Commit 46c853e0 authored by Matt Caswell's avatar Matt Caswell
Browse files

Check more return values in the SRP code 



Reviewed-by: default avatarPaul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8019)

(cherry picked from commit d63bde78)
parent d42c3568

crypto/srp/srp_lib.c

+3 −1
Original line number Diff line number Diff line
@@ -26,6 +26,7 @@ static BIGNUM *srp_Calc_xy(const BIGNUM *x, const BIGNUM *y, const BIGNUM *N) 
    unsigned char *tmp = NULL;

    int numN = BN_num_bytes(N);

    BIGNUM *res = NULL;



    if (x != N && BN_ucmp(x, N) >= 0)

        return NULL;

    if (y != N && BN_ucmp(y, N) >= 0)
@@ -139,7 +140,8 @@ BIGNUM *SRP_Calc_x(const BIGNUM *s, const char *user, const char *pass) 
        || !EVP_DigestFinal_ex(ctxt, dig, NULL)

        || !EVP_DigestInit_ex(ctxt, EVP_sha1(), NULL))

        goto err;

    BN_bn2bin(s, cs);

    if (BN_bn2bin(s, cs) < 0)

        goto err;

    if (!EVP_DigestUpdate(ctxt, cs, BN_num_bytes(s)))

        goto err;

crypto/srp/srp_vfy.c

+16 −3
Original line number Diff line number Diff line
@@ -598,10 +598,14 @@ char *SRP_create_verifier(const char *user, const char *pass, char **salt, 
        if ((len = t_fromb64(tmp, sizeof(tmp), N)) <= 0)

            goto err;

        N_bn_alloc = BN_bin2bn(tmp, len, NULL);

        if (N_bn_alloc == NULL)

            goto err;

        N_bn = N_bn_alloc;

        if ((len = t_fromb64(tmp, sizeof(tmp) ,g)) <= 0)

            goto err;

        g_bn_alloc = BN_bin2bn(tmp, len, NULL);

        if (g_bn_alloc == NULL)

            goto err;

        g_bn = g_bn_alloc;

        defgNid = "*";

    } else {
@@ -623,15 +627,19 @@ char *SRP_create_verifier(const char *user, const char *pass, char **salt, 
            goto err;

        s = BN_bin2bn(tmp2, len, NULL);

    }

    if (s == NULL)

        goto err;



    if (!SRP_create_verifier_BN(user, pass, &s, &v, N_bn, g_bn))

        goto err;



    BN_bn2bin(v, tmp);

    if (BN_bn2bin(v, tmp) < 0)

        goto err;

    vfsize = BN_num_bytes(v) * 2;

    if (((vf = OPENSSL_malloc(vfsize)) == NULL))

        goto err;

    t_tob64(vf, tmp, BN_num_bytes(v));

    if (!t_tob64(vf, tmp, BN_num_bytes(v)))

        goto err;



    if (*salt == NULL) {

        char *tmp_salt;
@@ -639,7 +647,10 @@ char *SRP_create_verifier(const char *user, const char *pass, char **salt, 
        if ((tmp_salt = OPENSSL_malloc(SRP_RANDOM_SALT_LEN * 2)) == NULL) {

            goto err;

        }

        t_tob64(tmp_salt, tmp2, SRP_RANDOM_SALT_LEN);

        if (!t_tob64(tmp_salt, tmp2, SRP_RANDOM_SALT_LEN)) {

            OPENSSL_free(tmp_salt);

            goto err;

        }

        *salt = tmp_salt;

    }
@@ -686,6 +697,8 @@ int SRP_create_verifier_BN(const char *user, const char *pass, BIGNUM **salt, 
            goto err;



        salttmp = BN_bin2bn(tmp2, SRP_RANDOM_SALT_LEN, NULL);

        if (salttmp == NULL)

            goto err;

    } else {

        salttmp = *salt;

    }