Add pwlen argument to openconnect_hash_yubikey_password()

We're going to want to use this with strings which aren't necessarily NUL-terminated, for the Yubikey password workaround. Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
sailfishos-mirror · Feb 4, 2015 · 202f6ad · 202f6ad
1 parent 3dcc6c1
commit 202f6ad
Show file tree

Hide file tree

Showing 4 changed files with 10 additions and 6 deletions.
diff --git a/gnutls.c b/gnutls.c
@@ -2545,14 +2545,15 @@ static P11KitPin *p11kit_pin_callback(const char *pin_source, P11KitUri *pin_uri
 
 #ifdef HAVE_LIBPCSCLITE
 int openconnect_hash_yubikey_password(struct openconnect_info *vpninfo,
-				      const char *password, const void *ident, int id_len)
+				      const char *password, int pwlen,
+				      const void *ident, int id_len)
 {
 	unsigned char U[SHA1_SIZE];
 	gnutls_hmac_hd_t dgst;
 	int ret = -EIO;
 	int i, j;
 
-	if (gnutls_hmac_init(&dgst, GNUTLS_MAC_SHA1, password, strlen(password)))
+	if (gnutls_hmac_init(&dgst, GNUTLS_MAC_SHA1, password, pwlen))
 		return -EIO;
 
 	if (gnutls_hmac(dgst, ident, id_len))

diff --git a/openconnect-internal.h b/openconnect-internal.h
@@ -839,7 +839,8 @@ int openconnect_local_cert_md5(struct openconnect_info *vpninfo,
 int openconnect_yubikey_chalresp(struct openconnect_info *vpninfo,
 				 const void *challenge, int chall_len, void *result);
 int openconnect_hash_yubikey_password(struct openconnect_info *vpninfo,
-				      const char *password, const void *ident, int id_len);
+				      const char *password, int pwlen,
+				      const void *ident, int id_len);
 int hotp_hmac(struct openconnect_info *vpninfo, const void *challenge);
 #if defined(OPENCONNECT_OPENSSL)
 #define openconnect_https_connected(_v) ((_v)->https_ssl)

diff --git a/openssl.c b/openssl.c
@@ -1647,9 +1647,10 @@ int openconnect_local_cert_md5(struct openconnect_info *vpninfo,
 
 #ifdef HAVE_LIBPCSCLITE
 int openconnect_hash_yubikey_password(struct openconnect_info *vpninfo,
-				      const char *password, const void *ident, int id_len)
+				      const char *password, int pwlen,
+				      const void *ident, int id_len)
 {
-	if (!PKCS5_PBKDF2_HMAC_SHA1(password, strlen(password), ident, id_len, 1000, 16,
+	if (!PKCS5_PBKDF2_HMAC_SHA1(password, pwlen, ident, id_len, 1000, 16,
 				    vpninfo->yubikey_pwhash))
 		return -EIO;
 

diff --git a/yubikey.c b/yubikey.c
@@ -217,7 +217,8 @@ static int select_yubioath_applet(struct openconnect_info *vpninfo,
 
 			/* XXX: What charset is the password in? Assuming UTF-8 because that's
 			   the only sane option, but see http://forum.yubico.com/viewtopic.php?f=26&t=1601 */
-			ret = openconnect_hash_yubikey_password(vpninfo, o._value, applet_id, id_len);
+			ret = openconnect_hash_yubikey_password(vpninfo, o._value, strlen(o._value),
+								applet_id, id_len);
 			if (ret)
 				return ret;