Re: Inquiry Regarding OpenSSL 3.0 Support for Cyrus Sasl - 2.1.28

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]


The PASSDSS plugin can probably just go away.  IIRC, it was based on a draft spec, and I doubt it gets any use in the real world.

On 12/14/23 11:13 AM, Jered Floyd wrote:
On the passdss plugin, it looks like Fedora/RHEL do not build and ship this plugin, so nobody here has yet patched it for OpenSSL 3.  I imagine it won't be a big change if you familiarize yourself with the API changes.


----- On Dec 11, 2023, at 6:15 AM, Howard Chu hyc@xxxxxxxxx wrote:

madhu.krishna.gundelli via SASL wrote:
Hi Jered,

Thank you for your prompt response and the valuable information provided. I have
thoroughly examined the suggested source repository and the specific commit you
Upon closer inspection, I observed that the OpenSSL 3.0 code changes are
primarily concentrated in the following files:

  1. plugins/digestmd5.c
  3. cyrus-sasl.spec

Additionally, in the course of my investigation, I identified deprecated APIs in
the following files:

  1. ./plugins/srp.c
       * HMAC_CTX_free
       * HMAC_CTX_new
       * HMAC_Init_ex
       * HMAC_Update
       * HMAC_Final
The above was fixed in eb77d5baf156e7609c9add92834864b37d3c7fb4 in git master.

  2. ./plugins/passdss.c
       * DSA_new
       * DSA_free
       * DH_size
       * DH_compute_key
       * DSA_do_verify
       * HMAC_Init_ex
       * HMAC_Update
       * HMAC_Final
       * DH_new
       * DH_generate_key
       * DSA_generate_key
       * DSA_do_sign
Looks like none of the above has been addressed yet. You're welcome to submit a
patch to fix it.

  3. ./plugins/ntlm.c
       * HMAC_CTX_new
       * HMAC_CTX_reset
       * HMAC_Init_ex
       * HMAC_Update
       * HMAC_Final
       * HMAC_CTX_free
       * DES_set_odd_parity
       * DES_set_key
       * DES_ecb_encrypt
NTLM is obsolete and should not be used any more. It has already been deleted
from git master. Patches to update the code to support OpenSSL 3 will be
Moreover, during the integration process for the above files, I encountered an
error related to an undefined symbol. This issue arises because these APIs are
deprecated in OpenSSL 3.0.

Given these findings, I would like to seek your guidance on the next steps.
Specifically, do you have any insights or recommendations regarding the
of the undefined symbol issue?
I appreciate your continued assistance and look forward to your insights.


Madhu Krishna

*Cyrus <>* / SASL / see discussions
<> + participants
<> + delivery options
<> Permalink

-- Howard Chu
CTO, Symas Corp. 
Director, Highland Sun
Chief Architect, OpenLDAP
Cyrus: SASL
Delivery options:

Kenneth Murchison
Senior Software Developer
Fastmail US LLC

Cyrus: SASL
Delivery options:

[Index of Archives]     [Info Cyrus]     [Squirrel Mail]     [Linux Media]     [Yosemite News]     [gtk]     [KDE]     [Gimp on Windows]     [Steve's Art]

  Powered by Linux