+/*
+Copyright (c) 2013 Eugene Crosser
+
+This software is provided 'as-is', without any express or implied
+warranty. In no event will the authors be held liable for any damages
+arising from the use of this software.
+
+Permission is granted to anyone to use this software for any purpose,
+including commercial applications, and to alter it and redistribute it
+freely, subject to the following restrictions:
+
+ 1. The origin of this software must not be misrepresented; you must
+ not claim that you wrote the original software. If you use this
+ software in a product, an acknowledgment in the product documentation
+ would be appreciated but is not required.
+
+ 2. Altered source versions must be plainly marked as such, and must
+ not be misrepresented as being the original software.
+
+ 3. This notice may not be removed or altered from any source
+ distribution.
+*/
+
#ifdef HAVE_CONFIG_H
# include "config.h"
#endif
#include <stdio.h>
#include <string.h>
+#include <stdlib.h>
#include <alloca.h>
#include "serial.h"
#include "crypto.h"
#include "authobj.h"
-#include "pcsc_cr.h"
static struct _auth_chunk
make_challenge(const char *uid, const char *pass, const char *nonce)
}
static struct _auth_obj
-make_authobj(char *userid, char *password, char *nonce,
+make_authobj(const char *userid, const char *password, const char *nonce,
const unsigned char *secret, const int secsize,
const unsigned char *payload, const int paylsize)
{
datasize = ((secsize + paylsize + HASHSIZE + 4 * sizeof(short) - 1) /
CBLKSIZE + 1) * CBLKSIZE;
data = alloca(datasize);
+ /*
+ We allocate memory rounded up to CBLKSIZE on the stack, but do not
+ use the last bytes. Stack protectors, if enabled, fill this memory
+ with `canary` value. Later, when encryption function is called,
+ stack protector detects that it tries to access "uninitialized
+ memory". Which, while technically true, is not an error. Still,
+ let us make stack protector happy by initializing the whole area:
+ */
+ memset(data, 0, datasize);
serial_init(&srl, data, datasize);
if (serial_put(&srl, secret, secsize) != secsize) {
ao.err = "authobj: serialization of secret failed";
}
static struct _auth_obj
-parse_authobj(char *userid, char *password, char *nonce,
+parse_authobj(const char *userid, const char *password, const char *nonce,
const unsigned char *secret, const int secsize,
const unsigned char *ablob, const int blobsize,
struct _auth_chunk (*fetch_key)(const unsigned char *chal,
struct _auth_chunk (*fetch_key)(const unsigned char *chal,
const int csize))
{
- unsigned char *wsecret;
+ const unsigned char *wsecret;
int wsecsize;
- unsigned char *wpayload;
+ const unsigned char *wpayload;
int wpaylsize;
struct _auth_obj old_ao = {0};
struct _auth_obj new_ao = {0};
if (!secret || !secsize || !payload) {
+ if (!ablob || !blobsize) {
+ new_ao.err = "authobj: previous data not supplied";
+ return new_ao;
+ }
old_ao = parse_authobj(userid, password, oldnonce,
secret, secsize,
ablob, blobsize, fetch_key);