SilcBuffer silc_auth_public_key_auth_generate(SilcPublicKey public_key,
SilcPrivateKey private_key,
- SilcHash hash,
+ SilcRng rng, SilcHash hash,
const void *id, SilcIdType type)
{
unsigned char *random;
SILC_LOG_DEBUG(("Generating Authentication Payload with data"));
/* Get 256 bytes of random data */
- random = silc_rng_global_get_rn_data(256);
+ if (rng)
+ random = silc_rng_get_rn_data(rng, 256);
+ else
+ random = silc_rng_global_get_rn_data(256);
if (!random)
return NULL;
case SILC_AUTH_PASSWORD:
/* Passphrase based authentication. The `pkcs', `hash', `id' and `type'
arguments are not needed. */
+ /* Carefully check that the auth_data field of the payload is not empty
+ (len=0), which seems to be a legal packet but would crash the
+ application. Maybe such packet should be dropped. -Johnny 2002/14/4 */
+ if ((payload->auth_len == 0) || !auth_data)
+ break;
+
+ /* if lengths mismatch, avoid comparing unallocated memory locations */
+ if (payload->auth_len != auth_data_len)
+ break;
if (!memcmp(payload->auth_data, auth_data, auth_data_len)) {
- SILC_LOG_DEBUG(("Authentication successful"));
+ SILC_LOG_DEBUG(("Passphrase Authentication successful"));
return TRUE;
}
break;