-/* crypto/srp/srp_vfy.c */
/*
* Written by Christophe Renou (christophe.renou@edelweb.fr) with the
* precious help of Peter Sylvester (peter.sylvester@edelweb.fr) for the
*
*/
#ifndef OPENSSL_NO_SRP
-# include "cryptlib.h"
+# include "internal/cryptlib.h"
# include <openssl/sha.h>
# include <openssl/srp.h>
# include <openssl/evp.h>
return olddst;
}
-static void SRP_user_pwd_free(SRP_user_pwd *user_pwd)
+void SRP_user_pwd_free(SRP_user_pwd *user_pwd)
{
if (user_pwd == NULL)
return;
static SRP_user_pwd *SRP_user_pwd_new(void)
{
- SRP_user_pwd *ret = OPENSSL_malloc(sizeof(SRP_user_pwd));
+ SRP_user_pwd *ret = OPENSSL_malloc(sizeof(*ret));
if (ret == NULL)
return NULL;
ret->N = NULL;
static int SRP_user_pwd_set_ids(SRP_user_pwd *vinfo, const char *id,
const char *info)
{
- if (id != NULL && NULL == (vinfo->id = BUF_strdup(id)))
+ if (id != NULL && NULL == (vinfo->id = OPENSSL_strdup(id)))
return 0;
- return (info == NULL || NULL != (vinfo->info = BUF_strdup(info)));
+ return (info == NULL || NULL != (vinfo->info = OPENSSL_strdup(info)));
}
static int SRP_user_pwd_set_sv(SRP_user_pwd *vinfo, const char *s,
return (vinfo->s != NULL && vinfo->v != NULL);
}
+static SRP_user_pwd *srp_user_pwd_dup(SRP_user_pwd *src)
+{
+ SRP_user_pwd *ret;
+
+ if (src == NULL)
+ return NULL;
+ if ((ret = SRP_user_pwd_new()) == NULL)
+ return NULL;
+
+ SRP_user_pwd_set_gN(ret, src->g, src->N);
+ if (!SRP_user_pwd_set_ids(ret, src->id, src->info)
+ || !SRP_user_pwd_set_sv_BN(ret, BN_dup(src->s), BN_dup(src->v))) {
+ SRP_user_pwd_free(ret);
+ return NULL;
+ }
+ return ret;
+}
+
SRP_VBASE *SRP_VBASE_new(char *seed_key)
{
- SRP_VBASE *vb = (SRP_VBASE *)OPENSSL_malloc(sizeof(SRP_VBASE));
+ SRP_VBASE *vb = OPENSSL_malloc(sizeof(*vb));
if (vb == NULL)
return NULL;
- if (!(vb->users_pwd = sk_SRP_user_pwd_new_null()) ||
- !(vb->gN_cache = sk_SRP_gN_cache_new_null())) {
+ if ((vb->users_pwd = sk_SRP_user_pwd_new_null()) == NULL
+ || (vb->gN_cache = sk_SRP_gN_cache_new_null()) == NULL) {
OPENSSL_free(vb);
return NULL;
}
vb->default_g = NULL;
vb->default_N = NULL;
vb->seed_key = NULL;
- if ((seed_key != NULL) && (vb->seed_key = BUF_strdup(seed_key)) == NULL) {
+ if ((seed_key != NULL) && (vb->seed_key = OPENSSL_strdup(seed_key)) == NULL) {
sk_SRP_user_pwd_free(vb->users_pwd);
sk_SRP_gN_cache_free(vb->gN_cache);
OPENSSL_free(vb);
return vb;
}
-int SRP_VBASE_free(SRP_VBASE *vb)
+void SRP_VBASE_free(SRP_VBASE *vb)
{
+ if (!vb)
+ return;
sk_SRP_user_pwd_pop_free(vb->users_pwd, SRP_user_pwd_free);
sk_SRP_gN_cache_free(vb->gN_cache);
OPENSSL_free(vb->seed_key);
OPENSSL_free(vb);
- return 0;
}
static SRP_gN_cache *SRP_gN_new_init(const char *ch)
{
unsigned char tmp[MAX_LEN];
int len;
+ SRP_gN_cache *newgN = OPENSSL_malloc(sizeof(*newgN));
- SRP_gN_cache *newgN =
- (SRP_gN_cache *)OPENSSL_malloc(sizeof(SRP_gN_cache));
if (newgN == NULL)
return NULL;
- if ((newgN->b64_bn = BUF_strdup(ch)) == NULL)
+ if ((newgN->b64_bn = OPENSSL_strdup(ch)) == NULL)
goto err;
len = t_fromb64(tmp, ch);
* we add this couple in the internal Stack
*/
- if ((gN = (SRP_gN *) OPENSSL_malloc(sizeof(SRP_gN))) == NULL)
+ if ((gN = OPENSSL_malloc(sizeof(*gN))) == NULL)
goto err;
- if (!(gN->id = BUF_strdup(pp[DB_srpid]))
- || !(gN->N =
- SRP_gN_place_bn(vb->gN_cache, pp[DB_srpverifier]))
- || !(gN->g = SRP_gN_place_bn(vb->gN_cache, pp[DB_srpsalt]))
+ if ((gN->id = OPENSSL_strdup(pp[DB_srpid])) == NULL
+ || (gN->N = SRP_gN_place_bn(vb->gN_cache, pp[DB_srpverifier]))
+ == NULL
+ || (gN->g = SRP_gN_place_bn(vb->gN_cache, pp[DB_srpsalt]))
+ == NULL
|| sk_SRP_gN_insert(SRP_gN_tab, gN, 0) == 0)
goto err;
SRP_user_pwd_free(user_pwd);
- if (tmpdb)
- TXT_DB_free(tmpdb);
+ TXT_DB_free(tmpdb);
BIO_free_all(in);
sk_SRP_gN_free(SRP_gN_tab);
}
-SRP_user_pwd *SRP_VBASE_get_by_user(SRP_VBASE *vb, char *username)
+static SRP_user_pwd *find_user(SRP_VBASE *vb, char *username)
{
int i;
SRP_user_pwd *user;
- unsigned char digv[SHA_DIGEST_LENGTH];
- unsigned char digs[SHA_DIGEST_LENGTH];
- EVP_MD_CTX ctxt;
if (vb == NULL)
return NULL;
+
for (i = 0; i < sk_SRP_user_pwd_num(vb->users_pwd); i++) {
user = sk_SRP_user_pwd_value(vb->users_pwd, i);
if (strcmp(user->id, username) == 0)
return user;
}
+
+ return NULL;
+}
+
+ #if OPENSSL_API_COMPAT < 0x10100000L
+/*
+ * DEPRECATED: use SRP_VBASE_get1_by_user instead.
+ * This method ignores the configured seed and fails for an unknown user.
+ * Ownership of the returned pointer is not released to the caller.
+ * In other words, caller must not free the result.
+ */
+SRP_user_pwd *SRP_VBASE_get_by_user(SRP_VBASE *vb, char *username)
+{
+ return find_user(vb, username);
+}
+#endif
+
+/*
+ * Ownership of the returned pointer is released to the caller.
+ * In other words, caller must free the result once done.
+ */
+SRP_user_pwd *SRP_VBASE_get1_by_user(SRP_VBASE *vb, char *username)
+{
+ SRP_user_pwd *user;
+ unsigned char digv[SHA_DIGEST_LENGTH];
+ unsigned char digs[SHA_DIGEST_LENGTH];
+ EVP_MD_CTX *ctxt = NULL;
+
+ if (vb == NULL)
+ return NULL;
+
+ if ((user = find_user(vb, username)) != NULL)
+ return srp_user_pwd_dup(user);
+
if ((vb->seed_key == NULL) ||
(vb->default_g == NULL) || (vb->default_N == NULL))
return NULL;
if (RAND_bytes(digv, SHA_DIGEST_LENGTH) <= 0)
goto err;
- EVP_MD_CTX_init(&ctxt);
- EVP_DigestInit_ex(&ctxt, EVP_sha1(), NULL);
- EVP_DigestUpdate(&ctxt, vb->seed_key, strlen(vb->seed_key));
- EVP_DigestUpdate(&ctxt, username, strlen(username));
- EVP_DigestFinal_ex(&ctxt, digs, NULL);
- EVP_MD_CTX_cleanup(&ctxt);
- if (SRP_user_pwd_set_sv_BN
- (user, BN_bin2bn(digs, SHA_DIGEST_LENGTH, NULL),
- BN_bin2bn(digv, SHA_DIGEST_LENGTH, NULL)))
+ ctxt = EVP_MD_CTX_new();
+ EVP_DigestInit_ex(ctxt, EVP_sha1(), NULL);
+ EVP_DigestUpdate(ctxt, vb->seed_key, strlen(vb->seed_key));
+ EVP_DigestUpdate(ctxt, username, strlen(username));
+ EVP_DigestFinal_ex(ctxt, digs, NULL);
+ EVP_MD_CTX_free(ctxt);
+ ctxt = NULL;
+ if (SRP_user_pwd_set_sv_BN(user,
+ BN_bin2bn(digs, SHA_DIGEST_LENGTH, NULL),
+ BN_bin2bn(digv, SHA_DIGEST_LENGTH, NULL)))
return user;
- err:SRP_user_pwd_free(user);
+ err:
+ EVP_MD_CTX_free(ctxt);
+ SRP_user_pwd_free(user);
return NULL;
}
char **verifier, const char *N, const char *g)
{
int len;
- char *result = NULL;
- char *vf;
+ char *result = NULL, *vf = NULL;
BIGNUM *N_bn = NULL, *g_bn = NULL, *s = NULL, *v = NULL;
unsigned char tmp[MAX_LEN];
unsigned char tmp2[MAX_LEN];
char *defgNid = NULL;
+ int vfsize = 0;
if ((user == NULL) ||
(pass == NULL) || (salt == NULL) || (verifier == NULL))
goto err;
if (N) {
- if (!(len = t_fromb64(tmp, N)))
+ if ((len = t_fromb64(tmp, N)) == 0)
goto err;
N_bn = BN_bin2bn(tmp, len, NULL);
- if (!(len = t_fromb64(tmp, g)))
+ if ((len = t_fromb64(tmp, g)) == 0)
goto err;
g_bn = BN_bin2bn(tmp, len, NULL);
defgNid = "*";
s = BN_bin2bn(tmp2, SRP_RANDOM_SALT_LEN, NULL);
} else {
- if (!(len = t_fromb64(tmp2, *salt)))
+ if ((len = t_fromb64(tmp2, *salt)) == 0)
goto err;
s = BN_bin2bn(tmp2, len, NULL);
}
goto err;
BN_bn2bin(v, tmp);
- if (((vf = OPENSSL_malloc(BN_num_bytes(v) * 2)) == NULL))
+ vfsize = BN_num_bytes(v) * 2;
+ if (((vf = OPENSSL_malloc(vfsize)) == NULL))
goto err;
t_tob64(vf, tmp, BN_num_bytes(v));
- *verifier = vf;
if (*salt == NULL) {
char *tmp_salt;
if ((tmp_salt = OPENSSL_malloc(SRP_RANDOM_SALT_LEN * 2)) == NULL) {
- OPENSSL_free(vf);
goto err;
}
t_tob64(tmp_salt, tmp2, SRP_RANDOM_SALT_LEN);
*salt = tmp_salt;
}
+ *verifier = vf;
+ vf = NULL;
result = defgNid;
err:
BN_free(N_bn);
BN_free(g_bn);
}
+ OPENSSL_clear_free(vf, vfsize);
+ BN_clear_free(s);
+ BN_clear_free(v);
return result;
}
/*
- * create a verifier (*salt,*verifier,g and N are BIGNUMs)
+ * create a verifier (*salt,*verifier,g and N are BIGNUMs). If *salt != NULL
+ * then the provided salt will be used. On successful exit *verifier will point
+ * to a newly allocated BIGNUM containing the verifier and (if a salt was not
+ * provided) *salt will be populated with a newly allocated BIGNUM containing a
+ * random salt.
+ * The caller is responsible for freeing the allocated *salt and *verifier
+ * BIGNUMS.
*/
int SRP_create_verifier_BN(const char *user, const char *pass, BIGNUM **salt,
BIGNUM **verifier, const BIGNUM *N,
BIGNUM *x = NULL;
BN_CTX *bn_ctx = BN_CTX_new();
unsigned char tmp2[MAX_LEN];
+ BIGNUM *salttmp = NULL;
if ((user == NULL) ||
(pass == NULL) ||
if (RAND_bytes(tmp2, SRP_RANDOM_SALT_LEN) <= 0)
goto err;
- *salt = BN_bin2bn(tmp2, SRP_RANDOM_SALT_LEN, NULL);
+ salttmp = BN_bin2bn(tmp2, SRP_RANDOM_SALT_LEN, NULL);
+ } else {
+ salttmp = *salt;
}
- x = SRP_Calc_x(*salt, user, pass);
+ x = SRP_Calc_x(salttmp, user, pass);
*verifier = BN_new();
if (*verifier == NULL)
}
result = 1;
+ *salt = salttmp;
err:
-
+ if (salt != NULL && *salt != salttmp)
+ BN_clear_free(salttmp);
BN_clear_free(x);
BN_CTX_free(bn_ctx);
return result;
projects / openssl.git / blobdiff