diff options
author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2019-05-27 15:16:52 +0200 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2019-05-28 16:43:33 +0200 |
commit | 230a39a73aca2d40626d576e5f537a04b045beee (patch) | |
tree | fce29d6595a1efd78c8b54d50ee1027f6b0f2d3c | |
parent | b64627cdaeb74afc109d9ae38a18c0b6909be59b (diff) | |
download | gnutls-230a39a73aca2d40626d576e5f537a04b045beee.tar.gz |
Remove malloc from gnutls_srp_set_server_fake_salt_seed()tmp-datum-cleanup
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
-rw-r--r-- | lib/auth/srp_kx.h | 6 | ||||
-rw-r--r-- | lib/auth/srp_passwd.c | 4 | ||||
-rw-r--r-- | lib/srp.c | 26 |
3 files changed, 18 insertions, 18 deletions
diff --git a/lib/auth/srp_kx.h b/lib/auth/srp_kx.h index e4431ee28e..ebe1477e02 100644 --- a/lib/auth/srp_kx.h +++ b/lib/auth/srp_kx.h @@ -25,6 +25,8 @@ #include <auth.h> +#define MAX_FAKE_SALT_SEED_SIZE 64 + typedef struct gnutls_srp_client_credentials_st { char *username; char *password; @@ -38,7 +40,9 @@ typedef struct gnutls_srp_server_credentials_st { * password files. */ gnutls_srp_server_credentials_function *pwd_callback; - gnutls_datum_t fake_salt_seed; + unsigned char fake_salt_seed[MAX_FAKE_SALT_SEED_SIZE]; + unsigned int fake_salt_seed_size; + unsigned int fake_salt_length; } srp_server_cred_st; diff --git a/lib/auth/srp_passwd.c b/lib/auth/srp_passwd.c index 6902be3d26..6cd3f7e524 100644 --- a/lib/auth/srp_passwd.c +++ b/lib/auth/srp_passwd.c @@ -418,8 +418,8 @@ static int _randomize_pwd_entry(SRP_PWD_ENTRY * entry, return GNUTLS_E_MEMORY_ERROR; } - ret = _gnutls_mac_init(&ctx, me, sc->fake_salt_seed.data, - sc->fake_salt_seed.size); + ret = _gnutls_mac_init(&ctx, me, sc->fake_salt_seed, + sc->fake_salt_seed_size); if (ret < 0) { gnutls_assert(); @@ -501,7 +501,6 @@ void gnutls_srp_free_server_credentials(gnutls_srp_server_credentials_t sc) { gnutls_free(sc->password_file); gnutls_free(sc->password_conf_file); - _gnutls_free_datum(&sc->fake_salt_seed); gnutls_free(sc); } @@ -537,17 +536,9 @@ gnutls_srp_allocate_server_credentials(gnutls_srp_server_credentials_t * if (*sc == NULL) return GNUTLS_E_MEMORY_ERROR; - (*sc)->fake_salt_seed.size = DEFAULT_FAKE_SALT_SEED_SIZE; - (*sc)->fake_salt_seed.data = gnutls_malloc( - DEFAULT_FAKE_SALT_SEED_SIZE); - if ((*sc)->fake_salt_seed.data == NULL) { - ret = GNUTLS_E_MEMORY_ERROR; - gnutls_assert(); - goto cleanup; - } - - ret = gnutls_rnd(GNUTLS_RND_RANDOM, (*sc)->fake_salt_seed.data, - DEFAULT_FAKE_SALT_SEED_SIZE); + (*sc)->fake_salt_seed_size = DEFAULT_FAKE_SALT_SEED_SIZE; + ret = gnutls_rnd(GNUTLS_RND_RANDOM, (*sc)->fake_salt_seed, + DEFAULT_FAKE_SALT_SEED_SIZE); if (ret < 0) { gnutls_assert(); @@ -558,7 +549,6 @@ gnutls_srp_allocate_server_credentials(gnutls_srp_server_credentials_t * return 0; cleanup: - _gnutls_free_datum(&(*sc)->fake_salt_seed); gnutls_free(*sc); return ret; } @@ -841,8 +831,14 @@ gnutls_srp_set_server_fake_salt_seed(gnutls_srp_server_credentials_t cred, const gnutls_datum_t * seed, unsigned int salt_length) { - _gnutls_free_datum(&cred->fake_salt_seed); - _gnutls_set_datum(&cred->fake_salt_seed, seed->data, seed->size); + unsigned seed_size = seed->size; + const unsigned char *seed_data = seed->data; + + if (seed_size > sizeof(cred->fake_salt_seed)) + seed_size = sizeof(cred->fake_salt_seed); + + memcpy(cred->fake_salt_seed, seed_data, seed_size); + cred->fake_salt_seed_size = seed_size; /* Cap the salt length at the output size of the MAC algorithm * we are using to generate the fake salts. |