wok-next view cyrus-sasl/stuff/patches/cyrus-sasl-2.1.26-openssl-1.1.0-1.patch @ rev 20443

The rest of my "home work" for update many packages (up to Xorg, GTK and Openbox) for Next and mainly for Next64. Since this point this repository is open for commits. Many errors are expected due to harfbuzz-freetype dependency loop...
author Aleksej Bobylev <al.bobylev@gmail.com>
date Sat Feb 24 16:17:33 2018 +0200 (2018-02-24)
parents
children
line source
1 Submitted By: DJ Lucas <dj_AT_linuxfromscratch_DOT_org>
2 Date: 2017-05-27
3 Initial Package Version: 2.1.26
4 Upstream Status: Comitted
5 Origin: https://github.com/cyrusimap/cyrus-sasl/commit/f607d99bf6e3e2074ab925f96765488f29b821ec
6 https://github.com/cyrusimap/cyrus-sasl/commit/4c8e3f24bb943386a67b4de65bb849f562499dd0
7 https://github.com/cyrusimap/cyrus-sasl/commit/652334b7701e9394b195d33183cb7ccd916296e8
8 https://github.com/cyrusimap/cyrus-sasl/commit/4f3c6beac5a6db053f1d1309353fde6e653d026c
9 https://github.com/cyrusimap/cyrus-sasl/commit/68fac2fb7166cb482a405f6c6613bce4c982a77e
10 Description: Allow to build with OpenSSL-1.1.0.
11
12
13 diff -Naurp cyrus-sasl-2.1.26-orig/plugins/ntlm.c cyrus-sasl-2.1.26/plugins/ntlm.c
14 --- cyrus-sasl-2.1.26-orig/plugins/ntlm.c 2012-01-27 17:31:36.000000000 -0600
15 +++ cyrus-sasl-2.1.26/plugins/ntlm.c 2017-05-26 23:42:19.293372476 -0500
16 @@ -417,6 +417,29 @@ static unsigned char *P24(unsigned char
17 return P24;
18 }
19
20 +static HMAC_CTX *_plug_HMAC_CTX_new(const sasl_utils_t *utils)
21 +{
22 + utils->log(NULL, SASL_LOG_DEBUG, "_plug_HMAC_CTX_new()");
23 +
24 +#if OPENSSL_VERSION_NUMBER >= 0x10100000L
25 + return HMAC_CTX_new();
26 +#else
27 + return utils->malloc(sizeof(HMAC_CTX));
28 +#endif
29 +}
30 +
31 +static void _plug_HMAC_CTX_free(HMAC_CTX *ctx, const sasl_utils_t *utils)
32 +{
33 + utils->log(NULL, SASL_LOG_DEBUG, "_plug_HMAC_CTX_free()");
34 +
35 +#if OPENSSL_VERSION_NUMBER >= 0x10100000L
36 + HMAC_CTX_free(ctx);
37 +#else
38 + HMAC_cleanup(ctx);
39 + utils->free(ctx);
40 +#endif
41 +}
42 +
43 static unsigned char *V2(unsigned char *V2, sasl_secret_t *passwd,
44 const char *authid, const char *target,
45 const unsigned char *challenge,
46 @@ -424,7 +447,7 @@ static unsigned char *V2(unsigned char *
47 const sasl_utils_t *utils,
48 char **buf, unsigned *buflen, int *result)
49 {
50 - HMAC_CTX ctx;
51 + HMAC_CTX *ctx = NULL;
52 unsigned char hash[EVP_MAX_MD_SIZE];
53 char *upper;
54 unsigned int len;
55 @@ -435,6 +458,10 @@ static unsigned char *V2(unsigned char *
56 SETERROR(utils, "cannot allocate NTLMv2 hash");
57 *result = SASL_NOMEM;
58 }
59 + else if ((ctx = _plug_HMAC_CTX_new(utils)) == NULL) {
60 + SETERROR(utils, "cannot allocate HMAC CTX");
61 + *result = SASL_NOMEM;
62 + }
63 else {
64 /* NTLMv2hash = HMAC-MD5(NTLMhash, unicode(ucase(authid + domain))) */
65 P16_nt(hash, passwd, utils, buf, buflen, result);
66 @@ -449,17 +476,18 @@ static unsigned char *V2(unsigned char *
67 HMAC(EVP_md5(), hash, MD4_DIGEST_LENGTH, *buf, 2 * len, hash, &len);
68
69 /* V2 = HMAC-MD5(NTLMv2hash, challenge + blob) + blob */
70 - HMAC_Init(&ctx, hash, len, EVP_md5());
71 - HMAC_Update(&ctx, challenge, NTLM_NONCE_LENGTH);
72 - HMAC_Update(&ctx, blob, bloblen);
73 - HMAC_Final(&ctx, V2, &len);
74 - HMAC_cleanup(&ctx);
75 + HMAC_Init_ex(ctx, hash, len, EVP_md5(), NULL);
76 + HMAC_Update(ctx, challenge, NTLM_NONCE_LENGTH);
77 + HMAC_Update(ctx, blob, bloblen);
78 + HMAC_Final(ctx, V2, &len);
79
80 /* the blob is concatenated outside of this function */
81
82 *result = SASL_OK;
83 }
84
85 + if (ctx) _plug_HMAC_CTX_free(ctx, utils);
86 +
87 return V2;
88 }
89
90 diff -Naurp cyrus-sasl-2.1.26-orig/plugins/otp.c cyrus-sasl-2.1.26/plugins/otp.c
91 --- cyrus-sasl-2.1.26-orig/plugins/otp.c 2012-10-12 09:05:48.000000000 -0500
92 +++ cyrus-sasl-2.1.26/plugins/otp.c 2017-05-26 23:42:19.293372476 -0500
93 @@ -96,6 +96,28 @@ static algorithm_option_t algorithm_opti
94 {NULL, 0, NULL}
95 };
96
97 +static EVP_MD_CTX *_plug_EVP_MD_CTX_new(const sasl_utils_t *utils)
98 +{
99 + utils->log(NULL, SASL_LOG_DEBUG, "_plug_EVP_MD_CTX_new()");
100 +
101 +#if OPENSSL_VERSION_NUMBER >= 0x10100000L
102 + return EVP_MD_CTX_new();
103 +#else
104 + return utils->malloc(sizeof(EVP_MD_CTX));
105 +#endif
106 +}
107 +
108 +static void _plug_EVP_MD_CTX_free(EVP_MD_CTX *ctx, const sasl_utils_t *utils)
109 +{
110 + utils->log(NULL, SASL_LOG_DEBUG, "_plug_EVP_MD_CTX_free()");
111 +
112 +#if OPENSSL_VERSION_NUMBER >= 0x10100000L
113 + EVP_MD_CTX_free(ctx);
114 +#else
115 + utils->free(ctx);
116 +#endif
117 +}
118 +
119 /* Convert the binary data into ASCII hex */
120 void bin2hex(unsigned char *bin, int binlen, char *hex)
121 {
122 @@ -116,17 +138,16 @@ void bin2hex(unsigned char *bin, int bin
123 * swabbing bytes if necessary.
124 */
125 static void otp_hash(const EVP_MD *md, char *in, size_t inlen,
126 - unsigned char *out, int swab)
127 + unsigned char *out, int swab, EVP_MD_CTX *mdctx)
128 {
129 - EVP_MD_CTX mdctx;
130 - char hash[EVP_MAX_MD_SIZE];
131 + unsigned char hash[EVP_MAX_MD_SIZE];
132 unsigned int i;
133 int j;
134 unsigned hashlen;
135
136 - EVP_DigestInit(&mdctx, md);
137 - EVP_DigestUpdate(&mdctx, in, inlen);
138 - EVP_DigestFinal(&mdctx, hash, &hashlen);
139 + EVP_DigestInit(mdctx, md);
140 + EVP_DigestUpdate(mdctx, in, inlen);
141 + EVP_DigestFinal(mdctx, hash, &hashlen);
142
143 /* Fold the result into 64 bits */
144 for (i = OTP_HASH_SIZE; i < hashlen; i++) {
145 @@ -149,7 +170,9 @@ static int generate_otp(const sasl_utils
146 char *secret, char *otp)
147 {
148 const EVP_MD *md;
149 - char *key;
150 + EVP_MD_CTX *mdctx = NULL;
151 + char *key = NULL;
152 + int r = SASL_OK;
153
154 if (!(md = EVP_get_digestbyname(alg->evp_name))) {
155 utils->seterror(utils->conn, 0,
156 @@ -157,23 +180,32 @@ static int generate_otp(const sasl_utils
157 return SASL_FAIL;
158 }
159
160 + if ((mdctx = _plug_EVP_MD_CTX_new(utils)) == NULL) {
161 + SETERROR(utils, "cannot allocate MD CTX");
162 + r = SASL_NOMEM;
163 + goto done;
164 + }
165 +
166 if ((key = utils->malloc(strlen(seed) + strlen(secret) + 1)) == NULL) {
167 SETERROR(utils, "cannot allocate OTP key");
168 - return SASL_NOMEM;
169 + r = SASL_NOMEM;
170 + goto done;
171 }
172
173 /* initial step */
174 strcpy(key, seed);
175 strcat(key, secret);
176 - otp_hash(md, key, strlen(key), otp, alg->swab);
177 + otp_hash(md, key, strlen(key), otp, alg->swab, mdctx);
178
179 /* computation step */
180 while (seq-- > 0)
181 - otp_hash(md, otp, OTP_HASH_SIZE, otp, alg->swab);
182 -
183 - utils->free(key);
184 + otp_hash(md, otp, OTP_HASH_SIZE, otp, alg->swab, mdctx);
185 +
186 + done:
187 + if (key) utils->free(key);
188 + if (mdctx) _plug_EVP_MD_CTX_free(mdctx, utils);
189
190 - return SASL_OK;
191 + return r;
192 }
193
194 static int parse_challenge(const sasl_utils_t *utils,
195 @@ -693,7 +725,8 @@ static int strptrcasecmp(const void *arg
196
197 /* Convert the 6 words into binary data */
198 static int word2bin(const sasl_utils_t *utils,
199 - char *words, unsigned char *bin, const EVP_MD *md)
200 + char *words, unsigned char *bin, const EVP_MD *md,
201 + EVP_MD_CTX *mdctx)
202 {
203 int i, j;
204 char *c, *word, buf[OTP_RESPONSE_MAX+1];
205 @@ -752,13 +785,12 @@ static int word2bin(const sasl_utils_t *
206
207 /* alternate dictionary */
208 if (alt_dict) {
209 - EVP_MD_CTX mdctx;
210 - char hash[EVP_MAX_MD_SIZE];
211 - int hashlen;
212 + unsigned char hash[EVP_MAX_MD_SIZE];
213 + unsigned hashlen;
214
215 - EVP_DigestInit(&mdctx, md);
216 - EVP_DigestUpdate(&mdctx, word, strlen(word));
217 - EVP_DigestFinal(&mdctx, hash, &hashlen);
218 + EVP_DigestInit(mdctx, md);
219 + EVP_DigestUpdate(mdctx, word, strlen(word));
220 + EVP_DigestFinal(mdctx, hash, &hashlen);
221
222 /* use lowest 11 bits */
223 x = ((hash[hashlen-2] & 0x7) << 8) | hash[hashlen-1];
224 @@ -802,6 +834,7 @@ static int verify_response(server_contex
225 char *response)
226 {
227 const EVP_MD *md;
228 + EVP_MD_CTX *mdctx = NULL;
229 char *c;
230 int do_init = 0;
231 unsigned char cur_otp[OTP_HASH_SIZE], prev_otp[OTP_HASH_SIZE];
232 @@ -815,6 +848,11 @@ static int verify_response(server_contex
233 return SASL_FAIL;
234 }
235
236 + if ((mdctx = _plug_EVP_MD_CTX_new(utils)) == NULL) {
237 + SETERROR(utils, "cannot allocate MD CTX");
238 + return SASL_NOMEM;
239 + }
240 +
241 /* eat leading whitespace */
242 c = response;
243 while (isspace((int) *c)) c++;
244 @@ -824,7 +862,7 @@ static int verify_response(server_contex
245 r = hex2bin(c+strlen(OTP_HEX_TYPE), cur_otp, OTP_HASH_SIZE);
246 }
247 else if (!strncasecmp(c, OTP_WORD_TYPE, strlen(OTP_WORD_TYPE))) {
248 - r = word2bin(utils, c+strlen(OTP_WORD_TYPE), cur_otp, md);
249 + r = word2bin(utils, c+strlen(OTP_WORD_TYPE), cur_otp, md, mdctx);
250 }
251 else if (!strncasecmp(c, OTP_INIT_HEX_TYPE,
252 strlen(OTP_INIT_HEX_TYPE))) {
253 @@ -834,7 +872,7 @@ static int verify_response(server_contex
254 else if (!strncasecmp(c, OTP_INIT_WORD_TYPE,
255 strlen(OTP_INIT_WORD_TYPE))) {
256 do_init = 1;
257 - r = word2bin(utils, c+strlen(OTP_INIT_WORD_TYPE), cur_otp, md);
258 + r = word2bin(utils, c+strlen(OTP_INIT_WORD_TYPE), cur_otp, md, mdctx);
259 }
260 else {
261 SETERROR(utils, "unknown OTP extended response type");
262 @@ -843,14 +881,15 @@ static int verify_response(server_contex
263 }
264 else {
265 /* standard response, try word first, and then hex */
266 - r = word2bin(utils, c, cur_otp, md);
267 + r = word2bin(utils, c, cur_otp, md, mdctx);
268 if (r != SASL_OK)
269 r = hex2bin(c, cur_otp, OTP_HASH_SIZE);
270 }
271
272 if (r == SASL_OK) {
273 /* do one more hash (previous otp) and compare to stored otp */
274 - otp_hash(md, cur_otp, OTP_HASH_SIZE, prev_otp, text->alg->swab);
275 + otp_hash(md, (char *) cur_otp, OTP_HASH_SIZE,
276 + prev_otp, text->alg->swab, mdctx);
277
278 if (!memcmp(prev_otp, text->otp, OTP_HASH_SIZE)) {
279 /* update the secret with this seq/otp */
280 @@ -879,23 +918,28 @@ static int verify_response(server_contex
281 *new_resp++ = '\0';
282 }
283
284 - if (!(new_chal && new_resp))
285 - return SASL_BADAUTH;
286 + if (!(new_chal && new_resp)) {
287 + r = SASL_BADAUTH;
288 + goto done;
289 + }
290
291 if ((r = parse_challenge(utils, new_chal, &alg, &seq, seed, 1))
292 != SASL_OK) {
293 - return r;
294 + goto done;
295 }
296
297 - if (seq < 1 || !strcasecmp(seed, text->seed))
298 - return SASL_BADAUTH;
299 + if (seq < 1 || !strcasecmp(seed, text->seed)) {
300 + r = SASL_BADAUTH;
301 + goto done;
302 + }
303
304 /* find the MDA */
305 if (!(md = EVP_get_digestbyname(alg->evp_name))) {
306 utils->seterror(utils->conn, 0,
307 "OTP algorithm %s is not available",
308 alg->evp_name);
309 - return SASL_BADAUTH;
310 + r = SASL_BADAUTH;
311 + goto done;
312 }
313
314 if (!strncasecmp(c, OTP_INIT_HEX_TYPE, strlen(OTP_INIT_HEX_TYPE))) {
315 @@ -903,7 +947,7 @@ static int verify_response(server_contex
316 }
317 else if (!strncasecmp(c, OTP_INIT_WORD_TYPE,
318 strlen(OTP_INIT_WORD_TYPE))) {
319 - r = word2bin(utils, new_resp, new_otp, md);
320 + r = word2bin(utils, new_resp, new_otp, md, mdctx);
321 }
322
323 if (r == SASL_OK) {
324 @@ -914,7 +958,10 @@ static int verify_response(server_contex
325 memcpy(text->otp, new_otp, OTP_HASH_SIZE);
326 }
327 }
328 -
329 +
330 + done:
331 + if (mdctx) _plug_EVP_MD_CTX_free(mdctx, utils);
332 +
333 return r;
334 }
335
336 diff -Naurp cyrus-sasl-2.1.26-orig/saslauthd/lak.c cyrus-sasl-2.1.26/saslauthd/lak.c
337 --- cyrus-sasl-2.1.26-orig/saslauthd/lak.c 2012-10-12 09:05:48.000000000 -0500
338 +++ cyrus-sasl-2.1.26/saslauthd/lak.c 2017-05-26 23:42:19.293372476 -0500
339 @@ -61,6 +61,35 @@
340 #include <sasl.h>
341 #include "lak.h"
342
343 +#if OPENSSL_VERSION_NUMBER < 0x10100000L
344 +static EVP_MD_CTX *EVP_MD_CTX_new(void)
345 +{
346 + return EVP_MD_CTX_create();
347 +}
348 +static void EVP_MD_CTX_free(EVP_MD_CTX *ctx)
349 +{
350 + if (ctx == NULL)
351 + return;
352 +
353 + EVP_MD_CTX_destroy(ctx);
354 +}
355 +
356 +static EVP_ENCODE_CTX *EVP_ENCODE_CTX_new(void)
357 +{
358 + EVP_ENCODE_CTX *ctx = OPENSSL_malloc(sizeof(*ctx));
359 +
360 + if (ctx != NULL) {
361 + memset(ctx, 0, sizeof(*ctx));
362 + }
363 + return ctx;
364 +}
365 +static void EVP_ENCODE_CTX_free(EVP_ENCODE_CTX *ctx)
366 +{
367 + OPENSSL_free(ctx);
368 + return;
369 +}
370 +#endif
371 +
372 typedef struct lak_auth_method {
373 int method;
374 int (*check) (LAK *lak, const char *user, const char *service, const char *realm, const char *password) ;
375 @@ -1715,20 +1744,28 @@ static int lak_base64_decode(
376
377 int rc, i, tlen = 0;
378 char *text;
379 - EVP_ENCODE_CTX EVP_ctx;
380 + EVP_ENCODE_CTX *enc_ctx = EVP_ENCODE_CTX_new();
381
382 - text = (char *)malloc(((strlen(src)+3)/4 * 3) + 1);
383 if (text == NULL)
384 return LAK_NOMEM;
385
386 - EVP_DecodeInit(&EVP_ctx);
387 - rc = EVP_DecodeUpdate(&EVP_ctx, text, &i, (char *)src, strlen(src));
388 + text = (char *)malloc(((strlen(src)+3)/4 * 3) + 1);
389 + if (text == NULL) {
390 + EVP_ENCODE_CTX_free(enc_ctx);
391 + return LAK_NOMEM;
392 + }
393 +
394 + EVP_DecodeInit(enc_ctx);
395 + rc = EVP_DecodeUpdate(enc_ctx, (unsigned char *) text, &i, (const unsigned char *)src, strlen(src));
396 if (rc < 0) {
397 + EVP_ENCODE_CTX_free(enc_ctx);
398 free(text);
399 return LAK_FAIL;
400 }
401 tlen += i;
402 - EVP_DecodeFinal(&EVP_ctx, text, &i);
403 + EVP_DecodeFinal(enc_ctx, (unsigned char *) text, &i);
404 +
405 + EVP_ENCODE_CTX_free(enc_ctx);
406
407 *ret = text;
408 if (rlen != NULL)
409 @@ -1744,7 +1781,7 @@ static int lak_check_hashed(
410 {
411 int rc, clen;
412 LAK_HASH_ROCK *hrock = (LAK_HASH_ROCK *) rock;
413 - EVP_MD_CTX mdctx;
414 + EVP_MD_CTX *mdctx;
415 const EVP_MD *md;
416 unsigned char digest[EVP_MAX_MD_SIZE];
417 char *cred;
418 @@ -1753,17 +1790,24 @@ static int lak_check_hashed(
419 if (!md)
420 return LAK_FAIL;
421
422 + mdctx = EVP_MD_CTX_new();
423 + if (!mdctx)
424 + return LAK_NOMEM;
425 +
426 rc = lak_base64_decode(hash, &cred, &clen);
427 - if (rc != LAK_OK)
428 + if (rc != LAK_OK) {
429 + EVP_MD_CTX_free(mdctx);
430 return rc;
431 + }
432
433 - EVP_DigestInit(&mdctx, md);
434 - EVP_DigestUpdate(&mdctx, passwd, strlen(passwd));
435 + EVP_DigestInit(mdctx, md);
436 + EVP_DigestUpdate(mdctx, passwd, strlen(passwd));
437 if (hrock->salted) {
438 - EVP_DigestUpdate(&mdctx, &cred[EVP_MD_size(md)],
439 + EVP_DigestUpdate(mdctx, &cred[EVP_MD_size(md)],
440 clen - EVP_MD_size(md));
441 }
442 - EVP_DigestFinal(&mdctx, digest, NULL);
443 + EVP_DigestFinal(mdctx, digest, NULL);
444 + EVP_MD_CTX_free(mdctx);
445
446 rc = memcmp((char *)cred, (char *)digest, EVP_MD_size(md));
447 free(cred);