From 22e34a25b4b3484903f87945e0a4fef4a33416f7 Mon Sep 17 00:00:00 2001
From: delphij <delphij@ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f>
Date: Tue, 21 Aug 2012 09:05:23 +0000
Subject: [PATCH] MFC r239169:

RFC 2289 requires all hashes be stored in little endian format before
folding to 64 bits, while SHA1 code is big endian.  Therefore, a bswap32
is required before using the value.

Without this change, the implementation does not conform to test vector
found in RFC 2289.

PR:		bin/170519
Submitted by:	Arthur Mesh <arthurmesh gmail com> (with changes)
Approved by:	re (kib)


git-svn-id: svn://svn.freebsd.org/base/releng/9.1@239482 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f
---
 contrib/opie/libopie/hash.c    | 9 +++++++++
 contrib/opie/libopie/hashlen.c | 9 +++++++++
 2 files changed, 18 insertions(+)

diff --git a/contrib/opie/libopie/hash.c b/contrib/opie/libopie/hash.c
index babcbfae..8a59f416 100644
--- a/contrib/opie/libopie/hash.c
+++ b/contrib/opie/libopie/hash.c
@@ -17,6 +17,8 @@ you didn't get a copy, you may request one from <license@inner.net>.
 $FreeBSD$
 */
 
+#include <sys/endian.h>
+
 #include "opie_cfg.h"
 #include "opie.h"
 
@@ -39,6 +41,13 @@ unsigned algorithm)
       SHA1_Final((unsigned char *)digest, &sha);
       results[0] = digest[0] ^ digest[2] ^ digest[4];
       results[1] = digest[1] ^ digest[3];
+
+      /*
+       * RFC2289 mandates that we convert SHA1 digest from big-endian to little
+       * see Appendix A.
+       */
+      results[0] = bswap32(results[0]);
+      results[1] = bswap32(results[1]);
       };
       break;
     case 4:
diff --git a/contrib/opie/libopie/hashlen.c b/contrib/opie/libopie/hashlen.c
index 29d855de..0d5808c1 100644
--- a/contrib/opie/libopie/hashlen.c
+++ b/contrib/opie/libopie/hashlen.c
@@ -14,6 +14,8 @@ you didn't get a copy, you may request one from <license@inner.net>.
 $FreeBSD$
 */
 
+#include <sys/endian.h>
+
 #include "opie_cfg.h"
 #include "opie.h"
 
@@ -36,6 +38,13 @@ VOIDPTR in AND struct opie_otpkey *out AND int n)
       SHA1_Final((unsigned char *)digest, &sha);
       results[0] = digest[0] ^ digest[2] ^ digest[4];
       results[1] = digest[1] ^ digest[3];
+
+      /*
+       * RFC2289 mandates that we convert SHA1 digest from big-endian to little
+       * see Appendix A.
+       */
+      results[0] = bswap32(results[0]);
+      results[1] = bswap32(results[1]);
       break;
     }
     case 4: {
-- 
2.42.0