From e0aa2210f9a75cb015e71155de38241138b8fe1d Mon Sep 17 00:00:00 2001
From: yixiangzhike <yixiangzhike007@163.com>
Date: Wed, 27 Apr 2022 10:27:56 +0800
Subject: [PATCH] Update the hash function for key derivation to SHA256

---
 authd.spec                                    |  8 +++-
 ...unction-for-key-derivation-to-SHA256.patch | 38 +++++++++++++++++++
 2 files changed, 45 insertions(+), 1 deletion(-)
 create mode 100644 backport-Update-the-hash-function-for-key-derivation-to-SHA256.patch

diff --git a/authd.spec b/authd.spec
index 600b938..0334e4c 100644
--- a/authd.spec
+++ b/authd.spec
@@ -1,6 +1,6 @@
 Name:             authd
 Version:          1.4.4
-Release:          1
+Release:          2
 Summary:          A RFC 1413 ident protocol daemon
 License:          GPLv2+
 URL:              https://github.com/InfrastructureServices/authd
@@ -9,6 +9,9 @@ Source0:          https://github.com/InfrastructureServices/authd/releases/downl
 # https://github.com/InfrastructureServices/authd/tree/master/packaging/Fedora
 Source1:          auth.socket
 Source2:          auth@.service
+
+Patch0:           backport-Update-the-hash-function-for-key-derivation-to-SHA256.patch
+
 BuildRequires:    gcc openssl-devel gettext help2man systemd-units
 Requires(post):   openssl systemd-units
 Requires(preun):  systemd-units
@@ -73,5 +76,8 @@ chmod o-rw %{_sysconfdir}/ident.key
 %doc rfc1413.txt
 
 %changelog
+* Wed Apr 27 2022 yixiangzhike <yixiangzhike007@163.com> - 1.4.4-2
+- Update the hash function for key derivation to SHA256
+
 * Tue Sep 10 2019 openEuler Buildteam <buildteam@openeuler.org> - 1.4.4-1
 - Package init
diff --git a/backport-Update-the-hash-function-for-key-derivation-to-SHA256.patch b/backport-Update-the-hash-function-for-key-derivation-to-SHA256.patch
new file mode 100644
index 0000000..6358b3e
--- /dev/null
+++ b/backport-Update-the-hash-function-for-key-derivation-to-SHA256.patch
@@ -0,0 +1,38 @@
+From eae2220ad19c905bb38e06f950c07c266b6a1398 Mon Sep 17 00:00:00 2001
+From: Pavel Zhukov <pavel@zhukoff.net>
+Date: Mon, 21 Sep 2020 09:02:57 +0200
+Subject: [PATCH] Update the hash function for key derivation to SHA256
+
+Author: Philippe Troin  <phil@fifi.org>
+Bug-Url: https://bugzilla.redhat.com/1669333
+---
+ authd.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/authd.c b/authd.c
+index a2072de..6d9f83e 100644
+--- a/authd.c
++++ b/authd.c
+@@ -806,7 +806,7 @@ static bool initialize_crypto(crypto_t *x, const char *filename) {
+     assert(filename != NULL && x != NULL);
+     if (stat(filename, &file) == 0) {
+         FILE *stream; ssize_t len;
+-        const EVP_MD *const HASH = EVP_md5();   // openssl compat: enc -pass
++        const EVP_MD *const HASH = EVP_sha256();   // openssl compat: enc -pass
+         const size_t KEY_SIZE = EVP_CIPHER_key_length(x->cipher);
+         const size_t IV_SIZE = EVP_CIPHER_iv_length(x->cipher);
+         char *pass = NULL; size_t z = 0;
+@@ -820,8 +820,8 @@ static bool initialize_crypto(crypto_t *x, const char *filename) {
+         if (fclose(stream) == EOF) return false;
+         if (len > 0 && pass[(size_t) (len - 1)] == '\n')
+             pass[(size_t) --len] = '\0';
+-        if (RAND_pseudo_bytes(x->salt, sizeof(x->salt)) <= 0) return false;
+-        EVP_BytesToKey(x->cipher, HASH, x->salt, pass, len, 1, x->key, x->iv);
++        if (RAND_bytes(x->salt, sizeof(x->salt)) <= 0) return false;
++        EVP_BytesToKey(x->cipher, HASH, x->salt, (const unsigned char*)pass, len, 1, x->key, x->iv);
+         memset(pass, 0, len);                           // XXX: crypto erase
+         free(pass);
+         is_initialized = true;
+-- 
+1.8.3.1
+
-- 
Gitee