1 /* 2 * Copyright 2004-2021 The OpenSSL Project Authors. All Rights Reserved. 3 * Copyright (c) 2004, EdelKey Project. All Rights Reserved. 4 * 5 * Licensed under the Apache License 2.0 (the "License"). You may not use 6 * this file except in compliance with the License. You can obtain a copy 7 * in the file LICENSE in the source distribution or at 8 * https://www.openssl.org/source/license.html 9 * 10 * Originally written by Christophe Renou and Peter Sylvester, 11 * for the EdelKey project. 12 */ 13 14 /* All the SRP APIs in this file are deprecated */ 15 #define OPENSSL_SUPPRESS_DEPRECATED 16 17 #ifndef OPENSSL_NO_SRP 18 # include "internal/cryptlib.h" 19 # include "crypto/evp.h" 20 # include <openssl/sha.h> 21 # include <openssl/srp.h> 22 # include <openssl/evp.h> 23 # include <openssl/buffer.h> 24 # include <openssl/rand.h> 25 # include <openssl/txt_db.h> 26 # include <openssl/err.h> 27 28 # define SRP_RANDOM_SALT_LEN 20 29 # define MAX_LEN 2500 30 31 /* 32 * Note that SRP uses its own variant of base 64 encoding. A different base64 33 * alphabet is used and no padding '=' characters are added. Instead we pad to 34 * the front with 0 bytes and subsequently strip off leading encoded padding. 35 * This variant is used for compatibility with other SRP implementations - 36 * notably libsrp, but also others. It is also required for backwards 37 * compatibility in order to load verifier files from other OpenSSL versions. 38 */ 39 40 /* 41 * Convert a base64 string into raw byte array representation. 42 * Returns the length of the decoded data, or -1 on error. 43 */ 44 static int t_fromb64(unsigned char *a, size_t alen, const char *src) 45 { 46 EVP_ENCODE_CTX *ctx; 47 int outl = 0, outl2 = 0; 48 size_t size, padsize; 49 const unsigned char *pad = (const unsigned char *)"00"; 50 51 while (*src == ' ' || *src == '\t' || *src == '\n') 52 ++src; 53 size = strlen(src); 54 padsize = 4 - (size & 3); 55 padsize &= 3; 56 57 /* Four bytes in src become three bytes output. */ 58 if (size > INT_MAX || ((size + padsize) / 4) * 3 > alen) 59 return -1; 60 61 ctx = EVP_ENCODE_CTX_new(); 62 if (ctx == NULL) 63 return -1; 64 65 /* 66 * This should never occur because 1 byte of data always requires 2 bytes of 67 * encoding, i.e. 68 * 0 bytes unencoded = 0 bytes encoded 69 * 1 byte unencoded = 2 bytes encoded 70 * 2 bytes unencoded = 3 bytes encoded 71 * 3 bytes unencoded = 4 bytes encoded 72 * 4 bytes unencoded = 6 bytes encoded 73 * etc 74 */ 75 if (padsize == 3) { 76 outl = -1; 77 goto err; 78 } 79 80 /* Valid padsize values are now 0, 1 or 2 */ 81 82 EVP_DecodeInit(ctx); 83 evp_encode_ctx_set_flags(ctx, EVP_ENCODE_CTX_USE_SRP_ALPHABET); 84 85 /* Add any encoded padding that is required */ 86 if (padsize != 0 87 && EVP_DecodeUpdate(ctx, a, &outl, pad, padsize) < 0) { 88 outl = -1; 89 goto err; 90 } 91 if (EVP_DecodeUpdate(ctx, a, &outl2, (const unsigned char *)src, size) < 0) { 92 outl = -1; 93 goto err; 94 } 95 outl += outl2; 96 EVP_DecodeFinal(ctx, a + outl, &outl2); 97 outl += outl2; 98 99 /* Strip off the leading padding */ 100 if (padsize != 0) { 101 if ((int)padsize >= outl) { 102 outl = -1; 103 goto err; 104 } 105 106 /* 107 * If we added 1 byte of padding prior to encoding then we have 2 bytes 108 * of "real" data which gets spread across 4 encoded bytes like this: 109 * (6 bits pad)(2 bits pad | 4 bits data)(6 bits data)(6 bits data) 110 * So 1 byte of pre-encoding padding results in 1 full byte of encoded 111 * padding. 112 * If we added 2 bytes of padding prior to encoding this gets encoded 113 * as: 114 * (6 bits pad)(6 bits pad)(4 bits pad | 2 bits data)(6 bits data) 115 * So 2 bytes of pre-encoding padding results in 2 full bytes of encoded 116 * padding, i.e. we have to strip the same number of bytes of padding 117 * from the encoded data as we added to the pre-encoded data. 118 */ 119 memmove(a, a + padsize, outl - padsize); 120 outl -= padsize; 121 } 122 123 err: 124 EVP_ENCODE_CTX_free(ctx); 125 126 return outl; 127 } 128 129 /* 130 * Convert a raw byte string into a null-terminated base64 ASCII string. 131 * Returns 1 on success or 0 on error. 132 */ 133 static int t_tob64(char *dst, const unsigned char *src, int size) 134 { 135 EVP_ENCODE_CTX *ctx = EVP_ENCODE_CTX_new(); 136 int outl = 0, outl2 = 0; 137 unsigned char pad[2] = {0, 0}; 138 size_t leadz = 0; 139 140 if (ctx == NULL) 141 return 0; 142 143 EVP_EncodeInit(ctx); 144 evp_encode_ctx_set_flags(ctx, EVP_ENCODE_CTX_NO_NEWLINES 145 | EVP_ENCODE_CTX_USE_SRP_ALPHABET); 146 147 /* 148 * We pad at the front with zero bytes until the length is a multiple of 3 149 * so that EVP_EncodeUpdate/EVP_EncodeFinal does not add any of its own "=" 150 * padding 151 */ 152 leadz = 3 - (size % 3); 153 if (leadz != 3 154 && !EVP_EncodeUpdate(ctx, (unsigned char *)dst, &outl, pad, 155 leadz)) { 156 EVP_ENCODE_CTX_free(ctx); 157 return 0; 158 } 159 160 if (!EVP_EncodeUpdate(ctx, (unsigned char *)dst + outl, &outl2, src, 161 size)) { 162 EVP_ENCODE_CTX_free(ctx); 163 return 0; 164 } 165 outl += outl2; 166 EVP_EncodeFinal(ctx, (unsigned char *)dst + outl, &outl2); 167 outl += outl2; 168 169 /* Strip the encoded padding at the front */ 170 if (leadz != 3) { 171 memmove(dst, dst + leadz, outl - leadz); 172 dst[outl - leadz] = '\0'; 173 } 174 175 EVP_ENCODE_CTX_free(ctx); 176 return 1; 177 } 178 179 void SRP_user_pwd_free(SRP_user_pwd *user_pwd) 180 { 181 if (user_pwd == NULL) 182 return; 183 BN_free(user_pwd->s); 184 BN_clear_free(user_pwd->v); 185 OPENSSL_free(user_pwd->id); 186 OPENSSL_free(user_pwd->info); 187 OPENSSL_free(user_pwd); 188 } 189 190 SRP_user_pwd *SRP_user_pwd_new(void) 191 { 192 SRP_user_pwd *ret; 193 194 if ((ret = OPENSSL_malloc(sizeof(*ret))) == NULL) { 195 /* ERR_raise(ERR_LIB_SRP, ERR_R_MALLOC_FAILURE); */ /*ckerr_ignore*/ 196 return NULL; 197 } 198 ret->N = NULL; 199 ret->g = NULL; 200 ret->s = NULL; 201 ret->v = NULL; 202 ret->id = NULL; 203 ret->info = NULL; 204 return ret; 205 } 206 207 void SRP_user_pwd_set_gN(SRP_user_pwd *vinfo, const BIGNUM *g, 208 const BIGNUM *N) 209 { 210 vinfo->N = N; 211 vinfo->g = g; 212 } 213 214 int SRP_user_pwd_set1_ids(SRP_user_pwd *vinfo, const char *id, 215 const char *info) 216 { 217 OPENSSL_free(vinfo->id); 218 OPENSSL_free(vinfo->info); 219 if (id != NULL && NULL == (vinfo->id = OPENSSL_strdup(id))) 220 return 0; 221 return (info == NULL || NULL != (vinfo->info = OPENSSL_strdup(info))); 222 } 223 224 static int SRP_user_pwd_set_sv(SRP_user_pwd *vinfo, const char *s, 225 const char *v) 226 { 227 unsigned char tmp[MAX_LEN]; 228 int len; 229 230 vinfo->v = NULL; 231 vinfo->s = NULL; 232 233 len = t_fromb64(tmp, sizeof(tmp), v); 234 if (len < 0) 235 return 0; 236 if (NULL == (vinfo->v = BN_bin2bn(tmp, len, NULL))) 237 return 0; 238 len = t_fromb64(tmp, sizeof(tmp), s); 239 if (len < 0) 240 goto err; 241 vinfo->s = BN_bin2bn(tmp, len, NULL); 242 if (vinfo->s == NULL) 243 goto err; 244 return 1; 245 err: 246 BN_free(vinfo->v); 247 vinfo->v = NULL; 248 return 0; 249 } 250 251 int SRP_user_pwd_set0_sv(SRP_user_pwd *vinfo, BIGNUM *s, BIGNUM *v) 252 { 253 BN_free(vinfo->s); 254 BN_clear_free(vinfo->v); 255 vinfo->v = v; 256 vinfo->s = s; 257 return (vinfo->s != NULL && vinfo->v != NULL); 258 } 259 260 static SRP_user_pwd *srp_user_pwd_dup(SRP_user_pwd *src) 261 { 262 SRP_user_pwd *ret; 263 264 if (src == NULL) 265 return NULL; 266 if ((ret = SRP_user_pwd_new()) == NULL) 267 return NULL; 268 269 SRP_user_pwd_set_gN(ret, src->g, src->N); 270 if (!SRP_user_pwd_set1_ids(ret, src->id, src->info) 271 || !SRP_user_pwd_set0_sv(ret, BN_dup(src->s), BN_dup(src->v))) { 272 SRP_user_pwd_free(ret); 273 return NULL; 274 } 275 return ret; 276 } 277 278 SRP_VBASE *SRP_VBASE_new(char *seed_key) 279 { 280 SRP_VBASE *vb = OPENSSL_malloc(sizeof(*vb)); 281 282 if (vb == NULL) 283 return NULL; 284 if ((vb->users_pwd = sk_SRP_user_pwd_new_null()) == NULL 285 || (vb->gN_cache = sk_SRP_gN_cache_new_null()) == NULL) { 286 OPENSSL_free(vb); 287 return NULL; 288 } 289 vb->default_g = NULL; 290 vb->default_N = NULL; 291 vb->seed_key = NULL; 292 if ((seed_key != NULL) && (vb->seed_key = OPENSSL_strdup(seed_key)) == NULL) { 293 sk_SRP_user_pwd_free(vb->users_pwd); 294 sk_SRP_gN_cache_free(vb->gN_cache); 295 OPENSSL_free(vb); 296 return NULL; 297 } 298 return vb; 299 } 300 301 void SRP_VBASE_free(SRP_VBASE *vb) 302 { 303 if (!vb) 304 return; 305 sk_SRP_user_pwd_pop_free(vb->users_pwd, SRP_user_pwd_free); 306 sk_SRP_gN_cache_free(vb->gN_cache); 307 OPENSSL_free(vb->seed_key); 308 OPENSSL_free(vb); 309 } 310 311 static SRP_gN_cache *SRP_gN_new_init(const char *ch) 312 { 313 unsigned char tmp[MAX_LEN]; 314 int len; 315 SRP_gN_cache *newgN = OPENSSL_malloc(sizeof(*newgN)); 316 317 if (newgN == NULL) 318 return NULL; 319 320 len = t_fromb64(tmp, sizeof(tmp), ch); 321 if (len < 0) 322 goto err; 323 324 if ((newgN->b64_bn = OPENSSL_strdup(ch)) == NULL) 325 goto err; 326 327 if ((newgN->bn = BN_bin2bn(tmp, len, NULL))) 328 return newgN; 329 330 OPENSSL_free(newgN->b64_bn); 331 err: 332 OPENSSL_free(newgN); 333 return NULL; 334 } 335 336 static void SRP_gN_free(SRP_gN_cache *gN_cache) 337 { 338 if (gN_cache == NULL) 339 return; 340 OPENSSL_free(gN_cache->b64_bn); 341 BN_free(gN_cache->bn); 342 OPENSSL_free(gN_cache); 343 } 344 345 static SRP_gN *SRP_get_gN_by_id(const char *id, STACK_OF(SRP_gN) *gN_tab) 346 { 347 int i; 348 349 SRP_gN *gN; 350 if (gN_tab != NULL) { 351 for (i = 0; i < sk_SRP_gN_num(gN_tab); i++) { 352 gN = sk_SRP_gN_value(gN_tab, i); 353 if (gN && (id == NULL || strcmp(gN->id, id) == 0)) 354 return gN; 355 } 356 } 357 358 return SRP_get_default_gN(id); 359 } 360 361 static BIGNUM *SRP_gN_place_bn(STACK_OF(SRP_gN_cache) *gN_cache, char *ch) 362 { 363 int i; 364 if (gN_cache == NULL) 365 return NULL; 366 367 /* search if we have already one... */ 368 for (i = 0; i < sk_SRP_gN_cache_num(gN_cache); i++) { 369 SRP_gN_cache *cache = sk_SRP_gN_cache_value(gN_cache, i); 370 if (strcmp(cache->b64_bn, ch) == 0) 371 return cache->bn; 372 } 373 { /* it is the first time that we find it */ 374 SRP_gN_cache *newgN = SRP_gN_new_init(ch); 375 if (newgN) { 376 if (sk_SRP_gN_cache_insert(gN_cache, newgN, 0) > 0) 377 return newgN->bn; 378 SRP_gN_free(newgN); 379 } 380 } 381 return NULL; 382 } 383 384 /* 385 * This function parses the verifier file generated by the srp app. 386 * The format for each entry is: 387 * V base64(verifier) base64(salt) username gNid userinfo(optional) 388 * or 389 * I base64(N) base64(g) 390 * Note that base64 is the SRP variant of base64 encoding described 391 * in t_fromb64(). 392 */ 393 394 int SRP_VBASE_init(SRP_VBASE *vb, char *verifier_file) 395 { 396 int error_code; 397 STACK_OF(SRP_gN) *SRP_gN_tab = sk_SRP_gN_new_null(); 398 char *last_index = NULL; 399 int i; 400 char **pp; 401 402 SRP_gN *gN = NULL; 403 SRP_user_pwd *user_pwd = NULL; 404 405 TXT_DB *tmpdb = NULL; 406 BIO *in = BIO_new(BIO_s_file()); 407 408 error_code = SRP_ERR_OPEN_FILE; 409 410 if (in == NULL || BIO_read_filename(in, verifier_file) <= 0) 411 goto err; 412 413 error_code = SRP_ERR_VBASE_INCOMPLETE_FILE; 414 415 if ((tmpdb = TXT_DB_read(in, DB_NUMBER)) == NULL) 416 goto err; 417 418 error_code = SRP_ERR_MEMORY; 419 420 if (vb->seed_key) { 421 last_index = SRP_get_default_gN(NULL)->id; 422 } 423 for (i = 0; i < sk_OPENSSL_PSTRING_num(tmpdb->data); i++) { 424 pp = sk_OPENSSL_PSTRING_value(tmpdb->data, i); 425 if (pp[DB_srptype][0] == DB_SRP_INDEX) { 426 /* 427 * we add this couple in the internal Stack 428 */ 429 430 if ((gN = OPENSSL_malloc(sizeof(*gN))) == NULL) 431 goto err; 432 433 if ((gN->id = OPENSSL_strdup(pp[DB_srpid])) == NULL 434 || (gN->N = SRP_gN_place_bn(vb->gN_cache, pp[DB_srpverifier])) 435 == NULL 436 || (gN->g = SRP_gN_place_bn(vb->gN_cache, pp[DB_srpsalt])) 437 == NULL 438 || sk_SRP_gN_insert(SRP_gN_tab, gN, 0) == 0) 439 goto err; 440 441 gN = NULL; 442 443 if (vb->seed_key != NULL) { 444 last_index = pp[DB_srpid]; 445 } 446 } else if (pp[DB_srptype][0] == DB_SRP_VALID) { 447 /* it is a user .... */ 448 const SRP_gN *lgN; 449 450 if ((lgN = SRP_get_gN_by_id(pp[DB_srpgN], SRP_gN_tab)) != NULL) { 451 error_code = SRP_ERR_MEMORY; 452 if ((user_pwd = SRP_user_pwd_new()) == NULL) 453 goto err; 454 455 SRP_user_pwd_set_gN(user_pwd, lgN->g, lgN->N); 456 if (!SRP_user_pwd_set1_ids 457 (user_pwd, pp[DB_srpid], pp[DB_srpinfo])) 458 goto err; 459 460 error_code = SRP_ERR_VBASE_BN_LIB; 461 if (!SRP_user_pwd_set_sv 462 (user_pwd, pp[DB_srpsalt], pp[DB_srpverifier])) 463 goto err; 464 465 if (sk_SRP_user_pwd_insert(vb->users_pwd, user_pwd, 0) == 0) 466 goto err; 467 user_pwd = NULL; /* abandon responsibility */ 468 } 469 } 470 } 471 472 if (last_index != NULL) { 473 /* this means that we want to simulate a default user */ 474 475 if (((gN = SRP_get_gN_by_id(last_index, SRP_gN_tab)) == NULL)) { 476 error_code = SRP_ERR_VBASE_BN_LIB; 477 goto err; 478 } 479 vb->default_g = gN->g; 480 vb->default_N = gN->N; 481 gN = NULL; 482 } 483 error_code = SRP_NO_ERROR; 484 485 err: 486 /* 487 * there may be still some leaks to fix, if this fails, the application 488 * terminates most likely 489 */ 490 491 if (gN != NULL) { 492 OPENSSL_free(gN->id); 493 OPENSSL_free(gN); 494 } 495 496 SRP_user_pwd_free(user_pwd); 497 498 TXT_DB_free(tmpdb); 499 BIO_free_all(in); 500 501 sk_SRP_gN_free(SRP_gN_tab); 502 503 return error_code; 504 505 } 506 507 static SRP_user_pwd *find_user(SRP_VBASE *vb, char *username) 508 { 509 int i; 510 SRP_user_pwd *user; 511 512 if (vb == NULL) 513 return NULL; 514 515 for (i = 0; i < sk_SRP_user_pwd_num(vb->users_pwd); i++) { 516 user = sk_SRP_user_pwd_value(vb->users_pwd, i); 517 if (strcmp(user->id, username) == 0) 518 return user; 519 } 520 521 return NULL; 522 } 523 524 int SRP_VBASE_add0_user(SRP_VBASE *vb, SRP_user_pwd *user_pwd) 525 { 526 if (sk_SRP_user_pwd_push(vb->users_pwd, user_pwd) <= 0) 527 return 0; 528 return 1; 529 } 530 531 # ifndef OPENSSL_NO_DEPRECATED_1_1_0 532 /* 533 * DEPRECATED: use SRP_VBASE_get1_by_user instead. 534 * This method ignores the configured seed and fails for an unknown user. 535 * Ownership of the returned pointer is not released to the caller. 536 * In other words, caller must not free the result. 537 */ 538 SRP_user_pwd *SRP_VBASE_get_by_user(SRP_VBASE *vb, char *username) 539 { 540 return find_user(vb, username); 541 } 542 # endif 543 544 /* 545 * Ownership of the returned pointer is released to the caller. 546 * In other words, caller must free the result once done. 547 */ 548 SRP_user_pwd *SRP_VBASE_get1_by_user(SRP_VBASE *vb, char *username) 549 { 550 SRP_user_pwd *user; 551 unsigned char digv[SHA_DIGEST_LENGTH]; 552 unsigned char digs[SHA_DIGEST_LENGTH]; 553 EVP_MD_CTX *ctxt = NULL; 554 EVP_MD *md = NULL; 555 556 if (vb == NULL) 557 return NULL; 558 559 if ((user = find_user(vb, username)) != NULL) 560 return srp_user_pwd_dup(user); 561 562 if ((vb->seed_key == NULL) || 563 (vb->default_g == NULL) || (vb->default_N == NULL)) 564 return NULL; 565 566 /* if the user is unknown we set parameters as well if we have a seed_key */ 567 568 if ((user = SRP_user_pwd_new()) == NULL) 569 return NULL; 570 571 SRP_user_pwd_set_gN(user, vb->default_g, vb->default_N); 572 573 if (!SRP_user_pwd_set1_ids(user, username, NULL)) 574 goto err; 575 576 if (RAND_priv_bytes(digv, SHA_DIGEST_LENGTH) <= 0) 577 goto err; 578 md = EVP_MD_fetch(NULL, SN_sha1, NULL); 579 if (md == NULL) 580 goto err; 581 ctxt = EVP_MD_CTX_new(); 582 if (ctxt == NULL 583 || !EVP_DigestInit_ex(ctxt, md, NULL) 584 || !EVP_DigestUpdate(ctxt, vb->seed_key, strlen(vb->seed_key)) 585 || !EVP_DigestUpdate(ctxt, username, strlen(username)) 586 || !EVP_DigestFinal_ex(ctxt, digs, NULL)) 587 goto err; 588 EVP_MD_CTX_free(ctxt); 589 ctxt = NULL; 590 EVP_MD_free(md); 591 md = NULL; 592 if (SRP_user_pwd_set0_sv(user, 593 BN_bin2bn(digs, SHA_DIGEST_LENGTH, NULL), 594 BN_bin2bn(digv, SHA_DIGEST_LENGTH, NULL))) 595 return user; 596 597 err: 598 EVP_MD_free(md); 599 EVP_MD_CTX_free(ctxt); 600 SRP_user_pwd_free(user); 601 return NULL; 602 } 603 604 /* 605 * create a verifier (*salt,*verifier,g and N are in base64) 606 */ 607 char *SRP_create_verifier_ex(const char *user, const char *pass, char **salt, 608 char **verifier, const char *N, const char *g, 609 OSSL_LIB_CTX *libctx, const char *propq) 610 { 611 int len; 612 char *result = NULL, *vf = NULL; 613 const BIGNUM *N_bn = NULL, *g_bn = NULL; 614 BIGNUM *N_bn_alloc = NULL, *g_bn_alloc = NULL, *s = NULL, *v = NULL; 615 unsigned char tmp[MAX_LEN]; 616 unsigned char tmp2[MAX_LEN]; 617 char *defgNid = NULL; 618 int vfsize = 0; 619 620 if ((user == NULL) || 621 (pass == NULL) || (salt == NULL) || (verifier == NULL)) 622 goto err; 623 624 if (N) { 625 if ((len = t_fromb64(tmp, sizeof(tmp), N)) <= 0) 626 goto err; 627 N_bn_alloc = BN_bin2bn(tmp, len, NULL); 628 if (N_bn_alloc == NULL) 629 goto err; 630 N_bn = N_bn_alloc; 631 if ((len = t_fromb64(tmp, sizeof(tmp) ,g)) <= 0) 632 goto err; 633 g_bn_alloc = BN_bin2bn(tmp, len, NULL); 634 if (g_bn_alloc == NULL) 635 goto err; 636 g_bn = g_bn_alloc; 637 defgNid = "*"; 638 } else { 639 SRP_gN *gN = SRP_get_default_gN(g); 640 if (gN == NULL) 641 goto err; 642 N_bn = gN->N; 643 g_bn = gN->g; 644 defgNid = gN->id; 645 } 646 647 if (*salt == NULL) { 648 if (RAND_bytes_ex(libctx, tmp2, SRP_RANDOM_SALT_LEN, 0) <= 0) 649 goto err; 650 651 s = BN_bin2bn(tmp2, SRP_RANDOM_SALT_LEN, NULL); 652 } else { 653 if ((len = t_fromb64(tmp2, sizeof(tmp2), *salt)) <= 0) 654 goto err; 655 s = BN_bin2bn(tmp2, len, NULL); 656 } 657 if (s == NULL) 658 goto err; 659 660 if (!SRP_create_verifier_BN_ex(user, pass, &s, &v, N_bn, g_bn, libctx, 661 propq)) 662 goto err; 663 664 if (BN_bn2bin(v, tmp) < 0) 665 goto err; 666 vfsize = BN_num_bytes(v) * 2; 667 if (((vf = OPENSSL_malloc(vfsize)) == NULL)) 668 goto err; 669 if (!t_tob64(vf, tmp, BN_num_bytes(v))) 670 goto err; 671 672 if (*salt == NULL) { 673 char *tmp_salt; 674 675 if ((tmp_salt = OPENSSL_malloc(SRP_RANDOM_SALT_LEN * 2)) == NULL) { 676 goto err; 677 } 678 if (!t_tob64(tmp_salt, tmp2, SRP_RANDOM_SALT_LEN)) { 679 OPENSSL_free(tmp_salt); 680 goto err; 681 } 682 *salt = tmp_salt; 683 } 684 685 *verifier = vf; 686 vf = NULL; 687 result = defgNid; 688 689 err: 690 BN_free(N_bn_alloc); 691 BN_free(g_bn_alloc); 692 OPENSSL_clear_free(vf, vfsize); 693 BN_clear_free(s); 694 BN_clear_free(v); 695 return result; 696 } 697 698 char *SRP_create_verifier(const char *user, const char *pass, char **salt, 699 char **verifier, const char *N, const char *g) 700 { 701 return SRP_create_verifier_ex(user, pass, salt, verifier, N, g, NULL, NULL); 702 } 703 704 /* 705 * create a verifier (*salt,*verifier,g and N are BIGNUMs). If *salt != NULL 706 * then the provided salt will be used. On successful exit *verifier will point 707 * to a newly allocated BIGNUM containing the verifier and (if a salt was not 708 * provided) *salt will be populated with a newly allocated BIGNUM containing a 709 * random salt. 710 * The caller is responsible for freeing the allocated *salt and *verifier 711 * BIGNUMS. 712 */ 713 int SRP_create_verifier_BN_ex(const char *user, const char *pass, BIGNUM **salt, 714 BIGNUM **verifier, const BIGNUM *N, 715 const BIGNUM *g, OSSL_LIB_CTX *libctx, 716 const char *propq) 717 { 718 int result = 0; 719 BIGNUM *x = NULL; 720 BN_CTX *bn_ctx = BN_CTX_new_ex(libctx); 721 unsigned char tmp2[MAX_LEN]; 722 BIGNUM *salttmp = NULL, *verif; 723 724 if ((user == NULL) || 725 (pass == NULL) || 726 (salt == NULL) || 727 (verifier == NULL) || (N == NULL) || (g == NULL) || (bn_ctx == NULL)) 728 goto err; 729 730 if (*salt == NULL) { 731 if (RAND_bytes_ex(libctx, tmp2, SRP_RANDOM_SALT_LEN, 0) <= 0) 732 goto err; 733 734 salttmp = BN_bin2bn(tmp2, SRP_RANDOM_SALT_LEN, NULL); 735 if (salttmp == NULL) 736 goto err; 737 } else { 738 salttmp = *salt; 739 } 740 741 x = SRP_Calc_x_ex(salttmp, user, pass, libctx, propq); 742 if (x == NULL) 743 goto err; 744 745 verif = BN_new(); 746 if (verif == NULL) 747 goto err; 748 749 if (!BN_mod_exp(verif, g, x, N, bn_ctx)) { 750 BN_clear_free(verif); 751 goto err; 752 } 753 754 result = 1; 755 *salt = salttmp; 756 *verifier = verif; 757 758 err: 759 if (salt != NULL && *salt != salttmp) 760 BN_clear_free(salttmp); 761 BN_clear_free(x); 762 BN_CTX_free(bn_ctx); 763 return result; 764 } 765 766 int SRP_create_verifier_BN(const char *user, const char *pass, BIGNUM **salt, 767 BIGNUM **verifier, const BIGNUM *N, 768 const BIGNUM *g) 769 { 770 return SRP_create_verifier_BN_ex(user, pass, salt, verifier, N, g, NULL, 771 NULL); 772 } 773 #endif 774