diff options
author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2016-11-09 10:53:40 +0100 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2016-11-20 17:31:49 +0100 |
commit | 10add41089567006fe74ff5639fdbbdffe9d4b8f (patch) | |
tree | 69960b9ccdb36a2ffa534e5c51245927cd97b2b2 | |
parent | a91e235895e0f12a9fa4f8178f126444fbcb1364 (diff) | |
download | gnutls-10add41089567006fe74ff5639fdbbdffe9d4b8f.tar.gz |
_gnutls_calc_srp_sha: normalize the password prior to use
-rw-r--r-- | lib/srp.c | 23 |
1 files changed, 18 insertions, 5 deletions
@@ -1,5 +1,6 @@ /* - * Copyright (C) 2001-2012 Free Software Foundation, Inc. + * Copyright (C) 2001-2016 Free Software Foundation, Inc. + * Copyright (C) 2015-2016 Red Hat, Inc. * * Author: Nikos Mavrogiannopoulos * @@ -285,7 +286,7 @@ error: * The output is exactly 20 bytes */ static int -_gnutls_calc_srp_sha(const char *username, const char *password, +_gnutls_calc_srp_sha(const char *username, const char *_password, uint8_t * salt, int salt_size, size_t * size, void *digest) { @@ -293,12 +294,20 @@ _gnutls_calc_srp_sha(const char *username, const char *password, uint8_t res[MAX_HASH_SIZE]; int ret; const mac_entry_st *me = mac_to_entry(GNUTLS_MAC_SHA1); + char *password; + gnutls_datum_t pout; *size = 20; + ret = _gnutls_utf8_password_normalize(_password, strlen(_password), &pout); + if (ret < 0) + return gnutls_assert_val(ret); + password = (char*)pout.data; + ret = _gnutls_hash_init(&td, me); if (ret < 0) { - return GNUTLS_E_MEMORY_ERROR; + ret = GNUTLS_E_MEMORY_ERROR; + goto cleanup; } _gnutls_hash(&td, username, strlen(username)); _gnutls_hash(&td, ":", 1); @@ -308,15 +317,19 @@ _gnutls_calc_srp_sha(const char *username, const char *password, ret = _gnutls_hash_init(&td, me); if (ret < 0) { - return GNUTLS_E_MEMORY_ERROR; + ret = GNUTLS_E_MEMORY_ERROR; + goto cleanup; } _gnutls_hash(&td, salt, salt_size); _gnutls_hash(&td, res, 20); /* 20 bytes is the output of sha1 */ _gnutls_hash_deinit(&td, digest); + ret = 0; - return 0; + cleanup: + gnutls_free(password); + return ret; } int |