From ebfd055b29861b127c9cf4ed76553e109301fc64 Mon Sep 17 00:00:00 2001 From: Antoine Salon Date: Thu, 1 Nov 2018 15:41:16 -0700 Subject: [PATCH] Making SRP_user_pwd functions public Signed-off-by: Antoine Salon Reviewed-by: Paul Dale Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/7522) --- crypto/srp/srp_vfy.c | 26 +++++++----- doc/man3/SRP_VBASE_new.pod | 18 ++++---- doc/man3/SRP_create_verifier.pod | 19 ++++----- doc/man3/SRP_user_pwd_new.pod | 70 ++++++++++++++++++++++++++++++++ include/openssl/srp.h | 5 +++ util/libcrypto.num | 4 ++ 6 files changed, 109 insertions(+), 33 deletions(-) create mode 100644 doc/man3/SRP_user_pwd_new.pod diff --git a/crypto/srp/srp_vfy.c b/crypto/srp/srp_vfy.c index 397d26c9d7..bfe517b471 100644 --- a/crypto/srp/srp_vfy.c +++ b/crypto/srp/srp_vfy.c @@ -184,7 +184,7 @@ void SRP_user_pwd_free(SRP_user_pwd *user_pwd) OPENSSL_free(user_pwd); } -static SRP_user_pwd *SRP_user_pwd_new(void) +SRP_user_pwd *SRP_user_pwd_new(void) { SRP_user_pwd *ret; @@ -201,16 +201,18 @@ static SRP_user_pwd *SRP_user_pwd_new(void) return ret; } -static void SRP_user_pwd_set_gN(SRP_user_pwd *vinfo, const BIGNUM *g, - const BIGNUM *N) +void SRP_user_pwd_set_gN(SRP_user_pwd *vinfo, const BIGNUM *g, + const BIGNUM *N) { vinfo->N = N; vinfo->g = g; } -static int SRP_user_pwd_set_ids(SRP_user_pwd *vinfo, const char *id, - const char *info) +int SRP_user_pwd_set1_ids(SRP_user_pwd *vinfo, const char *id, + const char *info) { + OPENSSL_free(vinfo->id); + OPENSSL_free(vinfo->info); if (id != NULL && NULL == (vinfo->id = OPENSSL_strdup(id))) return 0; return (info == NULL || NULL != (vinfo->info = OPENSSL_strdup(info))); @@ -243,8 +245,10 @@ static int SRP_user_pwd_set_sv(SRP_user_pwd *vinfo, const char *s, return 0; } -static int SRP_user_pwd_set_sv_BN(SRP_user_pwd *vinfo, BIGNUM *s, BIGNUM *v) +int SRP_user_pwd_set0_sv(SRP_user_pwd *vinfo, BIGNUM *s, BIGNUM *v) { + BN_free(vinfo->s); + BN_clear_free(vinfo->v); vinfo->v = v; vinfo->s = s; return (vinfo->s != NULL && vinfo->v != NULL); @@ -260,8 +264,8 @@ static SRP_user_pwd *srp_user_pwd_dup(SRP_user_pwd *src) return NULL; SRP_user_pwd_set_gN(ret, src->g, src->N); - if (!SRP_user_pwd_set_ids(ret, src->id, src->info) - || !SRP_user_pwd_set_sv_BN(ret, BN_dup(src->s), BN_dup(src->v))) { + if (!SRP_user_pwd_set1_ids(ret, src->id, src->info) + || !SRP_user_pwd_set0_sv(ret, BN_dup(src->s), BN_dup(src->v))) { SRP_user_pwd_free(ret); return NULL; } @@ -446,7 +450,7 @@ int SRP_VBASE_init(SRP_VBASE *vb, char *verifier_file) goto err; SRP_user_pwd_set_gN(user_pwd, lgN->g, lgN->N); - if (!SRP_user_pwd_set_ids + if (!SRP_user_pwd_set1_ids (user_pwd, pp[DB_srpid], pp[DB_srpinfo])) goto err; @@ -562,7 +566,7 @@ SRP_user_pwd *SRP_VBASE_get1_by_user(SRP_VBASE *vb, char *username) SRP_user_pwd_set_gN(user, vb->default_g, vb->default_N); - if (!SRP_user_pwd_set_ids(user, username, NULL)) + if (!SRP_user_pwd_set1_ids(user, username, NULL)) goto err; if (RAND_priv_bytes(digv, SHA_DIGEST_LENGTH) <= 0) @@ -576,7 +580,7 @@ SRP_user_pwd *SRP_VBASE_get1_by_user(SRP_VBASE *vb, char *username) goto err; EVP_MD_CTX_free(ctxt); ctxt = NULL; - if (SRP_user_pwd_set_sv_BN(user, + if (SRP_user_pwd_set0_sv(user, BN_bin2bn(digs, SHA_DIGEST_LENGTH, NULL), BN_bin2bn(digv, SHA_DIGEST_LENGTH, NULL))) return user; diff --git a/doc/man3/SRP_VBASE_new.pod b/doc/man3/SRP_VBASE_new.pod index 76044ac451..8a0fb6da8b 100644 --- a/doc/man3/SRP_VBASE_new.pod +++ b/doc/man3/SRP_VBASE_new.pod @@ -4,7 +4,6 @@ SRP_VBASE_new, SRP_VBASE_free, -SRP_user_pwd_free, SRP_VBASE_init, SRP_VBASE_add0_user, SRP_VBASE_get1_by_user, @@ -17,7 +16,6 @@ SRP_VBASE_get_by_user SRP_VBASE *SRP_VBASE_new(char *seed_key); void SRP_VBASE_free(SRP_VBASE *vb); - void SRP_user_pwd_free(SRP_user_pwd *user_pwd); int SRP_VBASE_init(SRP_VBASE *vb, char *verifier_file); @@ -28,19 +26,17 @@ SRP_VBASE_get_by_user =head1 DESCRIPTION The SRP_VBASE_new() function allocates a structure to store server side SRP -verifier information. If B is not NULL a copy is stored and used to -generate dummy parameters for users that are not found by SRP_VBASE_get1_by_user(). -This allows the server to hide the fact that it doesn't have a verifier for a -particular username, as described in section 2.5.1.3 'Unknown SRP' of RFC 5054. +verifier information. +If B is not NULL a copy is stored and used to generate dummy parameters +for users that are not found by SRP_VBASE_get1_by_user(). This allows the server +to hide the fact that it doesn't have a verifier for a particular username, +as described in section 2.5.1.3 'Unknown SRP' of RFC 5054. The seed string should contain random NUL terminated binary data (therefore the random data should not contain NUL bytes!). The SRP_VBASE_free() function frees up the B structure. If B is NULL, nothing is done. -The SRP_user_pwd_free() function frees up the B structure. -If B is NULL, nothing is done. - The SRP_VBASE_init() function parses the information in a verifier file and populates the B structure. The verifier file is a text file containing multiple entries, whose format is: @@ -50,7 +46,8 @@ Note that the base64 encoding used here is non-standard so it is recommended to use L to generate this file. The SRP_VBASE_add0_user() function adds the B verifier information -to the B structure. +to the B structure. See L to create and populate this +record. The library takes ownership of B, it should not be freed by the caller. The SRP_VBASE_get1_by_user() function returns the password info for the user @@ -81,6 +78,7 @@ SRP_VBASE_add0_user() returns 1 on success and 0 on failure. L, L, +L, L =head1 HISTORY diff --git a/doc/man3/SRP_create_verifier.pod b/doc/man3/SRP_create_verifier.pod index f899b2471a..ac7c05b23e 100644 --- a/doc/man3/SRP_create_verifier.pod +++ b/doc/man3/SRP_create_verifier.pod @@ -38,7 +38,7 @@ and its use is discouraged. It is possible to pass NULL as B and an SRP group id as B instead to load the appropriate gN values (see SRP_get_default_gN()). If both B and B are NULL the 8192-bit SRP group parameters are used. -The caller is responsible for freeing the allocated *salt and *verifier char* +The caller is responsible for freeing the allocated B<*salt> and B<*verifier> (use L). The SRP_check_known_gN_param() function checks that B and B are valid @@ -76,28 +76,23 @@ omitted for clarity): SRP_VBASE *srpData = SRP_VBASE_new(NULL); - SRP_user_pwd *pwd = (SRP_user_pwd*) OPENSSL_malloc(sizeof(SRP_user_pwd)); SRP_gN *gN = SRP_get_default_gN("8192"); BIGNUM *salt = NULL, *verifier = NULL; SRP_create_verifier_BN(username, password, &salt, &verifier, gN->N, gN->g); - // TODO: replace with SRP_user_pwd_new() - pwd->id = OPENSSL_strdup(username); - pwd->g = gN->g; - pwd->N = gN->N; - pwd->s = salt; - pwd->v = verifier; - pwd->info = NULL; + SRP_user_pwd *pwd = SRP_user_pwd_new(); + SRP_user_pwd_set1_ids(pwd, username, NULL); + SRP_user_pwd_set0_sv(pwd, salt, verifier); + SRP_user_pwd_set_gN(pwd, gN->g, gN->N); SRP_VBASE_add0_user(srpData, pwd); =head1 SEE ALSO L, -L, -L, -L +L, +L =head1 HISTORY diff --git a/doc/man3/SRP_user_pwd_new.pod b/doc/man3/SRP_user_pwd_new.pod new file mode 100644 index 0000000000..4f631a1d31 --- /dev/null +++ b/doc/man3/SRP_user_pwd_new.pod @@ -0,0 +1,70 @@ +=pod + +=head1 NAME + +SRP_user_pwd_new, +SRP_user_pwd_free, +SRP_user_pwd_set1_ids, +SRP_user_pwd_set_gN, +SRP_user_pwd_set0_sv +- Functions to create a record of SRP user verifier information + +=head1 SYNOPSIS + + #include + + SRP_user_pwd *SRP_user_pwd_new(void); + void SRP_user_pwd_free(SRP_user_pwd *user_pwd); + + int SRP_user_pwd_set1_ids(SRP_user_pwd *user_pwd, const char *id, const char *info); + void SRP_user_pwd_set_gN(SRP_user_pwd *user_pwd, const BIGNUM *g, const BIGNUM *N); + int SRP_user_pwd_set0_sv(SRP_user_pwd *user_pwd, BIGNUM *s, BIGNUM *v); + +=head1 DESCRIPTION + +The SRP_user_pwd_new() function allocates a structure to store a user verifier +record. + +The SRP_user_pwd_free() function frees up the B structure. +If B is NULL, nothing is done. + +The SRP_user_pwd_set1_ids() function sets the username to B and the optional +user info to B for B. +The library allocates new copies of B and B, the caller still +owns the original memory. + +The SRP_user_pwd_set0_sv() function sets the user salt to B and the verifier +to B for B. +The library takes ownership of the values, they should not be freed by the caller. + +The SRP_user_pwd_set_gN() function sets the SRP group parameters for B. +The memory is not freed by SRP_user_pwd_free(), the caller must make sure it is +freed once it is no longer used. + +=head1 RETURN VALUES + +SRP_user_pwd_set1_ids() returns 1 on success and 0 on failure or if B was NULL. + +SRP_user_pwd_set0_sv() returns 1 if both B and B are not NULL, 0 otherwise. + +=head1 SEE ALSO + +L, +L, +L, +L + +=head1 HISTORY + +These functions were made public in OpenSSL 1.2.0. + +=head1 COPYRIGHT + +Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. + +Licensed under the OpenSSL license (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +L. + +=cut diff --git a/include/openssl/srp.h b/include/openssl/srp.h index 8189d3e403..86fe6f4940 100644 --- a/include/openssl/srp.h +++ b/include/openssl/srp.h @@ -47,8 +47,13 @@ typedef struct SRP_user_pwd_st { char *info; } SRP_user_pwd; +SRP_user_pwd *SRP_user_pwd_new(void); void SRP_user_pwd_free(SRP_user_pwd *user_pwd); +void SRP_user_pwd_set_gN(SRP_user_pwd *user_pwd, const BIGNUM *g, const BIGNUM *N); +int SRP_user_pwd_set1_ids(SRP_user_pwd *user_pwd, const char *id, const char *info); +int SRP_user_pwd_set0_sv(SRP_user_pwd *user_pwd, BIGNUM *s, BIGNUM *v); + DEFINE_STACK_OF(SRP_user_pwd) typedef struct SRP_VBASE_st { diff --git a/util/libcrypto.num b/util/libcrypto.num index c1c90110a8..f7d6cb5823 100644 --- a/util/libcrypto.num +++ b/util/libcrypto.num @@ -4599,3 +4599,7 @@ EVP_str2ctrl 4552 1_1_2 EXIST::FUNCTION: EVP_hex2ctrl 4553 1_1_2 EXIST::FUNCTION: EVP_PKEY_supports_digest_nid 4554 1_1_2 EXIST::FUNCTION: SRP_VBASE_add0_user 4555 1_1_2 EXIST::FUNCTION:SRP +SRP_user_pwd_new 4556 1_1_2 EXIST::FUNCTION:SRP +SRP_user_pwd_set_gN 4557 1_1_2 EXIST::FUNCTION:SRP +SRP_user_pwd_set1_ids 4558 1_1_2 EXIST::FUNCTION:SRP +SRP_user_pwd_set0_sv 4559 1_1_2 EXIST::FUNCTION:SRP -- 2.25.1