hmurray at megapathdsl.net
Sat Jan 6 02:34:26 UTC 2018
> I'm not an expert in this sort of things, but I would suggest you at least
> change that to an HMAC.
Good suggestion. Thanks.
Mostly, this code has to be backwards compatible. It's setup to do digests:
EVP_DigestInit_ex(...); // setup for digest type
EVP_DigestUpdate(...); // password
EVP_DigestUpdate(...); // packet
EVP_DigestFinal_ex(ctx, digest, &len);
If we can find a digest type that does HMAC, it should just work. None of
the supported digests include HMAC in their name, but there are things like:
#define NID_hmacWithMD5 797
#define NID_hmacWithSHA1 163
#define NID_hmacWithSHA224 798
#define NID_hmacWithSHA256 799
#define NID_hmacWithSHA384 800
#define NID_hmacWithSHA512 801
Unfortunately, they don't work. Neither do sha nor mdc2 which are advertised
OpenSSL also has a HMAC mode similar to the Digest stuff.
These are my opinions. I hate spam.
More information about the devel