summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMatt Caswell <matt@openssl.org>2016-06-15 15:17:50 +0100
committerMatt Caswell <matt@openssl.org>2016-06-18 15:34:03 +0100
commit98370c2dd7dc32cecd7bb7d940383846fa435f25 (patch)
treec5f83ad8c892b93534e3079c925acba0a0103142
parent7fb4b92c01bdef71543650ef7da6bfcec69f9cde (diff)
constify SRP
Add const qualifiers to lots of SRP stuff. This started out as an effort to silence some "type-punning" warnings on OpenBSD...but the fix was to have proper const correctness in SRP. RT4378 Reviewed-by: Richard Levitte <levitte@openssl.org>
Diffstat
-rw-r--r--crypto/srp/srp_lib.c39
-rw-r--r--crypto/srp/srp_vfy.c15
-rw-r--r--include/openssl/srp.h31
3 files changed, 44 insertions, 41 deletions
diff --git a/crypto/srp/srp_lib.c b/crypto/srp/srp_lib.c
index 766a0a23be..06671749a6 100644
--- a/crypto/srp/srp_lib.c
+++ b/crypto/srp/srp_lib.c
@@ -14,7 +14,7 @@
# include <openssl/evp.h>
# include "internal/bn_srp.h"
-static BIGNUM *srp_Calc_k(BIGNUM *N, BIGNUM *g)
+static BIGNUM *srp_Calc_k(const BIGNUM *N, const BIGNUM *g)
{
/* k = SHA1(N | PAD(g)) -- tls-srp draft 8 */
@@ -52,7 +52,7 @@ static BIGNUM *srp_Calc_k(BIGNUM *N, BIGNUM *g)
return res;
}
-BIGNUM *SRP_Calc_u(BIGNUM *A, BIGNUM *B, BIGNUM *N)
+BIGNUM *SRP_Calc_u(const BIGNUM *A, const BIGNUM *B, const BIGNUM *N)
{
/* k = SHA1(PAD(A) || PAD(B) ) -- tls-srp draft 8 */
@@ -95,8 +95,8 @@ BIGNUM *SRP_Calc_u(BIGNUM *A, BIGNUM *B, BIGNUM *N)
return u;
}
-BIGNUM *SRP_Calc_server_key(BIGNUM *A, BIGNUM *v, BIGNUM *u, BIGNUM *b,
- BIGNUM *N)
+BIGNUM *SRP_Calc_server_key(const BIGNUM *A, const BIGNUM *v, const BIGNUM *u,
+ const BIGNUM *b, const BIGNUM *N)
{
BIGNUM *tmp = NULL, *S = NULL;
BN_CTX *bn_ctx;
@@ -125,7 +125,8 @@ BIGNUM *SRP_Calc_server_key(BIGNUM *A, BIGNUM *v, BIGNUM *u, BIGNUM *b,
return S;
}
-BIGNUM *SRP_Calc_B(BIGNUM *b, BIGNUM *N, BIGNUM *g, BIGNUM *v)
+BIGNUM *SRP_Calc_B(const BIGNUM *b, const BIGNUM *N, const BIGNUM *g,
+ const BIGNUM *v)
{
BIGNUM *kv = NULL, *gb = NULL;
BIGNUM *B = NULL, *k = NULL;
@@ -156,7 +157,7 @@ BIGNUM *SRP_Calc_B(BIGNUM *b, BIGNUM *N, BIGNUM *g, BIGNUM *v)
return B;
}
-BIGNUM *SRP_Calc_x(BIGNUM *s, const char *user, const char *pass)
+BIGNUM *SRP_Calc_x(const BIGNUM *s, const char *user, const char *pass)
{
unsigned char dig[SHA_DIGEST_LENGTH];
EVP_MD_CTX *ctxt;
@@ -191,7 +192,7 @@ BIGNUM *SRP_Calc_x(BIGNUM *s, const char *user, const char *pass)
return res;
}
-BIGNUM *SRP_Calc_A(BIGNUM *a, BIGNUM *N, BIGNUM *g)
+BIGNUM *SRP_Calc_A(const BIGNUM *a, const BIGNUM *N, const BIGNUM *g)
{
BN_CTX *bn_ctx;
BIGNUM *A = NULL;
@@ -207,8 +208,8 @@ BIGNUM *SRP_Calc_A(BIGNUM *a, BIGNUM *N, BIGNUM *g)
return A;
}
-BIGNUM *SRP_Calc_client_key(BIGNUM *N, BIGNUM *B, BIGNUM *g, BIGNUM *x,
- BIGNUM *a, BIGNUM *u)
+BIGNUM *SRP_Calc_client_key(const BIGNUM *N, const BIGNUM *B, const BIGNUM *g,
+ const BIGNUM *x, const BIGNUM *a, const BIGNUM *u)
{
BIGNUM *tmp = NULL, *tmp2 = NULL, *tmp3 = NULL, *k = NULL, *K = NULL;
BN_CTX *bn_ctx;
@@ -249,7 +250,7 @@ BIGNUM *SRP_Calc_client_key(BIGNUM *N, BIGNUM *B, BIGNUM *g, BIGNUM *x,
return K;
}
-int SRP_Verify_B_mod_N(BIGNUM *B, BIGNUM *N)
+int SRP_Verify_B_mod_N(const BIGNUM *B, const BIGNUM *N)
{
BIGNUM *r;
BN_CTX *bn_ctx;
@@ -270,20 +271,20 @@ int SRP_Verify_B_mod_N(BIGNUM *B, BIGNUM *N)
return ret;
}
-int SRP_Verify_A_mod_N(BIGNUM *A, BIGNUM *N)
+int SRP_Verify_A_mod_N(const BIGNUM *A, const BIGNUM *N)
{
/* Checks if A % N == 0 */
return SRP_Verify_B_mod_N(A, N);
}
static SRP_gN knowngN[] = {
- {"8192", (BIGNUM *)&bn_generator_19, (BIGNUM *)&bn_group_8192},
- {"6144", (BIGNUM *)&bn_generator_5, (BIGNUM *)&bn_group_6144},
- {"4096", (BIGNUM *)&bn_generator_5, (BIGNUM *)&bn_group_4096},
- {"3072", (BIGNUM *)&bn_generator_5, (BIGNUM *)&bn_group_3072},
- {"2048", (BIGNUM *)&bn_generator_2, (BIGNUM *)&bn_group_2048},
- {"1536", (BIGNUM *)&bn_generator_2, (BIGNUM *)&bn_group_1536},
- {"1024", (BIGNUM *)&bn_generator_2, (BIGNUM *)&bn_group_1024},
+ {"8192", &bn_generator_19, &bn_group_8192},
+ {"6144", &bn_generator_5, &bn_group_6144},
+ {"4096", &bn_generator_5, &bn_group_4096},
+ {"3072", &bn_generator_5, &bn_group_3072},
+ {"2048", &bn_generator_2, &bn_group_2048},
+ {"1536", &bn_generator_2, &bn_group_1536},
+ {"1024", &bn_generator_2, &bn_group_1024},
};
# define KNOWN_GN_NUMBER sizeof(knowngN) / sizeof(SRP_gN)
@@ -292,7 +293,7 @@ static SRP_gN knowngN[] = {
* Check if G and N are known parameters. The values have been generated
* from the ietf-tls-srp draft version 8
*/
-char *SRP_check_known_gN_param(BIGNUM *g, BIGNUM *N)
+char *SRP_check_known_gN_param(const BIGNUM *g, const BIGNUM *N)
{
size_t i;
if ((g == NULL) || (N == NULL))
diff --git a/crypto/srp/srp_vfy.c b/crypto/srp/srp_vfy.c
index 11b9a4b58c..f99fa1b278 100644
--- a/crypto/srp/srp_vfy.c
+++ b/crypto/srp/srp_vfy.c
@@ -525,7 +525,8 @@ char *SRP_create_verifier(const char *user, const char *pass, char **salt,
{
int len;
char *result = NULL, *vf = NULL;
- BIGNUM *N_bn = NULL, *g_bn = NULL, *s = NULL, *v = NULL;
+ const BIGNUM *N_bn = NULL, *g_bn = NULL;
+ BIGNUM *N_bn_alloc = NULL, *g_bn_alloc = NULL, *s = NULL, *v = NULL;
unsigned char tmp[MAX_LEN];
unsigned char tmp2[MAX_LEN];
char *defgNid = NULL;
@@ -538,10 +539,12 @@ char *SRP_create_verifier(const char *user, const char *pass, char **salt,
if (N) {
if ((len = t_fromb64(tmp, N)) == 0)
goto err;
- N_bn = BN_bin2bn(tmp, len, NULL);
+ N_bn_alloc = BN_bin2bn(tmp, len, NULL);
+ N_bn = N_bn_alloc;
if ((len = t_fromb64(tmp, g)) == 0)
goto err;
- g_bn = BN_bin2bn(tmp, len, NULL);
+ g_bn_alloc = BN_bin2bn(tmp, len, NULL);
+ g_bn = g_bn_alloc;
defgNid = "*";
} else {
SRP_gN *gN = SRP_get_gN_by_id(g, NULL);
@@ -587,10 +590,8 @@ char *SRP_create_verifier(const char *user, const char *pass, char **salt,
result = defgNid;
err:
- if (N) {
- BN_free(N_bn);
- BN_free(g_bn);
- }
+ BN_free(N_bn_alloc);
+ BN_free(g_bn_alloc);
OPENSSL_clear_free(vf, vfsize);
BN_clear_free(s);
BN_clear_free(v);
diff --git a/include/openssl/srp.h b/include/openssl/srp.h
index 1007b8321b..80bcb0dd38 100644
--- a/include/openssl/srp.h
+++ b/include/openssl/srp.h
@@ -52,8 +52,8 @@ typedef struct SRP_VBASE_st {
STACK_OF(SRP_gN_cache) *gN_cache;
/* to simulate a user */
char *seed_key;
- BIGNUM *default_g;
- BIGNUM *default_N;
+ const BIGNUM *default_g;
+ const BIGNUM *default_N;
} SRP_VBASE;
/*
@@ -61,8 +61,8 @@ typedef struct SRP_VBASE_st {
*/
typedef struct SRP_gN_st {
char *id;
- BIGNUM *g;
- BIGNUM *N;
+ const BIGNUM *g;
+ const BIGNUM *N;
} SRP_gN;
DEFINE_STACK_OF(SRP_gN)
@@ -103,22 +103,23 @@ int SRP_create_verifier_BN(const char *user, const char *pass, BIGNUM **salt,
# define DB_SRP_MODIF 'v'
/* see srp.c */
-char *SRP_check_known_gN_param(BIGNUM *g, BIGNUM *N);
+char *SRP_check_known_gN_param(const BIGNUM *g, const BIGNUM *N);
SRP_gN *SRP_get_default_gN(const char *id);
/* server side .... */
-BIGNUM *SRP_Calc_server_key(BIGNUM *A, BIGNUM *v, BIGNUM *u, BIGNUM *b,
- BIGNUM *N);
-BIGNUM *SRP_Calc_B(BIGNUM *b, BIGNUM *N, BIGNUM *g, BIGNUM *v);
-int SRP_Verify_A_mod_N(BIGNUM *A, BIGNUM *N);
-BIGNUM *SRP_Calc_u(BIGNUM *A, BIGNUM *B, BIGNUM *N);
+BIGNUM *SRP_Calc_server_key(const BIGNUM *A, const BIGNUM *v, const BIGNUM *u,
+ const BIGNUM *b, const BIGNUM *N);
+BIGNUM *SRP_Calc_B(const BIGNUM *b, const BIGNUM *N, const BIGNUM *g,
+ const BIGNUM *v);
+int SRP_Verify_A_mod_N(const BIGNUM *A, const BIGNUM *N);
+BIGNUM *SRP_Calc_u(const BIGNUM *A, const BIGNUM *B, const BIGNUM *N);
/* client side .... */
-BIGNUM *SRP_Calc_x(BIGNUM *s, const char *user, const char *pass);
-BIGNUM *SRP_Calc_A(BIGNUM *a, BIGNUM *N, BIGNUM *g);
-BIGNUM *SRP_Calc_client_key(BIGNUM *N, BIGNUM *B, BIGNUM *g, BIGNUM *x,
- BIGNUM *a, BIGNUM *u);
-int SRP_Verify_B_mod_N(BIGNUM *B, BIGNUM *N);
+BIGNUM *SRP_Calc_x(const BIGNUM *s, const char *user, const char *pass);
+BIGNUM *SRP_Calc_A(const BIGNUM *a, const BIGNUM *N, const BIGNUM *g);
+BIGNUM *SRP_Calc_client_key(const BIGNUM *N, const BIGNUM *B, const BIGNUM *g,
+ const BIGNUM *x, const BIGNUM *a, const BIGNUM *u);
+int SRP_Verify_B_mod_N(const BIGNUM *B, const BIGNUM *N);
# define SRP_MINIMAL_N 1024
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-07 01:10:36 +0000