Blame SOURCES/cyrus-sasl-2.1.27-cumulative-ossl3.patch

d7115b
diff -uPr cyrus-sasl-2.1.27/configure.ac cyrus-sasl-2.1.27.ossl3/configure.ac
d7115b
--- cyrus-sasl-2.1.27/configure.ac	2021-10-06 11:29:53.274375206 -0400
d7115b
+++ cyrus-sasl-2.1.27.ossl3/configure.ac	2021-10-06 11:31:19.966726775 -0400
d7115b
@@ -1115,7 +1115,11 @@
d7115b
 	with_rc4=yes)
d7115b
 
d7115b
 if test "$with_rc4" != no; then
d7115b
-    AC_DEFINE(WITH_RC4,[],[Use RC4])
d7115b
+    if test "$with_openssl" = no; then
d7115b
+        AC_WARN([OpenSSL not found -- RC4 will be disabled])
d7115b
+    else
d7115b
+        AC_DEFINE(WITH_RC4,[],[Use RC4])
d7115b
+    fi
d7115b
 fi
d7115b
 
d7115b
 building_for_macosx=no
d7115b
diff -uPr cyrus-sasl-2.1.27/plugins/scram.c cyrus-sasl-2.1.27.ossl3/plugins/scram.c
d7115b
--- cyrus-sasl-2.1.27/plugins/scram.c	2018-11-08 12:29:57.000000000 -0500
d7115b
+++ cyrus-sasl-2.1.27.ossl3/plugins/scram.c	2021-10-06 11:31:04.407484201 -0400
d7115b
@@ -65,7 +65,9 @@
d7115b
 
d7115b
 #include <openssl/sha.h>
d7115b
 #include <openssl/evp.h>
d7115b
+#if OPENSSL_VERSION_NUMBER < 0x30000000L
d7115b
 #include <openssl/hmac.h>
d7115b
+#endif
d7115b
 
d7115b
 /*****************************  Common Section  *****************************/
d7115b
 
d7115b
@@ -267,6 +271,32 @@
d7115b
 }
d7115b
 #endif
d7115b
 
d7115b
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
d7115b
+
d7115b
+/* Decalre as void given functions never use the result */
d7115b
+void *HMAC(const EVP_MD *evp_md, const void *key, int key_len,
d7115b
+                     const unsigned char *data, size_t data_len,
d7115b
+                     unsigned char *md, unsigned int *md_len)
d7115b
+{
d7115b
+    const char *digest;
d7115b
+    size_t digest_size;
d7115b
+    size_t out_len;
d7115b
+    void *ret = NULL;
d7115b
+
d7115b
+    digest = EVP_MD_get0_name(evp_md);
d7115b
+    if (digest == NULL) {
d7115b
+        return NULL;
d7115b
+    }
d7115b
+    digest_size = EVP_MD_size(evp_md);
d7115b
+
d7115b
+    ret = EVP_Q_mac(NULL, "hmac", NULL, digest, NULL, key, key_len,
d7115b
+                    data, data_len, md, digest_size, &out_len);
d7115b
+    if (ret != NULL) {
d7115b
+        *md_len = (unsigned int)out_len;
d7115b
+    }
d7115b
+    return ret;
d7115b
+}
d7115b
+#endif
d7115b
 
d7115b
 /* The result variable need to point to a buffer big enough for the [SHA-1] hash */
d7115b
 static void
d7115b
diff -uPr cyrus-sasl-2.1.27/saslauthd/lak.c cyrus-sasl-2.1.27.ossl3/saslauthd/lak.c
d7115b
--- cyrus-sasl-2.1.27/saslauthd/lak.c	2022-01-09 11:30:50.000000000 -0400
d7115b
+++ cyrus-sasl-2.1.27.ossl3/saslauthd/lak.c	2022-01-09 11:30:50.000000001 -0400
d7115b
@@ -1806,18 +1806,36 @@
d7115b
 		return rc;
d7115b
 	}
d7115b
 
d7115b
-	EVP_DigestInit(mdctx, md);
d7115b
-	EVP_DigestUpdate(mdctx, passwd, strlen(passwd));
d7115b
+	rc = EVP_DigestInit(mdctx, md);
d7115b
+	if (rc != 1) {
d7115b
+		rc = LAK_FAIL;
d7115b
+		goto done;
d7115b
+	}
d7115b
+	rc = EVP_DigestUpdate(mdctx, passwd, strlen(passwd));
d7115b
+	if (rc != 1) {
d7115b
+		rc = LAK_FAIL;
d7115b
+		goto done;
d7115b
+	}
d7115b
 	if (hrock->salted) {
d7115b
-		EVP_DigestUpdate(mdctx, &cred[EVP_MD_size(md)],
d7115b
-				 clen - EVP_MD_size(md));
d7115b
+		rc = EVP_DigestUpdate(mdctx, &cred[EVP_MD_size(md)],
d7115b
+				      clen - EVP_MD_size(md));
d7115b
+		if (rc != 1) {
d7115b
+		    rc = LAK_FAIL;
d7115b
+		    goto done;
d7115b
+		}
d7115b
+	}
d7115b
+	rc = EVP_DigestFinal(mdctx, digest, NULL);
d7115b
+	if (rc != 1) {
d7115b
+		rc = LAK_FAIL;
d7115b
+		goto done;
d7115b
 	}
d7115b
-	EVP_DigestFinal(mdctx, digest, NULL);
d7115b
-	EVP_MD_CTX_free(mdctx);
d7115b
 
d7115b
 	rc = memcmp((char *)cred, (char *)digest, EVP_MD_size(md));
d7115b
+	rc = rc ? LAK_INVALID_PASSWORD : LAK_OK;
d7115b
+done:
d7115b
+	EVP_MD_CTX_free(mdctx);
d7115b
 	free(cred);
d7115b
-	return rc ? LAK_INVALID_PASSWORD : LAK_OK;
d7115b
+	return rc;
d7115b
 }
d7115b
 
d7115b
 #endif /* HAVE_OPENSSL */