X-Git-Url: http://git.silcnet.org/gitweb/?p=silc.git;a=blobdiff_plain;f=lib%2Fsilcske%2Fsilcske.c;h=2fd4e0107ea646bea7f2fe87dabc7d29830a80a6;hp=4fd34f780c840b044f56b68d95f36f7f02c30774;hb=382d15d447b7a95390decfa783836ae4fe255b3d;hpb=3cf38201f9ffaad2da53757ed48a5546e1d03636 diff --git a/lib/silcske/silcske.c b/lib/silcske/silcske.c index 4fd34f78..2fd4e010 100644 --- a/lib/silcske/silcske.c +++ b/lib/silcske/silcske.c @@ -111,6 +111,8 @@ void silc_ske_free(SilcSKE ske) } silc_free(ske->hash); silc_free(ske->callbacks); + + memset(ske, 'F', sizeof(*ske)); silc_free(ske); } } @@ -389,6 +391,7 @@ SilcSKEStatus silc_ske_initiator_phase_2(SilcSKE ske, silc_free(x); silc_mp_uninit(&payload->x); silc_free(payload); + ske->ke1_payload = NULL; ske->status = SILC_SKE_STATUS_OK; return ske->status; } @@ -398,7 +401,7 @@ SilcSKEStatus silc_ske_initiator_phase_2(SilcSKE ske, /* Compute signature data if we are doing mutual authentication */ if (private_key && ske->start_payload->flags & SILC_SKE_SP_FLAG_MUTUAL) { - unsigned char hash[32], sign[2048]; + unsigned char hash[32], sign[2048 + 1]; SilcUInt32 hash_len, sign_len; SILC_LOG_DEBUG(("We are doing mutual authentication")); @@ -420,6 +423,7 @@ SilcSKEStatus silc_ske_initiator_phase_2(SilcSKE ske, silc_mp_uninit(&payload->x); silc_free(payload->pk_data); silc_free(payload); + ske->ke1_payload = NULL; ske->status = SILC_SKE_STATUS_SIGNATURE_ERROR; return ske->status; } @@ -435,7 +439,9 @@ SilcSKEStatus silc_ske_initiator_phase_2(SilcSKE ske, silc_free(x); silc_mp_uninit(&payload->x); silc_free(payload->pk_data); + silc_free(payload->sign_data); silc_free(payload); + ske->ke1_payload = NULL; ske->status = status; return status; } @@ -1016,7 +1022,7 @@ SilcSKEStatus silc_ske_responder_finish(SilcSKE ske, SilcSKEStatus status = SILC_SKE_STATUS_OK; SilcBuffer payload_buf; SilcMPInt *KEY; - unsigned char hash[32], sign[2048], *pk; + unsigned char hash[32], sign[2048 + 1], *pk; SilcUInt32 hash_len, sign_len, pk_len; SILC_LOG_DEBUG(("Start")); @@ -1181,7 +1187,7 @@ silc_ske_assemble_security_properties(SilcSKE ske, /* Set random cookie */ rp->cookie = silc_calloc(SILC_SKE_COOKIE_LEN, sizeof(*rp->cookie)); for (i = 0; i < SILC_SKE_COOKIE_LEN; i++) - rp->cookie[i] = silc_rng_get_byte(ske->rng); + rp->cookie[i] = silc_rng_get_byte_fast(ske->rng); rp->cookie_len = SILC_SKE_COOKIE_LEN; /* Put version */ @@ -1210,8 +1216,8 @@ silc_ske_assemble_security_properties(SilcSKE ske, /* XXX */ /* Get supported compression algorithms */ - rp->comp_alg_list = strdup(""); - rp->comp_alg_len = 0; + rp->comp_alg_list = strdup("none"); + rp->comp_alg_len = strlen("none"); rp->len = 1 + 1 + 2 + SILC_SKE_COOKIE_LEN + 2 + rp->version_len + @@ -1537,9 +1543,8 @@ silc_ske_select_security_properties(SilcSKE ske, payload->hmac_alg_list = strdup(rp->hmac_alg_list); } -#if 0 /* Get supported compression algorithms */ - cp = rp->hash_alg_list; + cp = rp->comp_alg_list; if (cp && strchr(cp, ',')) { while(cp) { char *item; @@ -1548,15 +1553,23 @@ silc_ske_select_security_properties(SilcSKE ske, item = silc_calloc(len + 1, sizeof(char)); memcpy(item, cp, len); - SILC_LOG_DEBUG(("Proposed hash alg `%s'", item)); + SILC_LOG_DEBUG(("Proposed Compression `%s'", item)); - if (silc_hash_is_supported(item) == TRUE) { - SILC_LOG_DEBUG(("Found hash alg `%s'", item)); - - payload->hash_alg_len = len; - payload->hash_alg_list = item; +#if 1 + if (!strcmp(item, "none")) { + SILC_LOG_DEBUG(("Found Compression `%s'", item)); + payload->comp_alg_len = len; + payload->comp_alg_list = item; + break; + } +#else + if (silc_hmac_is_supported(item) == TRUE) { + SILC_LOG_DEBUG(("Found Compression `%s'", item)); + payload->comp_alg_len = len; + payload->comp_alg_list = item; break; } +#endif cp += len; if (strlen(cp) == 0) @@ -1567,20 +1580,7 @@ silc_ske_select_security_properties(SilcSKE ske, if (item) silc_free(item); } - - if (!payload->hash_alg_len && !payload->hash_alg_list) { - SILC_LOG_DEBUG(("Could not find supported hash alg")); - silc_ske_abort(ske, SILC_SKE_STATUS_UNKNOWN_HASH_FUNCTION); - silc_free(payload->ke_grp_list); - silc_free(payload->pkcs_alg_list); - silc_free(payload->enc_alg_list); - silc_free(payload); - return; - } - } else { - } -#endif payload->len = 1 + 1 + 2 + SILC_SKE_COOKIE_LEN + 2 + payload->version_len + @@ -1600,16 +1600,22 @@ static SilcSKEStatus silc_ske_create_rnd(SilcSKE ske, SilcMPInt *n, { SilcSKEStatus status = SILC_SKE_STATUS_OK; unsigned char *string; + SilcUInt32 l; + + if (!len) + return SILC_SKE_STATUS_ERROR; SILC_LOG_DEBUG(("Creating random number")); + l = ((len - 1) / 8); + /* Get the random number as string */ - string = silc_rng_get_rn_data(ske->rng, ((len - 1) / 8)); + string = silc_rng_get_rn_data(ske->rng, l); if (!string) return SILC_SKE_STATUS_OUT_OF_MEMORY; /* Decode the string into a MP integer */ - silc_mp_bin2mp(string, ((len - 1) / 8), rnd); + silc_mp_bin2mp(string, l, rnd); silc_mp_mod_2exp(rnd, rnd, len); /* Checks */ @@ -1618,7 +1624,7 @@ static SilcSKEStatus silc_ske_create_rnd(SilcSKE ske, SilcMPInt *n, if (silc_mp_cmp(rnd, n) >= 0) status = SILC_SKE_STATUS_ERROR; - memset(string, 'F', (len / 8)); + memset(string, 'F', l); silc_free(string); return status;