constify SRP

Add const qualifiers to lots of SRP stuff. This started out as an effort to silence some "type-punning" warnings on OpenBSD...but the fix was to have proper const correctness in SRP. RT4378 Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-06-15 15:17:50 +01:00 · 2016-06-15 15:17:50 +01:00 · 98370c2dd7
commit 98370c2dd7
parent 7fb4b92c01
3 changed files with 44 additions and 41 deletions
--- a/crypto/srp/srp_lib.c
+++ b/crypto/srp/srp_lib.c
@ -14,7 +14,7 @@
 # include <openssl/evp.h>
 # include "internal/bn_srp.h"

-static BIGNUM *srp_Calc_k(BIGNUM *N, BIGNUM *g)
+static BIGNUM *srp_Calc_k(const BIGNUM *N, const BIGNUM *g)
 {
    /* k = SHA1(N | PAD(g)) -- tls-srp draft 8 */

@ -52,7 +52,7 @@ static BIGNUM *srp_Calc_k(BIGNUM *N, BIGNUM *g)
    return res;
 }

-BIGNUM *SRP_Calc_u(BIGNUM *A, BIGNUM *B, BIGNUM *N)
+BIGNUM *SRP_Calc_u(const BIGNUM *A, const BIGNUM *B, const BIGNUM *N)
 {
    /* k = SHA1(PAD(A) || PAD(B) ) -- tls-srp draft 8 */

@ -95,8 +95,8 @@ BIGNUM *SRP_Calc_u(BIGNUM *A, BIGNUM *B, BIGNUM *N)
    return u;
 }

-BIGNUM *SRP_Calc_server_key(BIGNUM *A, BIGNUM *v, BIGNUM *u, BIGNUM *b,
-                            BIGNUM *N)
+BIGNUM *SRP_Calc_server_key(const BIGNUM *A, const BIGNUM *v, const BIGNUM *u,
+                            const BIGNUM *b, const BIGNUM *N)
 {
    BIGNUM *tmp = NULL, *S = NULL;
    BN_CTX *bn_ctx;
@ -125,7 +125,8 @@ BIGNUM *SRP_Calc_server_key(BIGNUM *A, BIGNUM *v, BIGNUM *u, BIGNUM *b,
    return S;
 }

-BIGNUM *SRP_Calc_B(BIGNUM *b, BIGNUM *N, BIGNUM *g, BIGNUM *v)
+BIGNUM *SRP_Calc_B(const BIGNUM *b, const BIGNUM *N, const BIGNUM *g,
+                   const BIGNUM *v)
 {
    BIGNUM *kv = NULL, *gb = NULL;
    BIGNUM *B = NULL, *k = NULL;
@ -156,7 +157,7 @@ BIGNUM *SRP_Calc_B(BIGNUM *b, BIGNUM *N, BIGNUM *g, BIGNUM *v)
    return B;
 }

-BIGNUM *SRP_Calc_x(BIGNUM *s, const char *user, const char *pass)
+BIGNUM *SRP_Calc_x(const BIGNUM *s, const char *user, const char *pass)
 {
    unsigned char dig[SHA_DIGEST_LENGTH];
    EVP_MD_CTX *ctxt;
@ -191,7 +192,7 @@ BIGNUM *SRP_Calc_x(BIGNUM *s, const char *user, const char *pass)
    return res;
 }

-BIGNUM *SRP_Calc_A(BIGNUM *a, BIGNUM *N, BIGNUM *g)
+BIGNUM *SRP_Calc_A(const BIGNUM *a, const BIGNUM *N, const BIGNUM *g)
 {
    BN_CTX *bn_ctx;
    BIGNUM *A = NULL;
@ -207,8 +208,8 @@ BIGNUM *SRP_Calc_A(BIGNUM *a, BIGNUM *N, BIGNUM *g)
    return A;
 }

-BIGNUM *SRP_Calc_client_key(BIGNUM *N, BIGNUM *B, BIGNUM *g, BIGNUM *x,
-                            BIGNUM *a, BIGNUM *u)
+BIGNUM *SRP_Calc_client_key(const BIGNUM *N, const BIGNUM *B, const BIGNUM *g,
+                            const BIGNUM *x, const BIGNUM *a, const BIGNUM *u)
 {
    BIGNUM *tmp = NULL, *tmp2 = NULL, *tmp3 = NULL, *k = NULL, *K = NULL;
    BN_CTX *bn_ctx;
@ -249,7 +250,7 @@ BIGNUM *SRP_Calc_client_key(BIGNUM *N, BIGNUM *B, BIGNUM *g, BIGNUM *x,
    return K;
 }

-int SRP_Verify_B_mod_N(BIGNUM *B, BIGNUM *N)
+int SRP_Verify_B_mod_N(const BIGNUM *B, const BIGNUM *N)
 {
    BIGNUM *r;
    BN_CTX *bn_ctx;
@ -270,20 +271,20 @@ int SRP_Verify_B_mod_N(BIGNUM *B, BIGNUM *N)
    return ret;
 }

-int SRP_Verify_A_mod_N(BIGNUM *A, BIGNUM *N)
+int SRP_Verify_A_mod_N(const BIGNUM *A, const BIGNUM *N)
 {
    /* Checks if A % N == 0 */
    return SRP_Verify_B_mod_N(A, N);
 }

 static SRP_gN knowngN[] = {
-    {"8192", (BIGNUM *)&bn_generator_19, (BIGNUM *)&bn_group_8192},
-    {"6144", (BIGNUM *)&bn_generator_5, (BIGNUM *)&bn_group_6144},
-    {"4096", (BIGNUM *)&bn_generator_5, (BIGNUM *)&bn_group_4096},
-    {"3072", (BIGNUM *)&bn_generator_5, (BIGNUM *)&bn_group_3072},
-    {"2048", (BIGNUM *)&bn_generator_2, (BIGNUM *)&bn_group_2048},
-    {"1536", (BIGNUM *)&bn_generator_2, (BIGNUM *)&bn_group_1536},
-    {"1024", (BIGNUM *)&bn_generator_2, (BIGNUM *)&bn_group_1024},
+    {"8192", &bn_generator_19, &bn_group_8192},
+    {"6144", &bn_generator_5, &bn_group_6144},
+    {"4096", &bn_generator_5, &bn_group_4096},
+    {"3072", &bn_generator_5, &bn_group_3072},
+    {"2048", &bn_generator_2, &bn_group_2048},
+    {"1536", &bn_generator_2, &bn_group_1536},
+    {"1024", &bn_generator_2, &bn_group_1024},
 };

 # define KNOWN_GN_NUMBER sizeof(knowngN) / sizeof(SRP_gN)
@ -292,7 +293,7 @@ static SRP_gN knowngN[] = {
 * Check if G and N are known parameters. The values have been generated
 * from the ietf-tls-srp draft version 8
 */
-char *SRP_check_known_gN_param(BIGNUM *g, BIGNUM *N)
+char *SRP_check_known_gN_param(const BIGNUM *g, const BIGNUM *N)
 {
    size_t i;
    if ((g == NULL) || (N == NULL))
--- a/crypto/srp/srp_vfy.c
+++ b/crypto/srp/srp_vfy.c
@ -525,7 +525,8 @@ char *SRP_create_verifier(const char *user, const char *pass, char **salt,
 {
    int len;
    char *result = NULL, *vf = NULL;
-    BIGNUM *N_bn = NULL, *g_bn = NULL, *s = NULL, *v = NULL;
+    const BIGNUM *N_bn = NULL, *g_bn = NULL;
+    BIGNUM *N_bn_alloc = NULL, *g_bn_alloc = NULL, *s = NULL, *v = NULL;
    unsigned char tmp[MAX_LEN];
    unsigned char tmp2[MAX_LEN];
    char *defgNid = NULL;
@ -538,10 +539,12 @@ char *SRP_create_verifier(const char *user, const char *pass, char **salt,
    if (N) {
        if ((len = t_fromb64(tmp, N)) == 0)
            goto err;
-        N_bn = BN_bin2bn(tmp, len, NULL);
+        N_bn_alloc = BN_bin2bn(tmp, len, NULL);
+        N_bn = N_bn_alloc;
        if ((len = t_fromb64(tmp, g)) == 0)
            goto err;
-        g_bn = BN_bin2bn(tmp, len, NULL);
+        g_bn_alloc = BN_bin2bn(tmp, len, NULL);
+        g_bn = g_bn_alloc;
        defgNid = "*";
    } else {
        SRP_gN *gN = SRP_get_gN_by_id(g, NULL);
@ -587,10 +590,8 @@ char *SRP_create_verifier(const char *user, const char *pass, char **salt,
    result = defgNid;

 err:
-    if (N) {
-        BN_free(N_bn);
-        BN_free(g_bn);
-    }
+    BN_free(N_bn_alloc);
+    BN_free(g_bn_alloc);
    OPENSSL_clear_free(vf, vfsize);
    BN_clear_free(s);
    BN_clear_free(v);
--- a/include/openssl/srp.h
+++ b/include/openssl/srp.h
@ -52,8 +52,8 @@ typedef struct SRP_VBASE_st {
    STACK_OF(SRP_gN_cache) *gN_cache;
 /* to simulate a user */
    char *seed_key;
-    BIGNUM *default_g;
-    BIGNUM *default_N;
+    const BIGNUM *default_g;
+    const BIGNUM *default_N;
 } SRP_VBASE;

 /*
@ -61,8 +61,8 @@ typedef struct SRP_VBASE_st {
 */
 typedef struct SRP_gN_st {
    char *id;
-    BIGNUM *g;
-    BIGNUM *N;
+    const BIGNUM *g;
+    const BIGNUM *N;
 } SRP_gN;

 DEFINE_STACK_OF(SRP_gN)
@ -103,22 +103,23 @@ int SRP_create_verifier_BN(const char *user, const char *pass, BIGNUM **salt,
 # define DB_SRP_MODIF    'v'

 /* see srp.c */
-char *SRP_check_known_gN_param(BIGNUM *g, BIGNUM *N);
+char *SRP_check_known_gN_param(const BIGNUM *g, const BIGNUM *N);
 SRP_gN *SRP_get_default_gN(const char *id);

 /* server side .... */
-BIGNUM *SRP_Calc_server_key(BIGNUM *A, BIGNUM *v, BIGNUM *u, BIGNUM *b,
-                            BIGNUM *N);
-BIGNUM *SRP_Calc_B(BIGNUM *b, BIGNUM *N, BIGNUM *g, BIGNUM *v);
-int SRP_Verify_A_mod_N(BIGNUM *A, BIGNUM *N);
-BIGNUM *SRP_Calc_u(BIGNUM *A, BIGNUM *B, BIGNUM *N);
+BIGNUM *SRP_Calc_server_key(const BIGNUM *A, const BIGNUM *v, const BIGNUM *u,
+                            const BIGNUM *b, const BIGNUM *N);
+BIGNUM *SRP_Calc_B(const BIGNUM *b, const BIGNUM *N, const BIGNUM *g,
+                   const BIGNUM *v);
+int SRP_Verify_A_mod_N(const BIGNUM *A, const BIGNUM *N);
+BIGNUM *SRP_Calc_u(const BIGNUM *A, const BIGNUM *B, const BIGNUM *N);

 /* client side .... */
-BIGNUM *SRP_Calc_x(BIGNUM *s, const char *user, const char *pass);
-BIGNUM *SRP_Calc_A(BIGNUM *a, BIGNUM *N, BIGNUM *g);
-BIGNUM *SRP_Calc_client_key(BIGNUM *N, BIGNUM *B, BIGNUM *g, BIGNUM *x,
-                            BIGNUM *a, BIGNUM *u);
-int SRP_Verify_B_mod_N(BIGNUM *B, BIGNUM *N);
+BIGNUM *SRP_Calc_x(const BIGNUM *s, const char *user, const char *pass);
+BIGNUM *SRP_Calc_A(const BIGNUM *a, const BIGNUM *N, const BIGNUM *g);
+BIGNUM *SRP_Calc_client_key(const BIGNUM *N, const BIGNUM *B, const BIGNUM *g,
+                            const BIGNUM *x, const BIGNUM *a, const BIGNUM *u);
+int SRP_Verify_B_mod_N(const BIGNUM *B, const BIGNUM *N);

 # define SRP_MINIMAL_N 1024