The PASSDSS plugin can probably just go away. IIRC, it was based on a
draft spec, and I doubt it gets any use in the real world.
On 12/14/23 11:13 AM, Jered Floyd wrote:
On the passdss plugin, it looks like Fedora/RHEL do not build and ship this plugin, so nobody here has yet patched it for OpenSSL 3. I imagine it won't be a big change if you familiarize yourself with the API changes.
--Jered
----- On Dec 11, 2023, at 6:15 AM, Howard Chu hyc@xxxxxxxxx wrote:
madhu.krishna.gundelli via SASL wrote:
Hi Jered,
Thank you for your prompt response and the valuable information provided. I have
thoroughly examined the suggested source repository and the specific commit you
mentioned:
https://src.fedoraproject.org/rpms/cyrus-sasl/c/84a6dfd794269883983287d5c7c764175a10b76f?branch=rawhide
Upon closer inspection, I observed that the OpenSSL 3.0 code changes are
primarily concentrated in the following files:
1. plugins/digestmd5.c
2. configure.ac
3. cyrus-sasl.spec
Additionally, in the course of my investigation, I identified deprecated APIs in
the following files:
1. ./plugins/srp.c
* HMAC_CTX_free
* HMAC_CTX_new
* HMAC_Init_ex
* HMAC_Update
* HMAC_Final
The above was fixed in eb77d5baf156e7609c9add92834864b37d3c7fb4 in git master.
2. ./plugins/passdss.c
* DSA_new
* DSA_free
* DH_size
* DH_compute_key
* DSA_do_verify
* HMAC_Init_ex
* HMAC_Update
* HMAC_Final
* DH_new
* DH_generate_key
* DSA_generate_key
* DSA_do_sign
Looks like none of the above has been addressed yet. You're welcome to submit a
patch to fix it.
3. ./plugins/ntlm.c
* HMAC_CTX_new
* HMAC_CTX_reset
* HMAC_Init_ex
* HMAC_Update
* HMAC_Final
* HMAC_CTX_free
* DES_set_odd_parity
* DES_set_key
* DES_ecb_encrypt
NTLM is obsolete and should not be used any more. It has already been deleted
from git master. Patches to update the code to support OpenSSL 3 will be
ignored.
Moreover, during the integration process for the above files, I encountered an
error related to an undefined symbol. This issue arises because these APIs are
deprecated in OpenSSL 3.0.
Given these findings, I would like to seek your guidance on the next steps.
Specifically, do you have any insights or recommendations regarding the
resolution
of the undefined symbol issue?
I appreciate your continued assistance and look forward to your insights.
Regards,
Madhu Krishna
*Cyrus <https://cyrus.topicbox.com/latest>* / SASL / see discussions
<https://cyrus.topicbox.com/groups/sasl> + participants
<https://cyrus.topicbox.com/groups/sasl/members> + delivery options
<https://cyrus.topicbox.com/groups/sasl/subscription> Permalink
<https://cyrus.topicbox.com/groups/sasl/Tad69cbe9ba6e179a-M322274f03348540d9597c814>
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
------------------------------------------
Cyrus: SASL
Permalink: https://cyrus.topicbox.com/groups/sasl/Tad69cbe9ba6e179a-M328be2404b02dd771ea2915b
Delivery options: https://cyrus.topicbox.com/groups/sasl/subscription
--
Kenneth Murchison
Senior Software Developer
Fastmail US LLC
------------------------------------------
Cyrus: SASL
Permalink: https://cyrus.topicbox.com/groups/sasl/Tad69cbe9ba6e179a-Me9f86edb4fbd91a7ff52cf68
Delivery options: https://cyrus.topicbox.com/groups/sasl/subscription
