packages/authd
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Update the hash function for key derivation to SHA256

Browse Source 
(cherry picked from commit e0aa2210f9a75cb015e71155de38241138b8fe1d)
This commit is contained in:
yixiangzhike 2022-04-27 10:27:56 +08:00 committed by openeuler-sync-bot
parent b7e27bd4af
commit f0aad8573e
2 changed files with 45 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
authd.spec
View File

@ -1,6 +1,6 @@
Name: authd
Version: 1.4.4
Release: 1
Release: 2
Summary: A RFC 1413 ident protocol daemon
License: GPLv2+
URL: https://github.com/InfrastructureServices/authd
@ -9,6 +9,9 @@ Source0: https://github.com/InfrastructureServices/authd/releases/downl
# https://github.com/InfrastructureServices/authd/tree/master/packaging/Fedora
Source1: auth.socket
Source2: auth@.service
Patch0: backport-Update-the-hash-function-for-key-derivation-to-SHA256.patch
BuildRequires: gcc openssl-devel gettext help2man systemd-units
Requires(post): openssl systemd-units
Requires(preun): systemd-units
@ -73,5 +76,8 @@ chmod o-rw %{_sysconfdir}/ident.key
%doc rfc1413.txt
%changelog
* Wed Apr 27 2022 yixiangzhike <yixiangzhike007@163.com> - 1.4.4-2
- Update the hash function for key derivation to SHA256
* Tue Sep 10 2019 openEuler Buildteam <buildteam@openeuler.org> - 1.4.4-1
- Package init

38
backport-Update-the-hash-function-for-key-derivation-to-SHA256.patch Normal file
View File

@ -0,0 +1,38 @@
From eae2220ad19c905bb38e06f950c07c266b6a1398 Mon Sep 17 00:00:00 2001
From: Pavel Zhukov <pavel@zhukoff.net>
Date: Mon, 21 Sep 2020 09:02:57 +0200
Subject: [PATCH] Update the hash function for key derivation to SHA256
Author: Philippe Troin <phil@fifi.org>
Bug-Url: https://bugzilla.redhat.com/1669333
---
authd.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/authd.c b/authd.c
index a2072de..6d9f83e 100644
--- a/authd.c
+++ b/authd.c
@@ -806,7 +806,7 @@ static bool initialize_crypto(crypto_t *x, const char *filename) {
assert(filename != NULL && x != NULL);
if (stat(filename, &file) == 0) {
FILE *stream; ssize_t len;
- const EVP_MD *const HASH = EVP_md5(); // openssl compat: enc -pass
+ const EVP_MD *const HASH = EVP_sha256(); // openssl compat: enc -pass
const size_t KEY_SIZE = EVP_CIPHER_key_length(x->cipher);
const size_t IV_SIZE = EVP_CIPHER_iv_length(x->cipher);
char *pass = NULL; size_t z = 0;
@@ -820,8 +820,8 @@ static bool initialize_crypto(crypto_t *x, const char *filename) {
if (fclose(stream) == EOF) return false;
if (len > 0 && pass[(size_t) (len - 1)] == '\n')
pass[(size_t) --len] = '\0';
- if (RAND_pseudo_bytes(x->salt, sizeof(x->salt)) <= 0) return false;
- EVP_BytesToKey(x->cipher, HASH, x->salt, pass, len, 1, x->key, x->iv);
+ if (RAND_bytes(x->salt, sizeof(x->salt)) <= 0) return false;
+ EVP_BytesToKey(x->cipher, HASH, x->salt, (const unsigned char*)pass, len, 1, x->key, x->iv);
memset(pass, 0, len); // XXX: crypto erase
free(pass);
is_initialized = true;
--
1.8.3.1