Support for SHA-224 SHA-256-SHA-384 and SHA-512 hashes has been added to rlm_pap. The correct digest algo is determined by the length of the value of SHA2-Password.
28 bytes - SHA-224
32 bytes - SHA-256
48 bytes - SHA-384
64 bytes - SHA-512
Password-With-Header prefixes {sha2},{sha256},{sha512} will all result in the Password-With-Header value being copied to a SHA2-Password attribute. {sha256},{sha512} match the password headers used by the slapd-sha2 module developed for OpenLDAP.
Don't think many of the other hashes in OpenSSL's EVP_MD API are either widely used or appropriate for hashing passwords. But if someone knows differently then let me know.
The equivalent xlats have also been added for SHA-256 and SHA-512, I don't think SHA-224 or SHA-384 are widely used enough to justify adding them, but it's only a two line patch if someone thinks differently.
Does anyone have a burning need for any of the other hashes supported by EVP_MD?
-Arran
FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/devel.html