From: Gunnar Beutner <gunnar.beutner@netways.de>
Date: Thu, 16 Oct 2014 11:36:25 +0000 (+0200)
Subject: Build fix for FreeBSD
X-Git-Tag: v2.2.0~364
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=97cf93089b895a45786760401830baa11a2a2247;p=icinga2

Build fix for FreeBSD
---

diff --git a/lib/base/tlsutility.cpp b/lib/base/tlsutility.cpp
index 6d8262cdb..566d43112 100644
--- a/lib/base/tlsutility.cpp
+++ b/lib/base/tlsutility.cpp
@@ -400,14 +400,14 @@ String CertificateToString(const shared_ptr<X509>& cert)
 	return result;
 }
 
-String PBKDF2_SHA512(const String& password, const String& salt, int iterations)
+String PBKDF2_SHA1(const String& password, const String& salt, int iterations)
 {
-	unsigned char digest[SHA512_DIGEST_LENGTH];
-	PKCS5_PBKDF2_HMAC(password.CStr(), password.GetLength(), reinterpret_cast<const unsigned char *>(salt.CStr()), salt.GetLength(),
-	    iterations, EVP_sha512(), sizeof(digest), digest);
+	unsigned char digest[SHA_DIGEST_LENGTH];
+	PKCS5_PBKDF2_HMAC_SHA1(password.CStr(), password.GetLength(), reinterpret_cast<const unsigned char *>(salt.CStr()), salt.GetLength(),
+	    iterations, sizeof(digest), digest);
 
-	char output[SHA512_DIGEST_LENGTH*2+1];
-	for (int i = 0; i < 32; i++)
+	char output[SHA_DIGEST_LENGTH*2+1];
+	for (int i = 0; i < SHA_DIGEST_LENGTH; i++)
 		sprintf(output + 2 * i, "%02x", digest[i]);
 
 	return output;
diff --git a/lib/base/tlsutility.hpp b/lib/base/tlsutility.hpp
index bd272b88f..823de2b7b 100644
--- a/lib/base/tlsutility.hpp
+++ b/lib/base/tlsutility.hpp
@@ -30,6 +30,7 @@
 #include <openssl/comp.h>
 #include <openssl/sha.h>
 #include <openssl/x509v3.h>
+#include <openssl/evp.h>
 
 namespace icinga
 {
@@ -44,7 +45,7 @@ shared_ptr<X509> I2_BASE_API CreateCert(EVP_PKEY *pubkey, X509_NAME *subject, X5
 String I2_BASE_API GetIcingaCADir(void);
 String I2_BASE_API CertificateToString(const shared_ptr<X509>& cert);
 shared_ptr<X509> I2_BASE_API CreateCertIcingaCA(EVP_PKEY *pubkey, X509_NAME *subject);
-String I2_BASE_API PBKDF2_SHA512(const String& password, const String& salt, int iterations);
+String I2_BASE_API PBKDF2_SHA1(const String& password, const String& salt, int iterations);
 String I2_BASE_API SHA256(const String& s);
 
 class I2_BASE_API openssl_error : virtual public std::exception, virtual public boost::exception { };
diff --git a/lib/cli/pkiticketcommand.cpp b/lib/cli/pkiticketcommand.cpp
index e35938691..8cb10c017 100644
--- a/lib/cli/pkiticketcommand.cpp
+++ b/lib/cli/pkiticketcommand.cpp
@@ -68,7 +68,7 @@ int PKITicketCommand::Run(const boost::program_options::variables_map& vm, const
 		return 1;
 	}
 
-	std::cout << PBKDF2_SHA512(vm["cn"].as<std::string>(), vm["salt"].as<std::string>(), 50000) << std::endl;
+	std::cout << PBKDF2_SHA1(vm["cn"].as<std::string>(), vm["salt"].as<std::string>(), 50000) << std::endl;
 
 	return 0;
 }
diff --git a/lib/remote/apiclient.cpp b/lib/remote/apiclient.cpp
index 68dd690eb..04f4417f6 100644
--- a/lib/remote/apiclient.cpp
+++ b/lib/remote/apiclient.cpp
@@ -239,7 +239,7 @@ Value RequestCertificateHandler(const MessageOrigin& origin, const Dictionary::P
 	}
 
 	String ticket = params->Get("ticket");
-	String realTicket = PBKDF2_SHA512(origin.FromClient->GetIdentity(), salt, 50000);
+	String realTicket = PBKDF2_SHA1(origin.FromClient->GetIdentity(), salt, 50000);
 
 	if (ticket != realTicket) {
 		result->Set("error", "Invalid ticket.");