struct _auth_chunk ho = {0};
unsigned long rc;
serializer_t srl;
- int datasize = strlen(uid) + strlen(pass) + strlen(nonce) +
+ size_t datasize = strlen(uid) + strlen(pass) + strlen(nonce) +
4 * sizeof(short);
unsigned char *data = alloca(datasize);
- int hashsize = sizeof(ho.data);
+ size_t hashsize = sizeof(ho.data);
serial_init(&srl, data, datasize);
if (serial_put(&srl, uid, strlen(uid)) != strlen(uid)) {
}
static struct _auth_chunk
-new_key(const unsigned char *challenge, const int challengesize,
- const unsigned char *secret, const int secsize)
+new_key(const unsigned char *challenge, const size_t challengesize,
+ const unsigned char *secret, const size_t secsize)
{
struct _auth_chunk ho = {0};
unsigned long rc;
- int keysize = sizeof(ho.data);
+ size_t keysize = sizeof(ho.data);
if ((rc = hmac(secret, secsize, challenge, challengesize,
&ho.data, &keysize))) {
make_key(const char *userid, const char *password, const char *nonce,
const unsigned char *secret, const int secsize,
struct _auth_chunk (*fetch_key)(const unsigned char *chal,
- const int csize))
+ const size_t csize))
{
struct _auth_chunk ho_chal, ho_key = {0};
static struct _auth_obj
make_authobj(const char *userid, const char *password, const char *nonce,
- const unsigned char *secret, const int secsize,
- const unsigned char *payload, const int paylsize)
+ const unsigned char *secret, const size_t secsize,
+ const unsigned char *payload, const size_t paylsize)
{
struct _auth_obj ao = {0};
unsigned long rc;
unsigned char *data;
- int datasize;
+ size_t datasize;
unsigned char datahash[HASHSIZE];
- int datahashsize = HASHSIZE;
+ size_t datahashsize = HASHSIZE;
serializer_t srl;
datasize = ((secsize + paylsize + HASHSIZE + 4 * sizeof(short) - 1) /
CBLKSIZE + 1) * CBLKSIZE;
data = alloca(datasize);
+ /*
+ We allocate memory rounded up to CBLKSIZE on the stack, but do not
+ use the last bytes. Stack protectors, if enabled, fill this memory
+ with `canary` value. Later, when encryption function is called,
+ stack protector detects that it tries to access "uninitialized
+ memory". Which, while technically true, is not an error. Still,
+ let us make stack protector happy by initializing the whole area:
+ */
+ memset(data, 0, datasize);
serial_init(&srl, data, datasize);
if (serial_put(&srl, secret, secsize) != secsize) {
ao.err = "authobj: serialization of secret failed";
const unsigned char *secret, const int secsize,
const unsigned char *ablob, const int blobsize,
struct _auth_chunk (*fetch_key)(const unsigned char *chal,
- const int csize))
+ const size_t csize))
{
unsigned long rc;
struct _auth_obj ao = {0};
} else {
serializer_t srl;
unsigned char myhash[HASHSIZE];
- int myhsize = HASHSIZE;
+ size_t myhsize = HASHSIZE;
unsigned char *theirhash;
- int theirhsize;
+ size_t theirhsize;
unsigned long rc;
serial_init(&srl, ao.buffer, blobsize);
struct _auth_obj authobj(const char *userid, const char *password,
const char *oldnonce, const char *newnonce,
- const unsigned char *secret, const int secsize,
- const unsigned char *payload, const int paylsize,
- const unsigned char *ablob, const int blobsize,
+ const unsigned char *secret, const size_t secsize,
+ const unsigned char *payload, const size_t paylsize,
+ const unsigned char *ablob, const size_t blobsize,
struct _auth_chunk (*fetch_key)(const unsigned char *chal,
- const int csize))
+ const size_t csize))
{
const unsigned char *wsecret;
int wsecsize;
struct _auth_obj new_ao = {0};
if (!secret || !secsize || !payload) {
+ if (!ablob || !blobsize) {
+ new_ao.err = "authobj: previous data not supplied";
+ return new_ao;
+ }
old_ao = parse_authobj(userid, password, oldnonce,
secret, secsize,
ablob, blobsize, fetch_key);
projects / pam_pcsc_cr.git / blobdiff