1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
|
From 9708ba2036f719a6431c3464168d3f755d46f9fe Mon Sep 17 00:00:00 2001
From: Christoph Klaffl <christoph@phreaker.eu>
Date: Tue, 5 Nov 2019 16:49:54 +0100
Subject: [PATCH] support for openssl 1.1.1 and later
---
src/otp.c | 24 ++++++++++++------------
1 file changed, 12 insertions(+), 12 deletions(-)
diff --git a/src/otp.c b/src/otp.c
index 09f5489..5fed65e 100644
--- a/src/otp.c
+++ b/src/otp.c
@@ -405,13 +405,13 @@ static int otp_verify(const char *vpn_username, const char *vpn_secret)
LOG("OTP-AUTH: unknown encoding '%s'\n", otp_params.encoding);
goto done;
}
-
+
uint64_t T, Tn, Ti;
uint8_t mac[EVP_MAX_MD_SIZE];
unsigned maclen;
if (!strncasecmp("totp", otp_params.method, 4)) {
-#ifdef HAVE_OPENSSL_110
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
HMAC_CTX* hmac = HMAC_CTX_new();
#else
HMAC_CTX hmac;
@@ -436,7 +436,7 @@ static int otp_verify(const char *vpn_username, const char *vpn_secret)
for (i = -range; !ok && i <= range; ++i) {
Tn = htobe64(T + i);
-#ifdef HAVE_OPENSSL_110
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
HMAC_CTX_reset(hmac);
HMAC_Init_ex(hmac, otp_key, key_len, otp_digest, NULL);
HMAC_Update(hmac, (uint8_t *)&Tn, sizeof(Tn));
@@ -462,12 +462,12 @@ static int otp_verify(const char *vpn_username, const char *vpn_secret)
DEBUG("OTP-AUTH: auth ok for method='%s', client_username='%s', client_secret='%s'\n", otp_params.method, vpn_username, vpn_secret);
}
}
-#ifdef HAVE_OPENSSL_110
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
HMAC_CTX_free(hmac);
#endif
}
else if (!strncasecmp("hotp", otp_params.method, 4)) {
-#ifdef HAVE_OPENSSL_110
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
HMAC_CTX* hmac = HMAC_CTX_new();
#else
HMAC_CTX hmac;
@@ -489,7 +489,7 @@ static int otp_verify(const char *vpn_username, const char *vpn_secret)
for (i = 0; !ok && i <= hotp_syncwindow; i++) {
Ti = T+i;
Tn = htobe64(Ti);
-#ifdef HAVE_OPENSSL_110
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
HMAC_CTX_reset(hmac);
HMAC_Init_ex(hmac, otp_key, key_len, otp_digest, NULL);
HMAC_Update(hmac, (uint8_t *)&Tn, sizeof(Tn));
@@ -517,13 +517,13 @@ static int otp_verify(const char *vpn_username, const char *vpn_secret)
hotp_set_counter(otp_params.key, Ti+1);
}
}
-#ifdef HAVE_OPENSSL_110
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
HMAC_CTX_free(hmac);
#endif
}
}
else if (!strcasecmp("motp", otp_params.method)) {
-#ifdef HAVE_OPENSSL_110
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
EVP_MD_CTX* ctx = EVP_MD_CTX_new();
#else
EVP_MD_CTX ctx;
@@ -535,8 +535,8 @@ static int otp_verify(const char *vpn_username, const char *vpn_secret)
T = time(NULL) / motp_step;
for (i = -range; !ok && i <= range; ++i) {
-#ifdef HAVE_OPENSSL_110
- EVP_MD_CTX_reset(ctx);
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+ EVP_MD_CTX_reset(ctx);
EVP_DigestInit_ex(ctx, otp_digest, NULL);
n = sprintf(buf, "%" PRIu64, T + i);
EVP_DigestUpdate(ctx, buf, n);
@@ -573,7 +573,7 @@ static int otp_verify(const char *vpn_username, const char *vpn_secret)
DEBUG("OTP-AUTH: auth ok for method='%s', client_username='%s', client_secret='%s'\n", otp_params.method, vpn_username, vpn_secret);
}
}
-#ifdef HAVE_OPENSSL_110
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
EVP_MD_CTX_free(ctx);
#endif
}
@@ -755,7 +755,7 @@ openvpn_plugin_func_v1 (openvpn_plugin_handle_t handle, const int type, const ch
LOG("OTP_AUTH: OTP Password is missing\n");
return OPENVPN_PLUGIN_FUNC_ERROR;
}
-
+
/* check entered username/password against what we require */
int ok = otp_verify(username, otp_password);
|