Fix DIGEST-MD5 with openssl3

Andreas Hasenackrequested to merge
ahasenack/cyrus-sasl2:salsa-sasl2-digestmd5-fixes-and-tests into master

This PR pulls in 2 upstream committed patches, and one that is still in a PR state, to address https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1011249

0026-Gracefully-handle-failed-init.patch and 0027-Catch-errors-from-EVP_Digest-functions.patch are committed upstream and come from https://github.com/cyrusimap/cyrus-sasl/pull/653/commits. I didn't pick the third one from that list (Add a HMAC wrapper for deprecated function) because I didn't see those deprecation warnings, and was interested in a minimal fix for the current issue. It will in 2.1.29 anyway, so we will eventually get it. 0026 fixes the segfault observed in the Debian bug and now shows a proper error, but DIGEST-MD5 is still not usable with encryption.

0029-Load-OpenSSL3-legacy-provider-digestmd5.patch fixes the encryption used in DIGEST-MD5 by loading the openssl3 "legacy" provider, which is where the RC4 cipher sits nowadays. This is not yet committed upstream, and just used in Fedora's Rawhide, and is from PR https://github.com/cyrusimap/cyrus-sasl/pull/668/commits. Note that PR could use a rebase, as it includes commits that were merged already (like the two included here).

Finally, I'm also adding a new DEP8 test to cover these shared secret mechanisms.

Edited by Andreas Hasenack

Merge request reports