From nobody Thu Nov 03 22:40:01 2022 X-Original-To: dev-commits-ports-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4N3Jc21Vkdz4gxdV; Thu, 3 Nov 2022 22:40:02 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4N3Jc20Tzyz3XkY; Thu, 3 Nov 2022 22:40:02 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1667515202; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=tucVEE95CpKI5TWcfOETjTpVqK0vKtXl4HIpL9xzQ/0=; b=kPR8LAEbx01JfiDtMKlfkhCa9GByFvvtEDeR0qGpmnmWfon+7a1zgOq/No4QBczuxicyei L0gpslLomLUy0OFCn5i1LjGKxxgL9fjO/z43I5zqDzxfYodBbsYS5DRXXmFW9wI1PDoEEG wZBfaIS5VvqtSfjRqTLzLzZqMx3Qohfw9jHeKWWKElgQT58muVsYzJU1n9snCYOIAIx9iB rI0vwwMz0ihDUdQA7e+MTB8+GStFtO5rU6IGKONn6rY7dlM6J35vHRpwfGrYAr7lHD5iBi hkIpcTX6iGNthaFEKOSk1rHuiLZBGGuMYrk0N+m/YDGZNpv0aLiEKM7bv09asA== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4N3Jc15xDKzsrB; Thu, 3 Nov 2022 22:40:01 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 2A3Me11w070194; Thu, 3 Nov 2022 22:40:01 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 2A3Me1wd070191; Thu, 3 Nov 2022 22:40:01 GMT (envelope-from git) Date: Thu, 3 Nov 2022 22:40:01 GMT Message-Id: <202211032240.2A3Me1wd070191@gitrepo.freebsd.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org From: Dave Cottlehuber Subject: git: 42875692d7c3 - main - dns/dnsdist: re-enable scrypt hashing List-Id: Commits to the main branch of the FreeBSD ports repository List-Archive: https://lists.freebsd.org/archives/dev-commits-ports-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-ports-main@freebsd.org X-BeenThere: dev-commits-ports-main@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: dch X-Git-Repository: ports X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 42875692d7c3ba04dad1852db3d2c9e4ce8656ba Auto-Submitted: auto-generated ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1667515202; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=tucVEE95CpKI5TWcfOETjTpVqK0vKtXl4HIpL9xzQ/0=; b=v2Xl7V2LOnAxsDTL+WzTkJQSy+wHuARtbHXghiqS152zImMKO5MZBB9nKCgrlsULvkj2C4 NLxYQAP8WcoJK46AWynBntroni5WMLPRdVLVzSEJNhCsDrB91nB0glEdjY2rmBCtlvPpCh ErKM8TN622RdVLWb3NMswUJyyZAOJjYnZ+JTKX9WYU0si/RmFGB1L/pS37Oe8TXEFFqIxO AeAgRauzSWr7OytWVGkMa/VMY87ALTqV5rZjlhURF5zeeKfkmRPOzqaKpLsLWCLob+bBb6 ArIWZ6LdRwvKNN4JVOEw1hx4CbjqSudwiByBB0rBGscMeCQwWJ4NMVfJc/wMSw== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1667515202; a=rsa-sha256; cv=none; b=IFLxIVm39vItb+IWbYqzuCu+ysiq6OaeMWY5L6q4zTN5eZOvqyh9DCQKoWfbDUG8SE4oIL h7iHE9+uVzZty/V1yUf30zY+01MU3AVtI7Lcl3nzjseSsPEn1IcP1JnHJKGFAYwosljd0V J/rXQDObrq/Xn0p2kZ6YnlyQEPRHfRxtOYjYKBDczmb7jPc1qKXmU612f5qUcKxRONPCje H0pgYBEDtBWcLp89Slm7Q/pxTLlDDMBsvQEgpbytyest7bdYNwTbUXFAJ0bL48D9h38rIx dBsig+JmLfxXgiwg0S13KNE8mQQE4I7nSxnuDvQFmFg4AgzsvbBwJV7jsQ2Isg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none X-ThisMailContainsUnwantedMimeParts: N The branch main has been updated by dch: URL: https://cgit.FreeBSD.org/ports/commit/?id=42875692d7c3ba04dad1852db3d2c9e4ce8656ba commit 42875692d7c3ba04dad1852db3d2c9e4ce8656ba Author: Dave Cottlehuber AuthorDate: 2022-11-03 07:35:46 +0000 Commit: Dave Cottlehuber CommitDate: 2022-11-03 22:38:52 +0000 dns/dnsdist: re-enable scrypt hashing PR: 266722 --- dns/dnsdist/files/patch-credentials.cc | 101 --------------------------------- 1 file changed, 101 deletions(-) diff --git a/dns/dnsdist/files/patch-credentials.cc b/dns/dnsdist/files/patch-credentials.cc deleted file mode 100644 index 4d71e65ad7aa..000000000000 --- a/dns/dnsdist/files/patch-credentials.cc +++ /dev/null @@ -1,101 +0,0 @@ ---- credentials.cc.orig 2021-11-23 18:39:17 UTC -+++ credentials.cc -@@ -28,7 +28,7 @@ - #include - #endif - --#ifdef HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT -+#if defined(HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT) && defined(EVP_PKEY_SCRYPT) - #include - #include - #include -@@ -42,7 +42,7 @@ - #include "credentials.hh" - #include "misc.hh" - --#ifdef HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT -+#if defined(HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT) && defined(EVP_PKEY_SCRYPT) - static size_t const pwhash_max_size = 128U; /* maximum size of the output */ - static size_t const pwhash_output_size = 32U; /* size of the hashed output (before base64 encoding) */ - static unsigned int const pwhash_salt_size = 16U; /* size of the salt (before base64 encoding */ -@@ -95,7 +95,7 @@ void SensitiveData::clear() - - static std::string hashPasswordInternal(const std::string& password, const std::string& salt, uint64_t workFactor, uint64_t parallelFactor, uint64_t blockSize) - { --#ifdef HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT -+#if defined(HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT) && defined(EVP_PKEY_SCRYPT) - auto pctx = std::unique_ptr(EVP_PKEY_CTX_new_id(EVP_PKEY_SCRYPT, nullptr), EVP_PKEY_CTX_free); - if (!pctx) { - throw std::runtime_error("Error getting a scrypt context to hash the supplied password"); -@@ -142,7 +142,7 @@ static std::string hashPasswordInternal(const std::str - - static std::string generateRandomSalt() - { --#ifdef HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT -+#if defined(HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT) && defined(EVP_PKEY_SCRYPT) - /* generate a random salt */ - std::string salt; - salt.resize(pwhash_salt_size); -@@ -159,7 +159,7 @@ static std::string generateRandomSalt() - - std::string hashPassword(const std::string& password, uint64_t workFactor, uint64_t parallelFactor, uint64_t blockSize) - { --#ifdef HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT -+#if defined(HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT) && defined(EVP_PKEY_SCRYPT) - std::string result; - result.reserve(pwhash_max_size); - -@@ -187,7 +187,7 @@ std::string hashPassword(const std::string& password, - - std::string hashPassword(const std::string& password) - { --#ifdef HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT -+#if defined(HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT) && defined(EVP_PKEY_SCRYPT) - return hashPassword(password, CredentialsHolder::s_defaultWorkFactor, CredentialsHolder::s_defaultParallelFactor, CredentialsHolder::s_defaultBlockSize); - #else - throw std::runtime_error("Hashing a password requires scrypt support in OpenSSL, and it is not available"); -@@ -196,7 +196,7 @@ std::string hashPassword(const std::string& password) - - bool verifyPassword(const std::string& binaryHash, const std::string& salt, uint64_t workFactor, uint64_t parallelFactor, uint64_t blockSize, const std::string& binaryPassword) - { --#ifdef HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT -+#if defined(HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT) && defined(EVP_PKEY_SCRYPT) - auto expected = hashPasswordInternal(binaryPassword, salt, workFactor, parallelFactor, blockSize); - return constantTimeStringEquals(expected, binaryHash); - #else -@@ -207,7 +207,7 @@ bool verifyPassword(const std::string& binaryHash, con - /* parse a hashed password in PHC string format */ - static void parseHashed(const std::string& hash, std::string& salt, std::string& hashedPassword, uint64_t& workFactor, uint64_t& parallelFactor, uint64_t& blockSize) - { --#ifdef HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT -+#if defined(HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT) && defined(EVP_PKEY_SCRYPT) - auto parametersEnd = hash.find('$', pwhash_prefix.size()); - if (parametersEnd == std::string::npos || parametersEnd == hash.size()) { - throw std::runtime_error("Invalid hashed password format, no parameters"); -@@ -276,7 +276,7 @@ bool verifyPassword(const std::string& hash, const std - return false; - } - --#ifdef HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT -+#if defined(HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT) && defined(EVP_PKEY_SCRYPT) - std::string salt; - std::string hashedPassword; - uint64_t workFactor = 0; -@@ -294,7 +294,7 @@ bool verifyPassword(const std::string& hash, const std - - bool isPasswordHashed(const std::string& password) - { --#ifdef HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT -+#if defined(HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT) && defined(EVP_PKEY_SCRYPT) - if (password.size() < pwhash_prefix_size || password.size() > pwhash_max_size) { - return false; - } -@@ -389,7 +389,7 @@ bool CredentialsHolder::matches(const std::string& pas - - bool CredentialsHolder::isHashingAvailable() - { --#ifdef HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT -+#if defined(HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT) && defined(EVP_PKEY_SCRYPT) - return true; - #else - return false;