aboutsummaryrefslogtreecommitdiff
path: root/modules/pam_timestamp/hmac_openssl_wrapper.c
Commit message (Collapse)AuthorAgeFilesLines
* pam_timestamp: try RAND_priv_bytes firstBenny Baumann2023-12-191-0/+7
| | | | | * modules/pam_timestamp/hmac_openssl_wrapper.c: Include <openssl/rand.h>. (generate_key): Try RAND_priv_bytes before getrandom.
* pam_timestamp: prefer getrandom(2) when availableBenny Baumann2023-12-191-0/+13
| | | | | | | | | * configure.ac (AC_CHECK_HEADERS): Add sys/random.h. (AC_CHECK_FUNCS): Add getrandom. * modules/pam_timestamp/hmac_openssl_wrapper.c [HAVE_SYS_RANDOM_H]: Include <sys/random.h>. (generate_key) [HAVE_GETRANDOM]: Call getrandom(2) before trying to open /dev/urandom.
* pam_timestamp: indicate non-null arguments to the compilerBenny Baumann2023-12-191-0/+4
| | | | | | | | | | As these functions assume their arguments to be valid pointers without checking this pre-condition, this should be marked to the compiler. Doing so allows to detect potential NULL dereferences when a caller may pass in an invalid NULL pointer. * modules/pam_timestamp/hmac_openssl_wrapper.c (generate_key, read_file, write_file, key_management): Add PAM_NONNULL attribute.
* pam_timestamp: ensure we get zero-initialized memoryBenny Baumann2023-12-191-2/+2
| | | | | | | | | | This ensures that the whole buffer is in a somewhat defined state all the time even when some function calls write into the buffer only partially. This is not strictly necessary, as short writes into the buffer are checked, but it's good practice anyway. * modules/pam_timestamp/hmac_openssl_wrapper.c (generate_key): Replace malloc with calloc.
* pam_timestamp: allocate memory before opening /dev/urandomBenny Baumann2023-12-191-8/+9
| | | | | | | | | It's handy to have the memory allocated before trying several methods of obtaining randomness that are going to be introduced by subsequent commits. * modules/pam_timestamp/hmac_openssl_wrapper.c (generate_key): Allocate memory before trying to open /dev/urandom.
* pam_timestamp: clean buffers before freeingBenny Baumann2023-12-191-0/+2
| | | | | | * modules/pam_timestamp/hmac_openssl_wrapper.c (generate_key): Clean the buffer on short read. (write_file): Clean the buffer on short write.
* treewide: assume free(NULL) is no-opDmitry V. Levin2023-12-141-3/+1
| | | | | The C standard guarantees that if the argument of free() is a null pointer, no action occurs.
* pam_timestamp: check for ioloop errorsTobias Stoeckmann2023-12-041-6/+12
| | | | | | | | | | The pam_modutil_read and pam_modutil_write return values are signed. Check for values smaller than 0 in case of errors. Also limit key file sizes to INT_MAX due to internal limitations of pam_modutil_read. Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
* treewide: do not cast calloc/malloc/reallocTobias Stoeckmann2023-11-121-1/+1
| | | | | | | It is not required to cast the results of calloc, malloc, realloc, etc. Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
* pam_timestamp: fix build failureIker Pedrosa2023-03-301-0/+1
| | | | | | | | | | bcba17939e1b1a568cd4a764534cde74d37078cc started using pam_overwrite_n() without providing the definition to this function, which causes a build failure. modules/pam_timestamp/hmac_openssl_wrapper.c: include pam_inline.h Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
* modules: make use of secure memory erasureChristian Göttsche2023-02-281-4/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | Use empty initialization of structs to minimize the memset() usage, to reduce the amount of calls which are not sensitive. Non trivial changes: - pam_env: * erase environment variables where possible - pam_exec: * erase responce on error * erase auth token - pam_pwhistory: * erase buffers containing old passwords - pam_selinux: skip overwriting data structure consisting of only pointers to insensitive data, which also gets free'd afterwards (so it currently does not protect against double-free or use-after-free on the member pointers) - pam_unix: erase cipher data in more places - pam_userdb: erase password hashes
* pam_timestamp: replace hmac implementationIker Pedrosa2021-06-141-0/+381
sha1 is no longer recommended as a cryptographic algorithm for authentication. Thus, the idea of this change is to replace the implementation provided by hmacsha1 included in pam_timestamp module by the one in the openssl library. This way, there's no need to maintain the cryptographic algorithm implementation and it can be easily changed with a single configuration change. modules/pam_timestamp/hmac_openssl_wrapper.c: implement wrapper functions around openssl's hmac implementation. Moreover, manage the key generation and its read and write in a file. Include an option to configure the cryptographic algorithm in login.defs file. modules/pam_timestamp/hmac_openssl_wrapper.h: likewise. modules/pam_timestamp/pam_timestamp.c: replace calls to functions provided by hmacsha1 by functions provided by openssl's wrapper. configure.ac: include openssl dependecy if it is enabled. modules/pam_timestamp/Makefile.am: include new files and openssl library to compilation. ci/install-dependencies.sh: include openssl library to dependencies. NEWS: add new item to next release. Make.xml.rules.in: add stringparam profiling for hmac doc/custom-man.xsl: change import docbook to one with profiling modules/pam_timestamp/pam_timestamp.8.xml: add conditional paragraph to indicate the value in /etc/login.defs that holds the value for the encryption algorithm Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1947294
generated by cgit v1.2.3 (git 2.39.1) at 2025-04-15 17:53:41 +0000