[prev in list] [next in list] [prev in thread] [next in thread]
List: cyrus-sasl
Subject: Re: Inquiry Regarding OpenSSL 3.0 Support for Cyrus Sasl - 2.1.28
From: Jered Floyd <jered () convivian ! com>
Date: 2023-12-14 16:13:46
Message-ID: 425601066.297923.1702570426136.JavaMail.zimbra () convivian ! com
[Download RAW message or body]
On the passdss plugin, it looks like Fedora/RHEL do not build and ship this plugin, \
so nobody here has yet patched it for OpenSSL 3. I imagine it won't be a big change \
if you familiarize yourself with the API changes.
--Jered
----- On Dec 11, 2023, at 6:15 AM, Howard Chu hyc@symas.com wrote:
> madhu.krishna.gundelli via SASL wrote:
> > Hi Jered,
> >
> > Thank you for your prompt response and the valuable information provided. I have
> > thoroughly examined the suggested source repository and the specific commit you
> > mentioned:
> > https://src.fedoraproject.org/rpms/cyrus-sasl/c/84a6dfd794269883983287d5c7c764175a10b76f?branch=rawhide
> >
> >
> > Upon closer inspection, I observed that the OpenSSL 3.0 code changes are
> > primarily concentrated in the following files:
> >
> > 1. plugins/digestmd5.c
> > 2. configure.ac
> > 3. cyrus-sasl.spec
> >
> > Additionally, in the course of my investigation, I identified deprecated APIs in
> > the following files:
> >
> > 1. ./plugins/srp.c
> > * HMAC_CTX_free
> > * HMAC_CTX_new
> > * HMAC_Init_ex
> > * HMAC_Update
> > * HMAC_Final
>
> The above was fixed in eb77d5baf156e7609c9add92834864b37d3c7fb4 in git master.
>
> > 2. ./plugins/passdss.c
> > * DSA_new
> > * DSA_free
> > * DH_size
> > * DH_compute_key
> > * DSA_do_verify
> > * HMAC_Init_ex
> > * HMAC_Update
> > * HMAC_Final
> > * DH_new
> > * DH_generate_key
> > * DSA_generate_key
> > * DSA_do_sign
>
> Looks like none of the above has been addressed yet. You're welcome to submit a
> patch to fix it.
>
> > 3. ./plugins/ntlm.c
> > * HMAC_CTX_new
> > * HMAC_CTX_reset
> > * HMAC_Init_ex
> > * HMAC_Update
> > * HMAC_Final
> > * HMAC_CTX_free
> > * DES_set_odd_parity
> > * DES_set_key
> > * DES_ecb_encrypt
>
> NTLM is obsolete and should not be used any more. It has already been deleted
> from git master. Patches to update the code to support OpenSSL 3 will be
> ignored.
> >
> > Moreover, during the integration process for the above files, I encountered an
> > error related to an undefined symbol. This issue arises because these APIs are
> > deprecated in OpenSSL 3.0.
> >
> >
> >
> > Given these findings, I would like to seek your guidance on the next steps.
> > Specifically, do you have any insights or recommendations regarding the
> > resolution
> > of the undefined symbol issue?
> >
> >
> > I appreciate your continued assistance and look forward to your insights.
> >
> >
> >
> > Regards,
> >
> > Madhu Krishna
> >
> >
> > *Cyrus <https://cyrus.topicbox.com/latest>* / SASL / see discussions
> > <https://cyrus.topicbox.com/groups/sasl> + participants
> > <https://cyrus.topicbox.com/groups/sasl/members> + delivery options
> > <https://cyrus.topicbox.com/groups/sasl/subscription> Permalink
> > <https://cyrus.topicbox.com/groups/sasl/Tad69cbe9ba6e179a-M322274f03348540d9597c814>
> >
>
>
> --
> -- Howard Chu
> CTO, Symas Corp. http://www.symas.com
> Director, Highland Sun http://highlandsun.com/hyc/
> Chief Architect, OpenLDAP http://www.openldap.org/project/
------------------------------------------
Cyrus: SASL
Permalink: https://cyrus.topicbox.com/groups/sasl/Tad69cbe9ba6e179a-M328be2404b02dd771ea2915b
Delivery options: https://cyrus.topicbox.com/groups/sasl/subscription
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic