diff options
| author | Matt Caswell <matt@openssl.org> | 2018-04-09 15:06:50 +0100 |
|---|---|---|
| committer | Matt Caswell <matt@openssl.org> | 2018-04-13 09:37:38 +0100 |
| commit | c080461448815dab809661080ee5e21417478fb4 (patch) | |
| tree | 8fb56ec9f510ecbf1581e53ae9fe0d4b5310936a /crypto/srp | |
| parent | 0320e8e2869fb6cde4579375e65f6d576bbec95e (diff) | |
Change SRP functions to use EVP_EncodeUpdate/EVP_DecodeUpdate functions
Previously they were using EVP_EncodeBlock/EVP_DecodeBlock. These are low
level functions that do not handle padding characters. This was causing
the SRP code to fail. One side effect of using EVP_EncodeUpdate is that
it inserts newlines which is not what we need in SRP so we add a flag to
avoid that.
Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5925)
Diffstat (limited to 'crypto/srp')
| -rw-r--r-- | crypto/srp/srp_vfy.c | 42 |
1 files changed, 37 insertions, 5 deletions
diff --git a/crypto/srp/srp_vfy.c b/crypto/srp/srp_vfy.c index 38d1a0f36a..1eba5a7cb1 100644 --- a/crypto/srp/srp_vfy.c +++ b/crypto/srp/srp_vfy.c @@ -13,6 +13,7 @@ #ifndef OPENSSL_NO_SRP # include "internal/cryptlib.h" +# include "internal/evp_int.h" # include <openssl/sha.h> # include <openssl/srp.h> # include <openssl/evp.h> @@ -26,24 +27,55 @@ /* * Convert a base64 string into raw byte array representation. + * Returns the length of the decoded data, or -1 on error. */ static int t_fromb64(unsigned char *a, size_t alen, const char *src) { + EVP_ENCODE_CTX *ctx; + int outl = 0, outl2 = 0; size_t size = strlen(src); - /* Four bytes in src become three bytes output. */ - if (size > INT_MAX || (size / 4) * 3 > alen) + if (size > INT_MAX) return -1; - return EVP_DecodeBlock(a, (unsigned char *)src, (int)size); + ctx = EVP_ENCODE_CTX_new(); + if (ctx == NULL) + return -1; + + EVP_DecodeInit(ctx); + if (EVP_DecodeUpdate(ctx, a, &outl, (const unsigned char *)src, size) < 0) { + EVP_ENCODE_CTX_free(ctx); + return -1; + } + EVP_DecodeFinal(ctx, a + outl, &outl2); + + EVP_ENCODE_CTX_free(ctx); + return outl + outl2; } /* * Convert a raw byte string into a null-terminated base64 ASCII string. + * Returns 1 on success or 0 on error. */ -static void t_tob64(char *dst, const unsigned char *src, int size) +static int t_tob64(char *dst, const unsigned char *src, int size) { - EVP_EncodeBlock((unsigned char *)dst, src, size); + EVP_ENCODE_CTX *ctx = EVP_ENCODE_CTX_new(); + int outl = 0, outl2 = 0; + + if (ctx == NULL) + return 0; + + EVP_EncodeInit(ctx); + evp_encode_ctx_set_flags(ctx, EVP_ENCODE_CTX_NO_NEWLINES); + + if (!EVP_EncodeUpdate(ctx, (unsigned char *)dst, &outl, src, size)) { + EVP_ENCODE_CTX_free(ctx); + return 0; + } + EVP_EncodeFinal(ctx, (unsigned char *)dst + outl, &outl2); + + EVP_ENCODE_CTX_free(ctx); + return 1; } void SRP_user_pwd_free(SRP_user_pwd *user_pwd) |