Re: Inquiry Regarding OpenSSL 3.0 Support for Cyrus Sasl - 2.1.28

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



The PASSDSS plugin can probably just go away.  IIRC, it was based on a draft spec, and I doubt it gets any use in the real world.


On 12/14/23 11:13 AM, Jered Floyd wrote:
On the passdss plugin, it looks like Fedora/RHEL do not build and ship this plugin, so nobody here has yet patched it for OpenSSL 3.  I imagine it won't be a big change if you familiarize yourself with the API changes.

--Jered

----- On Dec 11, 2023, at 6:15 AM, Howard Chu hyc@xxxxxxxxx wrote:

madhu.krishna.gundelli via SASL wrote:
Hi Jered,

Thank you for your prompt response and the valuable information provided. I have
thoroughly examined the suggested source repository and the specific commit you
mentioned:
https://src.fedoraproject.org/rpms/cyrus-sasl/c/84a6dfd794269883983287d5c7c764175a10b76f?branch=rawhide
Upon closer inspection, I observed that the OpenSSL 3.0 code changes are
primarily concentrated in the following files:

  1. plugins/digestmd5.c
  2. configure.ac
  3. cyrus-sasl.spec

Additionally, in the course of my investigation, I identified deprecated APIs in
the following files:

  1. ./plugins/srp.c
       * HMAC_CTX_free
       * HMAC_CTX_new
       * HMAC_Init_ex
       * HMAC_Update
       * HMAC_Final
The above was fixed in eb77d5baf156e7609c9add92834864b37d3c7fb4 in git master.

  2. ./plugins/passdss.c
       * DSA_new
       * DSA_free
       * DH_size
       * DH_compute_key
       * DSA_do_verify
       * HMAC_Init_ex
       * HMAC_Update
       * HMAC_Final
       * DH_new
       * DH_generate_key
       * DSA_generate_key
       * DSA_do_sign
Looks like none of the above has been addressed yet. You're welcome to submit a
patch to fix it.

  3. ./plugins/ntlm.c
       * HMAC_CTX_new
       * HMAC_CTX_reset
       * HMAC_Init_ex
       * HMAC_Update
       * HMAC_Final
       * HMAC_CTX_free
       * DES_set_odd_parity
       * DES_set_key
       * DES_ecb_encrypt
NTLM is obsolete and should not be used any more. It has already been deleted
from git master. Patches to update the code to support OpenSSL 3 will be
ignored.
Moreover, during the integration process for the above files, I encountered an
error related to an undefined symbol. This issue arises because these APIs are
deprecated in OpenSSL 3.0.

Given these findings, I would like to seek your guidance on the next steps.
Specifically, do you have any insights or recommendations regarding the
resolution
of the undefined symbol issue?
I appreciate your continued assistance and look forward to your insights.

Regards,

Madhu Krishna


*Cyrus <https://cyrus.topicbox.com/latest>* / SASL / see discussions
<https://cyrus.topicbox.com/groups/sasl> + participants
<https://cyrus.topicbox.com/groups/sasl/members> + delivery options
<https://cyrus.topicbox.com/groups/sasl/subscription> Permalink
<https://cyrus.topicbox.com/groups/sasl/Tad69cbe9ba6e179a-M322274f03348540d9597c814>

--
-- Howard Chu
CTO, Symas Corp.           http://www.symas.com
Director, Highland Sun     http://highlandsun.com/hyc/
Chief Architect, OpenLDAP  http://www.openldap.org/project/
------------------------------------------
Cyrus: SASL
Permalink: https://cyrus.topicbox.com/groups/sasl/Tad69cbe9ba6e179a-M328be2404b02dd771ea2915b
Delivery options: https://cyrus.topicbox.com/groups/sasl/subscription

--
Kenneth Murchison
Senior Software Developer
Fastmail US LLC


------------------------------------------
Cyrus: SASL
Permalink: https://cyrus.topicbox.com/groups/sasl/Tad69cbe9ba6e179a-Me9f86edb4fbd91a7ff52cf68
Delivery options: https://cyrus.topicbox.com/groups/sasl/subscription




[Index of Archives]     [Info Cyrus]     [Squirrel Mail]     [Linux Media]     [Yosemite News]     [gtk]     [KDE]     [Gimp on Windows]     [Steve's Art]

  Powered by Linux