From ebfd055b29861b127c9cf4ed76553e109301fc64 Mon Sep 17 00:00:00 2001
From: Antoine Salon <asalon@vmware.com>
Date: Thu, 1 Nov 2018 15:41:16 -0700
Subject: [PATCH] Making SRP_user_pwd functions public

Signed-off-by: Antoine Salon <asalon@vmware.com>

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7522)
---
 crypto/srp/srp_vfy.c             | 26 +++++++-----
 doc/man3/SRP_VBASE_new.pod       | 18 ++++----
 doc/man3/SRP_create_verifier.pod | 19 ++++-----
 doc/man3/SRP_user_pwd_new.pod    | 70 ++++++++++++++++++++++++++++++++
 include/openssl/srp.h            |  5 +++
 util/libcrypto.num               |  4 ++
 6 files changed, 109 insertions(+), 33 deletions(-)
 create mode 100644 doc/man3/SRP_user_pwd_new.pod

diff --git a/crypto/srp/srp_vfy.c b/crypto/srp/srp_vfy.c
index 397d26c9d7..bfe517b471 100644
--- a/crypto/srp/srp_vfy.c
+++ b/crypto/srp/srp_vfy.c
@@ -184,7 +184,7 @@ void SRP_user_pwd_free(SRP_user_pwd *user_pwd)
     OPENSSL_free(user_pwd);
 }
 
-static SRP_user_pwd *SRP_user_pwd_new(void)
+SRP_user_pwd *SRP_user_pwd_new(void)
 {
     SRP_user_pwd *ret;
     
@@ -201,16 +201,18 @@ static SRP_user_pwd *SRP_user_pwd_new(void)
     return ret;
 }
 
-static void SRP_user_pwd_set_gN(SRP_user_pwd *vinfo, const BIGNUM *g,
-                                const BIGNUM *N)
+void SRP_user_pwd_set_gN(SRP_user_pwd *vinfo, const BIGNUM *g,
+                         const BIGNUM *N)
 {
     vinfo->N = N;
     vinfo->g = g;
 }
 
-static int SRP_user_pwd_set_ids(SRP_user_pwd *vinfo, const char *id,
-                                const char *info)
+int SRP_user_pwd_set1_ids(SRP_user_pwd *vinfo, const char *id,
+                          const char *info)
 {
+    OPENSSL_free(vinfo->id);
+    OPENSSL_free(vinfo->info);
     if (id != NULL && NULL == (vinfo->id = OPENSSL_strdup(id)))
         return 0;
     return (info == NULL || NULL != (vinfo->info = OPENSSL_strdup(info)));
@@ -243,8 +245,10 @@ static int SRP_user_pwd_set_sv(SRP_user_pwd *vinfo, const char *s,
     return 0;
 }
 
-static int SRP_user_pwd_set_sv_BN(SRP_user_pwd *vinfo, BIGNUM *s, BIGNUM *v)
+int SRP_user_pwd_set0_sv(SRP_user_pwd *vinfo, BIGNUM *s, BIGNUM *v)
 {
+    BN_free(vinfo->s);
+    BN_clear_free(vinfo->v);
     vinfo->v = v;
     vinfo->s = s;
     return (vinfo->s != NULL && vinfo->v != NULL);
@@ -260,8 +264,8 @@ static SRP_user_pwd *srp_user_pwd_dup(SRP_user_pwd *src)
         return NULL;
 
     SRP_user_pwd_set_gN(ret, src->g, src->N);
-    if (!SRP_user_pwd_set_ids(ret, src->id, src->info)
-        || !SRP_user_pwd_set_sv_BN(ret, BN_dup(src->s), BN_dup(src->v))) {
+    if (!SRP_user_pwd_set1_ids(ret, src->id, src->info)
+        || !SRP_user_pwd_set0_sv(ret, BN_dup(src->s), BN_dup(src->v))) {
             SRP_user_pwd_free(ret);
             return NULL;
     }
@@ -446,7 +450,7 @@ int SRP_VBASE_init(SRP_VBASE *vb, char *verifier_file)
                     goto err;
 
                 SRP_user_pwd_set_gN(user_pwd, lgN->g, lgN->N);
-                if (!SRP_user_pwd_set_ids
+                if (!SRP_user_pwd_set1_ids
                     (user_pwd, pp[DB_srpid], pp[DB_srpinfo]))
                     goto err;
 
@@ -562,7 +566,7 @@ SRP_user_pwd *SRP_VBASE_get1_by_user(SRP_VBASE *vb, char *username)
 
     SRP_user_pwd_set_gN(user, vb->default_g, vb->default_N);
 
-    if (!SRP_user_pwd_set_ids(user, username, NULL))
+    if (!SRP_user_pwd_set1_ids(user, username, NULL))
         goto err;
 
     if (RAND_priv_bytes(digv, SHA_DIGEST_LENGTH) <= 0)
@@ -576,7 +580,7 @@ SRP_user_pwd *SRP_VBASE_get1_by_user(SRP_VBASE *vb, char *username)
         goto err;
     EVP_MD_CTX_free(ctxt);
     ctxt = NULL;
-    if (SRP_user_pwd_set_sv_BN(user,
+    if (SRP_user_pwd_set0_sv(user,
                                BN_bin2bn(digs, SHA_DIGEST_LENGTH, NULL),
                                BN_bin2bn(digv, SHA_DIGEST_LENGTH, NULL)))
         return user;
diff --git a/doc/man3/SRP_VBASE_new.pod b/doc/man3/SRP_VBASE_new.pod
index 76044ac451..8a0fb6da8b 100644
--- a/doc/man3/SRP_VBASE_new.pod
+++ b/doc/man3/SRP_VBASE_new.pod
@@ -4,7 +4,6 @@
 
 SRP_VBASE_new,
 SRP_VBASE_free,
-SRP_user_pwd_free,
 SRP_VBASE_init,
 SRP_VBASE_add0_user,
 SRP_VBASE_get1_by_user,
@@ -17,7 +16,6 @@ SRP_VBASE_get_by_user
 
  SRP_VBASE *SRP_VBASE_new(char *seed_key);
  void SRP_VBASE_free(SRP_VBASE *vb);
- void SRP_user_pwd_free(SRP_user_pwd *user_pwd);
 
  int SRP_VBASE_init(SRP_VBASE *vb, char *verifier_file);
 
@@ -28,19 +26,17 @@ SRP_VBASE_get_by_user
 =head1 DESCRIPTION
 
 The SRP_VBASE_new() function allocates a structure to store server side SRP
-verifier information. If B<seed_key> is not NULL a copy is stored and used to
-generate dummy parameters for users that are not found by SRP_VBASE_get1_by_user().
-This allows the server to hide the fact that it doesn't have a verifier for a
-particular username, as described in section 2.5.1.3 'Unknown SRP' of RFC 5054.
+verifier information.
+If B<seed_key> is not NULL a copy is stored and used to generate dummy parameters
+for users that are not found by SRP_VBASE_get1_by_user(). This allows the server
+to hide the fact that it doesn't have a verifier for a particular username,
+as described in section 2.5.1.3 'Unknown SRP' of RFC 5054.
 The seed string should contain random NUL terminated binary data (therefore
 the random data should not contain NUL bytes!).
 
 The SRP_VBASE_free() function frees up the B<vb> structure.
 If B<vb> is NULL, nothing is done.
 
-The SRP_user_pwd_free() function frees up the B<user_pwd> structure.
-If B<user_pwd> is NULL, nothing is done.
-
 The SRP_VBASE_init() function parses the information in a verifier file and
 populates the B<vb> structure.
 The verifier file is a text file containing multiple entries, whose format is:
@@ -50,7 +46,8 @@ Note that the base64 encoding used here is non-standard so it is recommended
 to use L<srp(1)> to generate this file.
 
 The SRP_VBASE_add0_user() function adds the B<user_pwd> verifier information
-to the B<vb> structure.
+to the B<vb> structure. See L<SRP_user_pwd_new(3)> to create and populate this
+record.
 The library takes ownership of B<user_pwd>, it should not be freed by the caller.
 
 The SRP_VBASE_get1_by_user() function returns the password info for the user
@@ -81,6 +78,7 @@ SRP_VBASE_add0_user() returns 1 on success and 0 on failure.
 
 L<srp(1)>,
 L<SRP_create_verifier(3)>,
+L<SRP_user_pwd_new(3)>,
 L<SSL_CTX_set_srp_password(3)>
 
 =head1 HISTORY
diff --git a/doc/man3/SRP_create_verifier.pod b/doc/man3/SRP_create_verifier.pod
index f899b2471a..ac7c05b23e 100644
--- a/doc/man3/SRP_create_verifier.pod
+++ b/doc/man3/SRP_create_verifier.pod
@@ -38,7 +38,7 @@ and its use is discouraged.
 It is possible to pass NULL as B<N> and an SRP group id as B<g> instead to
 load the appropriate gN values (see SRP_get_default_gN()).
 If both B<N> and B<g> are NULL the 8192-bit SRP group parameters are used.
-The caller is responsible for freeing the allocated *salt and *verifier char*
+The caller is responsible for freeing the allocated B<*salt> and B<*verifier>
 (use L<OPENSSL_free(3)>).
 
 The SRP_check_known_gN_param() function checks that B<g> and B<N> are valid
@@ -76,28 +76,23 @@ omitted for clarity):
 
  SRP_VBASE *srpData = SRP_VBASE_new(NULL);
 
- SRP_user_pwd *pwd = (SRP_user_pwd*) OPENSSL_malloc(sizeof(SRP_user_pwd));
  SRP_gN *gN = SRP_get_default_gN("8192");
 
  BIGNUM *salt = NULL, *verifier = NULL;
  SRP_create_verifier_BN(username, password, &salt, &verifier, gN->N, gN->g);
 
- // TODO: replace with SRP_user_pwd_new()
- pwd->id = OPENSSL_strdup(username);
- pwd->g = gN->g;
- pwd->N = gN->N;
- pwd->s = salt;
- pwd->v = verifier;
- pwd->info = NULL;
+ SRP_user_pwd *pwd = SRP_user_pwd_new();
+ SRP_user_pwd_set1_ids(pwd, username, NULL);
+ SRP_user_pwd_set0_sv(pwd, salt, verifier);
+ SRP_user_pwd_set_gN(pwd, gN->g, gN->N);
 
  SRP_VBASE_add0_user(srpData, pwd);
 
 =head1 SEE ALSO
 
 L<srp(1)>,
-L<BN_new(3)>,
-L<OPENSSL_malloc(3)>,
-L<SRP_VBASE_new(3)>
+L<SRP_VBASE_new(3)>,
+L<SRP_user_pwd_new(3)>
 
 =head1 HISTORY
 
diff --git a/doc/man3/SRP_user_pwd_new.pod b/doc/man3/SRP_user_pwd_new.pod
new file mode 100644
index 0000000000..4f631a1d31
--- /dev/null
+++ b/doc/man3/SRP_user_pwd_new.pod
@@ -0,0 +1,70 @@
+=pod
+
+=head1 NAME
+
+SRP_user_pwd_new,
+SRP_user_pwd_free,
+SRP_user_pwd_set1_ids,
+SRP_user_pwd_set_gN,
+SRP_user_pwd_set0_sv
+- Functions to create a record of SRP user verifier information
+
+=head1 SYNOPSIS
+
+ #include <openssl/srp.h>
+
+ SRP_user_pwd *SRP_user_pwd_new(void);
+ void SRP_user_pwd_free(SRP_user_pwd *user_pwd);
+
+ int SRP_user_pwd_set1_ids(SRP_user_pwd *user_pwd, const char *id, const char *info);
+ void SRP_user_pwd_set_gN(SRP_user_pwd *user_pwd, const BIGNUM *g, const BIGNUM *N);
+ int SRP_user_pwd_set0_sv(SRP_user_pwd *user_pwd, BIGNUM *s, BIGNUM *v);
+
+=head1 DESCRIPTION
+
+The SRP_user_pwd_new() function allocates a structure to store a user verifier
+record.
+
+The SRP_user_pwd_free() function frees up the B<user_pwd> structure.
+If B<user_pwd> is NULL, nothing is done.
+
+The SRP_user_pwd_set1_ids() function sets the username to B<id> and the optional
+user info to B<info> for B<user_pwd>.
+The library allocates new copies of B<id> and B<info>, the caller still
+owns the original memory.
+
+The SRP_user_pwd_set0_sv() function sets the user salt to B<s> and the verifier
+to B<v> for B<user_pwd>.
+The library takes ownership of the values, they should not be freed by the caller.
+
+The SRP_user_pwd_set_gN() function sets the SRP group parameters for B<user_pwd>.
+The memory is not freed by SRP_user_pwd_free(), the caller must make sure it is
+freed once it is no longer used.
+
+=head1 RETURN VALUES
+
+SRP_user_pwd_set1_ids() returns 1 on success and 0 on failure or if B<id> was NULL.
+
+SRP_user_pwd_set0_sv() returns 1 if both B<s> and B<v> are not NULL, 0 otherwise.
+
+=head1 SEE ALSO
+
+L<srp(1)>,
+L<SRP_create_verifier(3)>,
+L<SRP_VBASE_new(3)>,
+L<SSL_CTX_set_srp_password(3)>
+
+=head1 HISTORY
+
+These functions were made public in OpenSSL 1.2.0.
+
+=head1 COPYRIGHT
+
+Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/include/openssl/srp.h b/include/openssl/srp.h
index 8189d3e403..86fe6f4940 100644
--- a/include/openssl/srp.h
+++ b/include/openssl/srp.h
@@ -47,8 +47,13 @@ typedef struct SRP_user_pwd_st {
     char *info;
 } SRP_user_pwd;
 
+SRP_user_pwd *SRP_user_pwd_new(void);
 void SRP_user_pwd_free(SRP_user_pwd *user_pwd);
 
+void SRP_user_pwd_set_gN(SRP_user_pwd *user_pwd, const BIGNUM *g, const BIGNUM *N);
+int SRP_user_pwd_set1_ids(SRP_user_pwd *user_pwd, const char *id, const char *info);
+int SRP_user_pwd_set0_sv(SRP_user_pwd *user_pwd, BIGNUM *s, BIGNUM *v);
+
 DEFINE_STACK_OF(SRP_user_pwd)
 
 typedef struct SRP_VBASE_st {
diff --git a/util/libcrypto.num b/util/libcrypto.num
index c1c90110a8..f7d6cb5823 100644
--- a/util/libcrypto.num
+++ b/util/libcrypto.num
@@ -4599,3 +4599,7 @@ EVP_str2ctrl                            4552	1_1_2	EXIST::FUNCTION:
 EVP_hex2ctrl                            4553	1_1_2	EXIST::FUNCTION:
 EVP_PKEY_supports_digest_nid            4554	1_1_2	EXIST::FUNCTION:
 SRP_VBASE_add0_user                     4555	1_1_2	EXIST::FUNCTION:SRP
+SRP_user_pwd_new                        4556	1_1_2	EXIST::FUNCTION:SRP
+SRP_user_pwd_set_gN                     4557	1_1_2	EXIST::FUNCTION:SRP
+SRP_user_pwd_set1_ids                   4558	1_1_2	EXIST::FUNCTION:SRP
+SRP_user_pwd_set0_sv                    4559	1_1_2	EXIST::FUNCTION:SRP
-- 
2.25.1