wok-next view cyrus-sasl/stuff/patches/cyrus-sasl-2.1.26-openssl-1.1.0-1.patch @ rev 20791
Up gnome-games, and add/update all the required dependencies
| author | Aleksej Bobylev <al.bobylev@gmail.com> |
|---|---|
| date | Sun Jun 10 01:56:40 2018 +0300 (2018-06-10) |
| parents | |
| children |
line source
1 Submitted By: DJ Lucas <dj_AT_linuxfromscratch_DOT_org>
2 Date: 2017-05-27
3 Initial Package Version: 2.1.26
4 Upstream Status: Comitted
5 Origin: https://github.com/cyrusimap/cyrus-sasl/commit/f607d99bf6e3e2074ab925f96765488f29b821ec
6 https://github.com/cyrusimap/cyrus-sasl/commit/4c8e3f24bb943386a67b4de65bb849f562499dd0
7 https://github.com/cyrusimap/cyrus-sasl/commit/652334b7701e9394b195d33183cb7ccd916296e8
8 https://github.com/cyrusimap/cyrus-sasl/commit/4f3c6beac5a6db053f1d1309353fde6e653d026c
9 https://github.com/cyrusimap/cyrus-sasl/commit/68fac2fb7166cb482a405f6c6613bce4c982a77e
10 Description: Allow to build with OpenSSL-1.1.0.
13 diff -Naurp cyrus-sasl-2.1.26-orig/plugins/ntlm.c cyrus-sasl-2.1.26/plugins/ntlm.c
14 --- cyrus-sasl-2.1.26-orig/plugins/ntlm.c 2012-01-27 17:31:36.000000000 -0600
15 +++ cyrus-sasl-2.1.26/plugins/ntlm.c 2017-05-26 23:42:19.293372476 -0500
16 @@ -417,6 +417,29 @@ static unsigned char *P24(unsigned char
17 return P24;
18 }
20 +static HMAC_CTX *_plug_HMAC_CTX_new(const sasl_utils_t *utils)
21 +{
22 + utils->log(NULL, SASL_LOG_DEBUG, "_plug_HMAC_CTX_new()");
23 +
24 +#if OPENSSL_VERSION_NUMBER >= 0x10100000L
25 + return HMAC_CTX_new();
26 +#else
27 + return utils->malloc(sizeof(HMAC_CTX));
28 +#endif
29 +}
30 +
31 +static void _plug_HMAC_CTX_free(HMAC_CTX *ctx, const sasl_utils_t *utils)
32 +{
33 + utils->log(NULL, SASL_LOG_DEBUG, "_plug_HMAC_CTX_free()");
34 +
35 +#if OPENSSL_VERSION_NUMBER >= 0x10100000L
36 + HMAC_CTX_free(ctx);
37 +#else
38 + HMAC_cleanup(ctx);
39 + utils->free(ctx);
40 +#endif
41 +}
42 +
43 static unsigned char *V2(unsigned char *V2, sasl_secret_t *passwd,
44 const char *authid, const char *target,
45 const unsigned char *challenge,
46 @@ -424,7 +447,7 @@ static unsigned char *V2(unsigned char *
47 const sasl_utils_t *utils,
48 char **buf, unsigned *buflen, int *result)
49 {
50 - HMAC_CTX ctx;
51 + HMAC_CTX *ctx = NULL;
52 unsigned char hash[EVP_MAX_MD_SIZE];
53 char *upper;
54 unsigned int len;
55 @@ -435,6 +458,10 @@ static unsigned char *V2(unsigned char *
56 SETERROR(utils, "cannot allocate NTLMv2 hash");
57 *result = SASL_NOMEM;
58 }
59 + else if ((ctx = _plug_HMAC_CTX_new(utils)) == NULL) {
60 + SETERROR(utils, "cannot allocate HMAC CTX");
61 + *result = SASL_NOMEM;
62 + }
63 else {
64 /* NTLMv2hash = HMAC-MD5(NTLMhash, unicode(ucase(authid + domain))) */
65 P16_nt(hash, passwd, utils, buf, buflen, result);
66 @@ -449,17 +476,18 @@ static unsigned char *V2(unsigned char *
67 HMAC(EVP_md5(), hash, MD4_DIGEST_LENGTH, *buf, 2 * len, hash, &len);
69 /* V2 = HMAC-MD5(NTLMv2hash, challenge + blob) + blob */
70 - HMAC_Init(&ctx, hash, len, EVP_md5());
71 - HMAC_Update(&ctx, challenge, NTLM_NONCE_LENGTH);
72 - HMAC_Update(&ctx, blob, bloblen);
73 - HMAC_Final(&ctx, V2, &len);
74 - HMAC_cleanup(&ctx);
75 + HMAC_Init_ex(ctx, hash, len, EVP_md5(), NULL);
76 + HMAC_Update(ctx, challenge, NTLM_NONCE_LENGTH);
77 + HMAC_Update(ctx, blob, bloblen);
78 + HMAC_Final(ctx, V2, &len);
80 /* the blob is concatenated outside of this function */
82 *result = SASL_OK;
83 }
85 + if (ctx) _plug_HMAC_CTX_free(ctx, utils);
86 +
87 return V2;
88 }
90 diff -Naurp cyrus-sasl-2.1.26-orig/plugins/otp.c cyrus-sasl-2.1.26/plugins/otp.c
91 --- cyrus-sasl-2.1.26-orig/plugins/otp.c 2012-10-12 09:05:48.000000000 -0500
92 +++ cyrus-sasl-2.1.26/plugins/otp.c 2017-05-26 23:42:19.293372476 -0500
93 @@ -96,6 +96,28 @@ static algorithm_option_t algorithm_opti
94 {NULL, 0, NULL}
95 };
97 +static EVP_MD_CTX *_plug_EVP_MD_CTX_new(const sasl_utils_t *utils)
98 +{
99 + utils->log(NULL, SASL_LOG_DEBUG, "_plug_EVP_MD_CTX_new()");
100 +
101 +#if OPENSSL_VERSION_NUMBER >= 0x10100000L
102 + return EVP_MD_CTX_new();
103 +#else
104 + return utils->malloc(sizeof(EVP_MD_CTX));
105 +#endif
106 +}
107 +
108 +static void _plug_EVP_MD_CTX_free(EVP_MD_CTX *ctx, const sasl_utils_t *utils)
109 +{
110 + utils->log(NULL, SASL_LOG_DEBUG, "_plug_EVP_MD_CTX_free()");
111 +
112 +#if OPENSSL_VERSION_NUMBER >= 0x10100000L
113 + EVP_MD_CTX_free(ctx);
114 +#else
115 + utils->free(ctx);
116 +#endif
117 +}
118 +
119 /* Convert the binary data into ASCII hex */
120 void bin2hex(unsigned char *bin, int binlen, char *hex)
121 {
122 @@ -116,17 +138,16 @@ void bin2hex(unsigned char *bin, int bin
123 * swabbing bytes if necessary.
124 */
125 static void otp_hash(const EVP_MD *md, char *in, size_t inlen,
126 - unsigned char *out, int swab)
127 + unsigned char *out, int swab, EVP_MD_CTX *mdctx)
128 {
129 - EVP_MD_CTX mdctx;
130 - char hash[EVP_MAX_MD_SIZE];
131 + unsigned char hash[EVP_MAX_MD_SIZE];
132 unsigned int i;
133 int j;
134 unsigned hashlen;
136 - EVP_DigestInit(&mdctx, md);
137 - EVP_DigestUpdate(&mdctx, in, inlen);
138 - EVP_DigestFinal(&mdctx, hash, &hashlen);
139 + EVP_DigestInit(mdctx, md);
140 + EVP_DigestUpdate(mdctx, in, inlen);
141 + EVP_DigestFinal(mdctx, hash, &hashlen);
143 /* Fold the result into 64 bits */
144 for (i = OTP_HASH_SIZE; i < hashlen; i++) {
145 @@ -149,7 +170,9 @@ static int generate_otp(const sasl_utils
146 char *secret, char *otp)
147 {
148 const EVP_MD *md;
149 - char *key;
150 + EVP_MD_CTX *mdctx = NULL;
151 + char *key = NULL;
152 + int r = SASL_OK;
154 if (!(md = EVP_get_digestbyname(alg->evp_name))) {
155 utils->seterror(utils->conn, 0,
156 @@ -157,23 +180,32 @@ static int generate_otp(const sasl_utils
157 return SASL_FAIL;
158 }
160 + if ((mdctx = _plug_EVP_MD_CTX_new(utils)) == NULL) {
161 + SETERROR(utils, "cannot allocate MD CTX");
162 + r = SASL_NOMEM;
163 + goto done;
164 + }
165 +
166 if ((key = utils->malloc(strlen(seed) + strlen(secret) + 1)) == NULL) {
167 SETERROR(utils, "cannot allocate OTP key");
168 - return SASL_NOMEM;
169 + r = SASL_NOMEM;
170 + goto done;
171 }
173 /* initial step */
174 strcpy(key, seed);
175 strcat(key, secret);
176 - otp_hash(md, key, strlen(key), otp, alg->swab);
177 + otp_hash(md, key, strlen(key), otp, alg->swab, mdctx);
179 /* computation step */
180 while (seq-- > 0)
181 - otp_hash(md, otp, OTP_HASH_SIZE, otp, alg->swab);
182 -
183 - utils->free(key);
184 + otp_hash(md, otp, OTP_HASH_SIZE, otp, alg->swab, mdctx);
185 +
186 + done:
187 + if (key) utils->free(key);
188 + if (mdctx) _plug_EVP_MD_CTX_free(mdctx, utils);
190 - return SASL_OK;
191 + return r;
192 }
194 static int parse_challenge(const sasl_utils_t *utils,
195 @@ -693,7 +725,8 @@ static int strptrcasecmp(const void *arg
197 /* Convert the 6 words into binary data */
198 static int word2bin(const sasl_utils_t *utils,
199 - char *words, unsigned char *bin, const EVP_MD *md)
200 + char *words, unsigned char *bin, const EVP_MD *md,
201 + EVP_MD_CTX *mdctx)
202 {
203 int i, j;
204 char *c, *word, buf[OTP_RESPONSE_MAX+1];
205 @@ -752,13 +785,12 @@ static int word2bin(const sasl_utils_t *
207 /* alternate dictionary */
208 if (alt_dict) {
209 - EVP_MD_CTX mdctx;
210 - char hash[EVP_MAX_MD_SIZE];
211 - int hashlen;
212 + unsigned char hash[EVP_MAX_MD_SIZE];
213 + unsigned hashlen;
215 - EVP_DigestInit(&mdctx, md);
216 - EVP_DigestUpdate(&mdctx, word, strlen(word));
217 - EVP_DigestFinal(&mdctx, hash, &hashlen);
218 + EVP_DigestInit(mdctx, md);
219 + EVP_DigestUpdate(mdctx, word, strlen(word));
220 + EVP_DigestFinal(mdctx, hash, &hashlen);
222 /* use lowest 11 bits */
223 x = ((hash[hashlen-2] & 0x7) << 8) | hash[hashlen-1];
224 @@ -802,6 +834,7 @@ static int verify_response(server_contex
225 char *response)
226 {
227 const EVP_MD *md;
228 + EVP_MD_CTX *mdctx = NULL;
229 char *c;
230 int do_init = 0;
231 unsigned char cur_otp[OTP_HASH_SIZE], prev_otp[OTP_HASH_SIZE];
232 @@ -815,6 +848,11 @@ static int verify_response(server_contex
233 return SASL_FAIL;
234 }
236 + if ((mdctx = _plug_EVP_MD_CTX_new(utils)) == NULL) {
237 + SETERROR(utils, "cannot allocate MD CTX");
238 + return SASL_NOMEM;
239 + }
240 +
241 /* eat leading whitespace */
242 c = response;
243 while (isspace((int) *c)) c++;
244 @@ -824,7 +862,7 @@ static int verify_response(server_contex
245 r = hex2bin(c+strlen(OTP_HEX_TYPE), cur_otp, OTP_HASH_SIZE);
246 }
247 else if (!strncasecmp(c, OTP_WORD_TYPE, strlen(OTP_WORD_TYPE))) {
248 - r = word2bin(utils, c+strlen(OTP_WORD_TYPE), cur_otp, md);
249 + r = word2bin(utils, c+strlen(OTP_WORD_TYPE), cur_otp, md, mdctx);
250 }
251 else if (!strncasecmp(c, OTP_INIT_HEX_TYPE,
252 strlen(OTP_INIT_HEX_TYPE))) {
253 @@ -834,7 +872,7 @@ static int verify_response(server_contex
254 else if (!strncasecmp(c, OTP_INIT_WORD_TYPE,
255 strlen(OTP_INIT_WORD_TYPE))) {
256 do_init = 1;
257 - r = word2bin(utils, c+strlen(OTP_INIT_WORD_TYPE), cur_otp, md);
258 + r = word2bin(utils, c+strlen(OTP_INIT_WORD_TYPE), cur_otp, md, mdctx);
259 }
260 else {
261 SETERROR(utils, "unknown OTP extended response type");
262 @@ -843,14 +881,15 @@ static int verify_response(server_contex
263 }
264 else {
265 /* standard response, try word first, and then hex */
266 - r = word2bin(utils, c, cur_otp, md);
267 + r = word2bin(utils, c, cur_otp, md, mdctx);
268 if (r != SASL_OK)
269 r = hex2bin(c, cur_otp, OTP_HASH_SIZE);
270 }
272 if (r == SASL_OK) {
273 /* do one more hash (previous otp) and compare to stored otp */
274 - otp_hash(md, cur_otp, OTP_HASH_SIZE, prev_otp, text->alg->swab);
275 + otp_hash(md, (char *) cur_otp, OTP_HASH_SIZE,
276 + prev_otp, text->alg->swab, mdctx);
278 if (!memcmp(prev_otp, text->otp, OTP_HASH_SIZE)) {
279 /* update the secret with this seq/otp */
280 @@ -879,23 +918,28 @@ static int verify_response(server_contex
281 *new_resp++ = '\0';
282 }
284 - if (!(new_chal && new_resp))
285 - return SASL_BADAUTH;
286 + if (!(new_chal && new_resp)) {
287 + r = SASL_BADAUTH;
288 + goto done;
289 + }
291 if ((r = parse_challenge(utils, new_chal, &alg, &seq, seed, 1))
292 != SASL_OK) {
293 - return r;
294 + goto done;
295 }
297 - if (seq < 1 || !strcasecmp(seed, text->seed))
298 - return SASL_BADAUTH;
299 + if (seq < 1 || !strcasecmp(seed, text->seed)) {
300 + r = SASL_BADAUTH;
301 + goto done;
302 + }
304 /* find the MDA */
305 if (!(md = EVP_get_digestbyname(alg->evp_name))) {
306 utils->seterror(utils->conn, 0,
307 "OTP algorithm %s is not available",
308 alg->evp_name);
309 - return SASL_BADAUTH;
310 + r = SASL_BADAUTH;
311 + goto done;
312 }
314 if (!strncasecmp(c, OTP_INIT_HEX_TYPE, strlen(OTP_INIT_HEX_TYPE))) {
315 @@ -903,7 +947,7 @@ static int verify_response(server_contex
316 }
317 else if (!strncasecmp(c, OTP_INIT_WORD_TYPE,
318 strlen(OTP_INIT_WORD_TYPE))) {
319 - r = word2bin(utils, new_resp, new_otp, md);
320 + r = word2bin(utils, new_resp, new_otp, md, mdctx);
321 }
323 if (r == SASL_OK) {
324 @@ -914,7 +958,10 @@ static int verify_response(server_contex
325 memcpy(text->otp, new_otp, OTP_HASH_SIZE);
326 }
327 }
328 -
329 +
330 + done:
331 + if (mdctx) _plug_EVP_MD_CTX_free(mdctx, utils);
332 +
333 return r;
334 }
336 diff -Naurp cyrus-sasl-2.1.26-orig/saslauthd/lak.c cyrus-sasl-2.1.26/saslauthd/lak.c
337 --- cyrus-sasl-2.1.26-orig/saslauthd/lak.c 2012-10-12 09:05:48.000000000 -0500
338 +++ cyrus-sasl-2.1.26/saslauthd/lak.c 2017-05-26 23:42:19.293372476 -0500
339 @@ -61,6 +61,35 @@
340 #include <sasl.h>
341 #include "lak.h"
343 +#if OPENSSL_VERSION_NUMBER < 0x10100000L
344 +static EVP_MD_CTX *EVP_MD_CTX_new(void)
345 +{
346 + return EVP_MD_CTX_create();
347 +}
348 +static void EVP_MD_CTX_free(EVP_MD_CTX *ctx)
349 +{
350 + if (ctx == NULL)
351 + return;
352 +
353 + EVP_MD_CTX_destroy(ctx);
354 +}
355 +
356 +static EVP_ENCODE_CTX *EVP_ENCODE_CTX_new(void)
357 +{
358 + EVP_ENCODE_CTX *ctx = OPENSSL_malloc(sizeof(*ctx));
359 +
360 + if (ctx != NULL) {
361 + memset(ctx, 0, sizeof(*ctx));
362 + }
363 + return ctx;
364 +}
365 +static void EVP_ENCODE_CTX_free(EVP_ENCODE_CTX *ctx)
366 +{
367 + OPENSSL_free(ctx);
368 + return;
369 +}
370 +#endif
371 +
372 typedef struct lak_auth_method {
373 int method;
374 int (*check) (LAK *lak, const char *user, const char *service, const char *realm, const char *password) ;
375 @@ -1715,20 +1744,28 @@ static int lak_base64_decode(
377 int rc, i, tlen = 0;
378 char *text;
379 - EVP_ENCODE_CTX EVP_ctx;
380 + EVP_ENCODE_CTX *enc_ctx = EVP_ENCODE_CTX_new();
382 - text = (char *)malloc(((strlen(src)+3)/4 * 3) + 1);
383 if (text == NULL)
384 return LAK_NOMEM;
386 - EVP_DecodeInit(&EVP_ctx);
387 - rc = EVP_DecodeUpdate(&EVP_ctx, text, &i, (char *)src, strlen(src));
388 + text = (char *)malloc(((strlen(src)+3)/4 * 3) + 1);
389 + if (text == NULL) {
390 + EVP_ENCODE_CTX_free(enc_ctx);
391 + return LAK_NOMEM;
392 + }
393 +
394 + EVP_DecodeInit(enc_ctx);
395 + rc = EVP_DecodeUpdate(enc_ctx, (unsigned char *) text, &i, (const unsigned char *)src, strlen(src));
396 if (rc < 0) {
397 + EVP_ENCODE_CTX_free(enc_ctx);
398 free(text);
399 return LAK_FAIL;
400 }
401 tlen += i;
402 - EVP_DecodeFinal(&EVP_ctx, text, &i);
403 + EVP_DecodeFinal(enc_ctx, (unsigned char *) text, &i);
404 +
405 + EVP_ENCODE_CTX_free(enc_ctx);
407 *ret = text;
408 if (rlen != NULL)
409 @@ -1744,7 +1781,7 @@ static int lak_check_hashed(
410 {
411 int rc, clen;
412 LAK_HASH_ROCK *hrock = (LAK_HASH_ROCK *) rock;
413 - EVP_MD_CTX mdctx;
414 + EVP_MD_CTX *mdctx;
415 const EVP_MD *md;
416 unsigned char digest[EVP_MAX_MD_SIZE];
417 char *cred;
418 @@ -1753,17 +1790,24 @@ static int lak_check_hashed(
419 if (!md)
420 return LAK_FAIL;
422 + mdctx = EVP_MD_CTX_new();
423 + if (!mdctx)
424 + return LAK_NOMEM;
425 +
426 rc = lak_base64_decode(hash, &cred, &clen);
427 - if (rc != LAK_OK)
428 + if (rc != LAK_OK) {
429 + EVP_MD_CTX_free(mdctx);
430 return rc;
431 + }
433 - EVP_DigestInit(&mdctx, md);
434 - EVP_DigestUpdate(&mdctx, passwd, strlen(passwd));
435 + EVP_DigestInit(mdctx, md);
436 + EVP_DigestUpdate(mdctx, passwd, strlen(passwd));
437 if (hrock->salted) {
438 - EVP_DigestUpdate(&mdctx, &cred[EVP_MD_size(md)],
439 + EVP_DigestUpdate(mdctx, &cred[EVP_MD_size(md)],
440 clen - EVP_MD_size(md));
441 }
442 - EVP_DigestFinal(&mdctx, digest, NULL);
443 + EVP_DigestFinal(mdctx, digest, NULL);
444 + EVP_MD_CTX_free(mdctx);
446 rc = memcmp((char *)cred, (char *)digest, EVP_MD_size(md));
447 free(cred);