import dovecot-2.3.8-2.el8
This commit is contained in:
commit
40b5a0e77c
2
.dovecot.metadata
Normal file
2
.dovecot.metadata
Normal file
@ -0,0 +1,2 @@
|
||||
b9c7290dad1ac3bc1ead11359812a137a3d173f7 SOURCES/dovecot-2.3-pigeonhole-0.5.8.tar.gz
|
||||
65b93f7fd53705b3c97f9eee141a76c5f4f3a624 SOURCES/dovecot-2.3.8.tar.gz
|
2
.gitignore
vendored
Normal file
2
.gitignore
vendored
Normal file
@ -0,0 +1,2 @@
|
||||
SOURCES/dovecot-2.3-pigeonhole-0.5.8.tar.gz
|
||||
SOURCES/dovecot-2.3.8.tar.gz
|
11
SOURCES/dovecot-1.0.beta2-mkcert-permissions.patch
Normal file
11
SOURCES/dovecot-1.0.beta2-mkcert-permissions.patch
Normal file
@ -0,0 +1,11 @@
|
||||
--- dovecot-1.0.beta2/doc/mkcert.sh.configfile 2006-01-16 21:14:54.000000000 +0100
|
||||
+++ dovecot-1.0.beta2/doc/mkcert.sh 2006-01-26 14:28:38.000000000 +0100
|
||||
@@ -29,6 +29,7 @@
|
||||
fi
|
||||
|
||||
$OPENSSL req -new -x509 -nodes -config $OPENSSLCONFIG -out $CERTFILE -keyout $KEYFILE -days 365 || exit 2
|
||||
-chmod 0600 $KEYFILE
|
||||
+chown root:root $CERTFILE $KEYFILE
|
||||
+chmod 0600 $CERTFILE $KEYFILE
|
||||
echo
|
||||
$OPENSSL x509 -subject -fingerprint -noout -in $CERTFILE || exit 2
|
14
SOURCES/dovecot-1.0.rc7-mkcert-paths.patch
Normal file
14
SOURCES/dovecot-1.0.rc7-mkcert-paths.patch
Normal file
@ -0,0 +1,14 @@
|
||||
diff -up dovecot-2.2.27/doc/mkcert.sh.mkcert-paths dovecot-2.2.27/doc/mkcert.sh
|
||||
--- dovecot-2.2.27/doc/mkcert.sh.mkcert-paths 2016-12-05 10:26:07.913515286 +0100
|
||||
+++ dovecot-2.2.27/doc/mkcert.sh 2016-12-05 10:28:25.439634417 +0100
|
||||
@@ -5,8 +5,8 @@
|
||||
|
||||
umask 077
|
||||
OPENSSL=${OPENSSL-openssl}
|
||||
-SSLDIR=${SSLDIR-/etc/ssl}
|
||||
-OPENSSLCONFIG=${OPENSSLCONFIG-dovecot-openssl.cnf}
|
||||
+SSLDIR=${SSLDIR-/etc/pki/dovecot}
|
||||
+OPENSSLCONFIG=${OPENSSLCONFIG-/etc/pki/dovecot/dovecot-openssl.cnf}
|
||||
|
||||
CERTDIR=$SSLDIR/certs
|
||||
KEYDIR=$SSLDIR/private
|
42
SOURCES/dovecot-2.0-defaultconfig.patch
Normal file
42
SOURCES/dovecot-2.0-defaultconfig.patch
Normal file
@ -0,0 +1,42 @@
|
||||
diff -up dovecot-2.3.0.1/doc/example-config/conf.d/10-mail.conf.default-settings dovecot-2.3.0.1/doc/example-config/conf.d/10-mail.conf
|
||||
--- dovecot-2.3.0.1/doc/example-config/conf.d/10-mail.conf.default-settings 2018-02-28 15:28:57.000000000 +0100
|
||||
+++ dovecot-2.3.0.1/doc/example-config/conf.d/10-mail.conf 2018-03-01 10:29:38.208368555 +0100
|
||||
@@ -165,7 +165,7 @@ namespace inbox {
|
||||
# to make sure that users can't log in as daemons or other system users.
|
||||
# Note that denying root logins is hardcoded to dovecot binary and can't
|
||||
# be done even if first_valid_uid is set to 0.
|
||||
-#first_valid_uid = 500
|
||||
+first_valid_uid = 1000
|
||||
#last_valid_uid = 0
|
||||
|
||||
# Valid GID range for users, defaults to non-root/wheel. Users having
|
||||
@@ -322,6 +322,7 @@ protocol !indexer-worker {
|
||||
# them simultaneously.
|
||||
#mbox_read_locks = fcntl
|
||||
#mbox_write_locks = dotlock fcntl
|
||||
+mbox_write_locks = fcntl
|
||||
|
||||
# Maximum time to wait for lock (all of them) before aborting.
|
||||
#mbox_lock_timeout = 5 mins
|
||||
diff -up dovecot-2.3.0.1/doc/example-config/conf.d/10-ssl.conf.default-settings dovecot-2.3.0.1/doc/example-config/conf.d/10-ssl.conf
|
||||
--- dovecot-2.3.0.1/doc/example-config/conf.d/10-ssl.conf.default-settings 2018-02-28 15:28:57.000000000 +0100
|
||||
+++ dovecot-2.3.0.1/doc/example-config/conf.d/10-ssl.conf 2018-03-01 10:33:54.779499044 +0100
|
||||
@@ -3,7 +3,9 @@
|
||||
##
|
||||
|
||||
# SSL/TLS support: yes, no, required. <doc/wiki/SSL.txt>
|
||||
-#ssl = yes
|
||||
+# disable plain pop3 and imap, allowed are only pop3+TLS, pop3s, imap+TLS and imaps
|
||||
+# plain imap and pop3 are still allowed for local connections
|
||||
+ssl = required
|
||||
|
||||
# PEM encoded X.509 SSL/TLS certificate and private key. They're opened before
|
||||
# dropping root privileges, so keep the key file unreadable by anyone but
|
||||
@@ -57,6 +59,7 @@ ssl_key = </etc/ssl/private/dovecot.pem
|
||||
#ssl_cipher_list = ALL:!kRSA:!SRP:!kDHd:!DSS:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!RC4:!ADH:!LOW@STRENGTH
|
||||
# To disable non-EC DH, use:
|
||||
#ssl_cipher_list = ALL:!DH:!kRSA:!SRP:!kDHd:!DSS:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!RC4:!ADH:!LOW@STRENGTH
|
||||
+ssl_cipher_list = PROFILE=SYSTEM
|
||||
|
||||
# Colon separated list of elliptic curves to use. Empty value (the default)
|
||||
# means use the defaults from the SSL library. P-521:P-384:P-256 would be an
|
11
SOURCES/dovecot-2.1.10-waitonline.patch
Normal file
11
SOURCES/dovecot-2.1.10-waitonline.patch
Normal file
@ -0,0 +1,11 @@
|
||||
diff -up dovecot-2.3.0.1/dovecot.service.in.waitonline dovecot-2.3.0.1/dovecot.service.in
|
||||
--- dovecot-2.3.0.1/dovecot.service.in.waitonline 2018-03-01 10:35:39.888371078 +0100
|
||||
+++ dovecot-2.3.0.1/dovecot.service.in 2018-03-01 10:36:29.738784661 +0100
|
||||
@@ -12,6 +12,7 @@ After=local-fs.target network-online.tar
|
||||
|
||||
[Service]
|
||||
Type=simple
|
||||
+ExecStartPre=/usr/libexec/dovecot/prestartscript
|
||||
ExecStart=@sbindir@/dovecot -F
|
||||
PIDFile=@rundir@/master.pid
|
||||
ExecReload=@bindir@/doveadm reload
|
46
SOURCES/dovecot-2.2.20-initbysystemd.patch
Normal file
46
SOURCES/dovecot-2.2.20-initbysystemd.patch
Normal file
@ -0,0 +1,46 @@
|
||||
diff -up dovecot-2.3.0.1/dovecot-init.service.initbysystemd dovecot-2.3.0.1/dovecot-init.service
|
||||
--- dovecot-2.3.0.1/dovecot-init.service.initbysystemd 2018-03-01 10:38:22.059716008 +0100
|
||||
+++ dovecot-2.3.0.1/dovecot-init.service 2018-03-01 10:38:22.059716008 +0100
|
||||
@@ -0,0 +1,13 @@
|
||||
+[Unit]
|
||||
+Description=One-time Dovecot init service
|
||||
+ConditionPathExists=|!/etc/pki/dovecot/certs/dovecot.pem
|
||||
+
|
||||
+[Service]
|
||||
+Type=oneshot
|
||||
+RemainAfterExit=no
|
||||
+ExecStart=/bin/sh -c '\
|
||||
+if [ ! -f /etc/pki/dovecot/certs/dovecot.pem ]; \
|
||||
+then\
|
||||
+ SSLDIR=/etc/pki/dovecot/ OPENSSLCONFIG=/etc/pki/dovecot/dovecot-openssl.cnf /usr/libexec/dovecot/mkcert.sh /dev/null 2>&1;\
|
||||
+fi'
|
||||
+
|
||||
diff -up dovecot-2.3.0.1/dovecot.service.in.initbysystemd dovecot-2.3.0.1/dovecot.service.in
|
||||
--- dovecot-2.3.0.1/dovecot.service.in.initbysystemd 2018-03-01 10:38:22.060716016 +0100
|
||||
+++ dovecot-2.3.0.1/dovecot.service.in 2018-03-01 10:40:45.524901319 +0100
|
||||
@@ -8,7 +8,8 @@
|
||||
Description=Dovecot IMAP/POP3 email server
|
||||
Documentation=man:dovecot(1)
|
||||
Documentation=http://wiki2.dovecot.org/
|
||||
-After=local-fs.target network-online.target
|
||||
+After=local-fs.target network-online.target dovecot-init.service
|
||||
+Requires=dovecot-init.service
|
||||
|
||||
[Service]
|
||||
Type=simple
|
||||
diff -up dovecot-2.3.0.1/Makefile.am.initbysystemd dovecot-2.3.0.1/Makefile.am
|
||||
--- dovecot-2.3.0.1/Makefile.am.initbysystemd 2018-02-28 15:28:57.000000000 +0100
|
||||
+++ dovecot-2.3.0.1/Makefile.am 2018-03-01 10:38:22.060716016 +0100
|
||||
@@ -63,9 +63,10 @@ if HAVE_SYSTEMD
|
||||
|
||||
systemdsystemunit_DATA = \
|
||||
dovecot.socket \
|
||||
- dovecot.service
|
||||
+ dovecot.service \
|
||||
+ dovecot-init.service
|
||||
else
|
||||
-EXTRA_DIST += dovecot.socket dovecot.service.in
|
||||
+EXTRA_DIST += dovecot.socket dovecot.service.in dovecot-init.service
|
||||
endif
|
||||
|
||||
install-exec-hook:
|
11
SOURCES/dovecot-2.2.22-systemd_w_protectsystem.patch
Normal file
11
SOURCES/dovecot-2.2.22-systemd_w_protectsystem.patch
Normal file
@ -0,0 +1,11 @@
|
||||
diff -up dovecot-2.3.2/dovecot.service.in.systemd_w_protectsystem dovecot-2.3.2/dovecot.service.in
|
||||
--- dovecot-2.3.2/dovecot.service.in.systemd_w_protectsystem 2018-07-09 12:00:13.359193526 +0200
|
||||
+++ dovecot-2.3.2/dovecot.service.in 2018-07-09 12:00:46.387716884 +0200
|
||||
@@ -23,6 +23,7 @@ ExecReload=@bindir@/doveadm reload
|
||||
ExecStop=@bindir@/doveadm stop
|
||||
PrivateTmp=true
|
||||
NonBlocking=yes
|
||||
+# this will make /usr /boot /etc read only for dovecot
|
||||
ProtectSystem=full
|
||||
ProtectHome=no
|
||||
PrivateDevices=true
|
13
SOURCES/dovecot-2.2.36-aclfix.patch
Normal file
13
SOURCES/dovecot-2.2.36-aclfix.patch
Normal file
@ -0,0 +1,13 @@
|
||||
diff -up dovecot-2.2.36/src/plugins/acl/acl-backend-vfile.c.aclfix dovecot-2.2.36/src/plugins/acl/acl-backend-vfile.c
|
||||
--- dovecot-2.2.36/src/plugins/acl/acl-backend-vfile.c.aclfix 2018-09-18 15:00:08.778823903 +0200
|
||||
+++ dovecot-2.2.36/src/plugins/acl/acl-backend-vfile.c 2018-09-18 15:00:08.814823737 +0200
|
||||
@@ -161,8 +161,7 @@ acl_backend_vfile_object_init(struct acl
|
||||
T_BEGIN {
|
||||
if (*name == '\0' ||
|
||||
mailbox_list_is_valid_name(_backend->list, name, &error)) {
|
||||
- vname = *name == '\0' ? "" :
|
||||
- mailbox_list_get_vname(_backend->list, name);
|
||||
+ vname = mailbox_list_get_vname(_backend->list, name);
|
||||
|
||||
dir = acl_backend_vfile_get_local_dir(_backend, name, vname);
|
||||
aclobj->local_path = dir == NULL ? NULL :
|
10
SOURCES/dovecot-2.2.36-bigkey.patch
Normal file
10
SOURCES/dovecot-2.2.36-bigkey.patch
Normal file
@ -0,0 +1,10 @@
|
||||
diff -up dovecot-2.2.36/doc/dovecot-openssl.cnf.bigkey dovecot-2.2.36/doc/dovecot-openssl.cnf
|
||||
--- dovecot-2.2.36/doc/dovecot-openssl.cnf.bigkey 2017-06-23 13:18:28.000000000 +0200
|
||||
+++ dovecot-2.2.36/doc/dovecot-openssl.cnf 2018-10-16 17:15:35.836205498 +0200
|
||||
@@ -1,5 +1,5 @@
|
||||
[ req ]
|
||||
-default_bits = 1024
|
||||
+default_bits = 3072
|
||||
encrypt_key = yes
|
||||
distinguished_name = req_dn
|
||||
x509_extensions = cert_type
|
11
SOURCES/dovecot-2.3.0.1-libxcrypt.patch
Normal file
11
SOURCES/dovecot-2.3.0.1-libxcrypt.patch
Normal file
@ -0,0 +1,11 @@
|
||||
diff -up dovecot-2.3.0.1/src/auth/mycrypt.c.libxcrypt dovecot-2.3.0.1/src/auth/mycrypt.c
|
||||
--- dovecot-2.3.0.1/src/auth/mycrypt.c.libxcrypt 2018-02-28 15:28:58.000000000 +0100
|
||||
+++ dovecot-2.3.0.1/src/auth/mycrypt.c 2018-03-27 10:57:38.447769201 +0200
|
||||
@@ -14,6 +14,7 @@
|
||||
# define _XPG6 /* Some Solaris versions require this, some break with this */
|
||||
#endif
|
||||
#include <unistd.h>
|
||||
+#include <crypt.h>
|
||||
|
||||
#include "mycrypt.h"
|
||||
|
792
SOURCES/dovecot-2.3.6-opensslhmac.patch
Normal file
792
SOURCES/dovecot-2.3.6-opensslhmac.patch
Normal file
@ -0,0 +1,792 @@
|
||||
diff -up dovecot-2.3.8/src/auth/auth-token.c.opensslhmac dovecot-2.3.8/src/auth/auth-token.c
|
||||
--- dovecot-2.3.8/src/auth/auth-token.c.opensslhmac 2019-10-08 10:46:18.000000000 +0200
|
||||
+++ dovecot-2.3.8/src/auth/auth-token.c 2019-11-19 16:34:11.338037002 +0100
|
||||
@@ -161,17 +161,17 @@ void auth_token_deinit(void)
|
||||
const char *auth_token_get(const char *service, const char *session_pid,
|
||||
const char *username, const char *session_id)
|
||||
{
|
||||
- struct hmac_context ctx;
|
||||
+ struct openssl_hmac_context ctx;
|
||||
unsigned char result[SHA1_RESULTLEN];
|
||||
|
||||
- hmac_init(&ctx, (const unsigned char*)username, strlen(username),
|
||||
+ openssl_hmac_init(&ctx, (const unsigned char*)username, strlen(username),
|
||||
&hash_method_sha1);
|
||||
- hmac_update(&ctx, session_pid, strlen(session_pid));
|
||||
+ openssl_hmac_update(&ctx, session_pid, strlen(session_pid));
|
||||
if (session_id != NULL && *session_id != '\0')
|
||||
- hmac_update(&ctx, session_id, strlen(session_id));
|
||||
- hmac_update(&ctx, service, strlen(service));
|
||||
- hmac_update(&ctx, auth_token_secret, sizeof(auth_token_secret));
|
||||
- hmac_final(&ctx, result);
|
||||
+ openssl_hmac_update(&ctx, session_id, strlen(session_id));
|
||||
+ openssl_hmac_update(&ctx, service, strlen(service));
|
||||
+ openssl_hmac_update(&ctx, auth_token_secret, sizeof(auth_token_secret));
|
||||
+ openssl_hmac_final(&ctx, result);
|
||||
|
||||
return binary_to_hex(result, sizeof(result));
|
||||
}
|
||||
diff -up dovecot-2.3.8/src/auth/mech-cram-md5.c.opensslhmac dovecot-2.3.8/src/auth/mech-cram-md5.c
|
||||
--- dovecot-2.3.8/src/auth/mech-cram-md5.c.opensslhmac 2019-10-08 10:46:18.000000000 +0200
|
||||
+++ dovecot-2.3.8/src/auth/mech-cram-md5.c 2019-11-19 16:34:11.338037002 +0100
|
||||
@@ -51,7 +51,7 @@ static bool verify_credentials(struct cr
|
||||
{
|
||||
|
||||
unsigned char digest[MD5_RESULTLEN];
|
||||
- struct hmac_context ctx;
|
||||
+ struct orig_hmac_context ctx;
|
||||
const char *response_hex;
|
||||
|
||||
if (size != CRAM_MD5_CONTEXTLEN) {
|
||||
@@ -60,10 +60,10 @@ static bool verify_credentials(struct cr
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
- hmac_init(&ctx, NULL, 0, &hash_method_md5);
|
||||
+ orig_hmac_init(&ctx, NULL, 0, &hash_method_md5);
|
||||
hmac_md5_set_cram_context(&ctx, credentials);
|
||||
- hmac_update(&ctx, request->challenge, strlen(request->challenge));
|
||||
- hmac_final(&ctx, digest);
|
||||
+ orig_hmac_update(&ctx, request->challenge, strlen(request->challenge));
|
||||
+ orig_hmac_final(&ctx, digest);
|
||||
|
||||
response_hex = binary_to_hex(digest, sizeof(digest));
|
||||
|
||||
diff -up dovecot-2.3.8/src/auth/mech-scram-sha1.c.opensslhmac dovecot-2.3.8/src/auth/mech-scram-sha1.c
|
||||
--- dovecot-2.3.8/src/auth/mech-scram-sha1.c.opensslhmac 2019-10-08 10:46:18.000000000 +0200
|
||||
+++ dovecot-2.3.8/src/auth/mech-scram-sha1.c 2019-11-19 16:34:11.338037002 +0100
|
||||
@@ -71,7 +71,7 @@ static const char *get_scram_server_firs
|
||||
|
||||
static const char *get_scram_server_final(struct scram_auth_request *request)
|
||||
{
|
||||
- struct hmac_context ctx;
|
||||
+ struct openssl_hmac_context ctx;
|
||||
const char *auth_message;
|
||||
unsigned char server_signature[SHA1_RESULTLEN];
|
||||
string_t *str;
|
||||
@@ -80,10 +80,10 @@ static const char *get_scram_server_fina
|
||||
request->server_first_message, ",",
|
||||
request->client_final_message_without_proof, NULL);
|
||||
|
||||
- hmac_init(&ctx, request->server_key, sizeof(request->server_key),
|
||||
+ openssl_hmac_init(&ctx, request->server_key, sizeof(request->server_key),
|
||||
&hash_method_sha1);
|
||||
- hmac_update(&ctx, auth_message, strlen(auth_message));
|
||||
- hmac_final(&ctx, server_signature);
|
||||
+ openssl_hmac_update(&ctx, auth_message, strlen(auth_message));
|
||||
+ openssl_hmac_final(&ctx, server_signature);
|
||||
|
||||
str = t_str_new(MAX_BASE64_ENCODED_SIZE(sizeof(server_signature)));
|
||||
str_append(str, "v=");
|
||||
@@ -221,7 +221,7 @@ static bool parse_scram_client_first(str
|
||||
|
||||
static bool verify_credentials(struct scram_auth_request *request)
|
||||
{
|
||||
- struct hmac_context ctx;
|
||||
+ struct openssl_hmac_context ctx;
|
||||
const char *auth_message;
|
||||
unsigned char client_key[SHA1_RESULTLEN];
|
||||
unsigned char client_signature[SHA1_RESULTLEN];
|
||||
@@ -232,10 +232,10 @@ static bool verify_credentials(struct sc
|
||||
request->server_first_message, ",",
|
||||
request->client_final_message_without_proof, NULL);
|
||||
|
||||
- hmac_init(&ctx, request->stored_key, sizeof(request->stored_key),
|
||||
+ openssl_hmac_init(&ctx, request->stored_key, sizeof(request->stored_key),
|
||||
&hash_method_sha1);
|
||||
- hmac_update(&ctx, auth_message, strlen(auth_message));
|
||||
- hmac_final(&ctx, client_signature);
|
||||
+ openssl_hmac_update(&ctx, auth_message, strlen(auth_message));
|
||||
+ openssl_hmac_final(&ctx, client_signature);
|
||||
|
||||
for (i = 0; i < sizeof(client_signature); i++)
|
||||
client_key[i] =
|
||||
diff -up dovecot-2.3.8/src/auth/password-scheme.c.opensslhmac dovecot-2.3.8/src/auth/password-scheme.c
|
||||
--- dovecot-2.3.8/src/auth/password-scheme.c.opensslhmac 2019-10-08 10:46:18.000000000 +0200
|
||||
+++ dovecot-2.3.8/src/auth/password-scheme.c 2019-11-19 16:34:11.339036998 +0100
|
||||
@@ -647,11 +647,11 @@ static void
|
||||
cram_md5_generate(const char *plaintext, const struct password_generate_params *params ATTR_UNUSED,
|
||||
const unsigned char **raw_password_r, size_t *size_r)
|
||||
{
|
||||
- struct hmac_context ctx;
|
||||
+ struct orig_hmac_context ctx;
|
||||
unsigned char *context_digest;
|
||||
|
||||
context_digest = t_malloc_no0(CRAM_MD5_CONTEXTLEN);
|
||||
- hmac_init(&ctx, (const unsigned char *)plaintext,
|
||||
+ orig_hmac_init(&ctx, (const unsigned char *)plaintext,
|
||||
strlen(plaintext), &hash_method_md5);
|
||||
hmac_md5_get_cram_context(&ctx, context_digest);
|
||||
|
||||
diff -up dovecot-2.3.8/src/auth/password-scheme-scram.c.opensslhmac dovecot-2.3.8/src/auth/password-scheme-scram.c
|
||||
--- dovecot-2.3.8/src/auth/password-scheme-scram.c.opensslhmac 2019-10-08 10:46:18.000000000 +0200
|
||||
+++ dovecot-2.3.8/src/auth/password-scheme-scram.c 2019-11-19 16:34:11.339036998 +0100
|
||||
@@ -27,23 +27,23 @@ static void Hi(const unsigned char *str,
|
||||
const unsigned char *salt, size_t salt_size, unsigned int i,
|
||||
unsigned char result[SHA1_RESULTLEN])
|
||||
{
|
||||
- struct hmac_context ctx;
|
||||
+ struct openssl_hmac_context ctx;
|
||||
unsigned char U[SHA1_RESULTLEN];
|
||||
unsigned int j, k;
|
||||
|
||||
/* Calculate U1 */
|
||||
- hmac_init(&ctx, str, str_size, &hash_method_sha1);
|
||||
- hmac_update(&ctx, salt, salt_size);
|
||||
- hmac_update(&ctx, "\0\0\0\1", 4);
|
||||
- hmac_final(&ctx, U);
|
||||
+ openssl_hmac_init(&ctx, str, str_size, &hash_method_sha1);
|
||||
+ openssl_hmac_update(&ctx, salt, salt_size);
|
||||
+ openssl_hmac_update(&ctx, "\0\0\0\1", 4);
|
||||
+ openssl_hmac_final(&ctx, U);
|
||||
|
||||
memcpy(result, U, SHA1_RESULTLEN);
|
||||
|
||||
/* Calculate U2 to Ui and Hi */
|
||||
for (j = 2; j <= i; j++) {
|
||||
- hmac_init(&ctx, str, str_size, &hash_method_sha1);
|
||||
- hmac_update(&ctx, U, sizeof(U));
|
||||
- hmac_final(&ctx, U);
|
||||
+ openssl_hmac_init(&ctx, str, str_size, &hash_method_sha1);
|
||||
+ openssl_hmac_update(&ctx, U, sizeof(U));
|
||||
+ openssl_hmac_final(&ctx, U);
|
||||
for (k = 0; k < SHA1_RESULTLEN; k++)
|
||||
result[k] ^= U[k];
|
||||
}
|
||||
@@ -94,7 +94,7 @@ int scram_sha1_verify(const char *plaint
|
||||
const unsigned char *raw_password, size_t size,
|
||||
const char **error_r)
|
||||
{
|
||||
- struct hmac_context ctx;
|
||||
+ struct openssl_hmac_context ctx;
|
||||
const char *salt_base64;
|
||||
unsigned int iter_count;
|
||||
const unsigned char *salt;
|
||||
@@ -118,10 +118,10 @@ int scram_sha1_verify(const char *plaint
|
||||
iter_count, salted_password);
|
||||
|
||||
/* Calculate ClientKey */
|
||||
- hmac_init(&ctx, salted_password, sizeof(salted_password),
|
||||
+ openssl_hmac_init(&ctx, salted_password, sizeof(salted_password),
|
||||
&hash_method_sha1);
|
||||
- hmac_update(&ctx, "Client Key", 10);
|
||||
- hmac_final(&ctx, client_key);
|
||||
+ openssl_hmac_update(&ctx, "Client Key", 10);
|
||||
+ openssl_hmac_final(&ctx, client_key);
|
||||
|
||||
/* Calculate StoredKey */
|
||||
sha1_get_digest(client_key, sizeof(client_key), calculated_stored_key);
|
||||
@@ -139,7 +139,7 @@ void scram_sha1_generate(const char *pla
|
||||
const unsigned char **raw_password_r, size_t *size_r)
|
||||
{
|
||||
string_t *str;
|
||||
- struct hmac_context ctx;
|
||||
+ struct openssl_hmac_context ctx;
|
||||
unsigned char salt[16];
|
||||
unsigned char salted_password[SHA1_RESULTLEN];
|
||||
unsigned char client_key[SHA1_RESULTLEN];
|
||||
@@ -157,10 +157,10 @@ void scram_sha1_generate(const char *pla
|
||||
sizeof(salt), SCRAM_DEFAULT_ITERATE_COUNT, salted_password);
|
||||
|
||||
/* Calculate ClientKey */
|
||||
- hmac_init(&ctx, salted_password, sizeof(salted_password),
|
||||
+ openssl_hmac_init(&ctx, salted_password, sizeof(salted_password),
|
||||
&hash_method_sha1);
|
||||
- hmac_update(&ctx, "Client Key", 10);
|
||||
- hmac_final(&ctx, client_key);
|
||||
+ openssl_hmac_update(&ctx, "Client Key", 10);
|
||||
+ openssl_hmac_final(&ctx, client_key);
|
||||
|
||||
/* Calculate StoredKey */
|
||||
sha1_get_digest(client_key, sizeof(client_key), stored_key);
|
||||
@@ -168,10 +168,10 @@ void scram_sha1_generate(const char *pla
|
||||
base64_encode(stored_key, sizeof(stored_key), str);
|
||||
|
||||
/* Calculate ServerKey */
|
||||
- hmac_init(&ctx, salted_password, sizeof(salted_password),
|
||||
+ openssl_hmac_init(&ctx, salted_password, sizeof(salted_password),
|
||||
&hash_method_sha1);
|
||||
- hmac_update(&ctx, "Server Key", 10);
|
||||
- hmac_final(&ctx, server_key);
|
||||
+ openssl_hmac_update(&ctx, "Server Key", 10);
|
||||
+ openssl_hmac_final(&ctx, server_key);
|
||||
str_append_c(str, ',');
|
||||
base64_encode(server_key, sizeof(server_key), str);
|
||||
|
||||
diff -up dovecot-2.3.8/src/lib/hmac.c.opensslhmac dovecot-2.3.8/src/lib/hmac.c
|
||||
--- dovecot-2.3.8/src/lib/hmac.c.opensslhmac 2019-10-08 10:46:18.000000000 +0200
|
||||
+++ dovecot-2.3.8/src/lib/hmac.c 2019-11-19 17:25:28.045716181 +0100
|
||||
@@ -7,6 +7,10 @@
|
||||
* This software is released under the MIT license.
|
||||
*/
|
||||
|
||||
+#include <sys/types.h>
|
||||
+#include <sys/stat.h>
|
||||
+#include <fcntl.h>
|
||||
+#include <unistd.h>
|
||||
#include "lib.h"
|
||||
#include "hmac.h"
|
||||
#include "safe-memset.h"
|
||||
@@ -14,10 +18,65 @@
|
||||
|
||||
#include "hex-binary.h"
|
||||
|
||||
-void hmac_init(struct hmac_context *_ctx, const unsigned char *key,
|
||||
+#ifndef HAVE_HMAC_CTX_NEW
|
||||
+# define HMAC_Init_ex(ctx, key, key_len, md, impl) \
|
||||
+ HMAC_Init_ex(&(ctx), key, key_len, md, impl)
|
||||
+# define HMAC_Update(ctx, data, len) HMAC_Update(&(ctx), data, len)
|
||||
+# define HMAC_Final(ctx, md, len) HMAC_Final(&(ctx), md, len)
|
||||
+# define HMAC_CTX_free(ctx) HMAC_cleanup(&(ctx))
|
||||
+#else
|
||||
+# define HMAC_CTX_free(ctx) \
|
||||
+ STMT_START { HMAC_CTX_free(ctx); (ctx) = NULL; } STMT_END
|
||||
+#endif
|
||||
+
|
||||
+
|
||||
+void openssl_hmac_init(struct openssl_hmac_context *_ctx, const unsigned char *key,
|
||||
size_t key_len, const struct hash_method *meth)
|
||||
{
|
||||
- struct hmac_context_priv *ctx = &_ctx->u.priv;
|
||||
+ struct openssl_hmac_context_priv *ctx = &_ctx->u.priv;
|
||||
+
|
||||
+ const EVP_MD *md;
|
||||
+ const char *ebuf = NULL;
|
||||
+ const char **error_r = &ebuf;
|
||||
+
|
||||
+ md = EVP_get_digestbyname(meth->name);
|
||||
+ if(md == NULL) {
|
||||
+ if (error_r != NULL) {
|
||||
+ *error_r = t_strdup_printf("Invalid digest %s",
|
||||
+ meth->name);
|
||||
+ }
|
||||
+ //return FALSE;
|
||||
+ }
|
||||
+
|
||||
+// int ec;
|
||||
+
|
||||
+ i_assert(md != NULL);
|
||||
+#ifdef HAVE_HMAC_CTX_NEW
|
||||
+ ctx->ctx = HMAC_CTX_new();
|
||||
+/* if (ctx->ctx == NULL)
|
||||
+ dcrypt_openssl_error(error_r);*/
|
||||
+#endif
|
||||
+ /*ec = */HMAC_Init_ex(ctx->ctx, key, key_len, md, NULL);
|
||||
+}
|
||||
+
|
||||
+void orig_hmac_init(struct orig_hmac_context *_ctx, const unsigned char *key,
|
||||
+ size_t key_len, const struct hash_method *meth)
|
||||
+{
|
||||
+ static int no_fips = -1;
|
||||
+ if (no_fips == -1) {
|
||||
+ int fd = open("/proc/sys/crypto/fips_enabled", O_RDONLY);
|
||||
+ if (fd != -1)
|
||||
+ {
|
||||
+ char buf[4];
|
||||
+ if (read(fd, buf, 4) > 0)
|
||||
+ {
|
||||
+ no_fips = buf[0] == '0';
|
||||
+ }
|
||||
+ close(fd);
|
||||
+ }
|
||||
+ }
|
||||
+ i_assert(no_fips);
|
||||
+ struct orig_hmac_context_priv *ctx = &_ctx->u.priv;
|
||||
int i;
|
||||
unsigned char k_ipad[64];
|
||||
unsigned char k_opad[64];
|
||||
@@ -53,9 +112,27 @@ void hmac_init(struct hmac_context *_ctx
|
||||
safe_memset(k_opad, 0, 64);
|
||||
}
|
||||
|
||||
-void hmac_final(struct hmac_context *_ctx, unsigned char *digest)
|
||||
+void openssl_hmac_final(struct openssl_hmac_context *_ctx, unsigned char *digest)
|
||||
+{
|
||||
+ int ec;
|
||||
+ unsigned char buf[HMAC_MAX_MD_CBLOCK];
|
||||
+ unsigned int outl;
|
||||
+// const char *ebuf = NULL;
|
||||
+// const char **error_r = &ebuf;
|
||||
+
|
||||
+ struct openssl_hmac_context_priv *ctx = &_ctx->u.priv;
|
||||
+ ec = HMAC_Final(ctx->ctx, buf, &outl);
|
||||
+ HMAC_CTX_free(ctx->ctx);
|
||||
+ if (ec == 1)
|
||||
+ memcpy(digest, buf, outl);
|
||||
+// else
|
||||
+// dcrypt_openssl_error(error_r);
|
||||
+
|
||||
+}
|
||||
+
|
||||
+void orig_hmac_final(struct orig_hmac_context *_ctx, unsigned char *digest)
|
||||
{
|
||||
- struct hmac_context_priv *ctx = &_ctx->u.priv;
|
||||
+ struct orig_hmac_context_priv *ctx = &_ctx->u.priv;
|
||||
|
||||
ctx->hash->result(ctx->ctx, digest);
|
||||
|
||||
@@ -63,53 +140,50 @@ void hmac_final(struct hmac_context *_ct
|
||||
ctx->hash->result(ctx->ctxo, digest);
|
||||
}
|
||||
|
||||
-buffer_t *t_hmac_data(const struct hash_method *meth,
|
||||
+buffer_t *openssl_t_hmac_data(const struct hash_method *meth,
|
||||
const unsigned char *key, size_t key_len,
|
||||
const void *data, size_t data_len)
|
||||
{
|
||||
- struct hmac_context ctx;
|
||||
+ struct openssl_hmac_context ctx;
|
||||
i_assert(meth != NULL);
|
||||
i_assert(key != NULL && key_len > 0);
|
||||
i_assert(data != NULL || data_len == 0);
|
||||
|
||||
buffer_t *res = t_buffer_create(meth->digest_size);
|
||||
- hmac_init(&ctx, key, key_len, meth);
|
||||
+ openssl_hmac_init(&ctx, key, key_len, meth);
|
||||
if (data_len > 0)
|
||||
- hmac_update(&ctx, data, data_len);
|
||||
+ openssl_hmac_update(&ctx, data, data_len);
|
||||
unsigned char *buf = buffer_get_space_unsafe(res, 0, meth->digest_size);
|
||||
- hmac_final(&ctx, buf);
|
||||
+ openssl_hmac_final(&ctx, buf);
|
||||
return res;
|
||||
}
|
||||
|
||||
-buffer_t *t_hmac_buffer(const struct hash_method *meth,
|
||||
+buffer_t *openssl_t_hmac_buffer(const struct hash_method *meth,
|
||||
const unsigned char *key, size_t key_len,
|
||||
const buffer_t *data)
|
||||
{
|
||||
- return t_hmac_data(meth, key, key_len, data->data, data->used);
|
||||
+ return openssl_t_hmac_data(meth, key, key_len, data->data, data->used);
|
||||
}
|
||||
|
||||
-buffer_t *t_hmac_str(const struct hash_method *meth,
|
||||
+buffer_t *openssl_t_hmac_str(const struct hash_method *meth,
|
||||
const unsigned char *key, size_t key_len,
|
||||
const char *data)
|
||||
{
|
||||
- return t_hmac_data(meth, key, key_len, data, strlen(data));
|
||||
+ return openssl_t_hmac_data(meth, key, key_len, data, strlen(data));
|
||||
}
|
||||
|
||||
-void hmac_hkdf(const struct hash_method *method,
|
||||
+void openssl_hmac_hkdf(const struct hash_method *method,
|
||||
const unsigned char *salt, size_t salt_len,
|
||||
const unsigned char *ikm, size_t ikm_len,
|
||||
const unsigned char *info, size_t info_len,
|
||||
buffer_t *okm_r, size_t okm_len)
|
||||
{
|
||||
+ const EVP_MD *md;
|
||||
+ EVP_PKEY_CTX *pctx;
|
||||
+ int r = 1;
|
||||
+
|
||||
i_assert(method != NULL);
|
||||
i_assert(okm_len < 255*method->digest_size);
|
||||
- struct hmac_context key_mac;
|
||||
- struct hmac_context info_mac;
|
||||
- size_t remain = okm_len;
|
||||
- unsigned char prk[method->digest_size];
|
||||
- unsigned char okm[method->digest_size];
|
||||
- /* N = ceil(L/HashLen) */
|
||||
- unsigned int rounds = (okm_len + method->digest_size - 1)/method->digest_size;
|
||||
|
||||
/* salt and info can be NULL */
|
||||
i_assert(salt != NULL || salt_len == 0);
|
||||
@@ -118,35 +192,30 @@ void hmac_hkdf(const struct hash_method
|
||||
i_assert(ikm != NULL && ikm_len > 0);
|
||||
i_assert(okm_r != NULL && okm_len > 0);
|
||||
|
||||
- /* but they still need valid pointer, reduces
|
||||
- complains from static analysers */
|
||||
- if (salt == NULL)
|
||||
- salt = &uchar_nul;
|
||||
- if (info == NULL)
|
||||
- info = &uchar_nul;
|
||||
-
|
||||
- /* extract */
|
||||
- hmac_init(&key_mac, salt, salt_len, method);
|
||||
- hmac_update(&key_mac, ikm, ikm_len);
|
||||
- hmac_final(&key_mac, prk);
|
||||
-
|
||||
- /* expand */
|
||||
- for (unsigned int i = 0; remain > 0 && i < rounds; i++) {
|
||||
- unsigned char round = (i+1);
|
||||
- size_t amt = remain;
|
||||
- if (amt > method->digest_size)
|
||||
- amt = method->digest_size;
|
||||
- hmac_init(&info_mac, prk, method->digest_size, method);
|
||||
- if (i > 0)
|
||||
- hmac_update(&info_mac, okm, method->digest_size);
|
||||
- hmac_update(&info_mac, info, info_len);
|
||||
- hmac_update(&info_mac, &round, 1);
|
||||
- memset(okm, 0, method->digest_size);
|
||||
- hmac_final(&info_mac, okm);
|
||||
- buffer_append(okm_r, okm, amt);
|
||||
- remain -= amt;
|
||||
+
|
||||
+ md = EVP_get_digestbyname(method->name);
|
||||
+ pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL);
|
||||
+ unsigned char *okm_buf = buffer_get_space_unsafe(okm_r, 0, okm_len);
|
||||
+
|
||||
+ if ((r=EVP_PKEY_derive_init(pctx)) <= 0)
|
||||
+ goto out;
|
||||
+ if ((r=EVP_PKEY_CTX_set_hkdf_md(pctx, md)) <= 0)
|
||||
+ goto out;
|
||||
+ if ((r=EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt, salt_len)) <= 0)
|
||||
+ goto out;
|
||||
+ if ((r=EVP_PKEY_CTX_set1_hkdf_key(pctx, ikm, ikm_len)) <= 0)
|
||||
+ goto out;
|
||||
+ if ((r=EVP_PKEY_CTX_add1_hkdf_info(pctx, info, info_len)) <= 0)
|
||||
+ goto out;
|
||||
+ if ((r=EVP_PKEY_derive(pctx, okm_buf, &okm_len)) <= 0)
|
||||
+ goto out;
|
||||
+
|
||||
+ out:
|
||||
+ EVP_PKEY_CTX_free(pctx);
|
||||
+ if (r <= 0) {
|
||||
+ unsigned long ec = ERR_get_error();
|
||||
+ unsigned char *error = t_strdup_printf("%s", ERR_error_string(ec, NULL));
|
||||
+ i_error("%s", error);
|
||||
}
|
||||
|
||||
- safe_memset(prk, 0, sizeof(prk));
|
||||
- safe_memset(okm, 0, sizeof(okm));
|
||||
}
|
||||
diff -up dovecot-2.3.8/src/lib/hmac-cram-md5.c.opensslhmac dovecot-2.3.8/src/lib/hmac-cram-md5.c
|
||||
--- dovecot-2.3.8/src/lib/hmac-cram-md5.c.opensslhmac 2019-10-08 10:46:18.000000000 +0200
|
||||
+++ dovecot-2.3.8/src/lib/hmac-cram-md5.c 2019-11-19 16:34:11.339036998 +0100
|
||||
@@ -9,10 +9,10 @@
|
||||
#include "md5.h"
|
||||
#include "hmac-cram-md5.h"
|
||||
|
||||
-void hmac_md5_get_cram_context(struct hmac_context *_hmac_ctx,
|
||||
+void hmac_md5_get_cram_context(struct orig_hmac_context *_hmac_ctx,
|
||||
unsigned char context_digest[CRAM_MD5_CONTEXTLEN])
|
||||
{
|
||||
- struct hmac_context_priv *hmac_ctx = &_hmac_ctx->u.priv;
|
||||
+ struct orig_hmac_context_priv *hmac_ctx = &_hmac_ctx->u.priv;
|
||||
unsigned char *cdp;
|
||||
|
||||
struct md5_context *ctx = (void*)hmac_ctx->ctx;
|
||||
@@ -35,10 +35,10 @@ void hmac_md5_get_cram_context(struct hm
|
||||
CDPUT(cdp, ctx->d);
|
||||
}
|
||||
|
||||
-void hmac_md5_set_cram_context(struct hmac_context *_hmac_ctx,
|
||||
+void hmac_md5_set_cram_context(struct orig_hmac_context *_hmac_ctx,
|
||||
const unsigned char context_digest[CRAM_MD5_CONTEXTLEN])
|
||||
{
|
||||
- struct hmac_context_priv *hmac_ctx = &_hmac_ctx->u.priv;
|
||||
+ struct orig_hmac_context_priv *hmac_ctx = &_hmac_ctx->u.priv;
|
||||
const unsigned char *cdp;
|
||||
|
||||
struct md5_context *ctx = (void*)hmac_ctx->ctx;
|
||||
diff -up dovecot-2.3.8/src/lib/hmac-cram-md5.h.opensslhmac dovecot-2.3.8/src/lib/hmac-cram-md5.h
|
||||
--- dovecot-2.3.8/src/lib/hmac-cram-md5.h.opensslhmac 2019-10-08 10:46:18.000000000 +0200
|
||||
+++ dovecot-2.3.8/src/lib/hmac-cram-md5.h 2019-11-19 16:34:11.339036998 +0100
|
||||
@@ -5,9 +5,9 @@
|
||||
|
||||
#define CRAM_MD5_CONTEXTLEN 32
|
||||
|
||||
-void hmac_md5_get_cram_context(struct hmac_context *ctx,
|
||||
+void hmac_md5_get_cram_context(struct orig_hmac_context *ctx,
|
||||
unsigned char context_digest[CRAM_MD5_CONTEXTLEN]);
|
||||
-void hmac_md5_set_cram_context(struct hmac_context *ctx,
|
||||
+void hmac_md5_set_cram_context(struct orig_hmac_context *ctx,
|
||||
const unsigned char context_digest[CRAM_MD5_CONTEXTLEN]);
|
||||
|
||||
|
||||
diff -up dovecot-2.3.8/src/lib/hmac.h.opensslhmac dovecot-2.3.8/src/lib/hmac.h
|
||||
--- dovecot-2.3.8/src/lib/hmac.h.opensslhmac 2019-10-08 10:46:18.000000000 +0200
|
||||
+++ dovecot-2.3.8/src/lib/hmac.h 2019-11-19 16:34:11.339036998 +0100
|
||||
@@ -3,60 +3,97 @@
|
||||
|
||||
#include "hash-method.h"
|
||||
#include "sha1.h"
|
||||
+#include <openssl/objects.h>
|
||||
+#include <openssl/hmac.h>
|
||||
+#include <openssl/kdf.h>
|
||||
+#include <openssl/err.h>
|
||||
|
||||
#define HMAC_MAX_CONTEXT_SIZE 256
|
||||
|
||||
-struct hmac_context_priv {
|
||||
+struct openssl_hmac_context_priv {
|
||||
+#ifdef HAVE_HMAC_CTX_NEW
|
||||
+ HMAC_CTX *ctx;
|
||||
+#else
|
||||
+ HMAC_CTX ctx;
|
||||
+#endif
|
||||
+ const struct hash_method *hash;
|
||||
+};
|
||||
+
|
||||
+struct orig_hmac_context_priv {
|
||||
char ctx[HMAC_MAX_CONTEXT_SIZE];
|
||||
char ctxo[HMAC_MAX_CONTEXT_SIZE];
|
||||
const struct hash_method *hash;
|
||||
};
|
||||
|
||||
-struct hmac_context {
|
||||
+struct openssl_hmac_context {
|
||||
+ union {
|
||||
+ struct openssl_hmac_context_priv priv;
|
||||
+ uint64_t padding_requirement;
|
||||
+ } u;
|
||||
+};
|
||||
+
|
||||
+struct orig_hmac_context {
|
||||
union {
|
||||
- struct hmac_context_priv priv;
|
||||
+ struct orig_hmac_context_priv priv;
|
||||
uint64_t padding_requirement;
|
||||
} u;
|
||||
};
|
||||
|
||||
-void hmac_init(struct hmac_context *ctx, const unsigned char *key,
|
||||
+void openssl_hmac_init(struct openssl_hmac_context *ctx, const unsigned char *key,
|
||||
+ size_t key_len, const struct hash_method *meth);
|
||||
+void openssl_hmac_final(struct openssl_hmac_context *ctx, unsigned char *digest);
|
||||
+
|
||||
+static inline void
|
||||
+openssl_hmac_update(struct openssl_hmac_context *_ctx, const void *data, size_t size)
|
||||
+{
|
||||
+ struct openssl_hmac_context_priv *ctx = &_ctx->u.priv;
|
||||
+ HMAC_Update(ctx->ctx, data, size);
|
||||
+/* if (ec != 1)
|
||||
+ {
|
||||
+ const char *ebuf = NULL;
|
||||
+ const char **error_r = &ebuf;
|
||||
+ dcrypt_openssl_error(error_r);
|
||||
+ }*/
|
||||
+}
|
||||
+
|
||||
+void orig_hmac_init(struct orig_hmac_context *ctx, const unsigned char *key,
|
||||
size_t key_len, const struct hash_method *meth);
|
||||
-void hmac_final(struct hmac_context *ctx, unsigned char *digest);
|
||||
+void orig_hmac_final(struct orig_hmac_context *ctx, unsigned char *digest);
|
||||
|
||||
|
||||
static inline void
|
||||
-hmac_update(struct hmac_context *_ctx, const void *data, size_t size)
|
||||
+orig_hmac_update(struct orig_hmac_context *_ctx, const void *data, size_t size)
|
||||
{
|
||||
- struct hmac_context_priv *ctx = &_ctx->u.priv;
|
||||
+ struct orig_hmac_context_priv *ctx = &_ctx->u.priv;
|
||||
|
||||
ctx->hash->loop(ctx->ctx, data, size);
|
||||
}
|
||||
|
||||
-buffer_t *t_hmac_data(const struct hash_method *meth,
|
||||
+buffer_t *openssl_t_hmac_data(const struct hash_method *meth,
|
||||
const unsigned char *key, size_t key_len,
|
||||
const void *data, size_t data_len);
|
||||
-buffer_t *t_hmac_buffer(const struct hash_method *meth,
|
||||
+buffer_t *openssl_t_hmac_buffer(const struct hash_method *meth,
|
||||
const unsigned char *key, size_t key_len,
|
||||
const buffer_t *data);
|
||||
-buffer_t *t_hmac_str(const struct hash_method *meth,
|
||||
+buffer_t *openssl_t_hmac_str(const struct hash_method *meth,
|
||||
const unsigned char *key, size_t key_len,
|
||||
const char *data);
|
||||
|
||||
-void hmac_hkdf(const struct hash_method *method,
|
||||
+void openssl_hmac_hkdf(const struct hash_method *method,
|
||||
const unsigned char *salt, size_t salt_len,
|
||||
const unsigned char *ikm, size_t ikm_len,
|
||||
const unsigned char *info, size_t info_len,
|
||||
buffer_t *okm_r, size_t okm_len);
|
||||
|
||||
static inline buffer_t *
|
||||
-t_hmac_hkdf(const struct hash_method *method,
|
||||
+openssl_t_hmac_hkdf(const struct hash_method *method,
|
||||
const unsigned char *salt, size_t salt_len,
|
||||
const unsigned char *ikm, size_t ikm_len,
|
||||
const unsigned char *info, size_t info_len,
|
||||
size_t okm_len)
|
||||
{
|
||||
buffer_t *okm_buffer = t_buffer_create(okm_len);
|
||||
- hmac_hkdf(method, salt, salt_len, ikm, ikm_len, info, info_len,
|
||||
+ openssl_hmac_hkdf(method, salt, salt_len, ikm, ikm_len, info, info_len,
|
||||
okm_buffer, okm_len);
|
||||
return okm_buffer;
|
||||
}
|
||||
diff -up dovecot-2.3.8/src/lib-imap-urlauth/imap-urlauth.c.opensslhmac dovecot-2.3.8/src/lib-imap-urlauth/imap-urlauth.c
|
||||
--- dovecot-2.3.8/src/lib-imap-urlauth/imap-urlauth.c.opensslhmac 2019-10-08 10:46:18.000000000 +0200
|
||||
+++ dovecot-2.3.8/src/lib-imap-urlauth/imap-urlauth.c 2019-11-19 16:34:11.339036998 +0100
|
||||
@@ -85,15 +85,15 @@ imap_urlauth_internal_generate(const cha
|
||||
const unsigned char mailbox_key[IMAP_URLAUTH_KEY_LEN],
|
||||
size_t *token_len_r)
|
||||
{
|
||||
- struct hmac_context hmac;
|
||||
+ struct openssl_hmac_context hmac;
|
||||
unsigned char *token;
|
||||
|
||||
token = t_new(unsigned char, SHA1_RESULTLEN + 1);
|
||||
token[0] = IMAP_URLAUTH_MECH_INTERNAL_VERSION;
|
||||
|
||||
- hmac_init(&hmac, mailbox_key, IMAP_URLAUTH_KEY_LEN, &hash_method_sha1);
|
||||
- hmac_update(&hmac, rumpurl, strlen(rumpurl));
|
||||
- hmac_final(&hmac, token+1);
|
||||
+ openssl_hmac_init(&hmac, mailbox_key, IMAP_URLAUTH_KEY_LEN, &hash_method_sha1);
|
||||
+ openssl_hmac_update(&hmac, rumpurl, strlen(rumpurl));
|
||||
+ openssl_hmac_final(&hmac, token+1);
|
||||
|
||||
*token_len_r = SHA1_RESULTLEN + 1;
|
||||
return token;
|
||||
diff -up dovecot-2.3.8/src/lib/Makefile.am.opensslhmac dovecot-2.3.8/src/lib/Makefile.am
|
||||
--- dovecot-2.3.8/src/lib/Makefile.am.opensslhmac 2019-10-08 10:46:18.000000000 +0200
|
||||
+++ dovecot-2.3.8/src/lib/Makefile.am 2019-11-19 16:34:11.340036994 +0100
|
||||
@@ -323,6 +323,9 @@ headers = \
|
||||
wildcard-match.h \
|
||||
write-full.h
|
||||
|
||||
+liblib_la_LIBADD = $(SSL_LIBS)
|
||||
+liblib_la_CFLAGS = $(SSL_CFLAGS)
|
||||
+
|
||||
test_programs = test-lib
|
||||
noinst_PROGRAMS = $(test_programs)
|
||||
|
||||
diff -up dovecot-2.3.8/src/lib-ntlm/ntlm-encrypt.c.opensslhmac dovecot-2.3.8/src/lib-ntlm/ntlm-encrypt.c
|
||||
--- dovecot-2.3.8/src/lib-ntlm/ntlm-encrypt.c.opensslhmac 2019-10-08 10:46:18.000000000 +0200
|
||||
+++ dovecot-2.3.8/src/lib-ntlm/ntlm-encrypt.c 2019-11-19 16:34:11.340036994 +0100
|
||||
@@ -61,12 +61,12 @@ void ntlm_v1_hash(const char *passwd, un
|
||||
}
|
||||
|
||||
static void
|
||||
-hmac_md5_ucs2le_string_ucase(struct hmac_context *ctx, const char *str)
|
||||
-{
|
||||
- size_t len;
|
||||
- unsigned char *wstr = t_unicode_str(str, TRUE, &len);
|
||||
-
|
||||
- hmac_update(ctx, wstr, len);
|
||||
+hmac_md5_ucs2le_string_ucase(struct openssl_hmac_context *ctx, const char *str)
|
||||
+ {
|
||||
+ size_t len;
|
||||
+ unsigned char *wstr = t_unicode_str(str, TRUE, &len);
|
||||
+
|
||||
+ openssl_hmac_update(ctx, wstr, len);
|
||||
}
|
||||
|
||||
static void ATTR_NULL(2)
|
||||
@@ -74,13 +74,13 @@ ntlm_v2_hash(const char *user, const cha
|
||||
const unsigned char *hash_v1,
|
||||
unsigned char hash[NTLMSSP_V2_HASH_SIZE])
|
||||
{
|
||||
- struct hmac_context ctx;
|
||||
+ struct openssl_hmac_context ctx;
|
||||
|
||||
- hmac_init(&ctx, hash_v1, NTLMSSP_HASH_SIZE, &hash_method_md5);
|
||||
+ openssl_hmac_init(&ctx, hash_v1, NTLMSSP_HASH_SIZE, &hash_method_md5);
|
||||
hmac_md5_ucs2le_string_ucase(&ctx, user);
|
||||
if (target != NULL)
|
||||
hmac_md5_ucs2le_string_ucase(&ctx, target);
|
||||
- hmac_final(&ctx, hash);
|
||||
+ openssl_hmac_final(&ctx, hash);
|
||||
}
|
||||
|
||||
void
|
||||
@@ -125,15 +125,15 @@ ntlmssp_v2_response(const char *user, co
|
||||
const unsigned char *blob, size_t blob_size,
|
||||
unsigned char response[NTLMSSP_V2_RESPONSE_SIZE])
|
||||
{
|
||||
- struct hmac_context ctx;
|
||||
+ struct openssl_hmac_context ctx;
|
||||
unsigned char hash[NTLMSSP_V2_HASH_SIZE];
|
||||
|
||||
ntlm_v2_hash(user, target, hash_v1, hash);
|
||||
|
||||
- hmac_init(&ctx, hash, NTLMSSP_V2_HASH_SIZE, &hash_method_md5);
|
||||
- hmac_update(&ctx, challenge, NTLMSSP_CHALLENGE_SIZE);
|
||||
- hmac_update(&ctx, blob, blob_size);
|
||||
- hmac_final(&ctx, response);
|
||||
+ openssl_hmac_init(&ctx, hash, NTLMSSP_V2_HASH_SIZE, &hash_method_md5);
|
||||
+ openssl_hmac_update(&ctx, challenge, NTLMSSP_CHALLENGE_SIZE);
|
||||
+ openssl_hmac_update(&ctx, blob, blob_size);
|
||||
+ openssl_hmac_final(&ctx, response);
|
||||
|
||||
safe_memset(hash, 0, sizeof(hash));
|
||||
}
|
||||
diff -up dovecot-2.3.8/src/lib/pkcs5.c.opensslhmac dovecot-2.3.8/src/lib/pkcs5.c
|
||||
--- dovecot-2.3.8/src/lib/pkcs5.c.opensslhmac 2019-10-08 10:46:18.000000000 +0200
|
||||
+++ dovecot-2.3.8/src/lib/pkcs5.c 2019-11-19 16:34:11.340036994 +0100
|
||||
@@ -52,7 +52,7 @@ int pkcs5_pbkdf2(const struct hash_metho
|
||||
size_t l = (length + hash->digest_size - 1)/hash->digest_size; /* same as ceil(length/hash->digest_size) */
|
||||
unsigned char dk[l * hash->digest_size];
|
||||
unsigned char *block;
|
||||
- struct hmac_context hctx;
|
||||
+ struct openssl_hmac_context hctx;
|
||||
unsigned int c,i,t;
|
||||
unsigned char U_c[hash->digest_size];
|
||||
|
||||
@@ -60,17 +60,17 @@ int pkcs5_pbkdf2(const struct hash_metho
|
||||
block = &(dk[t*hash->digest_size]);
|
||||
/* U_1 = PRF(Password, Salt|| INT_BE32(Block_Number)) */
|
||||
c = htonl(t+1);
|
||||
- hmac_init(&hctx, password, password_len, hash);
|
||||
- hmac_update(&hctx, salt, salt_len);
|
||||
- hmac_update(&hctx, &c, sizeof(c));
|
||||
- hmac_final(&hctx, U_c);
|
||||
+ openssl_hmac_init(&hctx, password, password_len, hash);
|
||||
+ openssl_hmac_update(&hctx, salt, salt_len);
|
||||
+ openssl_hmac_update(&hctx, &c, sizeof(c));
|
||||
+ openssl_hmac_final(&hctx, U_c);
|
||||
/* block = U_1 ^ .. ^ U_iter */
|
||||
memcpy(block, U_c, hash->digest_size);
|
||||
/* U_c = PRF(Password, U_c-1) */
|
||||
for(c = 1; c < iter; c++) {
|
||||
- hmac_init(&hctx, password, password_len, hash);
|
||||
- hmac_update(&hctx, U_c, hash->digest_size);
|
||||
- hmac_final(&hctx, U_c);
|
||||
+ openssl_hmac_init(&hctx, password, password_len, hash);
|
||||
+ openssl_hmac_update(&hctx, U_c, hash->digest_size);
|
||||
+ openssl_hmac_final(&hctx, U_c);
|
||||
for(i = 0; i < hash->digest_size; i++)
|
||||
block[i] ^= U_c[i];
|
||||
}
|
||||
diff -up dovecot-2.3.8/src/lib/test-hmac.c.opensslhmac dovecot-2.3.8/src/lib/test-hmac.c
|
||||
--- dovecot-2.3.8/src/lib/test-hmac.c.opensslhmac 2019-10-08 10:46:18.000000000 +0200
|
||||
+++ dovecot-2.3.8/src/lib/test-hmac.c 2019-11-19 16:34:11.340036994 +0100
|
||||
@@ -112,11 +112,11 @@ static void test_hmac_rfc(void)
|
||||
test_begin("hmac sha256 rfc4231 vectors");
|
||||
for(size_t i = 0; i < N_ELEMENTS(test_vectors); i++) {
|
||||
const struct test_vector *vec = &(test_vectors[i]);
|
||||
- struct hmac_context ctx;
|
||||
- hmac_init(&ctx, vec->key, vec->key_len, hash_method_lookup(vec->prf));
|
||||
- hmac_update(&ctx, vec->data, vec->data_len);
|
||||
+ struct openssl_hmac_context ctx;
|
||||
+ openssl_hmac_init(&ctx, vec->key, vec->key_len, hash_method_lookup(vec->prf));
|
||||
+ openssl_hmac_update(&ctx, vec->data, vec->data_len);
|
||||
unsigned char res[SHA256_RESULTLEN];
|
||||
- hmac_final(&ctx, res);
|
||||
+ openssl_hmac_final(&ctx, res);
|
||||
test_assert_idx(memcmp(res, vec->res, vec->res_len) == 0, i);
|
||||
}
|
||||
test_end();
|
||||
@@ -129,7 +129,7 @@ static void test_hmac_buffer(void)
|
||||
|
||||
buffer_t *tmp;
|
||||
|
||||
- tmp = t_hmac_data(hash_method_lookup(vec->prf), vec->key, vec->key_len,
|
||||
+ tmp = openssl_t_hmac_data(hash_method_lookup(vec->prf), vec->key, vec->key_len,
|
||||
vec->data, vec->data_len);
|
||||
|
||||
test_assert(tmp->used == vec->res_len &&
|
||||
@@ -146,7 +146,7 @@ static void test_hkdf_rfc(void)
|
||||
buffer_set_used_size(res, 0);
|
||||
const struct test_vector_5869 *vec = &(test_vectors_5869[i]);
|
||||
const struct hash_method *m = hash_method_lookup(vec->prf);
|
||||
- hmac_hkdf(m, vec->salt, vec->salt_len, vec->ikm, vec->ikm_len,
|
||||
+ openssl_hmac_hkdf(m, vec->salt, vec->salt_len, vec->ikm, vec->ikm_len,
|
||||
vec->info, vec->info_len, res, vec->okm_len);
|
||||
test_assert_idx(memcmp(res->data, vec->okm, vec->okm_len) == 0, i);
|
||||
}
|
||||
@@ -159,7 +159,7 @@ static void test_hkdf_buffer(void)
|
||||
test_begin("hkdf temporary buffer");
|
||||
const struct test_vector_5869 *vec = &(test_vectors_5869[0]);
|
||||
const struct hash_method *m = hash_method_lookup(vec->prf);
|
||||
- buffer_t *tmp = t_hmac_hkdf(m, vec->salt, vec->salt_len, vec->ikm,
|
||||
+ buffer_t *tmp = openssl_t_hmac_hkdf(m, vec->salt, vec->salt_len, vec->ikm,
|
||||
vec->ikm_len, vec->info, vec->info_len,
|
||||
vec->okm_len);
|
||||
test_assert(tmp->used == vec->okm_len &&
|
19
SOURCES/dovecot.conf.5
Normal file
19
SOURCES/dovecot.conf.5
Normal file
@ -0,0 +1,19 @@
|
||||
.TH DOVECOT.CONF 5 2010/06/27 "dovecot" "File Formats and Conventions"
|
||||
.SH NAME
|
||||
\fBdovecot.conf\fP \- The configuration file for dovecot imap and pop3 server
|
||||
|
||||
.SH FULL PATH
|
||||
.B /etc/dovecot.conf
|
||||
|
||||
.SH DESCRIPTION
|
||||
The dovecot.conf file is a configuration file for the
|
||||
.BR dovecot (1)
|
||||
imap and pop3 server. The dovecot.conf configuration file contains description to all available options. Some of these options are described also in offline wiki documentation placed in /usr/share/doc/dovecot*/wiki/.
|
||||
|
||||
For backup purposes unmodified version of dovecot.conf can be found in /usr/share/doc/dovecot-<version>/example-config/dovecot.conf.default
|
||||
|
||||
.SH "SEE ALSO"
|
||||
.BR doveadm (1),
|
||||
.BR dovecot (1),
|
||||
.I /usr/share/doc/dovecot*/wiki/
|
||||
.I /usr/share/doc/dovecot*/dovecot.conf.default
|
108
SOURCES/dovecot.init
Executable file
108
SOURCES/dovecot.init
Executable file
@ -0,0 +1,108 @@
|
||||
#!/bin/bash
|
||||
#
|
||||
# /etc/rc.d/init.d/dovecot
|
||||
#
|
||||
# Starts the dovecot daemon
|
||||
#
|
||||
# chkconfig: - 65 35
|
||||
# description: Dovecot Imap Server
|
||||
# processname: dovecot
|
||||
# config: /etc/dovecot.conf
|
||||
# config: /etc/sysconfig/dovecot
|
||||
# pidfile: /var/run/dovecot/master.pid
|
||||
|
||||
### BEGIN INIT INFO
|
||||
# Provides: dovecot
|
||||
# Required-Start: $local_fs $network
|
||||
# Required-Stop: $local_fs $network
|
||||
# Should-Start: $remote_fs
|
||||
# Should-Stop: $remote_fs
|
||||
# Default-Start:
|
||||
# Default-Stop: 0 1 2 3 4 5 6
|
||||
# Short-Description: start and stop Dovecot Imap server
|
||||
# Description: Dovecot is an IMAP server for Linux/UNIX-like systems,
|
||||
# written with security primarily in mind. It also contains
|
||||
# a small POP3 server.
|
||||
### END INIT INFO
|
||||
|
||||
# Source function library.
|
||||
. /etc/init.d/functions
|
||||
|
||||
if [ -f /etc/sysconfig/dovecot -a $UID -eq 0 ]; then
|
||||
. /etc/sysconfig/dovecot
|
||||
fi
|
||||
|
||||
RETVAL=0
|
||||
prog="Dovecot Imap"
|
||||
exec="/usr/sbin/dovecot"
|
||||
config="/etc/dovecot/dovecot.conf"
|
||||
pidfile="/var/run/dovecot/master.pid"
|
||||
lockfile="/var/lock/subsys/dovecot"
|
||||
|
||||
start() {
|
||||
[ $UID -eq 0 ] || exit 4
|
||||
[ -x $exec ] || exit 5
|
||||
[ -f $config ] || exit 6
|
||||
|
||||
echo -n $"Starting $prog: "
|
||||
daemon --pidfile $pidfile $exec $OPTIONS
|
||||
RETVAL=$?
|
||||
[ $RETVAL -eq 0 ] && touch $lockfile
|
||||
echo
|
||||
}
|
||||
|
||||
stop() {
|
||||
[ $UID -eq 0 ] || exit 4
|
||||
echo -n $"Stopping $prog: "
|
||||
killproc -p $pidfile $exec
|
||||
RETVAL=$?
|
||||
[ $RETVAL -eq 0 ] && rm -f $lockfile
|
||||
echo
|
||||
}
|
||||
|
||||
reload() {
|
||||
[ $UID -eq 0 ] || exit 4
|
||||
echo -n $"Reloading $prog: "
|
||||
killproc -p $pidfile $exec -HUP
|
||||
RETVAL=$?
|
||||
echo
|
||||
}
|
||||
|
||||
#
|
||||
# See how we were called.
|
||||
#
|
||||
case "$1" in
|
||||
start)
|
||||
start
|
||||
;;
|
||||
stop)
|
||||
stop
|
||||
;;
|
||||
reload)
|
||||
reload
|
||||
;;
|
||||
force-reload|restart)
|
||||
stop
|
||||
sleep 1
|
||||
start
|
||||
RETVAL=$?
|
||||
;;
|
||||
condrestart|try-restart)
|
||||
if [ -f $lockfile ]; then
|
||||
stop
|
||||
sleep 3
|
||||
start
|
||||
fi
|
||||
;;
|
||||
status)
|
||||
status -p $pidfile $exec
|
||||
RETVAL=$?
|
||||
;;
|
||||
*)
|
||||
echo $"Usage: $0 {condrestart|try-restart|start|stop|restart|reload|force-reload|status}"
|
||||
RETVAL=2
|
||||
[ "$1" = 'usage' ] && RETVAL=0
|
||||
esac
|
||||
|
||||
exit $RETVAL
|
||||
|
5
SOURCES/dovecot.pam
Normal file
5
SOURCES/dovecot.pam
Normal file
@ -0,0 +1,5 @@
|
||||
#%PAM-1.0
|
||||
auth required pam_nologin.so
|
||||
auth include password-auth
|
||||
account include password-auth
|
||||
session include password-auth
|
3
SOURCES/dovecot.sysconfig
Normal file
3
SOURCES/dovecot.sysconfig
Normal file
@ -0,0 +1,3 @@
|
||||
# Here you can specify your dovecot command line options.
|
||||
#
|
||||
#OPTIONS=""
|
2
SOURCES/dovecot.tmpfilesd
Normal file
2
SOURCES/dovecot.tmpfilesd
Normal file
@ -0,0 +1,2 @@
|
||||
d /var/run/dovecot 0755 root dovecot -
|
||||
|
3
SOURCES/prestartscript
Normal file
3
SOURCES/prestartscript
Normal file
@ -0,0 +1,3 @@
|
||||
#!/bin/sh
|
||||
/bin/systemctl -q is-enabled NetworkManager.service >/dev/null 2>&1 && /usr/bin/nm-online -q --timeout 30 ||:
|
||||
|
2474
SPECS/dovecot.spec
Normal file
2474
SPECS/dovecot.spec
Normal file
File diff suppressed because it is too large
Load Diff
Loading…
Reference in New Issue
Block a user