summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--libextra/auth_srp_passwd.c37
1 files changed, 22 insertions, 15 deletions
diff --git a/libextra/auth_srp_passwd.c b/libextra/auth_srp_passwd.c
index 46ccfc1ef2..7504df9963 100644
--- a/libextra/auth_srp_passwd.c
+++ b/libextra/auth_srp_passwd.c
@@ -35,6 +35,9 @@
#include "debug.h"
#include <gnutls_str.h>
#include <gnutls_datum.h>
+#include <gnutls_num.h>
+
+static int _randomize_pwd_entry(SRP_PWD_ENTRY* entry);
/* this function parses tpasswd.conf file. Format is:
* string(username):base64(v):base64(salt):int(index)
@@ -201,7 +204,7 @@ static int pwd_read_conf( const char* pconf_file, SRP_PWD_ENTRY* entry, int inde
while( (line[i]!=':') && (line[i]!='\0') && (i < sizeof(line)) ) {
i++;
}
- if (strncmp( indexstr, line, (i>len)?i:len) == 0) {
+ if (strncmp( indexstr, line, GMAX(i,len)) == 0) {
if ((index = pwd_put_values2( entry, line)) >= 0)
return 0;
else {
@@ -219,7 +222,8 @@ int _gnutls_srp_pwd_read_entry( gnutls_session state, char* username,
const gnutls_srp_server_credentials cred;
FILE * fd;
char line[2*1024];
- uint i, len, ret;
+ uint i, len;
+ int ret;
int index, pwd_index = 0, last_index;
SRP_PWD_ENTRY* entry;
@@ -308,7 +312,7 @@ int _gnutls_srp_pwd_read_entry( gnutls_session state, char* username,
i++;
}
- if (strncmp( username, line, (i>len)?i:len) == 0) {
+ if (strncmp( username, line, GMAX(i,len)) == 0) {
if ((index = pwd_put_values( entry, line)) >= 0) {
/* Keep the last index in memory, so we can retrieve fake parameters (g,n)
* when the user does not exist.
@@ -352,17 +356,22 @@ int _gnutls_srp_pwd_read_entry( gnutls_session state, char* username,
/* Randomizes the given password entry. It actually sets the verifier
* and the salt. Returns 0 on success.
*/
-#define RNDUSER "rnd"
-#define RND_SALT_SIZE 17
-int _randomize_pwd_entry(SRP_PWD_ENTRY* entry) {
- int ret;
-
+static int _randomize_pwd_entry(SRP_PWD_ENTRY* entry)
+{
+char rnduser[64];
+unsigned char rndsuffix[5];
+
if (entry->g.size == 0 || entry->n.size == 0) {
gnutls_assert();
return GNUTLS_E_INTERNAL_ERROR;
}
+
+ _gnutls_get_random( rndsuffix, sizeof(rndsuffix), GNUTLS_WEAK_RANDOM);
+ sprintf( rnduser, "__invalid%x%x%x%x", rndsuffix[0],
+ rndsuffix[1], rndsuffix[2], rndsuffix[3]);
+ entry->salt.size = (rndsuffix[4] % 10) + 7;
- entry->username = gnutls_strdup(RNDUSER);
+ entry->username = gnutls_strdup(rnduser);
if (entry->username == NULL) {
gnutls_assert();
return GNUTLS_E_MEMORY_ERROR;
@@ -375,21 +384,19 @@ int _randomize_pwd_entry(SRP_PWD_ENTRY* entry) {
return GNUTLS_E_MEMORY_ERROR;
}
- _gnutls_get_random( entry->v.data, 20, GNUTLS_WEAK_RANDOM);
+ _gnutls_get_random( entry->v.data, 20, GNUTLS_STRONG_RANDOM);
- entry->salt.size = RND_SALT_SIZE;
-
- entry->salt.data = gnutls_malloc(RND_SALT_SIZE);
+ entry->salt.data = gnutls_malloc( entry->salt.size);
if (entry->salt.data==NULL) {
gnutls_assert();
return GNUTLS_E_MEMORY_ERROR;
}
- if (_gnutls_get_random(entry->salt.data, RND_SALT_SIZE, GNUTLS_WEAK_RANDOM) < 0) {
+ if (_gnutls_get_random(entry->salt.data, entry->salt.size, GNUTLS_WEAK_RANDOM) < 0) {
gnutls_assert();
return GNUTLS_E_MEMORY_ERROR;
}
-
+
return 0;
}