sha-3 updates

dvdkon · Aug 24, 2017 · 407ea83 · 407ea83
1 parent 1088ad4
commit 407ea83
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 6 deletions.
diff --git a/man/man5/rlm_pap.5 b/man/man5/rlm_pap.5
@@ -84,11 +84,15 @@ Header       Attribute           Description
 .br
 {ssha512}    SSHA2-512-Password  SHA2 hashed passwords, with a salt
 .br
-{ssha3}      SHA2-Password       SHA3 hashed passwords
+{ssha3}      SHA3-Password       SHA3 hashed passwords
 .br
-{ssha3-256}  SHA3-Password       SHA3 hashed passwords, with a salt
+{ssha3-224}  SHA3-224-Password   SHA3 hashed passwords, with a salt
 .br
-{ssha3-512}  SHA3-Password       SHA3 hashed passwords, with a salt
+{ssha3-256}  SHA3-256-Password   SHA3 hashed passwords, with a salt
+.br
+{ssha3-384}  SHA3-384-Password   SHA3 hashed passwords, with a salt
+.br
+{ssha3-512}  SHA3-512-Password   SHA3 hashed passwords, with a salt
 .br
 {nt}         NT-Password         Windows NT hashed passwords
 .br

diff --git a/src/modules/rlm_pap/rlm_pap.c b/src/modules/rlm_pap/rlm_pap.c
@@ -739,12 +739,12 @@ static rlm_rcode_t CC_HINT(nonnull) pap_auth_sha_evp(rlm_pap_t const *inst, REQU
 	uint8_t digest[EVP_MAX_MD_SIZE];
 	unsigned int digest_len;
 
-	RDEBUG("Comparing with \"known-good\" SHA2-Password");
-
 	if (inst->normify) normify(request, vp, 28);
 
 	switch (vp->da->attr) {
 	case FR_SHA2_PASSWORD:
+		RDEBUG("Comparing with \"known-good\" SHA2-Password");
+
 		/*
 		 *	All the SHA-2 algorithms produce digests of different lengths,
 		 *	so it's trivial to determine which EVP_MD to use.
@@ -783,6 +783,7 @@ static rlm_rcode_t CC_HINT(nonnull) pap_auth_sha_evp(rlm_pap_t const *inst, REQU
 
 # ifdef HAVE_EVP_SHA3_512
 	case FR_SHA3_PASSWORD:
+		RDEBUG("Comparing with \"known-good\" SHA3-Password");
 		/*
 		 *	All the SHA-3 algorithms produce digests of different lengths,
 		 *	so it's trivial to determine which EVP_MD to use.
@@ -813,7 +814,7 @@ static rlm_rcode_t CC_HINT(nonnull) pap_auth_sha_evp(rlm_pap_t const *inst, REQU
 			break;
 
 		default:
-			REDEBUG("\"known good\" digest length (%zu) does not match output length of any SHA-2 digests",
+			REDEBUG("\"known good\" digest length (%zu) does not match output length of any SHA-3 digests",
 				vp->vp_length);
 			return RLM_MODULE_INVALID;
 		}