no
|
|
|
|
diff -uPr cyrus-sasl-2.1.27/plugins/scram.c cyrus-sasl-2.1.27.ossl3/plugins/scram.c
|
|
|
|
--- cyrus-sasl-2.1.27/plugins/scram.c 2018-11-08 12:29:57.000000000 -0500
|
|
|
|
+++ cyrus-sasl-2.1.27.ossl3/plugins/scram.c 2021-10-06 11:31:04.407484201 -0400
|
|
|
|
@@ -65,7 +65,9 @@
|
|
|
|
|
|
|
|
#include <openssl/sha.h>
|
|
|
|
#include <openssl/evp.h>
|
|
|
|
+#if OPENSSL_VERSION_NUMBER < 0x30000000L
|
|
|
|
#include <openssl/hmac.h>
|
|
|
|
+#endif
|
|
|
|
|
|
|
|
/***************************** Common Section *****************************/
|
|
|
|
|
|
|
|
@@ -267,6 +271,32 @@
|
|
|
|
}
|
|
|
|
#endif
|
|
|
|
|
|
|
|
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
|
|
|
|
+
|
|
|
|
+/* Decalre as void given functions never use the result */
|
|
|
|
+void *HMAC(const EVP_MD *evp_md, const void *key, int key_len,
|
|
|
|
+ const unsigned char *data, size_t data_len,
|
|
|
|
+ unsigned char *md, unsigned int *md_len)
|
|
|
|
+{
|
|
|
|
+ const char *digest;
|
|
|
|
+ size_t digest_size;
|
|
|
|
+ size_t out_len;
|
|
|
|
+ void *ret = NULL;
|
|
|
|
+
|
|
|
|
+ digest = EVP_MD_get0_name(evp_md);
|
|
|
|
+ if (digest == NULL) {
|
|
|
|
+ return NULL;
|
|
|
|
+ }
|
|
|
|
+ digest_size = EVP_MD_size(evp_md);
|
|
|
|
+
|
|
|
|
+ ret = EVP_Q_mac(NULL, "hmac", NULL, digest, NULL, key, key_len,
|
|
|
|
+ data, data_len, md, digest_size, &out_len);
|
|
|
|
+ if (ret != NULL) {
|
|
|
|
+ *md_len = (unsigned int)out_len;
|
|
|
|
+ }
|
|
|
|
+ return ret;
|
|
|
|
+}
|
|
|
|
+#endif
|
|
|
|
|
|
|
|
/* The result variable need to point to a buffer big enough for the [SHA-1] hash */
|
|
|
|
static void
|
|
|
|
diff -uPr cyrus-sasl-2.1.27/saslauthd/lak.c cyrus-sasl-2.1.27.ossl3/saslauthd/lak.c
|
2022-02-09 19:01:11 +00:00
|
|
|
--- cyrus-sasl-2.1.27/saslauthd/lak.c 2022-01-09 11:30:50.000000000 -0400
|
|
|
|
+++ cyrus-sasl-2.1.27.ossl3/saslauthd/lak.c 2022-01-09 11:30:50.000000001 -0400
|
|
|
|
@@ -1806,18 +1806,36 @@
|
2022-02-07 18:43:39 +00:00
|
|
|
return rc;
|
|
|
|
}
|
|
|
|
|
|
|
|
- EVP_DigestInit(mdctx, md);
|
|
|
|
- EVP_DigestUpdate(mdctx, passwd, strlen(passwd));
|
|
|
|
+ rc = EVP_DigestInit(mdctx, md);
|
|
|
|
+ if (rc != 1) {
|
2022-02-09 19:01:11 +00:00
|
|
|
+ rc = LAK_FAIL;
|
|
|
|
+ goto done;
|
2022-02-07 18:43:39 +00:00
|
|
|
+ }
|
|
|
|
+ rc = EVP_DigestUpdate(mdctx, passwd, strlen(passwd));
|
|
|
|
+ if (rc != 1) {
|
2022-02-09 19:01:11 +00:00
|
|
|
+ rc = LAK_FAIL;
|
|
|
|
+ goto done;
|
2022-02-07 18:43:39 +00:00
|
|
|
+ }
|
|
|
|
if (hrock->salted) {
|
|
|
|
- EVP_DigestUpdate(mdctx, &cred[EVP_MD_size(md)],
|
|
|
|
- clen - EVP_MD_size(md));
|
|
|
|
+ rc = EVP_DigestUpdate(mdctx, &cred[EVP_MD_size(md)],
|
|
|
|
+ clen - EVP_MD_size(md));
|
|
|
|
+ if (rc != 1) {
|
2022-02-09 19:01:11 +00:00
|
|
|
+ rc = LAK_FAIL;
|
|
|
|
+ goto done;
|
2022-02-07 18:43:39 +00:00
|
|
|
+ }
|
|
|
|
+ }
|
|
|
|
+ rc = EVP_DigestFinal(mdctx, digest, NULL);
|
|
|
|
+ if (rc != 1) {
|
2022-02-09 19:01:11 +00:00
|
|
|
+ rc = LAK_FAIL;
|
|
|
|
+ goto done;
|
2022-02-07 18:43:39 +00:00
|
|
|
}
|
|
|
|
- EVP_DigestFinal(mdctx, digest, NULL);
|
2022-02-09 19:01:11 +00:00
|
|
|
- EVP_MD_CTX_free(mdctx);
|
2022-02-07 18:43:39 +00:00
|
|
|
|
|
|
|
rc = memcmp((char *)cred, (char *)digest, EVP_MD_size(md));
|
2022-02-09 19:01:11 +00:00
|
|
|
+ rc = rc ? LAK_INVALID_PASSWORD : LAK_OK;
|
|
|
|
+done:
|
|
|
|
+ EVP_MD_CTX_free(mdctx);
|
|
|
|
free(cred);
|
|
|
|
- return rc ? LAK_INVALID_PASSWORD : LAK_OK;
|
|
|
|
+ return rc;
|
|
|
|
}
|
|
|
|
|
|
|
|
#endif /* HAVE_OPENSSL */
|