File _service:obs_scm:backport-Update-the-hash-funct... of Package authd

File _service:obs_scm:backport-Update-the-hash-function-for-key-derivation-to-SHA256.patch of Package authd

From eae2220ad19c905bb38e06f950c07c266b6a1398 Mon Sep 17 00:00:00 2001
From: Pavel Zhukov <pavel@zhukoff.net>
Date: Mon, 21 Sep 2020 09:02:57 +0200
Subject: [PATCH] Update the hash function for key derivation to SHA256

Author: Philippe Troin  <phil@fifi.org>
Bug-Url: https://bugzilla.redhat.com/1669333
---
 authd.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/authd.c b/authd.c
index a2072de..6d9f83e 100644
--- a/authd.c
+++ b/authd.c
@@ -806,7 +806,7 @@ static bool initialize_crypto(crypto_t *x, const char *filename) {
     assert(filename != NULL && x != NULL);
     if (stat(filename, &file) == 0) {
         FILE *stream; ssize_t len;
-        const EVP_MD *const HASH = EVP_md5();   // openssl compat: enc -pass
+        const EVP_MD *const HASH = EVP_sha256();   // openssl compat: enc -pass
         const size_t KEY_SIZE = EVP_CIPHER_key_length(x->cipher);
         const size_t IV_SIZE = EVP_CIPHER_iv_length(x->cipher);
         char *pass = NULL; size_t z = 0;
@@ -820,8 +820,8 @@ static bool initialize_crypto(crypto_t *x, const char *filename) {
         if (fclose(stream) == EOF) return false;
         if (len > 0 && pass[(size_t) (len - 1)] == '\n')
             pass[(size_t) --len] = '\0';
-        if (RAND_pseudo_bytes(x->salt, sizeof(x->salt)) <= 0) return false;
-        EVP_BytesToKey(x->cipher, HASH, x->salt, pass, len, 1, x->key, x->iv);
+        if (RAND_bytes(x->salt, sizeof(x->salt)) <= 0) return false;
+        EVP_BytesToKey(x->cipher, HASH, x->salt, (const unsigned char*)pass, len, 1, x->key, x->iv);
         memset(pass, 0, len);                           // XXX: crypto erase
         free(pass);
         is_initialized = true;
-- 
1.8.3.1