From arthurmesh@gmail.com  Fri Aug 10 00:09:00 2012
Return-Path: <arthurmesh@gmail.com>
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id 10242106566B;
	Fri, 10 Aug 2012 00:09:00 +0000 (UTC)
	(envelope-from arthurmesh@gmail.com)
Received: from mail-yw0-f54.google.com (mail-yw0-f54.google.com [209.85.213.54])
	by mx1.freebsd.org (Postfix) with ESMTP id AC0078FC0A;
	Fri, 10 Aug 2012 00:08:59 +0000 (UTC)
Received: by yhfs35 with SMTP id s35so1303112yhf.13
        for <multiple recipients>; Thu, 09 Aug 2012 17:08:58 -0700 (PDT)
Received: by 10.66.86.166 with SMTP id q6mr2182687paz.5.1344557338368;
        Thu, 09 Aug 2012 17:08:58 -0700 (PDT)
Received: from x96.org (x96.org. [64.85.165.177])
        by mx.google.com with ESMTPS id op10sm2066639pbc.75.2012.08.09.17.08.39
        (version=SSLv3 cipher=OTHER);
        Thu, 09 Aug 2012 17:08:40 -0700 (PDT)
Message-Id: <20120810000837.GA1435@x96.org>
Date: Thu, 9 Aug 2012 17:08:37 -0700
From: Arthur Mesh <arthurmesh@gmail.com>
To: FreeBSD-gnats-submit@freebsd.org
Cc: obrien@freebsd.org
Subject: OPIE doesn't properly do SHA-1 (otp-sha)
X-Send-Pr-Version: 3.113

>Number:         170519
>Category:       bin
>Synopsis:       OPIE doesn't properly do SHA-1 (otp-sha)
>Confidential:   no
>Severity:       serious
>Priority:       low
>Responsible:    delphij
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Fri Aug 10 00:10:01 UTC 2012
>Closed-Date:    Tue Aug 21 09:36:49 UTC 2012
>Last-Modified:  Tue Aug 21 09:36:49 UTC 2012
>Originator:     arthurmesh
>Release:        FreeBSD 9.0-STABLE amd64
>Organization:
none
>Environment:
System: FreeBSD alpha 9.0-STABLE FreeBSD 9.0-STABLE #0 r235829: Wed May 23 11:03:56 PDT 2012 root@alpha:/usr/obj/usr/src/sys/GENERIC amd64


>Description:

OPIE doesn't properly do SHA1. OPIE doesn't properly implement RFC 2289, see fix
for more details.

Quote from RFC 2289  A One-Time Password System:

Appendix A:
...
   For historical reasons, and to promote interoperability with existing
   implementations, it was decided that ALL hashes incorporated into the
   OTP protocol MUST store the output of their hash function in LITTLE
   ENDIAN format BEFORE the bit folding to 64 bits occurs.  This is done
   in the implementations of MD4 and MD5 (see references [2] and [6]),
   while it must be explicitly done for the implementation of SHA1 (see
   reference [7]).

>How-To-Repeat:

# SHA1 problem:

   # On FreeBSD9
   $ echo aaaaaaaaaa | otp-sha 1 foobar
   Using the SHA-1 algorithm to compute response.
   Reminder: Don't use opiekey from telnet or dial-in sessions.
   Enter secret pass phrase: 
   KERN RUSS BETH SAUL YANG GO
   
   # On OpenBSD 5.1
   $ skey -sha1 -p aaaaaaaaaa 1 foobar   
   ROWS GIBE NOTE OAF GASH HECK

# Yet, MD5 works fine:

   # On FreeBSD9
   $ echo aaaaaaaaaa | otp-md5 1 foobar
   Using the MD5 algorithm to compute response.
   Reminder: Don't use opiekey from telnet or dial-in sessions.
   Enter secret pass phrase: 
   VETO ODIN WOO SHOD REID ROSE
   
   # On OpenBSD 5.1
   # skey -md5 -p aaaaaaaaaa 1 foobar  
   VETO ODIN WOO SHOD REID ROSE

>Fix:

Index: contrib/opie/libopie/hash.c
===================================================================
--- contrib/opie/libopie/hash.c	(revision 235829)
+++ contrib/opie/libopie/hash.c	(working copy)
@@ -17,6 +17,8 @@
 $FreeBSD$
 */
 
+#include <sys/endian.h>
+
 #include "opie_cfg.h"
 #include "opie.h"
 
@@ -32,11 +34,21 @@
   switch(algorithm) {
     case 3:
       {
+      int i;
       SHA_CTX sha;
       UINT4 digest[5];
       SHA1_Init(&sha);
       SHA1_Update(&sha, (unsigned char *)x, 8);
       SHA1_Final((unsigned char *)digest, &sha);
+
+      /*
+       * RFC2289 mandates that we convert SHA1 digest from big-endian to little
+       * see Appendix A.
+       */
+      for (i = 0; i < 5; i++) {
+          digest[i] = bswap32(digest[i]);
+      }
+
       results[0] = digest[0] ^ digest[2] ^ digest[4];
       results[1] = digest[1] ^ digest[3];
       };
Index: contrib/opie/libopie/hashlen.c
===================================================================
--- contrib/opie/libopie/hashlen.c	(revision 235829)
+++ contrib/opie/libopie/hashlen.c	(working copy)
@@ -14,6 +14,8 @@
 $FreeBSD$
 */
 
+#include <sys/endian.h>
+
 #include "opie_cfg.h"
 #include "opie.h"
 
@@ -29,11 +31,20 @@
 
   switch(algorithm) {
     case 3: {
+      int i;
       SHA_CTX sha;
       UINT4 digest[5];
       SHA1_Init(&sha);
       SHA1_Update(&sha, (unsigned char *)in, n);
       SHA1_Final((unsigned char *)digest, &sha);
+
+      /*
+       * RFC2289 mandates that we convert SHA1 digest from big-endian to little
+       * see Appendix A.
+       */
+      for (i = 0; i < 5; i++) {
+          digest[i] = bswap32(digest[i]);
+      }
       results[0] = digest[0] ^ digest[2] ^ digest[4];
       results[1] = digest[1] ^ digest[3];
       break;
>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-bugs->delphij 
Responsible-Changed-By: delphij 
Responsible-Changed-When: Fri Aug 10 00:42:27 UTC 2012 
Responsible-Changed-Why:  
Take. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=170519 

From: Xin Li <delphij@delphij.net>
To: Arthur Mesh <arthurmesh@gmail.com>
Cc: FreeBSD-gnats-submit@FreeBSD.org, obrien@FreeBSD.org
Subject: Re: misc/170519: OPIE doesn't properly do SHA-1 (otp-sha)
Date: Thu, 09 Aug 2012 18:07:37 -0700

 This is a multi-part message in MIME format.
 --------------070201030109080909080206
 Content-Type: text/plain; charset=ISO-8859-1
 Content-Transfer-Encoding: 7bit
 
 -----BEGIN PGP SIGNED MESSAGE-----
 Hash: SHA256
 
 Hi, Arthur,
 
 I think your change will break big endian systems which accidentally
 worked.  Looking at the RFC, it seems that we could implement it this
 way, as attached.  Could you please review and verify if it fixes the
 problem for you?
 
 Cheers,
 - -- 
 Xin LI <delphij@delphij.net>    https://www.delphij.net/
 FreeBSD - The Power to Serve!           Live free or die
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.19 (FreeBSD)
 Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
 
 iQEcBAEBCAAGBQJQJF7ZAAoJEG80Jeu8UPuz8K8H/i9zhG3S0XkyJH61hUiHxcTS
 kS/+O/PHGXVW+3X0mU1EIa5HMS7rYn1dnC7bEih6G+RQ7NpILbi2kV7Jk0qQTiAw
 s6ozJVlE8oJ31QbHL1CEcQOaYBbwEw0h4+WQclDs8mggpOhnyWrt0uJqgVCM/Ch/
 XqY+ZwpBbwu5pW7hM+VNOuoqi3ksLU+R49LJV5TxNn9NnUF4rx9e63JJinQyC7+2
 kEJOyZ5no+dI4yTJUTp68c0KN9UhkWQyMPEtXV0XCG9bX//8XCAna2kfc7omf/Y1
 rWDVllxu7Lmx9V+h+MkXxbv7chRHTWqYlWJHqy/loLixfvP9jIbPVKN5EWPDqoU=
 =Yooa
 -----END PGP SIGNATURE-----
 
 --------------070201030109080909080206
 Content-Type: text/plain;
  name="opie.diff"
 Content-Transfer-Encoding: 7bit
 Content-Disposition: attachment;
  filename="opie.diff"
 
 Index: contrib/opie/libopie/hash.c
 ===================================================================
 --- contrib/opie/libopie/hash.c	(revision 239157)
 +++ contrib/opie/libopie/hash.c	(working copy)
 @@ -20,6 +20,7 @@ $FreeBSD$
  #include "opie_cfg.h"
  #include "opie.h"
  
 +#include <netinet/in.h>
  #include <sha.h>
  #include <md4.h>
  #include <md5.h>
 @@ -39,6 +40,14 @@ unsigned algorithm)
        SHA1_Final((unsigned char *)digest, &sha);
        results[0] = digest[0] ^ digest[2] ^ digest[4];
        results[1] = digest[1] ^ digest[3];
 +
 +      /*
 +       * RFC2289 mandates that we convert SHA1 digest from big-endian to little
 +       * see Appendix A.
 +       */
 +      results[0] = htonl(results[0]);
 +      results[1] = htonl(results[1]);
 +
        };
        break;
      case 4:
 Index: contrib/opie/libopie/hashlen.c
 ===================================================================
 --- contrib/opie/libopie/hashlen.c	(revision 239157)
 +++ contrib/opie/libopie/hashlen.c	(working copy)
 @@ -17,6 +17,7 @@ $FreeBSD$
  #include "opie_cfg.h"
  #include "opie.h"
  
 +#include <netinet/in.h>
  #include <sha.h>
  #include <md4.h>
  #include <md5.h>
 @@ -36,6 +37,14 @@ VOIDPTR in AND struct opie_otpkey *out AND int n)
        SHA1_Final((unsigned char *)digest, &sha);
        results[0] = digest[0] ^ digest[2] ^ digest[4];
        results[1] = digest[1] ^ digest[3];
 +
 +      /*
 +       * RFC2289 mandates that we convert SHA1 digest from big-endian to little
 +       * see Appendix A.
 +       */
 +      results[0] = htonl(results[0]);
 +      results[1] = htonl(results[1]);
 +
        break;
      }
      case 4: {
 
 --------------070201030109080909080206--

From: Xin LI <delphij@gmail.com>
To: arthurmesh@gmail.com, 
	FreeBSD gnats submit <freebsd-gnats-submit@freebsd.org>
Cc:  
Subject: Re: misc/170519: OPIE doesn't properly do SHA-1 (otp-sha)
Date: Thu, 9 Aug 2012 18:57:30 -0700

 Sorry I misunderstood the RFC.  The original patch was correct.
 
 Cheers,
 -- 
 Xin LI <delphij@delphij.net> https://www.delphij.net/
 FreeBSD - The Power to Serve! Live free or die
State-Changed-From-To: open->patched 
State-Changed-By: delphij 
State-Changed-When: Fri Aug 10 04:49:18 UTC 2012 
State-Changed-Why:  
Patch applied against -HEAD, MFC reminder. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=170519 

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: bin/170519: commit references a PR
Date: Fri, 10 Aug 2012 04:49:48 +0000 (UTC)

 Author: delphij
 Date: Fri Aug 10 04:48:58 2012
 New Revision: 239169
 URL: http://svn.freebsd.org/changeset/base/239169
 
 Log:
   RFC 2289 requires all hashes be stored in little endian format before
   folding to 64 bits, while SHA1 code is big endian.  Therefore, a bswap32
   is required before using the value.
   
   Without this change, the implementation does not conform to test vector
   found in RFC 2289.
   
   PR:		bin/170519
   Submitted by:	Arthur Mesh <arthurmesh gmail com> (with changes)
   MFC after:	1 week
 
 Modified:
   head/contrib/opie/libopie/hash.c
   head/contrib/opie/libopie/hashlen.c
 
 Modified: head/contrib/opie/libopie/hash.c
 ==============================================================================
 --- head/contrib/opie/libopie/hash.c	Fri Aug 10 04:48:06 2012	(r239168)
 +++ head/contrib/opie/libopie/hash.c	Fri Aug 10 04:48:58 2012	(r239169)
 @@ -17,6 +17,8 @@ you didn't get a copy, you may request o
  $FreeBSD$
  */
  
 +#include <sys/endian.h>
 +
  #include "opie_cfg.h"
  #include "opie.h"
  
 @@ -39,6 +41,13 @@ unsigned algorithm)
        SHA1_Final((unsigned char *)digest, &sha);
        results[0] = digest[0] ^ digest[2] ^ digest[4];
        results[1] = digest[1] ^ digest[3];
 +
 +      /*
 +       * RFC2289 mandates that we convert SHA1 digest from big-endian to little
 +       * see Appendix A.
 +       */
 +      results[0] = bswap32(results[0]);
 +      results[1] = bswap32(results[1]);
        };
        break;
      case 4:
 
 Modified: head/contrib/opie/libopie/hashlen.c
 ==============================================================================
 --- head/contrib/opie/libopie/hashlen.c	Fri Aug 10 04:48:06 2012	(r239168)
 +++ head/contrib/opie/libopie/hashlen.c	Fri Aug 10 04:48:58 2012	(r239169)
 @@ -14,6 +14,8 @@ you didn't get a copy, you may request o
  $FreeBSD$
  */
  
 +#include <sys/endian.h>
 +
  #include "opie_cfg.h"
  #include "opie.h"
  
 @@ -36,6 +38,13 @@ VOIDPTR in AND struct opie_otpkey *out A
        SHA1_Final((unsigned char *)digest, &sha);
        results[0] = digest[0] ^ digest[2] ^ digest[4];
        results[1] = digest[1] ^ digest[3];
 +
 +      /*
 +       * RFC2289 mandates that we convert SHA1 digest from big-endian to little
 +       * see Appendix A.
 +       */
 +      results[0] = bswap32(results[0]);
 +      results[1] = bswap32(results[1]);
        break;
      }
      case 4: {
 _______________________________________________
 svn-src-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/svn-src-all
 To unsubscribe, send any mail to "svn-src-all-unsubscribe@freebsd.org"
 

From: Arthur Mesh <arthurmesh@gmail.com>
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: bin/170519: OPIE doesn't properly do SHA-1 (otp-sha)
Date: Fri, 10 Aug 2012 21:00:10 -0700

 > + /*
 > + * RFC2289 mandates that we convert SHA1 digest from big-endian to little
 > + * see Appendix A.
 > + */
 > + results[0] = bswap32(results[0]);
 > + results[1] = bswap32(results[1]);
 
 Even though it's functionally correct, the comment doesn't correspond to
 the code. You're not converting SHA1 digest to little endian -- you're
 converting a 'folded' version of the SHA1 digest.
 
 It may also be desirable to explicitly state that OPIE can't be
 configured to do SHA1 in server mode (opiepasswd(1)). Although it can
 generate MD4/MD5/SHA1 for client mode (opiekey(1)). The implication is
 that this fix shouldn't break existing setups for FreeBSD OPIE users.
 
 Thanks for prompt action on this PR.

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: bin/170519: commit references a PR
Date: Mon, 20 Aug 2012 18:26:34 +0000 (UTC)

 Author: delphij
 Date: Mon Aug 20 18:26:16 2012
 New Revision: 239459
 URL: http://svn.freebsd.org/changeset/base/239459
 
 Log:
   MFC r239169:
   
   RFC 2289 requires all hashes be stored in little endian format before
   folding to 64 bits, while SHA1 code is big endian.  Therefore, a bswap32
   is required before using the value.
   
   Without this change, the implementation does not conform to test vector
   found in RFC 2289.
   
   PR:		bin/170519
   Submitted by:	Arthur Mesh <arthurmesh gmail com> (with changes)
 
 Modified:
   stable/9/contrib/opie/libopie/hash.c
   stable/9/contrib/opie/libopie/hashlen.c
 Directory Properties:
   stable/9/contrib/opie/   (props changed)
 
 Changes in other areas also in this revision:
 Modified:
   stable/7/contrib/opie/libopie/hash.c
   stable/7/contrib/opie/libopie/hashlen.c
   stable/8/contrib/opie/libopie/hash.c
   stable/8/contrib/opie/libopie/hashlen.c
 Directory Properties:
   stable/7/contrib/opie/   (props changed)
   stable/8/contrib/opie/   (props changed)
 
 Modified: stable/9/contrib/opie/libopie/hash.c
 ==============================================================================
 --- stable/9/contrib/opie/libopie/hash.c	Mon Aug 20 18:19:06 2012	(r239458)
 +++ stable/9/contrib/opie/libopie/hash.c	Mon Aug 20 18:26:16 2012	(r239459)
 @@ -17,6 +17,8 @@ you didn't get a copy, you may request o
  $FreeBSD$
  */
  
 +#include <sys/endian.h>
 +
  #include "opie_cfg.h"
  #include "opie.h"
  
 @@ -39,6 +41,13 @@ unsigned algorithm)
        SHA1_Final((unsigned char *)digest, &sha);
        results[0] = digest[0] ^ digest[2] ^ digest[4];
        results[1] = digest[1] ^ digest[3];
 +
 +      /*
 +       * RFC2289 mandates that we convert SHA1 digest from big-endian to little
 +       * see Appendix A.
 +       */
 +      results[0] = bswap32(results[0]);
 +      results[1] = bswap32(results[1]);
        };
        break;
      case 4:
 
 Modified: stable/9/contrib/opie/libopie/hashlen.c
 ==============================================================================
 --- stable/9/contrib/opie/libopie/hashlen.c	Mon Aug 20 18:19:06 2012	(r239458)
 +++ stable/9/contrib/opie/libopie/hashlen.c	Mon Aug 20 18:26:16 2012	(r239459)
 @@ -14,6 +14,8 @@ you didn't get a copy, you may request o
  $FreeBSD$
  */
  
 +#include <sys/endian.h>
 +
  #include "opie_cfg.h"
  #include "opie.h"
  
 @@ -36,6 +38,13 @@ VOIDPTR in AND struct opie_otpkey *out A
        SHA1_Final((unsigned char *)digest, &sha);
        results[0] = digest[0] ^ digest[2] ^ digest[4];
        results[1] = digest[1] ^ digest[3];
 +
 +      /*
 +       * RFC2289 mandates that we convert SHA1 digest from big-endian to little
 +       * see Appendix A.
 +       */
 +      results[0] = bswap32(results[0]);
 +      results[1] = bswap32(results[1]);
        break;
      }
      case 4: {
 _______________________________________________
 svn-src-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/svn-src-all
 To unsubscribe, send any mail to "svn-src-all-unsubscribe@freebsd.org"
 

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: bin/170519: commit references a PR
Date: Mon, 20 Aug 2012 18:26:52 +0000 (UTC)

 Author: delphij
 Date: Mon Aug 20 18:26:16 2012
 New Revision: 239459
 URL: http://svn.freebsd.org/changeset/base/239459
 
 Log:
   MFC r239169:
   
   RFC 2289 requires all hashes be stored in little endian format before
   folding to 64 bits, while SHA1 code is big endian.  Therefore, a bswap32
   is required before using the value.
   
   Without this change, the implementation does not conform to test vector
   found in RFC 2289.
   
   PR:		bin/170519
   Submitted by:	Arthur Mesh <arthurmesh gmail com> (with changes)
 
 Modified:
   stable/8/contrib/opie/libopie/hash.c
   stable/8/contrib/opie/libopie/hashlen.c
 Directory Properties:
   stable/8/contrib/opie/   (props changed)
 
 Changes in other areas also in this revision:
 Modified:
   stable/7/contrib/opie/libopie/hash.c
   stable/7/contrib/opie/libopie/hashlen.c
   stable/9/contrib/opie/libopie/hash.c
   stable/9/contrib/opie/libopie/hashlen.c
 Directory Properties:
   stable/7/contrib/opie/   (props changed)
   stable/9/contrib/opie/   (props changed)
 
 Modified: stable/8/contrib/opie/libopie/hash.c
 ==============================================================================
 --- stable/8/contrib/opie/libopie/hash.c	Mon Aug 20 18:19:06 2012	(r239458)
 +++ stable/8/contrib/opie/libopie/hash.c	Mon Aug 20 18:26:16 2012	(r239459)
 @@ -17,6 +17,8 @@ you didn't get a copy, you may request o
  $FreeBSD$
  */
  
 +#include <sys/endian.h>
 +
  #include "opie_cfg.h"
  #include "opie.h"
  
 @@ -39,6 +41,13 @@ unsigned algorithm)
        SHA1_Final((unsigned char *)digest, &sha);
        results[0] = digest[0] ^ digest[2] ^ digest[4];
        results[1] = digest[1] ^ digest[3];
 +
 +      /*
 +       * RFC2289 mandates that we convert SHA1 digest from big-endian to little
 +       * see Appendix A.
 +       */
 +      results[0] = bswap32(results[0]);
 +      results[1] = bswap32(results[1]);
        };
        break;
      case 4:
 
 Modified: stable/8/contrib/opie/libopie/hashlen.c
 ==============================================================================
 --- stable/8/contrib/opie/libopie/hashlen.c	Mon Aug 20 18:19:06 2012	(r239458)
 +++ stable/8/contrib/opie/libopie/hashlen.c	Mon Aug 20 18:26:16 2012	(r239459)
 @@ -14,6 +14,8 @@ you didn't get a copy, you may request o
  $FreeBSD$
  */
  
 +#include <sys/endian.h>
 +
  #include "opie_cfg.h"
  #include "opie.h"
  
 @@ -36,6 +38,13 @@ VOIDPTR in AND struct opie_otpkey *out A
        SHA1_Final((unsigned char *)digest, &sha);
        results[0] = digest[0] ^ digest[2] ^ digest[4];
        results[1] = digest[1] ^ digest[3];
 +
 +      /*
 +       * RFC2289 mandates that we convert SHA1 digest from big-endian to little
 +       * see Appendix A.
 +       */
 +      results[0] = bswap32(results[0]);
 +      results[1] = bswap32(results[1]);
        break;
      }
      case 4: {
 _______________________________________________
 svn-src-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/svn-src-all
 To unsubscribe, send any mail to "svn-src-all-unsubscribe@freebsd.org"
 

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: bin/170519: commit references a PR
Date: Mon, 20 Aug 2012 18:27:03 +0000 (UTC)

 Author: delphij
 Date: Mon Aug 20 18:26:16 2012
 New Revision: 239459
 URL: http://svn.freebsd.org/changeset/base/239459
 
 Log:
   MFC r239169:
   
   RFC 2289 requires all hashes be stored in little endian format before
   folding to 64 bits, while SHA1 code is big endian.  Therefore, a bswap32
   is required before using the value.
   
   Without this change, the implementation does not conform to test vector
   found in RFC 2289.
   
   PR:		bin/170519
   Submitted by:	Arthur Mesh <arthurmesh gmail com> (with changes)
 
 Modified:
   stable/7/contrib/opie/libopie/hash.c
   stable/7/contrib/opie/libopie/hashlen.c
 Directory Properties:
   stable/7/contrib/opie/   (props changed)
 
 Changes in other areas also in this revision:
 Modified:
   stable/8/contrib/opie/libopie/hash.c
   stable/8/contrib/opie/libopie/hashlen.c
   stable/9/contrib/opie/libopie/hash.c
   stable/9/contrib/opie/libopie/hashlen.c
 Directory Properties:
   stable/8/contrib/opie/   (props changed)
   stable/9/contrib/opie/   (props changed)
 
 Modified: stable/7/contrib/opie/libopie/hash.c
 ==============================================================================
 --- stable/7/contrib/opie/libopie/hash.c	Mon Aug 20 18:19:06 2012	(r239458)
 +++ stable/7/contrib/opie/libopie/hash.c	Mon Aug 20 18:26:16 2012	(r239459)
 @@ -17,6 +17,8 @@ you didn't get a copy, you may request o
  $FreeBSD$
  */
  
 +#include <sys/endian.h>
 +
  #include "opie_cfg.h"
  #include "opie.h"
  
 @@ -39,6 +41,13 @@ unsigned algorithm)
        SHA1_Final((unsigned char *)digest, &sha);
        results[0] = digest[0] ^ digest[2] ^ digest[4];
        results[1] = digest[1] ^ digest[3];
 +
 +      /*
 +       * RFC2289 mandates that we convert SHA1 digest from big-endian to little
 +       * see Appendix A.
 +       */
 +      results[0] = bswap32(results[0]);
 +      results[1] = bswap32(results[1]);
        };
        break;
      case 4:
 
 Modified: stable/7/contrib/opie/libopie/hashlen.c
 ==============================================================================
 --- stable/7/contrib/opie/libopie/hashlen.c	Mon Aug 20 18:19:06 2012	(r239458)
 +++ stable/7/contrib/opie/libopie/hashlen.c	Mon Aug 20 18:26:16 2012	(r239459)
 @@ -14,6 +14,8 @@ you didn't get a copy, you may request o
  $FreeBSD$
  */
  
 +#include <sys/endian.h>
 +
  #include "opie_cfg.h"
  #include "opie.h"
  
 @@ -36,6 +38,13 @@ VOIDPTR in AND struct opie_otpkey *out A
        SHA1_Final((unsigned char *)digest, &sha);
        results[0] = digest[0] ^ digest[2] ^ digest[4];
        results[1] = digest[1] ^ digest[3];
 +
 +      /*
 +       * RFC2289 mandates that we convert SHA1 digest from big-endian to little
 +       * see Appendix A.
 +       */
 +      results[0] = bswap32(results[0]);
 +      results[1] = bswap32(results[1]);
        break;
      }
      case 4: {
 _______________________________________________
 svn-src-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/svn-src-all
 To unsubscribe, send any mail to "svn-src-all-unsubscribe@freebsd.org"
 

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: bin/170519: commit references a PR
Date: Tue, 21 Aug 2012 09:05:39 +0000 (UTC)

 Author: delphij
 Date: Tue Aug 21 09:05:23 2012
 New Revision: 239482
 URL: http://svn.freebsd.org/changeset/base/239482
 
 Log:
   MFC r239169:
   
   RFC 2289 requires all hashes be stored in little endian format before
   folding to 64 bits, while SHA1 code is big endian.  Therefore, a bswap32
   is required before using the value.
   
   Without this change, the implementation does not conform to test vector
   found in RFC 2289.
   
   PR:		bin/170519
   Submitted by:	Arthur Mesh <arthurmesh gmail com> (with changes)
   Approved by:	re (kib)
 
 Modified:
   releng/9.1/contrib/opie/libopie/hash.c
   releng/9.1/contrib/opie/libopie/hashlen.c
 Directory Properties:
   releng/9.1/contrib/opie/   (props changed)
 
 Modified: releng/9.1/contrib/opie/libopie/hash.c
 ==============================================================================
 --- releng/9.1/contrib/opie/libopie/hash.c	Tue Aug 21 08:31:30 2012	(r239481)
 +++ releng/9.1/contrib/opie/libopie/hash.c	Tue Aug 21 09:05:23 2012	(r239482)
 @@ -17,6 +17,8 @@ you didn't get a copy, you may request o
  $FreeBSD$
  */
  
 +#include <sys/endian.h>
 +
  #include "opie_cfg.h"
  #include "opie.h"
  
 @@ -39,6 +41,13 @@ unsigned algorithm)
        SHA1_Final((unsigned char *)digest, &sha);
        results[0] = digest[0] ^ digest[2] ^ digest[4];
        results[1] = digest[1] ^ digest[3];
 +
 +      /*
 +       * RFC2289 mandates that we convert SHA1 digest from big-endian to little
 +       * see Appendix A.
 +       */
 +      results[0] = bswap32(results[0]);
 +      results[1] = bswap32(results[1]);
        };
        break;
      case 4:
 
 Modified: releng/9.1/contrib/opie/libopie/hashlen.c
 ==============================================================================
 --- releng/9.1/contrib/opie/libopie/hashlen.c	Tue Aug 21 08:31:30 2012	(r239481)
 +++ releng/9.1/contrib/opie/libopie/hashlen.c	Tue Aug 21 09:05:23 2012	(r239482)
 @@ -14,6 +14,8 @@ you didn't get a copy, you may request o
  $FreeBSD$
  */
  
 +#include <sys/endian.h>
 +
  #include "opie_cfg.h"
  #include "opie.h"
  
 @@ -36,6 +38,13 @@ VOIDPTR in AND struct opie_otpkey *out A
        SHA1_Final((unsigned char *)digest, &sha);
        results[0] = digest[0] ^ digest[2] ^ digest[4];
        results[1] = digest[1] ^ digest[3];
 +
 +      /*
 +       * RFC2289 mandates that we convert SHA1 digest from big-endian to little
 +       * see Appendix A.
 +       */
 +      results[0] = bswap32(results[0]);
 +      results[1] = bswap32(results[1]);
        break;
      }
      case 4: {
 _______________________________________________
 svn-src-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/svn-src-all
 To unsubscribe, send any mail to "svn-src-all-unsubscribe@freebsd.org"
 
State-Changed-From-To: patched->closed 
State-Changed-By: delphij 
State-Changed-When: Tue Aug 21 09:36:01 UTC 2012 
State-Changed-Why:  
Patch applied to all supported FreeBSD branches. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=170519 
>Unformatted:
