svn commit: r472519 - in head/security/cyrus-sasl2: . files
Hajimu UMEMOTO
ume at FreeBSD.org
Sat Jun 16 06:16:53 UTC 2018
Author: ume
Date: Sat Jun 16 06:16:51 2018
New Revision: 472519
URL: https://svnweb.freebsd.org/changeset/ports/472519
Log:
- Backport from 2.1.27-rc7 OpenSSL 1.1 fixes
- Fix WWW
PR: 225891
Submitted by: brnrd
Added:
head/security/cyrus-sasl2/files/patch-Makefile.am (contents, props changed)
head/security/cyrus-sasl2/files/patch-crypto-compat.c (contents, props changed)
head/security/cyrus-sasl2/files/patch-crypto-compat.h (contents, props changed)
head/security/cyrus-sasl2/files/patch-lib_Makefile.am (contents, props changed)
head/security/cyrus-sasl2/files/patch-plugins_Makefile.am (contents, props changed)
head/security/cyrus-sasl2/files/patch-plugins_ntlm.c (contents, props changed)
head/security/cyrus-sasl2/files/patch-plugins_otp.c (contents, props changed)
head/security/cyrus-sasl2/files/patch-plugins_passdss.c (contents, props changed)
head/security/cyrus-sasl2/files/patch-plugins_srp.c (contents, props changed)
head/security/cyrus-sasl2/files/patch-saslauthd_Makefile.am (contents, props changed)
head/security/cyrus-sasl2/files/patch-saslauthd_lak.c (contents, props changed)
Modified:
head/security/cyrus-sasl2/pkg-descr
Added: head/security/cyrus-sasl2/files/patch-Makefile.am
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/security/cyrus-sasl2/files/patch-Makefile.am Sat Jun 16 06:16:51 2018 (r472519)
@@ -0,0 +1,14 @@
+--- Makefile.am.orig 2012-10-12 14:05:48 UTC
++++ Makefile.am
+@@ -76,6 +76,11 @@ EXTRA_DIST=config cmulocal win32 mac dlc
+ pkgconfigdir = $(libdir)/pkgconfig
+ pkgconfig_DATA = libsasl2.pc
+
++noinst_LTLIBRARIES = libcrypto_compat.la
++
++libcrypto_compat_la_SOURCES = crypto-compat.c crypto-compat.h
++libcrypto_compat_la_LDFLAGS = -version-info $(crypto_compat_version) -no-undefined
++
+ dist-hook:
+ @find $(distdir) -exec chmod o+w {} ';'
+ @find $(distdir) -name CVS -print | xargs -t rm -rf
Added: head/security/cyrus-sasl2/files/patch-crypto-compat.c
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/security/cyrus-sasl2/files/patch-crypto-compat.c Sat Jun 16 06:16:51 2018 (r472519)
@@ -0,0 +1,449 @@
+--- crypto-compat.c.orig 2018-02-14 13:10:38 UTC
++++ crypto-compat.c
+@@ -0,0 +1,446 @@
++/*
++ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
++ *
++ * Licensed under the OpenSSL license (the "License"). You may not use
++ * this file except in compliance with the License. You can obtain a copy
++ * in the file LICENSE in the source distribution or at
++ * https://www.openssl.org/source/license.html
++ */
++
++#include "crypto-compat.h"
++
++#if defined(HAVE_OPENSSL) && (OPENSSL_VERSION_NUMBER < 0x10100000L)
++
++#include <string.h>
++#include <openssl/engine.h>
++
++static void *OPENSSL_zalloc(size_t num)
++{
++ void *ret = OPENSSL_malloc(num);
++
++ if (ret != NULL)
++ memset(ret, 0, num);
++ return ret;
++}
++
++int RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d)
++{
++ /* If the fields n and e in r are NULL, the corresponding input
++ * parameters MUST be non-NULL for n and e. d may be
++ * left NULL (in case only the public key is used).
++ */
++ if ((r->n == NULL && n == NULL)
++ || (r->e == NULL && e == NULL))
++ return 0;
++
++ if (n != NULL) {
++ BN_free(r->n);
++ r->n = n;
++ }
++ if (e != NULL) {
++ BN_free(r->e);
++ r->e = e;
++ }
++ if (d != NULL) {
++ BN_free(r->d);
++ r->d = d;
++ }
++
++ return 1;
++}
++
++int RSA_set0_factors(RSA *r, BIGNUM *p, BIGNUM *q)
++{
++ /* If the fields p and q in r are NULL, the corresponding input
++ * parameters MUST be non-NULL.
++ */
++ if ((r->p == NULL && p == NULL)
++ || (r->q == NULL && q == NULL))
++ return 0;
++
++ if (p != NULL) {
++ BN_free(r->p);
++ r->p = p;
++ }
++ if (q != NULL) {
++ BN_free(r->q);
++ r->q = q;
++ }
++
++ return 1;
++}
++
++int RSA_set0_crt_params(RSA *r, BIGNUM *dmp1, BIGNUM *dmq1, BIGNUM *iqmp)
++{
++ /* If the fields dmp1, dmq1 and iqmp in r are NULL, the corresponding input
++ * parameters MUST be non-NULL.
++ */
++ if ((r->dmp1 == NULL && dmp1 == NULL)
++ || (r->dmq1 == NULL && dmq1 == NULL)
++ || (r->iqmp == NULL && iqmp == NULL))
++ return 0;
++
++ if (dmp1 != NULL) {
++ BN_free(r->dmp1);
++ r->dmp1 = dmp1;
++ }
++ if (dmq1 != NULL) {
++ BN_free(r->dmq1);
++ r->dmq1 = dmq1;
++ }
++ if (iqmp != NULL) {
++ BN_free(r->iqmp);
++ r->iqmp = iqmp;
++ }
++
++ return 1;
++}
++
++void RSA_get0_key(const RSA *r,
++ const BIGNUM **n, const BIGNUM **e, const BIGNUM **d)
++{
++ if (n != NULL)
++ *n = r->n;
++ if (e != NULL)
++ *e = r->e;
++ if (d != NULL)
++ *d = r->d;
++}
++
++void RSA_get0_factors(const RSA *r, const BIGNUM **p, const BIGNUM **q)
++{
++ if (p != NULL)
++ *p = r->p;
++ if (q != NULL)
++ *q = r->q;
++}
++
++void RSA_get0_crt_params(const RSA *r,
++ const BIGNUM **dmp1, const BIGNUM **dmq1,
++ const BIGNUM **iqmp)
++{
++ if (dmp1 != NULL)
++ *dmp1 = r->dmp1;
++ if (dmq1 != NULL)
++ *dmq1 = r->dmq1;
++ if (iqmp != NULL)
++ *iqmp = r->iqmp;
++}
++
++void DSA_get0_pqg(const DSA *d,
++ const BIGNUM **p, const BIGNUM **q, const BIGNUM **g)
++{
++ if (p != NULL)
++ *p = d->p;
++ if (q != NULL)
++ *q = d->q;
++ if (g != NULL)
++ *g = d->g;
++}
++
++int DSA_set0_pqg(DSA *d, BIGNUM *p, BIGNUM *q, BIGNUM *g)
++{
++ /* If the fields p, q and g in d are NULL, the corresponding input
++ * parameters MUST be non-NULL.
++ */
++ if ((d->p == NULL && p == NULL)
++ || (d->q == NULL && q == NULL)
++ || (d->g == NULL && g == NULL))
++ return 0;
++
++ if (p != NULL) {
++ BN_free(d->p);
++ d->p = p;
++ }
++ if (q != NULL) {
++ BN_free(d->q);
++ d->q = q;
++ }
++ if (g != NULL) {
++ BN_free(d->g);
++ d->g = g;
++ }
++
++ return 1;
++}
++
++void DSA_get0_key(const DSA *d,
++ const BIGNUM **pub_key, const BIGNUM **priv_key)
++{
++ if (pub_key != NULL)
++ *pub_key = d->pub_key;
++ if (priv_key != NULL)
++ *priv_key = d->priv_key;
++}
++
++int DSA_set0_key(DSA *d, BIGNUM *pub_key, BIGNUM *priv_key)
++{
++ /* If the field pub_key in d is NULL, the corresponding input
++ * parameters MUST be non-NULL. The priv_key field may
++ * be left NULL.
++ */
++ if (d->pub_key == NULL && pub_key == NULL)
++ return 0;
++
++ if (pub_key != NULL) {
++ BN_free(d->pub_key);
++ d->pub_key = pub_key;
++ }
++ if (priv_key != NULL) {
++ BN_free(d->priv_key);
++ d->priv_key = priv_key;
++ }
++
++ return 1;
++}
++
++void DSA_SIG_get0(const DSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps)
++{
++ if (pr != NULL)
++ *pr = sig->r;
++ if (ps != NULL)
++ *ps = sig->s;
++}
++
++int DSA_SIG_set0(DSA_SIG *sig, BIGNUM *r, BIGNUM *s)
++{
++ if (r == NULL || s == NULL)
++ return 0;
++ BN_clear_free(sig->r);
++ BN_clear_free(sig->s);
++ sig->r = r;
++ sig->s = s;
++ return 1;
++}
++
++void ECDSA_SIG_get0(const ECDSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps)
++{
++ if (pr != NULL)
++ *pr = sig->r;
++ if (ps != NULL)
++ *ps = sig->s;
++}
++
++int ECDSA_SIG_set0(ECDSA_SIG *sig, BIGNUM *r, BIGNUM *s)
++{
++ if (r == NULL || s == NULL)
++ return 0;
++ BN_clear_free(sig->r);
++ BN_clear_free(sig->s);
++ sig->r = r;
++ sig->s = s;
++ return 1;
++}
++
++void DH_get0_pqg(const DH *dh,
++ const BIGNUM **p, const BIGNUM **q, const BIGNUM **g)
++{
++ if (p != NULL)
++ *p = dh->p;
++ if (q != NULL)
++ *q = dh->q;
++ if (g != NULL)
++ *g = dh->g;
++}
++
++int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g)
++{
++ /* If the fields p and g in d are NULL, the corresponding input
++ * parameters MUST be non-NULL. q may remain NULL.
++ */
++ if ((dh->p == NULL && p == NULL)
++ || (dh->g == NULL && g == NULL))
++ return 0;
++
++ if (p != NULL) {
++ BN_free(dh->p);
++ dh->p = p;
++ }
++ if (q != NULL) {
++ BN_free(dh->q);
++ dh->q = q;
++ }
++ if (g != NULL) {
++ BN_free(dh->g);
++ dh->g = g;
++ }
++
++ if (q != NULL) {
++ dh->length = BN_num_bits(q);
++ }
++
++ return 1;
++}
++
++void DH_get0_key(const DH *dh, const BIGNUM **pub_key, const BIGNUM **priv_key)
++{
++ if (pub_key != NULL)
++ *pub_key = dh->pub_key;
++ if (priv_key != NULL)
++ *priv_key = dh->priv_key;
++}
++
++int DH_set0_key(DH *dh, BIGNUM *pub_key, BIGNUM *priv_key)
++{
++ /* If the field pub_key in dh is NULL, the corresponding input
++ * parameters MUST be non-NULL. The priv_key field may
++ * be left NULL.
++ */
++ if (dh->pub_key == NULL && pub_key == NULL)
++ return 0;
++
++ if (pub_key != NULL) {
++ BN_free(dh->pub_key);
++ dh->pub_key = pub_key;
++ }
++ if (priv_key != NULL) {
++ BN_free(dh->priv_key);
++ dh->priv_key = priv_key;
++ }
++
++ return 1;
++}
++
++int DH_set_length(DH *dh, long length)
++{
++ dh->length = length;
++ return 1;
++}
++
++const unsigned char *EVP_CIPHER_CTX_iv(const EVP_CIPHER_CTX *ctx)
++{
++ return ctx->iv;
++}
++
++unsigned char *EVP_CIPHER_CTX_iv_noconst(EVP_CIPHER_CTX *ctx)
++{
++ return ctx->iv;
++}
++
++EVP_MD_CTX *EVP_MD_CTX_new(void)
++{
++ return OPENSSL_zalloc(sizeof(EVP_MD_CTX));
++}
++
++void EVP_MD_CTX_free(EVP_MD_CTX *ctx)
++{
++ EVP_MD_CTX_cleanup(ctx);
++ OPENSSL_free(ctx);
++}
++
++EVP_ENCODE_CTX *EVP_ENCODE_CTX_new(void)
++{
++ return OPENSSL_zalloc(sizeof(EVP_ENCODE_CTX));
++}
++
++void EVP_ENCODE_CTX_free(EVP_ENCODE_CTX *ctx)
++{
++ OPENSSL_free(ctx);
++}
++
++RSA_METHOD *RSA_meth_dup(const RSA_METHOD *meth)
++{
++ RSA_METHOD *ret;
++
++ ret = OPENSSL_malloc(sizeof(RSA_METHOD));
++
++ if (ret != NULL) {
++ memcpy(ret, meth, sizeof(*meth));
++ ret->name = OPENSSL_strdup(meth->name);
++ if (ret->name == NULL) {
++ OPENSSL_free(ret);
++ return NULL;
++ }
++ }
++
++ return ret;
++}
++
++int RSA_meth_set1_name(RSA_METHOD *meth, const char *name)
++{
++ char *tmpname;
++
++ tmpname = OPENSSL_strdup(name);
++ if (tmpname == NULL) {
++ return 0;
++ }
++
++ OPENSSL_free((char *)meth->name);
++ meth->name = tmpname;
++
++ return 1;
++}
++
++int RSA_meth_set_priv_enc(RSA_METHOD *meth,
++ int (*priv_enc) (int flen, const unsigned char *from,
++ unsigned char *to, RSA *rsa,
++ int padding))
++{
++ meth->rsa_priv_enc = priv_enc;
++ return 1;
++}
++
++int RSA_meth_set_priv_dec(RSA_METHOD *meth,
++ int (*priv_dec) (int flen, const unsigned char *from,
++ unsigned char *to, RSA *rsa,
++ int padding))
++{
++ meth->rsa_priv_dec = priv_dec;
++ return 1;
++}
++
++int RSA_meth_set_finish(RSA_METHOD *meth, int (*finish) (RSA *rsa))
++{
++ meth->finish = finish;
++ return 1;
++}
++
++void RSA_meth_free(RSA_METHOD *meth)
++{
++ if (meth != NULL) {
++ OPENSSL_free((char *)meth->name);
++ OPENSSL_free(meth);
++ }
++}
++
++int RSA_bits(const RSA *r)
++{
++ return (BN_num_bits(r->n));
++}
++
++RSA *EVP_PKEY_get0_RSA(EVP_PKEY *pkey)
++{
++ if (pkey->type != EVP_PKEY_RSA) {
++ return NULL;
++ }
++ return pkey->pkey.rsa;
++}
++
++HMAC_CTX *HMAC_CTX_new(void)
++{
++ HMAC_CTX *ctx = OPENSSL_malloc(sizeof(*ctx));
++ if (ctx != NULL) {
++ if (!HMAC_CTX_reset(ctx)) {
++ HMAC_CTX_free(ctx);
++ return NULL;
++ }
++ }
++ return ctx;
++}
++
++void HMAC_CTX_free(HMAC_CTX *ctx)
++{
++ if (ctx != NULL) {
++ HMAC_CTX_cleanup(ctx);
++ OPENSSL_free(ctx);
++ }
++}
++
++int HMAC_CTX_reset(HMAC_CTX *ctx)
++{
++ HMAC_CTX_init(ctx);
++ return 1;
++}
++
++
++#endif /* HAVE_OPENSSL && OPENSSL_VERSION_NUMBER */
Added: head/security/cyrus-sasl2/files/patch-crypto-compat.h
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/security/cyrus-sasl2/files/patch-crypto-compat.h Sat Jun 16 06:16:51 2018 (r472519)
@@ -0,0 +1,76 @@
+--- crypto-compat.h.orig 2018-02-14 13:10:38 UTC
++++ crypto-compat.h
+@@ -0,0 +1,73 @@
++#ifndef LIBCRYPTO_COMPAT_H
++#define LIBCRYPTO_COMPAT_H
++
++#include <config.h>
++
++#ifdef HAVE_OPENSSL
++
++#include <openssl/opensslv.h>
++
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
++
++#include <openssl/rsa.h>
++#include <openssl/dsa.h>
++#include <openssl/ecdsa.h>
++#include <openssl/dh.h>
++#include <openssl/evp.h>
++#include <openssl/hmac.h>
++
++int RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d);
++int RSA_set0_factors(RSA *r, BIGNUM *p, BIGNUM *q);
++int RSA_set0_crt_params(RSA *r, BIGNUM *dmp1, BIGNUM *dmq1, BIGNUM *iqmp);
++void RSA_get0_key(const RSA *r, const BIGNUM **n, const BIGNUM **e, const BIGNUM **d);
++void RSA_get0_factors(const RSA *r, const BIGNUM **p, const BIGNUM **q);
++void RSA_get0_crt_params(const RSA *r, const BIGNUM **dmp1, const BIGNUM **dmq1, const BIGNUM **iqmp);
++
++void DSA_get0_pqg(const DSA *d, const BIGNUM **p, const BIGNUM **q, const BIGNUM **g);
++int DSA_set0_pqg(DSA *d, BIGNUM *p, BIGNUM *q, BIGNUM *g);
++void DSA_get0_key(const DSA *d, const BIGNUM **pub_key, const BIGNUM **priv_key);
++int DSA_set0_key(DSA *d, BIGNUM *pub_key, BIGNUM *priv_key);
++
++void DSA_SIG_get0(const DSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps);
++int DSA_SIG_set0(DSA_SIG *sig, BIGNUM *r, BIGNUM *s);
++
++void ECDSA_SIG_get0(const ECDSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps);
++int ECDSA_SIG_set0(ECDSA_SIG *sig, BIGNUM *r, BIGNUM *s);
++
++void DH_get0_pqg(const DH *dh, const BIGNUM **p, const BIGNUM **q, const BIGNUM **g);
++int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g);
++void DH_get0_key(const DH *dh, const BIGNUM **pub_key, const BIGNUM **priv_key);
++int DH_set0_key(DH *dh, BIGNUM *pub_key, BIGNUM *priv_key);
++int DH_set_length(DH *dh, long length);
++
++const unsigned char *EVP_CIPHER_CTX_iv(const EVP_CIPHER_CTX *ctx);
++unsigned char *EVP_CIPHER_CTX_iv_noconst(EVP_CIPHER_CTX *ctx);
++EVP_MD_CTX *EVP_MD_CTX_new(void);
++void EVP_MD_CTX_free(EVP_MD_CTX *ctx);
++EVP_ENCODE_CTX *EVP_ENCODE_CTX_new(void);
++void EVP_ENCODE_CTX_free(EVP_ENCODE_CTX *ctx);
++#define EVP_CIPHER_impl_ctx_size(e) e->ctx_size
++#define EVP_CIPHER_CTX_get_cipher_data(ctx) ctx->cipher_data
++
++RSA_METHOD *RSA_meth_dup(const RSA_METHOD *meth);
++int RSA_meth_set1_name(RSA_METHOD *meth, const char *name);
++#define RSA_meth_get_finish(meth) meth->finish
++int RSA_meth_set_priv_enc(RSA_METHOD *meth, int (*priv_enc) (int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding));
++int RSA_meth_set_priv_dec(RSA_METHOD *meth, int (*priv_dec) (int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding));
++int RSA_meth_set_finish(RSA_METHOD *meth, int (*finish) (RSA *rsa));
++void RSA_meth_free(RSA_METHOD *meth);
++
++int RSA_bits(const RSA *r);
++
++RSA *EVP_PKEY_get0_RSA(EVP_PKEY *pkey);
++
++HMAC_CTX *HMAC_CTX_new(void);
++void HMAC_CTX_free(HMAC_CTX *ctx);
++int HMAC_CTX_reset(HMAC_CTX *ctx);
++
++
++#endif /* OPENSSL_VERSION_NUMBER */
++
++#endif /* HAVE_OPENSSL */
++
++#endif /* LIBCRYPTO_COMPAT_H */
Added: head/security/cyrus-sasl2/files/patch-lib_Makefile.am
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/security/cyrus-sasl2/files/patch-lib_Makefile.am Sat Jun 16 06:16:51 2018 (r472519)
@@ -0,0 +1,13 @@
+--- lib/Makefile.am.orig 2012-10-12 14:05:48 UTC
++++ lib/Makefile.am
+@@ -65,8 +65,8 @@ lib_LTLIBRARIES = libsasl2.la
+
+ libsasl2_la_SOURCES = $(common_sources) $(common_headers)
+ libsasl2_la_LDFLAGS = -version-info $(sasl_version)
+-libsasl2_la_DEPENDENCIES = $(LTLIBOBJS)
+-libsasl2_la_LIBADD = $(LTLIBOBJS) $(SASL_DL_LIB) $(LIB_SOCKET) $(LIB_DOOR)
++libsasl2_la_DEPENDENCIES = $(LTLIBOBJS) $(CRYPTO_COMPAT_OBJS)
++libsasl2_la_LIBADD = $(LTLIBOBJS) $(SASL_DL_LIB) $(LIB_SOCKET) $(LIB_DOOR) $(CRYPTO_COMPAT_OBJS)
+
+ if MACOSX
+ framedir = /Library/Frameworks/SASL2.framework
Added: head/security/cyrus-sasl2/files/patch-plugins_Makefile.am
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/security/cyrus-sasl2/files/patch-plugins_Makefile.am Sat Jun 16 06:16:51 2018 (r472519)
@@ -0,0 +1,37 @@
+--- plugins/Makefile.am.orig 2012-10-12 14:05:48 UTC
++++ plugins/Makefile.am
+@@ -53,6 +53,7 @@ INCLUDES=-I$(top_srcdir)/include -I$(top
+ AM_LDFLAGS = -module -export-dynamic -rpath $(plugindir) -version-info $(plugin_version)
+
+ COMPAT_OBJS = @LTGETADDRINFOOBJS@ @LTGETNAMEINFOOBJS@ @LTSNPRINTFOBJS@
++CRYPTO_COMPAT_OBJS = $(top_builddir)/common/libcrypto_compat.la
+
+ EXTRA_DIST = makeinit.sh NTMakefile
+ noinst_SCRIPTS = makeinit.sh
+@@ -106,20 +107,20 @@ liblogin_la_DEPENDENCIES = $(COMPAT_OBJS
+ liblogin_la_LIBADD = $(PLAIN_LIBS) $(COMPAT_OBJS)
+
+ libsrp_la_SOURCES = srp.c srp_init.c $(common_sources)
+-libsrp_la_DEPENDENCIES = $(COMPAT_OBJS)
+-libsrp_la_LIBADD = $(SRP_LIBS) $(COMPAT_OBJS)
++libsrp_la_DEPENDENCIES = $(COMPAT_OBJS) $(CRYPTO_COMPAT_OBJS)
++libsrp_la_LIBADD = $(SRP_LIBS) $(COMPAT_OBJS) $(CRYPTO_COMPAT_OBJS)
+
+ libotp_la_SOURCES = otp.c otp_init.c otp.h $(common_sources)
+ libotp_la_DEPENDENCIES = $(COMPAT_OBJS)
+ libotp_la_LIBADD = $(OTP_LIBS) $(COMPAT_OBJS)
+
+ libntlm_la_SOURCES = ntlm.c ntlm_init.c $(common_sources)
+-libntlm_la_DEPENDENCIES = $(COMPAT_OBJS)
+-libntlm_la_LIBADD = $(NTLM_LIBS) $(COMPAT_OBJS)
++libntlm_la_DEPENDENCIES = $(COMPAT_OBJS) $(CRYPTO_COMPAT_OBJS)
++libntlm_la_LIBADD = $(NTLM_LIBS) $(COMPAT_OBJS) $(CRYPTO_COMPAT_OBJS)
+
+ libpassdss_la_SOURCES = passdss.c passdss_init.c $(common_sources)
+-libpassdss_la_DEPENDENCIES = $(COMPAT_OBJS)
+-libpassdss_la_LIBADD = $(PASSDSS_LIBS) $(COMPAT_OBJS)
++libpassdss_la_DEPENDENCIES = $(COMPAT_OBJS) $(CRYPTO_COMPAT_OBJS)
++libpassdss_la_LIBADD = $(PASSDSS_LIBS) $(COMPAT_OBJS) $(CRYPTO_COMPAT_OBJS)
+
+ # Auxprop Plugins
+ libsasldb_la_SOURCES = sasldb.c sasldb_init.c $(common_sources)
Added: head/security/cyrus-sasl2/files/patch-plugins_ntlm.c
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/security/cyrus-sasl2/files/patch-plugins_ntlm.c Sat Jun 16 06:16:51 2018 (r472519)
@@ -0,0 +1,76 @@
+--- plugins/ntlm.c.orig 2018-02-14 13:10:38 UTC
++++ plugins/ntlm.c
+@@ -420,6 +420,29 @@ static unsigned char *P24(unsigned char
+ return P24;
+ }
+
++static HMAC_CTX *_plug_HMAC_CTX_new(const sasl_utils_t *utils)
++{
++ utils->log(NULL, SASL_LOG_DEBUG, "_plug_HMAC_CTX_new()");
++
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L
++ return HMAC_CTX_new();
++#else
++ return utils->malloc(sizeof(EVP_MD_CTX));
++#endif
++}
++
++static void _plug_HMAC_CTX_free(HMAC_CTX *ctx, const sasl_utils_t *utils)
++{
++ utils->log(NULL, SASL_LOG_DEBUG, "_plug_HMAC_CTX_free()");
++
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L
++ HMAC_CTX_free(ctx);
++#else
++ HMAC_cleanup(ctx);
++ utils->free(ctx);
++#endif
++}
++
+ static unsigned char *V2(unsigned char *V2, sasl_secret_t *passwd,
+ const char *authid, const char *target,
+ const unsigned char *challenge,
+@@ -427,7 +450,7 @@ static unsigned char *V2(unsigned char *
+ const sasl_utils_t *utils,
+ char **buf, unsigned *buflen, int *result)
+ {
+- HMAC_CTX ctx;
++ HMAC_CTX *ctx = NULL;
+ unsigned char hash[EVP_MAX_MD_SIZE];
+ char *upper;
+ unsigned int len;
+@@ -438,6 +461,10 @@ static unsigned char *V2(unsigned char *
+ SETERROR(utils, "cannot allocate NTLMv2 hash");
+ *result = SASL_NOMEM;
+ }
++ else if ((ctx = _plug_HMAC_CTX_new(utils)) == NULL) {
++ SETERROR(utils, "cannot allocate HMAC CTX");
++ *result = SASL_NOMEM;
++ }
+ else {
+ /* NTLMv2hash = HMAC-MD5(NTLMhash, unicode(ucase(authid + domain))) */
+ P16_nt(hash, passwd, utils, buf, buflen, result);
+@@ -453,17 +480,18 @@ static unsigned char *V2(unsigned char *
+ (unsigned char *) *buf, 2 * len, hash, &len);
+
+ /* V2 = HMAC-MD5(NTLMv2hash, challenge + blob) + blob */
+- HMAC_Init(&ctx, hash, len, EVP_md5());
+- HMAC_Update(&ctx, challenge, NTLM_NONCE_LENGTH);
+- HMAC_Update(&ctx, blob, bloblen);
+- HMAC_Final(&ctx, V2, &len);
+- HMAC_cleanup(&ctx);
++ HMAC_Init_ex(ctx, hash, len, EVP_md5(), NULL);
++ HMAC_Update(ctx, challenge, NTLM_NONCE_LENGTH);
++ HMAC_Update(ctx, blob, bloblen);
++ HMAC_Final(ctx, V2, &len);
+
+ /* the blob is concatenated outside of this function */
+
+ *result = SASL_OK;
+ }
+
++ if (ctx) _plug_HMAC_CTX_free(ctx, utils);
++
+ return V2;
+ }
+
Added: head/security/cyrus-sasl2/files/patch-plugins_otp.c
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/security/cyrus-sasl2/files/patch-plugins_otp.c Sat Jun 16 06:16:51 2018 (r472519)
@@ -0,0 +1,235 @@
+--- plugins/otp.c.orig 2018-02-14 13:16:37 UTC
++++ plugins/otp.c
+@@ -98,6 +98,28 @@ static algorithm_option_t algorithm_opti
+ {NULL, 0, NULL}
+ };
+
++static EVP_MD_CTX *_plug_EVP_MD_CTX_new(const sasl_utils_t *utils)
++{
++ utils->log(NULL, SASL_LOG_DEBUG, "_plug_EVP_MD_CTX_new()");
++
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L
++ return EVP_MD_CTX_new();
++#else
++ return utils->malloc(sizeof(EVP_MD_CTX));
++#endif
++}
++
++static void _plug_EVP_MD_CTX_free(EVP_MD_CTX *ctx, const sasl_utils_t *utils)
++{
++ utils->log(NULL, SASL_LOG_DEBUG, "_plug_EVP_MD_CTX_free()");
++
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L
++ EVP_MD_CTX_free(ctx);
++#else
++ utils->free(ctx);
++#endif
++}
++
+ /* Convert the binary data into ASCII hex */
+ void bin2hex(unsigned char *bin, int binlen, char *hex)
+ {
+@@ -118,17 +140,16 @@ void bin2hex(unsigned char *bin, int bin
+ * swabbing bytes if necessary.
+ */
+ static void otp_hash(const EVP_MD *md, char *in, size_t inlen,
+- unsigned char *out, int swab)
++ unsigned char *out, int swab, EVP_MD_CTX *mdctx)
+ {
+- EVP_MD_CTX mdctx;
+ char hash[EVP_MAX_MD_SIZE];
+ unsigned int i;
+ int j;
+ unsigned hashlen;
+
+- EVP_DigestInit(&mdctx, md);
+- EVP_DigestUpdate(&mdctx, in, inlen);
+- EVP_DigestFinal(&mdctx, hash, &hashlen);
++ EVP_DigestInit(mdctx, md);
++ EVP_DigestUpdate(mdctx, in, inlen);
++ EVP_DigestFinal(mdctx, hash, &hashlen);
+
+ /* Fold the result into 64 bits */
+ for (i = OTP_HASH_SIZE; i < hashlen; i++) {
+@@ -151,31 +172,42 @@ static int generate_otp(const sasl_utils
+ char *secret, char *otp)
+ {
+ const EVP_MD *md;
+- char *key;
++ EVP_MD_CTX *mdctx = NULL;
++ char *key = NULL;
++ int r = SASL_OK;
+
+ if (!(md = EVP_get_digestbyname(alg->evp_name))) {
+ utils->seterror(utils->conn, 0,
+ "OTP algorithm %s is not available", alg->evp_name);
+ return SASL_FAIL;
+ }
+-
++
++ if ((mdctx = _plug_EVP_MD_CTX_new(utils)) == NULL) {
++ SETERROR(utils, "cannot allocate MD CTX");
++ r = SASL_NOMEM;
++ goto done;
++ }
++
+ if ((key = utils->malloc(strlen(seed) + strlen(secret) + 1)) == NULL) {
+ SETERROR(utils, "cannot allocate OTP key");
+- return SASL_NOMEM;
++ r = SASL_NOMEM;
++ goto done;
+ }
+
+ /* initial step */
+ strcpy(key, seed);
+ strcat(key, secret);
+- otp_hash(md, key, strlen(key), otp, alg->swab);
++ otp_hash(md, key, strlen(key), otp, alg->swab, mdctx);
+
+ /* computation step */
+ while (seq-- > 0)
+- otp_hash(md, otp, OTP_HASH_SIZE, otp, alg->swab);
+-
+- utils->free(key);
++ otp_hash(md, otp, OTP_HASH_SIZE, otp, alg->swab, mdctx);
++
++ done:
++ if (key) utils->free(key);
++ if (mdctx) _plug_EVP_MD_CTX_free(mdctx, utils);
+
+- return SASL_OK;
++ return r;
+ }
+
+ static int parse_challenge(const sasl_utils_t *utils,
+@@ -695,7 +727,8 @@ static int strptrcasecmp(const void *arg
+
+ /* Convert the 6 words into binary data */
+ static int word2bin(const sasl_utils_t *utils,
+- char *words, unsigned char *bin, const EVP_MD *md)
++ char *words, unsigned char *bin, const EVP_MD *md,
++ EVP_MD_CTX *mdctx)
+ {
+ int i, j;
+ char *c, *word, buf[OTP_RESPONSE_MAX+1];
+@@ -754,13 +787,12 @@ static int word2bin(const sasl_utils_t *
+
+ /* alternate dictionary */
+ if (alt_dict) {
+- EVP_MD_CTX mdctx;
+ char hash[EVP_MAX_MD_SIZE];
+ int hashlen;
+
+- EVP_DigestInit(&mdctx, md);
+- EVP_DigestUpdate(&mdctx, word, strlen(word));
+- EVP_DigestFinal(&mdctx, hash, &hashlen);
++ EVP_DigestInit(mdctx, md);
++ EVP_DigestUpdate(mdctx, word, strlen(word));
++ EVP_DigestFinal(mdctx, hash, &hashlen);
+
+ /* use lowest 11 bits */
+ x = ((hash[hashlen-2] & 0x7) << 8) | hash[hashlen-1];
+@@ -804,6 +836,7 @@ static int verify_response(server_contex
+ char *response)
+ {
+ const EVP_MD *md;
++ EVP_MD_CTX *mdctx = NULL;
+ char *c;
+ int do_init = 0;
+ unsigned char cur_otp[OTP_HASH_SIZE], prev_otp[OTP_HASH_SIZE];
+@@ -817,6 +850,11 @@ static int verify_response(server_contex
+ return SASL_FAIL;
+ }
+
++ if ((mdctx = _plug_EVP_MD_CTX_new(utils)) == NULL) {
++ SETERROR(utils, "cannot allocate MD CTX");
++ return SASL_NOMEM;
++ }
++
+ /* eat leading whitespace */
+ c = response;
+ while (isspace((int) *c)) c++;
+@@ -826,7 +864,7 @@ static int verify_response(server_contex
+ r = hex2bin(c+strlen(OTP_HEX_TYPE), cur_otp, OTP_HASH_SIZE);
+ }
+ else if (!strncasecmp(c, OTP_WORD_TYPE, strlen(OTP_WORD_TYPE))) {
+- r = word2bin(utils, c+strlen(OTP_WORD_TYPE), cur_otp, md);
++ r = word2bin(utils, c+strlen(OTP_WORD_TYPE), cur_otp, md, mdctx);
+ }
+ else if (!strncasecmp(c, OTP_INIT_HEX_TYPE,
+ strlen(OTP_INIT_HEX_TYPE))) {
+@@ -836,7 +874,7 @@ static int verify_response(server_contex
+ else if (!strncasecmp(c, OTP_INIT_WORD_TYPE,
+ strlen(OTP_INIT_WORD_TYPE))) {
+ do_init = 1;
+- r = word2bin(utils, c+strlen(OTP_INIT_WORD_TYPE), cur_otp, md);
++ r = word2bin(utils, c+strlen(OTP_INIT_WORD_TYPE), cur_otp, md, mdctx);
+ }
+ else {
+ SETERROR(utils, "unknown OTP extended response type");
+@@ -852,7 +890,8 @@ static int verify_response(server_contex
+
+ if (r == SASL_OK) {
+ /* do one more hash (previous otp) and compare to stored otp */
+- otp_hash(md, cur_otp, OTP_HASH_SIZE, prev_otp, text->alg->swab);
++ otp_hash(md, cur_otp, OTP_HASH_SIZE,
++ prev_otp, text->alg->swab, mdctx);
+
+ if (!memcmp(prev_otp, text->otp, OTP_HASH_SIZE)) {
+ /* update the secret with this seq/otp */
+@@ -881,23 +920,28 @@ static int verify_response(server_contex
+ *new_resp++ = '\0';
+ }
+
+- if (!(new_chal && new_resp))
+- return SASL_BADAUTH;
++ if (!(new_chal && new_resp)) {
++ r = SASL_BADAUTH;
++ goto done;
++ }
+
+ if ((r = parse_challenge(utils, new_chal, &alg, &seq, seed, 1))
+ != SASL_OK) {
+- return r;
++ goto done;
+ }
+
+- if (seq < 1 || !strcasecmp(seed, text->seed))
+- return SASL_BADAUTH;
++ if (seq < 1 || !strcasecmp(seed, text->seed)) {
++ r = SASL_BADAUTH;
++ goto done;
++ }
+
+ /* find the MDA */
+ if (!(md = EVP_get_digestbyname(alg->evp_name))) {
+ utils->seterror(utils->conn, 0,
+ "OTP algorithm %s is not available",
+ alg->evp_name);
+- return SASL_BADAUTH;
++ r = SASL_BADAUTH;
++ goto done;
+ }
+
+ if (!strncasecmp(c, OTP_INIT_HEX_TYPE, strlen(OTP_INIT_HEX_TYPE))) {
+@@ -905,7 +949,7 @@ static int verify_response(server_contex
+ }
+ else if (!strncasecmp(c, OTP_INIT_WORD_TYPE,
+ strlen(OTP_INIT_WORD_TYPE))) {
+- r = word2bin(utils, new_resp, new_otp, md);
++ r = word2bin(utils, new_resp, new_otp, md, mdctx);
+ }
+
+ if (r == SASL_OK) {
+@@ -916,7 +960,10 @@ static int verify_response(server_contex
+ memcpy(text->otp, new_otp, OTP_HASH_SIZE);
+ }
+ }
+-
++
++ done:
++ if (mdctx) _plug_EVP_MD_CTX_free(mdctx, utils);
++
+ return r;
+ }
+
Added: head/security/cyrus-sasl2/files/patch-plugins_passdss.c
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/security/cyrus-sasl2/files/patch-plugins_passdss.c Sat Jun 16 06:16:51 2018 (r472519)
@@ -0,0 +1,721 @@
+--- plugins/passdss.c.orig 2012-01-27 23:31:36 UTC
++++ plugins/passdss.c
+@@ -71,6 +71,9 @@
+ #include <openssl/sha.h>
+ #include <openssl/dsa.h>
+
++/* for legacy libcrypto support */
++#include "crypto-compat.h"
++
+ #include <sasl.h>
+ #define MD5_H /* suppress internal MD5 */
+ #include <saslplug.h>
+@@ -110,23 +113,23 @@ typedef struct context {
+ const sasl_utils_t *utils;
+
+ /* per-step mem management */
+- char *out_buf;
++ unsigned char *out_buf;
+ unsigned out_buf_len;
+
+ /* security layer foo */
+ unsigned char secmask; /* bitmask of enabled security layers */
+ unsigned char padding[EVP_MAX_BLOCK_LENGTH]; /* block of NULs */
+
+- HMAC_CTX hmac_send_ctx;
+- HMAC_CTX hmac_recv_ctx;
++ HMAC_CTX *hmac_send_ctx;
++ HMAC_CTX *hmac_recv_ctx;
+
+ unsigned char send_integrity_key[4 + EVP_MAX_MD_SIZE]; /* +4 for pktnum */
+ unsigned char recv_integrity_key[4 + EVP_MAX_MD_SIZE]; /* +4 for pktnum */
+ unsigned char *cs_integrity_key; /* ptr to bare key in send/recv key */
+ unsigned char *sc_integrity_key; /* ptr to bare key in send/recv key */
+
+- EVP_CIPHER_CTX cipher_enc_ctx;
+- EVP_CIPHER_CTX cipher_dec_ctx;
++ EVP_CIPHER_CTX *cipher_enc_ctx;
++ EVP_CIPHER_CTX *cipher_dec_ctx;
+ unsigned blk_siz;
+
+ unsigned char cs_encryption_iv[EVP_MAX_MD_SIZE];
+@@ -139,7 +142,7 @@ typedef struct context {
+ uint32_t pktnum_in;
+
+ /* for encoding/decoding mem management */
+- char *encode_buf, *decode_buf, *decode_pkt_buf;
++ unsigned char *encode_buf, *decode_buf, *decode_pkt_buf;
+ unsigned encode_buf_len, decode_buf_len, decode_pkt_buf_len;
+
+ /* layers buffering */
+@@ -171,7 +174,7 @@ static int passdss_encode(void *context,
+ inputlen += invec[i].iov_len;
+
+ /* allocate a buffer for the output */
+- ret = _plug_buf_alloc(text->utils, &text->encode_buf,
++ ret = _plug_buf_alloc(text->utils, (char **) &text->encode_buf,
+ &text->encode_buf_len,
+ 4 + /* length */
+ inputlen + /* content */
+@@ -186,19 +189,19 @@ static int passdss_encode(void *context,
+ memcpy(text->send_integrity_key, &tmpnum, 4);
+
+ /* key the HMAC */
+- HMAC_Init_ex(&text->hmac_send_ctx, text->send_integrity_key,
++ HMAC_Init_ex(text->hmac_send_ctx, text->send_integrity_key,
+ 4+SHA_DIGEST_LENGTH, EVP_sha1(), NULL);
+
+ /* operate on each iovec */
+ for (i = 0; i < numiov; i++) {
+ /* hash the content */
+- HMAC_Update(&text->hmac_send_ctx, invec[i].iov_base, invec[i].iov_len);
++ HMAC_Update(text->hmac_send_ctx, invec[i].iov_base, invec[i].iov_len);
+
+ if (text->secmask & PRIVACY_LAYER_FLAG) {
+- unsigned enclen;
++ int enclen;
*** DIFF OUTPUT TRUNCATED AT 1000 LINES ***
More information about the svn-ports-all
mailing list