Attachment 587487 Details for Bug 823446 – Add support for using NSS for MD5 hashes

[patch] Add support for using NSS for MD5 hashes

0001-Add-support-for-using-NSS-for-MD5-hashes.patch (text/plain), 5.08 KB, created by Stephen Gallagher on 2012-05-29 19:01:40 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Stephen Gallagher

Created: 2012-05-29 19:01:40 UTC

Size: 5.08 KB

patch

obsolete

>From c5552215ce8bc8c68094e4b45de682916e38e978 Mon Sep 17 00:00:00 2001
>From: Stephen Gallagher <sgallagh@redhat.com>
>Date: Tue, 29 May 2012 14:59:13 -0400
>Subject: [PATCH] Add support for using NSS for MD5 hashes
>
>---
> Makefile |   10 +++++++---
> radlib.c |   55 +++++++++++++++++++++++++++++++++++--------------------
> 2 files changed, 42 insertions(+), 23 deletions(-)
>
>diff --git a/Makefile b/Makefile
>index 0ce03eadc285e5c79b2bba4d3d3c4d73d458b705..f4e856bde265a3accf455216e4bd1b2e93378046 100644
>--- a/Makefile
>+++ b/Makefile
>@@ -29,10 +29,13 @@ PREFIX=	/usr/local
> RM=		rm -f
> LN=		ln
> CC=		cc
>-CFLAGS= -O2 -fPIC
>+CFLAGS= -O2 -fPIC -I/usr/include/nss3 -I/usr/include/nspr4
> 
> # linux -L$(PREFIX)/lib -lmd
>-LIBMD= -L$(PREFIX)/$(LIBD) -lmd
>+#LIBMD= -L$(PREFIX)/$(LIBD) -lmd
>+
>+# Linux NSS
>+LIBMD = -L$(PREFIX)/$(LIBD) -lnss3 -lnspr4
> 
> # netbsd - it's in libc
> #LIBMD= -L/usr/lib -lc
>@@ -50,7 +53,7 @@ all:	libradius.so.0.0
> 
> libradius.so.0.0: radlib.c
> 	$(CC) $(CFLAGS) -c radlib.c -o radlib_r.o
>-	$(CC) -shared -Wl,-soname,libradius.so.0.0 -o libradius.so.0.0 *.o -lc -lmd
>+	$(CC) -shared -Wl,-soname,libradius.so.0.0 -o libradius.so.0.0 *.o $(LIBMD)
> 
> #radlib.o:       radlib.c
> #	$(CC) $(CFLAGS) -c radlib.c -o radlib_r.o
>@@ -60,6 +63,7 @@ libradius.so.0.0: radlib.c
> 
> clean:
> 	$(RM) *.o
>+	$(RM) *.so*
> 
> clobber:	clean
> 	$(RM) lib$(LIB).a
>diff --git a/radlib.c b/radlib.c
>index c02a2fe78da873db95e15f1f90e4a3bc20559741..2c02a34c0610d91f7ac0934f65bece89510627e3 100644
>--- a/radlib.c
>+++ b/radlib.c
>@@ -33,7 +33,7 @@
> #include <arpa/inet.h>
> 
> #include <errno.h>
>-#include <md5.h>
>+#include <sechash.h>
> #include <netdb.h>
> #include <stdarg.h>
> #include <stddef.h>
>@@ -44,8 +44,10 @@
> 
> #include "radlib_private.h"
> #if defined(__linux__)
>+#ifndef MSG_WAITALL
> #define MSG_WAITALL     0
> #endif
>+#endif
> #if !defined(__printflike)
> #define __printflike(fmtarg, firstvararg)                               \
>         __attribute__((__format__ (__printf__, fmtarg, firstvararg)))
>@@ -100,24 +102,27 @@ generr(struct rad_handle *h, const char *format, ...)
> static void
> insert_scrambled_password(struct rad_handle *h, int srv)
> {
>-	MD5_CTX ctx;
>+	HASHContext *md5_ctx;
> 	unsigned char md5[16];
> 	const struct rad_server *srvp;
> 	int padded_len;
> 	int pos;
>+	unsigned int len;
> 
> 	srvp = &h->servers[srv];
> 	padded_len = h->pass_len == 0 ? 16 : (h->pass_len+15) & ~0xf;
> 
>+	md5_ctx = HASH_Create(HASH_AlgMD5);
>+
> 	memcpy(md5, &h->request[POS_AUTH], LEN_AUTH);
> 	for (pos = 0;  pos < padded_len;  pos += 16) {
> 		int i;
> 
> 		/* Calculate the new scrambler */
>-		MD5Init(&ctx);
>-		MD5Update(&ctx, srvp->secret, strlen(srvp->secret));
>-		MD5Update(&ctx, md5, 16);
>-		MD5Final(md5, &ctx);
>+		HASH_Begin(md5_ctx);
>+		HASH_Update(md5_ctx, srvp->secret, strlen(srvp->secret));
>+		HASH_Update(md5_ctx, md5, 16);
>+		HASH_End(md5_ctx, md5, &len, sizeof(md5));
> 
> 		/*
> 		 * Mix in the current chunk of the password, and copy
>@@ -129,23 +134,28 @@ insert_scrambled_password(struct rad_handle *h, int srv)
> 			h->request[h->pass_pos + pos + i] =
> 			    md5[i] ^= h->pass[pos + i];
> 	}
>+
>+	HASH_Destroy(md5_ctx);
> }
> 
> static void
> insert_request_authenticator(struct rad_handle *h, int srv)
> {
>-	MD5_CTX ctx;
>+	HASHContext *md5_ctx;
> 	const struct rad_server *srvp;
>+	unsigned int len;
> 
> 	srvp = &h->servers[srv];
> 
> 	/* Create the request authenticator */
>-	MD5Init(&ctx);
>-	MD5Update(&ctx, &h->request[POS_CODE], POS_AUTH - POS_CODE);
>-	MD5Update(&ctx, memset(&h->request[POS_AUTH], 0, LEN_AUTH), LEN_AUTH);
>-	MD5Update(&ctx, &h->request[POS_ATTRS], h->req_len - POS_ATTRS);
>-	MD5Update(&ctx, srvp->secret, strlen(srvp->secret));
>-	MD5Final(&h->request[POS_AUTH], &ctx);
>+	md5_ctx = HASH_Create(HASH_AlgMD5);
>+
>+	HASH_Begin(md5_ctx);
>+	HASH_Update(md5_ctx, &h->request[POS_CODE], POS_AUTH - POS_CODE);
>+	HASH_Update(md5_ctx, memset(&h->request[POS_AUTH], 0, LEN_AUTH), LEN_AUTH);
>+	HASH_Update(md5_ctx, &h->request[POS_ATTRS], h->req_len - POS_ATTRS);
>+	HASH_Update(md5_ctx, srvp->secret, strlen(srvp->secret));
>+	HASH_End(md5_ctx, &h->request[POS_AUTH], &len, sizeof(h->request[POS_AUTH]));
> }
> 
> /*
>@@ -156,7 +166,7 @@ static int
> is_valid_response(struct rad_handle *h, int srv,
>     const struct sockaddr_in *from)
> {
>-	MD5_CTX ctx;
>+	HASHContext *md5_ctx;
> 	unsigned char md5[16];
> 	const struct rad_server *srvp;
> 	int len;
>@@ -177,12 +187,17 @@ is_valid_response(struct rad_handle *h, int srv,
> 		return 0;
> 
> 	/* Check the response authenticator */
>-	MD5Init(&ctx);
>-	MD5Update(&ctx, &h->response[POS_CODE], POS_AUTH - POS_CODE);
>-	MD5Update(&ctx, &h->request[POS_AUTH], LEN_AUTH);
>-	MD5Update(&ctx, &h->response[POS_ATTRS], len - POS_ATTRS);
>-	MD5Update(&ctx, srvp->secret, strlen(srvp->secret));
>-	MD5Final(md5, &ctx);
>+	md5_ctx = HASH_Create(HASH_AlgMD5);
>+
>+	HASH_Begin(md5_ctx);
>+	HASH_Update(md5_ctx, &h->response[POS_CODE], POS_AUTH - POS_CODE);
>+	HASH_Update(md5_ctx, &h->request[POS_AUTH], LEN_AUTH);
>+	HASH_Update(md5_ctx, &h->response[POS_ATTRS], len - POS_ATTRS);
>+	HASH_Update(md5_ctx, srvp->secret, strlen(srvp->secret));
>+	HASH_End(md5_ctx, md5, &len, sizeof(md5));
>+
>+	HASH_Destroy(md5_ctx);
>+
> 	if (memcmp(&h->response[POS_AUTH], md5, sizeof md5) != 0)
> 		return 0;
> 
>-- 
>1.7.10.2
>

Flags:

negativo17: review+

Actions: View | Diff

Attachments on bug 823446: 587487