#include "ssl_locl.h"
#ifndef OPENSSL_NO_SRP
-#include <openssl/srp.h>
+# include <openssl/srp.h>
int SSL_CTX_SRP_CTX_free(struct ssl_ctx_st *ctx)
{
if (ctx == NULL)
return 0;
OPENSSL_free(ctx->srp_ctx.login);
+ OPENSSL_free(ctx->srp_ctx.info);
BN_free(ctx->srp_ctx.N);
BN_free(ctx->srp_ctx.g);
BN_free(ctx->srp_ctx.s);
BN_free(ctx->srp_ctx.a);
BN_free(ctx->srp_ctx.b);
BN_free(ctx->srp_ctx.v);
- ctx->srp_ctx.TLS_ext_srp_username_callback = NULL;
- ctx->srp_ctx.SRP_cb_arg = NULL;
- ctx->srp_ctx.SRP_verify_param_callback = NULL;
- ctx->srp_ctx.SRP_give_srp_client_pwd_callback = NULL;
- ctx->srp_ctx.N = NULL;
- ctx->srp_ctx.g = NULL;
- ctx->srp_ctx.s = NULL;
- ctx->srp_ctx.B = NULL;
- ctx->srp_ctx.A = NULL;
- ctx->srp_ctx.a = NULL;
- ctx->srp_ctx.b = NULL;
- ctx->srp_ctx.v = NULL;
- ctx->srp_ctx.login = NULL;
- ctx->srp_ctx.info = NULL;
+ memset(&ctx->srp_ctx, 0, sizeof(ctx->srp_ctx));
ctx->srp_ctx.strength = SRP_MINIMAL_N;
- ctx->srp_ctx.srp_Mask = 0;
- return (1);
+ return 1;
}
int SSL_SRP_CTX_free(struct ssl_st *s)
if (s == NULL)
return 0;
OPENSSL_free(s->srp_ctx.login);
+ OPENSSL_free(s->srp_ctx.info);
BN_free(s->srp_ctx.N);
BN_free(s->srp_ctx.g);
BN_free(s->srp_ctx.s);
BN_free(s->srp_ctx.a);
BN_free(s->srp_ctx.b);
BN_free(s->srp_ctx.v);
- s->srp_ctx.TLS_ext_srp_username_callback = NULL;
- s->srp_ctx.SRP_cb_arg = NULL;
- s->srp_ctx.SRP_verify_param_callback = NULL;
- s->srp_ctx.SRP_give_srp_client_pwd_callback = NULL;
- s->srp_ctx.N = NULL;
- s->srp_ctx.g = NULL;
- s->srp_ctx.s = NULL;
- s->srp_ctx.B = NULL;
- s->srp_ctx.A = NULL;
- s->srp_ctx.a = NULL;
- s->srp_ctx.b = NULL;
- s->srp_ctx.v = NULL;
- s->srp_ctx.login = NULL;
- s->srp_ctx.info = NULL;
+ memset(&s->srp_ctx, 0, sizeof(s->srp_ctx));
s->srp_ctx.strength = SRP_MINIMAL_N;
- s->srp_ctx.srp_Mask = 0;
- return (1);
+ return 1;
}
int SSL_SRP_CTX_init(struct ssl_st *s)
if ((s == NULL) || ((ctx = s->ctx) == NULL))
return 0;
+
+ memset(&s->srp_ctx, 0, sizeof(s->srp_ctx));
+
s->srp_ctx.SRP_cb_arg = ctx->srp_ctx.SRP_cb_arg;
/* set client Hello login callback */
s->srp_ctx.TLS_ext_srp_username_callback =
s->srp_ctx.SRP_give_srp_client_pwd_callback =
ctx->srp_ctx.SRP_give_srp_client_pwd_callback;
- s->srp_ctx.N = NULL;
- s->srp_ctx.g = NULL;
- s->srp_ctx.s = NULL;
- s->srp_ctx.B = NULL;
- s->srp_ctx.A = NULL;
- s->srp_ctx.a = NULL;
- s->srp_ctx.b = NULL;
- s->srp_ctx.v = NULL;
- s->srp_ctx.login = NULL;
- s->srp_ctx.info = ctx->srp_ctx.info;
s->srp_ctx.strength = ctx->srp_ctx.strength;
if (((ctx->srp_ctx.N != NULL) &&
SSLerr(SSL_F_SSL_SRP_CTX_INIT, ERR_R_INTERNAL_ERROR);
goto err;
}
+ if ((ctx->srp_ctx.info != NULL) &&
+ ((s->srp_ctx.info = BUF_strdup(ctx->srp_ctx.info)) == NULL)) {
+ SSLerr(SSL_F_SSL_SRP_CTX_INIT, ERR_R_INTERNAL_ERROR);
+ goto err;
+ }
s->srp_ctx.srp_Mask = ctx->srp_ctx.srp_Mask;
- return (1);
+ return 1;
err:
OPENSSL_free(s->srp_ctx.login);
+ OPENSSL_free(s->srp_ctx.info);
BN_free(s->srp_ctx.N);
BN_free(s->srp_ctx.g);
BN_free(s->srp_ctx.s);
BN_free(s->srp_ctx.a);
BN_free(s->srp_ctx.b);
BN_free(s->srp_ctx.v);
- return (0);
+ memset(&s->srp_ctx, 0, sizeof(s->srp_ctx));
+ return 0;
}
int SSL_CTX_SRP_CTX_init(struct ssl_ctx_st *ctx)
if (ctx == NULL)
return 0;
- ctx->srp_ctx.SRP_cb_arg = NULL;
- /* set client Hello login callback */
- ctx->srp_ctx.TLS_ext_srp_username_callback = NULL;
- /* set SRP N/g param callback for verification */
- ctx->srp_ctx.SRP_verify_param_callback = NULL;
- /* set SRP client passwd callback */
- ctx->srp_ctx.SRP_give_srp_client_pwd_callback = NULL;
-
- ctx->srp_ctx.N = NULL;
- ctx->srp_ctx.g = NULL;
- ctx->srp_ctx.s = NULL;
- ctx->srp_ctx.B = NULL;
- ctx->srp_ctx.A = NULL;
- ctx->srp_ctx.a = NULL;
- ctx->srp_ctx.b = NULL;
- ctx->srp_ctx.v = NULL;
- ctx->srp_ctx.login = NULL;
- ctx->srp_ctx.srp_Mask = 0;
- ctx->srp_ctx.info = NULL;
+ memset(&ctx->srp_ctx, 0, sizeof(ctx->srp_ctx));
ctx->srp_ctx.strength = SRP_MINIMAL_N;
- return (1);
+ return 1;
}
/* server side */
(s->srp_ctx.s == NULL) || (s->srp_ctx.v == NULL))
return SSL3_AL_FATAL;
- if (RAND_bytes(b, sizeof(b)) <= 0)
+ if (ssl_randbytes(s, b, sizeof(b)) <= 0)
return SSL3_AL_FATAL;
s->srp_ctx.b = BN_bin2bn(b, sizeof(b), NULL);
OPENSSL_cleanse(b, sizeof(b));
} else
s->srp_ctx.v = BN_dup(v);
}
- s->srp_ctx.info = info;
+ if (info != NULL) {
+ if (s->srp_ctx.info)
+ OPENSSL_free(s->srp_ctx.info);
+ if ((s->srp_ctx.info = BUF_strdup(info)) == NULL)
+ return -1;
+ }
if (!(s->srp_ctx.N) ||
!(s->srp_ctx.g) || !(s->srp_ctx.s) || !(s->srp_ctx.v))
goto err;
if (!
(passwd =
- s->srp_ctx.SRP_give_srp_client_pwd_callback(s,
- s->srp_ctx.SRP_cb_arg)))
+ s->srp_ctx.SRP_give_srp_client_pwd_callback(s, s->srp_ctx.SRP_cb_arg)))
goto err;
if ((x = SRP_Calc_x(s->srp_ctx.s, s->srp_ctx.login, passwd)) == NULL)
goto err;
{
unsigned char rnd[SSL_MAX_MASTER_KEY_LENGTH];
- if (RAND_bytes(rnd, sizeof(rnd)) <= 0)
+ if (ssl_randbytes(s, rnd, sizeof(rnd)) <= 0)
return 0;
s->srp_ctx.a = BN_bin2bn(rnd, sizeof(rnd), s->srp_ctx.a);
OPENSSL_cleanse(rnd, sizeof(rnd));
- if (!
- (s->srp_ctx.A = SRP_Calc_A(s->srp_ctx.a, s->srp_ctx.N, s->srp_ctx.g)))
+ if (!(s->srp_ctx.A = SRP_Calc_A(s->srp_ctx.a, s->srp_ctx.N, s->srp_ctx.g)))
return 0;
return 1;