|
 |
8fa666 |
From b93796b1890b35a0922bfba9cd08e8a1a5f956cf Mon Sep 17 00:00:00 2001
|
|
|
8fa666 |
From: Alexander Scheel <ascheel@redhat.com>
|
|
|
8fa666 |
Date: Fri, 28 Sep 2018 09:54:46 -0400
|
|
|
8fa666 |
Subject: [PATCH 1/2] Replace HMAC-MD5 implementation with OpenSSL's
|
|
|
8fa666 |
|
|
|
8fa666 |
If OpenSSL EVP is not found, fallback to internal implementation of
|
|
|
8fa666 |
HMAC-MD5.
|
|
|
8fa666 |
|
|
|
8fa666 |
Signed-off-by: Alexander Scheel <ascheel@redhat.com>
|
|
|
8fa666 |
---
|
|
|
8fa666 |
src/lib/hmacmd5.c | 34 +++++++++++++++++++++++++++++++++-
|
|
|
8fa666 |
1 file changed, 33 insertions(+), 1 deletion(-)
|
|
|
8fa666 |
|
|
|
8fa666 |
diff --git a/src/lib/hmacmd5.c b/src/lib/hmacmd5.c
|
|
|
8fa666 |
index 2c662ff368..1cca00fa2a 100644
|
|
|
8fa666 |
--- a/src/lib/hmacmd5.c
|
|
|
8fa666 |
+++ b/src/lib/hmacmd5.c
|
|
|
8fa666 |
@@ -27,10 +27,41 @@
|
|
|
8fa666 |
|
|
|
8fa666 |
RCSID("$Id: 2c662ff368e46556edd2cfdf408bd0fca0ab5f18 $")
|
|
|
8fa666 |
|
|
|
8fa666 |
+#ifdef HAVE_OPENSSL_EVP_H
|
|
|
8fa666 |
+#include <openssl/hmac.h>
|
|
|
8fa666 |
+#include <openssl/evp.h>
|
|
|
8fa666 |
+#endif
|
|
|
8fa666 |
+
|
|
|
8fa666 |
#include <freeradius-devel/libradius.h>
|
|
|
8fa666 |
#include <freeradius-devel/md5.h>
|
|
|
8fa666 |
|
|
|
8fa666 |
-/** Calculate HMAC using MD5
|
|
|
8fa666 |
+#ifdef HAVE_OPENSSL_EVP_H
|
|
|
8fa666 |
+/** Calculate HMAC using OpenSSL's MD5 implementation
|
|
|
8fa666 |
+ *
|
|
|
8fa666 |
+ * @param digest Caller digest to be filled in.
|
|
|
8fa666 |
+ * @param text Pointer to data stream.
|
|
|
8fa666 |
+ * @param text_len length of data stream.
|
|
|
8fa666 |
+ * @param key Pointer to authentication key.
|
|
|
8fa666 |
+ * @param key_len Length of authentication key.
|
|
|
8fa666 |
+ *
|
|
|
8fa666 |
+ */
|
|
|
8fa666 |
+void fr_hmac_md5(uint8_t digest[MD5_DIGEST_LENGTH], uint8_t const *text, size_t text_len,
|
|
|
8fa666 |
+ uint8_t const *key, size_t key_len)
|
|
|
8fa666 |
+{
|
|
|
8fa666 |
+ HMAC_CTX *ctx = HMAC_CTX_new();
|
|
|
8fa666 |
+
|
|
|
8fa666 |
+#ifdef EVP_MD_CTX_FLAG_NON_FIPS_ALLOW
|
|
|
8fa666 |
+ /* Since MD5 is not allowed by FIPS, explicitly allow it. */
|
|
|
8fa666 |
+ HMAC_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
|
|
|
8fa666 |
+#endif /* EVP_MD_CTX_FLAG_NON_FIPS_ALLOW */
|
|
|
8fa666 |
+
|
|
|
8fa666 |
+ HMAC_Init_ex(ctx, key, key_len, EVP_md5(), NULL);
|
|
|
8fa666 |
+ HMAC_Update(ctx, text, text_len);
|
|
|
8fa666 |
+ HMAC_Final(ctx, digest, NULL);
|
|
|
8fa666 |
+ HMAC_CTX_free(ctx);
|
|
|
8fa666 |
+}
|
|
|
8fa666 |
+#else
|
|
|
8fa666 |
+/** Calculate HMAC using internal MD5 implementation
|
|
|
8fa666 |
*
|
|
|
8fa666 |
* @param digest Caller digest to be filled in.
|
|
|
8fa666 |
* @param text Pointer to data stream.
|
|
|
8fa666 |
@@ -101,6 +132,7 @@
|
|
|
8fa666 |
* hash */
|
|
|
8fa666 |
fr_md5_final(digest, &context); /* finish up 2nd pass */
|
|
|
8fa666 |
}
|
|
|
8fa666 |
+#endif /* HAVE_OPENSSL_EVP_H */
|
|
|
8fa666 |
|
|
|
8fa666 |
/*
|
|
|
8fa666 |
Test Vectors (Trailing '\0' of a character string not included in test):
|