-/* crypto/srp/srp_lib.c */
/*
* Written by Christophe Renou (christophe.renou@edelweb.fr) with the
* precious help of Peter Sylvester (peter.sylvester@edelweb.fr) for the
*
*/
#ifndef OPENSSL_NO_SRP
-# include "cryptlib.h"
+# include "internal/cryptlib.h"
# include <openssl/sha.h>
# include <openssl/srp.h>
# include <openssl/evp.h>
unsigned char digest[SHA_DIGEST_LENGTH];
unsigned char *tmp;
- EVP_MD_CTX ctxt;
+ EVP_MD_CTX *ctxt = NULL;
int longg;
int longN = BN_num_bytes(N);
+ BIGNUM *res = NULL;
if (BN_ucmp(g, N) >= 0)
return NULL;
- if ((tmp = OPENSSL_malloc(longN)) == NULL)
+ ctxt = EVP_MD_CTX_new();
+ if (ctxt == NULL)
return NULL;
+ if ((tmp = OPENSSL_malloc(longN)) == NULL)
+ goto err;
BN_bn2bin(N, tmp);
- EVP_MD_CTX_init(&ctxt);
- EVP_DigestInit_ex(&ctxt, EVP_sha1(), NULL);
- EVP_DigestUpdate(&ctxt, tmp, longN);
+ EVP_DigestInit_ex(ctxt, EVP_sha1(), NULL);
+ EVP_DigestUpdate(ctxt, tmp, longN);
memset(tmp, 0, longN);
longg = BN_bn2bin(g, tmp);
/* use the zeros behind to pad on left */
- EVP_DigestUpdate(&ctxt, tmp + longg, longN - longg);
- EVP_DigestUpdate(&ctxt, tmp, longg);
+ EVP_DigestUpdate(ctxt, tmp + longg, longN - longg);
+ EVP_DigestUpdate(ctxt, tmp, longg);
OPENSSL_free(tmp);
- EVP_DigestFinal_ex(&ctxt, digest, NULL);
- EVP_MD_CTX_cleanup(&ctxt);
- return BN_bin2bn(digest, sizeof(digest), NULL);
+ EVP_DigestFinal_ex(ctxt, digest, NULL);
+ res = BN_bin2bn(digest, sizeof(digest), NULL);
+ err:
+ EVP_MD_CTX_free(ctxt);
+ return res;
}
BIGNUM *SRP_Calc_u(BIGNUM *A, BIGNUM *B, BIGNUM *N)
{
/* k = SHA1(PAD(A) || PAD(B) ) -- tls-srp draft 8 */
- BIGNUM *u;
+ BIGNUM *u = NULL;
unsigned char cu[SHA_DIGEST_LENGTH];
- unsigned char *cAB;
- EVP_MD_CTX ctxt;
+ unsigned char *cAB = NULL;
+ EVP_MD_CTX *ctxt = NULL;
int longN;
if ((A == NULL) || (B == NULL) || (N == NULL))
return NULL;
longN = BN_num_bytes(N);
- if ((cAB = OPENSSL_malloc(2 * longN)) == NULL)
+ ctxt = EVP_MD_CTX_new();
+ if (ctxt == NULL)
return NULL;
+ if ((cAB = OPENSSL_malloc(2 * longN)) == NULL)
+ goto err;
memset(cAB, 0, longN);
- EVP_MD_CTX_init(&ctxt);
- EVP_DigestInit_ex(&ctxt, EVP_sha1(), NULL);
- EVP_DigestUpdate(&ctxt, cAB + BN_bn2bin(A, cAB + longN), longN);
- EVP_DigestUpdate(&ctxt, cAB + BN_bn2bin(B, cAB + longN), longN);
+ EVP_DigestInit_ex(ctxt, EVP_sha1(), NULL);
+ EVP_DigestUpdate(ctxt, cAB + BN_bn2bin(A, cAB + longN), longN);
+ EVP_DigestUpdate(ctxt, cAB + BN_bn2bin(B, cAB + longN), longN);
OPENSSL_free(cAB);
- EVP_DigestFinal_ex(&ctxt, cu, NULL);
- EVP_MD_CTX_cleanup(&ctxt);
+ EVP_DigestFinal_ex(ctxt, cu, NULL);
- if (!(u = BN_bin2bn(cu, sizeof(cu), NULL)))
- return NULL;
- if (!BN_is_zero(u))
- return u;
- BN_free(u);
- return NULL;
+ if ((u = BN_bin2bn(cu, sizeof(cu), NULL)) == NULL)
+ goto err;
+ if (BN_is_zero(u)) {
+ BN_free(u);
+ u = NULL;
+ }
+ err:
+ EVP_MD_CTX_free(ctxt);
+
+ return u;
}
BIGNUM *SRP_Calc_server_key(BIGNUM *A, BIGNUM *v, BIGNUM *u, BIGNUM *b,
/* B = g**b + k*v */
- if (!BN_mod_exp(gb, g, b, N, bn_ctx) ||
- !(k = srp_Calc_k(N, g)) ||
- !BN_mod_mul(kv, v, k, N, bn_ctx) ||
- !BN_mod_add(B, gb, kv, N, bn_ctx)) {
+ if (!BN_mod_exp(gb, g, b, N, bn_ctx)
+ || (k = srp_Calc_k(N, g)) == NULL
+ || !BN_mod_mul(kv, v, k, N, bn_ctx)
+ || !BN_mod_add(B, gb, kv, N, bn_ctx)) {
BN_free(B);
B = NULL;
}
BIGNUM *SRP_Calc_x(BIGNUM *s, const char *user, const char *pass)
{
unsigned char dig[SHA_DIGEST_LENGTH];
- EVP_MD_CTX ctxt;
+ EVP_MD_CTX *ctxt;
unsigned char *cs;
+ BIGNUM *res = NULL;
if ((s == NULL) || (user == NULL) || (pass == NULL))
return NULL;
- if ((cs = OPENSSL_malloc(BN_num_bytes(s))) == NULL)
+ ctxt = EVP_MD_CTX_new();
+ if (ctxt == NULL)
return NULL;
+ if ((cs = OPENSSL_malloc(BN_num_bytes(s))) == NULL)
+ goto err;
- EVP_MD_CTX_init(&ctxt);
- EVP_DigestInit_ex(&ctxt, EVP_sha1(), NULL);
- EVP_DigestUpdate(&ctxt, user, strlen(user));
- EVP_DigestUpdate(&ctxt, ":", 1);
- EVP_DigestUpdate(&ctxt, pass, strlen(pass));
- EVP_DigestFinal_ex(&ctxt, dig, NULL);
+ EVP_DigestInit_ex(ctxt, EVP_sha1(), NULL);
+ EVP_DigestUpdate(ctxt, user, strlen(user));
+ EVP_DigestUpdate(ctxt, ":", 1);
+ EVP_DigestUpdate(ctxt, pass, strlen(pass));
+ EVP_DigestFinal_ex(ctxt, dig, NULL);
- EVP_DigestInit_ex(&ctxt, EVP_sha1(), NULL);
+ EVP_DigestInit_ex(ctxt, EVP_sha1(), NULL);
BN_bn2bin(s, cs);
- EVP_DigestUpdate(&ctxt, cs, BN_num_bytes(s));
+ EVP_DigestUpdate(ctxt, cs, BN_num_bytes(s));
OPENSSL_free(cs);
- EVP_DigestUpdate(&ctxt, dig, sizeof(dig));
- EVP_DigestFinal_ex(&ctxt, dig, NULL);
- EVP_MD_CTX_cleanup(&ctxt);
+ EVP_DigestUpdate(ctxt, dig, sizeof(dig));
+ EVP_DigestFinal_ex(ctxt, dig, NULL);
- return BN_bin2bn(dig, sizeof(dig), NULL);
+ res = BN_bin2bn(dig, sizeof(dig), NULL);
+ err:
+ EVP_MD_CTX_free(ctxt);
+ return res;
}
BIGNUM *SRP_Calc_A(BIGNUM *a, BIGNUM *N, BIGNUM *g)
if (!BN_mod_exp(tmp, g, x, N, bn_ctx))
goto err;
- if (!(k = srp_Calc_k(N, g)))
+ if ((k = srp_Calc_k(N, g)) == NULL)
goto err;
if (!BN_mod_mul(tmp2, tmp, k, N, bn_ctx))
goto err;
if (!BN_mod_sub(tmp, B, tmp2, N, bn_ctx))
goto err;
-
if (!BN_mod_mul(tmp3, u, x, N, bn_ctx))
goto err;
if (!BN_mod_add(tmp2, a, tmp3, N, bn_ctx))
return SRP_Verify_B_mod_N(A, N);
}
+static SRP_gN knowngN[] = {
+ {"8192", (BIGNUM *)&bn_generator_19, (BIGNUM *)&bn_group_8192},
+ {"6144", (BIGNUM *)&bn_generator_5, (BIGNUM *)&bn_group_6144},
+ {"4096", (BIGNUM *)&bn_generator_5, (BIGNUM *)&bn_group_4096},
+ {"3072", (BIGNUM *)&bn_generator_5, (BIGNUM *)&bn_group_3072},
+ {"2048", (BIGNUM *)&bn_generator_2, (BIGNUM *)&bn_group_2048},
+ {"1536", (BIGNUM *)&bn_generator_2, (BIGNUM *)&bn_group_1536},
+ {"1024", (BIGNUM *)&bn_generator_2, (BIGNUM *)&bn_group_1024},
+};
+
+# define KNOWN_GN_NUMBER sizeof(knowngN) / sizeof(SRP_gN)
+
/*
* Check if G and N are kwown parameters. The values have been generated
* from the ietf-tls-srp draft version 8
projects / oweals / openssl.git / blobdiff