constify SRP (98370c2d) · Commits · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

crypto/srp/srp_lib.c

+20 −19

Original line number	Diff line number	Diff line
		@@ -14,7 +14,7 @@
		# include <openssl/evp.h>
		# include "internal/bn_srp.h"

		static BIGNUM srp_Calc_k(BIGNUM N, BIGNUM *g)
		static BIGNUM srp_Calc_k(const BIGNUM N, const BIGNUM *g)
		{
		/* k = SHA1(N \| PAD(g)) -- tls-srp draft 8 */

		@@ -52,7 +52,7 @@ static BIGNUM srp_Calc_k(BIGNUM N, BIGNUM *g)
		return res;
		}

		BIGNUM SRP_Calc_u(BIGNUM A, BIGNUM B, BIGNUM N)
		BIGNUM SRP_Calc_u(const BIGNUM A, const BIGNUM B, const BIGNUM N)
		{
		/* k = SHA1(PAD(A) \|\| PAD(B) ) -- tls-srp draft 8 */

		@@ -95,8 +95,8 @@ BIGNUM SRP_Calc_u(BIGNUM A, BIGNUM B, BIGNUM N)
		return u;
		}

		BIGNUM SRP_Calc_server_key(BIGNUM A, BIGNUM v, BIGNUM u, BIGNUM *b,
		BIGNUM *N)
		BIGNUM SRP_Calc_server_key(const BIGNUM A, const BIGNUM v, const BIGNUM u,
		const BIGNUM b, const BIGNUM N)
		{
		BIGNUM tmp = NULL, S = NULL;
		BN_CTX *bn_ctx;
		@@ -125,7 +125,8 @@ BIGNUM SRP_Calc_server_key(BIGNUM A, BIGNUM v, BIGNUM u, BIGNUM *b,
		return S;
		}

		BIGNUM SRP_Calc_B(BIGNUM b, BIGNUM N, BIGNUM g, BIGNUM *v)
		BIGNUM SRP_Calc_B(const BIGNUM b, const BIGNUM N, const BIGNUM g,
		const BIGNUM *v)
		{
		BIGNUM kv = NULL, gb = NULL;
		BIGNUM B = NULL, k = NULL;
		@@ -156,7 +157,7 @@ BIGNUM SRP_Calc_B(BIGNUM b, BIGNUM N, BIGNUM g, BIGNUM *v)
		return B;
		}

		BIGNUM SRP_Calc_x(BIGNUM s, const char user, const char pass)
		BIGNUM SRP_Calc_x(const BIGNUM s, const char user, const char pass)
		{
		unsigned char dig[SHA_DIGEST_LENGTH];
		EVP_MD_CTX *ctxt;
		@@ -191,7 +192,7 @@ BIGNUM SRP_Calc_x(BIGNUM s, const char user, const char pass)
		return res;
		}

		BIGNUM SRP_Calc_A(BIGNUM a, BIGNUM N, BIGNUM g)
		BIGNUM SRP_Calc_A(const BIGNUM a, const BIGNUM N, const BIGNUM g)
		{
		BN_CTX *bn_ctx;
		BIGNUM *A = NULL;
		@@ -207,8 +208,8 @@ BIGNUM SRP_Calc_A(BIGNUM a, BIGNUM N, BIGNUM g)
		return A;
		}

		BIGNUM SRP_Calc_client_key(BIGNUM N, BIGNUM B, BIGNUM g, BIGNUM *x,
		BIGNUM a, BIGNUM u)
		BIGNUM SRP_Calc_client_key(const BIGNUM N, const BIGNUM B, const BIGNUM g,
		const BIGNUM x, const BIGNUM a, const BIGNUM *u)
		{
		BIGNUM tmp = NULL, tmp2 = NULL, tmp3 = NULL, k = NULL, *K = NULL;
		BN_CTX *bn_ctx;
		@@ -249,7 +250,7 @@ BIGNUM SRP_Calc_client_key(BIGNUM N, BIGNUM B, BIGNUM g, BIGNUM *x,
		return K;
		}

		int SRP_Verify_B_mod_N(BIGNUM B, BIGNUM N)
		int SRP_Verify_B_mod_N(const BIGNUM B, const BIGNUM N)
		{
		BIGNUM *r;
		BN_CTX *bn_ctx;
		@@ -270,20 +271,20 @@ int SRP_Verify_B_mod_N(BIGNUM B, BIGNUM N)
		return ret;
		}

		int SRP_Verify_A_mod_N(BIGNUM A, BIGNUM N)
		int SRP_Verify_A_mod_N(const BIGNUM A, const BIGNUM N)
		{
		/* Checks if A % N == 0 */
		return SRP_Verify_B_mod_N(A, N);
		}

		static SRP_gN knowngN[] = {
		{"8192", (BIGNUM )&bn_generator_19, (BIGNUM )&bn_group_8192},
		{"6144", (BIGNUM )&bn_generator_5, (BIGNUM )&bn_group_6144},
		{"4096", (BIGNUM )&bn_generator_5, (BIGNUM )&bn_group_4096},
		{"3072", (BIGNUM )&bn_generator_5, (BIGNUM )&bn_group_3072},
		{"2048", (BIGNUM )&bn_generator_2, (BIGNUM )&bn_group_2048},
		{"1536", (BIGNUM )&bn_generator_2, (BIGNUM )&bn_group_1536},
		{"1024", (BIGNUM )&bn_generator_2, (BIGNUM )&bn_group_1024},
		{"8192", &bn_generator_19, &bn_group_8192},
		{"6144", &bn_generator_5, &bn_group_6144},
		{"4096", &bn_generator_5, &bn_group_4096},
		{"3072", &bn_generator_5, &bn_group_3072},
		{"2048", &bn_generator_2, &bn_group_2048},
		{"1536", &bn_generator_2, &bn_group_1536},
		{"1024", &bn_generator_2, &bn_group_1024},
		};

		# define KNOWN_GN_NUMBER sizeof(knowngN) / sizeof(SRP_gN)
		@@ -292,7 +293,7 @@ static SRP_gN knowngN[] = {
		* Check if G and N are known parameters. The values have been generated
		* from the ietf-tls-srp draft version 8
		*/
		char SRP_check_known_gN_param(BIGNUM g, BIGNUM *N)
		char SRP_check_known_gN_param(const BIGNUM g, const BIGNUM *N)
		{
		size_t i;
		if ((g == NULL) \|\| (N == NULL))

crypto/srp/srp_vfy.c

+8 −7

Original line number	Diff line number	Diff line
		@@ -525,7 +525,8 @@ char SRP_create_verifier(const char user, const char pass, char *salt,
		{
		int len;
		char result = NULL, vf = NULL;
		BIGNUM N_bn = NULL, g_bn = NULL, s = NULL, v = NULL;
		const BIGNUM N_bn = NULL, g_bn = NULL;
		BIGNUM N_bn_alloc = NULL, g_bn_alloc = NULL, s = NULL, v = NULL;
		unsigned char tmp[MAX_LEN];
		unsigned char tmp2[MAX_LEN];
		char *defgNid = NULL;
		@@ -538,10 +539,12 @@ char SRP_create_verifier(const char user, const char pass, char *salt,
		if (N) {
		if ((len = t_fromb64(tmp, N)) == 0)
		goto err;
		N_bn = BN_bin2bn(tmp, len, NULL);
		N_bn_alloc = BN_bin2bn(tmp, len, NULL);
		N_bn = N_bn_alloc;
		if ((len = t_fromb64(tmp, g)) == 0)
		goto err;
		g_bn = BN_bin2bn(tmp, len, NULL);
		g_bn_alloc = BN_bin2bn(tmp, len, NULL);
		g_bn = g_bn_alloc;
		defgNid = "*";
		} else {
		SRP_gN *gN = SRP_get_gN_by_id(g, NULL);
		@@ -587,10 +590,8 @@ char SRP_create_verifier(const char user, const char pass, char *salt,
		result = defgNid;

		err:
		if (N) {
		BN_free(N_bn);
		BN_free(g_bn);
		}
		BN_free(N_bn_alloc);
		BN_free(g_bn_alloc);
		OPENSSL_clear_free(vf, vfsize);
		BN_clear_free(s);
		BN_clear_free(v);

include/openssl/srp.h

+16 −15

Original line number	Diff line number	Diff line
		@@ -52,8 +52,8 @@ typedef struct SRP_VBASE_st {
		STACK_OF(SRP_gN_cache) *gN_cache;
		/* to simulate a user */
		char *seed_key;
		BIGNUM *default_g;
		BIGNUM *default_N;
		const BIGNUM *default_g;
		const BIGNUM *default_N;
		} SRP_VBASE;

		/*
		@@ -61,8 +61,8 @@ typedef struct SRP_VBASE_st {
		*/
		typedef struct SRP_gN_st {
		char *id;
		BIGNUM *g;
		BIGNUM *N;
		const BIGNUM *g;
		const BIGNUM *N;
		} SRP_gN;

		DEFINE_STACK_OF(SRP_gN)
		@@ -103,22 +103,23 @@ int SRP_create_verifier_BN(const char user, const char pass, BIGNUM **salt,
		# define DB_SRP_MODIF 'v'

		/* see srp.c */
		char SRP_check_known_gN_param(BIGNUM g, BIGNUM *N);
		char SRP_check_known_gN_param(const BIGNUM g, const BIGNUM *N);
		SRP_gN SRP_get_default_gN(const char id);

		/* server side .... */
		BIGNUM SRP_Calc_server_key(BIGNUM A, BIGNUM v, BIGNUM u, BIGNUM *b,
		BIGNUM *N);
		BIGNUM SRP_Calc_B(BIGNUM b, BIGNUM N, BIGNUM g, BIGNUM *v);
		int SRP_Verify_A_mod_N(BIGNUM A, BIGNUM N);
		BIGNUM SRP_Calc_u(BIGNUM A, BIGNUM B, BIGNUM N);
		BIGNUM SRP_Calc_server_key(const BIGNUM A, const BIGNUM v, const BIGNUM u,
		const BIGNUM b, const BIGNUM N);
		BIGNUM SRP_Calc_B(const BIGNUM b, const BIGNUM N, const BIGNUM g,
		const BIGNUM *v);
		int SRP_Verify_A_mod_N(const BIGNUM A, const BIGNUM N);
		BIGNUM SRP_Calc_u(const BIGNUM A, const BIGNUM B, const BIGNUM N);

		/* client side .... */
		BIGNUM SRP_Calc_x(BIGNUM s, const char user, const char pass);
		BIGNUM SRP_Calc_A(BIGNUM a, BIGNUM N, BIGNUM g);
		BIGNUM SRP_Calc_client_key(BIGNUM N, BIGNUM B, BIGNUM g, BIGNUM *x,
		BIGNUM a, BIGNUM u);
		int SRP_Verify_B_mod_N(BIGNUM B, BIGNUM N);
		BIGNUM SRP_Calc_x(const BIGNUM s, const char user, const char pass);
		BIGNUM SRP_Calc_A(const BIGNUM a, const BIGNUM N, const BIGNUM g);
		BIGNUM SRP_Calc_client_key(const BIGNUM N, const BIGNUM B, const BIGNUM g,
		const BIGNUM x, const BIGNUM a, const BIGNUM *u);
		int SRP_Verify_B_mod_N(const BIGNUM B, const BIGNUM N);

		# define SRP_MINIMAL_N 1024

Original line number	Diff line number	Diff line
		@@ -14,7 +14,7 @@
		# include <openssl/evp.h>
		# include "internal/bn_srp.h"

		static BIGNUM srp_Calc_k(BIGNUM N, BIGNUM *g)
		static BIGNUM srp_Calc_k(const BIGNUM N, const BIGNUM *g)
		{
		/* k = SHA1(N \| PAD(g)) -- tls-srp draft 8 */

		@@ -52,7 +52,7 @@ static BIGNUM srp_Calc_k(BIGNUM N, BIGNUM *g)
		return res;
		}

		BIGNUM SRP_Calc_u(BIGNUM A, BIGNUM B, BIGNUM N)
		BIGNUM SRP_Calc_u(const BIGNUM A, const BIGNUM B, const BIGNUM N)
		{
		/* k = SHA1(PAD(A) \|\| PAD(B) ) -- tls-srp draft 8 */

		@@ -95,8 +95,8 @@ BIGNUM SRP_Calc_u(BIGNUM A, BIGNUM B, BIGNUM N)
		return u;
		}

		BIGNUM SRP_Calc_server_key(BIGNUM A, BIGNUM v, BIGNUM u, BIGNUM *b,
		BIGNUM *N)
		BIGNUM SRP_Calc_server_key(const BIGNUM A, const BIGNUM v, const BIGNUM u,
		const BIGNUM b, const BIGNUM N)
		{
		BIGNUM tmp = NULL, S = NULL;
		BN_CTX *bn_ctx;
		@@ -125,7 +125,8 @@ BIGNUM SRP_Calc_server_key(BIGNUM A, BIGNUM v, BIGNUM u, BIGNUM *b,
		return S;
		}

		BIGNUM SRP_Calc_B(BIGNUM b, BIGNUM N, BIGNUM g, BIGNUM *v)
		BIGNUM SRP_Calc_B(const BIGNUM b, const BIGNUM N, const BIGNUM g,
		const BIGNUM *v)
		{
		BIGNUM kv = NULL, gb = NULL;
		BIGNUM B = NULL, k = NULL;
		@@ -156,7 +157,7 @@ BIGNUM SRP_Calc_B(BIGNUM b, BIGNUM N, BIGNUM g, BIGNUM *v)
		return B;
		}

		BIGNUM SRP_Calc_x(BIGNUM s, const char user, const char pass)
		BIGNUM SRP_Calc_x(const BIGNUM s, const char user, const char pass)
		{
		unsigned char dig[SHA_DIGEST_LENGTH];
		EVP_MD_CTX *ctxt;
		@@ -191,7 +192,7 @@ BIGNUM SRP_Calc_x(BIGNUM s, const char user, const char pass)
		return res;
		}

		BIGNUM SRP_Calc_A(BIGNUM a, BIGNUM N, BIGNUM g)
		BIGNUM SRP_Calc_A(const BIGNUM a, const BIGNUM N, const BIGNUM g)
		{
		BN_CTX *bn_ctx;
		BIGNUM *A = NULL;
		@@ -207,8 +208,8 @@ BIGNUM SRP_Calc_A(BIGNUM a, BIGNUM N, BIGNUM g)
		return A;
		}

		BIGNUM SRP_Calc_client_key(BIGNUM N, BIGNUM B, BIGNUM g, BIGNUM *x,
		BIGNUM a, BIGNUM u)
		BIGNUM SRP_Calc_client_key(const BIGNUM N, const BIGNUM B, const BIGNUM g,
		const BIGNUM x, const BIGNUM a, const BIGNUM *u)
		{
		BIGNUM tmp = NULL, tmp2 = NULL, tmp3 = NULL, k = NULL, *K = NULL;
		BN_CTX *bn_ctx;
		@@ -249,7 +250,7 @@ BIGNUM SRP_Calc_client_key(BIGNUM N, BIGNUM B, BIGNUM g, BIGNUM *x,
		return K;
		}

		int SRP_Verify_B_mod_N(BIGNUM B, BIGNUM N)
		int SRP_Verify_B_mod_N(const BIGNUM B, const BIGNUM N)
		{
		BIGNUM *r;
		BN_CTX *bn_ctx;
		@@ -270,20 +271,20 @@ int SRP_Verify_B_mod_N(BIGNUM B, BIGNUM N)
		return ret;
		}

		int SRP_Verify_A_mod_N(BIGNUM A, BIGNUM N)
		int SRP_Verify_A_mod_N(const BIGNUM A, const BIGNUM N)
		{
		/* Checks if A % N == 0 */
		return SRP_Verify_B_mod_N(A, N);
		}

		static SRP_gN knowngN[] = {
		{"8192", (BIGNUM )&bn_generator_19, (BIGNUM )&bn_group_8192},
		{"6144", (BIGNUM )&bn_generator_5, (BIGNUM )&bn_group_6144},
		{"4096", (BIGNUM )&bn_generator_5, (BIGNUM )&bn_group_4096},
		{"3072", (BIGNUM )&bn_generator_5, (BIGNUM )&bn_group_3072},
		{"2048", (BIGNUM )&bn_generator_2, (BIGNUM )&bn_group_2048},
		{"1536", (BIGNUM )&bn_generator_2, (BIGNUM )&bn_group_1536},
		{"1024", (BIGNUM )&bn_generator_2, (BIGNUM )&bn_group_1024},
		{"8192", &bn_generator_19, &bn_group_8192},
		{"6144", &bn_generator_5, &bn_group_6144},
		{"4096", &bn_generator_5, &bn_group_4096},
		{"3072", &bn_generator_5, &bn_group_3072},
		{"2048", &bn_generator_2, &bn_group_2048},
		{"1536", &bn_generator_2, &bn_group_1536},
		{"1024", &bn_generator_2, &bn_group_1024},
		};

		# define KNOWN_GN_NUMBER sizeof(knowngN) / sizeof(SRP_gN)
		@@ -292,7 +293,7 @@ static SRP_gN knowngN[] = {
		* Check if G and N are known parameters. The values have been generated
		* from the ietf-tls-srp draft version 8
		*/
		char SRP_check_known_gN_param(BIGNUM g, BIGNUM *N)
		char SRP_check_known_gN_param(const BIGNUM g, const BIGNUM *N)
		{
		size_t i;
		if ((g == NULL) \|\| (N == NULL))