wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Making SRP_user_pwd functions public

Browse source 
Signed-off-by: Antoine Salon <asalon@vmware.com>

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7522)
This commit is contained in:
Antoine Salon 2018-11-01 15:41:16 -07:00 committed by Matt Caswell
parent 51f03f1227
commit ebfd055b29
6 changed files with 109 additions and 33 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

26
crypto/srp/srp_vfy.c
View file

@ -184,7 +184,7 @@ void SRP_user_pwd_free(SRP_user_pwd *user_pwd)
OPENSSL_free(user_pwd);
}
static SRP_user_pwd *SRP_user_pwd_new(void)
SRP_user_pwd *SRP_user_pwd_new(void)
{
SRP_user_pwd *ret;
@ -201,16 +201,18 @@ static SRP_user_pwd *SRP_user_pwd_new(void)
return ret;
}
static void SRP_user_pwd_set_gN(SRP_user_pwd *vinfo, const BIGNUM *g,
const BIGNUM *N)
void SRP_user_pwd_set_gN(SRP_user_pwd *vinfo, const BIGNUM *g,
const BIGNUM *N)
{
vinfo->N = N;
vinfo->g = g;
}
static int SRP_user_pwd_set_ids(SRP_user_pwd *vinfo, const char *id,
const char *info)
int SRP_user_pwd_set1_ids(SRP_user_pwd *vinfo, const char *id,
const char *info)
{
OPENSSL_free(vinfo->id);
OPENSSL_free(vinfo->info);
if (id != NULL && NULL == (vinfo->id = OPENSSL_strdup(id)))
return 0;
return (info == NULL || NULL != (vinfo->info = OPENSSL_strdup(info)));
@ -243,8 +245,10 @@ static int SRP_user_pwd_set_sv(SRP_user_pwd *vinfo, const char *s,
return 0;
}
static int SRP_user_pwd_set_sv_BN(SRP_user_pwd *vinfo, BIGNUM *s, BIGNUM *v)
int SRP_user_pwd_set0_sv(SRP_user_pwd *vinfo, BIGNUM *s, BIGNUM *v)
{
BN_free(vinfo->s);
BN_clear_free(vinfo->v);
vinfo->v = v;
vinfo->s = s;
return (vinfo->s != NULL && vinfo->v != NULL);
@ -260,8 +264,8 @@ static SRP_user_pwd *srp_user_pwd_dup(SRP_user_pwd *src)
return NULL;
SRP_user_pwd_set_gN(ret, src->g, src->N);
if (!SRP_user_pwd_set_ids(ret, src->id, src->info)
|| !SRP_user_pwd_set_sv_BN(ret, BN_dup(src->s), BN_dup(src->v))) {
if (!SRP_user_pwd_set1_ids(ret, src->id, src->info)
|| !SRP_user_pwd_set0_sv(ret, BN_dup(src->s), BN_dup(src->v))) {
SRP_user_pwd_free(ret);
return NULL;
}
@ -446,7 +450,7 @@ int SRP_VBASE_init(SRP_VBASE *vb, char *verifier_file)
goto err;
SRP_user_pwd_set_gN(user_pwd, lgN->g, lgN->N);
if (!SRP_user_pwd_set_ids
if (!SRP_user_pwd_set1_ids
(user_pwd, pp[DB_srpid], pp[DB_srpinfo]))
goto err;
@ -562,7 +566,7 @@ SRP_user_pwd *SRP_VBASE_get1_by_user(SRP_VBASE *vb, char *username)
SRP_user_pwd_set_gN(user, vb->default_g, vb->default_N);
if (!SRP_user_pwd_set_ids(user, username, NULL))
if (!SRP_user_pwd_set1_ids(user, username, NULL))
goto err;
if (RAND_priv_bytes(digv, SHA_DIGEST_LENGTH) <= 0)
@ -576,7 +580,7 @@ SRP_user_pwd *SRP_VBASE_get1_by_user(SRP_VBASE *vb, char *username)
goto err;
EVP_MD_CTX_free(ctxt);
ctxt = NULL;
if (SRP_user_pwd_set_sv_BN(user,
if (SRP_user_pwd_set0_sv(user,
BN_bin2bn(digs, SHA_DIGEST_LENGTH, NULL),
BN_bin2bn(digv, SHA_DIGEST_LENGTH, NULL)))
return user;

18
doc/man3/SRP_VBASE_new.pod
View file

@ -4,7 +4,6 @@
SRP_VBASE_new,
SRP_VBASE_free,
SRP_user_pwd_free,
SRP_VBASE_init,
SRP_VBASE_add0_user,
SRP_VBASE_get1_by_user,
@ -17,7 +16,6 @@ SRP_VBASE_get_by_user
SRP_VBASE *SRP_VBASE_new(char *seed_key);
void SRP_VBASE_free(SRP_VBASE *vb);
void SRP_user_pwd_free(SRP_user_pwd *user_pwd);
int SRP_VBASE_init(SRP_VBASE *vb, char *verifier_file);
@ -28,19 +26,17 @@ SRP_VBASE_get_by_user
=head1 DESCRIPTION
The SRP_VBASE_new() function allocates a structure to store server side SRP
verifier information. If B<seed_key> is not NULL a copy is stored and used to
generate dummy parameters for users that are not found by SRP_VBASE_get1_by_user().
This allows the server to hide the fact that it doesn't have a verifier for a
particular username, as described in section 2.5.1.3 'Unknown SRP' of RFC 5054.
verifier information.
If B<seed_key> is not NULL a copy is stored and used to generate dummy parameters
for users that are not found by SRP_VBASE_get1_by_user(). This allows the server
to hide the fact that it doesn't have a verifier for a particular username,
as described in section 2.5.1.3 'Unknown SRP' of RFC 5054.
The seed string should contain random NUL terminated binary data (therefore
the random data should not contain NUL bytes!).
The SRP_VBASE_free() function frees up the B<vb> structure.
If B<vb> is NULL, nothing is done.
The SRP_user_pwd_free() function frees up the B<user_pwd> structure.
If B<user_pwd> is NULL, nothing is done.
The SRP_VBASE_init() function parses the information in a verifier file and
populates the B<vb> structure.
The verifier file is a text file containing multiple entries, whose format is:
@ -50,7 +46,8 @@ Note that the base64 encoding used here is non-standard so it is recommended
to use L<srp(1)> to generate this file.
The SRP_VBASE_add0_user() function adds the B<user_pwd> verifier information
to the B<vb> structure.
to the B<vb> structure. See L<SRP_user_pwd_new(3)> to create and populate this
record.
The library takes ownership of B<user_pwd>, it should not be freed by the caller.
The SRP_VBASE_get1_by_user() function returns the password info for the user
@ -81,6 +78,7 @@ SRP_VBASE_add0_user() returns 1 on success and 0 on failure.
L<srp(1)>,
L<SRP_create_verifier(3)>,
L<SRP_user_pwd_new(3)>,
L<SSL_CTX_set_srp_password(3)>
=head1 HISTORY

19
doc/man3/SRP_create_verifier.pod
View file

@ -38,7 +38,7 @@ and its use is discouraged.
It is possible to pass NULL as B<N> and an SRP group id as B<g> instead to
load the appropriate gN values (see SRP_get_default_gN()).
If both B<N> and B<g> are NULL the 8192-bit SRP group parameters are used.
The caller is responsible for freeing the allocated *salt and *verifier char*
The caller is responsible for freeing the allocated B<*salt> and B<*verifier>
(use L<OPENSSL_free(3)>).
The SRP_check_known_gN_param() function checks that B<g> and B<N> are valid
@ -76,28 +76,23 @@ omitted for clarity):
SRP_VBASE *srpData = SRP_VBASE_new(NULL);
SRP_user_pwd *pwd = (SRP_user_pwd*) OPENSSL_malloc(sizeof(SRP_user_pwd));
SRP_gN *gN = SRP_get_default_gN("8192");
BIGNUM *salt = NULL, *verifier = NULL;
SRP_create_verifier_BN(username, password, &salt, &verifier, gN->N, gN->g);
// TODO: replace with SRP_user_pwd_new()
pwd->id = OPENSSL_strdup(username);
pwd->g = gN->g;
pwd->N = gN->N;
pwd->s = salt;
pwd->v = verifier;
pwd->info = NULL;
SRP_user_pwd *pwd = SRP_user_pwd_new();
SRP_user_pwd_set1_ids(pwd, username, NULL);
SRP_user_pwd_set0_sv(pwd, salt, verifier);
SRP_user_pwd_set_gN(pwd, gN->g, gN->N);
SRP_VBASE_add0_user(srpData, pwd);
=head1 SEE ALSO
L<srp(1)>,
L<BN_new(3)>,
L<OPENSSL_malloc(3)>,
L<SRP_VBASE_new(3)>
L<SRP_VBASE_new(3)>,
L<SRP_user_pwd_new(3)>
=head1 HISTORY

70
doc/man3/SRP_user_pwd_new.pod Normal file
View file

@ -0,0 +1,70 @@
=pod
=head1 NAME
SRP_user_pwd_new,
SRP_user_pwd_free,
SRP_user_pwd_set1_ids,
SRP_user_pwd_set_gN,
SRP_user_pwd_set0_sv
- Functions to create a record of SRP user verifier information
=head1 SYNOPSIS
#include <openssl/srp.h>
SRP_user_pwd *SRP_user_pwd_new(void);
void SRP_user_pwd_free(SRP_user_pwd *user_pwd);
int SRP_user_pwd_set1_ids(SRP_user_pwd *user_pwd, const char *id, const char *info);
void SRP_user_pwd_set_gN(SRP_user_pwd *user_pwd, const BIGNUM *g, const BIGNUM *N);
int SRP_user_pwd_set0_sv(SRP_user_pwd *user_pwd, BIGNUM *s, BIGNUM *v);
=head1 DESCRIPTION
The SRP_user_pwd_new() function allocates a structure to store a user verifier
record.
The SRP_user_pwd_free() function frees up the B<user_pwd> structure.
If B<user_pwd> is NULL, nothing is done.
The SRP_user_pwd_set1_ids() function sets the username to B<id> and the optional
user info to B<info> for B<user_pwd>.
The library allocates new copies of B<id> and B<info>, the caller still
owns the original memory.
The SRP_user_pwd_set0_sv() function sets the user salt to B<s> and the verifier
to B<v> for B<user_pwd>.
The library takes ownership of the values, they should not be freed by the caller.
The SRP_user_pwd_set_gN() function sets the SRP group parameters for B<user_pwd>.
The memory is not freed by SRP_user_pwd_free(), the caller must make sure it is
freed once it is no longer used.
=head1 RETURN VALUES
SRP_user_pwd_set1_ids() returns 1 on success and 0 on failure or if B<id> was NULL.
SRP_user_pwd_set0_sv() returns 1 if both B<s> and B<v> are not NULL, 0 otherwise.
=head1 SEE ALSO
L<srp(1)>,
L<SRP_create_verifier(3)>,
L<SRP_VBASE_new(3)>,
L<SSL_CTX_set_srp_password(3)>
=head1 HISTORY
These functions were made public in OpenSSL 1.2.0.
=head1 COPYRIGHT
Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the OpenSSL license (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
in the file LICENSE in the source distribution or at
L<https://www.openssl.org/source/license.html>.
=cut

5
include/openssl/srp.h
View file

@ -47,8 +47,13 @@ typedef struct SRP_user_pwd_st {
char *info;
} SRP_user_pwd;
SRP_user_pwd *SRP_user_pwd_new(void);
void SRP_user_pwd_free(SRP_user_pwd *user_pwd);
void SRP_user_pwd_set_gN(SRP_user_pwd *user_pwd, const BIGNUM *g, const BIGNUM *N);
int SRP_user_pwd_set1_ids(SRP_user_pwd *user_pwd, const char *id, const char *info);
int SRP_user_pwd_set0_sv(SRP_user_pwd *user_pwd, BIGNUM *s, BIGNUM *v);
DEFINE_STACK_OF(SRP_user_pwd)
typedef struct SRP_VBASE_st {

4
util/libcrypto.num
View file

@ -4599,3 +4599,7 @@ EVP_str2ctrl 4552 1_1_2 EXIST::FUNCTION:
EVP_hex2ctrl 4553 1_1_2 EXIST::FUNCTION:
EVP_PKEY_supports_digest_nid 4554 1_1_2 EXIST::FUNCTION:
SRP_VBASE_add0_user 4555 1_1_2 EXIST::FUNCTION:SRP
SRP_user_pwd_new 4556 1_1_2 EXIST::FUNCTION:SRP
SRP_user_pwd_set_gN 4557 1_1_2 EXIST::FUNCTION:SRP
SRP_user_pwd_set1_ids 4558 1_1_2 EXIST::FUNCTION:SRP
SRP_user_pwd_set0_sv 4559 1_1_2 EXIST::FUNCTION:SRP