File: 0016-saslauthd-Replace-MD5-with-OpenSSL-EVP-implementation.patch

package info (click to toggle)
cyrus-sasl2 2.1.28%2Bdfsg1-10
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid
  • size: 8,836 kB
  • sloc: ansic: 47,406; sh: 4,949; xml: 1,423; makefile: 735; python: 332
file content (63 lines) | stat: -rw-r--r-- 2,575 bytes parent folder | download | duplicates (2) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
 
From backport, 023468d6489ddd9873d45ddd8e2de5b46ee82976
From: Bastian Germann <bage@debian.org>
Date: Sun, 28 May 2023 13:57:03 +0200
Subject: saslauthd: Replace MD5 with OpenSSL EVP implementation

Signed-off-by: Bastian Germann <bage@debian.org>
---
diff --git a/saslauthd/Makefile.am b/saslauthd/Makefile.am
index bf6fbec6..b78b8c2c 100644
--- a/saslauthd/Makefile.am
+++ b/saslauthd/Makefile.am
@@ -19,13 +19,12 @@ saslauthd_SOURCES = mechanisms.c globals.h \
 		    auth_sia.h auth_sasldb.c auth_sasldb.h lak.c lak.h \
 		    auth_ldap.c auth_ldap.h cache.c cache.h cfile.c cfile.h \
 		    krbtf.c krbtf.h utils.c utils.h \
-                    ipc_unix.c ipc_doors.c saslauthd-main.c saslauthd-main.h \
-		    md5.c saslauthd_md5.h
+                    ipc_unix.c ipc_doors.c saslauthd-main.c saslauthd-main.h
 EXTRA_saslauthd_sources = getaddrinfo.c getnameinfo.c
 saslauthd_DEPENDENCIES = saslauthd-main.o $(LTLIBOBJS_FULL)
 saslauthd_LDADD	= @SASL_KRB_LIB@ \
 		  @GSSAPIBASE_LIBS@ @LIB_CRYPT@ @LIB_SIA@ \
-		  @LIB_SOCKET@ @SASL_DB_LIB@ @LIB_PAM@ @LDAP_LIBS@ $(LTLIBOBJS_FULL) $(CRYPTO_COMPAT_OBJS) $(LIBSASLDB_OBJS)
+		  @LIB_SOCKET@ @SASL_DB_LIB@ @LIB_PAM@ @LDAP_LIBS@ $(LTLIBOBJS_FULL) $(CRYPTO_COMPAT_OBJS) $(LIBSASLDB_OBJS) -lcrypto
 
 testsaslauthd_SOURCES = testsaslauthd.c utils.c
 testsaslauthd_LDADD = @LIB_SOCKET@
diff --git a/saslauthd/cache.c b/saslauthd/cache.c
index 0d78a735..424dcceb 100644
--- a/saslauthd/cache.c
+++ b/saslauthd/cache.c
@@ -54,8 +54,7 @@
 #include "cache.h"
 #include "utils.h"
 #include "globals.h"
-#include "md5global.h"
-#include "saslauthd_md5.h"
+#include <openssl/evp.h>
 
 /****************************************
  * module globals
@@ -164,7 +163,7 @@ int cache_lookup(const char *user, const char *realm, const char *service, const
 	int			service_length = 0;
 	int			hash_offset;
 	unsigned char		pwd_digest[16];
-	MD5_CTX			md5_context;
+	EVP_MD_CTX		*mdctx = EVP_MD_CTX_new();
 	time_t			epoch;
 	time_t			epoch_timeout;
 	struct bucket		*ref_bucket;
@@ -211,9 +210,9 @@ int cache_lookup(const char *user, const char *realm, const char *service, const
 
 	hash_offset = cache_pjwhash(userrealmserv);
 
-	_saslauthd_MD5Init(&md5_context);
-	_saslauthd_MD5Update(&md5_context, password, strlen(password));
-	_saslauthd_MD5Final(pwd_digest, &md5_context);
+	EVP_DigestInit(mdctx, EVP_md5());
+	EVP_DigestUpdate(mdctx, password, strlen(password));
+	EVP_DigestFinal(mdctx, pwd_digest, NULL);
 
 	/**************************************************************
 	 * Loop through the bucket chain to try and find a hit.