- The key length is in bytes, not bits, so the correct default is 20
and not 160 (which would actually overflow). This should probably be a macro. - Implement random key generation using OpenSSL's RAND_bytes(3). git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@755 185d5e19-27fe-0310-9dcf-9bff6b9f3609
This commit is contained in:
parent
11a8c730d2
commit
e8cd86aade
|
@ -36,6 +36,8 @@
|
||||||
#include <stdint.h>
|
#include <stdint.h>
|
||||||
#include <string.h>
|
#include <string.h>
|
||||||
|
|
||||||
|
#include <openssl/rand.h>
|
||||||
|
|
||||||
#include <security/oath.h>
|
#include <security/oath.h>
|
||||||
|
|
||||||
/*
|
/*
|
||||||
|
@ -49,8 +51,9 @@ oath_key_create(const char *label,
|
||||||
enum oath_mode mode, enum oath_hash hash,
|
enum oath_mode mode, enum oath_hash hash,
|
||||||
const char *keydata, size_t keylen)
|
const char *keydata, size_t keylen)
|
||||||
{
|
{
|
||||||
|
char keybuf[OATH_MAX_KEYLEN];
|
||||||
struct oath_key *key;
|
struct oath_key *key;
|
||||||
int fd, labellen;
|
int labellen;
|
||||||
|
|
||||||
/* check label */
|
/* check label */
|
||||||
if (label == NULL ||
|
if (label == NULL ||
|
||||||
|
@ -62,7 +65,7 @@ oath_key_create(const char *label,
|
||||||
(keydata != NULL && keylen == 0))
|
(keydata != NULL && keylen == 0))
|
||||||
return (NULL);
|
return (NULL);
|
||||||
if (keylen == 0)
|
if (keylen == 0)
|
||||||
keylen = 160;
|
keylen = 20;
|
||||||
|
|
||||||
/* check mode */
|
/* check mode */
|
||||||
switch (mode) {
|
switch (mode) {
|
||||||
|
@ -87,6 +90,13 @@ oath_key_create(const char *label,
|
||||||
return (NULL);
|
return (NULL);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/* generate key data if necessary */
|
||||||
|
if (keydata == NULL) {
|
||||||
|
if (RAND_bytes((void *)keybuf, keylen) != 1)
|
||||||
|
return (NULL);
|
||||||
|
keydata = keybuf;
|
||||||
|
}
|
||||||
|
|
||||||
/* allocate */
|
/* allocate */
|
||||||
if ((key = oath_key_alloc()) == NULL)
|
if ((key = oath_key_alloc()) == NULL)
|
||||||
return (NULL);
|
return (NULL);
|
||||||
|
@ -106,12 +116,7 @@ oath_key_create(const char *label,
|
||||||
key->timestep = 30;
|
key->timestep = 30;
|
||||||
|
|
||||||
/* key */
|
/* key */
|
||||||
if (keydata == NULL) {
|
memcpy(key->key, keydata, keylen);
|
||||||
/* XXX generate random key */
|
|
||||||
(void)(fd = 0);
|
|
||||||
} else {
|
|
||||||
memcpy(key->key, keydata, keylen);
|
|
||||||
}
|
|
||||||
key->keylen = keylen;
|
key->keylen = keylen;
|
||||||
|
|
||||||
return (key);
|
return (key);
|
||||||
|
|
Loading…
Reference in New Issue