EVP Message Digest requests

Arran Cudbard-Bell a.cudbardb at freeradius.org
Thu Feb 6 17:36:47 CET 2014

Support for SHA-224 SHA-256-SHA-384 and SHA-512 hashes has been added to rlm_pap. The correct digest algo is determined by the length of the value of SHA2-Password.

28 bytes - SHA-224
32 bytes - SHA-256
48 bytes - SHA-384
64 bytes - SHA-512

Password-With-Header prefixes {sha2},{sha256},{sha512} will all result in the Password-With-Header value being copied to a SHA2-Password attribute.  {sha256},{sha512} match the password headers used by the slapd-sha2 module developed for OpenLDAP.

Don't think many of the other hashes in OpenSSL's EVP_MD API are either widely used or appropriate for hashing passwords. But if someone knows differently then let me know.

The equivalent xlats have also been added for SHA-256 and SHA-512,  I don't think SHA-224 or SHA-384 are widely used enough to justify adding them, but it's only a two line patch if someone thinks differently.

Does anyone have a burning need for any of the other hashes supported by EVP_MD?


Arran Cudbard-Bell <a.cudbardb at freeradius.org>
FreeRADIUS Development Team

FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-devel/attachments/20140206/4211dc24/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 881 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.freeradius.org/pipermail/freeradius-devel/attachments/20140206/4211dc24/attachment.pgp>

More information about the Freeradius-Devel mailing list