Attachment #236967 for bug #266722

View | Details | Raw Unified | Return to bug 266722
Collapse All | Expand All




PORTNAME=	dnsdist
DISTVERSION=	1.7.2
PORTREVISION=	2
CATEGORIES=	dns net
MASTER_SITES=	https://downloads.powerdns.com/releases/

MAINTAINER=	tremere@cainites.net
COMMENT=	Highly DNS-, DoS- and abuse-aware loadbalancer
WWW=		https://dnsdist.org/

LICENSE=	GPLv2 ISCL MIT
LICENSE_COMB=	multi
LICENSE_FILE_GPLv2=	${WRKSRC}/COPYING
LICENSE_FILE_ISCL=	${WRKSRC}/ext/ipcrypt/LICENSE
LICENSE_FILE_MIT=	${WRKSRC}/ext/yahttp/LICENSE

NOT_FOR_ARCHS=	i386
NOT_FOR_ARCHS_REASON=	archs with 32-bits time_t are no longer supported by upstream

BUILD_DEPENDS=	${LOCALBASE}/lib/libatomic_ops.a:devel/libatomic_ops
LIB_DEPENDS=	libboost_serialization.so:devel/boost-libs \
		libh2o-evloop.so:www/h2o \
		libre2.so:devel/re2 \
		libsodium.so:security/libsodium

USES=		bison:alias compiler:c++14-lang cpe gmake libedit libtool \
		localbase pkgconfig tar:bz2
CPE_VENDOR=	powerdns
USE_RC_SUBR=	dnsdist

GNU_CONFIGURE=	yes
CONFIGURE_ARGS=	--bindir=${PREFIX}/sbin \
		--enable-dns-over-https \
		--enable-dns-over-tls \
		--enable-dnscrypt \
		--sysconfdir=${ETCDIR} \
		--with-libsodium \
		--with-re2

INSTALL_TARGET=	install-strip

USERS=		_dnsdist
GROUPS=		_dnsdist

OPTIONS_DEFINE=		DNSTAP SNMP
OPTIONS_DEFAULT=	CDB GNUTLS LMDB LUA OPENSSL
OPTIONS_GROUP=		KSVOPT
OPTIONS_GROUP_KSVOPT=	CDB LMDB
OPTIONS_MULTI=		TLS
OPTIONS_MULTI_TLS=	GNUTLS OPENSSL
OPTIONS_SINGLE=		EXTLUA
OPTIONS_SINGLE_EXTLUA=	LUA LUAJIT LUAJITOR

CDB_DESC=	CDB backend
DNSTAP_DESC=	dnstap support (see dnstap.info)
KSVOPT_DESC=	Key Value Stores
LMDB_DESC=	LMDB backend
LUAJITOR_DESC=	Use lang/luajit-openresty
LUAJIT_DESC=	Use lang/luajit
LUA_DESC=	Use lang/lua

CDB_LIB_DEPENDS=	libcdb.so:databases/tinycdb
CDB_CONFIGURE_ON=	CDB_CFLAGS="-I${LOCALBASE}/include" \
			CDB_LIBS="-L${LOCALBASE}/lib -lcdb"

DNSTAP_LIB_DEPENDS=		libfstrm.so:devel/fstrm
DNSTAP_CONFIGURE_ENABLE=	dnstap

GNUTLS_LIB_DEPENDS=	libgnutls.so:security/gnutls
GNUTLS_CONFIGURE_WITH=	gnutls

LMDB_LIB_DEPENDS=	liblmdb.so:databases/lmdb
LMDB_CONFIGURE_ON=	--with-lmdb=${LOCALBASE}
LMDB_CONFIGURE_OFF=	--without-lmdb

LUAJITOR_LIB_DEPENDS=	libluajit-5.1.so:lang/luajit-openresty
LUAJITOR_CONFIGURE_ON=	--with-lua=luajit

LUAJIT_LIB_DEPENDS=	libluajit-5.1.so:lang/luajit
LUAJIT_CONFIGURE_ON=	--with-lua=luajit

LUA_USES=		lua
LUA_CONFIGURE_ON=	--with-lua=lua-${LUA_VER}

OPENSSL_USES=		ssl
OPENSSL_CONFIGURE_ON=	LIBSSL_CFLAGS=-I${OPENSSLINC} \
			LIBSSL_LIBS="-L${OPENSSLLIB} -lssl"
OPENSSL_CONFIGURE_WITH=	libssl

SNMP_LIB_DEPENDS=	libnetsnmp.so:net-mgmt/net-snmp
SNMP_CONFIGURE_WITH=	net-snmp

post-install:
	@${MKDIR} ${STAGEDIR}${ETCDIR}
	${INSTALL_DATA} ${FILESDIR}/dnsdist.conf.sample ${STAGEDIR}${ETCDIR}

.include <bsd.port.mk>




--- credentials.cc.orig	2021-11-23 18:39:17 UTC
+++ credentials.cc
@@ -28,7 +28,7 @@
 #include <sodium.h>
 #endif
 
-#ifdef HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT
+#if defined(HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT) && defined(EVP_PKEY_SCRYPT)
 #include <openssl/evp.h>
 #include <openssl/kdf.h>
 #include <openssl/rand.h>
@@ -42,7 +42,7 @@
 #include "credentials.hh"
 #include "misc.hh"
 
-#ifdef HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT
+#if defined(HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT) && defined(EVP_PKEY_SCRYPT)
 static size_t const pwhash_max_size = 128U; /* maximum size of the output */
 static size_t const pwhash_output_size = 32U; /* size of the hashed output (before base64 encoding) */
 static unsigned int const pwhash_salt_size = 16U; /* size of the salt (before base64 encoding */
@@ -95,7 +95,7 @@ void SensitiveData::clear()
 
 static std::string hashPasswordInternal(const std::string& password, const std::string& salt, uint64_t workFactor, uint64_t parallelFactor, uint64_t blockSize)
 {
-#ifdef HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT
+#if defined(HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT) && defined(EVP_PKEY_SCRYPT)
   auto pctx = std::unique_ptr<EVP_PKEY_CTX, void (*)(EVP_PKEY_CTX*)>(EVP_PKEY_CTX_new_id(EVP_PKEY_SCRYPT, nullptr), EVP_PKEY_CTX_free);
   if (!pctx) {
     throw std::runtime_error("Error getting a scrypt context to hash the supplied password");
@@ -142,7 +142,7 @@ static std::string hashPasswordInternal(const std::str
 
 static std::string generateRandomSalt()
 {
-#ifdef HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT
+#if defined(HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT) && defined(EVP_PKEY_SCRYPT)
   /* generate a random salt */
   std::string salt;
   salt.resize(pwhash_salt_size);
@@ -159,7 +159,7 @@ static std::string generateRandomSalt()
 
 std::string hashPassword(const std::string& password, uint64_t workFactor, uint64_t parallelFactor, uint64_t blockSize)
 {
-#ifdef HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT
+#if defined(HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT) && defined(EVP_PKEY_SCRYPT)
   std::string result;
   result.reserve(pwhash_max_size);
 
@@ -187,7 +187,7 @@ std::string hashPassword(const std::string& password, 
 
 std::string hashPassword(const std::string& password)
 {
-#ifdef HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT
+#if defined(HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT) && defined(EVP_PKEY_SCRYPT)
   return hashPassword(password, CredentialsHolder::s_defaultWorkFactor, CredentialsHolder::s_defaultParallelFactor, CredentialsHolder::s_defaultBlockSize);
 #else
   throw std::runtime_error("Hashing a password requires scrypt support in OpenSSL, and it is not available");
@@ -196,7 +196,7 @@ std::string hashPassword(const std::string& password)
 
 bool verifyPassword(const std::string& binaryHash, const std::string& salt, uint64_t workFactor, uint64_t parallelFactor, uint64_t blockSize, const std::string& binaryPassword)
 {
-#ifdef HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT
+#if defined(HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT) && defined(EVP_PKEY_SCRYPT)
   auto expected = hashPasswordInternal(binaryPassword, salt, workFactor, parallelFactor, blockSize);
   return constantTimeStringEquals(expected, binaryHash);
 #else
@@ -207,7 +207,7 @@ bool verifyPassword(const std::string& binaryHash, con
 /* parse a hashed password in PHC string format */
 static void parseHashed(const std::string& hash, std::string& salt, std::string& hashedPassword, uint64_t& workFactor, uint64_t& parallelFactor, uint64_t& blockSize)
 {
-#ifdef HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT
+#if defined(HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT) && defined(EVP_PKEY_SCRYPT)
   auto parametersEnd = hash.find('$', pwhash_prefix.size());
   if (parametersEnd == std::string::npos || parametersEnd == hash.size()) {
     throw std::runtime_error("Invalid hashed password format, no parameters");
@@ -276,7 +276,7 @@ bool verifyPassword(const std::string& hash, const std
     return false;
   }
 
-#ifdef HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT
+#if defined(HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT) && defined(EVP_PKEY_SCRYPT)
   std::string salt;
   std::string hashedPassword;
   uint64_t workFactor = 0;
@@ -294,7 +294,7 @@ bool verifyPassword(const std::string& hash, const std
 
 bool isPasswordHashed(const std::string& password)
 {
-#ifdef HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT
+#if defined(HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT) && defined(EVP_PKEY_SCRYPT)
   if (password.size() < pwhash_prefix_size || password.size() > pwhash_max_size) {
     return false;
   }
@@ -389,7 +389,7 @@ bool CredentialsHolder::matches(const std::string& pas
 
 bool CredentialsHolder::isHashingAvailable()
 {
-#ifdef HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT
+#if defined(HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT) && defined(EVP_PKEY_SCRYPT)
   return true;
 #else
   return false;

Return to bug 266722

Lines 1-97 Link Here

(-)dns/dnsdist/Makefile (-1 / +1 lines)
1	PORTNAME= dnsdist	1	PORTNAME= dnsdist
2	DISTVERSION= 1.7.2	2	DISTVERSION= 1.7.2
3	PORTREVISION= 1	3	PORTREVISION= 2
4	CATEGORIES= dns net	4	CATEGORIES= dns net
5	MASTER_SITES= https://downloads.powerdns.com/releases/	5	MASTER_SITES= https://downloads.powerdns.com/releases/
6		6
7	MAINTAINER= tremere@cainites.net	7	MAINTAINER= tremere@cainites.net
8	COMMENT= Highly DNS-, DoS- and abuse-aware loadbalancer	8	COMMENT= Highly DNS-, DoS- and abuse-aware loadbalancer
9	WWW= https://dnsdist.org/	9	WWW= https://dnsdist.org/
10		10
11	LICENSE= GPLv2 ISCL MIT	11	LICENSE= GPLv2 ISCL MIT
12	LICENSE_COMB= multi	12	LICENSE_COMB= multi
13	LICENSE_FILE_GPLv2= ${WRKSRC}/COPYING	13	LICENSE_FILE_GPLv2= ${WRKSRC}/COPYING
14	LICENSE_FILE_ISCL= ${WRKSRC}/ext/ipcrypt/LICENSE	14	LICENSE_FILE_ISCL= ${WRKSRC}/ext/ipcrypt/LICENSE
15	LICENSE_FILE_MIT= ${WRKSRC}/ext/yahttp/LICENSE	15	LICENSE_FILE_MIT= ${WRKSRC}/ext/yahttp/LICENSE
16		16
17	NOT_FOR_ARCHS= i386	17	NOT_FOR_ARCHS= i386
18	NOT_FOR_ARCHS_REASON= archs with 32-bits time_t are no longer supported by upstream	18	NOT_FOR_ARCHS_REASON= archs with 32-bits time_t are no longer supported by upstream
19		19
20	BUILD_DEPENDS= ${LOCALBASE}/lib/libatomic_ops.a:devel/libatomic_ops	20	BUILD_DEPENDS= ${LOCALBASE}/lib/libatomic_ops.a:devel/libatomic_ops
21	LIB_DEPENDS= libboost_serialization.so:devel/boost-libs \	21	LIB_DEPENDS= libboost_serialization.so:devel/boost-libs \
22	libh2o-evloop.so:www/h2o \	22	libh2o-evloop.so:www/h2o \
23	libre2.so:devel/re2 \	23	libre2.so:devel/re2 \
24	libsodium.so:security/libsodium	24	libsodium.so:security/libsodium
25		25
26	USES= bison:alias compiler:c++14-lang cpe gmake libedit libtool \	26	USES= bison:alias compiler:c++14-lang cpe gmake libedit libtool \
27	localbase pkgconfig tar:bz2	27	localbase pkgconfig tar:bz2
28	CPE_VENDOR= powerdns	28	CPE_VENDOR= powerdns
29	USE_RC_SUBR= dnsdist	29	USE_RC_SUBR= dnsdist
30		30
31	GNU_CONFIGURE= yes	31	GNU_CONFIGURE= yes
32	CONFIGURE_ARGS= --bindir=${PREFIX}/sbin \	32	CONFIGURE_ARGS= --bindir=${PREFIX}/sbin \
33	--enable-dns-over-https \	33	--enable-dns-over-https \
34	--enable-dns-over-tls \	34	--enable-dns-over-tls \
35	--enable-dnscrypt \	35	--enable-dnscrypt \
36	--sysconfdir=${ETCDIR} \	36	--sysconfdir=${ETCDIR} \
37	--with-libsodium \	37	--with-libsodium \
38	--with-re2	38	--with-re2
39		39
40	INSTALL_TARGET= install-strip	40	INSTALL_TARGET= install-strip
41		41
42	USERS= _dnsdist	42	USERS= _dnsdist
43	GROUPS= _dnsdist	43	GROUPS= _dnsdist
44		44
45	OPTIONS_DEFINE= DNSTAP SNMP	45	OPTIONS_DEFINE= DNSTAP SNMP
46	OPTIONS_DEFAULT= CDB GNUTLS LMDB LUA OPENSSL	46	OPTIONS_DEFAULT= CDB GNUTLS LMDB LUA OPENSSL
47	OPTIONS_GROUP= KSVOPT	47	OPTIONS_GROUP= KSVOPT
48	OPTIONS_GROUP_KSVOPT= CDB LMDB	48	OPTIONS_GROUP_KSVOPT= CDB LMDB
49	OPTIONS_MULTI= TLS	49	OPTIONS_MULTI= TLS
50	OPTIONS_MULTI_TLS= GNUTLS OPENSSL	50	OPTIONS_MULTI_TLS= GNUTLS OPENSSL
51	OPTIONS_SINGLE= EXTLUA	51	OPTIONS_SINGLE= EXTLUA
52	OPTIONS_SINGLE_EXTLUA= LUA LUAJIT LUAJITOR	52	OPTIONS_SINGLE_EXTLUA= LUA LUAJIT LUAJITOR
53		53
54	CDB_DESC= CDB backend	54	CDB_DESC= CDB backend
55	DNSTAP_DESC= dnstap support (see dnstap.info)	55	DNSTAP_DESC= dnstap support (see dnstap.info)
56	KSVOPT_DESC= Key Value Stores	56	KSVOPT_DESC= Key Value Stores
57	LMDB_DESC= LMDB backend	57	LMDB_DESC= LMDB backend
58	LUAJITOR_DESC= Use lang/luajit-openresty	58	LUAJITOR_DESC= Use lang/luajit-openresty
59	LUAJIT_DESC= Use lang/luajit	59	LUAJIT_DESC= Use lang/luajit
60	LUA_DESC= Use lang/lua	60	LUA_DESC= Use lang/lua
61		61
62	CDB_LIB_DEPENDS= libcdb.so:databases/tinycdb	62	CDB_LIB_DEPENDS= libcdb.so:databases/tinycdb
63	CDB_CONFIGURE_ON= CDB_CFLAGS="-I${LOCALBASE}/include" \	63	CDB_CONFIGURE_ON= CDB_CFLAGS="-I${LOCALBASE}/include" \
64	CDB_LIBS="-L${LOCALBASE}/lib -lcdb"	64	CDB_LIBS="-L${LOCALBASE}/lib -lcdb"
65		65
66	DNSTAP_LIB_DEPENDS= libfstrm.so:devel/fstrm	66	DNSTAP_LIB_DEPENDS= libfstrm.so:devel/fstrm
67	DNSTAP_CONFIGURE_ENABLE= dnstap	67	DNSTAP_CONFIGURE_ENABLE= dnstap
68		68
69	GNUTLS_LIB_DEPENDS= libgnutls.so:security/gnutls	69	GNUTLS_LIB_DEPENDS= libgnutls.so:security/gnutls
70	GNUTLS_CONFIGURE_WITH= gnutls	70	GNUTLS_CONFIGURE_WITH= gnutls
71		71
72	LMDB_LIB_DEPENDS= liblmdb.so:databases/lmdb	72	LMDB_LIB_DEPENDS= liblmdb.so:databases/lmdb
73	LMDB_CONFIGURE_ON= --with-lmdb=${LOCALBASE}	73	LMDB_CONFIGURE_ON= --with-lmdb=${LOCALBASE}
74	LMDB_CONFIGURE_OFF= --without-lmdb	74	LMDB_CONFIGURE_OFF= --without-lmdb
75		75
76	LUAJITOR_LIB_DEPENDS= libluajit-5.1.so:lang/luajit-openresty	76	LUAJITOR_LIB_DEPENDS= libluajit-5.1.so:lang/luajit-openresty
77	LUAJITOR_CONFIGURE_ON= --with-lua=luajit	77	LUAJITOR_CONFIGURE_ON= --with-lua=luajit
78		78
79	LUAJIT_LIB_DEPENDS= libluajit-5.1.so:lang/luajit	79	LUAJIT_LIB_DEPENDS= libluajit-5.1.so:lang/luajit
80	LUAJIT_CONFIGURE_ON= --with-lua=luajit	80	LUAJIT_CONFIGURE_ON= --with-lua=luajit
81		81
82	LUA_USES= lua	82	LUA_USES= lua
83	LUA_CONFIGURE_ON= --with-lua=lua-${LUA_VER}	83	LUA_CONFIGURE_ON= --with-lua=lua-${LUA_VER}
84		84
85	OPENSSL_USES= ssl	85	OPENSSL_USES= ssl
86	OPENSSL_CONFIGURE_ON= LIBSSL_CFLAGS=-I${OPENSSLINC} \	86	OPENSSL_CONFIGURE_ON= LIBSSL_CFLAGS=-I${OPENSSLINC} \
87	LIBSSL_LIBS="-L${OPENSSLLIB} -lssl"	87	LIBSSL_LIBS="-L${OPENSSLLIB} -lssl"
88	OPENSSL_CONFIGURE_WITH= libssl	88	OPENSSL_CONFIGURE_WITH= libssl
89		89
90	SNMP_LIB_DEPENDS= libnetsnmp.so:net-mgmt/net-snmp	90	SNMP_LIB_DEPENDS= libnetsnmp.so:net-mgmt/net-snmp
91	SNMP_CONFIGURE_WITH= net-snmp	91	SNMP_CONFIGURE_WITH= net-snmp
92		92
93	post-install:	93	post-install:
94	@${MKDIR} ${STAGEDIR}${ETCDIR}	94	@${MKDIR} ${STAGEDIR}${ETCDIR}
95	${INSTALL_DATA} ${FILESDIR}/dnsdist.conf.sample ${STAGEDIR}${ETCDIR}	95	${INSTALL_DATA} ${FILESDIR}/dnsdist.conf.sample ${STAGEDIR}${ETCDIR}
96		96
97	.include <bsd.port.mk>	97	.include <bsd.port.mk>

Removed Link Here

(-)dns/dnsdist/files/patch-credentials.cc (-101 lines)
1	--- credentials.cc.orig 2021-11-23 18:39:17 UTC
2	+++ credentials.cc
3	@@ -28,7 +28,7 @@
4	#include <sodium.h>
5	#endif
6
7	-#ifdef HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT
8	+#if defined(HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT) && defined(EVP_PKEY_SCRYPT)
9	#include <openssl/evp.h>
10	#include <openssl/kdf.h>
11	#include <openssl/rand.h>
12	@@ -42,7 +42,7 @@
13	#include "credentials.hh"
14	#include "misc.hh"
15
16	-#ifdef HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT
17	+#if defined(HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT) && defined(EVP_PKEY_SCRYPT)
18	static size_t const pwhash_max_size = 128U; /* maximum size of the output */
19	static size_t const pwhash_output_size = 32U; /* size of the hashed output (before base64 encoding) */
20	static unsigned int const pwhash_salt_size = 16U; /* size of the salt (before base64 encoding */
21	@@ -95,7 +95,7 @@ void SensitiveData::clear()
22
23	static std::string hashPasswordInternal(const std::string& password, const std::string& salt, uint64_t workFactor, uint64_t parallelFactor, uint64_t blockSize)
24	{
25	-#ifdef HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT
26	+#if defined(HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT) && defined(EVP_PKEY_SCRYPT)
27	auto pctx = std::unique_ptr<EVP_PKEY_CTX, void ()(EVP_PKEY_CTX)>(EVP_PKEY_CTX_new_id(EVP_PKEY_SCRYPT, nullptr), EVP_PKEY_CTX_free);
28	if (!pctx) {
29	throw std::runtime_error("Error getting a scrypt context to hash the supplied password");
30	@@ -142,7 +142,7 @@ static std::string hashPasswordInternal(const std::str
31
32	static std::string generateRandomSalt()
33	{
34	-#ifdef HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT
35	+#if defined(HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT) && defined(EVP_PKEY_SCRYPT)
36	/* generate a random salt */
37	std::string salt;
38	salt.resize(pwhash_salt_size);
39	@@ -159,7 +159,7 @@ static std::string generateRandomSalt()
40
41	std::string hashPassword(const std::string& password, uint64_t workFactor, uint64_t parallelFactor, uint64_t blockSize)
42	{
43	-#ifdef HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT
44	+#if defined(HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT) && defined(EVP_PKEY_SCRYPT)
45	std::string result;
46	result.reserve(pwhash_max_size);
47
48	@@ -187,7 +187,7 @@ std::string hashPassword(const std::string& password,
49
50	std::string hashPassword(const std::string& password)
51	{
52	-#ifdef HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT
53	+#if defined(HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT) && defined(EVP_PKEY_SCRYPT)
54	return hashPassword(password, CredentialsHolder::s_defaultWorkFactor, CredentialsHolder::s_defaultParallelFactor, CredentialsHolder::s_defaultBlockSize);
55	#else
56	throw std::runtime_error("Hashing a password requires scrypt support in OpenSSL, and it is not available");
57	@@ -196,7 +196,7 @@ std::string hashPassword(const std::string& password)
58
59	bool verifyPassword(const std::string& binaryHash, const std::string& salt, uint64_t workFactor, uint64_t parallelFactor, uint64_t blockSize, const std::string& binaryPassword)
60	{
61	-#ifdef HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT
62	+#if defined(HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT) && defined(EVP_PKEY_SCRYPT)
63	auto expected = hashPasswordInternal(binaryPassword, salt, workFactor, parallelFactor, blockSize);
64	return constantTimeStringEquals(expected, binaryHash);
65	#else
66	@@ -207,7 +207,7 @@ bool verifyPassword(const std::string& binaryHash, con
67	/* parse a hashed password in PHC string format */
68	static void parseHashed(const std::string& hash, std::string& salt, std::string& hashedPassword, uint64_t& workFactor, uint64_t& parallelFactor, uint64_t& blockSize)
69	{
70	-#ifdef HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT
71	+#if defined(HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT) && defined(EVP_PKEY_SCRYPT)
72	auto parametersEnd = hash.find('$', pwhash_prefix.size());
73	if (parametersEnd == std::string::npos \|\| parametersEnd == hash.size()) {
74	throw std::runtime_error("Invalid hashed password format, no parameters");
75	@@ -276,7 +276,7 @@ bool verifyPassword(const std::string& hash, const std
76	return false;
77	}
78
79	-#ifdef HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT
80	+#if defined(HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT) && defined(EVP_PKEY_SCRYPT)
81	std::string salt;
82	std::string hashedPassword;
83	uint64_t workFactor = 0;
84	@@ -294,7 +294,7 @@ bool verifyPassword(const std::string& hash, const std
85
86	bool isPasswordHashed(const std::string& password)
87	{
88	-#ifdef HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT
89	+#if defined(HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT) && defined(EVP_PKEY_SCRYPT)
90	if (password.size() < pwhash_prefix_size \|\| password.size() > pwhash_max_size) {
91	return false;
92	}
93	@@ -389,7 +389,7 @@ bool CredentialsHolder::matches(const std::string& pas
94
95	bool CredentialsHolder::isHashingAvailable()
96	{
97	-#ifdef HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT
98	+#if defined(HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT) && defined(EVP_PKEY_SCRYPT)
99	return true;
100	#else
101	return false;