1392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom/* ssl/tls_srp.c */ 2392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom/* Written by Christophe Renou (christophe.renou@edelweb.fr) with 3392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * the precious help of Peter Sylvester (peter.sylvester@edelweb.fr) 4392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * for the EdelKey project and contributed to the OpenSSL project 2004. 5392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom */ 6392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom/* ==================================================================== 7392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * Copyright (c) 2004-2011 The OpenSSL Project. All rights reserved. 8392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * 9392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * Redistribution and use in source and binary forms, with or without 10392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * modification, are permitted provided that the following conditions 11392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * are met: 12392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * 13392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * 1. Redistributions of source code must retain the above copyright 14392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * notice, this list of conditions and the following disclaimer. 15392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * 16392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * 2. Redistributions in binary form must reproduce the above copyright 17392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * notice, this list of conditions and the following disclaimer in 18392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * the documentation and/or other materials provided with the 19392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * distribution. 20392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * 21392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * 3. All advertising materials mentioning features or use of this 22392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * software must display the following acknowledgment: 23392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * "This product includes software developed by the OpenSSL Project 24392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" 25392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * 26392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 27392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * endorse or promote products derived from this software without 28392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * prior written permission. For written permission, please contact 29392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * licensing@OpenSSL.org. 30392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * 31392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * 5. Products derived from this software may not be called "OpenSSL" 32392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * nor may "OpenSSL" appear in their names without prior written 33392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * permission of the OpenSSL Project. 34392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * 35392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * 6. Redistributions of any form whatsoever must retain the following 36392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * acknowledgment: 37392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * "This product includes software developed by the OpenSSL Project 38392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" 39392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * 40392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY 41392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 42392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 43392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR 44392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 45392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 46392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 47392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 48392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 49392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 50392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 51392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * OF THE POSSIBILITY OF SUCH DAMAGE. 52392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * ==================================================================== 53392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * 54392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * This product includes cryptographic software written by Eric Young 55392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * (eay@cryptsoft.com). This product includes software written by Tim 56392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * Hudson (tjh@cryptsoft.com). 57392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom * 58392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom */ 59392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom#include "ssl_locl.h" 60392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom#ifndef OPENSSL_NO_SRP 61392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 62392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom#include <openssl/rand.h> 63392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom#include <openssl/srp.h> 64392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom#include <openssl/err.h> 65392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 66392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstromint SSL_CTX_SRP_CTX_free(struct ssl_ctx_st *ctx) 67392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom { 68392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if (ctx == NULL) 69392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom return 0; 70392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom OPENSSL_free(ctx->srp_ctx.login); 71392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom BN_free(ctx->srp_ctx.N); 72392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom BN_free(ctx->srp_ctx.g); 73392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom BN_free(ctx->srp_ctx.s); 74392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom BN_free(ctx->srp_ctx.B); 75392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom BN_free(ctx->srp_ctx.A); 76392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom BN_free(ctx->srp_ctx.a); 77392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom BN_free(ctx->srp_ctx.b); 78392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom BN_free(ctx->srp_ctx.v); 79392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom ctx->srp_ctx.TLS_ext_srp_username_callback = NULL; 80392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom ctx->srp_ctx.SRP_cb_arg = NULL; 81392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom ctx->srp_ctx.SRP_verify_param_callback = NULL; 82392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom ctx->srp_ctx.SRP_give_srp_client_pwd_callback = NULL; 83392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom ctx->srp_ctx.N = NULL; 84392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom ctx->srp_ctx.g = NULL; 85392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom ctx->srp_ctx.s = NULL; 86392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom ctx->srp_ctx.B = NULL; 87392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom ctx->srp_ctx.A = NULL; 88392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom ctx->srp_ctx.a = NULL; 89392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom ctx->srp_ctx.b = NULL; 90392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom ctx->srp_ctx.v = NULL; 91392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom ctx->srp_ctx.login = NULL; 92392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom ctx->srp_ctx.info = NULL; 93392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom ctx->srp_ctx.strength = SRP_MINIMAL_N; 94392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom ctx->srp_ctx.srp_Mask = 0; 95392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom return (1); 96392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom } 97392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 98392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstromint SSL_SRP_CTX_free(struct ssl_st *s) 99392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom { 100392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if (s == NULL) 101392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom return 0; 102392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom OPENSSL_free(s->srp_ctx.login); 103392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom BN_free(s->srp_ctx.N); 104392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom BN_free(s->srp_ctx.g); 105392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom BN_free(s->srp_ctx.s); 106392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom BN_free(s->srp_ctx.B); 107392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom BN_free(s->srp_ctx.A); 108392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom BN_free(s->srp_ctx.a); 109392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom BN_free(s->srp_ctx.b); 110392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom BN_free(s->srp_ctx.v); 111392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom s->srp_ctx.TLS_ext_srp_username_callback = NULL; 112392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom s->srp_ctx.SRP_cb_arg = NULL; 113392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom s->srp_ctx.SRP_verify_param_callback = NULL; 114392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom s->srp_ctx.SRP_give_srp_client_pwd_callback = NULL; 115392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom s->srp_ctx.N = NULL; 116392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom s->srp_ctx.g = NULL; 117392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom s->srp_ctx.s = NULL; 118392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom s->srp_ctx.B = NULL; 119392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom s->srp_ctx.A = NULL; 120392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom s->srp_ctx.a = NULL; 121392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom s->srp_ctx.b = NULL; 122392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom s->srp_ctx.v = NULL; 123392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom s->srp_ctx.login = NULL; 124392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom s->srp_ctx.info = NULL; 125392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom s->srp_ctx.strength = SRP_MINIMAL_N; 126392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom s->srp_ctx.srp_Mask = 0; 127392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom return (1); 128392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom } 129392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 130392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstromint SSL_SRP_CTX_init(struct ssl_st *s) 131392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom { 132392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom SSL_CTX *ctx; 133392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 134392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if ((s == NULL) || ((ctx = s->ctx) == NULL)) 135392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom return 0; 136392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom s->srp_ctx.SRP_cb_arg = ctx->srp_ctx.SRP_cb_arg; 137392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom /* set client Hello login callback */ 138392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom s->srp_ctx.TLS_ext_srp_username_callback = ctx->srp_ctx.TLS_ext_srp_username_callback; 139392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom /* set SRP N/g param callback for verification */ 140392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom s->srp_ctx.SRP_verify_param_callback = ctx->srp_ctx.SRP_verify_param_callback; 141392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom /* set SRP client passwd callback */ 142392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom s->srp_ctx.SRP_give_srp_client_pwd_callback = ctx->srp_ctx.SRP_give_srp_client_pwd_callback; 143392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 144392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom s->srp_ctx.N = NULL; 145392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom s->srp_ctx.g = NULL; 146392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom s->srp_ctx.s = NULL; 147392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom s->srp_ctx.B = NULL; 148392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom s->srp_ctx.A = NULL; 149392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom s->srp_ctx.a = NULL; 150392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom s->srp_ctx.b = NULL; 151392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom s->srp_ctx.v = NULL; 152392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom s->srp_ctx.login = NULL; 153392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom s->srp_ctx.info = ctx->srp_ctx.info; 154392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom s->srp_ctx.strength = ctx->srp_ctx.strength; 155392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 156392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if (((ctx->srp_ctx.N != NULL) && 157392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom ((s->srp_ctx.N = BN_dup(ctx->srp_ctx.N)) == NULL)) || 158392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom ((ctx->srp_ctx.g != NULL) && 159392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom ((s->srp_ctx.g = BN_dup(ctx->srp_ctx.g)) == NULL)) || 160392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom ((ctx->srp_ctx.s != NULL) && 161392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom ((s->srp_ctx.s = BN_dup(ctx->srp_ctx.s)) == NULL)) || 162392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom ((ctx->srp_ctx.B != NULL) && 163392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom ((s->srp_ctx.B = BN_dup(ctx->srp_ctx.B)) == NULL)) || 164392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom ((ctx->srp_ctx.A != NULL) && 165392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom ((s->srp_ctx.A = BN_dup(ctx->srp_ctx.A)) == NULL)) || 166392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom ((ctx->srp_ctx.a != NULL) && 167392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom ((s->srp_ctx.a = BN_dup(ctx->srp_ctx.a)) == NULL)) || 168392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom ((ctx->srp_ctx.v != NULL) && 169392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom ((s->srp_ctx.v = BN_dup(ctx->srp_ctx.v)) == NULL)) || 170392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom ((ctx->srp_ctx.b != NULL) && 171392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom ((s->srp_ctx.b = BN_dup(ctx->srp_ctx.b)) == NULL))) 172392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom { 173392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom SSLerr(SSL_F_SSL_SRP_CTX_INIT,ERR_R_BN_LIB); 174392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom goto err; 175392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom } 176392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if ((ctx->srp_ctx.login != NULL) && 177392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom ((s->srp_ctx.login = BUF_strdup(ctx->srp_ctx.login)) == NULL)) 178392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom { 179392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom SSLerr(SSL_F_SSL_SRP_CTX_INIT,ERR_R_INTERNAL_ERROR); 180392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom goto err; 181392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom } 182392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom s->srp_ctx.srp_Mask = ctx->srp_ctx.srp_Mask; 183392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 184392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom return (1); 185392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstromerr: 186392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom OPENSSL_free(s->srp_ctx.login); 187392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom BN_free(s->srp_ctx.N); 188392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom BN_free(s->srp_ctx.g); 189392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom BN_free(s->srp_ctx.s); 190392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom BN_free(s->srp_ctx.B); 191392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom BN_free(s->srp_ctx.A); 192392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom BN_free(s->srp_ctx.a); 193392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom BN_free(s->srp_ctx.b); 194392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom BN_free(s->srp_ctx.v); 195392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom return (0); 196392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom } 197392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 198392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstromint SSL_CTX_SRP_CTX_init(struct ssl_ctx_st *ctx) 199392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom { 200392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if (ctx == NULL) 201392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom return 0; 202392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 203392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom ctx->srp_ctx.SRP_cb_arg = NULL; 204392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom /* set client Hello login callback */ 205392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom ctx->srp_ctx.TLS_ext_srp_username_callback = NULL; 206392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom /* set SRP N/g param callback for verification */ 207392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom ctx->srp_ctx.SRP_verify_param_callback = NULL; 208392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom /* set SRP client passwd callback */ 209392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom ctx->srp_ctx.SRP_give_srp_client_pwd_callback = NULL; 210392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 211392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom ctx->srp_ctx.N = NULL; 212392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom ctx->srp_ctx.g = NULL; 213392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom ctx->srp_ctx.s = NULL; 214392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom ctx->srp_ctx.B = NULL; 215392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom ctx->srp_ctx.A = NULL; 216392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom ctx->srp_ctx.a = NULL; 217392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom ctx->srp_ctx.b = NULL; 218392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom ctx->srp_ctx.v = NULL; 219392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom ctx->srp_ctx.login = NULL; 220392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom ctx->srp_ctx.srp_Mask = 0; 221392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom ctx->srp_ctx.info = NULL; 222392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom ctx->srp_ctx.strength = SRP_MINIMAL_N; 223392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 224392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom return (1); 225392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom } 226392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 227392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom/* server side */ 228392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstromint SSL_srp_server_param_with_username(SSL *s, int *ad) 229392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom { 230392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom unsigned char b[SSL_MAX_MASTER_KEY_LENGTH]; 231392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom int al; 232392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 233392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom *ad = SSL_AD_UNKNOWN_PSK_IDENTITY; 234392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if ((s->srp_ctx.TLS_ext_srp_username_callback !=NULL) && 235392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom ((al = s->srp_ctx.TLS_ext_srp_username_callback(s, ad, s->srp_ctx.SRP_cb_arg))!=SSL_ERROR_NONE)) 236392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom return al; 237392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 238392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom *ad = SSL_AD_INTERNAL_ERROR; 239392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if ((s->srp_ctx.N == NULL) || 240392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom (s->srp_ctx.g == NULL) || 241392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom (s->srp_ctx.s == NULL) || 242392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom (s->srp_ctx.v == NULL)) 243392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom return SSL3_AL_FATAL; 244392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 245392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom RAND_bytes(b, sizeof(b)); 246392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom s->srp_ctx.b = BN_bin2bn(b,sizeof(b),NULL); 247392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom OPENSSL_cleanse(b,sizeof(b)); 248392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 249392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom /* Calculate: B = (kv + g^b) % N */ 250392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 251392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom return ((s->srp_ctx.B = SRP_Calc_B(s->srp_ctx.b, s->srp_ctx.N, s->srp_ctx.g, s->srp_ctx.v)) != NULL)? 252392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom SSL_ERROR_NONE:SSL3_AL_FATAL; 253392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom } 254392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 255392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom/* If the server just has the raw password, make up a verifier entry on the fly */ 256392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstromint SSL_set_srp_server_param_pw(SSL *s, const char *user, const char *pass, const char *grp) 257392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom { 258392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom SRP_gN *GN = SRP_get_default_gN(grp); 259392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if(GN == NULL) return -1; 260392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom s->srp_ctx.N = BN_dup(GN->N); 261392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom s->srp_ctx.g = BN_dup(GN->g); 262392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if(s->srp_ctx.v != NULL) 263392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom { 264392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom BN_clear_free(s->srp_ctx.v); 265392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom s->srp_ctx.v = NULL; 266392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom } 267392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if(s->srp_ctx.s != NULL) 268392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom { 269392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom BN_clear_free(s->srp_ctx.s); 270392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom s->srp_ctx.s = NULL; 271392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom } 272392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if(!SRP_create_verifier_BN(user, pass, &s->srp_ctx.s, &s->srp_ctx.v, GN->N, GN->g)) return -1; 273392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 274392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom return 1; 275392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom } 276392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 277392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstromint SSL_set_srp_server_param(SSL *s, const BIGNUM *N, const BIGNUM *g, 278392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom BIGNUM *sa, BIGNUM *v, char *info) 279392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom { 280392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if (N!= NULL) 281392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom { 282392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if (s->srp_ctx.N != NULL) 283392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom { 284392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if (!BN_copy(s->srp_ctx.N,N)) 285392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom { 286392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom BN_free(s->srp_ctx.N); 287392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom s->srp_ctx.N = NULL; 288392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom } 289392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom } 290392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom else 291392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom s->srp_ctx.N = BN_dup(N); 292392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom } 293392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if (g!= NULL) 294392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom { 295392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if (s->srp_ctx.g != NULL) 296392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom { 297392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if (!BN_copy(s->srp_ctx.g,g)) 298392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom { 299392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom BN_free(s->srp_ctx.g); 300392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom s->srp_ctx.g = NULL; 301392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom } 302392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom } 303392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom else 304392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom s->srp_ctx.g = BN_dup(g); 305392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom } 306392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if (sa!= NULL) 307392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom { 308392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if (s->srp_ctx.s != NULL) 309392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom { 310392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if (!BN_copy(s->srp_ctx.s,sa)) 311392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom { 312392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom BN_free(s->srp_ctx.s); 313392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom s->srp_ctx.s = NULL; 314392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom } 315392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom } 316392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom else 317392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom s->srp_ctx.s = BN_dup(sa); 318392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom } 319392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if (v!= NULL) 320392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom { 321392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if (s->srp_ctx.v != NULL) 322392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom { 323392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if (!BN_copy(s->srp_ctx.v,v)) 324392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom { 325392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom BN_free(s->srp_ctx.v); 326392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom s->srp_ctx.v = NULL; 327392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom } 328392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom } 329392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom else 330392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom s->srp_ctx.v = BN_dup(v); 331392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom } 332392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom s->srp_ctx.info = info; 333392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 334392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if (!(s->srp_ctx.N) || 335392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom !(s->srp_ctx.g) || 336392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom !(s->srp_ctx.s) || 337392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom !(s->srp_ctx.v)) 338392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom return -1; 339392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 340392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom return 1; 341392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom } 342392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 343392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstromint SRP_generate_server_master_secret(SSL *s,unsigned char *master_key) 344392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom { 345392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom BIGNUM *K = NULL, *u = NULL; 346392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom int ret = -1, tmp_len; 347392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom unsigned char *tmp = NULL; 348392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 349392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if (!SRP_Verify_A_mod_N(s->srp_ctx.A,s->srp_ctx.N)) 350392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom goto err; 351392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if (!(u = SRP_Calc_u(s->srp_ctx.A,s->srp_ctx.B,s->srp_ctx.N))) 352392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom goto err; 353392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if (!(K = SRP_Calc_server_key(s->srp_ctx.A, s->srp_ctx.v, u, s->srp_ctx.b, s->srp_ctx.N))) 354392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom goto err; 355392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 356392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom tmp_len = BN_num_bytes(K); 357392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if ((tmp = OPENSSL_malloc(tmp_len)) == NULL) 358392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom goto err; 359392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom BN_bn2bin(K, tmp); 360392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom ret = s->method->ssl3_enc->generate_master_secret(s,master_key,tmp,tmp_len); 361392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstromerr: 362392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if (tmp) 363392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom { 364392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom OPENSSL_cleanse(tmp,tmp_len) ; 365392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom OPENSSL_free(tmp); 366392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom } 367392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom BN_clear_free(K); 368392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom BN_clear_free(u); 369392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom return ret; 370392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom } 371392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 372392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom/* client side */ 373392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstromint SRP_generate_client_master_secret(SSL *s,unsigned char *master_key) 374392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom { 375392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom BIGNUM *x = NULL, *u = NULL, *K = NULL; 376392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom int ret = -1, tmp_len; 377392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom char *passwd = NULL; 378392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom unsigned char *tmp = NULL; 379392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 380392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom /* Checks if b % n == 0 381392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom */ 382392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if (SRP_Verify_B_mod_N(s->srp_ctx.B,s->srp_ctx.N)==0) goto err; 383392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if (!(u = SRP_Calc_u(s->srp_ctx.A,s->srp_ctx.B,s->srp_ctx.N))) goto err; 384392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if (s->srp_ctx.SRP_give_srp_client_pwd_callback == NULL) goto err; 385392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if (!(passwd = s->srp_ctx.SRP_give_srp_client_pwd_callback(s, s->srp_ctx.SRP_cb_arg))) goto err; 386392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if (!(x = SRP_Calc_x(s->srp_ctx.s,s->srp_ctx.login,passwd))) goto err; 387392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if (!(K = SRP_Calc_client_key(s->srp_ctx.N, s->srp_ctx.B, s->srp_ctx.g, x, s->srp_ctx.a, u))) goto err; 388392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 389392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom tmp_len = BN_num_bytes(K); 390392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if ((tmp = OPENSSL_malloc(tmp_len)) == NULL) goto err; 391392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom BN_bn2bin(K, tmp); 392392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom ret = s->method->ssl3_enc->generate_master_secret(s,master_key,tmp,tmp_len); 393392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstromerr: 394392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if (tmp) 395392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom { 396392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom OPENSSL_cleanse(tmp,tmp_len) ; 397392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom OPENSSL_free(tmp); 398392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom } 399392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom BN_clear_free(K); 400392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom BN_clear_free(x); 401392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if (passwd) 402392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom { 403392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom OPENSSL_cleanse(passwd,strlen(passwd)) ; 404392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom OPENSSL_free(passwd); 405392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom } 406392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom BN_clear_free(u); 407392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom return ret; 408392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom } 409392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 410392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstromint SRP_Calc_A_param(SSL *s) 411392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom { 412392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom unsigned char rnd[SSL_MAX_MASTER_KEY_LENGTH]; 413392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 414392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if (BN_num_bits(s->srp_ctx.N) < s->srp_ctx.strength) 415392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom return -1; 416392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 417392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if (s->srp_ctx.SRP_verify_param_callback ==NULL && 418392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom !SRP_check_known_gN_param(s->srp_ctx.g,s->srp_ctx.N)) 419392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom return -1 ; 420392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 421392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom RAND_bytes(rnd, sizeof(rnd)); 422392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom s->srp_ctx.a = BN_bin2bn(rnd, sizeof(rnd), s->srp_ctx.a); 423392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom OPENSSL_cleanse(rnd, sizeof(rnd)); 424392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 425392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if (!(s->srp_ctx.A = SRP_Calc_A(s->srp_ctx.a,s->srp_ctx.N,s->srp_ctx.g))) 426392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom return -1; 427392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 428392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom /* We can have a callback to verify SRP param!! */ 429392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if (s->srp_ctx.SRP_verify_param_callback !=NULL) 430392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom return s->srp_ctx.SRP_verify_param_callback(s,s->srp_ctx.SRP_cb_arg); 431392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 432392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom return 1; 433392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom } 434392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 435392aa7cc7d2b122614c5393c3e357da07fd07af3Brian CarlstromBIGNUM *SSL_get_srp_g(SSL *s) 436392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom { 437392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if (s->srp_ctx.g != NULL) 438392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom return s->srp_ctx.g; 439392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom return s->ctx->srp_ctx.g; 440392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom } 441392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 442392aa7cc7d2b122614c5393c3e357da07fd07af3Brian CarlstromBIGNUM *SSL_get_srp_N(SSL *s) 443392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom { 444392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if (s->srp_ctx.N != NULL) 445392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom return s->srp_ctx.N; 446392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom return s->ctx->srp_ctx.N; 447392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom } 448392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 449392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstromchar *SSL_get_srp_username(SSL *s) 450392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom { 451392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if (s->srp_ctx.login != NULL) 452392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom return s->srp_ctx.login; 453392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom return s->ctx->srp_ctx.login; 454392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom } 455392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 456392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstromchar *SSL_get_srp_userinfo(SSL *s) 457392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom { 458392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if (s->srp_ctx.info != NULL) 459392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom return s->srp_ctx.info; 460392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom return s->ctx->srp_ctx.info; 461392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom } 462392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 463392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom#define tls1_ctx_ctrl ssl3_ctx_ctrl 464392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom#define tls1_ctx_callback_ctrl ssl3_ctx_callback_ctrl 465392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 466392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstromint SSL_CTX_set_srp_username(SSL_CTX *ctx,char *name) 467392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom { 468392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom return tls1_ctx_ctrl(ctx,SSL_CTRL_SET_TLS_EXT_SRP_USERNAME,0,name); 469392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom } 470392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 471392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstromint SSL_CTX_set_srp_password(SSL_CTX *ctx,char *password) 472392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom { 473392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom return tls1_ctx_ctrl(ctx,SSL_CTRL_SET_TLS_EXT_SRP_PASSWORD,0,password); 474392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom } 475392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 476392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstromint SSL_CTX_set_srp_strength(SSL_CTX *ctx, int strength) 477392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom { 478392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom return tls1_ctx_ctrl(ctx, SSL_CTRL_SET_TLS_EXT_SRP_STRENGTH, strength, 479392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom NULL); 480392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom } 481392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 482392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstromint SSL_CTX_set_srp_verify_param_callback(SSL_CTX *ctx, int (*cb)(SSL *,void *)) 483392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom { 484392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom return tls1_ctx_callback_ctrl(ctx,SSL_CTRL_SET_SRP_VERIFY_PARAM_CB, 485392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom (void (*)(void))cb); 486392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom } 487392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 488392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstromint SSL_CTX_set_srp_cb_arg(SSL_CTX *ctx, void *arg) 489392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom { 490392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom return tls1_ctx_ctrl(ctx,SSL_CTRL_SET_SRP_ARG,0,arg); 491392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom } 492392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 493392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstromint SSL_CTX_set_srp_username_callback(SSL_CTX *ctx, 494392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom int (*cb)(SSL *,int *,void *)) 495392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom { 496392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom return tls1_ctx_callback_ctrl(ctx,SSL_CTRL_SET_TLS_EXT_SRP_USERNAME_CB, 497392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom (void (*)(void))cb); 498392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom } 499392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 500392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstromint SSL_CTX_set_srp_client_pwd_callback(SSL_CTX *ctx, char *(*cb)(SSL *,void *)) 501392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom { 502392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom return tls1_ctx_callback_ctrl(ctx,SSL_CTRL_SET_SRP_GIVE_CLIENT_PWD_CB, 503392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom (void (*)(void))cb); 504392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom } 505392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 506392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom#endif 507