diff options
| author | George Hazan <ghazan@miranda.im> | 2020-08-01 20:04:13 +0300 |
|---|---|---|
| committer | George Hazan <ghazan@miranda.im> | 2020-08-01 20:04:13 +0300 |
| commit | a0a533448ea54ed18535687af264b792bd8d83b2 (patch) | |
| tree | 9a1147c5faaea93eec6643cc99f0165e866d0640 /protocols/JabberG/src/jabber_secur.cpp | |
| parent | 2d499d1b1dfb1812f2d441c5e9c6de36df0c2ec8 (diff) | |
fixes #2506 (Jabber: crash or disfunction of SCRAM/SHA256/SHA512 auth)
Diffstat (limited to 'protocols/JabberG/src/jabber_secur.cpp')
| -rw-r--r-- | protocols/JabberG/src/jabber_secur.cpp | 50 |
1 files changed, 26 insertions, 24 deletions
diff --git a/protocols/JabberG/src/jabber_secur.cpp b/protocols/JabberG/src/jabber_secur.cpp index a4f21a7d77..fa55ce43a5 100644 --- a/protocols/JabberG/src/jabber_secur.cpp +++ b/protocols/JabberG/src/jabber_secur.cpp @@ -230,20 +230,20 @@ TScramAuth::~TScramAuth() mir_free(serverSignature);
}
-void TScramAuth::Hi(BYTE* res, char* passw, size_t passwLen, char* salt, size_t saltLen, int ind)
+void TScramAuth::Hi(BYTE *res, char *passw, size_t passwLen, char *salt, size_t saltLen, int ind)
{
size_t bufLen = saltLen + sizeof(UINT32);
- BYTE *u = (BYTE*)_alloca(max(bufLen, MIR_SHA1_HASH_SIZE));
+ BYTE *u = (BYTE*)_alloca(max(bufLen, EVP_MAX_MD_SIZE));
memcpy(u, salt, saltLen); *(UINT32*)(u + saltLen) = htonl(1);
- memset(res, 0, MIR_SHA1_HASH_SIZE);
+ memset(res, 0, EVP_MAX_MD_SIZE);
for (int i = 0; i < ind; i++) {
unsigned int len;
HMAC(hashMethod, (BYTE*)passw, (unsigned)passwLen, u, (unsigned)bufLen, u, &len);
- bufLen = MIR_SHA1_HASH_SIZE;
+ bufLen = hashMethod->md_size;
- for (unsigned j = 0; j < MIR_SHA1_HASH_SIZE; j++)
+ for (int j = 0; j < hashMethod->md_size; j++)
res[j] ^= u[j];
}
}
@@ -290,38 +290,40 @@ char* TScramAuth::getChallenge(const char *challenge) if (snonce == nullptr || salt == nullptr || ind == -1)
return nullptr;
- BYTE saltedPassw[MIR_SHA1_HASH_SIZE];
+ BYTE saltedPassw[EVP_MAX_MD_SIZE];
Hi(saltedPassw, info->conn.password, mir_strlen(info->conn.password), salt, saltLen, ind);
- BYTE clientKey[MIR_SHA1_HASH_SIZE];
+ BYTE clientKey[EVP_MAX_MD_SIZE];
unsigned int len;
- HMAC(hashMethod, saltedPassw, sizeof(saltedPassw), (BYTE*)"Client Key", 10, clientKey, &len);
+ HMAC(hashMethod, saltedPassw, hashMethod->md_size, (BYTE*)"Client Key", 10, clientKey, &len);
- BYTE storedKey[MIR_SHA1_HASH_SIZE];
+ BYTE storedKey[EVP_MAX_MD_SIZE], md[EVP_MAX_MD_SIZE];
- mir_sha1_ctx ctx;
- mir_sha1_init(&ctx);
- mir_sha1_append(&ctx, clientKey, MIR_SHA1_HASH_SIZE);
- mir_sha1_finish(&ctx, storedKey);
+ EVP_MD_CTX pctx = {};
+ pctx.digest = hashMethod;
+ pctx.md_data = md;
+ hashMethod->init(&pctx);
+ hashMethod->update(&pctx, clientKey, hashMethod->md_size);
+ hashMethod->final(&pctx, storedKey);
CMStringA authmsg(FORMAT, "%s,%s,c=%s,r=%s", msg1, chl.get(), cbd.get(), snonce.get());
- BYTE clientSig[MIR_SHA1_HASH_SIZE];
- HMAC(hashMethod, storedKey, sizeof(storedKey), (BYTE*)authmsg.c_str(), authmsg.GetLength(), clientSig, &len);
+ BYTE clientSig[EVP_MAX_MD_SIZE];
+ HMAC(hashMethod, storedKey, hashMethod->md_size, (BYTE*)authmsg.c_str(), authmsg.GetLength(), clientSig, &len);
- BYTE clientProof[MIR_SHA1_HASH_SIZE];
- for (unsigned j = 0; j < sizeof(clientKey); j++)
+ BYTE clientProof[EVP_MAX_MD_SIZE];
+ for (int j = 0; j < hashMethod->md_size; j++)
clientProof[j] = clientKey[j] ^ clientSig[j];
/* Calculate the server signature */
- BYTE serverKey[MIR_SHA1_HASH_SIZE];
- HMAC(hashMethod, saltedPassw, sizeof(saltedPassw), (BYTE*)"Server Key", 10, serverKey, &len);
+ BYTE serverKey[EVP_MAX_MD_SIZE];
+ HMAC(hashMethod, saltedPassw, hashMethod->md_size, (BYTE*)"Server Key", 10, serverKey, &len);
- BYTE srvSig[MIR_SHA1_HASH_SIZE];
- HMAC(hashMethod, serverKey, sizeof(serverKey), (BYTE*)authmsg.c_str(), authmsg.GetLength(), srvSig, &len);
- serverSignature = mir_base64_encode(srvSig, sizeof(srvSig));
+ BYTE srvSig[EVP_MAX_MD_SIZE];
+ HMAC(hashMethod, serverKey, hashMethod->md_size, (BYTE*)authmsg.c_str(), authmsg.GetLength(), srvSig, &len);
+ serverSignature = mir_base64_encode(srvSig, hashMethod->md_size);
- ptrA encproof(mir_base64_encode(clientProof, sizeof(clientProof)));
+ ptrA encproof(mir_base64_encode(clientProof, hashMethod->md_size));
CMStringA buf(FORMAT, "c=%s,r=%s,p=%s", cbd.get(), snonce.get(), encproof.get());
return mir_base64_encode(buf, buf.GetLength());
}
@@ -357,7 +359,7 @@ char* TPlainAuth::getInitialRequest() /////////////////////////////////////////////////////////////////////////////////////////
// basic type
-TJabberAuth::TJabberAuth(ThreadData* pInfo, const char *pszMech) :
+TJabberAuth::TJabberAuth(ThreadData *pInfo, const char *pszMech) :
info(pInfo),
szName(mir_strdup(pszMech))
{
|