Commit 8f332ac9 authored by Dr. Stephen Henson's avatar Dr. Stephen Henson
Browse files

SRP code tidy. 



Tidy up srp_Calc_k and SRP_Calc_u by making them a special case of
srp_Calc_xy which performs SHA1(PAD(x) | PAD(y)).

This addresses an OCAP Audit issue.

Reviewed-by: default avatarRich Salz <rsalz@openssl.org>
parent a00d75e1

crypto/srp/srp_lib.c

+17 −69
Original line number Diff line number Diff line
@@ -14,92 +14,40 @@ 
# include <openssl/evp.h>

# include "internal/bn_srp.h"



static BIGNUM *srp_Calc_k(const BIGNUM *N, const BIGNUM *g)

{

    /* k = SHA1(N | PAD(g)) -- tls-srp draft 8 */

/* calculate = SHA1(PAD(x) || PAD(y)) */



static BIGNUM *srp_Calc_xy(const BIGNUM *x, const BIGNUM *y, const BIGNUM *N)

{

    unsigned char digest[SHA_DIGEST_LENGTH];

    unsigned char *tmp = NULL;

    EVP_MD_CTX *ctxt = NULL;

    int longg;

    int longN = BN_num_bytes(N);

    int numN = BN_num_bytes(N);

    BIGNUM *res = NULL;



    if (BN_ucmp(g, N) >= 0)

    if (x != N && BN_ucmp(x, N) >= 0)

        return NULL;



    ctxt = EVP_MD_CTX_new();

    if (ctxt == NULL)

    if (y != N && BN_ucmp(y, N) >= 0)

        return NULL;

    if ((tmp = OPENSSL_malloc(longN)) == NULL)

        goto err;

    BN_bn2bin(N, tmp);



    if (!EVP_DigestInit_ex(ctxt, EVP_sha1(), NULL)

        || !EVP_DigestUpdate(ctxt, tmp, longN))

    if ((tmp = OPENSSL_malloc(numN * 2)) == NULL)

        goto err;



    memset(tmp, 0, longN);

    longg = BN_bn2bin(g, tmp);

    /* use the zeros behind to pad on left */

    if (!EVP_DigestUpdate(ctxt, tmp + longg, longN - longg)

        || !EVP_DigestUpdate(ctxt, tmp, longg))

        goto err;



    if (!EVP_DigestFinal_ex(ctxt, digest, NULL))

    if (BN_bn2binpad(x, tmp, numN) < 0

        || BN_bn2binpad(y, tmp + numN, numN) < 0

        || !EVP_Digest(tmp, numN * 2, digest, NULL, EVP_sha1(), NULL))

        goto err;

    res = BN_bin2bn(digest, sizeof(digest), NULL);

 err:

    OPENSSL_free(tmp);

    EVP_MD_CTX_free(ctxt);

    return res;

}



BIGNUM *SRP_Calc_u(const BIGNUM *A, const BIGNUM *B, const BIGNUM *N)

static BIGNUM *srp_Calc_k(const BIGNUM *N, const BIGNUM *g)

{

    /* k = SHA1(PAD(A) || PAD(B) ) -- tls-srp draft 8 */



    BIGNUM *u = NULL;

    unsigned char cu[SHA_DIGEST_LENGTH];

    unsigned char *cAB = NULL;

    EVP_MD_CTX *ctxt = NULL;

    int longN;

    if ((A == NULL) || (B == NULL) || (N == NULL))

        return NULL;



    if (BN_ucmp(A, N) >= 0 || BN_ucmp(B, N) >= 0)

        return NULL;



    longN = BN_num_bytes(N);



    ctxt = EVP_MD_CTX_new();

    if (ctxt == NULL)

        return NULL;

    if ((cAB = OPENSSL_malloc(2 * longN)) == NULL)

        goto err;



    memset(cAB, 0, longN);



    if (!EVP_DigestInit_ex(ctxt, EVP_sha1(), NULL)

        || !EVP_DigestUpdate(ctxt, cAB + BN_bn2bin(A, cAB + longN), longN)

        || !EVP_DigestUpdate(ctxt, cAB + BN_bn2bin(B, cAB + longN), longN))

        goto err;



    if (!EVP_DigestFinal_ex(ctxt, cu, NULL))

        goto err;



    if ((u = BN_bin2bn(cu, sizeof(cu), NULL)) == NULL)

        goto err;

    if (BN_is_zero(u)) {

        BN_free(u);

        u = NULL;

    /* k = SHA1(N | PAD(g)) -- tls-srp draft 8 */

    return srp_Calc_xy(N, g, N);

}



 err:

    OPENSSL_free(cAB);

    EVP_MD_CTX_free(ctxt);



    return u;

BIGNUM *SRP_Calc_u(const BIGNUM *A, const BIGNUM *B, const BIGNUM *N)

{

    /* k = SHA1(PAD(A) || PAD(B) ) -- tls-srp draft 8 */

    return srp_Calc_xy(A, B, N);

}



BIGNUM *SRP_Calc_server_key(const BIGNUM *A, const BIGNUM *v, const BIGNUM *u,