OPENSSL_free(user_pwd);
}
-static SRP_user_pwd *SRP_user_pwd_new(void)
+SRP_user_pwd *SRP_user_pwd_new(void)
{
SRP_user_pwd *ret;
return ret;
}
-static void SRP_user_pwd_set_gN(SRP_user_pwd *vinfo, const BIGNUM *g,
- const BIGNUM *N)
+void SRP_user_pwd_set_gN(SRP_user_pwd *vinfo, const BIGNUM *g,
+ const BIGNUM *N)
{
vinfo->N = N;
vinfo->g = g;
}
-static int SRP_user_pwd_set_ids(SRP_user_pwd *vinfo, const char *id,
- const char *info)
+int SRP_user_pwd_set1_ids(SRP_user_pwd *vinfo, const char *id,
+ const char *info)
{
+ OPENSSL_free(vinfo->id);
+ OPENSSL_free(vinfo->info);
if (id != NULL && NULL == (vinfo->id = OPENSSL_strdup(id)))
return 0;
return (info == NULL || NULL != (vinfo->info = OPENSSL_strdup(info)));
return 0;
}
-static int SRP_user_pwd_set_sv_BN(SRP_user_pwd *vinfo, BIGNUM *s, BIGNUM *v)
+int SRP_user_pwd_set0_sv(SRP_user_pwd *vinfo, BIGNUM *s, BIGNUM *v)
{
+ BN_free(vinfo->s);
+ BN_clear_free(vinfo->v);
vinfo->v = v;
vinfo->s = s;
return (vinfo->s != NULL && vinfo->v != NULL);
return NULL;
SRP_user_pwd_set_gN(ret, src->g, src->N);
- if (!SRP_user_pwd_set_ids(ret, src->id, src->info)
- || !SRP_user_pwd_set_sv_BN(ret, BN_dup(src->s), BN_dup(src->v))) {
+ if (!SRP_user_pwd_set1_ids(ret, src->id, src->info)
+ || !SRP_user_pwd_set0_sv(ret, BN_dup(src->s), BN_dup(src->v))) {
SRP_user_pwd_free(ret);
return NULL;
}
goto err;
SRP_user_pwd_set_gN(user_pwd, lgN->g, lgN->N);
- if (!SRP_user_pwd_set_ids
+ if (!SRP_user_pwd_set1_ids
(user_pwd, pp[DB_srpid], pp[DB_srpinfo]))
goto err;
SRP_user_pwd_set_gN(user, vb->default_g, vb->default_N);
- if (!SRP_user_pwd_set_ids(user, username, NULL))
+ if (!SRP_user_pwd_set1_ids(user, username, NULL))
goto err;
if (RAND_priv_bytes(digv, SHA_DIGEST_LENGTH) <= 0)
goto err;
EVP_MD_CTX_free(ctxt);
ctxt = NULL;
- if (SRP_user_pwd_set_sv_BN(user,
+ if (SRP_user_pwd_set0_sv(user,
BN_bin2bn(digs, SHA_DIGEST_LENGTH, NULL),
BN_bin2bn(digv, SHA_DIGEST_LENGTH, NULL)))
return user;
SRP_VBASE_new,
SRP_VBASE_free,
-SRP_user_pwd_free,
SRP_VBASE_init,
SRP_VBASE_add0_user,
SRP_VBASE_get1_by_user,
SRP_VBASE *SRP_VBASE_new(char *seed_key);
void SRP_VBASE_free(SRP_VBASE *vb);
- void SRP_user_pwd_free(SRP_user_pwd *user_pwd);
int SRP_VBASE_init(SRP_VBASE *vb, char *verifier_file);
=head1 DESCRIPTION
The SRP_VBASE_new() function allocates a structure to store server side SRP
-verifier information. If B<seed_key> is not NULL a copy is stored and used to
-generate dummy parameters for users that are not found by SRP_VBASE_get1_by_user().
-This allows the server to hide the fact that it doesn't have a verifier for a
-particular username, as described in section 2.5.1.3 'Unknown SRP' of RFC 5054.
+verifier information.
+If B<seed_key> is not NULL a copy is stored and used to generate dummy parameters
+for users that are not found by SRP_VBASE_get1_by_user(). This allows the server
+to hide the fact that it doesn't have a verifier for a particular username,
+as described in section 2.5.1.3 'Unknown SRP' of RFC 5054.
The seed string should contain random NUL terminated binary data (therefore
the random data should not contain NUL bytes!).
The SRP_VBASE_free() function frees up the B<vb> structure.
If B<vb> is NULL, nothing is done.
-The SRP_user_pwd_free() function frees up the B<user_pwd> structure.
-If B<user_pwd> is NULL, nothing is done.
-
The SRP_VBASE_init() function parses the information in a verifier file and
populates the B<vb> structure.
The verifier file is a text file containing multiple entries, whose format is:
to use L<srp(1)> to generate this file.
The SRP_VBASE_add0_user() function adds the B<user_pwd> verifier information
-to the B<vb> structure.
+to the B<vb> structure. See L<SRP_user_pwd_new(3)> to create and populate this
+record.
The library takes ownership of B<user_pwd>, it should not be freed by the caller.
The SRP_VBASE_get1_by_user() function returns the password info for the user
L<srp(1)>,
L<SRP_create_verifier(3)>,
+L<SRP_user_pwd_new(3)>,
L<SSL_CTX_set_srp_password(3)>
=head1 HISTORY
It is possible to pass NULL as B<N> and an SRP group id as B<g> instead to
load the appropriate gN values (see SRP_get_default_gN()).
If both B<N> and B<g> are NULL the 8192-bit SRP group parameters are used.
-The caller is responsible for freeing the allocated *salt and *verifier char*
+The caller is responsible for freeing the allocated B<*salt> and B<*verifier>
(use L<OPENSSL_free(3)>).
The SRP_check_known_gN_param() function checks that B<g> and B<N> are valid
SRP_VBASE *srpData = SRP_VBASE_new(NULL);
- SRP_user_pwd *pwd = (SRP_user_pwd*) OPENSSL_malloc(sizeof(SRP_user_pwd));
SRP_gN *gN = SRP_get_default_gN("8192");
BIGNUM *salt = NULL, *verifier = NULL;
SRP_create_verifier_BN(username, password, &salt, &verifier, gN->N, gN->g);
- // TODO: replace with SRP_user_pwd_new()
- pwd->id = OPENSSL_strdup(username);
- pwd->g = gN->g;
- pwd->N = gN->N;
- pwd->s = salt;
- pwd->v = verifier;
- pwd->info = NULL;
+ SRP_user_pwd *pwd = SRP_user_pwd_new();
+ SRP_user_pwd_set1_ids(pwd, username, NULL);
+ SRP_user_pwd_set0_sv(pwd, salt, verifier);
+ SRP_user_pwd_set_gN(pwd, gN->g, gN->N);
SRP_VBASE_add0_user(srpData, pwd);
=head1 SEE ALSO
L<srp(1)>,
-L<BN_new(3)>,
-L<OPENSSL_malloc(3)>,
-L<SRP_VBASE_new(3)>
+L<SRP_VBASE_new(3)>,
+L<SRP_user_pwd_new(3)>
=head1 HISTORY
--- /dev/null
+=pod
+
+=head1 NAME
+
+SRP_user_pwd_new,
+SRP_user_pwd_free,
+SRP_user_pwd_set1_ids,
+SRP_user_pwd_set_gN,
+SRP_user_pwd_set0_sv
+- Functions to create a record of SRP user verifier information
+
+=head1 SYNOPSIS
+
+ #include <openssl/srp.h>
+
+ SRP_user_pwd *SRP_user_pwd_new(void);
+ void SRP_user_pwd_free(SRP_user_pwd *user_pwd);
+
+ int SRP_user_pwd_set1_ids(SRP_user_pwd *user_pwd, const char *id, const char *info);
+ void SRP_user_pwd_set_gN(SRP_user_pwd *user_pwd, const BIGNUM *g, const BIGNUM *N);
+ int SRP_user_pwd_set0_sv(SRP_user_pwd *user_pwd, BIGNUM *s, BIGNUM *v);
+
+=head1 DESCRIPTION
+
+The SRP_user_pwd_new() function allocates a structure to store a user verifier
+record.
+
+The SRP_user_pwd_free() function frees up the B<user_pwd> structure.
+If B<user_pwd> is NULL, nothing is done.
+
+The SRP_user_pwd_set1_ids() function sets the username to B<id> and the optional
+user info to B<info> for B<user_pwd>.
+The library allocates new copies of B<id> and B<info>, the caller still
+owns the original memory.
+
+The SRP_user_pwd_set0_sv() function sets the user salt to B<s> and the verifier
+to B<v> for B<user_pwd>.
+The library takes ownership of the values, they should not be freed by the caller.
+
+The SRP_user_pwd_set_gN() function sets the SRP group parameters for B<user_pwd>.
+The memory is not freed by SRP_user_pwd_free(), the caller must make sure it is
+freed once it is no longer used.
+
+=head1 RETURN VALUES
+
+SRP_user_pwd_set1_ids() returns 1 on success and 0 on failure or if B<id> was NULL.
+
+SRP_user_pwd_set0_sv() returns 1 if both B<s> and B<v> are not NULL, 0 otherwise.
+
+=head1 SEE ALSO
+
+L<srp(1)>,
+L<SRP_create_verifier(3)>,
+L<SRP_VBASE_new(3)>,
+L<SSL_CTX_set_srp_password(3)>
+
+=head1 HISTORY
+
+These functions were made public in OpenSSL 1.2.0.
+
+=head1 COPYRIGHT
+
+Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License"). You may not use
+this file except in compliance with the License. You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
char *info;
} SRP_user_pwd;
+SRP_user_pwd *SRP_user_pwd_new(void);
void SRP_user_pwd_free(SRP_user_pwd *user_pwd);
+void SRP_user_pwd_set_gN(SRP_user_pwd *user_pwd, const BIGNUM *g, const BIGNUM *N);
+int SRP_user_pwd_set1_ids(SRP_user_pwd *user_pwd, const char *id, const char *info);
+int SRP_user_pwd_set0_sv(SRP_user_pwd *user_pwd, BIGNUM *s, BIGNUM *v);
+
DEFINE_STACK_OF(SRP_user_pwd)
typedef struct SRP_VBASE_st {
EVP_hex2ctrl 4553 1_1_2 EXIST::FUNCTION:
EVP_PKEY_supports_digest_nid 4554 1_1_2 EXIST::FUNCTION:
SRP_VBASE_add0_user 4555 1_1_2 EXIST::FUNCTION:SRP
+SRP_user_pwd_new 4556 1_1_2 EXIST::FUNCTION:SRP
+SRP_user_pwd_set_gN 4557 1_1_2 EXIST::FUNCTION:SRP
+SRP_user_pwd_set1_ids 4558 1_1_2 EXIST::FUNCTION:SRP
+SRP_user_pwd_set0_sv 4559 1_1_2 EXIST::FUNCTION:SRP
projects / openssl.git / commitdiff