summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorvenaas <venaas>2007-01-04 16:56:16 +0000
committervenaas <venaas@e88ac4ed-0b26-0410-9574-a7f39faa03bf>2007-01-04 16:56:16 +0000
commitcb999c284b82a6d50ada6ed23cf2d1d659463090 (patch)
tree2368839187b6bcd08a61de447907292423a3e878
parentcefe139ac841745c7710cf8d9fc435cee20e4348 (diff)
messageauth
git-svn-id: https://svn.testnett.uninett.no/radsecproxy/trunk@29 e88ac4ed-0b26-0410-9574-a7f39faa03bf
-rw-r--r--radsecproxy.c30
1 files changed, 15 insertions, 15 deletions
diff --git a/radsecproxy.c b/radsecproxy.c
index d377b34..042c54f 100644
--- a/radsecproxy.c
+++ b/radsecproxy.c
@@ -51,6 +51,7 @@
#include <openssl/rand.h>
#include <openssl/err.h>
#include <openssl/md5.h>
+#include <openssl/hmac.h>
#include "radsecproxy.h"
static struct client clients[MAX_PEERS];
@@ -526,24 +527,23 @@ struct server *id2server(char *id, uint8_t len) {
int messageauth(char *rad, uint8_t *authattr, uint8_t *newauth, struct peer *from, struct peer *to) {
static pthread_mutex_t lock = PTHREAD_MUTEX_INITIALIZER;
static unsigned char first = 1;
- static EVP_MD_CTX mdctx;
+ static HMAC_CTX hmacctx;
unsigned int md_len;
uint8_t auth[16], hash[EVP_MAX_MD_SIZE];
pthread_mutex_lock(&lock);
if (first) {
- EVP_MD_CTX_init(&mdctx);
+ HMAC_CTX_init(&hmacctx);
first = 0;
}
memcpy(auth, authattr, 16);
memset(authattr, 0, 16);
-
- if (!EVP_DigestInit_ex(&mdctx, EVP_md5(), NULL) ||
- !EVP_DigestUpdate(&mdctx, from->secret, strlen(from->secret)) ||
- !EVP_DigestUpdate(&mdctx, rad, RADLEN(rad)) ||
- !EVP_DigestFinal_ex(&mdctx, hash, &md_len) ||
- md_len != 16) {
+ md_len = 0;
+ HMAC_Init_ex(&hmacctx, from->secret, strlen(from->secret), EVP_md5(), NULL);
+ HMAC_Update(&hmacctx, rad, RADLEN(rad));
+ HMAC_Final(&hmacctx, hash, &md_len);
+ if (md_len != 16) {
printf("message auth computation failed\n");
pthread_mutex_unlock(&lock);
return 0;
@@ -554,13 +554,13 @@ int messageauth(char *rad, uint8_t *authattr, uint8_t *newauth, struct peer *fro
pthread_mutex_unlock(&lock);
return 0;
}
-
- if (!EVP_DigestInit_ex(&mdctx, EVP_md5(), NULL) ||
- !EVP_DigestUpdate(&mdctx, to->secret, strlen(to->secret)) ||
- !EVP_DigestUpdate(&mdctx, rad, RADLEN(rad)) ||
- !EVP_DigestFinal_ex(&mdctx, authattr, &md_len) ||
- md_len != 16) {
- printf("message auth recomputation failed\n");
+
+ md_len = 0;
+ HMAC_Init_ex(&hmacctx, to->secret, strlen(to->secret), EVP_md5(), NULL);
+ HMAC_Update(&hmacctx, rad, RADLEN(rad));
+ HMAC_Final(&hmacctx, authattr, &md_len);
+ if (md_len != 16) {
+ printf("message auth re-computation failed\n");
pthread_mutex_unlock(&lock);
return 0;
}