diff options
| author | venaas <venaas> | 2007-01-04 16:56:16 +0000 |
|---|---|---|
| committer | venaas <venaas@e88ac4ed-0b26-0410-9574-a7f39faa03bf> | 2007-01-04 16:56:16 +0000 |
| commit | cb999c284b82a6d50ada6ed23cf2d1d659463090 (patch) | |
| tree | 2368839187b6bcd08a61de447907292423a3e878 | |
| parent | cefe139ac841745c7710cf8d9fc435cee20e4348 (diff) | |
messageauth
git-svn-id: https://svn.testnett.uninett.no/radsecproxy/trunk@29 e88ac4ed-0b26-0410-9574-a7f39faa03bf
| -rw-r--r-- | radsecproxy.c | 30 |
1 files changed, 15 insertions, 15 deletions
diff --git a/radsecproxy.c b/radsecproxy.c index d377b34..042c54f 100644 --- a/radsecproxy.c +++ b/radsecproxy.c @@ -51,6 +51,7 @@ #include <openssl/rand.h> #include <openssl/err.h> #include <openssl/md5.h> +#include <openssl/hmac.h> #include "radsecproxy.h" static struct client clients[MAX_PEERS]; @@ -526,24 +527,23 @@ struct server *id2server(char *id, uint8_t len) { int messageauth(char *rad, uint8_t *authattr, uint8_t *newauth, struct peer *from, struct peer *to) { static pthread_mutex_t lock = PTHREAD_MUTEX_INITIALIZER; static unsigned char first = 1; - static EVP_MD_CTX mdctx; + static HMAC_CTX hmacctx; unsigned int md_len; uint8_t auth[16], hash[EVP_MAX_MD_SIZE]; pthread_mutex_lock(&lock); if (first) { - EVP_MD_CTX_init(&mdctx); + HMAC_CTX_init(&hmacctx); first = 0; } memcpy(auth, authattr, 16); memset(authattr, 0, 16); - - if (!EVP_DigestInit_ex(&mdctx, EVP_md5(), NULL) || - !EVP_DigestUpdate(&mdctx, from->secret, strlen(from->secret)) || - !EVP_DigestUpdate(&mdctx, rad, RADLEN(rad)) || - !EVP_DigestFinal_ex(&mdctx, hash, &md_len) || - md_len != 16) { + md_len = 0; + HMAC_Init_ex(&hmacctx, from->secret, strlen(from->secret), EVP_md5(), NULL); + HMAC_Update(&hmacctx, rad, RADLEN(rad)); + HMAC_Final(&hmacctx, hash, &md_len); + if (md_len != 16) { printf("message auth computation failed\n"); pthread_mutex_unlock(&lock); return 0; @@ -554,13 +554,13 @@ int messageauth(char *rad, uint8_t *authattr, uint8_t *newauth, struct peer *fro pthread_mutex_unlock(&lock); return 0; } - - if (!EVP_DigestInit_ex(&mdctx, EVP_md5(), NULL) || - !EVP_DigestUpdate(&mdctx, to->secret, strlen(to->secret)) || - !EVP_DigestUpdate(&mdctx, rad, RADLEN(rad)) || - !EVP_DigestFinal_ex(&mdctx, authattr, &md_len) || - md_len != 16) { - printf("message auth recomputation failed\n"); + + md_len = 0; + HMAC_Init_ex(&hmacctx, to->secret, strlen(to->secret), EVP_md5(), NULL); + HMAC_Update(&hmacctx, rad, RADLEN(rad)); + HMAC_Final(&hmacctx, authattr, &md_len); + if (md_len != 16) { + printf("message auth re-computation failed\n"); pthread_mutex_unlock(&lock); return 0; } |