diff options
| author | Iker Pedrosa <ipedrosa@redhat.com> | 2021-03-25 09:43:30 +0100 |
|---|---|---|
| committer | Tomáš Mráz <tm@t8m.info> | 2021-06-14 09:02:16 +0200 |
| commit | b3bb13e18a74e9ece825b7de1b81db97ebb107a0 (patch) | |
| tree | b7f5f2da9310169c210ab204ff2c72d815d6fe6f /configure.ac | |
| parent | f668b437910af0e1472e9bbfa78897df52f57a78 (diff) | |
| download | pam-b3bb13e18a74e9ece825b7de1b81db97ebb107a0.tar.gz pam-b3bb13e18a74e9ece825b7de1b81db97ebb107a0.tar.bz2 pam-b3bb13e18a74e9ece825b7de1b81db97ebb107a0.zip | |
pam_timestamp: replace hmac implementation
sha1 is no longer recommended as a cryptographic algorithm for
authentication. Thus, the idea of this change is to replace the
implementation provided by hmacsha1 included in pam_timestamp module by
the one in the openssl library. This way, there's no need to maintain
the cryptographic algorithm implementation and it can be easily changed
with a single configuration change.
modules/pam_timestamp/hmac_openssl_wrapper.c: implement wrapper
functions around openssl's hmac implementation. Moreover, manage the key
generation and its read and write in a file. Include an option to
configure the cryptographic algorithm in login.defs file.
modules/pam_timestamp/hmac_openssl_wrapper.h: likewise.
modules/pam_timestamp/pam_timestamp.c: replace calls to functions
provided by hmacsha1 by functions provided by openssl's wrapper.
configure.ac: include openssl dependecy if it is enabled.
modules/pam_timestamp/Makefile.am: include new files and openssl library
to compilation.
ci/install-dependencies.sh: include openssl library to dependencies.
NEWS: add new item to next release.
Make.xml.rules.in: add stringparam profiling for hmac
doc/custom-man.xsl: change import docbook to one with profiling
modules/pam_timestamp/pam_timestamp.8.xml: add conditional paragraph to
indicate the value in /etc/login.defs that holds the value for the
encryption algorithm
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1947294
Diffstat (limited to 'configure.ac')
| -rw-r--r-- | configure.ac | 16 |
1 files changed, 16 insertions, 0 deletions
diff --git a/configure.ac b/configure.ac index bd806473..9c92d0de 100644 --- a/configure.ac +++ b/configure.ac @@ -504,6 +504,22 @@ else fi AC_SUBST([STRINGPARAM_VENDORDIR]) +AC_ARG_ENABLE([openssl], + AS_HELP_STRING([--enable-openssl],[use OpenSSL crypto libraries]), + [OPENSSL_ENABLED=$enableval], OPENSSL_ENABLED=no) +if test "$OPENSSL_ENABLED" = "yes" ; then + AC_CHECK_LIB([crypto], [EVP_MAC_CTX_new], + [CRYPTO_LIBS="-lcrypto" + use_openssl=yes + AC_DEFINE([WITH_OPENSSL], 1, [OpenSSL provides crypto algorithm for hmac]) + STRINGPARAM_HMAC="--stringparam profile.condition 'openssl_hmac'"], + [CRYPTO_LIBS="" + STRINGPARAM_HMAC="--stringparam profile.condition 'no_openssl_hmac'"]) +fi +AC_SUBST([CRYPTO_LIBS]) +AC_SUBST([STRINGPARAM_HMAC]) +AM_CONDITIONAL([COND_USE_OPENSSL], [test "x$use_openssl" = "xyes"]) + dnl Checks for header files. AC_HEADER_DIRENT AC_HEADER_STDC |