From 98370c2dd7dc32cecd7bb7d940383846fa435f25 Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Wed, 15 Jun 2016 15:17:50 +0100 Subject: [PATCH] constify SRP Add const qualifiers to lots of SRP stuff. This started out as an effort to silence some "type-punning" warnings on OpenBSD...but the fix was to have proper const correctness in SRP. RT4378 Reviewed-by: Richard Levitte --- crypto/srp/srp_lib.c | 39 ++++++++++++++++++++------------------- crypto/srp/srp_vfy.c | 15 ++++++++------- include/openssl/srp.h | 31 ++++++++++++++++--------------- 3 files changed, 44 insertions(+), 41 deletions(-) diff --git a/crypto/srp/srp_lib.c b/crypto/srp/srp_lib.c index 766a0a23be..06671749a6 100644 --- a/crypto/srp/srp_lib.c +++ b/crypto/srp/srp_lib.c @@ -14,7 +14,7 @@ # include # include "internal/bn_srp.h" -static BIGNUM *srp_Calc_k(BIGNUM *N, BIGNUM *g) +static BIGNUM *srp_Calc_k(const BIGNUM *N, const BIGNUM *g) { /* k = SHA1(N | PAD(g)) -- tls-srp draft 8 */ @@ -52,7 +52,7 @@ static BIGNUM *srp_Calc_k(BIGNUM *N, BIGNUM *g) return res; } -BIGNUM *SRP_Calc_u(BIGNUM *A, BIGNUM *B, BIGNUM *N) +BIGNUM *SRP_Calc_u(const BIGNUM *A, const BIGNUM *B, const BIGNUM *N) { /* k = SHA1(PAD(A) || PAD(B) ) -- tls-srp draft 8 */ @@ -95,8 +95,8 @@ BIGNUM *SRP_Calc_u(BIGNUM *A, BIGNUM *B, BIGNUM *N) return u; } -BIGNUM *SRP_Calc_server_key(BIGNUM *A, BIGNUM *v, BIGNUM *u, BIGNUM *b, - BIGNUM *N) +BIGNUM *SRP_Calc_server_key(const BIGNUM *A, const BIGNUM *v, const BIGNUM *u, + const BIGNUM *b, const BIGNUM *N) { BIGNUM *tmp = NULL, *S = NULL; BN_CTX *bn_ctx; @@ -125,7 +125,8 @@ BIGNUM *SRP_Calc_server_key(BIGNUM *A, BIGNUM *v, BIGNUM *u, BIGNUM *b, return S; } -BIGNUM *SRP_Calc_B(BIGNUM *b, BIGNUM *N, BIGNUM *g, BIGNUM *v) +BIGNUM *SRP_Calc_B(const BIGNUM *b, const BIGNUM *N, const BIGNUM *g, + const BIGNUM *v) { BIGNUM *kv = NULL, *gb = NULL; BIGNUM *B = NULL, *k = NULL; @@ -156,7 +157,7 @@ BIGNUM *SRP_Calc_B(BIGNUM *b, BIGNUM *N, BIGNUM *g, BIGNUM *v) return B; } -BIGNUM *SRP_Calc_x(BIGNUM *s, const char *user, const char *pass) +BIGNUM *SRP_Calc_x(const BIGNUM *s, const char *user, const char *pass) { unsigned char dig[SHA_DIGEST_LENGTH]; EVP_MD_CTX *ctxt; @@ -191,7 +192,7 @@ BIGNUM *SRP_Calc_x(BIGNUM *s, const char *user, const char *pass) return res; } -BIGNUM *SRP_Calc_A(BIGNUM *a, BIGNUM *N, BIGNUM *g) +BIGNUM *SRP_Calc_A(const BIGNUM *a, const BIGNUM *N, const BIGNUM *g) { BN_CTX *bn_ctx; BIGNUM *A = NULL; @@ -207,8 +208,8 @@ BIGNUM *SRP_Calc_A(BIGNUM *a, BIGNUM *N, BIGNUM *g) return A; } -BIGNUM *SRP_Calc_client_key(BIGNUM *N, BIGNUM *B, BIGNUM *g, BIGNUM *x, - BIGNUM *a, BIGNUM *u) +BIGNUM *SRP_Calc_client_key(const BIGNUM *N, const BIGNUM *B, const BIGNUM *g, + const BIGNUM *x, const BIGNUM *a, const BIGNUM *u) { BIGNUM *tmp = NULL, *tmp2 = NULL, *tmp3 = NULL, *k = NULL, *K = NULL; BN_CTX *bn_ctx; @@ -249,7 +250,7 @@ BIGNUM *SRP_Calc_client_key(BIGNUM *N, BIGNUM *B, BIGNUM *g, BIGNUM *x, return K; } -int SRP_Verify_B_mod_N(BIGNUM *B, BIGNUM *N) +int SRP_Verify_B_mod_N(const BIGNUM *B, const BIGNUM *N) { BIGNUM *r; BN_CTX *bn_ctx; @@ -270,20 +271,20 @@ int SRP_Verify_B_mod_N(BIGNUM *B, BIGNUM *N) return ret; } -int SRP_Verify_A_mod_N(BIGNUM *A, BIGNUM *N) +int SRP_Verify_A_mod_N(const BIGNUM *A, const BIGNUM *N) { /* Checks if A % N == 0 */ return SRP_Verify_B_mod_N(A, N); } static SRP_gN knowngN[] = { - {"8192", (BIGNUM *)&bn_generator_19, (BIGNUM *)&bn_group_8192}, - {"6144", (BIGNUM *)&bn_generator_5, (BIGNUM *)&bn_group_6144}, - {"4096", (BIGNUM *)&bn_generator_5, (BIGNUM *)&bn_group_4096}, - {"3072", (BIGNUM *)&bn_generator_5, (BIGNUM *)&bn_group_3072}, - {"2048", (BIGNUM *)&bn_generator_2, (BIGNUM *)&bn_group_2048}, - {"1536", (BIGNUM *)&bn_generator_2, (BIGNUM *)&bn_group_1536}, - {"1024", (BIGNUM *)&bn_generator_2, (BIGNUM *)&bn_group_1024}, + {"8192", &bn_generator_19, &bn_group_8192}, + {"6144", &bn_generator_5, &bn_group_6144}, + {"4096", &bn_generator_5, &bn_group_4096}, + {"3072", &bn_generator_5, &bn_group_3072}, + {"2048", &bn_generator_2, &bn_group_2048}, + {"1536", &bn_generator_2, &bn_group_1536}, + {"1024", &bn_generator_2, &bn_group_1024}, }; # define KNOWN_GN_NUMBER sizeof(knowngN) / sizeof(SRP_gN) @@ -292,7 +293,7 @@ static SRP_gN knowngN[] = { * Check if G and N are known parameters. The values have been generated * from the ietf-tls-srp draft version 8 */ -char *SRP_check_known_gN_param(BIGNUM *g, BIGNUM *N) +char *SRP_check_known_gN_param(const BIGNUM *g, const BIGNUM *N) { size_t i; if ((g == NULL) || (N == NULL)) diff --git a/crypto/srp/srp_vfy.c b/crypto/srp/srp_vfy.c index 11b9a4b58c..f99fa1b278 100644 --- a/crypto/srp/srp_vfy.c +++ b/crypto/srp/srp_vfy.c @@ -525,7 +525,8 @@ char *SRP_create_verifier(const char *user, const char *pass, char **salt, { int len; char *result = NULL, *vf = NULL; - BIGNUM *N_bn = NULL, *g_bn = NULL, *s = NULL, *v = NULL; + const BIGNUM *N_bn = NULL, *g_bn = NULL; + BIGNUM *N_bn_alloc = NULL, *g_bn_alloc = NULL, *s = NULL, *v = NULL; unsigned char tmp[MAX_LEN]; unsigned char tmp2[MAX_LEN]; char *defgNid = NULL; @@ -538,10 +539,12 @@ char *SRP_create_verifier(const char *user, const char *pass, char **salt, if (N) { if ((len = t_fromb64(tmp, N)) == 0) goto err; - N_bn = BN_bin2bn(tmp, len, NULL); + N_bn_alloc = BN_bin2bn(tmp, len, NULL); + N_bn = N_bn_alloc; if ((len = t_fromb64(tmp, g)) == 0) goto err; - g_bn = BN_bin2bn(tmp, len, NULL); + g_bn_alloc = BN_bin2bn(tmp, len, NULL); + g_bn = g_bn_alloc; defgNid = "*"; } else { SRP_gN *gN = SRP_get_gN_by_id(g, NULL); @@ -587,10 +590,8 @@ char *SRP_create_verifier(const char *user, const char *pass, char **salt, result = defgNid; err: - if (N) { - BN_free(N_bn); - BN_free(g_bn); - } + BN_free(N_bn_alloc); + BN_free(g_bn_alloc); OPENSSL_clear_free(vf, vfsize); BN_clear_free(s); BN_clear_free(v); diff --git a/include/openssl/srp.h b/include/openssl/srp.h index 1007b8321b..80bcb0dd38 100644 --- a/include/openssl/srp.h +++ b/include/openssl/srp.h @@ -52,8 +52,8 @@ typedef struct SRP_VBASE_st { STACK_OF(SRP_gN_cache) *gN_cache; /* to simulate a user */ char *seed_key; - BIGNUM *default_g; - BIGNUM *default_N; + const BIGNUM *default_g; + const BIGNUM *default_N; } SRP_VBASE; /* @@ -61,8 +61,8 @@ typedef struct SRP_VBASE_st { */ typedef struct SRP_gN_st { char *id; - BIGNUM *g; - BIGNUM *N; + const BIGNUM *g; + const BIGNUM *N; } SRP_gN; DEFINE_STACK_OF(SRP_gN) @@ -103,22 +103,23 @@ int SRP_create_verifier_BN(const char *user, const char *pass, BIGNUM **salt, # define DB_SRP_MODIF 'v' /* see srp.c */ -char *SRP_check_known_gN_param(BIGNUM *g, BIGNUM *N); +char *SRP_check_known_gN_param(const BIGNUM *g, const BIGNUM *N); SRP_gN *SRP_get_default_gN(const char *id); /* server side .... */ -BIGNUM *SRP_Calc_server_key(BIGNUM *A, BIGNUM *v, BIGNUM *u, BIGNUM *b, - BIGNUM *N); -BIGNUM *SRP_Calc_B(BIGNUM *b, BIGNUM *N, BIGNUM *g, BIGNUM *v); -int SRP_Verify_A_mod_N(BIGNUM *A, BIGNUM *N); -BIGNUM *SRP_Calc_u(BIGNUM *A, BIGNUM *B, BIGNUM *N); +BIGNUM *SRP_Calc_server_key(const BIGNUM *A, const BIGNUM *v, const BIGNUM *u, + const BIGNUM *b, const BIGNUM *N); +BIGNUM *SRP_Calc_B(const BIGNUM *b, const BIGNUM *N, const BIGNUM *g, + const BIGNUM *v); +int SRP_Verify_A_mod_N(const BIGNUM *A, const BIGNUM *N); +BIGNUM *SRP_Calc_u(const BIGNUM *A, const BIGNUM *B, const BIGNUM *N); /* client side .... */ -BIGNUM *SRP_Calc_x(BIGNUM *s, const char *user, const char *pass); -BIGNUM *SRP_Calc_A(BIGNUM *a, BIGNUM *N, BIGNUM *g); -BIGNUM *SRP_Calc_client_key(BIGNUM *N, BIGNUM *B, BIGNUM *g, BIGNUM *x, - BIGNUM *a, BIGNUM *u); -int SRP_Verify_B_mod_N(BIGNUM *B, BIGNUM *N); +BIGNUM *SRP_Calc_x(const BIGNUM *s, const char *user, const char *pass); +BIGNUM *SRP_Calc_A(const BIGNUM *a, const BIGNUM *N, const BIGNUM *g); +BIGNUM *SRP_Calc_client_key(const BIGNUM *N, const BIGNUM *B, const BIGNUM *g, + const BIGNUM *x, const BIGNUM *a, const BIGNUM *u); +int SRP_Verify_B_mod_N(const BIGNUM *B, const BIGNUM *N); # define SRP_MINIMAL_N 1024 -- 2.34.1