-int SRP_generate_client_master_secret(SSL *s,unsigned char *master_key)
- {
- BIGNUM *x = NULL, *u = NULL, *K = NULL;
- int ret = -1, tmp_len;
- char *passwd = NULL;
- unsigned char *tmp = NULL;
-
- /* Checks if b % n == 0
- */
- if (SRP_Verify_B_mod_N(s->srp_ctx.B,s->srp_ctx.N)==0) goto err;
- if (!(u = SRP_Calc_u(s->srp_ctx.A,s->srp_ctx.B,s->srp_ctx.N))) goto err;
- if (s->srp_ctx.SRP_give_srp_client_pwd_callback == NULL) goto err;
- if (!(passwd = s->srp_ctx.SRP_give_srp_client_pwd_callback(s, s->srp_ctx.SRP_cb_arg))) goto err;
- if (!(x = SRP_Calc_x(s->srp_ctx.s,s->srp_ctx.login,passwd))) goto err;
- if (!(K = SRP_Calc_client_key(s->srp_ctx.N, s->srp_ctx.B, s->srp_ctx.g, x, s->srp_ctx.a, u))) goto err;
-
- tmp_len = BN_num_bytes(K);
- if ((tmp = OPENSSL_malloc(tmp_len)) == NULL) goto err;
- BN_bn2bin(K, tmp);
- ret = s->method->ssl3_enc->generate_master_secret(s,master_key,tmp,tmp_len);
-err:
- if (tmp)
- {
- OPENSSL_cleanse(tmp,tmp_len) ;
- OPENSSL_free(tmp);
- }
- BN_clear_free(K);
- BN_clear_free(x);
- if (passwd)
- {
- OPENSSL_cleanse(passwd,strlen(passwd)) ;
- OPENSSL_free(passwd);
- }
- BN_clear_free(u);
- return ret;
- }
+int srp_generate_client_master_secret(SSL *s)
+{
+ BIGNUM *x = NULL, *u = NULL, *K = NULL;
+ int ret = -1, tmp_len = 0;
+ char *passwd = NULL;
+ unsigned char *tmp = NULL;
+
+ /*
+ * Checks if b % n == 0
+ */
+ if (SRP_Verify_B_mod_N(s->srp_ctx.B, s->srp_ctx.N) == 0
+ || (u = SRP_Calc_u(s->srp_ctx.A, s->srp_ctx.B, s->srp_ctx.N))
+ == NULL
+ || s->srp_ctx.SRP_give_srp_client_pwd_callback == NULL) {
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+ SSL_F_SRP_GENERATE_CLIENT_MASTER_SECRET, ERR_R_INTERNAL_ERROR);
+ goto err;
+ }
+ if ((passwd = s->srp_ctx.SRP_give_srp_client_pwd_callback(s,
+ s->srp_ctx.SRP_cb_arg))
+ == NULL) {
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+ SSL_F_SRP_GENERATE_CLIENT_MASTER_SECRET,
+ SSL_R_CALLBACK_FAILED);
+ goto err;
+ }
+ if ((x = SRP_Calc_x(s->srp_ctx.s, s->srp_ctx.login, passwd)) == NULL
+ || (K = SRP_Calc_client_key(s->srp_ctx.N, s->srp_ctx.B,
+ s->srp_ctx.g, x,
+ s->srp_ctx.a, u)) == NULL) {
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+ SSL_F_SRP_GENERATE_CLIENT_MASTER_SECRET, ERR_R_INTERNAL_ERROR);
+ goto err;
+ }
+
+ tmp_len = BN_num_bytes(K);
+ if ((tmp = OPENSSL_malloc(tmp_len)) == NULL) {
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+ SSL_F_SRP_GENERATE_CLIENT_MASTER_SECRET, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+ BN_bn2bin(K, tmp);
+ /* Calls SSLfatal() as required */
+ ret = ssl_generate_master_secret(s, tmp, tmp_len, 1);
+ err:
+ BN_clear_free(K);
+ BN_clear_free(x);
+ if (passwd != NULL)
+ OPENSSL_clear_free(passwd, strlen(passwd));
+ BN_clear_free(u);
+ return ret;
+}
+
+int srp_verify_server_param(SSL *s)
+{
+ SRP_CTX *srp = &s->srp_ctx;
+ /*
+ * Sanity check parameters: we can quickly check B % N == 0 by checking B
+ * != 0 since B < N
+ */
+ if (BN_ucmp(srp->g, srp->N) >= 0 || BN_ucmp(srp->B, srp->N) >= 0
+ || BN_is_zero(srp->B)) {
+ SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_SRP_VERIFY_SERVER_PARAM,
+ SSL_R_BAD_DATA);
+ return 0;
+ }
+
+ if (BN_num_bits(srp->N) < srp->strength) {
+ SSLfatal(s, SSL_AD_INSUFFICIENT_SECURITY, SSL_F_SRP_VERIFY_SERVER_PARAM,
+ SSL_R_INSUFFICIENT_SECURITY);
+ return 0;
+ }
+
+ if (srp->SRP_verify_param_callback) {
+ if (srp->SRP_verify_param_callback(s, srp->SRP_cb_arg) <= 0) {
+ SSLfatal(s, SSL_AD_INSUFFICIENT_SECURITY,
+ SSL_F_SRP_VERIFY_SERVER_PARAM,
+ SSL_R_CALLBACK_FAILED);
+ return 0;
+ }
+ } else if (!SRP_check_known_gN_param(srp->g, srp->N)) {
+ SSLfatal(s, SSL_AD_INSUFFICIENT_SECURITY, SSL_F_SRP_VERIFY_SERVER_PARAM,
+ SSL_R_INSUFFICIENT_SECURITY);
+ return 0;
+ }
+
+ return 1;
+}