From ff9679b7f42879dde78c4f74682eff63ee152e7c Mon Sep 17 00:00:00 2001 From: George Hazan Date: Fri, 5 Aug 2022 11:59:56 +0300 Subject: fixes #3140 (RFC 9266: Channel Bindings for TLS 1.3 support) --- protocols/JabberG/src/jabber_secur.cpp | 10 +++++----- protocols/JabberG/src/jabber_thread.cpp | 10 +++++----- 2 files changed, 10 insertions(+), 10 deletions(-) (limited to 'protocols/JabberG/src') diff --git a/protocols/JabberG/src/jabber_secur.cpp b/protocols/JabberG/src/jabber_secur.cpp index bbd8a7820a..e3a6dbdc34 100644 --- a/protocols/JabberG/src/jabber_secur.cpp +++ b/protocols/JabberG/src/jabber_secur.cpp @@ -211,14 +211,14 @@ TScramAuth::TScramAuth(ThreadData *info, const char *pszMech, const EVP_MD *pMet priority = iPriority; if ((iPriority % 10) == 1) { - bindFlag = "p=tls-unique,,"; - - int cbLen; - void *pData = Netlib_GetTlsUnique(info->s, cbLen); + int cbLen, tlsVer; + void *pData = Netlib_GetTlsUnique(info->s, cbLen, tlsVer); if (pData == nullptr) bIsValid = false; - else + else { + bindFlag = (tlsVer == 13) ? "p=tls-exporter,," : "p=tls-unique,,"; bindData.append(pData, cbLen); + } } else bindFlag = "n,,"; } diff --git a/protocols/JabberG/src/jabber_thread.cpp b/protocols/JabberG/src/jabber_thread.cpp index ce3c613013..6f2fb75278 100644 --- a/protocols/JabberG/src/jabber_thread.cpp +++ b/protocols/JabberG/src/jabber_thread.cpp @@ -653,23 +653,23 @@ void CJabberProto::OnProcessFeatures(const TiXmlElement *node, ThreadData *info) else if (!mir_strcmp(szMechanism, "SCRAM-SHA-1")) pAuth = new TScramAuth(info, szMechanism, EVP_sha1(), 500); else if (!mir_strcmp(szMechanism, "SCRAM-SHA-1-PLUS")) - pAuth = new TScramAuth(info, szMechanism, EVP_sha1(), 600); + pAuth = new TScramAuth(info, szMechanism, EVP_sha1(), 601); else if (!mir_strcmp(szMechanism, "SCRAM-SHA-224")) pAuth = new TScramAuth(info, szMechanism, EVP_sha224(), 510); else if (!mir_strcmp(szMechanism, "SCRAM-SHA-224-PLUS")) - pAuth = new TScramAuth(info, szMechanism, EVP_sha224(), 610); + pAuth = new TScramAuth(info, szMechanism, EVP_sha224(), 611); else if (!mir_strcmp(szMechanism, "SCRAM-SHA-256")) pAuth = new TScramAuth(info, szMechanism, EVP_sha256(), 520); else if (!mir_strcmp(szMechanism, "SCRAM-SHA-256-PLUS")) - pAuth = new TScramAuth(info, szMechanism, EVP_sha256(), 620); + pAuth = new TScramAuth(info, szMechanism, EVP_sha256(), 621); else if (!mir_strcmp(szMechanism, "SCRAM-SHA-384")) pAuth = new TScramAuth(info, szMechanism, EVP_sha384(), 530); else if (!mir_strcmp(szMechanism, "SCRAM-SHA-384-PLUS")) - pAuth = new TScramAuth(info, szMechanism, EVP_sha384(), 630); + pAuth = new TScramAuth(info, szMechanism, EVP_sha384(), 631); else if (!mir_strcmp(szMechanism, "SCRAM-SHA-512")) pAuth = new TScramAuth(info, szMechanism, EVP_sha512(), 540); else if (!mir_strcmp(szMechanism, "SCRAM-SHA-512-PLUS")) - pAuth = new TScramAuth(info, szMechanism, EVP_sha512(), 640); + pAuth = new TScramAuth(info, szMechanism, EVP_sha512(), 641); else if (!mir_strcmp(szMechanism, "NTLM") || !mir_strcmp(szMechanism, "GSS-SPNEGO") || !mir_strcmp(szMechanism, "GSSAPI")) pAuth = new TNtlmAuth(info, szMechanism); else { -- cgit v1.2.3