Hi! The current version of the Perl module contains a bug concerning the message authenticator calculation for ACCESS_CHALLENGE replies (this type is missing in the list of reply packet types).
The following diff fixes the problem.
I also reported the bug upstream, so hopefully there will be a new version of
Data::Radius soon.
Index: Makefile
===================================================================
RCS file: /mount/cvsdev/openbsd/cvs/ports/net/p5-Data-Radius/Makefile,v
diff -u -p -r1.1.1.1 Makefile
--- Makefile 3 Feb 2025 17:43:21 -0000 1.1.1.1
+++ Makefile 4 Feb 2025 13:04:28 -0000
@@ -2,6 +2,8 @@ COMMENT = module to encode/decode RADIUS
DISTNAME = Data-Radius-1.2.8
+REVISION = 1
+
CATEGORIES = net
# Artistic 2.0
Index: patches/patch-lib_Data_Radius_Packet_pm
===================================================================
RCS file: patches/patch-lib_Data_Radius_Packet_pm
diff -N patches/patch-lib_Data_Radius_Packet_pm
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ patches/patch-lib_Data_Radius_Packet_pm 4 Feb 2025 13:04:11 -0000
@@ -0,0 +1,11 @@
+--- lib/Data/Radius/Packet.pm.orig Mon Jul 15 17:27:39 2024
++++ lib/Data/Radius/Packet.pm Tue Feb 4 11:01:36 2025
+@@ -31,7 +31,7 @@ use constant {
+ };
+ use constant ATTR_MSG_AUTH_ZERO => pack('C C', ATTR_MSG_AUTH,
ATTR_MSG_AUTH_LEN) . ("\x0" x (ATTR_MSG_AUTH_LEN - 2));
+
+-my %IS_REPLY = map { $_ => 1 } (ACCESS_ACCEPT, ACCESS_REJECT,
DISCONNECT_ACCEPT, DISCONNECT_REJECT, COA_ACCEPT, COA_REJECT);
++my %IS_REPLY = map { $_ => 1 } (ACCESS_ACCEPT, ACCESS_CHALLENGE,
ACCESS_REJECT, DISCONNECT_ACCEPT, DISCONNECT_REJECT, COA_ACCEPT, COA_REJECT);
+ my %IS_REQUEST = map { $_ => 1 } (ACCESS_REQUEST, ACCOUNTING_REQUEST,
DISCONNECT_REQUEST, COA_REQUEST);
+
+ my %IS_ACCOUNTING = map { $_ => 1 } (ACCOUNTING_REQUEST, ACCOUNTING_RESPONSE);
smime.p7s
Description: S/MIME cryptographic signature
