summaryrefslogtreecommitdiffstats
path: root/crypto/srp (follow)
Commit message (Collapse)AuthorAgeFilesLines
* update SRP copyright noticeTim Hudson2018-03-132-2/+10
| | | | | | | As per discussion with Peter Sylvester Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5603)
* Remove custom base64 code.Rich Salz2017-08-221-106/+6
| | | | | | | Use EVP_EncodeBlock/EVP_DecodeBlock Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4207)
* Correct some badly formated preprocessor linesRichard Levitte2017-04-251-2/+2
| | | | Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3304)
* Prevent OOB in SRP base64 code.Rich Salz2017-02-211-2/+5
| | | | | | | | | | | Change size comparison from > (GT) to >= (GTE) to ensure an additional byte of output buffer, to prevent OOB reads/writes later in the function Reject input strings larger than 2GB Detect invalid output buffer size and return early Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2672)
* SRP code tidy.Dr. Stephen Henson2016-10-011-69/+17
| | | | | | | | | Tidy up srp_Calc_k and SRP_Calc_u by making them a special case of srp_Calc_xy which performs SHA1(PAD(x) | PAD(y)). This addresses an OCAP Audit issue. Reviewed-by: Rich Salz <rsalz@openssl.org>
* Add some sanity checks around usage of t_fromb64()Matt Caswell2016-09-141-9/+27
| | | | | | | | | | | | | | | The internal SRP function t_fromb64() converts from base64 to binary. It does not validate that the size of the destination is sufficiently large - that is up to the callers. In some places there was such a check, but not in others. Add an argument to t_fromb64() to provide the size of the destination buffer and validate that we don't write too much data. Also add some sanity checks to the callers where appropriate. With thanks to Shi Lei for reporting this issue. Reviewed-by: Richard Levitte <levitte@openssl.org>
* Fix mem leak on error pathMatt Caswell2016-08-231-2/+4
| | | | | | The mem pointed to by cAB can be leaked on an error path. Reviewed-by: Tim Hudson <tjh@openssl.org>
* Fix mem leak on error pathMatt Caswell2016-08-231-1/+3
| | | | | | The mem pointed to by cAB can be leaked on an error path. Reviewed-by: Tim Hudson <tjh@openssl.org>
* Fix mem leak on error pathMatt Caswell2016-08-231-2/+2
| | | | | | The mem pointed to by tmp can be leaked on an error path. Reviewed-by: Tim Hudson <tjh@openssl.org>
* check return values for EVP_Digest*() APIsDr. Stephen Henson2016-07-152-23/+32
| | | | Reviewed-by: Richard Levitte <levitte@openssl.org>
* constify SRPMatt Caswell2016-06-182-26/+28
| | | | | | | | | | Add const qualifiers to lots of SRP stuff. This started out as an effort to silence some "type-punning" warnings on OpenBSD...but the fix was to have proper const correctness in SRP. RT4378 Reviewed-by: Richard Levitte <levitte@openssl.org>
* Fix error return value in SRP functionsMatt Caswell2016-05-241-8/+13
| | | | | | | | | The functions SRP_Calc_client_key() and SRP_Calc_server_key() were incorrectly returning a valid pointer in the event of error. Issue reported by Yuan Jochen Kang Reviewed-by: Richard Levitte <levitte@openssl.org>
* Fix SRP client key computationCynh2016-05-181-2/+2
| | | | | | | Signed-off-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Matt Caswell <matt@openssl.org> GH: #1017
* Copyright consolidation 05/10Rich Salz2016-05-172-110/+12
| | | | Reviewed-by: Richard Levitte <levitte@openssl.org>
* various spelling fixesFdaSilvaYY2016-04-281-1/+1
| | | | | Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/952)
* Remove --classic build entirelyRichard Levitte2016-04-201-39/+0
| | | | | | | | The Unix build was the last to retain the classic build scheme. The new unified scheme has matured enough, even though some details may need polishing. Reviewed-by: Rich Salz <rsalz@openssl.org>
* Revert "various spelling fixes"Rich Salz2016-04-041-1/+1
| | | | | | | This reverts commit 620d540bd47a96fb6905fbbdd8ea5167a8841a3e. It wasn't reviewed. Reviewed-by: Rich Salz <rsalz@openssl.org>
* various spelling fixesFdaSilvaYY2016-04-041-1/+1
| | | | | Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org>
* Remove the remainder of util/mk1mf.pl and companion scriptsRichard Levitte2016-03-211-3/+0
| | | | | | | This removes all scripts that deal with MINFO as well, since that's only used by mk1mf. Reviewed-by: Andy Polyakov <appro@openssl.org>
* Mark SRP_VBASE_get_by_user() as deprecatedMatt Caswell2016-03-101-0/+2
| | | | | | | The function SRP_VBASE_get_by_user() is declared as deprecated but the implementation was not. Reviewed-by: Rich Salz <rsalz@openssl.org>
* CVE-2016-0798: avoid memory leak in SRPEmilia Kasper2016-02-251-5/+53
| | | | | | | | | | | | | | | | | | | | | | | | | | | The SRP user database lookup method SRP_VBASE_get_by_user had confusing memory management semantics; the returned pointer was sometimes newly allocated, and sometimes owned by the callee. The calling code has no way of distinguishing these two cases. Specifically, SRP servers that configure a secret seed to hide valid login information are vulnerable to a memory leak: an attacker connecting with an invalid username can cause a memory leak of around 300 bytes per connection. Servers that do not configure SRP, or configure SRP but do not configure a seed are not vulnerable. In Apache, the seed directive is known as SSLSRPUnknownUserSeed. To mitigate the memory leak, the seed handling in SRP_VBASE_get_by_user is now disabled even if the user has configured a seed. Applications are advised to migrate to SRP_VBASE_get1_by_user. However, note that OpenSSL makes no strong guarantees about the indistinguishability of valid and invalid logins. In particular, computations are currently not carried out in constant time. Reviewed-by: Rich Salz <rsalz@openssl.org>
* Always build library object files with shared library cflagsRichard Levitte2016-02-201-1/+1
| | | | | | | | | | | | | | | | This takes us away from the idea that we know exactly how our static libraries are going to get used. Instead, we make them available to build shareable things with, be it other shared libraries or DSOs. On the other hand, we also have greater control of when the shared library cflags. They will never be used with object files meant got binaries, such as apps/openssl or test/test*. With unified, we take this a bit further and prepare for having to deal with extra cflags specifically to be used with DSOs (dynamic engines), libraries and binaries (applications). Reviewed-by: Rich Salz <rsalz@openssl.org>
* Remove all special make depend flags, as well as OPENSSL_DOING_MAKEDEPENDRichard Levitte2016-02-181-1/+1
| | | | | | | | | | All those flags existed because we had all the dependencies versioned in the repository, and wanted to have it be consistent, no matter what the local configuration was. Now that the dependencies are gone from the versioned Makefile.ins, it makes much more sense to use the exact same flags as when compiling the object files. Reviewed-by: Rich Salz <rsalz@openssl.org>
* Rename INSTALL_PREFIX to DESTDIR, remove option --install_prefixRichard Levitte2016-02-121-1/+1
| | | | | | | | | | | | | INSTALL_PREFIX is a confusing name, as there's also --prefix. Instead, tag along with the rest of the open source world and adopt the Makefile variable DESTDIR to designate the desired staging directory. The Configure option --install_prefix is removed, the only way to designate a staging directory is with the Makefile variable (this is also implemented for VMS' descrip.mms et al). Reviewed-by: Rich Salz <rsalz@openssl.org>
* GH601: Various spelling fixes.FdaSilvaYY2016-02-051-1/+1
| | | | | Signed-off-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
* unified build scheme: add build.info filesRichard Levitte2016-02-011-0/+2
| | | | | | | | | Now that we have the foundation for the "unified" build scheme in place, we add build.info files. They have been generated from the Makefiles in the same directories. Things that are platform specific will appear in later commits. Reviewed-by: Andy Polyakov <appro@openssl.org>
* Templatize util/domdRich Salz2016-01-291-4/+1
| | | | Reviewed-by: Richard Levitte <levitte@openssl.org>
* Remove /* foo.c */ commentsRich Salz2016-01-262-2/+0
| | | | | | | | | | | | This was done by the following find . -name '*.[ch]' | /tmp/pl where /tmp/pl is the following three-line script: print unless $. == 1 && m@/\* .*\.[ch] \*/@; close ARGV if eof; # Close file to reset $. And then some hand-editing of other files. Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
* Remove update tagsRich Salz2016-01-201-2/+0
| | | | | Also remove depend/local_depend. Reviewed-by: Richard Levitte <levitte@openssl.org>
* Remove some old makefile targetsRich Salz2016-01-171-12/+0
| | | | | | | | Remove lint, tags, dclean, tests. This is prep for a new makedepend scheme. This is temporary pending unified makefile, and might help it. Reviewed-by: Richard Levitte <levitte@openssl.org>
* Move Makefiles to Makefile.inRich Salz2016-01-122-84/+59
| | | | | | | | | | Create Makefile's from Makefile.in Rename Makefile.org to Makefile.in Rename Makefiles to Makefile.in Address review feedback from Viktor and Richard Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
* Rename some BUF_xxx to OPENSSL_xxxRich Salz2015-12-161-5/+5
| | | | | | | | | Rename BUF_{strdup,strlcat,strlcpy,memdup,strndup,strnlen} to OPENSSL_{strdup,strlcat,strlcpy,memdup,strndup,strnlen} Add #define's for the old names. Add CRYPTO_{memdup,strndup}, called by OPENSSL_{memdup,strndup} macros. Reviewed-by: Tim Hudson <tjh@openssl.org>
* Fix clang complaints about uninitialised variables.Richard Levitte2015-12-071-2/+2
| | | | Reviewed-by: Rich Salz <rsalz@openssl.org>
* Cleanup: fix all sources that used EVP_MD_CTX_(create|init|destroy)Richard Levitte2015-12-072-9/+9
| | | | Reviewed-by: Rich Salz <rsalz@openssl.org>
* Adjust all accesses to EVP_MD_CTX to use accessor functions.Richard Levitte2015-12-072-47/+64
| | | | Reviewed-by: Rich Salz <rsalz@openssl.org>
* Fix a NULL deref in an error pathMatt Caswell2015-11-261-1/+1
| | | | | | | The SRP_create_verifier_BN function goes to the |err| label if the |salt| value passed to it is NULL. It is then deref'd. Reviewed-by: Rich Salz <rsalz@openssl.org>
* Fix SRP memory leaksMatt Caswell2015-09-211-9/+24
| | | | | | | There were some memory leaks in the creation of an SRP verifier (both on successful completion and also on some error paths). Reviewed-by: Emilia Käsper <emilia@openssl.org>
* Fix "defined but not used" warnings.Dr. Stephen Henson2015-09-111-0/+12
| | | | Reviewed-by: Matt Caswell <matt@openssl.org>
* Fix the update target and remove duplicate file updatesRichard Levitte2015-05-221-0/+2
| | | | | | | | | | | | | | | We had updates of certain header files in both Makefile.org and the Makefile in the directory the header file lived in. This is error prone and also sometimes generates slightly different results (usually just a comment that differs) depending on which way the update was done. This removes the file update targets from the top level Makefile, adds an update: target in all Makefiles and has it depend on the depend: or local_depend: targets, whichever is appropriate, so we don't get a double run through the whole file tree. Reviewed-by: Rich Salz <rsalz@openssl.org>
* make dependRichard Levitte2015-05-141-2/+3
| | | | Reviewed-by: Rich Salz <rsalz@openssl.org>
* Identify and move common internal libcrypto header filesRichard Levitte2015-05-142-2/+2
| | | | | | | | | | | | | There are header files in crypto/ that are used by a number of crypto/ submodules. Move those to crypto/include/internal and adapt the affected source code and Makefiles. The header files that got moved are: crypto/cryptolib.h crypto/md32_common.h Reviewed-by: Rich Salz <rsalz@openssl.org>
* Use p==NULL not !p (in if statements, mainly)Rich Salz2015-05-112-16/+16
| | | | Reviewed-by: Tim Hudson <tjh@openssl.org>
* Use safer sizeof variant in mallocRich Salz2015-05-041-4/+4
| | | | | | | | | | | | | For a local variable: TYPE *p; Allocations like this are "risky": p = OPENSSL_malloc(sizeof(TYPE)); if the type of p changes, and the malloc call isn't updated, you could get memory corruption. Instead do this: p = OPENSSL_malloc(sizeof(*p)); Also fixed a few memset() calls that I noticed while doing this. Reviewed-by: Richard Levitte <levitte@openssl.org>
* free NULL cleanup 7Rich Salz2015-05-011-3/+3
| | | | | | | | | | | This gets BN_.*free: BN_BLINDING_free BN_CTX_free BN_FLG_FREE BN_GENCB_free BN_MONT_CTX_free BN_RECP_CTX_free BN_clear_free BN_free BUF_MEM_free Also fix a call to DSA_SIG_free to ccgost engine and remove some #ifdef'd dead code in engines/e_ubsec. Reviewed-by: Richard Levitte <levitte@openssl.org>
* free cleanup 12Rich Salz2015-05-011-5/+6
| | | | | | | | | Don't check for NULL before calling free function. This gets: NAME_CONSTRAINTS_free GENERAL_SUBTREE_free ECDSA_METHOD_free JPAKE_CTX_free OCSP_REQ_CTX_free SCT_free SRP_VBASE_free SRP_gN_free SRP_user_pwd_free TXT_DB_free Reviewed-by: Richard Levitte <levitte@openssl.org>
* remove malloc castsRich Salz2015-04-281-4/+3
| | | | | | | Following ANSI C rules, remove the casts from calls to OPENSSL_malloc and OPENSSL_realloc. Reviewed-by: Richard Levitte <levitte@openssl.org>
* Remove EXHEADER, TEST, APPS, links:, install: and uninstall: where relevantRichard Levitte2015-03-311-17/+1
| | | | | | | | | | | | With no more symlinks, there's no need for those variables, or the links target. This also goes for all install: and uninstall: targets that do nothing but copy $(EXHEADER) files, since that's now taken care of by the top Makefile. Also, removed METHTEST from test/Makefile. It looks like an old test that's forgotten... Reviewed-by: Rich Salz <rsalz@openssl.org>
* Stop symlinking, move files to intended directoryRichard Levitte2015-03-312-324/+0
| | | | | | | | | | | | | Rather than making include/openssl/foo.h a symlink to crypto/foo/foo.h, this change moves the file to include/openssl/foo.h once and for all. Likewise, move crypto/foo/footest.c to test/footest.c, instead of symlinking it there. Originally-by: Geoff Thorpe <geoff@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org>
* free NULL cleanupRich Salz2015-03-251-2/+1
| | | | | | | This commit handles BIO_ACCEPT_free BIO_CB_FREE BIO_CONNECT_free BIO_free BIO_free_all BIO_vfree Reviewed-by: Matt Caswell <matt@openssl.org>
* RAND_bytes updatesMatt Caswell2015-03-252-5/+8
| | | | | | | Ensure RAND_bytes return value is checked correctly, and that we no longer use RAND_pseudo_bytes. Reviewed-by: Richard Levitte <levitte@openssl.org>