The branch master has been updated via 4c106e20ef49b789e4dc53c97e0f9a701162be85 (commit) via 20c00d0a0a1ba63f41890db67b32df6f3f69cd0d (commit) via 1744b6d3aaabcbf2420b9c59f296559c834e609a (commit) via e85982c7a9483f05b738f7df55726705a57da05f (commit) from c9f51264d86b580ec3b3ab8a5317298c04bb1f3d (commit)
- Log ----------------------------------------------------------------- commit 4c106e20ef49b789e4dc53c97e0f9a701162be85 Author: Matt Caswell <m...@openssl.org> Date: Wed Mar 25 17:43:50 2020 +0000 Document various SRP related APIs This includes the newly added *_ex() variants that take a libctx/property query string. Reviewed-by: Paul Dale <paul.d...@oracle.com> (Merged from https://github.com/openssl/openssl/pull/11410) commit 20c00d0a0a1ba63f41890db67b32df6f3f69cd0d Author: Matt Caswell <m...@openssl.org> Date: Fri Mar 20 17:24:51 2020 +0000 Use the new library context aware SRP functions in sslapitest For the moment this still just uses the default library context, but a future version of sslapitest will specify a non-default library context. Reviewed-by: Paul Dale <paul.d...@oracle.com> (Merged from https://github.com/openssl/openssl/pull/11410) commit 1744b6d3aaabcbf2420b9c59f296559c834e609a Author: Matt Caswell <m...@openssl.org> Date: Fri Mar 20 17:24:24 2020 +0000 Update libssl to use the new library context aware SRP functions Reviewed-by: Paul Dale <paul.d...@oracle.com> (Merged from https://github.com/openssl/openssl/pull/11410) commit e85982c7a9483f05b738f7df55726705a57da05f Author: Matt Caswell <m...@openssl.org> Date: Fri Mar 20 17:23:25 2020 +0000 Make SRP library context aware In order for the TLS SRP tests to pass when using a non-default library context the underlying SRP calls need to be library context aware. Reviewed-by: Paul Dale <paul.d...@oracle.com> (Merged from https://github.com/openssl/openssl/pull/11410) ----------------------------------------------------------------------- Summary of changes: crypto/srp/srp_lib.c | 75 ++++++++++++++++++++++++++-------- crypto/srp/srp_vfy.c | 36 +++++++++++----- doc/man3/SRP_Calc_B.pod | 88 ++++++++++++++++++++++++++++++++++++++++ doc/man3/SRP_create_verifier.pod | 53 ++++++++++++++++-------- include/openssl/srp.h | 16 ++++++++ ssl/tls_srp.c | 30 ++++++++------ test/sslapitest.c | 8 ++-- util/libcrypto.num | 6 +++ util/missingcrypto.txt | 6 --- 9 files changed, 251 insertions(+), 67 deletions(-) create mode 100644 doc/man3/SRP_Calc_B.pod diff --git a/crypto/srp/srp_lib.c b/crypto/srp/srp_lib.c index 99511954d7..063f966f96 100644 --- a/crypto/srp/srp_lib.c +++ b/crypto/srp/srp_lib.c @@ -20,39 +20,53 @@ /* calculate = SHA1(PAD(x) || PAD(y)) */ -static BIGNUM *srp_Calc_xy(const BIGNUM *x, const BIGNUM *y, const BIGNUM *N) +static BIGNUM *srp_Calc_xy(const BIGNUM *x, const BIGNUM *y, const BIGNUM *N, + OPENSSL_CTX *libctx, const char *propq) { unsigned char digest[SHA_DIGEST_LENGTH]; unsigned char *tmp = NULL; int numN = BN_num_bytes(N); BIGNUM *res = NULL; + EVP_MD *sha1 = EVP_MD_fetch(libctx, "SHA1", propq); - if (x != N && BN_ucmp(x, N) >= 0) + if (sha1 == NULL) return NULL; + + if (x != N && BN_ucmp(x, N) >= 0) + goto err; if (y != N && BN_ucmp(y, N) >= 0) - return NULL; + goto err; if ((tmp = OPENSSL_malloc(numN * 2)) == NULL) goto err; if (BN_bn2binpad(x, tmp, numN) < 0 || BN_bn2binpad(y, tmp + numN, numN) < 0 - || !EVP_Digest(tmp, numN * 2, digest, NULL, EVP_sha1(), NULL)) + || !EVP_Digest(tmp, numN * 2, digest, NULL, sha1, NULL)) goto err; res = BN_bin2bn(digest, sizeof(digest), NULL); err: + EVP_MD_free(sha1); OPENSSL_free(tmp); return res; } -static BIGNUM *srp_Calc_k(const BIGNUM *N, const BIGNUM *g) +static BIGNUM *srp_Calc_k(const BIGNUM *N, const BIGNUM *g, OPENSSL_CTX *libctx, + const char *propq) { /* k = SHA1(N | PAD(g)) -- tls-srp RFC 5054 */ - return srp_Calc_xy(N, g, N); + return srp_Calc_xy(N, g, N, libctx, propq); +} + +BIGNUM *SRP_Calc_u_ex(const BIGNUM *A, const BIGNUM *B, const BIGNUM *N, + OPENSSL_CTX *libctx, const char *propq) +{ + /* u = SHA1(PAD(A) || PAD(B) ) -- tls-srp RFC 5054 */ + return srp_Calc_xy(A, B, N, libctx, propq); } BIGNUM *SRP_Calc_u(const BIGNUM *A, const BIGNUM *B, const BIGNUM *N) { /* u = SHA1(PAD(A) || PAD(B) ) -- tls-srp RFC 5054 */ - return srp_Calc_xy(A, B, N); + return srp_Calc_xy(A, B, N, NULL, NULL); } BIGNUM *SRP_Calc_server_key(const BIGNUM *A, const BIGNUM *v, const BIGNUM *u, @@ -85,15 +99,15 @@ BIGNUM *SRP_Calc_server_key(const BIGNUM *A, const BIGNUM *v, const BIGNUM *u, return S; } -BIGNUM *SRP_Calc_B(const BIGNUM *b, const BIGNUM *N, const BIGNUM *g, - const BIGNUM *v) +BIGNUM *SRP_Calc_B_ex(const BIGNUM *b, const BIGNUM *N, const BIGNUM *g, + const BIGNUM *v, OPENSSL_CTX *libctx, const char *propq) { BIGNUM *kv = NULL, *gb = NULL; BIGNUM *B = NULL, *k = NULL; BN_CTX *bn_ctx; if (b == NULL || N == NULL || g == NULL || v == NULL || - (bn_ctx = BN_CTX_new()) == NULL) + (bn_ctx = BN_CTX_new_ex(libctx)) == NULL) return NULL; if ((kv = BN_new()) == NULL || @@ -103,7 +117,7 @@ BIGNUM *SRP_Calc_B(const BIGNUM *b, const BIGNUM *N, const BIGNUM *g, /* B = g**b + k*v */ if (!BN_mod_exp(gb, g, b, N, bn_ctx) - || (k = srp_Calc_k(N, g)) == NULL + || (k = srp_Calc_k(N, g, libctx, propq)) == NULL || !BN_mod_mul(kv, v, k, N, bn_ctx) || !BN_mod_add(B, gb, kv, N, bn_ctx)) { BN_free(B); @@ -117,12 +131,20 @@ BIGNUM *SRP_Calc_B(const BIGNUM *b, const BIGNUM *N, const BIGNUM *g, return B; } -BIGNUM *SRP_Calc_x(const BIGNUM *s, const char *user, const char *pass) +BIGNUM *SRP_Calc_B(const BIGNUM *b, const BIGNUM *N, const BIGNUM *g, + const BIGNUM *v) +{ + return SRP_Calc_B_ex(b, N, g, v, NULL, NULL); +} + +BIGNUM *SRP_Calc_x_ex(const BIGNUM *s, const char *user, const char *pass, + OPENSSL_CTX *libctx, const char *propq) { unsigned char dig[SHA_DIGEST_LENGTH]; EVP_MD_CTX *ctxt; unsigned char *cs = NULL; BIGNUM *res = NULL; + EVP_MD *sha1 = NULL; if ((s == NULL) || (user == NULL) || (pass == NULL)) return NULL; @@ -133,12 +155,16 @@ BIGNUM *SRP_Calc_x(const BIGNUM *s, const char *user, const char *pass) if ((cs = OPENSSL_malloc(BN_num_bytes(s))) == NULL) goto err; - if (!EVP_DigestInit_ex(ctxt, EVP_sha1(), NULL) + sha1 = EVP_MD_fetch(libctx, "SHA1", propq); + if (sha1 == NULL) + goto err; + + if (!EVP_DigestInit_ex(ctxt, sha1, NULL) || !EVP_DigestUpdate(ctxt, user, strlen(user)) || !EVP_DigestUpdate(ctxt, ":", 1) || !EVP_DigestUpdate(ctxt, pass, strlen(pass)) || !EVP_DigestFinal_ex(ctxt, dig, NULL) - || !EVP_DigestInit_ex(ctxt, EVP_sha1(), NULL)) + || !EVP_DigestInit_ex(ctxt, sha1, NULL)) goto err; if (BN_bn2bin(s, cs) < 0) goto err; @@ -152,11 +178,17 @@ BIGNUM *SRP_Calc_x(const BIGNUM *s, const char *user, const char *pass) res = BN_bin2bn(dig, sizeof(dig), NULL); err: + EVP_MD_free(sha1); OPENSSL_free(cs); EVP_MD_CTX_free(ctxt); return res; } +BIGNUM *SRP_Calc_x(const BIGNUM *s, const char *user, const char *pass) +{ + return SRP_Calc_x_ex(s, user, pass, NULL, NULL); +} + BIGNUM *SRP_Calc_A(const BIGNUM *a, const BIGNUM *N, const BIGNUM *g) { BN_CTX *bn_ctx; @@ -173,14 +205,15 @@ BIGNUM *SRP_Calc_A(const BIGNUM *a, const BIGNUM *N, const BIGNUM *g) return A; } -BIGNUM *SRP_Calc_client_key(const BIGNUM *N, const BIGNUM *B, const BIGNUM *g, - const BIGNUM *x, const BIGNUM *a, const BIGNUM *u) +BIGNUM *SRP_Calc_client_key_ex(const BIGNUM *N, const BIGNUM *B, const BIGNUM *g, + const BIGNUM *x, const BIGNUM *a, const BIGNUM *u, + OPENSSL_CTX *libctx, const char *propq) { BIGNUM *tmp = NULL, *tmp2 = NULL, *tmp3 = NULL, *k = NULL, *K = NULL; BN_CTX *bn_ctx; if (u == NULL || B == NULL || N == NULL || g == NULL || x == NULL - || a == NULL || (bn_ctx = BN_CTX_new()) == NULL) + || a == NULL || (bn_ctx = BN_CTX_new_ex(libctx)) == NULL) return NULL; if ((tmp = BN_new()) == NULL || @@ -190,7 +223,7 @@ BIGNUM *SRP_Calc_client_key(const BIGNUM *N, const BIGNUM *B, const BIGNUM *g, if (!BN_mod_exp(tmp, g, x, N, bn_ctx)) goto err; - if ((k = srp_Calc_k(N, g)) == NULL) + if ((k = srp_Calc_k(N, g, libctx, propq)) == NULL) goto err; if (!BN_mod_mul(tmp2, tmp, k, N, bn_ctx)) goto err; @@ -215,6 +248,12 @@ BIGNUM *SRP_Calc_client_key(const BIGNUM *N, const BIGNUM *B, const BIGNUM *g, return K; } +BIGNUM *SRP_Calc_client_key(const BIGNUM *N, const BIGNUM *B, const BIGNUM *g, + const BIGNUM *x, const BIGNUM *a, const BIGNUM *u) +{ + return SRP_Calc_client_key_ex(N, B, g, x, a, u, NULL, NULL); +} + int SRP_Verify_B_mod_N(const BIGNUM *B, const BIGNUM *N) { BIGNUM *r; diff --git a/crypto/srp/srp_vfy.c b/crypto/srp/srp_vfy.c index 9505d4265e..4260898458 100644 --- a/crypto/srp/srp_vfy.c +++ b/crypto/srp/srp_vfy.c @@ -594,8 +594,9 @@ SRP_user_pwd *SRP_VBASE_get1_by_user(SRP_VBASE *vb, char *username) /* * create a verifier (*salt,*verifier,g and N are in base64) */ -char *SRP_create_verifier(const char *user, const char *pass, char **salt, - char **verifier, const char *N, const char *g) +char *SRP_create_verifier_ex(const char *user, const char *pass, char **salt, + char **verifier, const char *N, const char *g, + OPENSSL_CTX *libctx, const char *propq) { int len; char *result = NULL, *vf = NULL; @@ -634,7 +635,7 @@ char *SRP_create_verifier(const char *user, const char *pass, char **salt, } if (*salt == NULL) { - if (RAND_bytes(tmp2, SRP_RANDOM_SALT_LEN) <= 0) + if (RAND_bytes_ex(libctx, tmp2, SRP_RANDOM_SALT_LEN) <= 0) goto err; s = BN_bin2bn(tmp2, SRP_RANDOM_SALT_LEN, NULL); @@ -646,7 +647,8 @@ char *SRP_create_verifier(const char *user, const char *pass, char **salt, if (s == NULL) goto err; - if (!SRP_create_verifier_BN(user, pass, &s, &v, N_bn, g_bn)) + if (!SRP_create_verifier_BN_ex(user, pass, &s, &v, N_bn, g_bn, libctx, + propq)) goto err; if (BN_bn2bin(v, tmp) < 0) @@ -683,6 +685,12 @@ char *SRP_create_verifier(const char *user, const char *pass, char **salt, return result; } +char *SRP_create_verifier(const char *user, const char *pass, char **salt, + char **verifier, const char *N, const char *g) +{ + return SRP_create_verifier_ex(user, pass, salt, verifier, N, g, NULL, NULL); +} + /* * create a verifier (*salt,*verifier,g and N are BIGNUMs). If *salt != NULL * then the provided salt will be used. On successful exit *verifier will point @@ -692,13 +700,14 @@ char *SRP_create_verifier(const char *user, const char *pass, char **salt, * The caller is responsible for freeing the allocated *salt and *verifier * BIGNUMS. */ -int SRP_create_verifier_BN(const char *user, const char *pass, BIGNUM **salt, - BIGNUM **verifier, const BIGNUM *N, - const BIGNUM *g) +int SRP_create_verifier_BN_ex(const char *user, const char *pass, BIGNUM **salt, + BIGNUM **verifier, const BIGNUM *N, + const BIGNUM *g, OPENSSL_CTX *libctx, + const char *propq) { int result = 0; BIGNUM *x = NULL; - BN_CTX *bn_ctx = BN_CTX_new(); + BN_CTX *bn_ctx = BN_CTX_new_ex(libctx); unsigned char tmp2[MAX_LEN]; BIGNUM *salttmp = NULL; @@ -709,7 +718,7 @@ int SRP_create_verifier_BN(const char *user, const char *pass, BIGNUM **salt, goto err; if (*salt == NULL) { - if (RAND_bytes(tmp2, SRP_RANDOM_SALT_LEN) <= 0) + if (RAND_bytes_ex(libctx, tmp2, SRP_RANDOM_SALT_LEN) <= 0) goto err; salttmp = BN_bin2bn(tmp2, SRP_RANDOM_SALT_LEN, NULL); @@ -719,7 +728,7 @@ int SRP_create_verifier_BN(const char *user, const char *pass, BIGNUM **salt, salttmp = *salt; } - x = SRP_Calc_x(salttmp, user, pass); + x = SRP_Calc_x_ex(salttmp, user, pass, libctx, propq); if (x == NULL) goto err; @@ -743,4 +752,11 @@ int SRP_create_verifier_BN(const char *user, const char *pass, BIGNUM **salt, return result; } +int SRP_create_verifier_BN(const char *user, const char *pass, BIGNUM **salt, + BIGNUM **verifier, const BIGNUM *N, + const BIGNUM *g) +{ + return SRP_create_verifier_BN_ex(user, pass, salt, verifier, N, g, NULL, + NULL); +} #endif diff --git a/doc/man3/SRP_Calc_B.pod b/doc/man3/SRP_Calc_B.pod new file mode 100644 index 0000000000..1353311f50 --- /dev/null +++ b/doc/man3/SRP_Calc_B.pod @@ -0,0 +1,88 @@ +=pod + +=head1 NAME + +SRP_Calc_server_key, +SRP_Calc_A, +SRP_Calc_B_ex, +SRP_Calc_B, +SRP_Calc_u_ex, +SRP_Calc_u, +SRP_Calc_x_ex, +SRP_Calc_x, +SRP_Calc_client_key_ex, +SRP_Calc_client_key +- SRP authentication primitives + +=head1 SYNOPSIS + + #include <openssl/srp.h> + + /* server side .... */ + BIGNUM *SRP_Calc_server_key(const BIGNUM *A, const BIGNUM *v, const BIGNUM *u, + const BIGNUM *b, const BIGNUM *N); + BIGNUM *SRP_Calc_B_ex(const BIGNUM *b, const BIGNUM *N, const BIGNUM *g, + const BIGNUM *v, OPENSSL_CTX *libctx, const char *propq); + BIGNUM *SRP_Calc_B(const BIGNUM *b, const BIGNUM *N, const BIGNUM *g, + const BIGNUM *v); + + BIGNUM *SRP_Calc_u_ex(const BIGNUM *A, const BIGNUM *B, const BIGNUM *N, + OPENSSL_CTX *libctx, const char *propq); + BIGNUM *SRP_Calc_u(const BIGNUM *A, const BIGNUM *B, const BIGNUM *N); + + /* client side .... */ + BIGNUM *SRP_Calc_client_key_ex(const BIGNUM *N, const BIGNUM *B, const BIGNUM *g, + const BIGNUM *x, const BIGNUM *a, const BIGNUM *u, + OPENSSL_CTX *libctx, const char *propq); + BIGNUM *SRP_Calc_client_key(const BIGNUM *N, const BIGNUM *B, const BIGNUM *g, + const BIGNUM *x, const BIGNUM *a, const BIGNUM *u); + BIGNUM *SRP_Calc_x_ex(const BIGNUM *s, const char *user, const char *pass, + OPENSSL_CTX *libctx, const char *propq); + BIGNUM *SRP_Calc_x(const BIGNUM *s, const char *user, const char *pass); + BIGNUM *SRP_Calc_A(const BIGNUM *a, const BIGNUM *N, const BIGNUM *g); + +=head1 DESCRIPTION + +The SRP functions described on this page are used to calculate various +parameters and keys used by SRP as defined in RFC2945. The server key and I<B> +and I<u> parameters are used on the server side and are calculated via +SRP_Calc_server_key(), SRP_Calc_B_ex(), SRP_Calc_B(), SRP_Calc_u_ex() and +SRP_Calc_u(). The client key and B<x> and B<A> parameters are used on the +client side and are calculated via the functions SRP_Calc_client_key_ex(), +SRP_Calc_client_key(), SRP_Calc_x_ex(), SRP_Calc_x() and SRP_Calc_A(). See +RFC2945 for a detailed description of their usage and the meaning of the various +BIGNUM parameters to these functions. + +Most of these functions come in two forms. Those that take a I<libctx> and +I<propq> parameter, and those that don't. Any cryptogrpahic functions that +are fetched and used during the calculation use the provided I<libctx> and +I<propq>. See L<provider(7)/Fetching algorithms> for more details. The variants +that do not take a I<libctx> and I<propq> parameter use the default library +context and property query string. The SRP_Calc_server_key() and SRP_Calc_A() +functions do not have a form that takes I<libctx> or I<propq> parameters because +they do not need to fetch any cryptographic algorithms. + +=head1 RETURN VALUES + +All these functions return the calculated key or parameter, or NULL on error. + +=head1 SEE ALSO + +L<openssl-srp(1)>, +L<SRP_VBASE_new(3)>, +L<SRP_user_pwd_new(3)> + +=head1 HISTORY + +These functions were added in OpenSSL 1.0.1. + +=head1 COPYRIGHT + +Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. + +Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +L<https://www.openssl.org/source/license.html>. + +=cut diff --git a/doc/man3/SRP_create_verifier.pod b/doc/man3/SRP_create_verifier.pod index fb77bba794..98f31d1430 100644 --- a/doc/man3/SRP_create_verifier.pod +++ b/doc/man3/SRP_create_verifier.pod @@ -2,7 +2,9 @@ =head1 NAME +SRP_create_verifier_ex, SRP_create_verifier, +SRP_create_verifier_BN_ex, SRP_create_verifier_BN, SRP_check_known_gN_param, SRP_get_default_gN @@ -12,8 +14,15 @@ SRP_get_default_gN #include <openssl/srp.h> + int SRP_create_verifier_BN_ex(const char *user, const char *pass, BIGNUM **salt, + BIGNUM **verifier, const BIGNUM *N, + const BIGNUM *g, OPENSSL_CTX *libctx, + const char *propq); char *SRP_create_verifier_BN(const char *user, const char *pass, BIGNUM **salt, BIGNUM **verifier, const BIGNUM *N, const BIGNUM *g); + char *SRP_create_verifier_ex(const char *user, const char *pass, char **salt, + char **verifier, const char *N, const char *g, + OPENSSL_CTX *libctx, const char *propq); char *SRP_create_verifier(const char *user, const char *pass, char **salt, char **verifier, const char *N, const char *g); @@ -22,46 +31,55 @@ SRP_get_default_gN =head1 DESCRIPTION -The SRP_create_verifier_BN() function creates an SRP password verifier from -the supplied parameters as defined in section 2.4 of RFC 5054. -On successful exit B<*verifier> will point to a newly allocated BIGNUM containing -the verifier and (if a salt was not provided) B<*salt> will be populated with a -newly allocated BIGNUM containing a random salt. If B<*salt> is not NULL then +The SRP_create_verifier_BN_ex() function creates an SRP password verifier from +the supplied parameters as defined in section 2.4 of RFC 5054 using the library +context I<libctx> and property query string I<propq>. Any cryptographic +algorithms that need to be fetched will use the I<libctx> and I<propq>. See +L<provider(7)/Fetching algorithms>. + +SRP_create_verifier_BN() is the same as SRP_create_verifier_BN_ex() except the +default library context and property query string is used. + +On successful exit I<*verifier> will point to a newly allocated BIGNUM containing +the verifier and (if a salt was not provided) I<*salt> will be populated with a +newly allocated BIGNUM containing a random salt. If I<*salt> is not NULL then the provided salt is used instead. -The caller is responsible for freeing the allocated B<*salt> and B<*verifier> +The caller is responsible for freeing the allocated I<*salt> and I<*verifier> BIGNUMS (use L<BN_free(3)>). The SRP_create_verifier() function is similar to SRP_create_verifier_BN() but all numeric parameters are in a non-standard base64 encoding originally designed for compatibility with libsrp. This is mainly present for historical compatibility and its use is discouraged. -It is possible to pass NULL as B<N> and an SRP group id as B<g> instead to +It is possible to pass NULL as I<N> and an SRP group id as I<g> instead to load the appropriate gN values (see SRP_get_default_gN()). -If both B<N> and B<g> are NULL the 8192-bit SRP group parameters are used. -The caller is responsible for freeing the allocated B<*salt> and B<*verifier> +If both I<N> and I<g> are NULL the 8192-bit SRP group parameters are used. +The caller is responsible for freeing the allocated I<*salt> and I<*verifier> (use L<OPENSSL_free(3)>). -The SRP_check_known_gN_param() function checks that B<g> and B<N> are valid +The SRP_check_known_gN_param() function checks that I<g> and I<N> are valid SRP group parameters from RFC 5054 appendix A. -The SRP_get_default_gN() function returns the gN parameters for the RFC 5054 B<id> +The SRP_get_default_gN() function returns the gN parameters for the RFC 5054 I<id> SRP group size. The known ids are "1024", "1536", "2048", "3072", "4096", "6144" and "8192". =head1 RETURN VALUES -SRP_create_verifier_BN() returns 1 on success and 0 on failure. +SRP_create_verifier_BN_ex() and SRP_create_verifier_BN() return 1 on success and +0 on failure. -SRP_create_verifier() returns NULL on failure and a non-NULL value on success: -"*" if B<N> is not NULL, the selected group id otherwise. This value should +SRP_create_verifier_ex() and SRP_create_verifier() return NULL on failure and a +non-NULL value on success: +"*" if I<N> is not NULL, the selected group id otherwise. This value should not be freed. SRP_check_known_gN_param() returns the text representation of the group id (ie. the prime bit size) or NULL if the arguments are not valid SRP group parameters. This value should not be freed. -SRP_get_default_gN() returns NULL if B<id> is not a valid group size, -or the 8192-bit group parameters if B<id> is NULL. +SRP_get_default_gN() returns NULL if I<id> is not a valid group size, +or the 8192-bit group parameters if I<id> is NULL. =head1 EXAMPLES @@ -79,7 +97,8 @@ omitted for clarity): SRP_gN *gN = SRP_get_default_gN("8192"); BIGNUM *salt = NULL, *verifier = NULL; - SRP_create_verifier_BN(username, password, &salt, &verifier, gN->N, gN->g); + SRP_create_verifier_BN_ex(username, password, &salt, &verifier, gN->N, gN->g, + NULL, NULL); SRP_user_pwd *pwd = SRP_user_pwd_new(); SRP_user_pwd_set1_ids(pwd, username, NULL); diff --git a/include/openssl/srp.h b/include/openssl/srp.h index 9f6f1b8644..bf3bf1bdfa 100644 --- a/include/openssl/srp.h +++ b/include/openssl/srp.h @@ -92,8 +92,15 @@ DEPRECATEDIN_1_1_0(SRP_user_pwd *SRP_VBASE_get_by_user(SRP_VBASE *vb, char *user /* NOTE: unlike in SRP_VBASE_get_by_user, caller owns the returned pointer.*/ SRP_user_pwd *SRP_VBASE_get1_by_user(SRP_VBASE *vb, char *username); +char *SRP_create_verifier_ex(const char *user, const char *pass, char **salt, + char **verifier, const char *N, const char *g, + OPENSSL_CTX *libctx, const char *propq); char *SRP_create_verifier(const char *user, const char *pass, char **salt, char **verifier, const char *N, const char *g); +int SRP_create_verifier_BN_ex(const char *user, const char *pass, BIGNUM **salt, + BIGNUM **verifier, const BIGNUM *N, + const BIGNUM *g, OPENSSL_CTX *libctx, + const char *propq); int SRP_create_verifier_BN(const char *user, const char *pass, BIGNUM **salt, BIGNUM **verifier, const BIGNUM *N, const BIGNUM *g); @@ -125,14 +132,23 @@ SRP_gN *SRP_get_default_gN(const char *id); /* server side .... */ BIGNUM *SRP_Calc_server_key(const BIGNUM *A, const BIGNUM *v, const BIGNUM *u, const BIGNUM *b, const BIGNUM *N); +BIGNUM *SRP_Calc_B_ex(const BIGNUM *b, const BIGNUM *N, const BIGNUM *g, + const BIGNUM *v, OPENSSL_CTX *libctx, const char *propq); BIGNUM *SRP_Calc_B(const BIGNUM *b, const BIGNUM *N, const BIGNUM *g, const BIGNUM *v); int SRP_Verify_A_mod_N(const BIGNUM *A, const BIGNUM *N); +BIGNUM *SRP_Calc_u_ex(const BIGNUM *A, const BIGNUM *B, const BIGNUM *N, + OPENSSL_CTX *libctx, const char *propq); BIGNUM *SRP_Calc_u(const BIGNUM *A, const BIGNUM *B, const BIGNUM *N); /* client side .... */ +BIGNUM *SRP_Calc_x_ex(const BIGNUM *s, const char *user, const char *pass, + OPENSSL_CTX *libctx, const char *propq); BIGNUM *SRP_Calc_x(const BIGNUM *s, const char *user, const char *pass); BIGNUM *SRP_Calc_A(const BIGNUM *a, const BIGNUM *N, const BIGNUM *g); +BIGNUM *SRP_Calc_client_key_ex(const BIGNUM *N, const BIGNUM *B, const BIGNUM *g, + const BIGNUM *x, const BIGNUM *a, const BIGNUM *u, + OPENSSL_CTX *libctx, const char *propq); BIGNUM *SRP_Calc_client_key(const BIGNUM *N, const BIGNUM *B, const BIGNUM *g, const BIGNUM *x, const BIGNUM *a, const BIGNUM *u); int SRP_Verify_B_mod_N(const BIGNUM *B, const BIGNUM *N); diff --git a/ssl/tls_srp.c b/ssl/tls_srp.c index 6888bcd4d4..311f507728 100644 --- a/ssl/tls_srp.c +++ b/ssl/tls_srp.c @@ -157,7 +157,7 @@ int SSL_srp_server_param_with_username(SSL *s, int *ad) (s->srp_ctx.s == NULL) || (s->srp_ctx.v == NULL)) return SSL3_AL_FATAL; - if (RAND_priv_bytes(b, sizeof(b)) <= 0) + if (RAND_priv_bytes_ex(s->ctx->libctx, b, sizeof(b)) <= 0) return SSL3_AL_FATAL; s->srp_ctx.b = BN_bin2bn(b, sizeof(b), NULL); OPENSSL_cleanse(b, sizeof(b)); @@ -165,8 +165,8 @@ int SSL_srp_server_param_with_username(SSL *s, int *ad) /* Calculate: B = (kv + g^b) % N */ return ((s->srp_ctx.B = - SRP_Calc_B(s->srp_ctx.b, s->srp_ctx.N, s->srp_ctx.g, - s->srp_ctx.v)) != + SRP_Calc_B_ex(s->srp_ctx.b, s->srp_ctx.N, s->srp_ctx.g, + s->srp_ctx.v, s->ctx->libctx, s->ctx->propq)) != NULL) ? SSL_ERROR_NONE : SSL3_AL_FATAL; } @@ -186,8 +186,9 @@ int SSL_set_srp_server_param_pw(SSL *s, const char *user, const char *pass, s->srp_ctx.v = NULL; BN_clear_free(s->srp_ctx.s); s->srp_ctx.s = NULL; - if (!SRP_create_verifier_BN - (user, pass, &s->srp_ctx.s, &s->srp_ctx.v, GN->N, GN->g)) + if (!SRP_create_verifier_BN_ex(user, pass, &s->srp_ctx.s, &s->srp_ctx.v, + GN->N, GN->g, s->ctx->libctx, + s->ctx->propq)) return -1; return 1; @@ -254,7 +255,8 @@ int srp_generate_server_master_secret(SSL *s) if (!SRP_Verify_A_mod_N(s->srp_ctx.A, s->srp_ctx.N)) goto err; - if ((u = SRP_Calc_u(s->srp_ctx.A, s->srp_ctx.B, s->srp_ctx.N)) == NULL) + if ((u = SRP_Calc_u_ex(s->srp_ctx.A, s->srp_ctx.B, s->srp_ctx.N, + s->ctx->libctx, s->ctx->propq)) == NULL) goto err; if ((K = SRP_Calc_server_key(s->srp_ctx.A, s->srp_ctx.v, u, s->srp_ctx.b, s->srp_ctx.N)) == NULL) @@ -287,7 +289,8 @@ int srp_generate_client_master_secret(SSL *s) * Checks if b % n == 0 */ if (SRP_Verify_B_mod_N(s->srp_ctx.B, s->srp_ctx.N) == 0 - || (u = SRP_Calc_u(s->srp_ctx.A, s->srp_ctx.B, s->srp_ctx.N)) + || (u = SRP_Calc_u_ex(s->srp_ctx.A, s->srp_ctx.B, s->srp_ctx.N, + s->ctx->libctx, s->ctx->propq)) == NULL || s->srp_ctx.SRP_give_srp_client_pwd_callback == NULL) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, @@ -302,10 +305,13 @@ int srp_generate_client_master_secret(SSL *s) SSL_R_CALLBACK_FAILED); goto err; } - if ((x = SRP_Calc_x(s->srp_ctx.s, s->srp_ctx.login, passwd)) == NULL - || (K = SRP_Calc_client_key(s->srp_ctx.N, s->srp_ctx.B, - s->srp_ctx.g, x, - s->srp_ctx.a, u)) == NULL) { + if ((x = SRP_Calc_x_ex(s->srp_ctx.s, s->srp_ctx.login, passwd, + s->ctx->libctx, s->ctx->propq)) == NULL + || (K = SRP_Calc_client_key_ex(s->srp_ctx.N, s->srp_ctx.B, + s->srp_ctx.g, x, + s->srp_ctx.a, u, + s->ctx->libctx, + s->ctx->propq)) == NULL) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SRP_GENERATE_CLIENT_MASTER_SECRET, ERR_R_INTERNAL_ERROR); goto err; @@ -369,7 +375,7 @@ int SRP_Calc_A_param(SSL *s) { unsigned char rnd[SSL_MAX_MASTER_KEY_LENGTH]; - if (RAND_priv_bytes(rnd, sizeof(rnd)) <= 0) + if (RAND_priv_bytes_ex(s->ctx->libctx, rnd, sizeof(rnd)) <= 0) return 0; s->srp_ctx.a = BN_bin2bn(rnd, sizeof(rnd), s->srp_ctx.a); OPENSSL_cleanse(rnd, sizeof(rnd)); diff --git a/test/sslapitest.c b/test/sslapitest.c index a9b7d20b3c..7956353f49 100644 --- a/test/sslapitest.c +++ b/test/sslapitest.c @@ -5533,8 +5533,8 @@ static int create_new_vfile(char *userid, char *password, const char *filename) if (!TEST_ptr(dummy) || !TEST_ptr(row)) goto end; - gNid = SRP_create_verifier(userid, password, &row[DB_srpsalt], - &row[DB_srpverifier], NULL, NULL); + gNid = SRP_create_verifier_ex(userid, password, &row[DB_srpsalt], + &row[DB_srpverifier], NULL, NULL, NULL, NULL); if (!TEST_ptr(gNid)) goto end; @@ -5590,8 +5590,8 @@ static int create_new_vbase(char *userid, char *password) if (!TEST_ptr(lgN)) goto end; - if (!TEST_true(SRP_create_verifier_BN(userid, password, &salt, &verifier, - lgN->N, lgN->g))) + if (!TEST_true(SRP_create_verifier_BN_ex(userid, password, &salt, &verifier, + lgN->N, lgN->g, NULL, NULL))) goto end; user_pwd = OPENSSL_zalloc(sizeof(*user_pwd)); diff --git a/util/libcrypto.num b/util/libcrypto.num index 6ff7179fc6..1650884ffe 100644 --- a/util/libcrypto.num +++ b/util/libcrypto.num @@ -5003,3 +5003,9 @@ OPENSSL_CTX_load_config ? 3_0_0 EXIST::FUNCTION: EVP_PKEY_set_type_by_keymgmt ? 3_0_0 EXIST::FUNCTION: OCSP_RESPID_set_by_key_ex ? 3_0_0 EXIST::FUNCTION:OCSP OCSP_RESPID_match_ex ? 3_0_0 EXIST::FUNCTION:OCSP +SRP_create_verifier_ex ? 3_0_0 EXIST::FUNCTION:SRP +SRP_create_verifier_BN_ex ? 3_0_0 EXIST::FUNCTION:SRP +SRP_Calc_B_ex ? 3_0_0 EXIST::FUNCTION:SRP +SRP_Calc_u_ex ? 3_0_0 EXIST::FUNCTION:SRP +SRP_Calc_x_ex ? 3_0_0 EXIST::FUNCTION:SRP +SRP_Calc_client_key_ex ? 3_0_0 EXIST::FUNCTION:SRP diff --git a/util/missingcrypto.txt b/util/missingcrypto.txt index 229b33b4da..e27adb6da1 100644 --- a/util/missingcrypto.txt +++ b/util/missingcrypto.txt @@ -1117,12 +1117,6 @@ SMIME_crlf_copy(3) SMIME_read_ASN1(3) SMIME_text(3) SMIME_write_ASN1(3) -SRP_Calc_A(3) -SRP_Calc_B(3) -SRP_Calc_client_key(3) -SRP_Calc_server_key(3) -SRP_Calc_u(3) -SRP_Calc_x(3) SRP_Verify_A_mod_N(3) SRP_Verify_B_mod_N(3) SSL_CTX_set0_ctlog_store(3)