39 lines
1.7 KiB
Diff
39 lines
1.7 KiB
Diff
From eae2220ad19c905bb38e06f950c07c266b6a1398 Mon Sep 17 00:00:00 2001
|
|
From: Pavel Zhukov <pavel@zhukoff.net>
|
|
Date: Mon, 21 Sep 2020 09:02:57 +0200
|
|
Subject: [PATCH] Update the hash function for key derivation to SHA256
|
|
|
|
Author: Philippe Troin <phil@fifi.org>
|
|
Bug-Url: https://bugzilla.redhat.com/1669333
|
|
---
|
|
authd.c | 6 +++---
|
|
1 file changed, 3 insertions(+), 3 deletions(-)
|
|
|
|
diff --git a/authd.c b/authd.c
|
|
index a2072de..6d9f83e 100644
|
|
--- a/authd.c
|
|
+++ b/authd.c
|
|
@@ -806,7 +806,7 @@ static bool initialize_crypto(crypto_t *x, const char *filename) {
|
|
assert(filename != NULL && x != NULL);
|
|
if (stat(filename, &file) == 0) {
|
|
FILE *stream; ssize_t len;
|
|
- const EVP_MD *const HASH = EVP_md5(); // openssl compat: enc -pass
|
|
+ const EVP_MD *const HASH = EVP_sha256(); // openssl compat: enc -pass
|
|
const size_t KEY_SIZE = EVP_CIPHER_key_length(x->cipher);
|
|
const size_t IV_SIZE = EVP_CIPHER_iv_length(x->cipher);
|
|
char *pass = NULL; size_t z = 0;
|
|
@@ -820,8 +820,8 @@ static bool initialize_crypto(crypto_t *x, const char *filename) {
|
|
if (fclose(stream) == EOF) return false;
|
|
if (len > 0 && pass[(size_t) (len - 1)] == '\n')
|
|
pass[(size_t) --len] = '\0';
|
|
- if (RAND_pseudo_bytes(x->salt, sizeof(x->salt)) <= 0) return false;
|
|
- EVP_BytesToKey(x->cipher, HASH, x->salt, pass, len, 1, x->key, x->iv);
|
|
+ if (RAND_bytes(x->salt, sizeof(x->salt)) <= 0) return false;
|
|
+ EVP_BytesToKey(x->cipher, HASH, x->salt, (const unsigned char*)pass, len, 1, x->key, x->iv);
|
|
memset(pass, 0, len); // XXX: crypto erase
|
|
free(pass);
|
|
is_initialized = true;
|
|
--
|
|
1.8.3.1
|
|
|