From b3bb13e18a74e9ece825b7de1b81db97ebb107a0 Mon Sep 17 00:00:00 2001
From: Iker Pedrosa <ipedrosa@redhat.com>
Date: Thu, 25 Mar 2021 09:43:30 +0100
Subject: pam_timestamp: replace hmac implementation

sha1 is no longer recommended as a cryptographic algorithm for
authentication. Thus, the idea of this change is to replace the
implementation provided by hmacsha1 included in pam_timestamp module by
the one in the openssl library. This way, there's no need to maintain
the cryptographic algorithm implementation and it can be easily changed
with a single configuration change.

modules/pam_timestamp/hmac_openssl_wrapper.c: implement wrapper
functions around openssl's hmac implementation. Moreover, manage the key
generation and its read and write in a file. Include an option to
configure the cryptographic algorithm in login.defs file.
modules/pam_timestamp/hmac_openssl_wrapper.h: likewise.
modules/pam_timestamp/pam_timestamp.c: replace calls to functions
provided by hmacsha1 by functions provided by openssl's wrapper.
configure.ac: include openssl dependecy if it is enabled.
modules/pam_timestamp/Makefile.am: include new files and openssl library
to compilation.
ci/install-dependencies.sh: include openssl library to dependencies.
NEWS: add new item to next release.
Make.xml.rules.in: add stringparam profiling for hmac
doc/custom-man.xsl: change import docbook to one with profiling
modules/pam_timestamp/pam_timestamp.8.xml: add conditional paragraph to
indicate the value in /etc/login.defs that holds the value for the
encryption algorithm

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1947294
---
 doc/custom-man.xsl | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'doc')

diff --git a/doc/custom-man.xsl b/doc/custom-man.xsl
index 4c35e839..a3408e6c 100644
--- a/doc/custom-man.xsl
+++ b/doc/custom-man.xsl
@@ -1,6 +1,6 @@
 <?xml version='1.0'?>
 <xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:ss="http://docbook.sf.net/xmlns/string.subst/1.0" version="1.0">
-  <xsl:import href="http://docbook.sourceforge.net/release/xsl/current/manpages/docbook.xsl"/>
+  <xsl:import href="http://docbook.sourceforge.net/release/xsl/current/manpages/profile-docbook.xsl"/>
   <xsl:param name="vendordir"/>
 
   <xsl:param name="man.string.subst.map.local.pre">
-- 
cgit v1.2.3