On the passdss plugin, it looks like Fedora/RHEL do not build and ship this plugin, so nobody here has yet patched it for OpenSSL 3. I imagine it won't be a big change if you familiarize yourself with the API changes. --Jered ----- On Dec 11, 2023, at 6:15 AM, Howard Chu hyc@xxxxxxxxx wrote: > madhu.krishna.gundelli via SASL wrote: >> Hi Jered, >> >> Thank you for your prompt response and the valuable information provided. I have >> thoroughly examined the suggested source repository and the specific commit you >> mentioned: >> https://src.fedoraproject.org/rpms/cyrus-sasl/c/84a6dfd794269883983287d5c7c764175a10b76f?branch=rawhide >> >> >> Upon closer inspection, I observed that the OpenSSL 3.0 code changes are >> primarily concentrated in the following files: >> >> 1. plugins/digestmd5.c >> 2. configure.ac >> 3. cyrus-sasl.spec >> >> Additionally, in the course of my investigation, I identified deprecated APIs in >> the following files: >> >> 1. ./plugins/srp.c >> * HMAC_CTX_free >> * HMAC_CTX_new >> * HMAC_Init_ex >> * HMAC_Update >> * HMAC_Final > > The above was fixed in eb77d5baf156e7609c9add92834864b37d3c7fb4 in git master. > >> 2. ./plugins/passdss.c >> * DSA_new >> * DSA_free >> * DH_size >> * DH_compute_key >> * DSA_do_verify >> * HMAC_Init_ex >> * HMAC_Update >> * HMAC_Final >> * DH_new >> * DH_generate_key >> * DSA_generate_key >> * DSA_do_sign > > Looks like none of the above has been addressed yet. You're welcome to submit a > patch to fix it. > >> 3. ./plugins/ntlm.c >> * HMAC_CTX_new >> * HMAC_CTX_reset >> * HMAC_Init_ex >> * HMAC_Update >> * HMAC_Final >> * HMAC_CTX_free >> * DES_set_odd_parity >> * DES_set_key >> * DES_ecb_encrypt > > NTLM is obsolete and should not be used any more. It has already been deleted > from git master. Patches to update the code to support OpenSSL 3 will be > ignored. >> >> Moreover, during the integration process for the above files, I encountered an >> error related to an undefined symbol. This issue arises because these APIs are >> deprecated in OpenSSL 3.0. >> >> >> >> Given these findings, I would like to seek your guidance on the next steps. >> Specifically, do you have any insights or recommendations regarding the >> resolution >> of the undefined symbol issue? >> >> >> I appreciate your continued assistance and look forward to your insights. >> >> >> >> Regards, >> >> Madhu Krishna >> >> >> *Cyrus <https://cyrus.topicbox.com/latest>* / SASL / see discussions >> <https://cyrus.topicbox.com/groups/sasl> + participants >> <https://cyrus.topicbox.com/groups/sasl/members> + delivery options >> <https://cyrus.topicbox.com/groups/sasl/subscription> Permalink >> <https://cyrus.topicbox.com/groups/sasl/Tad69cbe9ba6e179a-M322274f03348540d9597c814> > > > -- > -- Howard Chu > CTO, Symas Corp. http://www.symas.com > Director, Highland Sun http://highlandsun.com/hyc/ > Chief Architect, OpenLDAP http://www.openldap.org/project/ ------------------------------------------ Cyrus: SASL Permalink: https://cyrus.topicbox.com/groups/sasl/Tad69cbe9ba6e179a-M328be2404b02dd771ea2915b Delivery options: https://cyrus.topicbox.com/groups/sasl/subscription
