rpms / freeradius

Clone
Source Code
GIT

Blame SOURCES/freeradius-OpenSSL-HMAC-MD5.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8-beta-stream-3.0 c8-stream-3.0 c8s-stream-3.0 c9 c9-beta
  1.   934b4715a6fd3afe18fc4dd0149b4b16ee7e8499
  2.   SOURCES
  3.   freeradius-OpenSSL-HMAC-MD5.patch
Blob History Raw
8fa666 
From b93796b1890b35a0922bfba9cd08e8a1a5f956cf Mon Sep 17 00:00:00 2001
8fa666 
From: Alexander Scheel <ascheel@redhat.com>
8fa666 
Date: Fri, 28 Sep 2018 09:54:46 -0400
8fa666 
Subject: [PATCH 1/2] Replace HMAC-MD5 implementation with OpenSSL's
8fa666
8fa666 
If OpenSSL EVP is not found, fallback to internal implementation of
8fa666 
HMAC-MD5.
8fa666
8fa666 
Signed-off-by: Alexander Scheel <ascheel@redhat.com>
8fa666 
---
8fa666 
 src/lib/hmacmd5.c | 34 +++++++++++++++++++++++++++++++++-
8fa666 
 1 file changed, 33 insertions(+), 1 deletion(-)
8fa666
8fa666 
diff --git a/src/lib/hmacmd5.c b/src/lib/hmacmd5.c
8fa666 
index 2c662ff368..1cca00fa2a 100644
8fa666 
--- a/src/lib/hmacmd5.c
8fa666 
+++ b/src/lib/hmacmd5.c
8fa666 
@@ -27,10 +27,41 @@
8fa666
8fa666 
 RCSID("$Id: 2c662ff368e46556edd2cfdf408bd0fca0ab5f18 $")
8fa666
8fa666 
+#ifdef HAVE_OPENSSL_EVP_H
8fa666 
+#include <openssl/hmac.h>
8fa666 
+#include <openssl/evp.h>
8fa666 
+#endif
8fa666 
+
8fa666 
 #include <freeradius-devel/libradius.h>
8fa666 
 #include <freeradius-devel/md5.h>
8fa666
8fa666 
-/** Calculate HMAC using MD5
8fa666 
+#ifdef HAVE_OPENSSL_EVP_H
8fa666 
+/** Calculate HMAC using OpenSSL's MD5 implementation
8fa666 
+ *
8fa666 
+ * @param digest Caller digest to be filled in.
8fa666 
+ * @param text Pointer to data stream.
8fa666 
+ * @param text_len length of data stream.
8fa666 
+ * @param key Pointer to authentication key.
8fa666 
+ * @param key_len Length of authentication key.
8fa666 
+ *
8fa666 
+ */
8fa666 
+void fr_hmac_md5(uint8_t digest[MD5_DIGEST_LENGTH], uint8_t const *text, size_t text_len,
8fa666 
+		 uint8_t const *key, size_t key_len)
8fa666 
+{
8fa666 
+	HMAC_CTX *ctx  = HMAC_CTX_new();
8fa666 
+
8fa666 
+#ifdef EVP_MD_CTX_FLAG_NON_FIPS_ALLOW
8fa666 
+	/* Since MD5 is not allowed by FIPS, explicitly allow it. */
8fa666 
+	HMAC_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
8fa666 
+#endif /* EVP_MD_CTX_FLAG_NON_FIPS_ALLOW */
8fa666 
+
8fa666 
+	HMAC_Init_ex(ctx, key, key_len, EVP_md5(), NULL);
8fa666 
+	HMAC_Update(ctx, text, text_len);
8fa666 
+	HMAC_Final(ctx, digest, NULL);
8fa666 
+	HMAC_CTX_free(ctx);
8fa666 
+}
8fa666 
+#else
8fa666 
+/** Calculate HMAC using internal MD5 implementation
8fa666 
  *
8fa666 
  * @param digest Caller digest to be filled in.
8fa666 
  * @param text Pointer to data stream.
8fa666 
@@ -101,6 +132,7 @@
8fa666 
 					      * hash */
8fa666 
 	fr_md5_final(digest, &context);	  /* finish up 2nd pass */
8fa666 
 }
8fa666 
+#endif /* HAVE_OPENSSL_EVP_H */
8fa666
8fa666 
 /*
8fa666 
 Test Vectors (Trailing '\0' of a character string not included in test):

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation