mirror/freebsd-ports
1
0
Fork 0
mirror of https://git.FreeBSD.org/ports.git synced 2024-12-20 04:02:27 +00:00
Code Issues Releases Activity

Update to 2.1.27.

Browse Source
This commit is contained in:
Hajimu UMEMOTO 2018-11-17 18:47:45 +00:00
parent f58b402544
commit b39a664d41
Notes: svn2git 2021-03-31 03:12:20 +00:00 
svn path=/head/; revision=485191
34 changed files with 73 additions and 3178 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
security/cyrus-sasl2-gssapi/Makefile
View File

@ -1,7 +1,6 @@
# $FreeBSD$
PKGNAMESUFFIX= -gssapi
PORTREVISION= 7
COMMENT= SASL GSSAPI authentication plugin

2
security/cyrus-sasl2-gssapi/pkg-descr
View File

@ -1,3 +1,3 @@
SASL GSSAPI authentication plugin
WWW: http://cyrusimap.web.cmu.edu/
WWW: https://www.cyrusimap.org/sasl/

5
security/cyrus-sasl2-ldapdb/Makefile
View File

@ -1,16 +1,15 @@
# $FreeBSD$
PKGNAMESUFFIX= -ldapdb
PORTREVISION= 5
COMMENT= SASL LDAPDB auxprop plugin
CYRUS_CONFIGURE_ARGS= --enable-ldapdb --with-ldap=${LOCALBASE}
OPTIONS_DEFINE= OPENLDAP_SASL
OPENLDAP_SASL_DESC= OpenLDAP client with SASL2 support
OPENLDAP_SASL_VARS= WANT_OPENLDAP_SASL=yes
CYRUS_CONFIGURE_ARGS= --enable-ldapdb --with-ldap=${LOCALBASE}
USE_OPENLDAP= yes
.if defined(WITH_OPENLDAP_VER)
WANT_OPENLDAP_VER= ${WITH_OPENLDAP_VER}

2
security/cyrus-sasl2-ldapdb/pkg-descr
View File

@ -1,3 +1,3 @@
SASL LDAPDB auxprop plugin
WWW: http://cyrusimap.web.cmu.edu/
WWW: https://www.cyrusimap.org/sasl/

5
security/cyrus-sasl2-saslauthd/Makefile
View File

@ -1,7 +1,6 @@
# $FreeBSD$
PKGNAMESUFFIX= -saslauthd
PORTREVISION= 4
COMMENT= SASL authentication server for cyrus-sasl2
@ -12,7 +11,7 @@ INSTALL_WRKSRC= ${WRKSRC}/saslauthd
USE_RC_SUBR= saslauthd
CYRUS_CONFIGURE_ARGS= --with-saslauthd=${SASLAUTHD_RUNPATH}
CONFIGURE_ENV+= andrew_cv_runpath_switch=none
CONFIGURE_ENV+= andrew_cv_runpath_switch=none
OPTIONS_DEFINE= DOCS HTTPFORM OPENLDAP OPENLDAP_SASL
OPTIONS_RADIO= GSSAPI SASLDB
@ -56,6 +55,6 @@ GSSAPI_MIT_USES= gssapi:mit
GSSAPI_MIT_CONFIGURE_ON= --enable-gssapi="${GSSAPIBASEDIR}" \
--with-gss_impl=mit
DOCS= AUTHORS COPYING ChangeLog INSTALL LDAP_SASLAUTHD NEWS README
DOCS= COPYING ChangeLog LDAP_SASLAUTHD
.include "${.CURDIR}/../../security/cyrus-sasl2/Makefile.common"

2
security/cyrus-sasl2-saslauthd/pkg-descr
View File

@ -7,4 +7,4 @@ provide proxy authentication services to clients that do not
understand SASL based authentication.
WWW: http://cyrusimap.web.cmu.edu/
WWW: https://www.cyrusimap.org/sasl/

7
security/cyrus-sasl2-saslauthd/pkg-plist
View File

@ -2,11 +2,4 @@ man/man8/saslauthd.8.gz
sbin/saslauthd
sbin/saslcache
sbin/testsaslauthd
%%PORTDOCS%%%%DOCSDIR%%/saslauthd/AUTHORS
%%PORTDOCS%%%%DOCSDIR%%/saslauthd/COPYING
%%PORTDOCS%%%%DOCSDIR%%/saslauthd/ChangeLog
%%PORTDOCS%%%%DOCSDIR%%/saslauthd/INSTALL
%%PORTDOCS%%%%DOCSDIR%%/saslauthd/LDAP_SASLAUTHD
%%PORTDOCS%%%%DOCSDIR%%/saslauthd/NEWS
%%PORTDOCS%%%%DOCSDIR%%/saslauthd/README
%%RUNPATH%%@dir(cyrus,mail,750) /var/run/saslauthd

2
security/cyrus-sasl2-sql/pkg-descr
View File

@ -1,3 +1,3 @@
SASL SQL database plugin support
WWW: http://cyrusimap.web.cmu.edu/
WWW: https://www.cyrusimap.org/sasl/

2
security/cyrus-sasl2-srp/pkg-descr
View File

@ -1,3 +1,3 @@
SASL SRP authentication plugin
WWW: http://cyrusimap.web.cmu.edu/
WWW: https://www.cyrusimap.org/sasl/

31
security/cyrus-sasl2/Makefile
View File

@ -1,6 +1,6 @@
# $FreeBSD$
PORTREVISION= 14
#PORTREVISION= 0
COMMENT= RFC 2222 SASL (Simple Authentication and Security Layer)
@ -11,13 +11,13 @@ CYRUS_CONFIGURE_ARGS= --with-saslauthd=${SASLAUTHD_RUNPATH}
NO_OPTIONS_SORT= yes
OPTIONS_DEFINE= ALWAYSTRUE AUTHDAEMOND DOCS KEEP_DB_OPEN \
OBSOLETE_CRAM_ATTR
OBSOLETE_CRAM_ATTR OBSOLETE_DIGEST_ATTR
OPTIONS_RADIO= SASLDB
OPTIONS_RADIO_SASLDB= BDB1 BDB GDBM
OPTIONS_RADIO_SASLDB= BDB1 BDB GDBM LMDB
OPTIONS_GROUP= PLUGIN
OPTIONS_GROUP_PLUGIN= ANONYMOUS CRAM DIGEST LOGIN NTLM OTP PLAIN SCRAM
OPTIONS_DEFAULT= ANONYMOUS AUTHDAEMOND BDB1 OBSOLETE_CRAM_ATTR CRAM \
DIGEST LOGIN NTLM OTP PLAIN SCRAM
OBSOLETE_DIGEST_ATTR DIGEST LOGIN NTLM OTP PLAIN SCRAM
OPTIONS_SUB= yes
ALWAYSTRUE_DESC= Alwaystrue password verifier (discouraged)
ALWAYSTRUE_CONFIGURE_ENABLE=alwaystrue
@ -28,6 +28,8 @@ KEEP_DB_OPEN_DESC= Keep handle to Berkeley DB open
KEEP_DB_OPEN_CONFIGURE_ENABLE=keep-db-open
OBSOLETE_CRAM_ATTR_DESC=cmusaslsecretCRAM-MD5 auxprop property
OBSOLETE_CRAM_ATTR_CONFIGURE_OFF=--enable-obsolete_cram_attr=no
OBSOLETE_DIGEST_ATTR_DESC=cmusaslsecretDIGEST-MD5 auxprop property
OBSOLETE_DIGEST_ATTR_CONFIGURE_OFF=--enable-obsolete_digest_attr=no
SASLDB_DESC= SASLdb auxprop plugin
BDB_USES= bdb
BDB_CONFIGURE_ON= --with-dblib=berkeley \
@ -38,6 +40,11 @@ BDB1_CONFIGURE_ON= --with-dblib=ndbm
GDBM_LIB_DEPENDS= libgdbm.so:databases/gdbm
GDBM_CONFIGURE_ON= --with-dblib=gdbm \
--with-gdbm=${LOCALBASE}
LMDB_DESC= OpenLDAP Lightning Memory-Mapped Database support
LMDB_LIB_DEPENDS= liblmdb.so:databases/lmdb
LMDB_CONFIGURE_ON= --with-dblib=lmdb
LMDB_CFLAGS= -I${LOCALBASE}/include
LMDB_LDFLAGS= -L${LOCALBASE}/lib
ANONYMOUS_DESC= ANONYMOUS authentication
ANONYMOUS_CONFIGURE_ENABLE= anon
CRAM_DESC= CRAM-MD5 authentication
@ -55,20 +62,6 @@ PLAIN_CONFIGURE_ENABLE= plain
SCRAM_DESC= SCRAM authentication
SCRAM_CONFIGURE_ENABLE= scram
DOCS= AUTHORS COPYING ChangeLog INSTALL INSTALL.TXT NEWS README
DOC2= ONEWS TODO draft-burdis-cat-srp-sasl-xx.txt \
draft-ietf-sasl-anon-xx.txt draft-ietf-sasl-crammd5-xx.txt \
draft-ietf-sasl-gssapi-xx.txt draft-ietf-sasl-plain-xx.txt \
draft-ietf-sasl-rfc2222bis-xx.txt draft-ietf-sasl-rfc2831bis-xx.txt \
draft-ietf-sasl-saslprep-xx.txt draft-murchison-sasl-login-xx.txt \
draft-newman-sasl-c-api-xx.txt rfc1321.txt rfc1939.txt rfc2104.txt \
rfc2195.txt rfc2222.txt rfc2243.txt rfc2245.txt rfc2289.txt \
rfc2444.txt rfc2595.txt rfc2831.txt rfc2945.txt rfc3174.txt \
server-plugin-flow.fig testing.txt
HTDOCS= advanced appconvert components gssapi index install macosx \
mechanisms options plugprog programming readme sysadmin upgrading \
windows
DOCS= AUTHORS COPYING ChangeLog INSTALL INSTALL.TXT README
.include "${.CURDIR}/../../security/cyrus-sasl2/Makefile.common"

62
security/cyrus-sasl2/Makefile.common
View File

@ -1,16 +1,17 @@
# $FreeBSD$
PORTNAME= cyrus-sasl
PORTVERSION= 2.1.26
PORTVERSION= 2.1.27
CATEGORIES= security ipv6
MASTER_SITES= ftp://ftp.cyrusimap.org/cyrus-sasl/ \
http://cyrusimap.org/releases/
MASTER_SITES= https://www.cyrusimap.org/releases/ \
ftp://ftp.cyrusimap.org/cyrus-sasl/
MAINTAINER= ume@FreeBSD.org
LICENSE= BSD4CLAUSE
LICENSE_FILE= ${WRKSRC}/COPYING
USES+= gmake
USE_LDCONFIG= yes
USES+= ssl
GNU_CONFIGURE= yes
@ -83,6 +84,8 @@ CONFIGURE_ARGS+=--with-openssl=${OPENSSLBASE}
CPPFLAGS+= -fPIC
.endif
PORTDOCS= *
.if ${CYRUS_BUILD_TARGET} == "cyrus-sasl"
.if ${PORT_OPTIONS:MBDB1}
@ -90,7 +93,7 @@ SASLDB_NAME= sasldb2.db
.elif ${PORT_OPTIONS:MBDB}
INVALID_BDB_VER=2
SASLDB_NAME= sasldb2
.elif ${PORT_OPTIONS:MGDBM}
.elif ${PORT_OPTIONS:MGDBM} || ${PORT_OPTIONS:MLMDB}
SASLDB_NAME= sasldb2
.else
SASLDB= "@comment "
@ -101,32 +104,19 @@ SUB_LIST= CYRUS_USER=${CYRUS_USER} CYRUS_GROUP=${CYRUS_GROUP} \
SASLDB_NAME=${SASLDB_NAME}
PLIST_SUB+= PREFIX=${PREFIX} \
SASLDB=${SASLDB} \
DOCSDIR=${DOCSDIR:S/^${PREFIX}\///}
post-patch:
# Try to unbreak parallel (-jX) builds, part 1: make build commands atomic
@${FIND} ${WRKSRC} -name Makefile.in | ${XARGS} ${PERL} -w0pi.bak \
-e 's/(^\@am__fastdepCC_TRUE\@.*?) \
\n\@am__fastdepCC_TRUE\@\s+(.*?)$$/$$1 && $$2/mgx'
# Part 2: prevent intermediate *.Tpo output files clash (use unique names)
@${FIND} ${WRKSRC} -name Makefile.in | ${XARGS} ${PERL} -wpi.bak \
-e 's/\$$\*\.Tpo/$$&.$$./g'
SASLDB=${SASLDB}
post-install-DOCS-on:
@${MKDIR} ${STAGEDIR}${DOCSDIR}/html
${MKDIR} ${STAGEDIR}${DOCSDIR}
cd ${WRKSRC}/doc && ${COPYTREE_SHARE} . ${STAGEDIR}${DOCSDIR} \
"! ( -path */html/_sources* -o -name .buildinfo \
-o -name Makefile -o -name Makefile.in \
-o -name Makefile.in.bak -o -name Makefile.am \
-o -name NTMakefile -o -name .cvsignore )"
.for f in ${DOCS}
@${INSTALL_DATA} ${WRKSRC}/${f} ${STAGEDIR}${DOCSDIR}
.endfor
.for f in ${DOC2}
@${INSTALL_DATA} ${WRKSRC}/doc/${f} ${STAGEDIR}${DOCSDIR}
.endfor
.for f in ${HTDOCS}
@${INSTALL_DATA} ${WRKSRC}/doc/${f}.html \
${STAGEDIR}${DOCSDIR}/html
.endfor
@${INSTALL_DATA} ${FILESDIR}/Sendmail.README \
${STAGEDIR}${DOCSDIR}
@${INSTALL_DATA} ${FILESDIR}/Sendmail.README ${STAGEDIR}${DOCSDIR}
.elif ${CYRUS_BUILD_TARGET} == "saslauthd"
@ -145,19 +135,19 @@ RUNPATH= "@comment "
.endif
PLIST_SUB+= PREFIX=${PREFIX} \
DOCSDIR=${DOCSDIR:S/^${PREFIX}\///} \
RUNPATH=${RUNPATH}
SUB_LIST+= SASLAUTHD_RUNPATH=${SASLAUTHD_RUNPATH}
do-build:
cd ${WRKSRC}/include && ${MAKE}
.if ${PORT_OPTIONS:MBDB1} || ${PORT_OPTIONS:MBDB} || ${PORT_OPTIONS:MGDBM}
cd ${WRKSRC}/sasldb && ${MAKE}
.endif
cd ${WRKSRC}/saslauthd && ${MAKE}
cd ${WRKSRC}/saslauthd && ${MAKE} saslcache
cd ${WRKSRC}/saslauthd && ${MAKE} testsaslauthd
cd ${WRKSRC}/include && gmake
cd ${WRKSRC}/common && gmake
#.if ${PORT_OPTIONS:MBDB1} || ${PORT_OPTIONS:MBDB} || ${PORT_OPTIONS:MGDBM}
cd ${WRKSRC}/sasldb && gmake
#.endif
cd ${WRKSRC}/saslauthd && gmake
cd ${WRKSRC}/saslauthd && gmake saslcache
cd ${WRKSRC}/saslauthd && gmake testsaslauthd
post-install:
@${INSTALL_PROGRAM} ${WRKSRC}/saslauthd/saslcache \
@ -190,8 +180,10 @@ post-patch:
${WRKSRC}/configure
do-build:
cd ${WRKSRC}/include && ${MAKE}
cd ${WRKSRC}/plugins && ${MAKE}
cd ${WRKSRC}/include && gmake
cd ${WRKSRC}/common && gmake
cd ${WRKSRC}/lib && gmake libobj.la
cd ${WRKSRC}/plugins && gmake
.endif

5
security/cyrus-sasl2/distinfo
View File

@ -1,2 +1,3 @@
SHA256 (cyrus-sasl-2.1.26.tar.gz) = 8fbc5136512b59bb793657f36fadda6359cae3b08f01fd16b3d406f1345b7bc3
SIZE (cyrus-sasl-2.1.26.tar.gz) = 5220231
TIMESTAMP = 1542468728
SHA256 (cyrus-sasl-2.1.27.tar.gz) = 26866b1549b00ffd020f188a43c258017fa1c382b3ddadd8201536f72efb05d5
SIZE (cyrus-sasl-2.1.27.tar.gz) = 4111249

14
security/cyrus-sasl2/files/patch-Makefile.am
View File

@ -1,14 +0,0 @@
--- Makefile.am.orig 2012-10-12 14:05:48 UTC
+++ Makefile.am
@@ -76,6 +76,11 @@ EXTRA_DIST=config cmulocal win32 mac dlc
pkgconfigdir = $(libdir)/pkgconfig
pkgconfig_DATA = libsasl2.pc
+noinst_LTLIBRARIES = libcrypto_compat.la
+
+libcrypto_compat_la_SOURCES = crypto-compat.c crypto-compat.h
+libcrypto_compat_la_LDFLAGS = -version-info $(crypto_compat_version) -no-undefined
+
dist-hook:
@find $(distdir) -exec chmod o+w {} ';'
@find $(distdir) -name CVS -print | xargs -t rm -rf

83
security/cyrus-sasl2/files/patch-configure
View File

@ -1,41 +1,15 @@
Index: configure
diff -u configure.orig configure
--- configure.orig 2012-11-07 04:21:37.000000000 +0900
+++ configure 2014-03-25 18:24:59.021374856 +0900
@@ -2365,6 +2365,7 @@
fi
{ $as_echo "$as_me:$LINENO: result: yes" >&5
$as_echo "yes" >&6; }
+program_prefix=NONE
test "$program_prefix" != NONE &&
program_transform_name="s&^&$program_prefix&;$program_transform_name"
# Use a double $ so make ignores it.
@@ -6329,6 +6330,7 @@
cat confdefs.h >>conftest.$ac_ext
cat >>conftest.$ac_ext <<_ACEOF
/* end confdefs.h. */
+#include <stdio.h>
#include <db.h>
_ACEOF
if { (ac_try="$ac_cpp conftest.$ac_ext"
@@ -7156,6 +7158,7 @@
cat confdefs.h >>conftest.$ac_ext
cat >>conftest.$ac_ext <<_ACEOF
/* end confdefs.h. */
+#include <stdio.h>
#include <db.h>
_ACEOF
if { (ac_try="$ac_cpp conftest.$ac_ext"
@@ -8700,6 +8703,8 @@
--- configure.orig 2017-11-30 21:15:59 UTC
+++ configure
@@ -15415,6 +15415,8 @@ else
SASLAUTHD_TRUE='#'
SASLAUTHD_FALSE=
fi
+SASLAUTHD_TRUE='#'
+SASLAUTHD_FALSE=
{ $as_echo "$as_me:$LINENO: checking if I should include saslauthd" >&5
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if I should include saslauthd" >&5
$as_echo_n "checking if I should include saslauthd... " >&6; }
@@ -12552,6 +12557,7 @@
@@ -17029,6 +17031,7 @@ fi
gssapi_dir="${gssapi}/lib"
GSSAPIBASE_LIBS="-L$gssapi_dir"
GSSAPIBASE_STATIC_LIBS="-L$gssapi_dir"
@ -43,54 +17,21 @@ diff -u configure.orig configure
else
# FIXME: This is only used for building cyrus, and then only as
# a real hack. it needs to be fixed.
@@ -12571,7 +12577,7 @@
@@ -17048,7 +17051,7 @@ if ${ac_cv_lib_gssapi_gss_unwrap+:} fals
$as_echo_n "(cached) " >&6
else
ac_check_lib_save_LIBS=$LIBS
-LIBS="-lgssapi ${GSSAPIBASE_LIBS} -lgssapi -lkrb5 -lasn1 -lroken ${LIB_CRYPT} ${LIB_DES} -lcom_err ${LIB_SOCKET} $LIBS"
+LIBS="${GSSAPIBASE_LIBS} `${gssapi_bindir}krb5-config --libs gssapi` $LIBS"
cat >conftest.$ac_ext <<_ACEOF
/* confdefs.h. */
_ACEOF
@@ -13047,7 +13053,7 @@
GSSAPIBASE_STATIC_LIBS="$GSSAPIBASE_LIBS $gssapi_dir/libgssapi_krb5.a $gssapi_dir/libkrb5.a $gssapi_dir/libk5crypto.a $gssapi_dir/libcom_err.a ${K5SUPSTATIC}"
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
@@ -17308,7 +17311,7 @@ fi
GSSAPIBASE_STATIC_LIBS="$GSSAPIBASE_LIBS $gssapi_dir/libgssapi_krb5.a $gssapi_dir/libkrb5.a $gssapi_dir/libk5crypto.a $gssapi_dir/libcom_err.a"
elif test "$gss_impl" = "heimdal"; then
CPPFLAGS="$CPPFLAGS -DKRB5_HEIMDAL"
CPPFLAGS="$CPPFLAGS"
- GSSAPIBASE_LIBS="$GSSAPIBASE_LIBS -lgssapi -lkrb5 -lasn1 -lroken ${LIB_CRYPT} ${LIB_DES} -lcom_err"
+ GSSAPIBASE_LIBS="$GSSAPIBASE_LIBS `${gssapi_bindir}krb5-config --libs gssapi`"
GSSAPIBASE_STATIC_LIBS="$GSSAPIBASE_STATIC_LIBS $gssapi_dir/libgssapi.a $gssapi_dir/libkrb5.a $gssapi_dir/libasn1.a $gssapi_dir/libroken.a $gssapi_dir/libcom_err.a ${LIB_CRYPT}"
elif test "$gss_impl" = "cybersafe03"; then
# Version of CyberSafe with two libraries
@@ -14479,7 +14485,7 @@
$as_echo_n "(cached) " >&6
else
ac_check_lib_save_LIBS=$LIBS
-LIBS="-lpq $LIBS"
+LIBS="-lpq $GSSAPIBASE_LIBS $LIBS"
cat >conftest.$ac_ext <<_ACEOF
/* confdefs.h. */
_ACEOF
@@ -14591,9 +14597,9 @@
$as_echo "$as_me: WARNING: SQLite Library not found" >&2;}; true;;
*)
if test -d ${with_sqlite}/lib; then
- LIB_SQLITE="-L${with_sqlite}/lib -R${with_sqlite}/lib"
+ LIB_SQLITE="-L${with_sqlite}/lib $andrew_cv_runpath_switch${with_sqlite}/lib"
else
- LIB_SQLITE="-L${with_sqlite} -R${with_sqlite}"
+ LIB_SQLITE="-L${with_sqlite} $andrew_cv_runpath_switch${with_sqlite}"
fi
LIB_SQLITE_DIR=$LIB_SQLITE
@@ -14721,9 +14727,9 @@
$as_echo "$as_me: WARNING: SQLite3 Library not found" >&2;}; true;;
*)
if test -d ${with_sqlite3}/lib; then
- LIB_SQLITE3="-L${with_sqlite3}/lib -R${with_sqlite3}/lib"
+ LIB_SQLITE3="-L${with_sqlite3}/lib $andrew_cv_runpath_switch${with_sqlite3}/lib"
else
- LIB_SQLITE3="-L${with_sqlite3} -R${with_sqlite3}"
+ LIB_SQLITE3="-L${with_sqlite3} $andrew_cv_runpath_switch${with_sqlite3}"
fi
LIB_SQLITE3_DIR=$LIB_SQLITE3

449
security/cyrus-sasl2/files/patch-crypto-compat.c
View File

@ -1,449 +0,0 @@
--- crypto-compat.c.orig 2018-02-14 13:10:38 UTC
+++ crypto-compat.c
@@ -0,0 +1,446 @@
+/*
+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "crypto-compat.h"
+
+#if defined(HAVE_OPENSSL) && (OPENSSL_VERSION_NUMBER < 0x10100000L)
+
+#include <string.h>
+#include <openssl/engine.h>
+
+static void *OPENSSL_zalloc(size_t num)
+{
+ void *ret = OPENSSL_malloc(num);
+
+ if (ret != NULL)
+ memset(ret, 0, num);
+ return ret;
+}
+
+int RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d)
+{
+ /* If the fields n and e in r are NULL, the corresponding input
+ * parameters MUST be non-NULL for n and e. d may be
+ * left NULL (in case only the public key is used).
+ */
+ if ((r->n == NULL && n == NULL)
+ || (r->e == NULL && e == NULL))
+ return 0;
+
+ if (n != NULL) {
+ BN_free(r->n);
+ r->n = n;
+ }
+ if (e != NULL) {
+ BN_free(r->e);
+ r->e = e;
+ }
+ if (d != NULL) {
+ BN_free(r->d);
+ r->d = d;
+ }
+
+ return 1;
+}
+
+int RSA_set0_factors(RSA *r, BIGNUM *p, BIGNUM *q)
+{
+ /* If the fields p and q in r are NULL, the corresponding input
+ * parameters MUST be non-NULL.
+ */
+ if ((r->p == NULL && p == NULL)
+ || (r->q == NULL && q == NULL))
+ return 0;
+
+ if (p != NULL) {
+ BN_free(r->p);
+ r->p = p;
+ }
+ if (q != NULL) {
+ BN_free(r->q);
+ r->q = q;
+ }
+
+ return 1;
+}
+
+int RSA_set0_crt_params(RSA *r, BIGNUM *dmp1, BIGNUM *dmq1, BIGNUM *iqmp)
+{
+ /* If the fields dmp1, dmq1 and iqmp in r are NULL, the corresponding input
+ * parameters MUST be non-NULL.
+ */
+ if ((r->dmp1 == NULL && dmp1 == NULL)
+ || (r->dmq1 == NULL && dmq1 == NULL)
+ || (r->iqmp == NULL && iqmp == NULL))
+ return 0;
+
+ if (dmp1 != NULL) {
+ BN_free(r->dmp1);
+ r->dmp1 = dmp1;
+ }
+ if (dmq1 != NULL) {
+ BN_free(r->dmq1);
+ r->dmq1 = dmq1;
+ }
+ if (iqmp != NULL) {
+ BN_free(r->iqmp);
+ r->iqmp = iqmp;
+ }
+
+ return 1;
+}
+
+void RSA_get0_key(const RSA *r,
+ const BIGNUM **n, const BIGNUM **e, const BIGNUM **d)
+{
+ if (n != NULL)
+ *n = r->n;
+ if (e != NULL)
+ *e = r->e;
+ if (d != NULL)
+ *d = r->d;
+}
+
+void RSA_get0_factors(const RSA *r, const BIGNUM **p, const BIGNUM **q)
+{
+ if (p != NULL)
+ *p = r->p;
+ if (q != NULL)
+ *q = r->q;
+}
+
+void RSA_get0_crt_params(const RSA *r,
+ const BIGNUM **dmp1, const BIGNUM **dmq1,
+ const BIGNUM **iqmp)
+{
+ if (dmp1 != NULL)
+ *dmp1 = r->dmp1;
+ if (dmq1 != NULL)
+ *dmq1 = r->dmq1;
+ if (iqmp != NULL)
+ *iqmp = r->iqmp;
+}
+
+void DSA_get0_pqg(const DSA *d,
+ const BIGNUM **p, const BIGNUM **q, const BIGNUM **g)
+{
+ if (p != NULL)
+ *p = d->p;
+ if (q != NULL)
+ *q = d->q;
+ if (g != NULL)
+ *g = d->g;
+}
+
+int DSA_set0_pqg(DSA *d, BIGNUM *p, BIGNUM *q, BIGNUM *g)
+{
+ /* If the fields p, q and g in d are NULL, the corresponding input
+ * parameters MUST be non-NULL.
+ */
+ if ((d->p == NULL && p == NULL)
+ || (d->q == NULL && q == NULL)
+ || (d->g == NULL && g == NULL))
+ return 0;
+
+ if (p != NULL) {
+ BN_free(d->p);
+ d->p = p;
+ }
+ if (q != NULL) {
+ BN_free(d->q);
+ d->q = q;
+ }
+ if (g != NULL) {
+ BN_free(d->g);
+ d->g = g;
+ }
+
+ return 1;
+}
+
+void DSA_get0_key(const DSA *d,
+ const BIGNUM **pub_key, const BIGNUM **priv_key)
+{
+ if (pub_key != NULL)
+ *pub_key = d->pub_key;
+ if (priv_key != NULL)
+ *priv_key = d->priv_key;
+}
+
+int DSA_set0_key(DSA *d, BIGNUM *pub_key, BIGNUM *priv_key)
+{
+ /* If the field pub_key in d is NULL, the corresponding input
+ * parameters MUST be non-NULL. The priv_key field may
+ * be left NULL.
+ */
+ if (d->pub_key == NULL && pub_key == NULL)
+ return 0;
+
+ if (pub_key != NULL) {
+ BN_free(d->pub_key);
+ d->pub_key = pub_key;
+ }
+ if (priv_key != NULL) {
+ BN_free(d->priv_key);
+ d->priv_key = priv_key;
+ }
+
+ return 1;
+}
+
+void DSA_SIG_get0(const DSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps)
+{
+ if (pr != NULL)
+ *pr = sig->r;
+ if (ps != NULL)
+ *ps = sig->s;
+}
+
+int DSA_SIG_set0(DSA_SIG *sig, BIGNUM *r, BIGNUM *s)
+{
+ if (r == NULL || s == NULL)
+ return 0;
+ BN_clear_free(sig->r);
+ BN_clear_free(sig->s);
+ sig->r = r;
+ sig->s = s;
+ return 1;
+}
+
+void ECDSA_SIG_get0(const ECDSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps)
+{
+ if (pr != NULL)
+ *pr = sig->r;
+ if (ps != NULL)
+ *ps = sig->s;
+}
+
+int ECDSA_SIG_set0(ECDSA_SIG *sig, BIGNUM *r, BIGNUM *s)
+{
+ if (r == NULL || s == NULL)
+ return 0;
+ BN_clear_free(sig->r);
+ BN_clear_free(sig->s);
+ sig->r = r;
+ sig->s = s;
+ return 1;
+}
+
+void DH_get0_pqg(const DH *dh,
+ const BIGNUM **p, const BIGNUM **q, const BIGNUM **g)
+{
+ if (p != NULL)
+ *p = dh->p;
+ if (q != NULL)
+ *q = dh->q;
+ if (g != NULL)
+ *g = dh->g;
+}
+
+int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g)
+{
+ /* If the fields p and g in d are NULL, the corresponding input
+ * parameters MUST be non-NULL. q may remain NULL.
+ */
+ if ((dh->p == NULL && p == NULL)
+ || (dh->g == NULL && g == NULL))
+ return 0;
+
+ if (p != NULL) {
+ BN_free(dh->p);
+ dh->p = p;
+ }
+ if (q != NULL) {
+ BN_free(dh->q);
+ dh->q = q;
+ }
+ if (g != NULL) {
+ BN_free(dh->g);
+ dh->g = g;
+ }
+
+ if (q != NULL) {
+ dh->length = BN_num_bits(q);
+ }
+
+ return 1;
+}
+
+void DH_get0_key(const DH *dh, const BIGNUM **pub_key, const BIGNUM **priv_key)
+{
+ if (pub_key != NULL)
+ *pub_key = dh->pub_key;
+ if (priv_key != NULL)
+ *priv_key = dh->priv_key;
+}
+
+int DH_set0_key(DH *dh, BIGNUM *pub_key, BIGNUM *priv_key)
+{
+ /* If the field pub_key in dh is NULL, the corresponding input
+ * parameters MUST be non-NULL. The priv_key field may
+ * be left NULL.
+ */
+ if (dh->pub_key == NULL && pub_key == NULL)
+ return 0;
+
+ if (pub_key != NULL) {
+ BN_free(dh->pub_key);
+ dh->pub_key = pub_key;
+ }
+ if (priv_key != NULL) {
+ BN_free(dh->priv_key);
+ dh->priv_key = priv_key;
+ }
+
+ return 1;
+}
+
+int DH_set_length(DH *dh, long length)
+{
+ dh->length = length;
+ return 1;
+}
+
+const unsigned char *EVP_CIPHER_CTX_iv(const EVP_CIPHER_CTX *ctx)
+{
+ return ctx->iv;
+}
+
+unsigned char *EVP_CIPHER_CTX_iv_noconst(EVP_CIPHER_CTX *ctx)
+{
+ return ctx->iv;
+}
+
+EVP_MD_CTX *EVP_MD_CTX_new(void)
+{
+ return OPENSSL_zalloc(sizeof(EVP_MD_CTX));
+}
+
+void EVP_MD_CTX_free(EVP_MD_CTX *ctx)
+{
+ EVP_MD_CTX_cleanup(ctx);
+ OPENSSL_free(ctx);
+}
+
+EVP_ENCODE_CTX *EVP_ENCODE_CTX_new(void)
+{
+ return OPENSSL_zalloc(sizeof(EVP_ENCODE_CTX));
+}
+
+void EVP_ENCODE_CTX_free(EVP_ENCODE_CTX *ctx)
+{
+ OPENSSL_free(ctx);
+}
+
+RSA_METHOD *RSA_meth_dup(const RSA_METHOD *meth)
+{
+ RSA_METHOD *ret;
+
+ ret = OPENSSL_malloc(sizeof(RSA_METHOD));
+
+ if (ret != NULL) {
+ memcpy(ret, meth, sizeof(*meth));
+ ret->name = OPENSSL_strdup(meth->name);
+ if (ret->name == NULL) {
+ OPENSSL_free(ret);
+ return NULL;
+ }
+ }
+
+ return ret;
+}
+
+int RSA_meth_set1_name(RSA_METHOD *meth, const char *name)
+{
+ char *tmpname;
+
+ tmpname = OPENSSL_strdup(name);
+ if (tmpname == NULL) {
+ return 0;
+ }
+
+ OPENSSL_free((char *)meth->name);
+ meth->name = tmpname;
+
+ return 1;
+}
+
+int RSA_meth_set_priv_enc(RSA_METHOD *meth,
+ int (*priv_enc) (int flen, const unsigned char *from,
+ unsigned char *to, RSA *rsa,
+ int padding))
+{
+ meth->rsa_priv_enc = priv_enc;
+ return 1;
+}
+
+int RSA_meth_set_priv_dec(RSA_METHOD *meth,
+ int (*priv_dec) (int flen, const unsigned char *from,
+ unsigned char *to, RSA *rsa,
+ int padding))
+{
+ meth->rsa_priv_dec = priv_dec;
+ return 1;
+}
+
+int RSA_meth_set_finish(RSA_METHOD *meth, int (*finish) (RSA *rsa))
+{
+ meth->finish = finish;
+ return 1;
+}
+
+void RSA_meth_free(RSA_METHOD *meth)
+{
+ if (meth != NULL) {
+ OPENSSL_free((char *)meth->name);
+ OPENSSL_free(meth);
+ }
+}
+
+int RSA_bits(const RSA *r)
+{
+ return (BN_num_bits(r->n));
+}
+
+RSA *EVP_PKEY_get0_RSA(EVP_PKEY *pkey)
+{
+ if (pkey->type != EVP_PKEY_RSA) {
+ return NULL;
+ }
+ return pkey->pkey.rsa;
+}
+
+HMAC_CTX *HMAC_CTX_new(void)
+{
+ HMAC_CTX *ctx = OPENSSL_malloc(sizeof(*ctx));
+ if (ctx != NULL) {
+ if (!HMAC_CTX_reset(ctx)) {
+ HMAC_CTX_free(ctx);
+ return NULL;
+ }
+ }
+ return ctx;
+}
+
+void HMAC_CTX_free(HMAC_CTX *ctx)
+{
+ if (ctx != NULL) {
+ HMAC_CTX_cleanup(ctx);
+ OPENSSL_free(ctx);
+ }
+}
+
+int HMAC_CTX_reset(HMAC_CTX *ctx)
+{
+ HMAC_CTX_init(ctx);
+ return 1;
+}
+
+
+#endif /* HAVE_OPENSSL && OPENSSL_VERSION_NUMBER */

76
security/cyrus-sasl2/files/patch-crypto-compat.h
View File

@ -1,76 +0,0 @@
--- crypto-compat.h.orig 2018-02-14 13:10:38 UTC
+++ crypto-compat.h
@@ -0,0 +1,73 @@
+#ifndef LIBCRYPTO_COMPAT_H
+#define LIBCRYPTO_COMPAT_H
+
+#include <config.h>
+
+#ifdef HAVE_OPENSSL
+
+#include <openssl/opensslv.h>
+
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+
+#include <openssl/rsa.h>
+#include <openssl/dsa.h>
+#include <openssl/ecdsa.h>
+#include <openssl/dh.h>
+#include <openssl/evp.h>
+#include <openssl/hmac.h>
+
+int RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d);
+int RSA_set0_factors(RSA *r, BIGNUM *p, BIGNUM *q);
+int RSA_set0_crt_params(RSA *r, BIGNUM *dmp1, BIGNUM *dmq1, BIGNUM *iqmp);
+void RSA_get0_key(const RSA *r, const BIGNUM **n, const BIGNUM **e, const BIGNUM **d);
+void RSA_get0_factors(const RSA *r, const BIGNUM **p, const BIGNUM **q);
+void RSA_get0_crt_params(const RSA *r, const BIGNUM **dmp1, const BIGNUM **dmq1, const BIGNUM **iqmp);
+
+void DSA_get0_pqg(const DSA *d, const BIGNUM **p, const BIGNUM **q, const BIGNUM **g);
+int DSA_set0_pqg(DSA *d, BIGNUM *p, BIGNUM *q, BIGNUM *g);
+void DSA_get0_key(const DSA *d, const BIGNUM **pub_key, const BIGNUM **priv_key);
+int DSA_set0_key(DSA *d, BIGNUM *pub_key, BIGNUM *priv_key);
+
+void DSA_SIG_get0(const DSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps);
+int DSA_SIG_set0(DSA_SIG *sig, BIGNUM *r, BIGNUM *s);
+
+void ECDSA_SIG_get0(const ECDSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps);
+int ECDSA_SIG_set0(ECDSA_SIG *sig, BIGNUM *r, BIGNUM *s);
+
+void DH_get0_pqg(const DH *dh, const BIGNUM **p, const BIGNUM **q, const BIGNUM **g);
+int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g);
+void DH_get0_key(const DH *dh, const BIGNUM **pub_key, const BIGNUM **priv_key);
+int DH_set0_key(DH *dh, BIGNUM *pub_key, BIGNUM *priv_key);
+int DH_set_length(DH *dh, long length);
+
+const unsigned char *EVP_CIPHER_CTX_iv(const EVP_CIPHER_CTX *ctx);
+unsigned char *EVP_CIPHER_CTX_iv_noconst(EVP_CIPHER_CTX *ctx);
+EVP_MD_CTX *EVP_MD_CTX_new(void);
+void EVP_MD_CTX_free(EVP_MD_CTX *ctx);
+EVP_ENCODE_CTX *EVP_ENCODE_CTX_new(void);
+void EVP_ENCODE_CTX_free(EVP_ENCODE_CTX *ctx);
+#define EVP_CIPHER_impl_ctx_size(e) e->ctx_size
+#define EVP_CIPHER_CTX_get_cipher_data(ctx) ctx->cipher_data
+
+RSA_METHOD *RSA_meth_dup(const RSA_METHOD *meth);
+int RSA_meth_set1_name(RSA_METHOD *meth, const char *name);
+#define RSA_meth_get_finish(meth) meth->finish
+int RSA_meth_set_priv_enc(RSA_METHOD *meth, int (*priv_enc) (int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding));
+int RSA_meth_set_priv_dec(RSA_METHOD *meth, int (*priv_dec) (int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding));
+int RSA_meth_set_finish(RSA_METHOD *meth, int (*finish) (RSA *rsa));
+void RSA_meth_free(RSA_METHOD *meth);
+
+int RSA_bits(const RSA *r);
+
+RSA *EVP_PKEY_get0_RSA(EVP_PKEY *pkey);
+
+HMAC_CTX *HMAC_CTX_new(void);
+void HMAC_CTX_free(HMAC_CTX *ctx);
+int HMAC_CTX_reset(HMAC_CTX *ctx);
+
+
+#endif /* OPENSSL_VERSION_NUMBER */
+
+#endif /* HAVE_OPENSSL */
+
+#endif /* LIBCRYPTO_COMPAT_H */

23
security/cyrus-sasl2/files/patch-include__sasl.h
View File

@ -1,23 +0,0 @@
From 67a188693796a14e3a76ac603104807fbbfddfc4 Mon Sep 17 00:00:00 2001
From: Ken Murchison <murch@andrew.cmu.edu>
Date: Thu, 20 Dec 2012 23:14:50 +0000
Subject: sasl.h: #include <stddef.h> for size_t on NetBSD
---
(limited to 'include/sasl.h')
diff --git a/include/sasl.h b/include/sasl.h
index fef4d51..8b8a63f 100755
--- include/sasl.h
+++ include/sasl.h
@@ -121,6 +121,8 @@
#ifndef SASL_H
#define SASL_H 1
+#include <stddef.h> /* For size_t */
+
/* Keep in sync with win32/common.mak */
#define SASL_VERSION_MAJOR 2
#define SASL_VERSION_MINOR 1
--
cgit v0.9.0.2

13
security/cyrus-sasl2/files/patch-lib_Makefile.am
View File

@ -1,13 +0,0 @@
--- lib/Makefile.am.orig 2012-10-12 14:05:48 UTC
+++ lib/Makefile.am
@@ -65,8 +65,8 @@ lib_LTLIBRARIES = libsasl2.la
libsasl2_la_SOURCES = $(common_sources) $(common_headers)
libsasl2_la_LDFLAGS = -version-info $(sasl_version)
-libsasl2_la_DEPENDENCIES = $(LTLIBOBJS)
-libsasl2_la_LIBADD = $(LTLIBOBJS) $(SASL_DL_LIB) $(LIB_SOCKET) $(LIB_DOOR)
+libsasl2_la_DEPENDENCIES = $(LTLIBOBJS) $(CRYPTO_COMPAT_OBJS)
+libsasl2_la_LIBADD = $(LTLIBOBJS) $(SASL_DL_LIB) $(LIB_SOCKET) $(LIB_DOOR) $(CRYPTO_COMPAT_OBJS)
if MACOSX
framedir = /Library/Frameworks/SASL2.framework

17
security/cyrus-sasl2/files/patch-libsasl2.pc.in
View File

@ -1,17 +0,0 @@
Index: libsasl2.pc.in
diff -u libsasl2.pc.in.orig libsasl2.pc.in
--- libsasl2.pc.in.orig 2012-10-12 23:05:48.000000000 +0900
+++ libsasl2.pc.in 2014-03-22 02:41:33.668062061 +0900
@@ -1,8 +1,12 @@
+prefix = @prefix@
+exec_prefix = @exec_prefix@
+includedir = @includedir@
libdir = @libdir@
Name: Cyrus SASL
Description: Cyrus SASL implementation
URL: http://www.cyrussasl.org/
Version: @VERSION@
+Cflags: -I${includedir}
Libs: -L${libdir} -lsasl2
Libs.private: @LIB_DOOR@ @SASL_DL_LIB@ @LIBS@

37
security/cyrus-sasl2/files/patch-plugins_Makefile.am
View File

@ -1,37 +0,0 @@
--- plugins/Makefile.am.orig 2012-10-12 14:05:48 UTC
+++ plugins/Makefile.am
@@ -53,6 +53,7 @@ INCLUDES=-I$(top_srcdir)/include -I$(top
AM_LDFLAGS = -module -export-dynamic -rpath $(plugindir) -version-info $(plugin_version)
COMPAT_OBJS = @LTGETADDRINFOOBJS@ @LTGETNAMEINFOOBJS@ @LTSNPRINTFOBJS@
+CRYPTO_COMPAT_OBJS = $(top_builddir)/common/libcrypto_compat.la
EXTRA_DIST = makeinit.sh NTMakefile
noinst_SCRIPTS = makeinit.sh
@@ -106,20 +107,20 @@ liblogin_la_DEPENDENCIES = $(COMPAT_OBJS
liblogin_la_LIBADD = $(PLAIN_LIBS) $(COMPAT_OBJS)
libsrp_la_SOURCES = srp.c srp_init.c $(common_sources)
-libsrp_la_DEPENDENCIES = $(COMPAT_OBJS)
-libsrp_la_LIBADD = $(SRP_LIBS) $(COMPAT_OBJS)
+libsrp_la_DEPENDENCIES = $(COMPAT_OBJS) $(CRYPTO_COMPAT_OBJS)
+libsrp_la_LIBADD = $(SRP_LIBS) $(COMPAT_OBJS) $(CRYPTO_COMPAT_OBJS)
libotp_la_SOURCES = otp.c otp_init.c otp.h $(common_sources)
libotp_la_DEPENDENCIES = $(COMPAT_OBJS)
libotp_la_LIBADD = $(OTP_LIBS) $(COMPAT_OBJS)
libntlm_la_SOURCES = ntlm.c ntlm_init.c $(common_sources)
-libntlm_la_DEPENDENCIES = $(COMPAT_OBJS)
-libntlm_la_LIBADD = $(NTLM_LIBS) $(COMPAT_OBJS)
+libntlm_la_DEPENDENCIES = $(COMPAT_OBJS) $(CRYPTO_COMPAT_OBJS)
+libntlm_la_LIBADD = $(NTLM_LIBS) $(COMPAT_OBJS) $(CRYPTO_COMPAT_OBJS)
libpassdss_la_SOURCES = passdss.c passdss_init.c $(common_sources)
-libpassdss_la_DEPENDENCIES = $(COMPAT_OBJS)
-libpassdss_la_LIBADD = $(PASSDSS_LIBS) $(COMPAT_OBJS)
+libpassdss_la_DEPENDENCIES = $(COMPAT_OBJS) $(CRYPTO_COMPAT_OBJS)
+libpassdss_la_LIBADD = $(PASSDSS_LIBS) $(COMPAT_OBJS) $(CRYPTO_COMPAT_OBJS)
# Auxprop Plugins
libsasldb_la_SOURCES = sasldb.c sasldb_init.c $(common_sources)

13
security/cyrus-sasl2/files/patch-plugins__ldapdb.c
View File

@ -1,13 +0,0 @@
Index: plugins/ldapdb.c
diff -u -p plugins/ldapdb.c.orig plugins/ldapdb.c
--- plugins/ldapdb.c.orig 2011-05-12 04:25:55.000000000 +0900
+++ plugins/ldapdb.c 2011-09-24 17:25:23.465329876 +0900
@@ -251,6 +251,8 @@ static int ldapdb_auxprop_lookup(void *g
#if defined(LDAP_PROXY_AUTHZ_FAILURE)
case LDAP_PROXY_AUTHZ_FAILURE:
+#else
+ case LDAP_X_PROXY_AUTHZ_FAILURE:
#endif
case LDAP_INAPPROPRIATE_AUTH:
case LDAP_INVALID_CREDENTIALS:

6
security/cyrus-sasl2/files/patch-plugins_gssapi.c
View File

@ -1,11 +1,11 @@
--- plugins/gssapi.c.orig
--- plugins/gssapi.c.orig 2016-01-30 14:06:08 UTC
+++ plugins/gssapi.c
@@ -1490,8 +1490,10 @@
@@ -1531,8 +1531,10 @@ static int gssapi_client_mech_step(void
*clientout = NULL;
*clientoutlen = 0;
+#if 0
params->utils->log(NULL, SASL_LOG_DEBUG,
params->utils->log(params->utils->conn, SASL_LOG_DEBUG,
"GSSAPI client step %d", text->state);
+#endif

76
security/cyrus-sasl2/files/patch-plugins_ntlm.c
View File

@ -1,76 +0,0 @@
--- plugins/ntlm.c.orig 2018-02-14 13:10:38 UTC
+++ plugins/ntlm.c
@@ -420,6 +420,29 @@ static unsigned char *P24(unsigned char
return P24;
}
+static HMAC_CTX *_plug_HMAC_CTX_new(const sasl_utils_t *utils)
+{
+ utils->log(NULL, SASL_LOG_DEBUG, "_plug_HMAC_CTX_new()");
+
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+ return HMAC_CTX_new();
+#else
+ return utils->malloc(sizeof(EVP_MD_CTX));
+#endif
+}
+
+static void _plug_HMAC_CTX_free(HMAC_CTX *ctx, const sasl_utils_t *utils)
+{
+ utils->log(NULL, SASL_LOG_DEBUG, "_plug_HMAC_CTX_free()");
+
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+ HMAC_CTX_free(ctx);
+#else
+ HMAC_cleanup(ctx);
+ utils->free(ctx);
+#endif
+}
+
static unsigned char *V2(unsigned char *V2, sasl_secret_t *passwd,
const char *authid, const char *target,
const unsigned char *challenge,
@@ -427,7 +450,7 @@ static unsigned char *V2(unsigned char *
const sasl_utils_t *utils,
char **buf, unsigned *buflen, int *result)
{
- HMAC_CTX ctx;
+ HMAC_CTX *ctx = NULL;
unsigned char hash[EVP_MAX_MD_SIZE];
char *upper;
unsigned int len;
@@ -438,6 +461,10 @@ static unsigned char *V2(unsigned char *
SETERROR(utils, "cannot allocate NTLMv2 hash");
*result = SASL_NOMEM;
}
+ else if ((ctx = _plug_HMAC_CTX_new(utils)) == NULL) {
+ SETERROR(utils, "cannot allocate HMAC CTX");
+ *result = SASL_NOMEM;
+ }
else {
/* NTLMv2hash = HMAC-MD5(NTLMhash, unicode(ucase(authid + domain))) */
P16_nt(hash, passwd, utils, buf, buflen, result);
@@ -453,17 +480,18 @@ static unsigned char *V2(unsigned char *
(unsigned char *) *buf, 2 * len, hash, &len);
/* V2 = HMAC-MD5(NTLMv2hash, challenge + blob) + blob */
- HMAC_Init(&ctx, hash, len, EVP_md5());
- HMAC_Update(&ctx, challenge, NTLM_NONCE_LENGTH);
- HMAC_Update(&ctx, blob, bloblen);
- HMAC_Final(&ctx, V2, &len);
- HMAC_cleanup(&ctx);
+ HMAC_Init_ex(ctx, hash, len, EVP_md5(), NULL);
+ HMAC_Update(ctx, challenge, NTLM_NONCE_LENGTH);
+ HMAC_Update(ctx, blob, bloblen);
+ HMAC_Final(ctx, V2, &len);
/* the blob is concatenated outside of this function */
*result = SASL_OK;
}
+ if (ctx) _plug_HMAC_CTX_free(ctx, utils);
+
return V2;
}

235
security/cyrus-sasl2/files/patch-plugins_otp.c
View File

@ -1,235 +0,0 @@
--- plugins/otp.c.orig 2018-02-14 13:16:37 UTC
+++ plugins/otp.c
@@ -98,6 +98,28 @@ static algorithm_option_t algorithm_opti
{NULL, 0, NULL}
};
+static EVP_MD_CTX *_plug_EVP_MD_CTX_new(const sasl_utils_t *utils)
+{
+ utils->log(NULL, SASL_LOG_DEBUG, "_plug_EVP_MD_CTX_new()");
+
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+ return EVP_MD_CTX_new();
+#else
+ return utils->malloc(sizeof(EVP_MD_CTX));
+#endif
+}
+
+static void _plug_EVP_MD_CTX_free(EVP_MD_CTX *ctx, const sasl_utils_t *utils)
+{
+ utils->log(NULL, SASL_LOG_DEBUG, "_plug_EVP_MD_CTX_free()");
+
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+ EVP_MD_CTX_free(ctx);
+#else
+ utils->free(ctx);
+#endif
+}
+
/* Convert the binary data into ASCII hex */
void bin2hex(unsigned char *bin, int binlen, char *hex)
{
@@ -118,17 +140,16 @@ void bin2hex(unsigned char *bin, int bin
* swabbing bytes if necessary.
*/
static void otp_hash(const EVP_MD *md, char *in, size_t inlen,
- unsigned char *out, int swab)
+ unsigned char *out, int swab, EVP_MD_CTX *mdctx)
{
- EVP_MD_CTX mdctx;
char hash[EVP_MAX_MD_SIZE];
unsigned int i;
int j;
unsigned hashlen;
- EVP_DigestInit(&mdctx, md);
- EVP_DigestUpdate(&mdctx, in, inlen);
- EVP_DigestFinal(&mdctx, hash, &hashlen);
+ EVP_DigestInit(mdctx, md);
+ EVP_DigestUpdate(mdctx, in, inlen);
+ EVP_DigestFinal(mdctx, hash, &hashlen);
/* Fold the result into 64 bits */
for (i = OTP_HASH_SIZE; i < hashlen; i++) {
@@ -151,31 +172,42 @@ static int generate_otp(const sasl_utils
char *secret, char *otp)
{
const EVP_MD *md;
- char *key;
+ EVP_MD_CTX *mdctx = NULL;
+ char *key = NULL;
+ int r = SASL_OK;
if (!(md = EVP_get_digestbyname(alg->evp_name))) {
utils->seterror(utils->conn, 0,
"OTP algorithm %s is not available", alg->evp_name);
return SASL_FAIL;
}
-
+
+ if ((mdctx = _plug_EVP_MD_CTX_new(utils)) == NULL) {
+ SETERROR(utils, "cannot allocate MD CTX");
+ r = SASL_NOMEM;
+ goto done;
+ }
+
if ((key = utils->malloc(strlen(seed) + strlen(secret) + 1)) == NULL) {
SETERROR(utils, "cannot allocate OTP key");
- return SASL_NOMEM;
+ r = SASL_NOMEM;
+ goto done;
}
/* initial step */
strcpy(key, seed);
strcat(key, secret);
- otp_hash(md, key, strlen(key), otp, alg->swab);
+ otp_hash(md, key, strlen(key), otp, alg->swab, mdctx);
/* computation step */
while (seq-- > 0)
- otp_hash(md, otp, OTP_HASH_SIZE, otp, alg->swab);
-
- utils->free(key);
+ otp_hash(md, otp, OTP_HASH_SIZE, otp, alg->swab, mdctx);
+
+ done:
+ if (key) utils->free(key);
+ if (mdctx) _plug_EVP_MD_CTX_free(mdctx, utils);
- return SASL_OK;
+ return r;
}
static int parse_challenge(const sasl_utils_t *utils,
@@ -695,7 +727,8 @@ static int strptrcasecmp(const void *arg
/* Convert the 6 words into binary data */
static int word2bin(const sasl_utils_t *utils,
- char *words, unsigned char *bin, const EVP_MD *md)
+ char *words, unsigned char *bin, const EVP_MD *md,
+ EVP_MD_CTX *mdctx)
{
int i, j;
char *c, *word, buf[OTP_RESPONSE_MAX+1];
@@ -754,13 +787,12 @@ static int word2bin(const sasl_utils_t *
/* alternate dictionary */
if (alt_dict) {
- EVP_MD_CTX mdctx;
char hash[EVP_MAX_MD_SIZE];
int hashlen;
- EVP_DigestInit(&mdctx, md);
- EVP_DigestUpdate(&mdctx, word, strlen(word));
- EVP_DigestFinal(&mdctx, hash, &hashlen);
+ EVP_DigestInit(mdctx, md);
+ EVP_DigestUpdate(mdctx, word, strlen(word));
+ EVP_DigestFinal(mdctx, hash, &hashlen);
/* use lowest 11 bits */
x = ((hash[hashlen-2] & 0x7) << 8) | hash[hashlen-1];
@@ -804,6 +836,7 @@ static int verify_response(server_contex
char *response)
{
const EVP_MD *md;
+ EVP_MD_CTX *mdctx = NULL;
char *c;
int do_init = 0;
unsigned char cur_otp[OTP_HASH_SIZE], prev_otp[OTP_HASH_SIZE];
@@ -817,6 +850,11 @@ static int verify_response(server_contex
return SASL_FAIL;
}
+ if ((mdctx = _plug_EVP_MD_CTX_new(utils)) == NULL) {
+ SETERROR(utils, "cannot allocate MD CTX");
+ return SASL_NOMEM;
+ }
+
/* eat leading whitespace */
c = response;
while (isspace((int) *c)) c++;
@@ -826,7 +864,7 @@ static int verify_response(server_contex
r = hex2bin(c+strlen(OTP_HEX_TYPE), cur_otp, OTP_HASH_SIZE);
}
else if (!strncasecmp(c, OTP_WORD_TYPE, strlen(OTP_WORD_TYPE))) {
- r = word2bin(utils, c+strlen(OTP_WORD_TYPE), cur_otp, md);
+ r = word2bin(utils, c+strlen(OTP_WORD_TYPE), cur_otp, md, mdctx);
}
else if (!strncasecmp(c, OTP_INIT_HEX_TYPE,
strlen(OTP_INIT_HEX_TYPE))) {
@@ -836,7 +874,7 @@ static int verify_response(server_contex
else if (!strncasecmp(c, OTP_INIT_WORD_TYPE,
strlen(OTP_INIT_WORD_TYPE))) {
do_init = 1;
- r = word2bin(utils, c+strlen(OTP_INIT_WORD_TYPE), cur_otp, md);
+ r = word2bin(utils, c+strlen(OTP_INIT_WORD_TYPE), cur_otp, md, mdctx);
}
else {
SETERROR(utils, "unknown OTP extended response type");
@@ -852,7 +890,8 @@ static int verify_response(server_contex
if (r == SASL_OK) {
/* do one more hash (previous otp) and compare to stored otp */
- otp_hash(md, cur_otp, OTP_HASH_SIZE, prev_otp, text->alg->swab);
+ otp_hash(md, cur_otp, OTP_HASH_SIZE,
+ prev_otp, text->alg->swab, mdctx);
if (!memcmp(prev_otp, text->otp, OTP_HASH_SIZE)) {
/* update the secret with this seq/otp */
@@ -881,23 +920,28 @@ static int verify_response(server_contex
*new_resp++ = '\0';
}
- if (!(new_chal && new_resp))
- return SASL_BADAUTH;
+ if (!(new_chal && new_resp)) {
+ r = SASL_BADAUTH;
+ goto done;
+ }
if ((r = parse_challenge(utils, new_chal, &alg, &seq, seed, 1))
!= SASL_OK) {
- return r;
+ goto done;
}
- if (seq < 1 || !strcasecmp(seed, text->seed))
- return SASL_BADAUTH;
+ if (seq < 1 || !strcasecmp(seed, text->seed)) {
+ r = SASL_BADAUTH;
+ goto done;
+ }
/* find the MDA */
if (!(md = EVP_get_digestbyname(alg->evp_name))) {
utils->seterror(utils->conn, 0,
"OTP algorithm %s is not available",
alg->evp_name);
- return SASL_BADAUTH;
+ r = SASL_BADAUTH;
+ goto done;
}
if (!strncasecmp(c, OTP_INIT_HEX_TYPE, strlen(OTP_INIT_HEX_TYPE))) {
@@ -905,7 +949,7 @@ static int verify_response(server_contex
}
else if (!strncasecmp(c, OTP_INIT_WORD_TYPE,
strlen(OTP_INIT_WORD_TYPE))) {
- r = word2bin(utils, new_resp, new_otp, md);
+ r = word2bin(utils, new_resp, new_otp, md, mdctx);
}
if (r == SASL_OK) {
@@ -916,7 +960,10 @@ static int verify_response(server_contex
memcpy(text->otp, new_otp, OTP_HASH_SIZE);
}
}
-
+
+ done:
+ if (mdctx) _plug_EVP_MD_CTX_free(mdctx, utils);
+
return r;
}

721
security/cyrus-sasl2/files/patch-plugins_passdss.c
View File

@ -1,721 +0,0 @@
--- plugins/passdss.c.orig 2012-01-27 23:31:36 UTC
+++ plugins/passdss.c
@@ -71,6 +71,9 @@
#include <openssl/sha.h>
#include <openssl/dsa.h>
+/* for legacy libcrypto support */
+#include "crypto-compat.h"
+
#include <sasl.h>
#define MD5_H /* suppress internal MD5 */
#include <saslplug.h>
@@ -110,23 +113,23 @@ typedef struct context {
const sasl_utils_t *utils;
/* per-step mem management */
- char *out_buf;
+ unsigned char *out_buf;
unsigned out_buf_len;
/* security layer foo */
unsigned char secmask; /* bitmask of enabled security layers */
unsigned char padding[EVP_MAX_BLOCK_LENGTH]; /* block of NULs */
- HMAC_CTX hmac_send_ctx;
- HMAC_CTX hmac_recv_ctx;
+ HMAC_CTX *hmac_send_ctx;
+ HMAC_CTX *hmac_recv_ctx;
unsigned char send_integrity_key[4 + EVP_MAX_MD_SIZE]; /* +4 for pktnum */
unsigned char recv_integrity_key[4 + EVP_MAX_MD_SIZE]; /* +4 for pktnum */
unsigned char *cs_integrity_key; /* ptr to bare key in send/recv key */
unsigned char *sc_integrity_key; /* ptr to bare key in send/recv key */
- EVP_CIPHER_CTX cipher_enc_ctx;
- EVP_CIPHER_CTX cipher_dec_ctx;
+ EVP_CIPHER_CTX *cipher_enc_ctx;
+ EVP_CIPHER_CTX *cipher_dec_ctx;
unsigned blk_siz;
unsigned char cs_encryption_iv[EVP_MAX_MD_SIZE];
@@ -139,7 +142,7 @@ typedef struct context {
uint32_t pktnum_in;
/* for encoding/decoding mem management */
- char *encode_buf, *decode_buf, *decode_pkt_buf;
+ unsigned char *encode_buf, *decode_buf, *decode_pkt_buf;
unsigned encode_buf_len, decode_buf_len, decode_pkt_buf_len;
/* layers buffering */
@@ -171,7 +174,7 @@ static int passdss_encode(void *context,
inputlen += invec[i].iov_len;
/* allocate a buffer for the output */
- ret = _plug_buf_alloc(text->utils, &text->encode_buf,
+ ret = _plug_buf_alloc(text->utils, (char **) &text->encode_buf,
&text->encode_buf_len,
4 + /* length */
inputlen + /* content */
@@ -186,19 +189,19 @@ static int passdss_encode(void *context,
memcpy(text->send_integrity_key, &tmpnum, 4);
/* key the HMAC */
- HMAC_Init_ex(&text->hmac_send_ctx, text->send_integrity_key,
+ HMAC_Init_ex(text->hmac_send_ctx, text->send_integrity_key,
4+SHA_DIGEST_LENGTH, EVP_sha1(), NULL);
/* operate on each iovec */
for (i = 0; i < numiov; i++) {
/* hash the content */
- HMAC_Update(&text->hmac_send_ctx, invec[i].iov_base, invec[i].iov_len);
+ HMAC_Update(text->hmac_send_ctx, invec[i].iov_base, invec[i].iov_len);
if (text->secmask & PRIVACY_LAYER_FLAG) {
- unsigned enclen;
+ int enclen;
/* encrypt the data into the output buffer */
- EVP_EncryptUpdate(&text->cipher_enc_ctx,
+ EVP_EncryptUpdate(text->cipher_enc_ctx,
text->encode_buf + *outputlen, &enclen,
invec[i].iov_base, invec[i].iov_len);
*outputlen += enclen;
@@ -212,14 +215,14 @@ static int passdss_encode(void *context,
}
/* calculate the HMAC */
- HMAC_Final(&text->hmac_send_ctx, hmac, &hmaclen);
+ HMAC_Final(text->hmac_send_ctx, hmac, &hmaclen);
if (text->secmask & PRIVACY_LAYER_FLAG) {
- unsigned enclen;
+ int enclen;
unsigned char padlen;
/* encrypt the HMAC into the output buffer */
- EVP_EncryptUpdate(&text->cipher_enc_ctx,
+ EVP_EncryptUpdate(text->cipher_enc_ctx,
text->encode_buf + *outputlen, &enclen,
hmac, hmaclen);
*outputlen += enclen;
@@ -227,17 +230,17 @@ static int passdss_encode(void *context,
/* pad output buffer to multiple of blk_siz
with padlen-1 as last octet */
padlen = text->blk_siz - ((inputlen + hmaclen) % text->blk_siz) - 1;
- EVP_EncryptUpdate(&text->cipher_enc_ctx,
+ EVP_EncryptUpdate(text->cipher_enc_ctx,
text->encode_buf + *outputlen, &enclen,
text->padding, padlen);
*outputlen += enclen;
- EVP_EncryptUpdate(&text->cipher_enc_ctx,
+ EVP_EncryptUpdate(text->cipher_enc_ctx,
text->encode_buf + *outputlen, &enclen,
&padlen, 1);
*outputlen += enclen;
/* encrypt the last block of data into the output buffer */
- EVP_EncryptFinal_ex(&text->cipher_enc_ctx,
+ EVP_EncryptFinal_ex(text->cipher_enc_ctx,
text->encode_buf + *outputlen, &enclen);
*outputlen += enclen;
}
@@ -252,7 +255,7 @@ static int passdss_encode(void *context,
tmpnum = htonl(tmpnum);
memcpy(text->encode_buf, &tmpnum, 4);
- *output = text->encode_buf;
+ *output = (char *) text->encode_buf;
return SASL_OK;
}
@@ -271,25 +274,25 @@ static int passdss_decode_packet(void *c
int ret;
if (text->secmask & PRIVACY_LAYER_FLAG) {
- unsigned declen, padlen;
+ int declen, padlen;
/* allocate a buffer for the output */
- ret = _plug_buf_alloc(text->utils, &(text->decode_pkt_buf),
+ ret = _plug_buf_alloc(text->utils, (char **) &(text->decode_pkt_buf),
&(text->decode_pkt_buf_len), inputlen);
if (ret != SASL_OK) return ret;
/* decrypt the data into the output buffer */
- ret = EVP_DecryptUpdate(&text->cipher_dec_ctx,
+ ret = EVP_DecryptUpdate(text->cipher_dec_ctx,
text->decode_pkt_buf, &declen,
- (char *) input, inputlen);
+ (unsigned char *) input, inputlen);
if (ret)
- EVP_DecryptFinal_ex(&text->cipher_dec_ctx, /* should be no output */
+ EVP_DecryptFinal_ex(text->cipher_dec_ctx, /* should be no output */
text->decode_pkt_buf + declen, &declen);
if (!ret) {
SETERROR(text->utils, "Error decrypting input");
return SASL_BADPROT;
}
- input = text->decode_pkt_buf;
+ input = (char *) text->decode_pkt_buf;
/* trim padding */
padlen = text->decode_pkt_buf[inputlen - 1] + 1;
@@ -305,7 +308,7 @@ static int passdss_decode_packet(void *c
/* calculate the HMAC */
HMAC(EVP_sha1(), text->recv_integrity_key, 4+SHA_DIGEST_LENGTH,
- input, inputlen, hmac, &hmaclen);
+ (unsigned char *) input, inputlen, hmac, &hmaclen);
/* verify HMAC */
if (memcmp(hmac, input+inputlen, hmaclen)) {
@@ -326,12 +329,12 @@ static int passdss_decode(void *context,
{
context_t *text = (context_t *) context;
int ret;
-
+
ret = _plug_decode(&text->decode_context, input, inputlen,
- &text->decode_buf, &text->decode_buf_len, outputlen,
- passdss_decode_packet, text);
+ (char **) &text->decode_buf, &text->decode_buf_len,
+ outputlen, passdss_decode_packet, text);
- *output = text->decode_buf;
+ *output = (const char *) text->decode_buf;
return ret;
}
@@ -342,7 +345,8 @@ static int passdss_decode(void *context,
/*
* Create/append to a PASSDSS buffer from the data specified by the fmt string.
*/
-static int MakeBuffer(const sasl_utils_t *utils, char **buf, unsigned offset,
+static int MakeBuffer(const sasl_utils_t *utils,
+ unsigned char **buf, unsigned offset,
unsigned *buflen, unsigned *outlen, const char *fmt, ...)
{
va_list ap;
@@ -425,10 +429,10 @@ static int MakeBuffer(const sasl_utils_t
}
va_end(ap);
- r = _plug_buf_alloc(utils, buf, buflen, alloclen);
+ r = _plug_buf_alloc(utils, (char **) buf, buflen, alloclen);
if (r != SASL_OK) return r;
- out = *buf + offset;
+ out = (char *) *buf + offset;
/* second pass to fill buffer */
va_start(ap, fmt);
@@ -463,7 +467,7 @@ static int MakeBuffer(const sasl_utils_t
case 'm':
/* MPI */
mpi = va_arg(ap, BIGNUM *);
- len = BN_bn2bin(mpi, out+4);
+ len = BN_bn2bin(mpi, (unsigned char *) out+4);
nl = htonl(len);
memcpy(out, &nl, 4); /* add 4 byte len (network order) */
out += len + 4;
@@ -515,7 +519,7 @@ static int MakeBuffer(const sasl_utils_t
done:
va_end(ap);
- *outlen = out - *buf;
+ *outlen = out - (char *) *buf;
return r;
}
@@ -600,8 +604,8 @@ static int UnBuffer(const sasl_utils_t *
if (mpi) {
if (!*mpi) *mpi = BN_new();
- BN_init(*mpi);
- BN_bin2bn(buf, len, *mpi);
+ BN_clear(*mpi);
+ BN_bin2bn((unsigned char *) buf, len, *mpi);
}
break;
@@ -716,16 +720,16 @@ static int UnBuffer(const sasl_utils_t *
}
#define DOHASH(out, in1, len1, in2, len2, in3, len3) \
- EVP_DigestInit(&mdctx, EVP_sha1()); \
- EVP_DigestUpdate(&mdctx, in1, len1); \
- EVP_DigestUpdate(&mdctx, in2, len2); \
- EVP_DigestUpdate(&mdctx, in3, len3); \
- EVP_DigestFinal(&mdctx, out, NULL)
+ EVP_DigestInit(mdctx, EVP_sha1()); \
+ EVP_DigestUpdate(mdctx, in1, len1); \
+ EVP_DigestUpdate(mdctx, in2, len2); \
+ EVP_DigestUpdate(mdctx, in3, len3); \
+ EVP_DigestFinal(mdctx, out, NULL)
-void CalcLayerParams(context_t *text, char *K, unsigned Klen,
- char *hash, unsigned hashlen)
+void CalcLayerParams(context_t *text, unsigned char *K, unsigned Klen,
+ unsigned char *hash, unsigned hashlen)
{
- EVP_MD_CTX mdctx;
+ EVP_MD_CTX *mdctx = EVP_MD_CTX_new();
DOHASH(text->cs_encryption_iv, K, Klen, "A", 1, hash, hashlen);
DOHASH(text->sc_encryption_iv, K, Klen, "B", 1, hash, hashlen);
@@ -737,6 +741,8 @@ void CalcLayerParams(context_t *text, ch
text->sc_encryption_key, hashlen);
DOHASH(text->cs_integrity_key, K, Klen, "E", 1, hash, hashlen);
DOHASH(text->sc_integrity_key, K, Klen, "F", 1, hash, hashlen);
+
+ EVP_MD_CTX_free(mdctx);
}
/*
@@ -755,11 +761,11 @@ static void passdss_common_mech_dispose(
if (text->dh) DH_free(text->dh);
- HMAC_CTX_cleanup(&text->hmac_send_ctx);
- HMAC_CTX_cleanup(&text->hmac_recv_ctx);
+ HMAC_CTX_free(text->hmac_send_ctx);
+ HMAC_CTX_free(text->hmac_recv_ctx);
- EVP_CIPHER_CTX_cleanup(&text->cipher_enc_ctx);
- EVP_CIPHER_CTX_cleanup(&text->cipher_dec_ctx);
+ EVP_CIPHER_CTX_free(text->cipher_enc_ctx);
+ EVP_CIPHER_CTX_free(text->cipher_dec_ctx);
_plug_decode_free(&text->decode_context);
@@ -809,15 +815,17 @@ passdss_server_mech_step1(context_t *tex
unsigned *serveroutlen,
sasl_out_params_t *oparams __attribute__((unused)))
{
- BIGNUM *X = NULL;
+ BIGNUM *X = NULL, *dh_p = NULL, *dh_g = NULL;
DSA *dsa = NULL;
+ const BIGNUM *dsa_p, *dsa_q, *dsa_g, *dsa_pub_key, *dh_pub_key;
unsigned char *K = NULL;
unsigned Klen, hashlen;
int need, musthave;
- EVP_MD_CTX mdctx;
+ EVP_MD_CTX *mdctx;
unsigned char hash[EVP_MAX_MD_SIZE];
DSA_SIG *sig = NULL;
- int result;
+ const BIGNUM *sig_r, *sig_s;
+ int r = 0, result;
/* Expect:
*
@@ -835,8 +843,18 @@ passdss_server_mech_step1(context_t *tex
}
/* Fetch DSA (XXX create one for now) */
- dsa = DSA_generate_parameters(1024, NULL, 0, NULL, NULL, NULL, NULL);
+ dsa = DSA_new();
if (!dsa) {
+ params->utils->log(NULL,
+ SASL_LOG_ERR, "Error creating DSA\n");
+ result = SASL_FAIL;
+ goto cleanup;
+ }
+
+ r = DSA_generate_parameters_ex(dsa, 1024, NULL, 0, NULL, NULL, NULL);
+ if (!r) {
+ params->utils->log(NULL,
+ SASL_LOG_ERR, "Error generating DSA parameters\n");
result = SASL_FAIL;
goto cleanup;
}
@@ -844,8 +862,9 @@ passdss_server_mech_step1(context_t *tex
/* Create Diffie-Hellman parameters */
text->dh = DH_new();
- BN_hex2bn(&text->dh->p, N);
- BN_hex2bn(&text->dh->g, g);
+ BN_hex2bn(&dh_p, N);
+ BN_hex2bn(&dh_g, g);
+ DH_set0_pqg(text->dh, dh_p, NULL, dh_g);
DH_generate_key(text->dh);
/* Alloc space for shared secret K as mpint */
@@ -897,10 +916,13 @@ passdss_server_mech_step1(context_t *tex
*/
/* Items (4) - (7) */
+ DSA_get0_pqg(dsa, &dsa_p, &dsa_q, &dsa_g);
+ DSA_get0_key(dsa, &dsa_pub_key, NULL);
+ DH_get0_key(text->dh, &dh_pub_key, NULL);
result = MakeBuffer(text->utils, &text->out_buf, 0, &text->out_buf_len,
serveroutlen, "%5a%s%m%m%m%m%m%1o%3u",
- "ssh-dss", dsa->p, dsa->q, dsa->g, dsa->pub_key,
- text->dh->pub_key, &text->secmask,
+ "ssh-dss", dsa_p, dsa_q, dsa_g, dsa_pub_key,
+ dh_pub_key, &text->secmask,
(params->props.maxbufsize > 0xFFFFFF) ? 0xFFFFFF :
params->props.maxbufsize);
if (result) {
@@ -909,26 +931,29 @@ passdss_server_mech_step1(context_t *tex
}
/* Hash (1) - (7) and K */
- EVP_DigestInit(&mdctx, EVP_sha1());
+ mdctx = EVP_MD_CTX_new();
+ EVP_DigestInit(mdctx, EVP_sha1());
/* (1) - (3) */
- EVP_DigestUpdate(&mdctx, clientin, clientinlen);
+ EVP_DigestUpdate(mdctx, clientin, clientinlen);
/* (4) - (7) */
- EVP_DigestUpdate(&mdctx, text->out_buf, *serveroutlen);
+ EVP_DigestUpdate(mdctx, text->out_buf, *serveroutlen);
/* K */
- EVP_DigestUpdate(&mdctx, K, Klen);
- EVP_DigestFinal(&mdctx, hash, &hashlen);
+ EVP_DigestUpdate(mdctx, K, Klen);
+ EVP_DigestFinal(mdctx, hash, &hashlen);
+ EVP_MD_CTX_free(mdctx);
/* Calculate security layer params */
CalcLayerParams(text, K, Klen, hash, hashlen);
/* Start cli-hmac */
- HMAC_CTX_init(&text->hmac_recv_ctx);
- HMAC_Init_ex(&text->hmac_recv_ctx, text->cs_integrity_key,
+ text->hmac_recv_ctx = HMAC_CTX_new();
+ HMAC_CTX_reset(text->hmac_recv_ctx);
+ HMAC_Init_ex(text->hmac_recv_ctx, text->cs_integrity_key,
SHA_DIGEST_LENGTH, EVP_sha1(), NULL);
/* (1) - (3) */
- HMAC_Update(&text->hmac_recv_ctx, clientin, clientinlen);
+ HMAC_Update(text->hmac_recv_ctx, (unsigned char *) clientin, clientinlen);
/* (4) - (7) */
- HMAC_Update(&text->hmac_recv_ctx, text->out_buf, *serveroutlen);
+ HMAC_Update(text->hmac_recv_ctx, text->out_buf, *serveroutlen);
/* Sign the hash */
sig = DSA_do_sign(hash, hashlen, dsa);
@@ -940,14 +965,15 @@ passdss_server_mech_step1(context_t *tex
}
/* Item (8) */
+ DSA_SIG_get0(sig, &sig_r, &sig_s);
result = MakeBuffer(text->utils, &text->out_buf, *serveroutlen,
&text->out_buf_len, serveroutlen,
- "%3a%s%m%m", "ssh-dss", sig->r, sig->s);
+ "%3a%s%m%m", "ssh-dss", sig_r, sig_s);
if (result) {
params->utils->log(NULL, SASL_LOG_ERR, "Error making output buffer\n");
goto cleanup;
}
- *serverout = text->out_buf;
+ *serverout = (char *) text->out_buf;
text->state = 2;
result = SASL_CONTINUE;
@@ -971,10 +997,10 @@ passdss_server_mech_step2(context_t *tex
sasl_out_params_t *oparams)
{
char *password = NULL;
- unsigned declen, hmaclen;
+ unsigned hmaclen;
unsigned char *csecmask, *cli_hmac, hmac[EVP_MAX_MD_SIZE];
uint32_t cbufsiz;
- int r, result = SASL_OK;
+ int declen, r, result = SASL_OK;
/* Expect (3DES encrypted):
*
@@ -985,7 +1011,7 @@ passdss_server_mech_step2(context_t *tex
*/
/* Alloc space for the decrypted input */
- result = _plug_buf_alloc(text->utils, &text->decode_pkt_buf,
+ result = _plug_buf_alloc(text->utils, (char **) &text->decode_pkt_buf,
&text->decode_pkt_buf_len, clientinlen);
if (result) {
params->utils->log(NULL, SASL_LOG_ERR,
@@ -994,25 +1020,28 @@ passdss_server_mech_step2(context_t *tex
}
/* Initialize decrypt cipher */
- EVP_CIPHER_CTX_init(&text->cipher_dec_ctx);
- EVP_DecryptInit_ex(&text->cipher_dec_ctx, EVP_des_ede3_cbc(), NULL,
+ text->cipher_dec_ctx = EVP_CIPHER_CTX_new();
+ EVP_CIPHER_CTX_init(text->cipher_dec_ctx);
+ EVP_DecryptInit_ex(text->cipher_dec_ctx, EVP_des_ede3_cbc(), NULL,
text->cs_encryption_key, text->cs_encryption_iv);
- EVP_CIPHER_CTX_set_padding(&text->cipher_dec_ctx, 0);
- text->blk_siz = EVP_CIPHER_CTX_block_size(&text->cipher_dec_ctx);
+ EVP_CIPHER_CTX_set_padding(text->cipher_dec_ctx, 0);
+ text->blk_siz = EVP_CIPHER_CTX_block_size(text->cipher_dec_ctx);
/* Decrypt the blob */
- r = EVP_DecryptUpdate(&text->cipher_dec_ctx, text->decode_pkt_buf, &declen,
- clientin, clientinlen);
+ r = EVP_DecryptUpdate(text->cipher_dec_ctx,
+ text->decode_pkt_buf, &declen,
+ (unsigned char *) clientin, clientinlen);
if (r)
- r = EVP_DecryptFinal_ex(&text->cipher_dec_ctx, /* should be no output */
- text->decode_pkt_buf + declen, &declen);
+ r = EVP_DecryptFinal_ex(text->cipher_dec_ctx, /* should be no output */
+ text->decode_pkt_buf + declen,
+ &declen);
if (!r) {
params->utils->seterror(params->utils->conn, 0,
"Error decrypting input in step 2");
result = SASL_BADPROT;
goto cleanup;
}
- clientin = text->decode_pkt_buf;
+ clientin = (char *) text->decode_pkt_buf;
result = UnBuffer(params->utils, clientin, clientinlen,
"%-1o%3u%s%-*o%*p", &csecmask, &cbufsiz, &password,
@@ -1026,8 +1055,8 @@ passdss_server_mech_step2(context_t *tex
/* Finish cli-hmac */
/* (1) - (7) hashed in step 1 */
/* 1st 4 bytes of (9) */
- HMAC_Update(&text->hmac_recv_ctx, clientin, 4);
- HMAC_Final(&text->hmac_recv_ctx, hmac, &hmaclen);
+ HMAC_Update(text->hmac_recv_ctx, (unsigned char *) clientin, 4);
+ HMAC_Final(text->hmac_recv_ctx, hmac, &hmaclen);
/* Verify cli-hmac */
if (memcmp(cli_hmac, hmac, hmaclen)) {
@@ -1089,16 +1118,18 @@ passdss_server_mech_step2(context_t *tex
oparams->decode = &passdss_decode;
oparams->maxoutbuf = cbufsiz - 4 - SHA_DIGEST_LENGTH; /* -len -HMAC */
- HMAC_CTX_init(&text->hmac_send_ctx);
+ text->hmac_send_ctx = HMAC_CTX_new();
+ HMAC_CTX_reset(text->hmac_send_ctx);
if (oparams->mech_ssf > 1) {
oparams->maxoutbuf -= text->blk_siz-1; /* padding */
/* Initialize encrypt cipher */
- EVP_CIPHER_CTX_init(&text->cipher_enc_ctx);
- EVP_EncryptInit_ex(&text->cipher_enc_ctx, EVP_des_ede3_cbc(), NULL,
+ text->cipher_enc_ctx = EVP_CIPHER_CTX_new();
+ EVP_CIPHER_CTX_init(text->cipher_enc_ctx);
+ EVP_EncryptInit_ex(text->cipher_enc_ctx, EVP_des_ede3_cbc(), NULL,
text->sc_encryption_key, text->sc_encryption_iv);
- EVP_CIPHER_CTX_set_padding(&text->cipher_enc_ctx, 0);
+ EVP_CIPHER_CTX_set_padding(text->cipher_enc_ctx, 0);
}
_plug_decode_init(&text->decode_context, text->utils,
@@ -1247,6 +1278,8 @@ passdss_client_mech_step1(context_t *tex
int auth_result = SASL_OK;
int pass_result = SASL_OK;
int result;
+ BIGNUM *dh_p = NULL, *dh_g = NULL;
+ const BIGNUM *dh_pub_key;
/* Expect: absolutely nothing */
if (serverinlen > 0) {
@@ -1334,8 +1367,9 @@ passdss_client_mech_step1(context_t *tex
/* create Diffie-Hellman parameters */
text->dh = DH_new();
- BN_hex2bn(&text->dh->p, N);
- BN_hex2bn(&text->dh->g, g);
+ BN_hex2bn(&dh_p, N);
+ BN_hex2bn(&dh_g, g);
+ DH_set0_pqg(text->dh, dh_p, NULL, dh_g);
DH_generate_key(text->dh);
@@ -1346,15 +1380,16 @@ passdss_client_mech_step1(context_t *tex
* (3) mpint X ; Diffie-Hellman parameter X
*/
+ DH_get0_key(text->dh, &dh_pub_key, NULL);
result = MakeBuffer(text->utils, &text->out_buf, 0, &text->out_buf_len,
clientoutlen, "%s%s%m",
(user && *user) ? (char *) oparams->user : "",
- (char *) oparams->authid, text->dh->pub_key);
+ (char *) oparams->authid, dh_pub_key);
if (result) {
params->utils->log(NULL, SASL_LOG_ERR, "Error making output buffer\n");
goto cleanup;
}
- *clientout = text->out_buf;
+ *clientout = (char *) text->out_buf;
text->state = 2;
result = SASL_CONTINUE;
@@ -1376,15 +1411,16 @@ passdss_client_mech_step2(context_t *tex
{
DSA *dsa = DSA_new();
DSA_SIG *sig = DSA_SIG_new();
- BIGNUM *Y = NULL;
+ BIGNUM *dsa_p = NULL, *dsa_q = NULL, *dsa_g = NULL, *dsa_pub_key = NULL;
+ BIGNUM *Y = NULL, *sig_r = NULL, *sig_s = NULL;
uint32_t siglen;
unsigned char *K = NULL;
- unsigned Klen, hashlen, enclen;
+ unsigned Klen, hashlen;
unsigned char *ssecmask;
uint32_t sbufsiz;
- EVP_MD_CTX mdctx;
+ EVP_MD_CTX *mdctx;
unsigned char hash[EVP_MAX_MD_SIZE];
- int need, musthave;
+ int enclen, need, musthave;
int result, r;
/* Expect:
@@ -1406,14 +1442,18 @@ passdss_client_mech_step2(context_t *tex
result = UnBuffer(params->utils, serverin, serverinlen,
"%u%3p\7ssh-dss%m%m%m%m%m%-1o%3u%u%3p\7ssh-dss%m%m",
- NULL, &dsa->p, &dsa->q, &dsa->g, &dsa->pub_key,
- &Y, &ssecmask, &sbufsiz, &siglen, &sig->r, &sig->s);
+ NULL, &dsa_p, &dsa_q, &dsa_g, &dsa_pub_key,
+ &Y, &ssecmask, &sbufsiz, &siglen, &sig_r, &sig_s);
if (result) {
params->utils->seterror(params->utils->conn, 0,
"Error UnBuffering input in step 2");
goto cleanup;
}
+ DSA_set0_pqg(dsa, dsa_p, dsa_q, dsa_g);
+ DSA_set0_key(dsa, dsa_pub_key, NULL);
+ DSA_SIG_set0(sig, sig_r, sig_s);
+
/* XXX Validate server DSA public key */
/* Alloc space for shared secret K as mpint */
@@ -1432,14 +1472,16 @@ passdss_client_mech_step2(context_t *tex
Klen += 4;
/* Hash (1) - (7) and K */
- EVP_DigestInit(&mdctx, EVP_sha1());
+ mdctx = EVP_MD_CTX_new();
+ EVP_DigestInit(mdctx, EVP_sha1());
/* (1) - (3) (output from step 1 still in buffer) */
- EVP_DigestUpdate(&mdctx, text->out_buf, text->out_buf_len);
+ EVP_DigestUpdate(mdctx, text->out_buf, text->out_buf_len);
/* (4) - (7) */
- EVP_DigestUpdate(&mdctx, serverin, serverinlen - siglen - 4);
+ EVP_DigestUpdate(mdctx, serverin, serverinlen - siglen - 4);
/* K */
- EVP_DigestUpdate(&mdctx, K, Klen);
- EVP_DigestFinal(&mdctx, hash, &hashlen);
+ EVP_DigestUpdate(mdctx, K, Klen);
+ EVP_DigestFinal(mdctx, hash, &hashlen);
+ EVP_MD_CTX_free(mdctx);
/* Verify signature on the hash */
result = DSA_do_verify(hash, hashlen, sig, dsa);
@@ -1455,11 +1497,12 @@ passdss_client_mech_step2(context_t *tex
CalcLayerParams(text, K, Klen, hash, hashlen);
/* Initialize encrypt cipher */
- EVP_CIPHER_CTX_init(&text->cipher_enc_ctx);
- EVP_EncryptInit_ex(&text->cipher_enc_ctx, EVP_des_ede3_cbc(), NULL,
+ text->cipher_enc_ctx = EVP_CIPHER_CTX_new();
+ EVP_CIPHER_CTX_init(text->cipher_enc_ctx);
+ EVP_EncryptInit_ex(text->cipher_enc_ctx, EVP_des_ede3_cbc(), NULL,
text->cs_encryption_key, text->cs_encryption_iv);
- EVP_CIPHER_CTX_set_padding(&text->cipher_enc_ctx, 0);
- text->blk_siz = EVP_CIPHER_CTX_block_size(&text->cipher_enc_ctx);
+ EVP_CIPHER_CTX_set_padding(text->cipher_enc_ctx, 0);
+ text->blk_siz = EVP_CIPHER_CTX_block_size(text->cipher_enc_ctx);
/* pick a layer */
if (params->props.maxbufsize < 32) {
@@ -1490,13 +1533,15 @@ passdss_client_mech_step2(context_t *tex
}
/* Start cli-hmac */
- HMAC_CTX_init(&text->hmac_send_ctx);
- HMAC_Init_ex(&text->hmac_send_ctx, text->cs_integrity_key,
+ text->hmac_send_ctx = HMAC_CTX_new();
+ HMAC_CTX_reset(text->hmac_send_ctx);
+ HMAC_Init_ex(text->hmac_send_ctx, text->cs_integrity_key,
SHA_DIGEST_LENGTH, EVP_sha1(), NULL);
/* (1) - (3) (output from step 1 still in buffer) */
- HMAC_Update(&text->hmac_send_ctx, text->out_buf, text->out_buf_len);
+ HMAC_Update(text->hmac_send_ctx, text->out_buf, text->out_buf_len);
/* (4) - (7) */
- HMAC_Update(&text->hmac_send_ctx, serverin, serverinlen - siglen - 4);
+ HMAC_Update(text->hmac_send_ctx,
+ (unsigned char *) serverin, serverinlen - siglen - 4);
/* Send out (3DES encrypted):
@@ -1520,8 +1565,8 @@ passdss_client_mech_step2(context_t *tex
/* Finish cli-hmac */
/* 1st 4 bytes of (9) */
- HMAC_Update(&text->hmac_send_ctx, text->out_buf, 4);
- HMAC_Final(&text->hmac_send_ctx, hash, &hashlen);
+ HMAC_Update(text->hmac_send_ctx, text->out_buf, 4);
+ HMAC_Final(text->hmac_send_ctx, hash, &hashlen);
/* Add HMAC and pad to fill no more than current block */
result = MakeBuffer(text->utils, &text->out_buf, *clientoutlen,
@@ -1533,7 +1578,7 @@ passdss_client_mech_step2(context_t *tex
}
/* Alloc space for the encrypted output */
- result = _plug_buf_alloc(text->utils, &text->encode_buf,
+ result = _plug_buf_alloc(text->utils, (char **) &text->encode_buf,
&text->encode_buf_len, *clientoutlen);
if (result) {
params->utils->log(NULL, SASL_LOG_ERR,
@@ -1542,19 +1587,20 @@ passdss_client_mech_step2(context_t *tex
}
/* Encrypt (9) (here we calculate the exact number of full blocks) */
- r = EVP_EncryptUpdate(&text->cipher_enc_ctx, text->encode_buf,
- clientoutlen, text->out_buf,
+ r = EVP_EncryptUpdate(text->cipher_enc_ctx,
+ text->encode_buf, (int *) clientoutlen, text->out_buf,
text->blk_siz * (*clientoutlen / text->blk_siz));
if (r)
- r = EVP_EncryptFinal_ex(&text->cipher_enc_ctx, /* should be no output */
- text->encode_buf + *clientoutlen, &enclen);
+ r = EVP_EncryptFinal_ex(text->cipher_enc_ctx, /* should be no output */
+ text->encode_buf + *clientoutlen,
+ &enclen);
if (!r) {
params->utils->seterror(params->utils->conn, 0,
"Error encrypting output in step 2");
result = SASL_FAIL;
goto cleanup;
}
- *clientout = text->encode_buf;
+ *clientout = (char *) text->encode_buf;
/* Set oparams */
oparams->doneflag = 1;
@@ -1565,16 +1611,18 @@ passdss_client_mech_step2(context_t *tex
oparams->decode = &passdss_decode;
oparams->maxoutbuf = sbufsiz - 4 - SHA_DIGEST_LENGTH; /* -len -HMAC */
- HMAC_CTX_init(&text->hmac_recv_ctx);
+ text->hmac_recv_ctx = HMAC_CTX_new();
+ HMAC_CTX_reset(text->hmac_recv_ctx);
if (oparams->mech_ssf > 1) {
oparams->maxoutbuf -= text->blk_siz-1; /* padding */
/* Initialize decrypt cipher */
- EVP_CIPHER_CTX_init(&text->cipher_dec_ctx);
- EVP_DecryptInit_ex(&text->cipher_dec_ctx, EVP_des_ede3_cbc(), NULL,
+ text->cipher_dec_ctx = EVP_CIPHER_CTX_new();
+ EVP_CIPHER_CTX_init(text->cipher_dec_ctx);
+ EVP_DecryptInit_ex(text->cipher_dec_ctx, EVP_des_ede3_cbc(), NULL,
text->sc_encryption_key, text->sc_encryption_iv);
- EVP_CIPHER_CTX_set_padding(&text->cipher_dec_ctx, 0);
+ EVP_CIPHER_CTX_set_padding(text->cipher_dec_ctx, 0);
}
_plug_decode_init(&text->decode_context, text->utils,

1044
security/cyrus-sasl2/files/patch-plugins_srp.c
View File

File diff suppressed because it is too large Load Diff

29
security/cyrus-sasl2/files/patch-saslauthd_Makefile.am
View File

@ -1,29 +0,0 @@
--- saslauthd/Makefile.am.orig 2012-01-27 23:31:36 UTC
+++ saslauthd/Makefile.am
@@ -2,6 +2,8 @@ AUTOMAKE_OPTIONS = 1.7
sbin_PROGRAMS = saslauthd testsaslauthd
EXTRA_PROGRAMS = saslcache
+CRYPTO_COMPAT_OBJS = $(top_builddir)/common/libcrypto_compat.la
+
saslauthd_SOURCES = mechanisms.c globals.h \
mechanisms.h auth_dce.c auth_dce.h auth_getpwent.c \
auth_getpwent.h auth_krb5.c auth_krb5.h auth_krb4.c \
@@ -16,7 +18,7 @@ EXTRA_saslauthd_sources = getaddrinfo.c
saslauthd_DEPENDENCIES = saslauthd-main.o @LTLIBOBJS@
saslauthd_LDADD = @SASL_KRB_LIB@ \
@GSSAPIBASE_LIBS@ @GSSAPI_LIBS@ @LIB_CRYPT@ @LIB_SIA@ \
- @LIB_SOCKET@ @SASL_DB_LIB@ @LIB_PAM@ @LDAP_LIBS@ @LTLIBOBJS@
+ @LIB_SOCKET@ @SASL_DB_LIB@ @LIB_PAM@ @LDAP_LIBS@ @LTLIBOBJS@ $(CRYPTO_COMPAT_OBJS)
testsaslauthd_SOURCES = testsaslauthd.c utils.c
testsaslauthd_LDADD = @LIB_SOCKET@
@@ -25,7 +27,7 @@ saslcache_SOURCES = saslcache.c
EXTRA_DIST = saslauthd.8 saslauthd.mdoc config include \
getnameinfo.c getaddrinfo.c LDAP_SASLAUTHD
-INCLUDES = -I$(top_srcdir)/include -I$(top_builddir)/include -I$(top_srcdir)/../include
+INCLUDES = -I$(top_srcdir)/include -I$(top_builddir)/include -I$(top_srcdir)/../include -I$(top_builddir)/common
DEFS = @DEFS@ -DSASLAUTHD_CONF_FILE_DEFAULT=\"@sysconfdir@/saslauthd.conf\" -I. -I$(srcdir) -I..

54
security/cyrus-sasl2/files/patch-saslauthd__configure
View File

@ -1,54 +0,0 @@
Index: saslauthd/configure
diff -u saslauthd/configure.orig saslauthd/configure
--- saslauthd/configure.orig 2012-11-07 04:21:44.000000000 +0900
+++ saslauthd/configure 2013-01-06 17:15:30.597678365 +0900
@@ -2185,6 +2185,7 @@
fi
{ $as_echo "$as_me:$LINENO: result: yes" >&5
$as_echo "yes" >&6; }
+program_prefix=NONE
test "$program_prefix" != NONE &&
program_transform_name="s&^&$program_prefix&;$program_transform_name"
# Use a double $ so make ignores it.
@@ -8301,6 +8302,7 @@
gssapi_dir="${gssapi}/lib"
GSSAPIBASE_LIBS="-L$gssapi_dir"
GSSAPIBASE_STATIC_LIBS="-L$gssapi_dir"
+ gssapi_bindir="${gssapi}/bin/"
else
# FIXME: This is only used for building cyrus, and then only as
# a real hack. it needs to be fixed.
@@ -8320,7 +8322,7 @@
$as_echo_n "(cached) " >&6
else
ac_check_lib_save_LIBS=$LIBS
-LIBS="-lgssapi ${GSSAPIBASE_LIBS} -lgssapi -lkrb5 -lasn1 -lroken ${LIB_CRYPT} ${LIB_DES} -lcom_err ${LIB_SOCKET} $LIBS"
+LIBS="${GSSAPIBASE_LIBS} `${gssapi_bindir}krb5-config --libs gssapi` $LIBS"
cat >conftest.$ac_ext <<_ACEOF
/* confdefs.h. */
_ACEOF
@@ -8796,7 +8798,7 @@
GSSAPIBASE_STATIC_LIBS="$GSSAPIBASE_LIBS $gssapi_dir/libgssapi_krb5.a $gssapi_dir/libkrb5.a $gssapi_dir/libk5crypto.a $gssapi_dir/libcom_err.a ${K5SUPSTATIC}"
elif test "$gss_impl" = "heimdal"; then
CPPFLAGS="$CPPFLAGS -DKRB5_HEIMDAL"
- GSSAPIBASE_LIBS="$GSSAPIBASE_LIBS -lgssapi -lkrb5 -lasn1 -lroken ${LIB_CRYPT} ${LIB_DES} -lcom_err"
+ GSSAPIBASE_LIBS="$GSSAPIBASE_LIBS `${gssapi_bindir}krb5-config --libs gssapi`"
GSSAPIBASE_STATIC_LIBS="$GSSAPIBASE_STATIC_LIBS $gssapi_dir/libgssapi.a $gssapi_dir/libkrb5.a $gssapi_dir/libasn1.a $gssapi_dir/libroken.a $gssapi_dir/libcom_err.a ${LIB_CRYPT}"
elif test "$gss_impl" = "cybersafe03"; then
# Version of CyberSafe with two libraries
@@ -10065,6 +10067,7 @@
cat confdefs.h >>conftest.$ac_ext
cat >>conftest.$ac_ext <<_ACEOF
/* end confdefs.h. */
+#include <stdio.h>
#include <db.h>
_ACEOF
if { (ac_try="$ac_cpp conftest.$ac_ext"
@@ -10892,6 +10895,7 @@
cat confdefs.h >>conftest.$ac_ext
cat >>conftest.$ac_ext <<_ACEOF
/* end confdefs.h. */
+#include <stdio.h>
#include <db.h>
_ACEOF
if { (ac_try="$ac_cpp conftest.$ac_ext"

13
security/cyrus-sasl2/files/patch-saslauthd__saslcache.c
View File

@ -1,13 +0,0 @@
Index: saslauthd/saslcache.c
diff -u -p saslauthd/saslcache.c.orig saslauthd/saslcache.c
--- saslauthd/saslcache.c.orig Sat Mar 29 04:59:24 2003
+++ saslauthd/saslcache.c Thu Dec 14 13:44:41 2006
@@ -137,7 +137,7 @@ int main(int argc, char **argv) {
}
table_stats = shm_base + 64;
- (char *)table = (char *)table_stats + 128;
+ table = (struct bucket *)((char *)table_stats + 128);
if (dump_stat_info == 0 && dump_user_info == 0)
dump_stat_info = 1;

122
security/cyrus-sasl2/files/patch-saslauthd_lak.c
View File

@ -1,122 +0,0 @@
--- saslauthd/lak.c.orig 2012-10-12 14:05:48 UTC
+++ saslauthd/lak.c
@@ -53,6 +53,46 @@
#endif
#include <openssl/evp.h>
#include <openssl/des.h>
+
+/* for legacy libcrypto support */
+#include "crypto-compat.h"
+
+#if defined(HAVE_OPENSSL) && (OPENSSL_VERSION_NUMBER < 0x10100000L)
+
+#include <openssl/engine.h>
+
+static void *OPENSSL_zalloc(size_t num)
+{
+ void *ret = OPENSSL_malloc(num);
+
+ if (ret != NULL)
+ memset(ret, 0, num);
+ return ret;
+}
+
+EVP_MD_CTX *EVP_MD_CTX_new(void)
+{
+ return OPENSSL_zalloc(sizeof(EVP_MD_CTX));
+}
+
+void EVP_MD_CTX_free(EVP_MD_CTX *ctx)
+{
+ EVP_MD_CTX_cleanup(ctx);
+ OPENSSL_free(ctx);
+}
+
+EVP_ENCODE_CTX *EVP_ENCODE_CTX_new(void)
+{
+ return OPENSSL_zalloc(sizeof(EVP_ENCODE_CTX));
+}
+
+void EVP_ENCODE_CTX_free(EVP_ENCODE_CTX *ctx)
+{
+ OPENSSL_free(ctx);
+}
+
+#endif /* HAVE_OPENSSL && OPENSSL_VERSION_NUMBER */
+
#endif
#define LDAP_DEPRECATED 1
@@ -1715,20 +1755,28 @@ static int lak_base64_decode(
int rc, i, tlen = 0;
char *text;
- EVP_ENCODE_CTX EVP_ctx;
+ EVP_ENCODE_CTX *enc_ctx = EVP_ENCODE_CTX_new();
+
+ if (enc_ctx == NULL)
+ return LAK_NOMEM;
text = (char *)malloc(((strlen(src)+3)/4 * 3) + 1);
- if (text == NULL)
+ if (text == NULL) {
+ EVP_ENCODE_CTX_free(enc_ctx);
return LAK_NOMEM;
+ }
- EVP_DecodeInit(&EVP_ctx);
- rc = EVP_DecodeUpdate(&EVP_ctx, text, &i, (char *)src, strlen(src));
+ EVP_DecodeInit(enc_ctx);
+ rc = EVP_DecodeUpdate(enc_ctx, (unsigned char *) text, &i, (const unsigned char *)src, strlen(src));
if (rc < 0) {
+ EVP_ENCODE_CTX_free(enc_ctx);
free(text);
return LAK_FAIL;
}
tlen += i;
- EVP_DecodeFinal(&EVP_ctx, text, &i);
+ EVP_DecodeFinal(enc_ctx, (unsigned char *) text, &i);
+
+ EVP_ENCODE_CTX_free(enc_ctx);
*ret = text;
if (rlen != NULL)
@@ -1744,7 +1792,7 @@ static int lak_check_hashed(
{
int rc, clen;
LAK_HASH_ROCK *hrock = (LAK_HASH_ROCK *) rock;
- EVP_MD_CTX mdctx;
+ EVP_MD_CTX *mdctx;
const EVP_MD *md;
unsigned char digest[EVP_MAX_MD_SIZE];
char *cred;
@@ -1753,17 +1801,24 @@ static int lak_check_hashed(
if (!md)
return LAK_FAIL;
+ mdctx = EVP_MD_CTX_new();
+ if (!mdctx)
+ return LAK_NOMEM;
+
rc = lak_base64_decode(hash, &cred, &clen);
- if (rc != LAK_OK)
+ if (rc != LAK_OK) {
+ EVP_MD_CTX_free(mdctx);
return rc;
+ }
- EVP_DigestInit(&mdctx, md);
- EVP_DigestUpdate(&mdctx, passwd, strlen(passwd));
+ EVP_DigestInit(mdctx, md);
+ EVP_DigestUpdate(mdctx, passwd, strlen(passwd));
if (hrock->salted) {
- EVP_DigestUpdate(&mdctx, &cred[EVP_MD_size(md)],
+ EVP_DigestUpdate(mdctx, &cred[EVP_MD_size(md)],
clen - EVP_MD_size(md));
}
- EVP_DigestFinal(&mdctx, digest, NULL);
+ EVP_DigestFinal(mdctx, digest, NULL);
+ EVP_MD_CTX_free(mdctx);
rc = memcmp((char *)cred, (char *)digest, EVP_MD_size(md));
free(cred);

43
security/cyrus-sasl2/files/patch-sasldb_db__ndbm.c
View File

@ -1,43 +0,0 @@
--- sasldb/db_ndbm.c.orig 2012-01-27 23:31:36 UTC
+++ sasldb/db_ndbm.c
@@ -44,6 +44,7 @@
*/
#include <config.h>
+#include <errno.h>
#include <stdio.h>
#include <ndbm.h>
#include <fcntl.h>
@@ -101,7 +102,8 @@ int _sasldb_getdata(const sasl_utils_t *
}
db = dbm_open(path, O_RDONLY, S_IRUSR | S_IWUSR);
if (! db) {
- utils->seterror(cntxt, 0, "Could not open db");
+ utils->seterror(cntxt, 0, "Could not open db `%s': %s",
+ path, strerror(errno));
result = SASL_FAIL;
goto cleanup;
}
@@ -182,10 +184,11 @@ int _sasldb_putdata(const sasl_utils_t *
O_RDWR | O_CREAT,
S_IRUSR | S_IWUSR);
if (! db) {
+ utils->seterror(conn, 0, "Could not open db `%s' for writing: %s",
+ path, strerror(errno));
utils->log(conn, SASL_LOG_ERR,
"SASL error opening password file. "
"Do you have write permissions?\n");
- utils->seterror(conn, 0, "Could not open db for write");
goto cleanup;
}
dkey.dptr = key;
@@ -322,7 +325,8 @@ sasldb_handle _sasldb_getkeyhandle(const
db = dbm_open(path, O_RDONLY, S_IRUSR | S_IWUSR);
if(!db) {
- utils->seterror(conn, 0, "Could not open db");
+ utils->seterror(conn, 0, "Could not open db `%s': %s",
+ path, strerror(errno));
return NULL;
}

3
security/cyrus-sasl2/files/pkg-deinstall.in
View File

@ -18,6 +18,9 @@ delete_sasldb() {
if [ -f ${SASLDB_NAME} ] ; then
if [ `${PKG_PREFIX}/sbin/sasldblistusers2 | wc -l` -eq 0 ]; then
rm ${SASLDB_NAME}
if [ -f ${SASLDB_NAME}-lock ] ; then
rm ${SASLDB_NAME}-lock
fi
else
echo "WARNING: Users SASL passwords are in ${SASLDB_NAME}, keeping this file"
fi

4
security/cyrus-sasl2/files/pkg-install.in
View File

@ -78,6 +78,10 @@ create_sasldb() {
${PKG_PREFIX}/sbin/saslpasswd2 -d ${CYRUS_USER}
chown ${CYRUS_USER}:mail ${SASLDB_NAME}
chmod 640 ${SASLDB_NAME}
if [ -f ${SASLDB_NAME}-lock ]; then
chown ${CYRUS_USER}:mail ${SASLDB_NAME}-lock
chmod 640 ${SASLDB_NAME}-lock
fi
fi
fi
}

50
security/cyrus-sasl2/pkg-plist
View File

@ -105,53 +105,3 @@ man/man8/pluginviewer.8.gz
sbin/pluginviewer
%%SASLDB%%sbin/sasldblistusers2
%%SASLDB%%sbin/saslpasswd2
%%PORTDOCS%%%%DOCSDIR%%/AUTHORS
%%PORTDOCS%%%%DOCSDIR%%/COPYING
%%PORTDOCS%%%%DOCSDIR%%/ChangeLog
%%PORTDOCS%%%%DOCSDIR%%/INSTALL
%%PORTDOCS%%%%DOCSDIR%%/INSTALL.TXT
%%PORTDOCS%%%%DOCSDIR%%/NEWS
%%PORTDOCS%%%%DOCSDIR%%/README
%%PORTDOCS%%%%DOCSDIR%%/ONEWS
%%PORTDOCS%%%%DOCSDIR%%/Sendmail.README
%%PORTDOCS%%%%DOCSDIR%%/TODO
%%PORTDOCS%%%%DOCSDIR%%/draft-burdis-cat-srp-sasl-xx.txt
%%PORTDOCS%%%%DOCSDIR%%/draft-ietf-sasl-anon-xx.txt
%%PORTDOCS%%%%DOCSDIR%%/draft-ietf-sasl-crammd5-xx.txt
%%PORTDOCS%%%%DOCSDIR%%/draft-ietf-sasl-gssapi-xx.txt
%%PORTDOCS%%%%DOCSDIR%%/draft-ietf-sasl-plain-xx.txt
%%PORTDOCS%%%%DOCSDIR%%/draft-ietf-sasl-rfc2222bis-xx.txt
%%PORTDOCS%%%%DOCSDIR%%/draft-ietf-sasl-rfc2831bis-xx.txt
%%PORTDOCS%%%%DOCSDIR%%/draft-ietf-sasl-saslprep-xx.txt
%%PORTDOCS%%%%DOCSDIR%%/draft-murchison-sasl-login-xx.txt
%%PORTDOCS%%%%DOCSDIR%%/draft-newman-sasl-c-api-xx.txt
%%PORTDOCS%%%%DOCSDIR%%/rfc1321.txt
%%PORTDOCS%%%%DOCSDIR%%/rfc1939.txt
%%PORTDOCS%%%%DOCSDIR%%/rfc2104.txt
%%PORTDOCS%%%%DOCSDIR%%/rfc2195.txt
%%PORTDOCS%%%%DOCSDIR%%/rfc2222.txt
%%PORTDOCS%%%%DOCSDIR%%/rfc2243.txt
%%PORTDOCS%%%%DOCSDIR%%/rfc2245.txt
%%PORTDOCS%%%%DOCSDIR%%/rfc2289.txt
%%PORTDOCS%%%%DOCSDIR%%/rfc2444.txt
%%PORTDOCS%%%%DOCSDIR%%/rfc2595.txt
%%PORTDOCS%%%%DOCSDIR%%/rfc2831.txt
%%PORTDOCS%%%%DOCSDIR%%/rfc2945.txt
%%PORTDOCS%%%%DOCSDIR%%/rfc3174.txt
%%PORTDOCS%%%%DOCSDIR%%/server-plugin-flow.fig
%%PORTDOCS%%%%DOCSDIR%%/testing.txt
%%PORTDOCS%%%%DOCSDIR%%/html/advanced.html
%%PORTDOCS%%%%DOCSDIR%%/html/appconvert.html
%%PORTDOCS%%%%DOCSDIR%%/html/components.html
%%PORTDOCS%%%%DOCSDIR%%/html/gssapi.html
%%PORTDOCS%%%%DOCSDIR%%/html/index.html
%%PORTDOCS%%%%DOCSDIR%%/html/install.html
%%PORTDOCS%%%%DOCSDIR%%/html/macosx.html
%%PORTDOCS%%%%DOCSDIR%%/html/mechanisms.html
%%PORTDOCS%%%%DOCSDIR%%/html/options.html
%%PORTDOCS%%%%DOCSDIR%%/html/plugprog.html
%%PORTDOCS%%%%DOCSDIR%%/html/programming.html
%%PORTDOCS%%%%DOCSDIR%%/html/readme.html
%%PORTDOCS%%%%DOCSDIR%%/html/sysadmin.html
%%PORTDOCS%%%%DOCSDIR%%/html/upgrading.html
%%PORTDOCS%%%%DOCSDIR%%/html/windows.html