8ac718f8496a6fbfbf00248a68e740a10c0bcf81 galt Tue Nov 26 00:42:19 2024 -0800 This change accomodates upgrade to openssl3.3 and mariadb10 using custom-compiled libmariadb.a. These files are in /cluster/software/maridb and /cluster/software/openssl. refs #34014,#27440. It also handles the new mariadb 10 and 11 that have configuration with ssl turned on by default. diff --git src/hg/hgLogin/hgLogin.c src/hg/hgLogin/hgLogin.c index 38d2431..2399957 100644 --- src/hg/hgLogin/hgLogin.c +++ src/hg/hgLogin/hgLogin.c @@ -1,20 +1,24 @@ /* hgLogin - Administer UCSC Genome Browser membership - signup, lost password, etc. */ /* Copyright (C) 2014 The Regents of the University of California * See kent/LICENSE or http://genome.ucsc.edu/license/ for licensing information. */ +#include <openssl/evp.h> +#include <openssl/macros.h> +#include <openssl/md5.h> + #include "common.h" #include "hash.h" #include "obscure.h" #include "hgConfig.h" #include "cheapcgi.h" #include "memalloc.h" #include "jksql.h" #include "htmshell.h" #include "cart.h" #include "hPrint.h" #include "hdb.h" #include "hui.h" #include "web.h" #include "ra.h" #include "hgColors.h" @@ -76,54 +80,65 @@ else return cloneString(cfgOption(CFG_LOGIN_MAIL_SIGNATURE)); } char *mailReturnAddr() /* Return the return addr. to be used by outbound mail or NULL. Allocd here. * If set to "NOEMAIL" then no email will be sent and the account is activated right away. * */ { if isEmpty(cfgOption(CFG_LOGIN_MAIL_RETURN_ADDR)) return cloneString("NULL_mailReturnAddr"); else return cloneString(cfgOption(CFG_LOGIN_MAIL_RETURN_ADDR)); } -/* ---- password functions depend on optionally installed openssl lib ---- */ -#include <openssl/md5.h> +/* ---- password functions depend on installed openssl lib ---- */ + + + +void md5It(unsigned char *input, int inputSize, unsigned char *output) +/* handle function deprecated by newer versions of openssl */ +{ +#if OPENSSL_VERSION_NUMBER < 0x10100000L // # 1.1 +MD5(input, inputSize, output); +#else +EVP_Q_digest(NULL, "MD5", NULL, input, inputSize, output, NULL); +#endif +} void cryptWikiWay(char *password, char *salt, char* result) /* encrypt password in mediawiki format - ':B:'.$salt.':'. md5($salt.'-'.md5($password ) */ { int i; unsigned char result1[MD5_DIGEST_LENGTH]; unsigned char result2[MD5_DIGEST_LENGTH]; char firstMD5[MD5_DIGEST_LENGTH*2 + 1]; char secondMD5[MD5_DIGEST_LENGTH*2 + 1]; i = MD5_DIGEST_LENGTH; -MD5((unsigned char *)password, strlen(password), result1); +md5It((unsigned char *)password, strlen(password), result1); for(i = 0; i < MD5_DIGEST_LENGTH; i++) { sprintf(&firstMD5[i*2], "%02x", result1[i]); } // add the salt with "-" char saltDashMD5[256]; strcpy(saltDashMD5,salt); strcat(saltDashMD5,"-"); strcat(saltDashMD5,firstMD5); -MD5((unsigned char *) saltDashMD5, strlen(saltDashMD5), result2); +md5It((unsigned char *) saltDashMD5, strlen(saltDashMD5), result2); for(i = 0; i < MD5_DIGEST_LENGTH; i++) { sprintf(&secondMD5[i*2], "%02x", result2[i]); } strcpy(result, secondMD5); } void encryptPWD(char *password, char *salt, char *buf, int bufsize) /* encrypt a password in mediawiki way */ { char md5Returned[100]; cryptWikiWay(password, salt, md5Returned); safecat(buf,bufsize,":B:"); safecat(buf,bufsize,salt); safecat(buf,bufsize,":"); @@ -142,31 +157,31 @@ /* Generate a (not very) random seed. */ seed[0] = time(NULL); seed[1] = getpid() ^ (seed[0] >> 14 & 0x30000); /* Turn it into printable characters from 'seedchars'. */ for (i = 0; i < 8; i++) salt[i] = seedchars[(seed[i/5] >> (i%5)*6) & 0x3f]; encryptPWD(password, salt, buf, bufsize); } char *generateTokenMD5(char *token) /* Generate an unsalted MD5 string from token. */ { unsigned char result[MD5_DIGEST_LENGTH]; char tokenMD5[MD5_DIGEST_LENGTH*2 + 1]; int i = MD5_DIGEST_LENGTH; -MD5((unsigned char *) token, strlen(token), result); +md5It((unsigned char *) token, strlen(token), result); // Convert the tokenMD5 value to string for(i = 0; i < MD5_DIGEST_LENGTH; i++) { sprintf(&tokenMD5[i*2], "%02x", result[i]); } return cloneString(tokenMD5); } void findSalt(char *encPassword, char *salt, int saltSize) /* find the salt part from the password field */ { char tempStr1[45]; char tempStr2[45]; int i; // Skip the ":B:" part