Attachment 591254 Details for Bug 820488 – Patch libxradius for mozilla-nss support

[patch] Patch libxradius for mozilla-nss support

mod_auth_xradius-0.4.6-libnss_libxradius.patch (text/plain), 8.25 KB, created by Stephen Gallagher on 2012-06-12 18:49:36 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Stephen Gallagher

Created: 2012-06-12 18:49:36 UTC

Size: 8.25 KB

patch

obsolete

>From 3224da658d9c8793fa797bd47d53fa201ab717e8 Mon Sep 17 00:00:00 2001
>From: Stephen Gallagher <sgallagh@redhat.com>
>Date: Tue, 12 Jun 2012 14:02:06 -0400
>Subject: [PATCH 5/5] libnss_libxradius
>
>---
> Makefile.am         |    7 ++--
> libradius/porting.h |    2 +-
> libradius/radlib.c  |  114 +++++++++++++++++++++++++++++++++------------------
> 3 files changed, 79 insertions(+), 44 deletions(-)
>
>diff --git a/Makefile.am b/Makefile.am
>index a398ad718cd19e474a73ca7b8be5ba4bbe270e54..268a7eef52f27b6e3f60cad637ea5ebbd628e442 100644
>--- a/Makefile.am
>+++ b/Makefile.am
>@@ -24,12 +24,11 @@ apachemod_LTLIBRARIES = mod_auth_xradius.la
> apachemoddir=${AP_LIBEXECDIR}
> 
> lib_LTLIBRARIES = libxradius.la
>-libxradius_la_SOURCES = libradius/radlib.c libradius/md5c.c
>-libxradius_la_CFLAGS = ${MODULE_CFLAGS}
>-libxradius_la_LDFLAGS = ${MODULE_LIBS}
>+libxradius_la_SOURCES = libradius/radlib.c
>+libxradius_la_CFLAGS = ${MODULE_CFLAGS} -I${includedir}/nss3 -I${includedir}/nspr4
>+libxradius_la_LDFLAGS = ${MODULE_LIBS} -lnss3 -lnspr4
> 
> include_HEADERS = \
>-    libradius/md5.h \
>     libradius/porting.h \
>     libradius/radlib.h \
>     libradius/radlib_private.h \
>diff --git a/libradius/porting.h b/libradius/porting.h
>index 6fe7dedd357fa120d43d4dbb2261ecf6410cc8fb..fd9c483a35757e89a62421eeb8065d186a0e6c59 100644
>--- a/libradius/porting.h
>+++ b/libradius/porting.h
>@@ -15,7 +15,7 @@ typedef unsigned int u_int32_t;
> 
> #else
> 
>-#include "md5.h"
>+#include "sechash.h"
> #define MD5_DIGEST_LENGTH 16
> #define MD5Final    xrad_MD5Final
> #define MD5Init     xrad_MD5Init
>diff --git a/libradius/radlib.c b/libradius/radlib.c
>index 1fd2141c1685c9e280dfdb1e93374cf4c4b97448..11824b466f2398010b8ebf2628b13bc2a5666a7e 100644
>--- a/libradius/radlib.c
>+++ b/libradius/radlib.c
>@@ -110,24 +110,30 @@ generr(struct xrad_handle *h, const char *format, ...)
> static void
> insert_scrambled_password(struct xrad_handle *h, int srv)
> {
>-	MD5_CTX ctx;
>+	HASHContext *md5_ctx;
> 	unsigned char md5[MD5_DIGEST_LENGTH];
> 	const struct xrad_server *srvp;
> 	int padded_len;
> 	int pos;
>+	unsigned int len;
> 
> 	srvp = &h->servers[srv];
> 	padded_len = h->pass_len == 0 ? 16 : (h->pass_len+15) & ~0xf;
> 
>+	md5_ctx = HASH_Create(HASH_AlgMD5);
>+
> 	memcpy(md5, &h->request[POS_AUTH], LEN_AUTH);
> 	for (pos = 0;  pos < padded_len;  pos += 16) {
> 		int i;
> 
> 		/* Calculate the new scrambler */
>-		MD5Init(&ctx);
>-		MD5Update(&ctx, srvp->secret, strlen(srvp->secret));
>-		MD5Update(&ctx, md5, 16);
>-		MD5Final(md5, &ctx);
>+		HASH_Begin(md5_ctx);
>+		HASH_Update(md5_ctx,
>+                    (const unsigned char *)srvp->secret,
>+                    strlen(srvp->secret));
>+		HASH_Update(md5_ctx, md5, 16);
>+		HASH_End(md5_ctx, md5, &len, sizeof(md5));
>+
> 
> 		/*
> 		 * Mix in the current chunk of the password, and copy
>@@ -139,24 +145,35 @@ insert_scrambled_password(struct xrad_handle *h, int srv)
> 			h->request[h->pass_pos + pos + i] =
> 			    md5[i] ^= h->pass[pos + i];
> 	}
>+
>+	HASH_Destroy(md5_ctx);
> }
> 
> static void
> insert_request_authenticator(struct xrad_handle *h, int srv)
> {
>-	MD5_CTX ctx;
>+	HASHContext *md5_ctx;
> 	const struct xrad_server *srvp;
>+	unsigned int len;
> 
> 	srvp = &h->servers[srv];
> 
> 	/* Create the request authenticator */
>-	MD5Init(&ctx);
>-	MD5Update(&ctx, &h->request[POS_CODE], POS_AUTH - POS_CODE);
>-        apr_generate_random_bytes(&h->request[POS_AUTH], LEN_AUTH);
>-	MD5Update(&ctx, &h->request[POS_AUTH], LEN_AUTH);
>-	MD5Update(&ctx, &h->request[POS_ATTRS], h->req_len - POS_ATTRS);
>-	MD5Update(&ctx, srvp->secret, strlen(srvp->secret));
>-	MD5Final(&h->request[POS_AUTH], &ctx);
>+	md5_ctx = HASH_Create(HASH_AlgMD5);
>+
>+	HASH_Begin(md5_ctx);
>+	HASH_Update(md5_ctx, &h->request[POS_CODE], POS_AUTH - POS_CODE);
>+	apr_generate_random_bytes(&h->request[POS_AUTH], LEN_AUTH);
>+	HASH_Update(md5_ctx,
>+                (const unsigned char *)&h->request[POS_AUTH],
>+                LEN_AUTH);
>+	HASH_Update(md5_ctx,
>+                (const unsigned char *)&h->request[POS_ATTRS],
>+                h->req_len - POS_ATTRS);
>+	HASH_Update(md5_ctx,
>+                (const unsigned char *)srvp->secret,
>+                strlen(srvp->secret));
>+	HASH_End(md5_ctx, &h->request[POS_AUTH], &len, sizeof(h->request[POS_AUTH]));
> }
> 
> static void
>@@ -192,10 +209,11 @@ static int
> is_valid_response(struct xrad_handle *h, int srv,
>     const struct sockaddr_in *from)
> {
>-	MD5_CTX ctx;
>+	HASHContext *md5_ctx;
> 	unsigned char md5[MD5_DIGEST_LENGTH];
> 	const struct xrad_server *srvp;
> 	int len;
>+    unsigned int hash_len;
> #ifdef WITH_SSL
> 	HMAC_CTX hctx;
> 	u_char resp[MSGSIZE], md[EVP_MAX_MD_SIZE];
>@@ -218,12 +236,17 @@ is_valid_response(struct xrad_handle *h, int srv,
> 		return 0;
> 
> 	/* Check the response authenticator */
>-	MD5Init(&ctx);
>-	MD5Update(&ctx, &h->response[POS_CODE], POS_AUTH - POS_CODE);
>-	MD5Update(&ctx, &h->request[POS_AUTH], LEN_AUTH);
>-	MD5Update(&ctx, &h->response[POS_ATTRS], len - POS_ATTRS);
>-	MD5Update(&ctx, srvp->secret, strlen(srvp->secret));
>-	MD5Final(md5, &ctx);
>+	md5_ctx = HASH_Create(HASH_AlgMD5);
>+	HASH_Begin(md5_ctx);
>+	HASH_Update(md5_ctx, &h->response[POS_CODE], POS_AUTH - POS_CODE);
>+	HASH_Update(md5_ctx, &h->request[POS_AUTH], LEN_AUTH);
>+	HASH_Update(md5_ctx, &h->response[POS_ATTRS], len - POS_ATTRS);
>+	HASH_Update(md5_ctx,
>+                (const unsigned char *)srvp->secret,
>+                strlen(srvp->secret));
>+	HASH_End(md5_ctx, md5, &hash_len, sizeof(md5));
>+	HASH_Destroy(md5_ctx);
>+
> 	if (memcmp(&h->response[POS_AUTH], md5, sizeof md5) != 0)
> 		return 0;
> 
>@@ -1128,7 +1151,8 @@ xrad_demangle(struct xrad_handle *h, const void *mangled, size_t mlen)
> 	char R[LEN_AUTH];
> 	const char *S;
> 	int i, Ppos;
>-	MD5_CTX Context;
>+    int hash_len;
>+	HASHContext *md5_ctx;
> 	u_char b[MD5_DIGEST_LENGTH], *C, *demangled;
> 
> 	if ((mlen % 16 != 0) || mlen > 128) {
>@@ -1152,10 +1176,13 @@ xrad_demangle(struct xrad_handle *h, const void *mangled, size_t mlen)
> 	if (!demangled)
> 		return NULL;
> 
>-	MD5Init(&Context);
>-	MD5Update(&Context, S, strlen(S));
>-	MD5Update(&Context, R, LEN_AUTH);
>-	MD5Final(b, &Context);
>+    md5_ctx = HASH_Create(HASH_AlgMD5);
>+    HASH_Begin(md5_ctx);
>+    HASH_Update(md5_ctx, S, strlen(S));
>+    HASH_Update(md5_ctx, R, LEN_AUTH);
>+    HASH_End(md5_ctx, b, &hash_len, sizeof(b));
>+    HASH_Destroy(md5_ctx);
>+
> 	Ppos = 0;
> 	while (mlen) {
> 
>@@ -1164,10 +1191,12 @@ xrad_demangle(struct xrad_handle *h, const void *mangled, size_t mlen)
> 			demangled[Ppos++] = C[i] ^ b[i];
> 
> 		if (mlen) {
>-			MD5Init(&Context);
>-			MD5Update(&Context, S, strlen(S));
>-			MD5Update(&Context, C, 16);
>-			MD5Final(b, &Context);
>+            md5_ctx = HASH_Create(HASH_AlgMD5);
>+            HASH_Begin(md5_ctx);
>+            HASH_Update(md5_ctx, S, strlen(S));
>+            HASH_Update(md5_ctx, C, 16);
>+            HASH_End(md5_ctx, b, &hash_len, sizeof(b));
>+            HASH_Destroy(md5_ctx);
> 		}
> 
> 		C += 16;
>@@ -1184,9 +1213,10 @@ xrad_demangle_mppe_key(struct xrad_handle *h, const void *mangled,
> 	const char *S;
> 	u_char b[MD5_DIGEST_LENGTH], *demangled;
> 	const u_char *A, *C;
>-	MD5_CTX Context;
>+	HASHContext *md5_ctx;
> 	int Slen, i, Clen, Ppos;
> 	u_char *P;
>+    unsigned int hash_len;
> 
> 	if (mlen % 16 != SALT_LEN) {
> 		generr(h, "Cannot interpret mangled data of length %lu",
>@@ -1207,11 +1237,14 @@ xrad_demangle_mppe_key(struct xrad_handle *h, const void *mangled,
> 	Slen = strlen(S);
> 	P = alloca(Clen);        /* We derive our plaintext */
> 
>-	MD5Init(&Context);
>-	MD5Update(&Context, S, Slen);
>-	MD5Update(&Context, R, LEN_AUTH);
>-	MD5Update(&Context, A, SALT_LEN);
>-	MD5Final(b, &Context);
>+    md5_ctx = HASH_Create(HASH_AlgMD5);
>+    HASH_Begin(md5_ctx);
>+    HASH_Update(md5_ctx, S, Slen);
>+    HASH_Update(md5_ctx, R, LEN_AUTH);
>+    HASH_Update(md5_ctx, A, SALT_LEN);
>+    HASH_End(md5_ctx, b, &hash_len, sizeof(b));
>+    HASH_Destroy(md5_ctx);
>+
> 	Ppos = 0;
> 
> 	while (Clen) {
>@@ -1221,10 +1254,13 @@ xrad_demangle_mppe_key(struct xrad_handle *h, const void *mangled,
> 		    P[Ppos++] = C[i] ^ b[i];
> 
> 		if (Clen) {
>-			MD5Init(&Context);
>-			MD5Update(&Context, S, Slen);
>-			MD5Update(&Context, C, 16);
>-			MD5Final(b, &Context);
>+            md5_ctx = HASH_Create(HASH_AlgMD5);
>+            HASH_Begin(md5_ctx);
>+            HASH_Update(md5_ctx, S, Slen);
>+            HASH_Update(md5_ctx, C, 16);
>+            HASH_Update(md5_ctx, A, SALT_LEN);
>+            HASH_End(md5_ctx, b, &hash_len, sizeof(b));
>+            HASH_Destroy(md5_ctx);
> 		}
> 
> 		C += 16;
>-- 
>1.7.10.2
>

Actions: View | Diff

Attachments on bug 820488: 584723 | 591005 | 591006 | 591254 | 598069