From: Nikolai Kondrashov Date: Fri, 18 Nov 2016 18:08:54 +0000 (+0200) Subject: Initialize HMAC context in rlm_otp X-Git-Tag: release_3_0_13~92^2~7 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=e867899fe8eb4262bef9054969635f4316802240;p=thirdparty%2Ffreeradius-server.git Initialize HMAC context in rlm_otp Add the missing mandatory HMAC context initialization to rlm_otp's otp_gen_state. Otherwise the outcome of the following HMAC operations is undefined. --- diff --git a/src/modules/rlm_otp/otp_radstate.c b/src/modules/rlm_otp/otp_radstate.c index a70393918fd..868be6aea62 100644 --- a/src/modules/rlm_otp/otp_radstate.c +++ b/src/modules/rlm_otp/otp_radstate.c @@ -120,6 +120,7 @@ size_t otp_gen_state(char state[OTP_MAX_RADSTATE_LEN], * having to collect the data to be signed into one * contiguous piece. */ + HMAC_CTX_init(&hmac_ctx); HMAC_Init(&hmac_ctx, key, sizeof(key[0]) * 16, EVP_md5()); HMAC_Update(&hmac_ctx, (uint8_t const *) challenge, clen); HMAC_Update(&hmac_ctx, (uint8_t *) &flags, 4);