|
 |
33c701 |
From 91f663ce1b46ecd99399023ad539f158419272e7 Mon Sep 17 00:00:00 2001
|
|
|
33c701 |
From: Alexander Scheel <ascheel@redhat.com>
|
|
|
33c701 |
Date: Fri, 28 Sep 2018 11:03:52 -0400
|
|
|
33c701 |
Subject: [PATCH 2/2] Replace HMAC-SHA1 implementation with OpenSSL's
|
|
|
33c701 |
|
|
|
33c701 |
If OpenSSL EVP is not found, fallback to internal implementation of
|
|
|
33c701 |
HMAC-SHA1.
|
|
|
33c701 |
|
|
|
33c701 |
Signed-off-by: Alexander Scheel <ascheel@redhat.com>
|
|
|
33c701 |
---
|
|
|
33c701 |
src/lib/hmacsha1.c | 29 ++++++++++++++++++++++++++++-
|
|
|
33c701 |
1 file changed, 28 insertions(+), 1 deletion(-)
|
|
|
33c701 |
|
|
|
33c701 |
diff --git a/src/lib/hmacsha1.c b/src/lib/hmacsha1.c
|
|
|
33c701 |
index c3cbd87a2c..211470ea35 100644
|
|
|
33c701 |
--- a/src/lib/hmacsha1.c
|
|
|
33c701 |
+++ b/src/lib/hmacsha1.c
|
|
|
33c701 |
@@ -10,13 +10,19 @@
|
|
|
33c701 |
|
|
|
33c701 |
RCSID("$Id: c3cbd87a2c13c47da93fdb1bdfbf6da4c22aaac5 $")
|
|
|
33c701 |
|
|
|
33c701 |
+#ifdef HAVE_OPENSSL_EVP_H
|
|
|
33c701 |
+#include <openssl/hmac.h>
|
|
|
33c701 |
+#include <openssl/evp.h>
|
|
|
33c701 |
+#endif
|
|
|
33c701 |
+
|
|
|
33c701 |
#include <freeradius-devel/libradius.h>
|
|
|
33c701 |
|
|
|
33c701 |
#ifdef HMAC_SHA1_DATA_PROBLEMS
|
|
|
33c701 |
unsigned int sha1_data_problems = 0;
|
|
|
33c701 |
#endif
|
|
|
33c701 |
|
|
|
33c701 |
-/** Calculate HMAC using SHA1
|
|
|
33c701 |
+#ifdef HAVE_OPENSSL_EVP_H
|
|
|
33c701 |
+/** Calculate HMAC using OpenSSL's SHA1 implementation
|
|
|
33c701 |
*
|
|
|
33c701 |
* @param digest Caller digest to be filled in.
|
|
|
33c701 |
* @param text Pointer to data stream.
|
|
|
33c701 |
@@ -28,6 +34,26 @@
|
|
|
33c701 |
void fr_hmac_sha1(uint8_t digest[SHA1_DIGEST_LENGTH], uint8_t const *text, size_t text_len,
|
|
|
33c701 |
uint8_t const *key, size_t key_len)
|
|
|
33c701 |
{
|
|
|
33c701 |
+ HMAC_CTX *ctx = HMAC_CTX_new();
|
|
|
33c701 |
+ HMAC_Init_ex(ctx, key, key_len, EVP_sha1(), NULL);
|
|
|
33c701 |
+ HMAC_Update(ctx, text, text_len);
|
|
|
33c701 |
+ HMAC_Final(ctx, digest, NULL);
|
|
|
33c701 |
+ HMAC_CTX_free(ctx);
|
|
|
33c701 |
+}
|
|
|
33c701 |
+
|
|
|
33c701 |
+#else
|
|
|
33c701 |
+
|
|
|
33c701 |
+/** Calculate HMAC using internal SHA1 implementation
|
|
|
33c701 |
+ *
|
|
|
33c701 |
+ * @param digest Caller digest to be filled in.
|
|
|
33c701 |
+ * @param text Pointer to data stream.
|
|
|
33c701 |
+ * @param text_len length of data stream.
|
|
|
33c701 |
+ * @param key Pointer to authentication key.
|
|
|
33c701 |
+ * @param key_len Length of authentication key.
|
|
|
33c701 |
+ */
|
|
|
33c701 |
+void fr_hmac_sha1(uint8_t digest[SHA1_DIGEST_LENGTH], uint8_t const *text, size_t text_len,
|
|
|
33c701 |
+ uint8_t const *key, size_t key_len)
|
|
|
33c701 |
+{
|
|
|
33c701 |
fr_sha1_ctx context;
|
|
|
33c701 |
uint8_t k_ipad[65]; /* inner padding - key XORd with ipad */
|
|
|
33c701 |
uint8_t k_opad[65]; /* outer padding - key XORd with opad */
|
|
|
33c701 |
@@ -142,6 +168,7 @@
|
|
|
33c701 |
}
|
|
|
33c701 |
#endif
|
|
|
33c701 |
}
|
|
|
33c701 |
+#endif /* HAVE_OPENSSL_EVP_H */
|
|
|
33c701 |
|
|
|
33c701 |
/*
|
|
|
33c701 |
Test Vectors (Trailing '\0' of a character string not included in test):
|