← Back to branch summary

~nutznboltz-deactivatedaccount/ubuntu/precise/gnutls26/fix-lp926350

« back to all changes in this revision

Viewing changes to lib/auth_srp.c

  • Committer: Package Import Robot
  • Author(s): Andreas Metzler
  • Date: 2011-10-01 15:28:13 UTC
  • mfrom: (12.1.20 sid)
  • Revision ID: package-import@ubuntu.com-20111001152813-yygm1c4cxonfxhzy
Tags: 2.12.11-1
http://bugs.debian.org/640639
* New upstream version.
  + Allow CA importing of 0 certificates to succeed. Closes: #640639
* Add libp11-kit-dev to libgnutls-dev dependencies. (see #643811)
* [20_guiledocstring.diff] guile: Fix docstring extraction with CPP 4.5+.

Show diffs side-by-side

added added

removed removed

Lines of Context:
lib/auth_srp.c
36
36
#include "auth_srp.h"
37
37
#include <gnutls_str.h>
38
38
#include <gnutls_datum.h>
 
39
#include <ext_srp.h>
39
40
 
40
41
const mod_auth_st srp_auth_struct = {
41
42
  "SRP",
47
48
  NULL,
48
49
 
49
50
  NULL,
50
 
  NULL,                         /* certificate */
 
51
  NULL,                         /* certificate */
51
52
  _gnutls_proc_srp_server_kx,
52
53
  _gnutls_proc_srp_client_kx,
53
54
  NULL,
142
143
  size_t n_b, tmp_size;
143
144
  char buf[64];
144
145
  uint8_t *data_b;
 
146
  extension_priv_data_t epriv;
 
147
  srp_ext_st *priv;
 
148
 
 
149
  ret = _gnutls_ext_get_session_data (session, GNUTLS_EXTENSION_SRP, &epriv);
 
150
  if (ret < 0)                  /* peer didn't send a username */
 
151
    {
 
152
      gnutls_assert ();
 
153
      return GNUTLS_E_UNKNOWN_SRP_USERNAME;
 
154
    }
 
155
  priv = epriv.ptr;
145
156
 
146
157
  if ((ret =
147
158
       _gnutls_auth_info_set (session, GNUTLS_CRD_SRP,
148
 
                              sizeof (srp_server_auth_info_st), 1)) < 0)
 
159
                              sizeof (srp_server_auth_info_st), 1)) < 0)
149
160
    {
150
161
      gnutls_assert ();
151
162
      return ret;
154
165
  info = _gnutls_get_auth_info (session);
155
166
  username = info->username;
156
167
 
157
 
  _gnutls_str_cpy (username, MAX_SRP_USERNAME,
158
 
                   session->security_parameters.extensions.srp_username);
 
168
  _gnutls_str_cpy (username, MAX_USERNAME_SIZE, priv->username);
159
169
 
160
170
  ret = _gnutls_srp_pwd_read_entry (session, username, &pwd_entry);
161
171
 
196
206
      return GNUTLS_E_MEMORY_ERROR;
197
207
    }
198
208
 
199
 
  if (_gnutls_mpi_print (B, NULL, &n_b) != 0)
 
209
  if (_gnutls_mpi_print (B, NULL, &n_b) != GNUTLS_E_SHORT_MEMORY_BUFFER)
200
210
    {
201
211
      gnutls_assert ();
202
212
      return GNUTLS_E_MPI_PRINT_FAILED;
207
217
   */
208
218
 
209
219
  data_size = (pwd_entry->n.size + 2 + pwd_entry->g.size + 2 +
210
 
               pwd_entry->salt.size + 1) + (n_b + 2);
 
220
               pwd_entry->salt.size + 1) + (n_b + 2);
211
221
 
212
222
  (*data) = gnutls_malloc (data_size);
213
223
  if ((*data) == NULL)
247
257
  _gnutls_write_uint16 (n_b, data_b);
248
258
 
249
259
  _gnutls_hard_log ("INT: SRP B[%d]: %s\n", (int) n_b,
250
 
                    _gnutls_bin2hex (&data_b[2], n_b, buf, sizeof (buf)));
 
260
                    _gnutls_bin2hex (&data_b[2], n_b, buf, sizeof (buf),
 
261
                                     NULL));
251
262
 
252
263
  _gnutls_srp_entry_free (pwd_entry);
253
264
 
264
275
  char *username, *password;
265
276
  char buf[64];
266
277
  gnutls_srp_client_credentials_t cred;
 
278
  extension_priv_data_t epriv;
 
279
  srp_ext_st *priv;
267
280
 
 
281
  ret = _gnutls_ext_get_session_data (session, GNUTLS_EXTENSION_SRP, &epriv);
 
282
  if (ret < 0)                  /* peer didn't send a username */
 
283
    {
 
284
      gnutls_assert ();
 
285
      return GNUTLS_E_UNKNOWN_SRP_USERNAME;
 
286
    }
 
287
  priv = epriv.ptr;
268
288
 
269
289
  cred = (gnutls_srp_client_credentials_t)
270
290
    _gnutls_get_cred (session->key, GNUTLS_CRD_SRP, NULL);
275
295
      return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
276
296
    }
277
297
 
278
 
  if (session->internals.srp_username == NULL)
 
298
  if (priv->username == NULL)
279
299
    {
280
300
      username = cred->username;
281
301
      password = cred->password;
282
302
    }
283
303
  else
284
304
    {
285
 
      username = session->internals.srp_username;
286
 
      password = session->internals.srp_password;
 
305
 
 
306
      username = priv->username;
 
307
      password = priv->password;
287
308
    }
288
309
 
289
310
  if (username == NULL || password == NULL)
344
365
      return ret;
345
366
    }
346
367
 
347
 
  if (_gnutls_mpi_print (A, NULL, &n_a) != 0)
 
368
  if (_gnutls_mpi_print (A, NULL, &n_a) != GNUTLS_E_SHORT_MEMORY_BUFFER)
348
369
    {
349
370
      gnutls_assert ();
350
371
      return GNUTLS_E_MPI_PRINT_FAILED;
366
387
    }
367
388
 
368
389
  _gnutls_hard_log ("INT: SRP A[%d]: %s\n", (int) n_a,
369
 
                    _gnutls_bin2hex (&data_a[2], n_a, buf, sizeof (buf)));
 
390
                    _gnutls_bin2hex (&data_a[2], n_a, buf, sizeof (buf),
 
391
                                     NULL));
370
392
 
371
393
  _gnutls_mpi_release (&A);
372
394
 
379
401
/* just read A and put it to session */
380
402
int
381
403
_gnutls_proc_srp_client_kx (gnutls_session_t session, opaque * data,
382
 
                            size_t _data_size)
 
404
                            size_t _data_size)
383
405
{
384
406
  size_t _n_A;
385
407
  ssize_t data_size = _data_size;
601
623
  int ret;
602
624
 
603
625
  if (_gnutls_mpi_get_nbits (n) < (session->internals.srp_prime_bits
604
 
                                   ? session->internals.srp_prime_bits
605
 
                                   : 2048))
 
626
                                   ? session->internals.srp_prime_bits
 
627
                                   : 2048))
606
628
    {
607
629
      gnutls_assert ();
608
630
      return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER;
702
724
 */
703
725
int
704
726
_gnutls_proc_srp_server_kx (gnutls_session_t session, opaque * data,
705
 
                            size_t _data_size)
 
727
                            size_t _data_size)
706
728
{
707
729
  uint8_t n_s;
708
730
  uint16_t n_g, n_n, n_b;
716
738
  char *username, *password;
717
739
  ssize_t data_size = _data_size;
718
740
  gnutls_srp_client_credentials_t cred;
 
741
  extension_priv_data_t epriv;
 
742
  srp_ext_st *priv;
 
743
 
 
744
  ret = _gnutls_ext_get_session_data (session, GNUTLS_EXTENSION_SRP, &epriv);
 
745
  if (ret < 0)
 
746
    {
 
747
      gnutls_assert ();
 
748
      return GNUTLS_E_UNKNOWN_SRP_USERNAME;
 
749
    }
 
750
  priv = epriv.ptr;
719
751
 
720
752
  cred = (gnutls_srp_client_credentials_t)
721
753
    _gnutls_get_cred (session->key, GNUTLS_CRD_SRP, NULL);
726
758
      return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
727
759
    }
728
760
 
729
 
  if (session->internals.srp_username == NULL)
 
761
  if (priv->username == NULL)
730
762
    {
731
763
      username = cred->username;
732
764
      password = cred->password;
733
765
    }
734
766
  else
735
767
    {
736
 
      username = session->internals.srp_username;
737
 
      password = session->internals.srp_password;
 
768
      username = priv->username;
 
769
      password = priv->password;
738
770
    }
739
771
 
740
772
  if (username == NULL || password == NULL)
817
849
    {
818
850
      _gnutls_x509_log ("Checking the SRP group parameters.\n");
819
851
      if ((ret = group_check_g_n (session, G, N)) < 0)
820
 
        {
821
 
          gnutls_assert ();
822
 
          return ret;
823
 
        }
 
852
        {
 
853
          gnutls_assert ();
 
854
          return ret;
 
855
        }
824
856
    }
825
857
 
826
858
  /* Checks if b % n == 0
837
869
   */
838
870
  if ((ret =
839
871
       _gnutls_calc_srp_x (username, password, (opaque *) data_s, n_s,
840
 
                           &_n_g, hd)) < 0)
 
872
                           &_n_g, hd)) < 0)
841
873
    {
842
874
      gnutls_assert ();
843
875
      return ret;
850
882
    }
851
883
 
852
884
 
853
 
  return i;                     /* return the processed data
854
 
                                 * needed in auth_srp_rsa.
855
 
                                 */
 
885
  return i;                     /* return the processed data
 
886
                                 * needed in auth_srp_rsa.
 
887
                                 */
856
888
}
857
889
 
858
890
#endif /* ENABLE_SRP */