Commit 202f6ad8 authored by David Woodhouse's avatar David Woodhouse

Add pwlen argument to openconnect_hash_yubikey_password()

We're going to want to use this with strings which aren't necessarily
NUL-terminated, for the Yubikey password workaround.
Signed-off-by: default avatarDavid Woodhouse <David.Woodhouse@intel.com>
parent 3dcc6c1a
......@@ -2545,14 +2545,15 @@ static P11KitPin *p11kit_pin_callback(const char *pin_source, P11KitUri *pin_uri
#ifdef HAVE_LIBPCSCLITE
int openconnect_hash_yubikey_password(struct openconnect_info *vpninfo,
const char *password, const void *ident, int id_len)
const char *password, int pwlen,
const void *ident, int id_len)
{
unsigned char U[SHA1_SIZE];
gnutls_hmac_hd_t dgst;
int ret = -EIO;
int i, j;
if (gnutls_hmac_init(&dgst, GNUTLS_MAC_SHA1, password, strlen(password)))
if (gnutls_hmac_init(&dgst, GNUTLS_MAC_SHA1, password, pwlen))
return -EIO;
if (gnutls_hmac(dgst, ident, id_len))
......
......@@ -839,7 +839,8 @@ int openconnect_local_cert_md5(struct openconnect_info *vpninfo,
int openconnect_yubikey_chalresp(struct openconnect_info *vpninfo,
const void *challenge, int chall_len, void *result);
int openconnect_hash_yubikey_password(struct openconnect_info *vpninfo,
const char *password, const void *ident, int id_len);
const char *password, int pwlen,
const void *ident, int id_len);
int hotp_hmac(struct openconnect_info *vpninfo, const void *challenge);
#if defined(OPENCONNECT_OPENSSL)
#define openconnect_https_connected(_v) ((_v)->https_ssl)
......
......@@ -1647,9 +1647,10 @@ int openconnect_local_cert_md5(struct openconnect_info *vpninfo,
#ifdef HAVE_LIBPCSCLITE
int openconnect_hash_yubikey_password(struct openconnect_info *vpninfo,
const char *password, const void *ident, int id_len)
const char *password, int pwlen,
const void *ident, int id_len)
{
if (!PKCS5_PBKDF2_HMAC_SHA1(password, strlen(password), ident, id_len, 1000, 16,
if (!PKCS5_PBKDF2_HMAC_SHA1(password, pwlen, ident, id_len, 1000, 16,
vpninfo->yubikey_pwhash))
return -EIO;
......
......@@ -217,7 +217,8 @@ static int select_yubioath_applet(struct openconnect_info *vpninfo,
/* XXX: What charset is the password in? Assuming UTF-8 because that's
the only sane option, but see http://forum.yubico.com/viewtopic.php?f=26&t=1601 */
ret = openconnect_hash_yubikey_password(vpninfo, o._value, applet_id, id_len);
ret = openconnect_hash_yubikey_password(vpninfo, o._value, strlen(o._value),
applet_id, id_len);
if (ret)
return ret;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment