From e85982c7a9483f05b738f7df55726705a57da05f Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Fri, 20 Mar 2020 17:23:25 +0000 Subject: Make SRP library context aware In order for the TLS SRP tests to pass when using a non-default library context the underlying SRP calls need to be library context aware. Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/11410) --- crypto/srp/srp_lib.c | 75 +++++++++++++++++++++++++++++++++++++++------------- crypto/srp/srp_vfy.c | 36 ++++++++++++++++++------- 2 files changed, 83 insertions(+), 28 deletions(-) (limited to 'crypto/srp') diff --git a/crypto/srp/srp_lib.c b/crypto/srp/srp_lib.c index 99511954d7..063f966f96 100644 --- a/crypto/srp/srp_lib.c +++ b/crypto/srp/srp_lib.c @@ -20,39 +20,53 @@ /* calculate = SHA1(PAD(x) || PAD(y)) */ -static BIGNUM *srp_Calc_xy(const BIGNUM *x, const BIGNUM *y, const BIGNUM *N) +static BIGNUM *srp_Calc_xy(const BIGNUM *x, const BIGNUM *y, const BIGNUM *N, + OPENSSL_CTX *libctx, const char *propq) { unsigned char digest[SHA_DIGEST_LENGTH]; unsigned char *tmp = NULL; int numN = BN_num_bytes(N); BIGNUM *res = NULL; + EVP_MD *sha1 = EVP_MD_fetch(libctx, "SHA1", propq); - if (x != N && BN_ucmp(x, N) >= 0) + if (sha1 == NULL) return NULL; + + if (x != N && BN_ucmp(x, N) >= 0) + goto err; if (y != N && BN_ucmp(y, N) >= 0) - return NULL; + goto err; if ((tmp = OPENSSL_malloc(numN * 2)) == NULL) goto err; if (BN_bn2binpad(x, tmp, numN) < 0 || BN_bn2binpad(y, tmp + numN, numN) < 0 - || !EVP_Digest(tmp, numN * 2, digest, NULL, EVP_sha1(), NULL)) + || !EVP_Digest(tmp, numN * 2, digest, NULL, sha1, NULL)) goto err; res = BN_bin2bn(digest, sizeof(digest), NULL); err: + EVP_MD_free(sha1); OPENSSL_free(tmp); return res; } -static BIGNUM *srp_Calc_k(const BIGNUM *N, const BIGNUM *g) +static BIGNUM *srp_Calc_k(const BIGNUM *N, const BIGNUM *g, OPENSSL_CTX *libctx, + const char *propq) { /* k = SHA1(N | PAD(g)) -- tls-srp RFC 5054 */ - return srp_Calc_xy(N, g, N); + return srp_Calc_xy(N, g, N, libctx, propq); +} + +BIGNUM *SRP_Calc_u_ex(const BIGNUM *A, const BIGNUM *B, const BIGNUM *N, + OPENSSL_CTX *libctx, const char *propq) +{ + /* u = SHA1(PAD(A) || PAD(B) ) -- tls-srp RFC 5054 */ + return srp_Calc_xy(A, B, N, libctx, propq); } BIGNUM *SRP_Calc_u(const BIGNUM *A, const BIGNUM *B, const BIGNUM *N) { /* u = SHA1(PAD(A) || PAD(B) ) -- tls-srp RFC 5054 */ - return srp_Calc_xy(A, B, N); + return srp_Calc_xy(A, B, N, NULL, NULL); } BIGNUM *SRP_Calc_server_key(const BIGNUM *A, const BIGNUM *v, const BIGNUM *u, @@ -85,15 +99,15 @@ BIGNUM *SRP_Calc_server_key(const BIGNUM *A, const BIGNUM *v, const BIGNUM *u, return S; } -BIGNUM *SRP_Calc_B(const BIGNUM *b, const BIGNUM *N, const BIGNUM *g, - const BIGNUM *v) +BIGNUM *SRP_Calc_B_ex(const BIGNUM *b, const BIGNUM *N, const BIGNUM *g, + const BIGNUM *v, OPENSSL_CTX *libctx, const char *propq) { BIGNUM *kv = NULL, *gb = NULL; BIGNUM *B = NULL, *k = NULL; BN_CTX *bn_ctx; if (b == NULL || N == NULL || g == NULL || v == NULL || - (bn_ctx = BN_CTX_new()) == NULL) + (bn_ctx = BN_CTX_new_ex(libctx)) == NULL) return NULL; if ((kv = BN_new()) == NULL || @@ -103,7 +117,7 @@ BIGNUM *SRP_Calc_B(const BIGNUM *b, const BIGNUM *N, const BIGNUM *g, /* B = g**b + k*v */ if (!BN_mod_exp(gb, g, b, N, bn_ctx) - || (k = srp_Calc_k(N, g)) == NULL + || (k = srp_Calc_k(N, g, libctx, propq)) == NULL || !BN_mod_mul(kv, v, k, N, bn_ctx) || !BN_mod_add(B, gb, kv, N, bn_ctx)) { BN_free(B); @@ -117,12 +131,20 @@ BIGNUM *SRP_Calc_B(const BIGNUM *b, const BIGNUM *N, const BIGNUM *g, return B; } -BIGNUM *SRP_Calc_x(const BIGNUM *s, const char *user, const char *pass) +BIGNUM *SRP_Calc_B(const BIGNUM *b, const BIGNUM *N, const BIGNUM *g, + const BIGNUM *v) +{ + return SRP_Calc_B_ex(b, N, g, v, NULL, NULL); +} + +BIGNUM *SRP_Calc_x_ex(const BIGNUM *s, const char *user, const char *pass, + OPENSSL_CTX *libctx, const char *propq) { unsigned char dig[SHA_DIGEST_LENGTH]; EVP_MD_CTX *ctxt; unsigned char *cs = NULL; BIGNUM *res = NULL; + EVP_MD *sha1 = NULL; if ((s == NULL) || (user == NULL) || (pass == NULL)) return NULL; @@ -133,12 +155,16 @@ BIGNUM *SRP_Calc_x(const BIGNUM *s, const char *user, const char *pass) if ((cs = OPENSSL_malloc(BN_num_bytes(s))) == NULL) goto err; - if (!EVP_DigestInit_ex(ctxt, EVP_sha1(), NULL) + sha1 = EVP_MD_fetch(libctx, "SHA1", propq); + if (sha1 == NULL) + goto err; + + if (!EVP_DigestInit_ex(ctxt, sha1, NULL) || !EVP_DigestUpdate(ctxt, user, strlen(user)) || !EVP_DigestUpdate(ctxt, ":", 1) || !EVP_DigestUpdate(ctxt, pass, strlen(pass)) || !EVP_DigestFinal_ex(ctxt, dig, NULL) - || !EVP_DigestInit_ex(ctxt, EVP_sha1(), NULL)) + || !EVP_DigestInit_ex(ctxt, sha1, NULL)) goto err; if (BN_bn2bin(s, cs) < 0) goto err; @@ -152,11 +178,17 @@ BIGNUM *SRP_Calc_x(const BIGNUM *s, const char *user, const char *pass) res = BN_bin2bn(dig, sizeof(dig), NULL); err: + EVP_MD_free(sha1); OPENSSL_free(cs); EVP_MD_CTX_free(ctxt); return res; } +BIGNUM *SRP_Calc_x(const BIGNUM *s, const char *user, const char *pass) +{ + return SRP_Calc_x_ex(s, user, pass, NULL, NULL); +} + BIGNUM *SRP_Calc_A(const BIGNUM *a, const BIGNUM *N, const BIGNUM *g) { BN_CTX *bn_ctx; @@ -173,14 +205,15 @@ BIGNUM *SRP_Calc_A(const BIGNUM *a, const BIGNUM *N, const BIGNUM *g) return A; } -BIGNUM *SRP_Calc_client_key(const BIGNUM *N, const BIGNUM *B, const BIGNUM *g, - const BIGNUM *x, const BIGNUM *a, const BIGNUM *u) +BIGNUM *SRP_Calc_client_key_ex(const BIGNUM *N, const BIGNUM *B, const BIGNUM *g, + const BIGNUM *x, const BIGNUM *a, const BIGNUM *u, + OPENSSL_CTX *libctx, const char *propq) { BIGNUM *tmp = NULL, *tmp2 = NULL, *tmp3 = NULL, *k = NULL, *K = NULL; BN_CTX *bn_ctx; if (u == NULL || B == NULL || N == NULL || g == NULL || x == NULL - || a == NULL || (bn_ctx = BN_CTX_new()) == NULL) + || a == NULL || (bn_ctx = BN_CTX_new_ex(libctx)) == NULL) return NULL; if ((tmp = BN_new()) == NULL || @@ -190,7 +223,7 @@ BIGNUM *SRP_Calc_client_key(const BIGNUM *N, const BIGNUM *B, const BIGNUM *g, if (!BN_mod_exp(tmp, g, x, N, bn_ctx)) goto err; - if ((k = srp_Calc_k(N, g)) == NULL) + if ((k = srp_Calc_k(N, g, libctx, propq)) == NULL) goto err; if (!BN_mod_mul(tmp2, tmp, k, N, bn_ctx)) goto err; @@ -215,6 +248,12 @@ BIGNUM *SRP_Calc_client_key(const BIGNUM *N, const BIGNUM *B, const BIGNUM *g, return K; } +BIGNUM *SRP_Calc_client_key(const BIGNUM *N, const BIGNUM *B, const BIGNUM *g, + const BIGNUM *x, const BIGNUM *a, const BIGNUM *u) +{ + return SRP_Calc_client_key_ex(N, B, g, x, a, u, NULL, NULL); +} + int SRP_Verify_B_mod_N(const BIGNUM *B, const BIGNUM *N) { BIGNUM *r; diff --git a/crypto/srp/srp_vfy.c b/crypto/srp/srp_vfy.c index 9505d4265e..4260898458 100644 --- a/crypto/srp/srp_vfy.c +++ b/crypto/srp/srp_vfy.c @@ -594,8 +594,9 @@ SRP_user_pwd *SRP_VBASE_get1_by_user(SRP_VBASE *vb, char *username) /* * create a verifier (*salt,*verifier,g and N are in base64) */ -char *SRP_create_verifier(const char *user, const char *pass, char **salt, - char **verifier, const char *N, const char *g) +char *SRP_create_verifier_ex(const char *user, const char *pass, char **salt, + char **verifier, const char *N, const char *g, + OPENSSL_CTX *libctx, const char *propq) { int len; char *result = NULL, *vf = NULL; @@ -634,7 +635,7 @@ char *SRP_create_verifier(const char *user, const char *pass, char **salt, } if (*salt == NULL) { - if (RAND_bytes(tmp2, SRP_RANDOM_SALT_LEN) <= 0) + if (RAND_bytes_ex(libctx, tmp2, SRP_RANDOM_SALT_LEN) <= 0) goto err; s = BN_bin2bn(tmp2, SRP_RANDOM_SALT_LEN, NULL); @@ -646,7 +647,8 @@ char *SRP_create_verifier(const char *user, const char *pass, char **salt, if (s == NULL) goto err; - if (!SRP_create_verifier_BN(user, pass, &s, &v, N_bn, g_bn)) + if (!SRP_create_verifier_BN_ex(user, pass, &s, &v, N_bn, g_bn, libctx, + propq)) goto err; if (BN_bn2bin(v, tmp) < 0) @@ -683,6 +685,12 @@ char *SRP_create_verifier(const char *user, const char *pass, char **salt, return result; } +char *SRP_create_verifier(const char *user, const char *pass, char **salt, + char **verifier, const char *N, const char *g) +{ + return SRP_create_verifier_ex(user, pass, salt, verifier, N, g, NULL, NULL); +} + /* * create a verifier (*salt,*verifier,g and N are BIGNUMs). If *salt != NULL * then the provided salt will be used. On successful exit *verifier will point @@ -692,13 +700,14 @@ char *SRP_create_verifier(const char *user, const char *pass, char **salt, * The caller is responsible for freeing the allocated *salt and *verifier * BIGNUMS. */ -int SRP_create_verifier_BN(const char *user, const char *pass, BIGNUM **salt, - BIGNUM **verifier, const BIGNUM *N, - const BIGNUM *g) +int SRP_create_verifier_BN_ex(const char *user, const char *pass, BIGNUM **salt, + BIGNUM **verifier, const BIGNUM *N, + const BIGNUM *g, OPENSSL_CTX *libctx, + const char *propq) { int result = 0; BIGNUM *x = NULL; - BN_CTX *bn_ctx = BN_CTX_new(); + BN_CTX *bn_ctx = BN_CTX_new_ex(libctx); unsigned char tmp2[MAX_LEN]; BIGNUM *salttmp = NULL; @@ -709,7 +718,7 @@ int SRP_create_verifier_BN(const char *user, const char *pass, BIGNUM **salt, goto err; if (*salt == NULL) { - if (RAND_bytes(tmp2, SRP_RANDOM_SALT_LEN) <= 0) + if (RAND_bytes_ex(libctx, tmp2, SRP_RANDOM_SALT_LEN) <= 0) goto err; salttmp = BN_bin2bn(tmp2, SRP_RANDOM_SALT_LEN, NULL); @@ -719,7 +728,7 @@ int SRP_create_verifier_BN(const char *user, const char *pass, BIGNUM **salt, salttmp = *salt; } - x = SRP_Calc_x(salttmp, user, pass); + x = SRP_Calc_x_ex(salttmp, user, pass, libctx, propq); if (x == NULL) goto err; @@ -743,4 +752,11 @@ int SRP_create_verifier_BN(const char *user, const char *pass, BIGNUM **salt, return result; } +int SRP_create_verifier_BN(const char *user, const char *pass, BIGNUM **salt, + BIGNUM **verifier, const BIGNUM *N, + const BIGNUM *g) +{ + return SRP_create_verifier_BN_ex(user, pass, salt, verifier, N, g, NULL, + NULL); +} #endif -- cgit v1.2.3