rpms / freeradius

Clone
Source Code
GIT

Files

  1.   e2ccd9913fac41fcd0d51d4478068677f21d778e
  2.   freeradius-OpenSSL-HMAC-SHA1.patch
Blob Blame History Raw 
From 91f663ce1b46ecd99399023ad539f158419272e7 Mon Sep 17 00:00:00 2001
From: Alexander Scheel <ascheel@redhat.com>
Date: Fri, 28 Sep 2018 11:03:52 -0400
Subject: [PATCH 2/2] Replace HMAC-SHA1 implementation with OpenSSL's

If OpenSSL EVP is not found, fallback to internal implementation of
HMAC-SHA1.

Signed-off-by: Alexander Scheel <ascheel@redhat.com>
---
 src/lib/hmacsha1.c | 29 ++++++++++++++++++++++++++++-
 1 file changed, 28 insertions(+), 1 deletion(-)

diff --git a/src/lib/hmacsha1.c b/src/lib/hmacsha1.c
index c3cbd87a2c..211470ea35 100644
--- a/src/lib/hmacsha1.c
+++ b/src/lib/hmacsha1.c
@@ -10,13 +10,19 @@

 RCSID("$Id: c3cbd87a2c13c47da93fdb1bdfbf6da4c22aaac5 $")

+#ifdef HAVE_OPENSSL_EVP_H
+#include <openssl/hmac.h>
+#include <openssl/evp.h>
+#endif
+
 #include <freeradius-devel/libradius.h>

 #ifdef HMAC_SHA1_DATA_PROBLEMS
 unsigned int sha1_data_problems = 0;
 #endif

-/** Calculate HMAC using SHA1
+#ifdef HAVE_OPENSSL_EVP_H
+/** Calculate HMAC using OpenSSL's SHA1 implementation
  *
  * @param digest Caller digest to be filled in.
  * @param text Pointer to data stream.
@@ -28,6 +34,26 @@
 void fr_hmac_sha1(uint8_t digest[SHA1_DIGEST_LENGTH], uint8_t const *text, size_t text_len,
 		  uint8_t const *key, size_t key_len)
 {
+	HMAC_CTX *ctx  = HMAC_CTX_new();
+	HMAC_Init_ex(ctx, key, key_len, EVP_sha1(), NULL);
+	HMAC_Update(ctx, text, text_len);
+	HMAC_Final(ctx, digest, NULL);
+	HMAC_CTX_free(ctx);
+}
+
+#else
+
+/** Calculate HMAC using internal SHA1 implementation
+ *
+ * @param digest Caller digest to be filled in.
+ * @param text Pointer to data stream.
+ * @param text_len length of data stream.
+ * @param key Pointer to authentication key.
+ * @param key_len Length of authentication key.
+ */
+void fr_hmac_sha1(uint8_t digest[SHA1_DIGEST_LENGTH], uint8_t const *text, size_t text_len,
+		  uint8_t const *key, size_t key_len)
+{
 	fr_sha1_ctx context;
 	uint8_t k_ipad[65];    /* inner padding - key XORd with ipad */
 	uint8_t k_opad[65];    /* outer padding - key XORd with opad */
@@ -142,6 +168,7 @@
 	}
 #endif
 }
+#endif /* HAVE_OPENSSL_EVP_H */

 /*
 Test Vectors (Trailing '\0' of a character string not included in test):
Powered by Pagure 5.14.1
DocumentationFile an IssueAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.