diff options
author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2004-06-29 09:28:53 +0000 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2004-06-29 09:28:53 +0000 |
commit | 0d2e23c8220c676e035e26bddb0220d4d1d2da19 (patch) | |
tree | e81fa48892e7c6b076622f7b6c1c6e6454e2401c | |
parent | 439198a3692a04e70ef224f6a76a357287e2c72e (diff) | |
download | gnutls-0d2e23c8220c676e035e26bddb0220d4d1d2da19.tar.gz |
Do not free the SRP (n/g) parameters from the callback if they are the static ones defined in extra.h
-rw-r--r-- | libextra/auth_srp.c | 4 | ||||
-rw-r--r-- | libextra/auth_srp.h | 8 | ||||
-rw-r--r-- | libextra/auth_srp_passwd.c | 15 | ||||
-rw-r--r-- | libextra/gnutls_srp.c | 7 |
4 files changed, 26 insertions, 8 deletions
diff --git a/libextra/auth_srp.c b/libextra/auth_srp.c index 750e25bcb4..6ca3bd155c 100644 --- a/libextra/auth_srp.c +++ b/libextra/auth_srp.c @@ -407,7 +407,9 @@ int _gnutls_proc_srp_client_kx(gnutls_session_t session, opaque * data, -/* Static parameters according to draft-ietf-tls-srp-05 +/* Static parameters according to draft-ietf-tls-srp-07 + * Note that if more parameters are added check_g_n() + * and _gnutls_srp_entry_free() should be changed. */ static const unsigned char srp_params_1024[] = { 0xEE, 0xAF, 0x0A, 0xB9, 0xAD, 0xB3, 0x8D, 0xD6, diff --git a/libextra/auth_srp.h b/libextra/auth_srp.h index 7060277204..992cf9247c 100644 --- a/libextra/auth_srp.h +++ b/libextra/auth_srp.h @@ -36,6 +36,14 @@ typedef struct srp_server_auth_info_st { char username[MAX_SRP_USERNAME]; } *srp_server_auth_info_t; +extern const gnutls_datum_t gnutls_srp_1024_group_prime; +extern const gnutls_datum_t gnutls_srp_1024_group_generator; +extern const gnutls_datum_t gnutls_srp_1536_group_prime; +extern const gnutls_datum_t gnutls_srp_1536_group_generator; +extern const gnutls_datum_t gnutls_srp_2048_group_prime; +extern const gnutls_datum_t gnutls_srp_2048_group_generator; + + #ifdef ENABLE_SRP int _gnutls_proc_srp_server_hello(gnutls_session_t state, diff --git a/libextra/auth_srp_passwd.c b/libextra/auth_srp_passwd.c index 037b1cb232..26021c581b 100644 --- a/libextra/auth_srp_passwd.c +++ b/libextra/auth_srp_passwd.c @@ -253,7 +253,7 @@ int _gnutls_srp_pwd_read_entry(gnutls_session_t state, char *username, ret = cred->pwd_callback(state, username, &entry->salt, &entry->v, &entry->g, &entry->n); - if (ret == 1) { /* the user does not exist */ + if (ret == 1) { /* the user does not exist */ if (entry->g.size != 0 && entry->n.size != 0) { ret = _randomize_pwd_entry(entry); if (ret < 0) { @@ -384,13 +384,22 @@ static int _randomize_pwd_entry(SRP_PWD_ENTRY * entry) return 0; } +/* Free all the entry parameters, except if g and n are + * the static ones defined in extra.h + */ void _gnutls_srp_entry_free(SRP_PWD_ENTRY * entry) { _gnutls_free_datum(&entry->v); - _gnutls_free_datum(&entry->g); - _gnutls_free_datum(&entry->n); _gnutls_free_datum(&entry->salt); + if (entry->g.data != gnutls_srp_1024_group_generator.data) + _gnutls_free_datum(&entry->g); + + if (entry->n.data != gnutls_srp_1024_group_prime.data && + entry->n.data != gnutls_srp_1536_group_prime.data && + entry->n.data != gnutls_srp_2048_group_prime.data) + _gnutls_free_datum(&entry->n); + gnutls_free(entry->username); gnutls_free(entry); } diff --git a/libextra/gnutls_srp.c b/libextra/gnutls_srp.c index 1336cd542a..cc4a097dee 100644 --- a/libextra/gnutls_srp.c +++ b/libextra/gnutls_srp.c @@ -544,7 +544,8 @@ int gnutls_srp_set_server_credentials_file(gnutls_srp_server_credentials_t * * @username contains the actual username. * The @salt, @verifier, @generator and @prime must be filled - * in using the gnutls_malloc(). + * in using the gnutls_malloc(). For convenience @prime and @generator + * may also be one of the static parameters defined in extra.h. * * In case the callback returned a negative number then gnutls will * assume that the username does not exist. @@ -561,9 +562,7 @@ int gnutls_srp_set_server_credentials_file(gnutls_srp_server_credentials_t **/ void gnutls_srp_set_server_credentials_function(gnutls_srp_server_credentials_t - cred, - gnutls_srp_server_credentials_function - * func) + cred, gnutls_srp_server_credentials_function * func) { cred->pwd_callback = func; } |