summaryrefslogtreecommitdiff
path: root/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.26-openssl-1.1.patch
diff options
context:
space:
mode:
Diffstat (limited to 'dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.26-openssl-1.1.patch')
-rw-r--r--dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.26-openssl-1.1.patch353
1 files changed, 0 insertions, 353 deletions
diff --git a/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.26-openssl-1.1.patch b/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.26-openssl-1.1.patch
deleted file mode 100644
index 3b0ffac24f0c..000000000000
--- a/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.26-openssl-1.1.patch
+++ /dev/null
@@ -1,353 +0,0 @@
-diff --git a/plugins/ntlm.c b/plugins/ntlm.c
-index 79ea47c..554a00d 100644
---- a/plugins/ntlm.c
-+++ b/plugins/ntlm.c
-@@ -417,6 +417,29 @@ static unsigned char *P24(unsigned char *P24, unsigned char *P21,
- return P24;
- }
-
-+static HMAC_CTX *_plug_HMAC_CTX_new(const sasl_utils_t *utils)
-+{
-+ utils->log(NULL, SASL_LOG_DEBUG, "_plug_HMAC_CTX_new()");
-+
-+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
-+ return HMAC_CTX_new();
-+#else
-+ return utils->malloc(sizeof(EVP_MD_CTX));
-+#endif
-+}
-+
-+static void _plug_HMAC_CTX_free(HMAC_CTX *ctx, const sasl_utils_t *utils)
-+{
-+ utils->log(NULL, SASL_LOG_DEBUG, "_plug_HMAC_CTX_free()");
-+
-+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
-+ HMAC_CTX_free(ctx);
-+#else
-+ HMAC_cleanup(ctx);
-+ utils->free(ctx);
-+#endif
-+}
-+
- static unsigned char *V2(unsigned char *V2, sasl_secret_t *passwd,
- const char *authid, const char *target,
- const unsigned char *challenge,
-@@ -424,7 +447,7 @@ static unsigned char *V2(unsigned char *V2, sasl_secret_t *passwd,
- const sasl_utils_t *utils,
- char **buf, unsigned *buflen, int *result)
- {
-- HMAC_CTX ctx;
-+ HMAC_CTX *ctx = NULL;
- unsigned char hash[EVP_MAX_MD_SIZE];
- char *upper;
- unsigned int len;
-@@ -435,6 +458,10 @@ static unsigned char *V2(unsigned char *V2, sasl_secret_t *passwd,
- SETERROR(utils, "cannot allocate NTLMv2 hash");
- *result = SASL_NOMEM;
- }
-+ else if ((ctx = _plug_HMAC_CTX_new(utils)) == NULL) {
-+ SETERROR(utils, "cannot allocate HMAC CTX");
-+ *result = SASL_NOMEM;
-+ }
- else {
- /* NTLMv2hash = HMAC-MD5(NTLMhash, unicode(ucase(authid + domain))) */
- P16_nt(hash, passwd, utils, buf, buflen, result);
-@@ -449,17 +476,18 @@ static unsigned char *V2(unsigned char *V2, sasl_secret_t *passwd,
- HMAC(EVP_md5(), hash, MD4_DIGEST_LENGTH, *buf, 2 * len, hash, &len);
-
- /* V2 = HMAC-MD5(NTLMv2hash, challenge + blob) + blob */
-- HMAC_Init(&ctx, hash, len, EVP_md5());
-- HMAC_Update(&ctx, challenge, NTLM_NONCE_LENGTH);
-- HMAC_Update(&ctx, blob, bloblen);
-- HMAC_Final(&ctx, V2, &len);
-- HMAC_cleanup(&ctx);
-+ HMAC_Init_ex(ctx, hash, len, EVP_md5(), NULL);
-+ HMAC_Update(ctx, challenge, NTLM_NONCE_LENGTH);
-+ HMAC_Update(ctx, blob, bloblen);
-+ HMAC_Final(ctx, V2, &len);
-
- /* the blob is concatenated outside of this function */
-
- *result = SASL_OK;
- }
-
-+ if (ctx) _plug_HMAC_CTX_free(ctx, utils);
-+
- return V2;
- }
-
-diff --git a/plugins/otp.c b/plugins/otp.c
-index dd73065..d1e9bf4 100644
---- a/plugins/otp.c
-+++ b/plugins/otp.c
-@@ -96,6 +96,28 @@ static algorithm_option_t algorithm_options[] = {
- {NULL, 0, NULL}
- };
-
-+static EVP_MD_CTX *_plug_EVP_MD_CTX_new(const sasl_utils_t *utils)
-+{
-+ utils->log(NULL, SASL_LOG_DEBUG, "_plug_EVP_MD_CTX_new()");
-+
-+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
-+ return EVP_MD_CTX_new();
-+#else
-+ return utils->malloc(sizeof(EVP_MD_CTX));
-+#endif
-+}
-+
-+static void _plug_EVP_MD_CTX_free(EVP_MD_CTX *ctx, const sasl_utils_t *utils)
-+{
-+ utils->log(NULL, SASL_LOG_DEBUG, "_plug_EVP_MD_CTX_free()");
-+
-+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
-+ EVP_MD_CTX_free(ctx);
-+#else
-+ utils->free(ctx);
-+#endif
-+}
-+
- /* Convert the binary data into ASCII hex */
- void bin2hex(unsigned char *bin, int binlen, char *hex)
- {
-@@ -116,17 +138,16 @@ void bin2hex(unsigned char *bin, int binlen, char *hex)
- * swabbing bytes if necessary.
- */
- static void otp_hash(const EVP_MD *md, char *in, size_t inlen,
-- unsigned char *out, int swab)
-+ unsigned char *out, int swab, EVP_MD_CTX *mdctx)
- {
-- EVP_MD_CTX mdctx;
- char hash[EVP_MAX_MD_SIZE];
- unsigned int i;
- int j;
- unsigned hashlen;
-
-- EVP_DigestInit(&mdctx, md);
-- EVP_DigestUpdate(&mdctx, in, inlen);
-- EVP_DigestFinal(&mdctx, hash, &hashlen);
-+ EVP_DigestInit(mdctx, md);
-+ EVP_DigestUpdate(mdctx, in, inlen);
-+ EVP_DigestFinal(mdctx, hash, &hashlen);
-
- /* Fold the result into 64 bits */
- for (i = OTP_HASH_SIZE; i < hashlen; i++) {
-@@ -149,7 +170,9 @@ static int generate_otp(const sasl_utils_t *utils,
- char *secret, char *otp)
- {
- const EVP_MD *md;
-- char *key;
-+ EVP_MD_CTX *mdctx = NULL;
-+ char *key = NULL;
-+ int r = SASL_OK;
-
- if (!(md = EVP_get_digestbyname(alg->evp_name))) {
- utils->seterror(utils->conn, 0,
-@@ -157,23 +180,32 @@ static int generate_otp(const sasl_utils_t *utils,
- return SASL_FAIL;
- }
-
-+ if ((mdctx = _plug_EVP_MD_CTX_new(utils)) == NULL) {
-+ SETERROR(utils, "cannot allocate MD CTX");
-+ r = SASL_NOMEM;
-+ goto done;
-+ }
-+
- if ((key = utils->malloc(strlen(seed) + strlen(secret) + 1)) == NULL) {
- SETERROR(utils, "cannot allocate OTP key");
-- return SASL_NOMEM;
-+ r = SASL_NOMEM;
-+ goto done;
- }
-
- /* initial step */
- strcpy(key, seed);
- strcat(key, secret);
-- otp_hash(md, key, strlen(key), otp, alg->swab);
-+ otp_hash(md, key, strlen(key), otp, alg->swab, mdctx);
-
- /* computation step */
- while (seq-- > 0)
-- otp_hash(md, otp, OTP_HASH_SIZE, otp, alg->swab);
-+ otp_hash(md, otp, OTP_HASH_SIZE, otp, alg->swab, mdctx);
-
-- utils->free(key);
-+ done:
-+ if (key) utils->free(key);
-+ if (mdctx) _plug_EVP_MD_CTX_free(mdctx, utils);
-
-- return SASL_OK;
-+ return r;
- }
-
- static int parse_challenge(const sasl_utils_t *utils,
-@@ -693,7 +725,8 @@ static int strptrcasecmp(const void *arg1, const void *arg2)
-
- /* Convert the 6 words into binary data */
- static int word2bin(const sasl_utils_t *utils,
-- char *words, unsigned char *bin, const EVP_MD *md)
-+ char *words, unsigned char *bin, const EVP_MD *md,
-+ EVP_MD_CTX *mdctx)
- {
- int i, j;
- char *c, *word, buf[OTP_RESPONSE_MAX+1];
-@@ -752,13 +785,12 @@ static int word2bin(const sasl_utils_t *utils,
-
- /* alternate dictionary */
- if (alt_dict) {
-- EVP_MD_CTX mdctx;
- char hash[EVP_MAX_MD_SIZE];
- int hashlen;
-
-- EVP_DigestInit(&mdctx, md);
-- EVP_DigestUpdate(&mdctx, word, strlen(word));
-- EVP_DigestFinal(&mdctx, hash, &hashlen);
-+ EVP_DigestInit(mdctx, md);
-+ EVP_DigestUpdate(mdctx, word, strlen(word));
-+ EVP_DigestFinal(mdctx, hash, &hashlen);
-
- /* use lowest 11 bits */
- x = ((hash[hashlen-2] & 0x7) << 8) | hash[hashlen-1];
-@@ -802,6 +834,7 @@ static int verify_response(server_context_t *text, const sasl_utils_t *utils,
- char *response)
- {
- const EVP_MD *md;
-+ EVP_MD_CTX *mdctx = NULL;
- char *c;
- int do_init = 0;
- unsigned char cur_otp[OTP_HASH_SIZE], prev_otp[OTP_HASH_SIZE];
-@@ -815,6 +848,11 @@ static int verify_response(server_context_t *text, const sasl_utils_t *utils,
- return SASL_FAIL;
- }
-
-+ if ((mdctx = _plug_EVP_MD_CTX_new(utils)) == NULL) {
-+ SETERROR(utils, "cannot allocate MD CTX");
-+ return SASL_NOMEM;
-+ }
-+
- /* eat leading whitespace */
- c = response;
- while (isspace((int) *c)) c++;
-@@ -824,7 +862,7 @@ static int verify_response(server_context_t *text, const sasl_utils_t *utils,
- r = hex2bin(c+strlen(OTP_HEX_TYPE), cur_otp, OTP_HASH_SIZE);
- }
- else if (!strncasecmp(c, OTP_WORD_TYPE, strlen(OTP_WORD_TYPE))) {
-- r = word2bin(utils, c+strlen(OTP_WORD_TYPE), cur_otp, md);
-+ r = word2bin(utils, c+strlen(OTP_WORD_TYPE), cur_otp, md, mdctx);
- }
- else if (!strncasecmp(c, OTP_INIT_HEX_TYPE,
- strlen(OTP_INIT_HEX_TYPE))) {
-@@ -834,7 +872,7 @@ static int verify_response(server_context_t *text, const sasl_utils_t *utils,
- else if (!strncasecmp(c, OTP_INIT_WORD_TYPE,
- strlen(OTP_INIT_WORD_TYPE))) {
- do_init = 1;
-- r = word2bin(utils, c+strlen(OTP_INIT_WORD_TYPE), cur_otp, md);
-+ r = word2bin(utils, c+strlen(OTP_INIT_WORD_TYPE), cur_otp, md, mdctx);
- }
- else {
- SETERROR(utils, "unknown OTP extended response type");
-@@ -843,14 +881,14 @@ static int verify_response(server_context_t *text, const sasl_utils_t *utils,
- }
- else {
- /* standard response, try word first, and then hex */
-- r = word2bin(utils, c, cur_otp, md);
-+ r = word2bin(utils, c, cur_otp, md, mdctx);
- if (r != SASL_OK)
- r = hex2bin(c, cur_otp, OTP_HASH_SIZE);
- }
-
- if (r == SASL_OK) {
- /* do one more hash (previous otp) and compare to stored otp */
-- otp_hash(md, cur_otp, OTP_HASH_SIZE, prev_otp, text->alg->swab);
-+ otp_hash(md, cur_otp, OTP_HASH_SIZE, prev_otp, text->alg->swab, mdctx);
-
- if (!memcmp(prev_otp, text->otp, OTP_HASH_SIZE)) {
- /* update the secret with this seq/otp */
-@@ -879,23 +917,28 @@ static int verify_response(server_context_t *text, const sasl_utils_t *utils,
- *new_resp++ = '\0';
- }
-
-- if (!(new_chal && new_resp))
-- return SASL_BADAUTH;
-+ if (!(new_chal && new_resp)) {
-+ r = SASL_BADAUTH;
-+ goto done;
-+ }
-
- if ((r = parse_challenge(utils, new_chal, &alg, &seq, seed, 1))
- != SASL_OK) {
-- return r;
-+ goto done;
- }
-
-- if (seq < 1 || !strcasecmp(seed, text->seed))
-- return SASL_BADAUTH;
-+ if (seq < 1 || !strcasecmp(seed, text->seed)) {
-+ r = SASL_BADAUTH;
-+ goto done;
-+ }
-
- /* find the MDA */
- if (!(md = EVP_get_digestbyname(alg->evp_name))) {
- utils->seterror(utils->conn, 0,
- "OTP algorithm %s is not available",
- alg->evp_name);
-- return SASL_BADAUTH;
-+ r = SASL_BADAUTH;
-+ goto done;
- }
-
- if (!strncasecmp(c, OTP_INIT_HEX_TYPE, strlen(OTP_INIT_HEX_TYPE))) {
-@@ -903,7 +946,7 @@ static int verify_response(server_context_t *text, const sasl_utils_t *utils,
- }
- else if (!strncasecmp(c, OTP_INIT_WORD_TYPE,
- strlen(OTP_INIT_WORD_TYPE))) {
-- r = word2bin(utils, new_resp, new_otp, md);
-+ r = word2bin(utils, new_resp, new_otp, md, mdctx);
- }
-
- if (r == SASL_OK) {
-@@ -914,7 +957,10 @@ static int verify_response(server_context_t *text, const sasl_utils_t *utils,
- memcpy(text->otp, new_otp, OTP_HASH_SIZE);
- }
- }
--
-+
-+ done:
-+ if (mdctx) _plug_EVP_MD_CTX_free(mdctx, utils);
-+
- return r;
- }
-
-@@ -1443,8 +1489,10 @@ int otp_server_plug_init(const sasl_utils_t *utils,
- *pluglist = otp_server_plugins;
- *plugcount = 1;
-
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L
- /* Add all digests */
- OpenSSL_add_all_digests();
-+#endif
-
- return SASL_OK;
- }
-@@ -1844,8 +1892,10 @@ int otp_client_plug_init(sasl_utils_t *utils,
- *pluglist = otp_client_plugins;
- *plugcount = 1;
-
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L
- /* Add all digests */
- OpenSSL_add_all_digests();
-+#endif
-
- return SASL_OK;
- }
---- a/saslauthd/lak.c
-+++ b/saslauthd/lak.c
-@@ -729,7 +729,7 @@ int lak_init(
- return rc;
- }
-
--#ifdef HAVE_OPENSSL
-+#if defined(HAVE_OPENSSL) && OPENSSL_VERSION_NUMBER < 0x10100000L
- OpenSSL_add_all_digests();
- #endif
-
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-04 19:48:35 +0000