rpms / frr

Clone
Source Code
GIT

Blame SOURCES/0003-disable-eigrp-crypto.patch

c8 c8-beta c8s c9 c9-beta
  1.   1657d560576cc8292f83bae3a2b441e66329e1c7
  2.   SOURCES
  3.   0003-disable-eigrp-crypto.patch
Blob History Raw
c0b7e4 
diff --git a/eigrpd/eigrp_packet.c b/eigrpd/eigrp_packet.c
c0b7e4 
index bedaf15..8dc09bf 100644
c0b7e4 
--- a/eigrpd/eigrp_packet.c
c0b7e4 
+++ b/eigrpd/eigrp_packet.c
c0b7e4 
@@ -40,8 +40,10 @@
c0b7e4 
 #include "log.h"
c0b7e4 
 #include "sockopt.h"
c0b7e4 
 #include "checksum.h"
c0b7e4 
+#ifdef CRYPTO_INTERNAL
c0b7e4 
 #include "md5.h"
c0b7e4 
 #include "sha256.h"
c0b7e4 
+#endif
c0b7e4 
 #include "lib_errors.h"
c0b7e4
c0b7e4 
 #include "eigrpd/eigrp_structs.h"
c0b7e4 
@@ -95,8 +97,12 @@ int eigrp_make_md5_digest(struct eigrp_interface *ei, struct stream *s,
c0b7e4 
 	struct key *key = NULL;
c0b7e4 
 	struct keychain *keychain;
c0b7e4
c0b7e4 
+
c0b7e4 
 	unsigned char digest[EIGRP_AUTH_TYPE_MD5_LEN];
c0b7e4 
+#ifdef CRYPTO_OPENSSL
c0b7e4 
+#elif CRYPTO_INTERNAL
c0b7e4 
 	MD5_CTX ctx;
c0b7e4 
+#endif
c0b7e4 
 	uint8_t *ibuf;
c0b7e4 
 	size_t backup_get, backup_end;
c0b7e4 
 	struct TLV_MD5_Authentication_Type *auth_TLV;
c0b7e4 
@@ -119,6 +125,9 @@ int eigrp_make_md5_digest(struct eigrp_interface *ei, struct stream *s,
c0b7e4 
 		return EIGRP_AUTH_TYPE_NONE;
c0b7e4 
 	}
c0b7e4
c0b7e4 
+#ifdef CRYPTO_OPENSSL
c0b7e4 
+//TBD when this is fixed in upstream
c0b7e4 
+#elif CRYPTO_INTERNAL
c0b7e4 
 	memset(&ctx, 0, sizeof(ctx));
c0b7e4 
 	MD5Init(&ctx;;
c0b7e4
c0b7e4 
@@ -146,7 +155,7 @@ int eigrp_make_md5_digest(struct eigrp_interface *ei, struct stream *s,
c0b7e4 
 	}
c0b7e4
c0b7e4 
 	MD5Final(digest, &ctx;;
c0b7e4 
-
c0b7e4 
+#endif
c0b7e4 
 	/* Append md5 digest to the end of the stream. */
c0b7e4 
 	memcpy(auth_TLV->digest, digest, EIGRP_AUTH_TYPE_MD5_LEN);
c0b7e4
c0b7e4 
@@ -162,7 +171,10 @@ int eigrp_check_md5_digest(struct stream *s,
c0b7e4 
 			   struct TLV_MD5_Authentication_Type *authTLV,
c0b7e4 
 			   struct eigrp_neighbor *nbr, uint8_t flags)
c0b7e4 
 {
c0b7e4 
+#ifdef CRYPTO_OPENSSL
c0b7e4 
+#elif CRYPTO_INTERNAL
c0b7e4 
 	MD5_CTX ctx;
c0b7e4 
+#endif
c0b7e4 
 	unsigned char digest[EIGRP_AUTH_TYPE_MD5_LEN];
c0b7e4 
 	unsigned char orig[EIGRP_AUTH_TYPE_MD5_LEN];
c0b7e4 
 	struct key *key = NULL;
c0b7e4 
@@ -203,6 +215,9 @@ int eigrp_check_md5_digest(struct stream *s,
c0b7e4 
 		return 0;
c0b7e4 
 	}
c0b7e4
c0b7e4 
+#ifdef CRYPTO_OPENSSL
c0b7e4 
+	//TBD when eigrpd crypto is fixed in upstream
c0b7e4 
+#elif CRYPTO_INTERNAL
c0b7e4 
 	memset(&ctx, 0, sizeof(ctx));
c0b7e4 
 	MD5Init(&ctx;;
c0b7e4
c0b7e4 
@@ -230,6 +245,7 @@ int eigrp_check_md5_digest(struct stream *s,
c0b7e4 
 	}
c0b7e4
c0b7e4 
 	MD5Final(digest, &ctx;;
c0b7e4 
+#endif
c0b7e4
c0b7e4 
 	/* compare the two */
c0b7e4 
 	if (memcmp(orig, digest, EIGRP_AUTH_TYPE_MD5_LEN) != 0) {
c0b7e4 
@@ -254,7 +270,11 @@ int eigrp_make_sha256_digest(struct eigrp_interface *ei, struct stream *s,
c0b7e4 
 	unsigned char digest[EIGRP_AUTH_TYPE_SHA256_LEN];
c0b7e4 
 	unsigned char buffer[1 + PLAINTEXT_LENGTH + 45 + 1] = {0};
c0b7e4
c0b7e4 
+#ifdef CRYPTO_OPENSSL
c0b7e4 
+	//TBD when eigrpd crypto is fixed in upstream
c0b7e4 
+#elif CRYPTO_INTERNAL
c0b7e4 
 	HMAC_SHA256_CTX ctx;
c0b7e4 
+#endif
c0b7e4 
 	void *ibuf;
c0b7e4 
 	size_t backup_get, backup_end;
c0b7e4 
 	struct TLV_SHA256_Authentication_Type *auth_TLV;
c0b7e4 
@@ -283,6 +303,9 @@ int eigrp_make_sha256_digest(struct eigrp_interface *ei, struct stream *s,
c0b7e4
1657d5 
 	inet_ntop(AF_INET, &ei->address.u.prefix4, source_ip, PREFIX_STRLEN);
c0b7e4
c0b7e4 
+#ifdef CRYPTO_OPENSSL
c0b7e4 
+	//TBD when eigrpd crypto is fixed in upstream
c0b7e4 
+#elif CRYPTO_INTERNAL
c0b7e4 
 	memset(&ctx, 0, sizeof(ctx));
c0b7e4 
 	buffer[0] = '\n';
c0b7e4 
 	memcpy(buffer + 1, key, strlen(key->string));
c0b7e4 
@@ -291,7 +314,7 @@ int eigrp_make_sha256_digest(struct eigrp_interface *ei, struct stream *s,
c0b7e4 
 			  1 + strlen(key->string) + strlen(source_ip));
c0b7e4 
 	HMAC__SHA256_Update(&ctx, ibuf, strlen(ibuf));
c0b7e4 
 	HMAC__SHA256_Final(digest, &ctx;;
c0b7e4 
-
c0b7e4 
+#endif
c0b7e4
c0b7e4 
 	/* Put hmac-sha256 digest to it's place */
c0b7e4 
 	memcpy(auth_TLV->digest, digest, EIGRP_AUTH_TYPE_SHA256_LEN);
c0b7e4 
diff --git a/eigrpd/eigrp_filter.c b/eigrpd/eigrp_filter.c
c0b7e4 
index 93eed94..f1c7347 100644
c0b7e4 
--- a/eigrpd/eigrp_filter.c
c0b7e4 
+++ b/eigrpd/eigrp_filter.c
c0b7e4 
@@ -47,7 +47,9 @@
c0b7e4 
 #include "if_rmap.h"
c0b7e4 
 #include "plist.h"
c0b7e4 
 #include "distribute.h"
c0b7e4 
+#ifdef CRYPTO_INTERNAL
c0b7e4 
 #include "md5.h"
c0b7e4 
+#endif
c0b7e4 
 #include "keychain.h"
c0b7e4 
 #include "privs.h"
c0b7e4 
 #include "vrf.h"
c0b7e4 
diff --git a/eigrpd/eigrp_hello.c b/eigrpd/eigrp_hello.c
c0b7e4 
index dacd5ca..b232cc5 100644
c0b7e4 
--- a/eigrpd/eigrp_hello.c
c0b7e4 
+++ b/eigrpd/eigrp_hello.c
c0b7e4 
@@ -43,7 +43,9 @@
c0b7e4 
 #include "sockopt.h"
c0b7e4 
 #include "checksum.h"
c0b7e4 
 #include "vty.h"
c0b7e4 
+#ifdef CRYPTO_INTERNAL
c0b7e4 
 #include "md5.h"
c0b7e4 
+#endif
c0b7e4
c0b7e4 
 #include "eigrpd/eigrp_structs.h"
c0b7e4 
 #include "eigrpd/eigrpd.h"
c0b7e4 
diff --git a/eigrpd/eigrp_query.c b/eigrpd/eigrp_query.c
c0b7e4 
index 84dcf5e..a2575e3 100644
c0b7e4 
--- a/eigrpd/eigrp_query.c
c0b7e4 
+++ b/eigrpd/eigrp_query.c
c0b7e4 
@@ -38,7 +38,9 @@
c0b7e4 
 #include "log.h"
c0b7e4 
 #include "sockopt.h"
c0b7e4 
 #include "checksum.h"
c0b7e4 
+#ifdef CRYPTO_INTERNAL
c0b7e4 
 #include "md5.h"
c0b7e4 
+#endif
c0b7e4 
 #include "vty.h"
c0b7e4
c0b7e4 
 #include "eigrpd/eigrp_structs.h"
c0b7e4 
diff --git a/eigrpd/eigrp_reply.c b/eigrpd/eigrp_reply.c
c0b7e4 
index ccf0496..2902365 100644
c0b7e4 
--- a/eigrpd/eigrp_reply.c
c0b7e4 
+++ b/eigrpd/eigrp_reply.c
c0b7e4 
@@ -42,7 +42,9 @@
c0b7e4 
 #include "log.h"
c0b7e4 
 #include "sockopt.h"
c0b7e4 
 #include "checksum.h"
c0b7e4 
+#ifdef CRYPTO_INTERNAL
c0b7e4 
 #include "md5.h"
c0b7e4 
+#endif
c0b7e4 
 #include "vty.h"
c0b7e4 
 #include "keychain.h"
c0b7e4 
 #include "plist.h"
c0b7e4 
diff --git a/eigrpd/eigrp_siaquery.c b/eigrpd/eigrp_siaquery.c
c0b7e4 
index ff38325..09b9369 100644
c0b7e4 
--- a/eigrpd/eigrp_siaquery.c
c0b7e4 
+++ b/eigrpd/eigrp_siaquery.c
c0b7e4 
@@ -38,7 +38,9 @@
c0b7e4 
 #include "log.h"
c0b7e4 
 #include "sockopt.h"
c0b7e4 
 #include "checksum.h"
c0b7e4 
+#ifdef CRYPTO_INTERNAL
c0b7e4 
 #include "md5.h"
c0b7e4 
+#endif
c0b7e4 
 #include "vty.h"
c0b7e4
c0b7e4 
 #include "eigrpd/eigrp_structs.h"
c0b7e4 
diff --git a/eigrpd/eigrp_siareply.c b/eigrpd/eigrp_siareply.c
c0b7e4 
index d3dd123..f6a2bd6 100644
c0b7e4 
--- a/eigrpd/eigrp_siareply.c
c0b7e4 
+++ b/eigrpd/eigrp_siareply.c
c0b7e4 
@@ -37,7 +37,9 @@
c0b7e4 
 #include "log.h"
c0b7e4 
 #include "sockopt.h"
c0b7e4 
 #include "checksum.h"
c0b7e4 
+#ifdef CRYPTO_INTERNAL
c0b7e4 
 #include "md5.h"
c0b7e4 
+#endif
c0b7e4 
 #include "vty.h"
c0b7e4
c0b7e4 
 #include "eigrpd/eigrp_structs.h"
c0b7e4 
diff --git a/eigrpd/eigrp_snmp.c b/eigrpd/eigrp_snmp.c
c0b7e4 
index 21c9238..cfb8890 100644
c0b7e4 
--- a/eigrpd/eigrp_snmp.c
c0b7e4 
+++ b/eigrpd/eigrp_snmp.c
c0b7e4 
@@ -42,7 +42,9 @@
c0b7e4 
 #include "log.h"
c0b7e4 
 #include "sockopt.h"
c0b7e4 
 #include "checksum.h"
c0b7e4 
+#ifdef CRYPTO_INTERNAL
c0b7e4 
 #include "md5.h"
c0b7e4 
+#endif
c0b7e4 
 #include "keychain.h"
c0b7e4 
 #include "smux.h"
c0b7e4
c0b7e4 
diff --git a/eigrpd/eigrp_update.c b/eigrpd/eigrp_update.c
c0b7e4 
index 8db4903..2a4f0bb 100644
c0b7e4 
--- a/eigrpd/eigrp_update.c
c0b7e4 
+++ b/eigrpd/eigrp_update.c
c0b7e4 
@@ -42,7 +42,9 @@
c0b7e4 
 #include "log.h"
c0b7e4 
 #include "sockopt.h"
c0b7e4 
 #include "checksum.h"
c0b7e4 
+#ifdef CRYPTO_INTERNAL
c0b7e4 
 #include "md5.h"
c0b7e4 
+#endif
c0b7e4 
 #include "vty.h"
c0b7e4 
 #include "plist.h"
c0b7e4 
 #include "plist_int.h"
1657d5 
diff --git a/eigrpd/eigrp_cli.c b/eigrpd/eigrp_cli.c
1657d5 
index a93d4c8..b01e121 100644
1657d5 
--- a/eigrpd/eigrp_cli.c
1657d5 
+++ b/eigrpd/eigrp_cli.c
1657d5 
@@ -25,6 +25,7 @@
1657d5 
 #include "lib/command.h"
1657d5 
 #include "lib/log.h"
1657d5 
 #include "lib/northbound_cli.h"
1657d5 
+#include "lib/libfrr.h"
1657d5
1657d5 
 #include "eigrp_structs.h"
1657d5 
 #include "eigrpd.h"
1657d5 
@@ -726,6 +726,20 @@ DEFPY(
1657d5 
 	"Keyed message digest\n"
1657d5 
 	"HMAC SHA256 algorithm \n")
1657d5 
 {
1657d5 
+	//EIGRP authentication is currently broken in FRR
1657d5 
+	switch (frr_get_cli_mode()) {
1657d5 
+	case FRR_CLI_CLASSIC:
1657d5 
+		vty_out(vty, "%% Eigrp Authentication is disabled\n\n");
1657d5 
+		break;
1657d5 
+	case FRR_CLI_TRANSACTIONAL:
1657d5 
+		vty_out(vty,
1657d5 
+			"%% Failed to edit candidate configuration - "
1657d5 
+			"Eigrp Authentication is disabled.\n\n");
1657d5 
+		break;
1657d5 
+	}
1657d5 
+
1657d5 
+	return CMD_WARNING_CONFIG_FAILED;
1657d5 
+
1657d5 
 	char xpath[XPATH_MAXLEN], xpath_auth[XPATH_MAXLEN + 64];
1657d5
1657d5 
 	snprintf(xpath, sizeof(xpath), "./frr-eigrpd:eigrp/instance[asn='%s']",

Powered by Pagure 5.13.3

SSH Hostkey/Fingerprint | Documentation