From e4b2e0450f9cf38b8c69c2877068cee4e5f99dbc Mon Sep 17 00:00:00 2001 From: jackpoz Date: Wed, 3 Aug 2016 23:33:36 +0200 Subject: Common/Crypto: Reduce differences between 3.3.5 and 6.x branches Code functionality shouldn't have been modified. --- src/common/Cryptography/ARC4.cpp | 4 ++-- src/common/Cryptography/ARC4.h | 4 ++-- src/common/Cryptography/BigNumber.cpp | 21 ++++++++++++++++----- src/common/Cryptography/BigNumber.h | 8 +++++--- src/server/authserver/Server/AuthSession.cpp | 18 ++++-------------- 5 files changed, 29 insertions(+), 26 deletions(-) (limited to 'src') diff --git a/src/common/Cryptography/ARC4.cpp b/src/common/Cryptography/ARC4.cpp index eea523a2090..ead85a18e67 100644 --- a/src/common/Cryptography/ARC4.cpp +++ b/src/common/Cryptography/ARC4.cpp @@ -18,14 +18,14 @@ #include "ARC4.h" -ARC4::ARC4(uint8 len) : m_ctx() +ARC4::ARC4(uint32 len) : m_ctx() { EVP_CIPHER_CTX_init(&m_ctx); EVP_EncryptInit_ex(&m_ctx, EVP_rc4(), NULL, NULL, NULL); EVP_CIPHER_CTX_set_key_length(&m_ctx, len); } -ARC4::ARC4(uint8 *seed, uint8 len) : m_ctx() +ARC4::ARC4(uint8 *seed, uint32 len) : m_ctx() { EVP_CIPHER_CTX_init(&m_ctx); EVP_EncryptInit_ex(&m_ctx, EVP_rc4(), NULL, NULL, NULL); diff --git a/src/common/Cryptography/ARC4.h b/src/common/Cryptography/ARC4.h index 7e680176836..df412944ef6 100644 --- a/src/common/Cryptography/ARC4.h +++ b/src/common/Cryptography/ARC4.h @@ -25,8 +25,8 @@ class TC_COMMON_API ARC4 { public: - ARC4(uint8 len); - ARC4(uint8 *seed, uint8 len); + ARC4(uint32 len); + ARC4(uint8 *seed, uint32 len); ~ARC4(); void Init(uint8 *seed); void UpdateData(int len, uint8 *data); diff --git a/src/common/Cryptography/BigNumber.cpp b/src/common/Cryptography/BigNumber.cpp index 3b85122ebab..0d5dafc336b 100644 --- a/src/common/Cryptography/BigNumber.cpp +++ b/src/common/Cryptography/BigNumber.cpp @@ -163,11 +163,16 @@ uint32 BigNumber::AsDword() return (uint32)BN_get_word(_bn); } -bool BigNumber::isZero() const +bool BigNumber::IsZero() const { return BN_is_zero(_bn); } +bool BigNumber::IsNegative() const +{ + return BN_is_negative(_bn); +} + std::unique_ptr BigNumber::AsByteArray(int32 minSize, bool littleEndian) { int numBytes = GetNumBytes(); @@ -189,13 +194,19 @@ std::unique_ptr BigNumber::AsByteArray(int32 minSize, bool littleEndian return ret; } -char * BigNumber::AsHexStr() const +std::string BigNumber::AsHexStr() const { - return BN_bn2hex(_bn); + char* ch = BN_bn2hex(_bn); + std::string ret = ch; + OPENSSL_free(ch); + return ret; } -char * BigNumber::AsDecStr() const +std::string BigNumber::AsDecStr() const { - return BN_bn2dec(_bn); + char* ch = BN_bn2dec(_bn); + std::string ret = ch; + OPENSSL_free(ch); + return ret; } diff --git a/src/common/Cryptography/BigNumber.h b/src/common/Cryptography/BigNumber.h index 1d21be1b431..baf338552d0 100644 --- a/src/common/Cryptography/BigNumber.h +++ b/src/common/Cryptography/BigNumber.h @@ -21,6 +21,7 @@ #include #include "Define.h" +#include struct bignum_st; @@ -76,7 +77,8 @@ class TC_COMMON_API BigNumber return t %= bn; } - bool isZero() const; + bool IsZero() const; + bool IsNegative() const; BigNumber ModExp(BigNumber const& bn1, BigNumber const& bn2); BigNumber Exp(BigNumber const&); @@ -89,8 +91,8 @@ class TC_COMMON_API BigNumber std::unique_ptr AsByteArray(int32 minSize = 0, bool littleEndian = true); - char * AsHexStr() const; - char * AsDecStr() const; + std::string AsHexStr() const; + std::string AsDecStr() const; private: struct bignum_st *_bn; diff --git a/src/server/authserver/Server/AuthSession.cpp b/src/server/authserver/Server/AuthSession.cpp index 43c327ffda1..ec72651ecb7 100644 --- a/src/server/authserver/Server/AuthSession.cpp +++ b/src/server/authserver/Server/AuthSession.cpp @@ -499,7 +499,7 @@ bool AuthSession::HandleLogonProof() A.SetBinary(logonProof->A, 32); // SRP safeguard: abort if A == 0 - if (A.isZero()) + if (A.IsZero()) { return false; } @@ -575,18 +575,15 @@ bool AuthSession::HandleLogonProof() // Update the sessionkey, last_ip, last login time and reset number of failed logins in the account table for this account // No SQL injection (escaped user name) and IP address as received by socket - const char *K_hex = K.AsHexStr(); PreparedStatement *stmt = LoginDatabase.GetPreparedStatement(LOGIN_UPD_LOGONPROOF); - stmt->setString(0, K_hex); + stmt->setString(0, K.AsHexStr()); stmt->setString(1, GetRemoteIpAddress().to_string().c_str()); stmt->setUInt32(2, GetLocaleByName(_localizationName)); stmt->setString(3, _os); stmt->setString(4, _accountInfo.Login); LoginDatabase.DirectExecute(stmt); - OPENSSL_free((void*)K_hex); - // Finish SRP6 and send the final result to the client sha.Initialize(); sha.UpdateBigNumbers(&A, &M, &K, NULL); @@ -959,16 +956,9 @@ void AuthSession::SetVSFields(const std::string& rI) v = g.ModExp(x, N); // No SQL injection (username escaped) - char *v_hex, *s_hex; - v_hex = v.AsHexStr(); - s_hex = s.AsHexStr(); - PreparedStatement* stmt = LoginDatabase.GetPreparedStatement(LOGIN_UPD_VS); - stmt->setString(0, v_hex); - stmt->setString(1, s_hex); + stmt->setString(0, v.AsHexStr()); + stmt->setString(1, s.AsHexStr()); stmt->setString(2, _accountInfo.Login); LoginDatabase.Execute(stmt); - - OPENSSL_free(v_hex); - OPENSSL_free(s_hex); } -- cgit v1.2.3