This patch is the first portion of SRP (RFC 5054) support in OpenSSL.

The original work to add SRP to OpenSSL was done by the EdelKey project (http://www.edelweb.fr/EdelKey/). I am updating these patches for the latest development version of OpenSSL (0.9.9) and submitting them for integration.

This first patch only includes support for the 'crypto/srp' directory and the 'openssl/srp' command, as well as the 'no-srp' conditional compilation directive in 'configure'. This does NOT yet include support for TLS/SRP

ciphersuites, which will be added in an upcoming patch.

This patch applies cleanly against the 20081125 and 20081126 dev snapshots.

diff -ruN openssl-SNAP-20081125-orig/apps/demoSRP/srp_verifier.txt
openssl-SNAP-20081125-srp/apps/demoSRP/srp_verifier.txt --- openssl-SNAP-20081125-orig/apps/demoSRP/srp_verifier.txt 1970-01-01
00:00:00.000000000 +0000 +++ openssl-SNAP-20081125-srp/apps/demoSRP/srp_verifier.txt 2008-11-25
23:04:37.000000000 +0000 @@ -0,0 +1,6 @@ +# This is a file that will be filled by the openssl srp routine. +# You can initialize the file with additional groups, these are +# records starting with a I followed by the g and N values and the id. +# The exact values ... you have to dig this out from the source of srp.c +# or srp_vfy.c +# The last value of an I is used as the default group for new users. diff -ruN openssl-SNAP-20081125-orig/apps/demoSRP/srp_verifier.txt.attr
openssl-SNAP-20081125-srp/apps/demoSRP/srp_verifier.txt.attr --- openssl-SNAP-20081125-orig/apps/demoSRP/srp_verifier.txt.attr 1970-01-01
00:00:00.000000000 +0000 +++ openssl-SNAP-20081125-srp/apps/demoSRP/srp_verifier.txt.attr 2008-11-25
23:04:37.000000000 +0000 @@ -0,0 +1 @@ +unique_subject = yes diff -ruN openssl-SNAP-20081125-orig/apps/Makefile
openssl-SNAP-20081125-srp/apps/Makefile --- openssl-SNAP-20081125-orig/apps/Makefile 2008-10-26 19:00:05.000000000 +0000 +++ openssl-SNAP-20081125-srp/apps/Makefile 2008-11-25 23:04:37.000000000 +0000 @@ -39,7 +39,7 @@ ca crl rsa rsautl dsa dsaparam ec ecparam \ x509 genrsa gendsa genpkey s_server s_client speed \ s_time version pkcs7 cms crl2pkcs7 sess_id ciphers nseq pkcs12 \ - pkcs8 pkey pkeyparam pkeyutl spkac smime rand engine ocsp prime ts + pkcs8 pkey pkeyparam pkeyutl spkac smime rand engine ocsp prime ts srp

PROGS= $(PROGRAM).c

@@ -56,7 +56,7 @@ x509.o genrsa.o gendsa.o genpkey.o s_server.o s_client.o speed.o \ s_time.o $(A_OBJ) $(S_OBJ) $(RAND_OBJ) version.o sess_id.o \ ciphers.o nseq.o pkcs12.o pkcs8.o pkey.o pkeyparam.o pkeyutl.o \ - spkac.o smime.o cms.o rand.o engine.o ocsp.o prime.o ts.o + spkac.o smime.o cms.o rand.o engine.o ocsp.o prime.o ts.o srp.o

E_SRC= verify.c asn1pars.c req.c dgst.c dh.c enc.c passwd.c gendh.c errstr.c
ca.c \ pkcs7.c crl2p7.c crl.c \ @@ -64,7 +64,7 @@ x509.c genrsa.c gendsa.c genpkey.c s_server.c s_client.c speed.c \ s_time.c $(A_SRC) $(S_SRC) $(RAND_SRC) version.c sess_id.c \ ciphers.c nseq.c pkcs12.c pkcs8.c pkey.c pkeyparam.c pkeyutl.c \ - spkac.c smime.c cms.c rand.c engine.c ocsp.c prime.c ts.c + spkac.c smime.c cms.c rand.c engine.c ocsp.c prime.c ts.c srp.c

SRC=$(E_SRC)

diff -ruN openssl-SNAP-20081125-orig/apps/progs.h
openssl-SNAP-20081125-srp/apps/progs.h --- openssl-SNAP-20081125-orig/apps/progs.h 2008-05-26 12:00:10.000000000 +0000 +++ openssl-SNAP-20081125-srp/apps/progs.h 2008-11-25 23:04:38.000000000 +0000 @@ -44,6 +44,7 @@ extern int rand_main(int argc,char *argv[]); extern int engine_main(int argc,char *argv[]); extern int ocsp_main(int argc,char *argv[]); +extern int srp_main(int argc,char *argv[]); extern int prime_main(int argc,char *argv[]); extern int ts_main(int argc,char *argv[]);

@@ -143,6 +144,9 @@ {FUNC_TYPE_GENERAL,"engine",engine_main}, #endif {FUNC_TYPE_GENERAL,"ocsp",ocsp_main}, +#ifndef OPENSSL_NO_SRP + {FUNC_TYPE_GENERAL,"srp",srp_main}, +#endif {FUNC_TYPE_GENERAL,"prime",prime_main}, {FUNC_TYPE_GENERAL,"ts",ts_main}, #ifndef OPENSSL_NO_MD2 diff -ruN openssl-SNAP-20081125-orig/apps/srp.c
openssl-SNAP-20081125-srp/apps/srp.c --- openssl-SNAP-20081125-orig/apps/srp.c 1970-01-01 00:00:00.000000000 +0000 +++ openssl-SNAP-20081125-srp/apps/srp.c 2008-11-25 23:04:38.000000000 +0000 @@ -0,0 +1,698 @@ +/* apps/srp.c */ +/* Copyright (C) 1995-1998 Eric Young (ea...@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (ea...@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tj...@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (ea...@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an
acknowledgement: + * "This product includes software written by Tim Hudson
(tj...@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include <openssl/opensslconf.h> + +#ifndef OPENSSL_NO_SRP +#include <stdio.h> +#include <stdlib.h> +#include <string.h> +#include <openssl/conf.h> +#include <openssl/bio.h> +#include <openssl/err.h> +#include <openssl/txt_db.h> +#include <openssl/buffer.h> +#include <openssl/srp.h> + +#include "apps.h" + +#undef PROG +#define PROG srp_main + +#define BASE_SECTION "srp" +#define CONFIG_FILE "openssl.cnf" + +#define ENV_RANDFILE "RANDFILE" + +#define ENV_DATABASE "srpvfile" +#define ENV_DEFAULT_SRP "default_srp" + +static char *srp_usage[]={ +"usage: srp [args] [user] \n", +"\n", +" -verbose Talk alot while doing things\n", +" -config file A config file\n", +" -name arg The particular srp definition to use\n", +" -srpvfile arg The srp verifier file name\n", +" -add add an user and srp verifier\n", +" -modify modify the srp verifier of an existing user\n", +" -delete delete user from verifier file\n", +" -list list user\n", +" -gn arg g and N values to be used for new verifier\n", +" -userinfo arg additional info to be set for user\n", +" -passin arg input file pass phrase source\n", +" -passout arg output file pass phrase source\n", +#ifndef OPENSSL_NO_ENGINE +" -engine e - use engine e, possibly a hardware device.\n", +#endif +NULL +}; + +#ifdef EFENCE +extern int EF_PROTECT_FREE; +extern int EF_PROTECT_BELOW; +extern int EF_ALIGNMENT; +#endif + +static CONF *conf=NULL; +static char *section=NULL; + +#define VERBOSE if (verbose) +#define VVERBOSE if (verbose>1) + + +int MAIN(int, char **); + +int get_index(CA_DB *db, char* id, char type) { + char ** pp; + int i; + if (id == NULL) return -1; + if (type == DB_SRP_INDEX) + for (i = 0; i < sk_num(db->db->data); i++) { + pp=(char **)sk_value(db->db->data,i); + if (pp[DB_srptype][0] == DB_SRP_INDEX && !strcmp(id,pp[DB_srpid])) + return i; + } + else for (i = 0; i < sk_num(db->db->data); i++) { + pp=(char **)sk_value(db->db->data,i); + + if (pp[DB_srptype][0] != DB_SRP_INDEX && !strcmp(id,pp[DB_srpid])) + return i; + } + + return -1 ; +} + +void print_entry(CA_DB *db, BIO * bio, int index,int verbose, char * s) { + if (index >= 0 && verbose) { + int j; + char ** pp=(char **)sk_value(db->db->data,index); + BIO_printf(bio,"%s \"%s\"\n",s,pp[DB_srpid]); + for (j = 0; j < DB_NUMBER; j++) { + BIO_printf(bio_err," %d = \"%s\"\n",j,pp[j]); + } + } +} + +void print_index(CA_DB *db, BIO * bio, int indexindex,int verbose) { + print_entry(db,bio,indexindex, verbose, "g N entry") ; +} + +void print_user(CA_DB *db, BIO * bio, int userindex,int verbose) { + if (verbose > 0) { + char ** pp= (char **)sk_value(db->db->data,userindex); + + if (pp[DB_srptype][0] != 'I') { + print_entry(db,bio,userindex, verbose, "User entry"); + print_entry(db,bio,get_index(db, pp[DB_srpgN],'I'),verbose,"g N entry") ; + } + + } +} + + + +int update_index(CA_DB *db, BIO * bio, char ** row) { + + char ** irow; + int i; + + if ((irow=(char **)OPENSSL_malloc(sizeof(char *)*(DB_NUMBER+1))) == NULL) + { + BIO_printf(bio_err,"Memory allocation failure\n"); + return 0; + } + + for (i=0; i<DB_NUMBER; i++) + { + irow[i]=row[i]; + row[i]=NULL; + } + irow[DB_NUMBER]=NULL; + + if (!TXT_DB_insert(db->db,irow)) { + BIO_printf(bio,"failed to update srpvfile\n"); + BIO_printf(bio,"TXT_DB error number %ld\n",db->db->error); + OPENSSL_free(irow); + return 0; + } + return 1; +} + +static void lookup_fail(char *name, char *tag) + { + BIO_printf(bio_err,"variable lookup failed for %s::%s\n",name,tag); + } + + +char * srp_verify_user(char * user,char * srp_verifier, char *
srp_usersalt,char * g, char * N, char * passin, BIO *bio, int verbose) { + char password[1024]; + PW_CB_DATA cb_tmp; + char *verifier = NULL; + char *gNid = NULL; + cb_tmp.prompt_info = user; + cb_tmp.password = passin; + + if (password_callback(password,1024,0,&cb_tmp) >0) { + VERBOSE BIO_printf(bio,"Validating\n user=\"%s\"\n srp_verifier=\"%s\"\n
srp_usersalt=\"%s\"\n g=\"%s\"\n
N=\"%s\"\n",user,srp_verifier,srp_usersalt,g,N); +BIO_printf(bio,"Pass %s\n",password); + + if (!(gNid=SRP_create_verifier(user, password, &srp_usersalt, &verifier, N,
g))) { + BIO_printf(bio,"Internal error validating SRP verifier\n"); + } else { + if (strcmp(verifier,srp_verifier)) + gNid = NULL; + OPENSSL_free(verifier); + } + + } + return gNid; + +} + +char * srp_create_user(char * user,char **srp_verifier, char
**srp_usersalt,char *g, char *N, char *passout, BIO *bio, int verbose) { + char password[1024]; + PW_CB_DATA cb_tmp; + char *gNid = NULL; + char *salt = NULL; + cb_tmp.prompt_info = user; + cb_tmp.password = passout; + + if (password_callback(password,1024,1,&cb_tmp) >0) { + + VERBOSE BIO_printf(bio,"Creating\n user=\"%s\"\n g=\"%s\"\n
N=\"%s\"\n",user,g,N); + if (!(gNid =SRP_create_verifier(user, password, &salt, srp_verifier, N, g)))
{ + BIO_printf(bio,"Internal error creating SRP verifier\n"); + } else + *srp_usersalt = salt; + VVERBOSE BIO_printf(bio,"gNid=%s salt =\"%s\"\n verifier =\"%s\"\n",
gNid,salt, *srp_verifier); + + } + return gNid; + +} + + +int MAIN(int argc, char **argv) + { +#ifndef OPENSSL_NO_ENGINE + ENGINE *e = NULL; +#endif + int add_user = 0; + int list_user= 0; + int delete_user= 0; + int modify_user= 0; + char * user = NULL; + + char *passargin = NULL, *passargout = NULL; + char *passin = NULL, *passout = NULL; + char * gN = NULL; + int gNindex = -1; + char ** gNrow = NULL; + int maxgN = -1; + + char * userinfo = NULL; + + int badops=0; + int ret=1; + int errors=0; + int verbose=0; + int doupdatedb=0; + char *configfile=NULL; + char *dbfile=NULL; + CA_DB *db=NULL; + char **pp ; + int i; + long errorline = -1; + char *randfile=NULL; +#ifndef OPENSSL_NO_ENGINE + char *engine = NULL; +#endif + char *tofree=NULL; + DB_ATTR db_attr; + +#ifdef EFENCE +EF_PROTECT_FREE=1; +EF_PROTECT_BELOW=1; +EF_ALIGNMENT=0; +#endif + + apps_startup(); + + conf = NULL; + section = NULL; + + if (bio_err == NULL) + if ((bio_err=BIO_new(BIO_s_file())) != NULL) + BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT); + + argc--; + argv++; + while (argc >= 1 && badops == 0) { + if (strcmp(*argv,"-verbose") == 0) + verbose++; + else if (strcmp(*argv,"-config") == 0) + { + if (--argc < 1) goto bad; + configfile= *(++argv); + } + else if (strcmp(*argv,"-name") == 0) + { + if (--argc < 1) goto bad; + section= *(++argv); + } + else if (strcmp(*argv,"-srpvfile") == 0) + { + if (--argc < 1) goto bad; + dbfile= *(++argv); + } + else if (strcmp(*argv,"-add") == 0) + add_user=1; + else if (strcmp(*argv,"-delete") == 0) + delete_user=1; + else if (strcmp(*argv,"-modify") == 0) + modify_user=1; + else if (strcmp(*argv,"-list") == 0) + list_user=1; + else if (strcmp(*argv,"-gn") == 0) + { + if (--argc < 1) goto bad; + gN= *(++argv); + } + else if (strcmp(*argv,"-userinfo") == 0) + { + if (--argc < 1) goto bad; + userinfo= *(++argv); + } + else if (strcmp(*argv,"-passin") == 0) + { + if (--argc < 1) goto bad; + passargin= *(++argv); + } + else if (strcmp(*argv,"-passout") == 0) + { + if (--argc < 1) goto bad; + passargout= *(++argv); + } +#ifndef OPENSSL_NO_ENGINE + else if (strcmp(*argv,"-engine") == 0) + { + if (--argc < 1) goto bad; + engine= *(++argv); + } +#endif + + else if (**argv == '-') + { +bad: + BIO_printf(bio_err,"unknown option %s\n",*argv); + badops=1; + break; + } + else + break; + + argc--; + argv++; + } + + if (dbfile && configfile) { + BIO_printf(bio_err,"-dbfile and -configfile cannot be specified
together.\n"); + badops = 1; + } + if (add_user+delete_user+modify_user+list_user != 1) { + BIO_printf(bio_err,"Exactly one of the options -add, -delete, -modify -list
must be specified.\n"); + badops = 1; + } + if (delete_user+modify_user+delete_user== 1 && argc <= 0) { + BIO_printf(bio_err,"Need at least one user for options -add, -delete,
-modify. \n"); + badops = 1; + } + if ((passin || passout) && argc != 1 ) { + BIO_printf(bio_err,"-passin, -passout arguments only valid with one
user.\n"); + badops = 1; + } + + if (badops) + { + for (pp=srp_usage; (*pp != NULL); pp++) + BIO_printf(bio_err,"%s",*pp); + + BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR,
LIST_SEPARATOR_CHAR); + BIO_printf(bio_err," load the file (or the files in the
directory) into\n"); + BIO_printf(bio_err," the random number generator\n"); + goto err; + } + + ERR_load_crypto_strings(); + +#ifndef OPENSSL_NO_ENGINE + e = setup_engine(bio_err, engine, 0); +#endif + + if(!app_passwd(bio_err, passargin, passargout, &passin, &passout)) { + BIO_printf(bio_err, "Error getting passwords\n"); + goto err; + } + + if (!dbfile) { + + + /*****************************************************************/ + tofree=NULL; + if (configfile == NULL) configfile = getenv("OPENSSL_CONF"); + if (configfile == NULL) configfile = getenv("SSLEAY_CONF"); + if (configfile == NULL) { + const char *s=X509_get_default_cert_area(); + size_t len; + +#ifdef OPENSSL_SYS_VMS + len = strlen(s)+sizeof(CONFIG_FILE); + tofree=OPENSSL_malloc(len); + strcpy(tofree,s); +#else + len = strlen(s)+sizeof(CONFIG_FILE)+1; + tofree=OPENSSL_malloc(len); + BUF_strlcpy(tofree,s,len); + BUF_strlcat(tofree,"/",len); +#endif + BUF_strlcat(tofree,CONFIG_FILE,len); + configfile=tofree; + } + + VERBOSE BIO_printf(bio_err,"Using configuration from %s\n",configfile); + conf = NCONF_new(NULL); + if (NCONF_load(conf,configfile,&errorline) <= 0) { + if (errorline <= 0) + BIO_printf(bio_err,"error loading the config file '%s'\n", + configfile); + else + BIO_printf(bio_err,"error on line %ld of config file '%s'\n" + ,errorline,configfile); + goto err; + } + if(tofree) { + OPENSSL_free(tofree); + tofree = NULL; + } + + if (!load_config(bio_err, conf)) + goto err; + + /* Lets get the config section we are using */ + if (section == NULL) { + VERBOSE BIO_printf(bio_err,"trying to read " ENV_DEFAULT_SRP " in \"
BASE_SECTION \"\n"); + + section=NCONF_get_string(conf,BASE_SECTION,ENV_DEFAULT_SRP); + if (section == NULL) { + lookup_fail(BASE_SECTION,ENV_DEFAULT_SRP); + goto err; + } + } + + if (randfile == NULL && conf) + randfile = NCONF_get_string(conf, BASE_SECTION, "RANDFILE"); + + + VERBOSE BIO_printf(bio_err,"trying to read " ENV_DATABASE " in section
\"%s\"\n",section); + + if ((dbfile=NCONF_get_string(conf,section,ENV_DATABASE)) == NULL) { + lookup_fail(section,ENV_DATABASE); + goto err; + } + + } + if (randfile == NULL) + ERR_clear_error(); + else + app_RAND_load_file(randfile, bio_err, 0); + + VERBOSE BIO_printf(bio_err,"Trying to read SRP verifier file
\"%s\"\n",dbfile); + + db = load_index(dbfile, &db_attr); + if (db == NULL) goto err; + + /* Lets check some fields */ + for (i=0; i<sk_num(db->db->data); i++) { + pp=(char **)sk_value(db->db->data,i); + + if (pp[DB_srptype][0] == DB_SRP_INDEX) { + maxgN = i; + if (gNindex < 0 && gN != NULL && !strcmp(gN,pp[DB_srpid])) + gNindex = i; + + print_index(db,bio_err,i,verbose>1) ; + } + } + + VERBOSE BIO_printf(bio_err,"Database initialised\n"); + + if (gNindex >= 0) { + gNrow=(char **)sk_value(db->db->data,gNindex); + print_entry(db,bio_err,gNindex,verbose>1,"Default g and N") ; + } else if (maxgN > 0 && !SRP_get_default_gN(gN)) { + BIO_printf(bio_err,"No g and N value for index \"%s\"\n",gN); + goto err; + } else { + VERBOSE BIO_printf(bio_err,"Database has no g N information.\n"); + gNrow = NULL; + } + + + VVERBOSE BIO_printf(bio_err,"Starting user processing\n"); + + if (argc > 0) + user = *(argv++) ; + + while (list_user || user) { + + + int userindex = -1; + if (user) + VVERBOSE BIO_printf(bio_err,"Processing user \"%s\"\n",user); + if ((userindex = get_index(db, user, 'U')) >= 0) { + print_user(db,bio_err,userindex,(verbose >0) || list_user) ; + } + + if (list_user) { + if ( user == NULL) { + BIO_printf(bio_err,"List all users\n"); + + for (i=0; i<sk_num(db->db->data); i++) { + print_user(db,bio_err,i,1) ; + } + list_user = 0; + } else if (userindex < 0) { + BIO_printf(bio_err,"user \"%s\" does not exist, ignored. t\n",user); + errors++; + } + } else if (add_user) { + + if (userindex>=0) { + + /* reactivation of a new user */ + char ** row= (char **)sk_value(db->db->data,userindex); + BIO_printf(bio_err,"user \"%s\" reactivated.\n",user); + row[DB_srptype][0] = 'V' ; + + doupdatedb = 1; + } else { + char *row[DB_NUMBER] ; char * gNid; + row[DB_srpverifier] = NULL; + row[DB_srpsalt] = NULL; + row[DB_srpinfo] = NULL; + if (!(gNid = srp_create_user(user,&(row[DB_srpverifier]),
&(row[DB_srpsalt]),gNrow?gNrow[DB_srpsalt]:gN,gNrow?gNrow[DB_srpverifier]:NULL,
passout, bio_err,verbose))) { + BIO_printf(bio_err,"Cannot create srp verifier for user \"%s\", operation
abandonned .\n",user); + errors++ ; + goto err; + } + row[DB_srpid] = BUF_strdup(user); + row[DB_srptype] = BUF_strdup("v"); + row[DB_srpgN] = BUF_strdup(gNid); + + if (!row[DB_srpid] || !row[DB_srpgN] || !row[DB_srptype] ||
!row[DB_srpverifier] || !row[DB_srpsalt] || + (userinfo && (!(row[DB_srpinfo] = BUF_strdup(userinfo)))) || + !update_index(db, bio_err, row)) { + if (row[DB_srpid]) OPENSSL_free(row[DB_srpid]); + if (row[DB_srpgN]) OPENSSL_free(row[DB_srpgN]); + if (row[DB_srpinfo]) OPENSSL_free(row[DB_srpinfo]); + if (row[DB_srptype]) OPENSSL_free(row[DB_srptype]); + if (row[DB_srpverifier]) OPENSSL_free(row[DB_srpverifier]); + if (row[DB_srpsalt]) OPENSSL_free(row[DB_srpsalt]); + goto err; + } + doupdatedb = 1; + + } + + } else if (modify_user) { + if (userindex<0) { + BIO_printf(bio_err,"user \"%s\" does not exist, operation
ignored.\n",user); + errors++ ; + } else { + + char ** row=(char **)sk_value(db->db->data,userindex); + char type = row[DB_srptype][0] ; + if (type == 'v') { + BIO_printf(bio_err,"user \"%s\" already updated, operation
ignored.\n",user); + errors++ ; + } else { + char * gNid ; + + if (row[DB_srptype][0] == 'V') { + int user_gN ; + char ** irow = NULL; + VERBOSE BIO_printf(bio_err,"Verifying password for user \"%s\"\n",user); + if ( (user_gN = get_index(db, row[DB_srpgN],DB_SRP_INDEX)) >= 0) + irow=(char **)sk_value(db->db->data,userindex); + + if (!srp_verify_user(user,row[DB_srpverifier],
row[DB_srpsalt],irow?irow[DB_srpsalt]:row[DB_srpgN],
irow?irow[DB_srpverifier]:NULL, passin, bio_err,verbose)) { + BIO_printf(bio_err,"Invalid password for user \"%s\", operation
abandonned .\n",user); + errors++ ; + goto err; + } + } + VERBOSE BIO_printf(bio_err,"Password for user \"%s\" ok.\n",user); + + if (!(gNid=srp_create_user(user,&(row[DB_srpverifier]),
&(row[DB_srpsalt]),gNrow?gNrow[DB_srpsalt]:NULL,
gNrow?gNrow[DB_srpverifier]:NULL, passout, bio_err,verbose))) { + BIO_printf(bio_err,"Cannot create srp verifier for user \"%s\",
operation abandonned .\n"); + errors++ ; + goto err; + } + + row[DB_srptype][0] = 'v'; + row[DB_srpgN] = BUF_strdup(gNid); + + if (!row[DB_srpid] || !row[DB_srpgN] || !row[DB_srptype] ||
!row[DB_srpverifier] || !row[DB_srpsalt] || + (userinfo && (!(row[DB_srpinfo] = BUF_strdup(userinfo))))) + goto err; + + doupdatedb = 1; + + } + } + + } else if (delete_user) { + if (userindex<0) { + BIO_printf(bio_err,"user \"%s\" does not exist, operation ignored.
t\n",user); + errors++; + } else { + + char ** pp= (char **)sk_value(db->db->data,userindex); + BIO_printf(bio_err,"user \"%s\" revoked. t\n",user); + + pp[DB_srptype][0] = 'R' ; + + doupdatedb = 1; + } + } + if (--argc > 0) + user = *(argv++) ; + else { + user = NULL; + list_user = 0; + } + + } + + VERBOSE BIO_printf(bio_err,"User procession done.\n"); + + + if (doupdatedb) { + + /* Lets check some fields */ + for (i=0; i<sk_num(db->db->data); i++) { + pp=(char **)sk_value(db->db->data,i); + + if (pp[DB_srptype][0] == 'v') { + pp[DB_srptype][0] = 'V'; + print_user(db,bio_err,i,verbose) ; + } + } + + VERBOSE BIO_printf(bio_err,"Trying to update srpvfile.\n"); + if (!save_index(dbfile,"new",db)) goto err; + + VERBOSE BIO_printf(bio_err,"Temporary srpvfile created.\n"); + if (!rotate_index(dbfile,"new","old")) goto err; + + VERBOSE BIO_printf(bio_err,"srpvfile updated.\n"); + } + + ret = (errors != 0); +err: + if (errors != 0) + VERBOSE BIO_printf(bio_err,"User errors %d.\n",errors); + + VERBOSE BIO_printf(bio_err,"SRP terminating with code %d.\n",ret); + if(tofree) + OPENSSL_free(tofree); + if (ret) ERR_print_errors(bio_err); + if (randfile) app_RAND_write_file(randfile, bio_err); + if (conf) NCONF_free(conf); + if (db) free_index(db); + + OBJ_cleanup(); + apps_shutdown(); + OPENSSL_EXIT(ret); + } + + + +#endif + diff -ruN openssl-SNAP-20081125-orig/crypto/srp/Makefile
openssl-SNAP-20081125-srp/crypto/srp/Makefile --- openssl-SNAP-20081125-orig/crypto/srp/Makefile 1970-01-01 00:00:00.000000000
+0000 +++ openssl-SNAP-20081125-srp/crypto/srp/Makefile 2008-11-25 23:04:38.000000000
+0000 @@ -0,0 +1,88 @@ +DIR= srp +TOP= ../.. +CC= cc +INCLUDES= -I.. -I$(TOP) -I../../include +CFLAG=-g +INSTALL_PREFIX= +OPENSSLDIR= /usr/local/ssl +INSTALLTOP=/usr/local/ssl +MAKE= make -f Makefile.ssl +MAKEDEPPROG= makedepend +MAKEDEPEND= $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG) +MAKEFILE= Makefile.ssl +AR= ar r + +CFLAGS= $(INCLUDES) $(CFLAG) + +GENERAL=Makefile +TEST= +APPS= + +LIB=$(TOP)/libcrypto.a +LIBSRC=srp_lib.c srp_vfy.c +LIBOBJ=srp_lib.o srp_vfy.o + +SRC= $(LIBSRC) + +EXHEADER= srp.h +HEADER= $(EXHEADER) + +top: + (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all) + +all: lib + +lib: $(LIBOBJ) + $(AR) $(LIB) $(LIBOBJ) + $(RANLIB) $(LIB) || echo Never mind. + @touch lib + +links: + @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER) + @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST) + @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS) + +install: + @for i in $(EXHEADER) ; \ + do \ + (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ + chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ + done; + +tags: + ctags $(SRC) + +tests: + +lint: + lint -DLINT $(INCLUDES) $(SRC)>fluff + +depend: + $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) + +dclean: + $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE)
>Makefile.new + mv -f Makefile.new $(MAKEFILE) + +clean: + rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff + +# DO NOT DELETE THIS LINE -- make depend depends on it. + +srp_lib.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h +srp_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h +srp_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h +srp_lib.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h +srp_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h +srp_lib.o: ../../include/openssl/sha.h ../../include/openssl/srp.h +srp_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +srp_lib.o: ../cryptlib.h srp_grps.h srp_lcl.h srp_lib.c +srp_vfy.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h +srp_vfy.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h +srp_vfy.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h +srp_vfy.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h +srp_vfy.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +srp_vfy.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h +srp_vfy.o: ../../include/openssl/sha.h ../../include/openssl/srp.h +srp_vfy.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +srp_vfy.o: ../../include/openssl/txt_db.h ../cryptlib.h srp_lcl.h srp_vfy.c diff -ruN openssl-SNAP-20081125-orig/crypto/srp/srp_grps.h
openssl-SNAP-20081125-srp/crypto/srp/srp_grps.h --- openssl-SNAP-20081125-orig/crypto/srp/srp_grps.h 1970-01-01
00:00:00.000000000 +0000 +++ openssl-SNAP-20081125-srp/crypto/srp/srp_grps.h 2008-11-25
23:04:38.000000000 +0000 @@ -0,0 +1,517 @@ +/* start of generated data */ + +static BN_ULONG bn_group_1024_value[] = { + bn_pack4(9FC6,1D2F,C0EB,06E3), + bn_pack4(FD51,38FE,8376,435B), + bn_pack4(2FD4,CBF4,976E,AA9A), + bn_pack4(68ED,BC3C,0572,6CC0), + bn_pack4(C529,F566,660E,57EC), + bn_pack4(8255,9B29,7BCF,1885), + bn_pack4(CE8E,F4AD,69B1,5D49), + bn_pack4(5DC7,D7B4,6154,D6B6), + bn_pack4(8E49,5C1D,6089,DAD1), + bn_pack4(E0D5,D8E2,50B9,8BE4), + bn_pack4(383B,4813,D692,C6E0), + bn_pack4(D674,DF74,96EA,81D3), + bn_pack4(9EA2,314C,9C25,6576), + bn_pack4(6072,6187,75FF,3C0B), + bn_pack4(9C33,F80A,FA8F,C5E8), + bn_pack4(EEAF,0AB9,ADB3,8DD6) +}; +static BIGNUM bn_group_1024 = { + bn_group_1024_value, + (sizeof bn_group_1024_value)/sizeof(BN_ULONG), + (sizeof bn_group_1024_value)/sizeof(BN_ULONG), + 0, + BN_FLG_STATIC_DATA +}; + +static BN_ULONG bn_group_1536_value[] = { + bn_pack4(CF76,E3FE,D135,F9BB), + bn_pack4(1518,0F93,499A,234D), + bn_pack4(8CE7,A28C,2442,C6F3), + bn_pack4(5A02,1FFF,5E91,479E), + bn_pack4(7F8A,2FE9,B8B5,292E), + bn_pack4(837C,264A,E3A9,BEB8), + bn_pack4(E442,734A,F7CC,B7AE), + bn_pack4(6577,2E43,7D6C,7F8C), + bn_pack4(DB2F,D53D,24B7,C486), + bn_pack4(6EDF,0195,3934,9627), + bn_pack4(158B,FD3E,2B9C,8CF5), + bn_pack4(764E,3F4B,53DD,9DA1), + bn_pack4(4754,8381,DBC5,B1FC), + bn_pack4(9B60,9E0B,E3BA,B63D), + bn_pack4(8134,B1C8,B979,8914), + bn_pack4(DF02,8A7C,EC67,F0D0), + bn_pack4(80B6,55BB,9A22,E8DC), + bn_pack4(1558,903B,A0D0,F843), + bn_pack4(51C6,A94B,E460,7A29), + bn_pack4(5F4F,5F55,6E27,CBDE), + bn_pack4(BEEE,A961,4B19,CC4D), + bn_pack4(DBA5,1DF4,99AC,4C80), + bn_pack4(B1F1,2A86,17A4,7BBB), + bn_pack4(9DEF,3CAF,B939,277A) +}; +static BIGNUM bn_group_1536 = { + bn_group_1536_value, + (sizeof bn_group_1536_value)/sizeof(BN_ULONG), + (sizeof bn_group_1536_value)/sizeof(BN_ULONG), + 0, + BN_FLG_STATIC_DATA +}; + +static BN_ULONG bn_group_2048_value[] = { + bn_pack4(0FA7,111F,9E4A,FF73), + bn_pack4(9B65,E372,FCD6,8EF2), + bn_pack4(35DE,236D,525F,5475), + bn_pack4(94B5,C803,D89F,7AE4), + bn_pack4(71AE,35F8,E9DB,FBB6), + bn_pack4(2A56,98F3,A8D0,C382), + bn_pack4(9CCC,041C,7BC3,08D8), + bn_pack4(AF87,4E73,03CE,5329), + bn_pack4(6160,2790,04E5,7AE6), + bn_pack4(032C,FBDB,F52F,B378), + bn_pack4(5EA7,7A27,75D2,ECFA), + bn_pack4(5445,23B5,24B0,D57D), + bn_pack4(5B9D,32E6,88F8,7748), + bn_pack4(F1D2,B907,8717,461A), + bn_pack4(76BD,207A,436C,6481), + bn_pack4(CA97,B43A,23FB,8016), + bn_pack4(1D28,1E44,6B14,773B), + bn_pack4(7359,D041,D5C3,3EA7), + bn_pack4(A80D,740A,DBF4,FF74), + bn_pack4(55F9,7993,EC97,5EEA), + bn_pack4(2918,A996,2F0B,93B8), + bn_pack4(661A,05FB,D5FA,AAE8), + bn_pack4(CF60,9517,9A16,3AB3), + bn_pack4(E808,3969,EDB7,67B0), + bn_pack4(CD7F,48A9,DA04,FD50), + bn_pack4(D523,12AB,4B03,310D), + bn_pack4(8193,E075,7767,A13D), + bn_pack4(A373,29CB,B4A0,99ED), + bn_pack4(FC31,9294,3DB5,6050), + bn_pack4(AF72,B665,1987,EE07), + bn_pack4(F166,DE5E,1389,582F), + bn_pack4(AC6B,DB41,324A,9A9B) +}; +static BIGNUM bn_group_2048 = { + bn_group_2048_value, + (sizeof bn_group_2048_value)/sizeof(BN_ULONG), + (sizeof bn_group_2048_value)/sizeof(BN_ULONG), + 0, + BN_FLG_STATIC_DATA +}; + +static BN_ULONG bn_group_3072_value[] = { + bn_pack4(FFFF,FFFF,FFFF,FFFF), + bn_pack4(4B82,D120,A93A,D2CA), + bn_pack4(43DB,5BFC,E0FD,108E), + bn_pack4(08E2,4FA0,74E5,AB31), + bn_pack4(7709,88C0,BAD9,46E2), + bn_pack4(BBE1,1757,7A61,5D6C), + bn_pack4(521F,2B18,177B,200C), + bn_pack4(D876,0273,3EC8,6A64), + bn_pack4(F12F,FA06,D98A,0864), + bn_pack4(CEE3,D226,1AD2,EE6B), + bn_pack4(1E8C,94E0,4A25,619D), + bn_pack4(ABF5,AE8C,DB09,33D7), + bn_pack4(B397,0F85,A6E1,E4C7), + bn_pack4(8AEA,7157,5D06,0C7D), + bn_pack4(ECFB,8504,58DB,EF0A), + bn_pack4(A855,21AB,DF1C,BA64), + bn_pack4(AD33,170D,0450,7A33), + bn_pack4(1572,8E5A,8AAA,C42D), + bn_pack4(15D2,2618,98FA,0510), + bn_pack4(3995,497C,EA95,6AE5), + bn_pack4(DE2B,CBF6,9558,1718), + bn_pack4(B5C5,5DF0,6F4C,52C9), + bn_pack4(9B27,83A2,EC07,A28F), + bn_pack4(E39E,772C,180E,8603), + bn_pack4(3290,5E46,2E36,CE3B), + bn_pack4(F174,6C08,CA18,217C), + bn_pack4(670C,354E,4ABC,9804), + bn_pack4(9ED5,2907,7096,966D), + bn_pack4(1C62,F356,2085,52BB), + bn_pack4(8365,5D23,DCA3,AD96), + bn_pack4(6916,3FA8,FD24,CF5F), + bn_pack4(98DA,4836,1C55,D39A), + bn_pack4(C200,7CB8,A163,BF05), + bn_pack4(4928,6651,ECE4,5B3D), + bn_pack4(AE9F,2411,7C4B,1FE6), + bn_pack4(EE38,6BFB,5A89,9FA5), + bn_pack4(0BFF,5CB6,F406,B7ED), + bn_pack4(F44C,42E9,A637,ED6B), + bn_pack4(E485,B576,625E,7EC6), + bn_pack4(4FE1,356D,6D51,C245), + bn_pack4(302B,0A6D,F25F,1437), + bn_pack4(EF95,19B3,CD3A,431B), + bn_pack4(514A,0879,8E34,04DD), + bn_pack4(020B,BEA6,3B13,9B22), + bn_pack4(2902,4E08,8A67,CC74), + bn_pack4(C4C6,628B,80DC,1CD1), + bn_pack4(C90F,DAA2,2168,C234), + bn_pack4(FFFF,FFFF,FFFF,FFFF) +}; +static BIGNUM bn_group_3072 = { + bn_group_3072_value, + (sizeof bn_group_3072_value)/sizeof(BN_ULONG), + (sizeof bn_group_3072_value)/sizeof(BN_ULONG), + 0, + BN_FLG_STATIC_DATA +}; + +static BN_ULONG bn_group_4096_value[] = { + bn_pack4(FFFF,FFFF,FFFF,FFFF), + bn_pack4(4DF4,35C9,3406,3199), + bn_pack4(86FF,B7DC,90A6,C08F), + bn_pack4(93B4,EA98,8D8F,DDC1), + bn_pack4(D006,9127,D5B0,5AA9), + bn_pack4(B81B,DD76,2170,481C), + bn_pack4(1F61,2970,CEE2,D7AF), + bn_pack4(233B,A186,515B,E7ED), + bn_pack4(99B2,964F,A090,C3A2), + bn_pack4(287C,5947,4E6B,C05D), + bn_pack4(2E8E,FC14,1FBE,CAA6), + bn_pack4(DBBB,C2DB,04DE,8EF9), + bn_pack4(2583,E9CA,2AD4,4CE8), + bn_pack4(1A94,6834,B615,0BDA), + bn_pack4(99C3,2718,6AF4,E23C), + bn_pack4(8871,9A10,BDBA,5B26), + bn_pack4(1A72,3C12,A787,E6D7), + bn_pack4(4B82,D120,A921,0801), + bn_pack4(43DB,5BFC,E0FD,108E), + bn_pack4(08E2,4FA0,74E5,AB31), + bn_pack4(7709,88C0,BAD9,46E2), + bn_pack4(BBE1,1757,7A61,5D6C), + bn_pack4(521F,2B18,177B,200C), + bn_pack4(D876,0273,3EC8,6A64), + bn_pack4(F12F,FA06,D98A,0864), + bn_pack4(CEE3,D226,1AD2,EE6B), + bn_pack4(1E8C,94E0,4A25,619D), + bn_pack4(ABF5,AE8C,DB09,33D7), + bn_pack4(B397,0F85,A6E1,E4C7), + bn_pack4(8AEA,7157,5D06,0C7D), + bn_pack4(ECFB,8504,58DB,EF0A), + bn_pack4(A855,21AB,DF1C,BA64), + bn_pack4(AD33,170D,0450,7A33), + bn_pack4(1572,8E5A,8AAA,C42D), + bn_pack4(15D2,2618,98FA,0510), + bn_pack4(3995,497C,EA95,6AE5), + bn_pack4(DE2B,CBF6,9558,1718), + bn_pack4(B5C5,5DF0,6F4C,52C9), + bn_pack4(9B27,83A2,EC07,A28F), + bn_pack4(E39E,772C,180E,8603), + bn_pack4(3290,5E46,2E36,CE3B), + bn_pack4(F174,6C08,CA18,217C), + bn_pack4(670C,354E,4ABC,9804), + bn_pack4(9ED5,2907,7096,966D), + bn_pack4(1C62,F356,2085,52BB), + bn_pack4(8365,5D23,DCA3,AD96), + bn_pack4(6916,3FA8,FD24,CF5F), + bn_pack4(98DA,4836,1C55,D39A), + bn_pack4(C200,7CB8,A163,BF05), + bn_pack4(4928,6651,ECE4,5B3D), + bn_pack4(AE9F,2411,7C4B,1FE6), + bn_pack4(EE38,6BFB,5A89,9FA5), + bn_pack4(0BFF,5CB6,F406,B7ED), + bn_pack4(F44C,42E9,A637,ED6B), + bn_pack4(E485,B576,625E,7EC6), + bn_pack4(4FE1,356D,6D51,C245), + bn_pack4(302B,0A6D,F25F,1437), + bn_pack4(EF95,19B3,CD3A,431B), + bn_pack4(514A,0879,8E34,04DD), + bn_pack4(020B,BEA6,3B13,9B22), + bn_pack4(2902,4E08,8A67,CC74), + bn_pack4(C4C6,628B,80DC,1CD1), + bn_pack4(C90F,DAA2,2168,C234), + bn_pack4(FFFF,FFFF,FFFF,FFFF) +}; +static BIGNUM bn_group_4096 = { + bn_group_4096_value, + (sizeof bn_group_4096_value)/sizeof(BN_ULONG), + (sizeof bn_group_4096_value)/sizeof(BN_ULONG), + 0, + BN_FLG_STATIC_DATA +}; + +static BN_ULONG bn_group_6144_value[] = { + bn_pack4(FFFF,FFFF,FFFF,FFFF), + bn_pack4(E694,F91E,6DCC,4024), + bn_pack4(12BF,2D5B,0B74,74D6), + bn_pack4(043E,8F66,3F48,60EE), + bn_pack4(387F,E8D7,6E3C,0468), + bn_pack4(DA56,C9EC,2EF2,9632), + bn_pack4(EB19,CCB1,A313,D55C), + bn_pack4(F550,AA3D,8A1F,BFF0), + bn_pack4(06A1,D58B,B7C5,DA76), + bn_pack4(A797,15EE,F29B,E328), + bn_pack4(14CC,5ED2,0F80,37E0), + bn_pack4(CC8F,6D7E,BF48,E1D8), + bn_pack4(4BD4,07B2,2B41,54AA), + bn_pack4(0F1D,45B7,FF58,5AC5), + bn_pack4(23A9,7A7E,36CC,88BE), + bn_pack4(59E7,C97F,BEC7,E8F3), + bn_pack4(B5A8,4031,900B,1C9E), + bn_pack4(D55E,702F,4698,0C82), + bn_pack4(F482,D7CE,6E74,FEF6), + bn_pack4(F032,EA15,D172,1D03), + bn_pack4(5983,CA01,C64B,92EC), + bn_pack4(6FB8,F401,378C,D2BF), + bn_pack4(3320,5151,2BD7,AF42), + bn_pack4(DB7F,1447,E6CC,254B), + bn_pack4(44CE,6CBA,CED4,BB1B), + bn_pack4(DA3E,DBEB,CF9B,14ED), + bn_pack4(1797,27B0,865A,8918), + bn_pack4(B06A,53ED,9027,D831), + bn_pack4(E5DB,382F,4130,01AE), + bn_pack4(F8FF,9406,AD9E,530E), + bn_pack4(C975,1E76,3DBA,37BD), + bn_pack4(C1D4,DCB2,6026,46DE), + bn_pack4(36C3,FAB4,D27C,7026), + bn_pack4(4DF4,35C9,3402,8492), + bn_pack4(86FF,B7DC,90A6,C08F), + bn_pack4(93B4,EA98,8D8F,DDC1), + bn_pack4(D006,9127,D5B0,5AA9), + bn_pack4(B81B,DD76,2170,481C), + bn_pack4(1F61,2970,CEE2,D7AF), + bn_pack4(233B,A186,515B,E7ED), + bn_pack4(99B2,964F,A090,C3A2), + bn_pack4(287C,5947,4E6B,C05D), + bn_pack4(2E8E,FC14,1FBE,CAA6), + bn_pack4(DBBB,C2DB,04DE,8EF9), + bn_pack4(2583,E9CA,2AD4,4CE8), + bn_pack4(1A94,6834,B615,0BDA), + bn_pack4(99C3,2718,6AF4,E23C), + bn_pack4(8871,9A10,BDBA,5B26), + bn_pack4(1A72,3C12,A787,E6D7), + bn_pack4(4B82,D120,A921,0801), + bn_pack4(43DB,5BFC,E0FD,108E), + bn_pack4(08E2,4FA0,74E5,AB31), + bn_pack4(7709,88C0,BAD9,46E2), + bn_pack4(BBE1,1757,7A61,5D6C), + bn_pack4(521F,2B18,177B,200C), + bn_pack4(D876,0273,3EC8,6A64), + bn_pack4(F12F,FA06,D98A,0864), + bn_pack4(CEE3,D226,1AD2,EE6B), + bn_pack4(1E8C,94E0,4A25,619D), + bn_pack4(ABF5,AE8C,DB09,33D7), + bn_pack4(B397,0F85,A6E1,E4C7), + bn_pack4(8AEA,7157,5D06,0C7D), + bn_pack4(ECFB,8504,58DB,EF0A), + bn_pack4(A855,21AB,DF1C,BA64), + bn_pack4(AD33,170D,0450,7A33), + bn_pack4(1572,8E5A,8AAA,C42D), + bn_pack4(15D2,2618,98FA,0510), + bn_pack4(3995,497C,EA95,6AE5), + bn_pack4(DE2B,CBF6,9558,1718), + bn_pack4(B5C5,5DF0,6F4C,52C9), + bn_pack4(9B27,83A2,EC07,A28F), + bn_pack4(E39E,772C,180E,8603), + bn_pack4(3290,5E46,2E36,CE3B), + bn_pack4(F174,6C08,CA18,217C), + bn_pack4(670C,354E,4ABC,9804), + bn_pack4(9ED5,2907,7096,966D), + bn_pack4(1C62,F356,2085,52BB), + bn_pack4(8365,5D23,DCA3,AD96), + bn_pack4(6916,3FA8,FD24,CF5F), + bn_pack4(98DA,4836,1C55,D39A), + bn_pack4(C200,7CB8,A163,BF05), + bn_pack4(4928,6651,ECE4,5B3D), + bn_pack4(AE9F,2411,7C4B,1FE6), + bn_pack4(EE38,6BFB,5A89,9FA5), + bn_pack4(0BFF,5CB6,F406,B7ED), + bn_pack4(F44C,42E9,A637,ED6B), + bn_pack4(E485,B576,625E,7EC6), + bn_pack4(4FE1,356D,6D51,C245), + bn_pack4(302B,0A6D,F25F,1437), + bn_pack4(EF95,19B3,CD3A,431B), + bn_pack4(514A,0879,8E34,04DD), + bn_pack4(020B,BEA6,3B13,9B22), + bn_pack4(2902,4E08,8A67,CC74), + bn_pack4(C4C6,628B,80DC,1CD1), + bn_pack4(C90F,DAA2,2168,C234), + bn_pack4(FFFF,FFFF,FFFF,FFFF) +}; +static BIGNUM bn_group_6144 = { + bn_group_6144_value, + (sizeof bn_group_6144_value)/sizeof(BN_ULONG), + (sizeof bn_group_6144_value)/sizeof(BN_ULONG), + 0, + BN_FLG_STATIC_DATA +}; + +static BN_ULONG bn_group_8192_value[] = { + bn_pack4(FFFF,FFFF,FFFF,FFFF), + bn_pack4(60C9,80DD,98ED,D3DF), + bn_pack4(C81F,56E8,80B9,6E71), + bn_pack4(9E30,50E2,7656,94DF), + bn_pack4(9558,E447,5677,E9AA), + bn_pack4(C919,0DA6,FC02,6E47), + bn_pack4(889A,002E,D5EE,382B), + bn_pack4(4009,438B,481C,6CD7), + bn_pack4(3590,46F4,EB87,9F92), + bn_pack4(FAF3,6BC3,1ECF,A268), + bn_pack4(B1D5,10BD,7EE7,4D73), + bn_pack4(F9AB,4819,5DED,7EA1), + bn_pack4(64F3,1CC5,0846,851D), + bn_pack4(4597,E899,A025,5DC1), + bn_pack4(DF31,0EE0,74AB,6A36), + bn_pack4(6D2A,13F8,3F44,F82D), + bn_pack4(062B,3CF5,B3A2,78A6), + bn_pack4(7968,3303,ED5B,DD3A), + bn_pack4(FA9D,4B7F,A2C0,87E8), + bn_pack4(4BCB,C886,2F83,85DD), + bn_pack4(3473,FC64,6CEA,306B), + bn_pack4(13EB,57A8,1A23,F0C7), + bn_pack4(2222,2E04,A403,7C07), + bn_pack4(E3FD,B8BE,FC84,8AD9), + bn_pack4(238F,16CB,E39D,652D), + bn_pack4(3423,B474,2BF1,C978), + bn_pack4(3AAB,639C,5AE4,F568), + bn_pack4(2576,F693,6BA4,2466), + bn_pack4(741F,A7BF,8AFC,47ED), + bn_pack4(3BC8,32B6,8D9D,D300), + bn_pack4(D8BE,C4D0,73B9,31BA), + bn_pack4(3877,7CB6,A932,DF8C), + bn_pack4(74A3,926F,12FE,E5E4), + bn_pack4(E694,F91E,6DBE,1159), + bn_pack4(12BF,2D5B,0B74,74D6), + bn_pack4(043E,8F66,3F48,60EE), + bn_pack4(387F,E8D7,6E3C,0468), + bn_pack4(DA56,C9EC,2EF2,9632), + bn_pack4(EB19,CCB1,A313,D55C), + bn_pack4(F550,AA3D,8A1F,BFF0), + bn_pack4(06A1,D58B,B7C5,DA76), + bn_pack4(A797,15EE,F29B,E328), + bn_pack4(14CC,5ED2,0F80,37E0), + bn_pack4(CC8F,6D7E,BF48,E1D8), + bn_pack4(4BD4,07B2,2B41,54AA), + bn_pack4(0F1D,45B7,FF58,5AC5), + bn_pack4(23A9,7A7E,36CC,88BE), + bn_pack4(59E7,C97F,BEC7,E8F3), + bn_pack4(B5A8,4031,900B,1C9E), + bn_pack4(D55E,702F,4698,0C82), + bn_pack4(F482,D7CE,6E74,FEF6), + bn_pack4(F032,EA15,D172,1D03), + bn_pack4(5983,CA01,C64B,92EC), + bn_pack4(6FB8,F401,378C,D2BF), + bn_pack4(3320,5151,2BD7,AF42), + bn_pack4(DB7F,1447,E6CC,254B), + bn_pack4(44CE,6CBA,CED4,BB1B), + bn_pack4(DA3E,DBEB,CF9B,14ED), + bn_pack4(1797,27B0,865A,8918), + bn_pack4(B06A,53ED,9027,D831), + bn_pack4(E5DB,382F,4130,01AE), + bn_pack4(F8FF,9406,AD9E,530E), + bn_pack4(C975,1E76,3DBA,37BD), + bn_pack4(C1D4,DCB2,6026,46DE), + bn_pack4(36C3,FAB4,D27C,7026), + bn_pack4(4DF4,35C9,3402,8492), + bn_pack4(86FF,B7DC,90A6,C08F), + bn_pack4(93B4,EA98,8D8F,DDC1), + bn_pack4(D006,9127,D5B0,5AA9), + bn_pack4(B81B,DD76,2170,481C), + bn_pack4(1F61,2970,CEE2,D7AF), + bn_pack4(233B,A186,515B,E7ED), + bn_pack4(99B2,964F,A090,C3A2), + bn_pack4(287C,5947,4E6B,C05D), + bn_pack4(2E8E,FC14,1FBE,CAA6), + bn_pack4(DBBB,C2DB,04DE,8EF9), + bn_pack4(2583,E9CA,2AD4,4CE8), + bn_pack4(1A94,6834,B615,0BDA), + bn_pack4(99C3,2718,6AF4,E23C), + bn_pack4(8871,9A10,BDBA,5B26), + bn_pack4(1A72,3C12,A787,E6D7), + bn_pack4(4B82,D120,A921,0801), + bn_pack4(43DB,5BFC,E0FD,108E), + bn_pack4(08E2,4FA0,74E5,AB31), + bn_pack4(7709,88C0,BAD9,46E2), + bn_pack4(BBE1,1757,7A61,5D6C), + bn_pack4(521F,2B18,177B,200C), + bn_pack4(D876,0273,3EC8,6A64), + bn_pack4(F12F,FA06,D98A,0864), + bn_pack4(CEE3,D226,1AD2,EE6B), + bn_pack4(1E8C,94E0,4A25,619D), + bn_pack4(ABF5,AE8C,DB09,33D7), + bn_pack4(B397,0F85,A6E1,E4C7), + bn_pack4(8AEA,7157,5D06,0C7D), + bn_pack4(ECFB,8504,58DB,EF0A), + bn_pack4(A855,21AB,DF1C,BA64), + bn_pack4(AD33,170D,0450,7A33), + bn_pack4(1572,8E5A,8AAA,C42D), + bn_pack4(15D2,2618,98FA,0510), + bn_pack4(3995,497C,EA95,6AE5), + bn_pack4(DE2B,CBF6,9558,1718), + bn_pack4(B5C5,5DF0,6F4C,52C9), + bn_pack4(9B27,83A2,EC07,A28F), + bn_pack4(E39E,772C,180E,8603), + bn_pack4(3290,5E46,2E36,CE3B), + bn_pack4(F174,6C08,CA18,217C), + bn_pack4(670C,354E,4ABC,9804), + bn_pack4(9ED5,2907,7096,966D), + bn_pack4(1C62,F356,2085,52BB), + bn_pack4(8365,5D23,DCA3,AD96), + bn_pack4(6916,3FA8,FD24,CF5F), + bn_pack4(98DA,4836,1C55,D39A), + bn_pack4(C200,7CB8,A163,BF05), + bn_pack4(4928,6651,ECE4,5B3D), + bn_pack4(AE9F,2411,7C4B,1FE6), + bn_pack4(EE38,6BFB,5A89,9FA5), + bn_pack4(0BFF,5CB6,F406,B7ED), + bn_pack4(F44C,42E9,A637,ED6B), + bn_pack4(E485,B576,625E,7EC6), + bn_pack4(4FE1,356D,6D51,C245), + bn_pack4(302B,0A6D,F25F,1437), + bn_pack4(EF95,19B3,CD3A,431B), + bn_pack4(514A,0879,8E34,04DD), + bn_pack4(020B,BEA6,3B13,9B22), + bn_pack4(2902,4E08,8A67,CC74), + bn_pack4(C4C6,628B,80DC,1CD1), + bn_pack4(C90F,DAA2,2168,C234), + bn_pack4(FFFF,FFFF,FFFF,FFFF) +}; +static BIGNUM bn_group_8192 = { + bn_group_8192_value, + (sizeof bn_group_8192_value)/sizeof(BN_ULONG), + (sizeof bn_group_8192_value)/sizeof(BN_ULONG), + 0, + BN_FLG_STATIC_DATA +}; + +static BN_ULONG bn_generator_19_value[] = {19} ; +static BIGNUM bn_generator_19 = { + bn_generator_19_value, + 1, + 1, + 0, + BN_FLG_STATIC_DATA +}; +static BN_ULONG bn_generator_5_value[] = {5} ; +static BIGNUM bn_generator_5 = { + bn_generator_5_value, + 1, + 1, + 0, + BN_FLG_STATIC_DATA +}; +static BN_ULONG bn_generator_2_value[] = {2} ; +static BIGNUM bn_generator_2 = { + bn_generator_2_value, + 1, + 1, + 0, + BN_FLG_STATIC_DATA +}; + +static SRP_gN knowngN[] = { + {"8192",&bn_generator_19 , &bn_group_8192}, + {"6144",&bn_generator_5 , &bn_group_6144}, + {"4096",&bn_generator_5 , &bn_group_4096}, + {"3072",&bn_generator_5 , &bn_group_3072}, + {"2048",&bn_generator_2 , &bn_group_2048}, + {"1536",&bn_generator_2 , &bn_group_1536}, + {"1024",&bn_generator_2 , &bn_group_1024}, +}; +#define KNOWN_GN_NUMBER sizeof(knowngN) / sizeof(SRP_gN) + +/* end of generated data */ diff -ruN openssl-SNAP-20081125-orig/crypto/srp/srp.h
openssl-SNAP-20081125-srp/crypto/srp/srp.h --- openssl-SNAP-20081125-orig/crypto/srp/srp.h 1970-01-01 00:00:00.000000000
+0000 +++ openssl-SNAP-20081125-srp/crypto/srp/srp.h 2008-11-25 23:04:38.000000000
+0000 @@ -0,0 +1,170 @@ +/* crypto/srp/srp.h */ +/* Written by Christophe Renou (chri...@edelweb.fr) with + * the precious help of Peter Sylvester (pete...@edelweb.fr) + * for the EdelKey project and contributed to the OpenSSL project 2004. + */ +/* ==================================================================== + * Copyright (c) 2004 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * lice...@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (ea...@cryptsoft.com). This product includes software written by Tim + * Hudson (tj...@cryptsoft.com). + * + */ +#ifndef __SRP_H__ +#define __SRP_H__ + +#ifndef OPENSSL_NO_SRP + +#include <stdio.h> +#include <string.h> + +#ifdef __cplusplus +extern "C" { +#endif + +#include <openssl/safestack.h> +#include <openssl/bn.h> +#include <openssl/crypto.h> + +typedef struct SRP_gN_cache_st +{ + char *b64_bn; + BIGNUM *bn; +} SRP_gN_cache; + + +DECLARE_STACK_OF(SRP_gN_cache); + +typedef struct SRP_user_pwd_st +{ + char *id; + BIGNUM *s; + BIGNUM *v; + BIGNUM *g; + BIGNUM *N; + char *info; +} SRP_user_pwd; + +DECLARE_STACK_OF(SRP_user_pwd); + +typedef struct SRP_VBASE_st +{ + STACK_OF(SRP_user_pwd) *users_pwd; + STACK_OF(SRP_gN_cache) *gN_cache; +/* to simulate a user */ + char *seed_key; + BIGNUM *default_g; + BIGNUM *default_N; +}SRP_VBASE; + + +/*Structure interne pour retenir les couples N et g*/ +typedef struct SRP_gN_st +{ + char *id; + BIGNUM *g; + BIGNUM *N; +} SRP_gN; + +DECLARE_STACK_OF(SRP_gN); + +SRP_VBASE *SRP_VBASE_new(char *seed_key); +int SRP_VBASE_free(SRP_VBASE *vb); +int SRP_VBASE_init(SRP_VBASE *vb, char * verifier_file); +SRP_user_pwd *SRP_VBASE_get_by_user(SRP_VBASE *vb, char *username); +char * SRP_create_verifier(char *user, char *pass, char **salt, char
**verifier, char *N, char *g); + + +#define SRP_NO_ERROR 0 +#define SRP_ERR_VBASE_INCOMPLETE_FILE 1 +#define SRP_ERR_VBASE_BN_LIB 2 +#define SRP_ERR_OPEN_FILE 3 +#define SRP_ERR_MEMORY 4 + +#define DB_srptype 0 +#define DB_srpverifier 1 +#define DB_srpsalt 2 +#define DB_srpid 3 +#define DB_srpgN 4 +#define DB_srpinfo 5 +#undef DB_NUMBER +#define DB_NUMBER 6 + +#define DB_SRP_INDEX 'I' +#define DB_SRP_VALID 'V' +#define DB_SRP_REVOKED 'R' +#define DB_SRP_MODIF 'v' + + +/* see srp.c */ +char * SRP_check_known_gN_param(BIGNUM* g, BIGNUM* N); +SRP_gN *SRP_get_default_gN(const char * id) ; + +/* server side .... */ +BIGNUM *SRP_Calc_server_key(BIGNUM *A, BIGNUM *v, BIGNUM *u, BIGNUM *b, BIGNUM
*N); +BIGNUM *SRP_Calc_B(BIGNUM *b, BIGNUM *N, BIGNUM *g, BIGNUM *v); +int SRP_Verify_A_mod_N(BIGNUM *A, BIGNUM *N); +BIGNUM *SRP_Calc_u(BIGNUM *A, BIGNUM *B, BIGNUM *N) ; + + + +/* client side .... */ +BIGNUM *SRP_Calc_x(BIGNUM *s, char *user, char *pass); +BIGNUM *SRP_Calc_A(BIGNUM *a, BIGNUM *N, BIGNUM *g); +BIGNUM *SRP_Calc_client_key(BIGNUM *N, BIGNUM *B, BIGNUM *g, BIGNUM *x, BIGNUM
*a, BIGNUM *u); +int SRP_Verify_B_mod_N(BIGNUM *B, BIGNUM *N); + +#define SRP_MINIMAL_N 1024 + +#ifdef __cplusplus +} +#endif + +#endif +#endif diff -ruN openssl-SNAP-20081125-orig/crypto/srp/srp_lcl.h
openssl-SNAP-20081125-srp/crypto/srp/srp_lcl.h --- openssl-SNAP-20081125-orig/crypto/srp/srp_lcl.h 1970-01-01
00:00:00.000000000 +0000 +++ openssl-SNAP-20081125-srp/crypto/srp/srp_lcl.h 2008-11-25 23:04:38.000000000
+0000 @@ -0,0 +1,83 @@ +/* crypto/srp/srp_lcl.h */ +/* Written by Peter Sylvester (pete...@edelweb.fr) + * for the EdelKey project and contributed to the OpenSSL project 2004. + */ +/* ==================================================================== + * Copyright (c) 2004 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * lice...@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (ea...@cryptsoft.com). This product includes software written by Tim + * Hudson (tj...@cryptsoft.com). + * + */ +#ifndef HEADER_SRP_LCL_H +#define HEADER_SRP_LCL_H + +#include <openssl/srp.h> +#include <openssl/sha.h> + +#if 0 +#define srp_bn_print(a) {fprintf(stderr, #a "="); BN_print_fp(stderr,a); \ + fprintf(stderr,"\n");} +#else +#define srp_bn_print(a) +#endif + + + +#ifdef __cplusplus +extern "C" { +#endif + + + +#ifdef __cplusplus +} +#endif + +#endif diff -ruN openssl-SNAP-20081125-orig/crypto/srp/srp_lib.c
openssl-SNAP-20081125-srp/crypto/srp/srp_lib.c --- openssl-SNAP-20081125-orig/crypto/srp/srp_lib.c 1970-01-01
00:00:00.000000000 +0000 +++ openssl-SNAP-20081125-srp/crypto/srp/srp_lib.c 2008-11-25 23:04:38.000000000
+0000 @@ -0,0 +1,337 @@ +/* crypto/srp/srp_lib.c */ +/* Written by Christophe Renou (chri...@edelweb.fr) with + * the precious help of Peter Sylvester (pete...@edelweb.fr) + * for the EdelKey project and contributed to the OpenSSL project 2004. + */ +/* ==================================================================== + * Copyright (c) 2004 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * lice...@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (ea...@cryptsoft.com). This product includes software written by Tim + * Hudson (tj...@cryptsoft.com). + * + */ +#ifndef OPENSSL_NO_SRP +#include "cryptlib.h" +#include "srp_lcl.h" +#include <openssl/srp.h> +#include <openssl/sha.h> + +#if (BN_BYTES == 8) +#define bn_pack4(a1,a2,a3,a4) 0x##a1##a2##a3##a4##ul +#endif +#if (BN_BYTES == 4) +#define bn_pack4(a1,a2,a3,a4) 0x##a3##a4##ul, 0x##a1##a2##ul +#endif +#if (BN_BYTES == 2) +#define bn_pack4(a1,a2,a3,a4) 0x##a4##u,0x##a3##u,0x##a2##u,0x##a1##u +#endif + + +#include "srp_grps.h" + +static BIGNUM *srp_Calc_k(BIGNUM *N, BIGNUM *g) { + /* k = SHA1(N | PAD(g)) -- tls-srp draft 8 */ + + unsigned char digest[SHA_DIGEST_LENGTH]; + unsigned char *tmp; + SHA_CTX ctxt; + int longg ; + int longN = BN_num_bytes(N); + + if ((tmp = OPENSSL_malloc(longN)) == NULL) + return NULL; + BN_bn2bin(N,tmp) ; + + SHA1_Init(&ctxt); + SHA1_Update(&ctxt, tmp, longN); + + memset(tmp, 0, longN); + longg = BN_bn2bin(g,tmp) ; + /* use the zeros behind to pad on left */ + SHA1_Update(&ctxt, tmp + longg, longN-longg); + SHA1_Update(&ctxt, tmp, longg); + OPENSSL_free(tmp); + + SHA1_Final(digest, &ctxt); + + return BN_bin2bn(digest, sizeof(digest), NULL); +} + +BIGNUM *SRP_Calc_u(BIGNUM *A, BIGNUM *B, BIGNUM *N) { + /* k = SHA1(PAD(A) || PAD(B) ) -- tls-srp draft 8 */ + + BIGNUM *u; + unsigned char cu[SHA_DIGEST_LENGTH]; + unsigned char *cAB; + SHA_CTX ctxt; + int longN; + if ((A == NULL) ||(B == NULL) || (N == NULL)) + return NULL; + + longN= BN_num_bytes(N); + + if ((cAB = OPENSSL_malloc(2*longN)) == NULL) + return NULL; + + memset(cAB, 0, longN); + + SHA1_Init(&ctxt); + SHA1_Update(&ctxt, cAB + BN_bn2bin(A,cAB+longN), longN); + SHA1_Update(&ctxt, cAB + BN_bn2bin(B,cAB+longN), longN); + OPENSSL_free(cAB); + SHA1_Final(cu, &ctxt); + + if (!(u = BN_bin2bn(cu, sizeof(cu), NULL))) + return NULL; + if (!BN_is_zero(u)) + return u; + BN_free(u); + return NULL; +} + +BIGNUM *SRP_Calc_server_key(BIGNUM *A, BIGNUM *v, BIGNUM *u, BIGNUM *b, BIGNUM
*N) { + BIGNUM *tmp = NULL, *S = NULL; + BN_CTX *bn_ctx; + + if (u == NULL || A == NULL || v == NULL || b == NULL || N == NULL) + return NULL; + + if ((bn_ctx = BN_CTX_new()) == NULL || + (tmp = BN_new()) == NULL || + (S = BN_new()) == NULL ) + goto err; + + /* S = (A*v**u) ** b */ + + if (!BN_mod_exp(tmp,v,u,N,bn_ctx)) + goto err; + if (!BN_mod_mul(tmp,A,tmp,N,bn_ctx)) + goto err; + if (!BN_mod_exp(S,tmp,b,N,bn_ctx)) + goto err; +err: + BN_CTX_free(bn_ctx); + BN_clear_free(tmp); + return S; +} + +BIGNUM *SRP_Calc_B(BIGNUM *b, BIGNUM *N, BIGNUM *g, BIGNUM *v) { + BIGNUM *kv = NULL, *gb = NULL; + BIGNUM *B = NULL, *k = NULL; + BN_CTX *bn_ctx; + + if (b == NULL || N == NULL || g == NULL || v == NULL || + (bn_ctx = BN_CTX_new()) == NULL) + return NULL; + + if ( (kv = BN_new()) == NULL || + (gb = BN_new()) == NULL || + (B = BN_new())== NULL) + goto err; + + /* B = g**b + k*v */ + + if (!BN_mod_exp(gb,g,b,N,bn_ctx) || + !(k = srp_Calc_k(N,g)) || + !BN_mod_mul(kv,v,k,N,bn_ctx) || + !BN_mod_add(B,gb,kv,N,bn_ctx)) { + BN_free(B); + B = NULL; + } +err: + BN_CTX_free(bn_ctx); + BN_clear_free(kv); + BN_clear_free(gb); + BN_clear(k); + return B; +} + +BIGNUM *SRP_Calc_x(BIGNUM *s, char *user, char *pass) { + unsigned char dig[SHA_DIGEST_LENGTH]; + SHA_CTX ctxt; + unsigned char *cs; + + if ((s == NULL) || + (user == NULL) || + (pass == NULL)) + return NULL; + + if ((cs = OPENSSL_malloc(BN_num_bytes(s))) == NULL) + return NULL; + + SHA1_Init(&ctxt); + SHA1_Update(&ctxt, user, strlen(user)); + SHA1_Update(&ctxt, ":", 1); + SHA1_Update(&ctxt, pass, strlen(pass)); + SHA1_Final(dig, &ctxt); + + SHA1_Init(&ctxt); + BN_bn2bin(s,cs); + SHA1_Update(&ctxt, cs, BN_num_bytes(s)); + OPENSSL_free(cs); + SHA1_Update(&ctxt, dig, sizeof(dig)); + SHA1_Final(dig, &ctxt); + + return BN_bin2bn(dig, sizeof(dig), NULL); +} + +BIGNUM *SRP_Calc_A(BIGNUM *a, BIGNUM *N, BIGNUM *g) { + BN_CTX *bn_ctx; + BIGNUM * A = NULL; + + if (a == NULL || N == NULL || g == NULL || + (bn_ctx = BN_CTX_new()) == NULL) + return NULL; + + if ((A = BN_new()) != NULL && + !BN_mod_exp(A,g,a,N,bn_ctx)) { + BN_free(A); + A = NULL; + } + BN_CTX_free(bn_ctx); + return A; +} + + +BIGNUM *SRP_Calc_client_key(BIGNUM *N, BIGNUM *B, BIGNUM *g, BIGNUM *x, BIGNUM
*a, BIGNUM *u) { + BIGNUM *tmp = NULL, *tmp2 = NULL, *tmp3 = NULL , *k = NULL, *K = NULL; + BN_CTX *bn_ctx; + + if (u == NULL || B == NULL || N == NULL || g == NULL || x == NULL || a == NULL
|| + (bn_ctx = BN_CTX_new()) == NULL) + return NULL; + + if ((tmp = BN_new()) == NULL || + (tmp2 = BN_new())== NULL || + (tmp3 = BN_new())== NULL || + (K = BN_new()) == NULL) + goto err; + + if (!BN_mod_exp(tmp,g,x,N,bn_ctx)) + goto err; + if (!(k = srp_Calc_k(N,g))) + goto err; + if (!BN_mod_mul(tmp2,tmp,k,N,bn_ctx)) + goto err; + if (!BN_mod_sub(tmp,B,tmp2,N,bn_ctx)) + goto err; + + if (!BN_mod_mul(tmp3,u,x,N,bn_ctx)) + goto err; + if (!BN_mod_add(tmp2,a,tmp3,N,bn_ctx)) + goto err; + if (!BN_mod_exp(K,tmp,tmp2,N,bn_ctx)) + goto err; + +err : + BN_CTX_free(bn_ctx); + BN_clear_free(tmp); + BN_clear_free(tmp2); + BN_clear_free(tmp3); + BN_free(k); + return K; +} + +int SRP_Verify_B_mod_N(BIGNUM *B, BIGNUM *N) { + BIGNUM *r; + BN_CTX *bn_ctx; + int ret = 0; + + if (B == NULL || N == NULL || + (bn_ctx = BN_CTX_new()) == NULL) + return 0; + + if ((r = BN_new()) == NULL) + goto err; + /* Checks if B % N == 0 */ + if (!BN_nnmod(r,B,N,bn_ctx)) + goto err; + ret = !BN_is_zero(r); +err: + BN_CTX_free(bn_ctx); + BN_free(r); + return ret; +} + +int SRP_Verify_A_mod_N(BIGNUM *A, BIGNUM *N) { + /* Checks if A % N == 0 */ + return SRP_Verify_B_mod_N(A,N) ; +} + + +/* Check if G and N are kwown parameters. + The values have been generated from the ietf-tls-srp draft version 8 +*/ +char * SRP_check_known_gN_param(BIGNUM* g, BIGNUM* N) { + int i; + if ((g == NULL) || (N == NULL)) + return 0; + + srp_bn_print(g); + srp_bn_print(N); + + for(i = 0; i < KNOWN_GN_NUMBER; i++) { + if (BN_cmp(knowngN[i].g,g) == 0 && BN_cmp(knowngN[i].N,N) == 0) + return knowngN[i].id; + } + return NULL; +} + +SRP_gN *SRP_get_default_gN(const char * id) { + int i; + + if (id == NULL) + return knowngN; + for(i = 0; i < KNOWN_GN_NUMBER; i++) { + if (strcmp(knowngN[i].id,id)==0) + return knowngN+i; + } + return NULL; +} +#endif diff -ruN openssl-SNAP-20081125-orig/crypto/srp/srp_vfy.c
openssl-SNAP-20081125-srp/crypto/srp/srp_vfy.c --- openssl-SNAP-20081125-orig/crypto/srp/srp_vfy.c 1970-01-01
00:00:00.000000000 +0000 +++ openssl-SNAP-20081125-srp/crypto/srp/srp_vfy.c 2008-11-25 23:04:38.000000000
+0000 @@ -0,0 +1,589 @@ +/* crypto/srp/srp_vfy.c */ +/* Written by Christophe Renou (chri...@edelweb.fr) with + * the precious help of Peter Sylvester (pete...@edelweb.fr) + * for the EdelKey project and contributed to the OpenSSL project 2004. + */ +/* ==================================================================== + * Copyright (c) 2004 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * lice...@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (ea...@cryptsoft.com). This product includes software written by Tim + * Hudson (tj...@cryptsoft.com). + * + */ +#ifndef OPENSSL_NO_SRP +#include "cryptlib.h" +#include "srp_lcl.h" +#include <openssl/srp.h> +#include <openssl/sha.h> +#include <openssl/buffer.h> +#include <openssl/rand.h> +#include <openssl/txt_db.h> + +#define SRP_RANDOM_SALT_LEN 20 +#define MAX_LEN 2500 + +static char b64table[] = + "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz./"; + +/* the following two conversion routines have been inspired by code from
Stanford */ + +/* + * Convert a base64 string into raw byte array representation. + */ +static int t_fromb64(char * a, const char * src) +{ + char *loc; + int i, j; + int size; + + while(*src && (*src == ' ' || *src == '\t' || *src == '\n')) + ++src; + size = strlen(src); + i = 0; + while(i < size) { + loc = strchr(b64table, src[i]); + if(loc == (char *) 0) break; + else a[i] = loc - b64table; + ++i; + } + size = i; + i = size - 1; + j = size; + while(1) { + a[j] = a[i]; + if(--i < 0) + break; + a[j] |= (a[i] & 3) << 6; + --j; + a[j] = (unsigned char) ((a[i] & 0x3c) >> 2); + if(--i < 0) + break; + a[j] |= (a[i] & 0xf) << 4; + --j; + a[j] = (unsigned char) ((a[i] & 0x30) >> 4); + if(--i < 0) + break; + a[j] |= (a[i] << 2); + + a[--j] = 0; + if(--i < 0) + break; + } + while(a[j] == 0 && j <= size) + ++j; + i = 0; + while (j <= size) + a[i++] = a[j++] ; + return i; +} + + +/* + * Convert a raw byte string into a null-terminated base64 ASCII string. + */ +static char *t_tob64(char * dst, const char * src, int size) +{ + int c, pos = size % 3; + unsigned char b0 = 0, b1 = 0, b2 = 0, notleading = 0; + char *olddst = dst; + + switch(pos) { + case 1: + b2 = src[0]; + break; + case 2: + b1 = src[0]; + b2 = src[1]; + break; + } + + while(1) { + c = (b0 & 0xfc) >> 2; + if(notleading || c != 0) { + *dst++ = b64table[c]; + notleading = 1; + } + c = ((b0 & 3) << 4) | ((b1 & 0xf0) >> 4); + if(notleading || c != 0) { + *dst++ = b64table[c]; + notleading = 1; + } + c = ((b1 & 0xf) << 2) | ((b2 & 0xc0) >> 6); + if(notleading || c != 0) { + *dst++ = b64table[c]; + notleading = 1; + } + c = b2 & 0x3f; + if(notleading || c != 0) { + *dst++ = b64table[c]; + notleading = 1; + } + if(pos >= size) + break; + else { + b0 = src[pos++]; + b1 = src[pos++]; + b2 = src[pos++]; + } + } + + *dst++ = '\0'; + return olddst; +} + +void SRP_user_pwd_free(SRP_user_pwd *user_pwd) { + if (user_pwd == NULL) + return; + BN_free(user_pwd->s); + BN_clear_free(user_pwd->v); + OPENSSL_free(user_pwd->id); + OPENSSL_free(user_pwd->info); + OPENSSL_free(user_pwd); +} + +SRP_user_pwd * SRP_user_pwd_new() { + SRP_user_pwd * ret = OPENSSL_malloc(sizeof(SRP_user_pwd)); + if (ret == NULL) + return NULL; + ret->N = NULL; + ret->g = NULL; + ret->s = NULL; + ret->v = NULL; + ret->id = NULL ; + ret->info = NULL; + return ret; +} + +void SRP_user_pwd_set_gN(SRP_user_pwd * vinfo, BIGNUM * g, BIGNUM * N) { + vinfo->N = N; + vinfo->g = g; +} + +int SRP_user_pwd_set_ids(SRP_user_pwd * vinfo, char * id, char * info) { + if (id != NULL && NULL == (vinfo->id = BUF_strdup(id))) + return 0; + return (info == NULL || NULL != (vinfo->info = BUF_strdup(info))) ; +} + +int SRP_user_pwd_set_sv(SRP_user_pwd * vinfo, char * s, char * v) { + char tmp[MAX_LEN]; + int len ; + if (strlen(s) > MAX_LEN || strlen(v) > MAX_LEN) + return 0; + len = t_fromb64(tmp,v); + if (NULL == (vinfo->v = BN_bin2bn(tmp,len,NULL)) ) + return 0; + len = t_fromb64(tmp,s); + return ((vinfo->s = BN_bin2bn(tmp,len,NULL)) != NULL) ; +} + +int SRP_user_pwd_set_sv_BN(SRP_user_pwd * vinfo, BIGNUM * s, BIGNUM * v) { + vinfo->v = v; + vinfo->v = s; + return (vinfo->s != NULL && vinfo->v != NULL) ; +} + + +SRP_VBASE *SRP_VBASE_new(char *seed_key) +{ + SRP_VBASE *vb = (SRP_VBASE *) OPENSSL_malloc(sizeof(SRP_VBASE)); + + if (vb == NULL) + return NULL; + if (!(vb->users_pwd = sk_SRP_user_pwd_new_null()) || + !(vb->gN_cache = sk_SRP_gN_cache_new_null())){ + OPENSSL_free(vb); + return NULL; + } + vb->default_g = NULL; + vb->default_N = NULL; + vb->seed_key = NULL; + if ((seed_key != NULL) && + (vb->seed_key = BUF_strdup(seed_key)) == NULL){ + sk_SRP_user_pwd_free(vb->users_pwd); + sk_SRP_gN_cache_free(vb->gN_cache); + OPENSSL_free(vb); + return NULL; + } + return vb; +} + + +int SRP_VBASE_free(SRP_VBASE *vb) +{ + sk_SRP_user_pwd_pop_free(vb->users_pwd,SRP_user_pwd_free); + sk_SRP_gN_cache_free(vb->gN_cache); + OPENSSL_free(vb->seed_key); + OPENSSL_free(vb); + return 0; +} + + +SRP_gN_cache *SRP_gN_new_init(char *ch) +{ + char tmp[MAX_LEN]; + int len; + + SRP_gN_cache *newgN = (SRP_gN_cache *)OPENSSL_malloc(sizeof(SRP_gN_cache)); + if (newgN == NULL) + return NULL; + + if ((newgN->b64_bn = BUF_strdup(ch)) == NULL) + goto err; + + len = t_fromb64(tmp,ch); + if ((newgN->bn = BN_bin2bn(tmp,len,NULL))) + return newgN; + + OPENSSL_free(newgN->b64_bn); +err: + OPENSSL_free(newgN); + return NULL; +} + + +void SRP_gN_free(SRP_gN_cache *gN_cache) +{ + if (gN_cache == NULL) + return; + OPENSSL_free(gN_cache->b64_bn); + BN_free(gN_cache->bn); + OPENSSL_free(gN_cache); +} + +SRP_gN *SRP_get_gN_by_id(char *id, STACK_OF(SRP_gN) *gN_tab) +{ + int i; + + SRP_gN *gN; + if (gN_tab != NULL) + for(i = 0; i < sk_SRP_gN_num(gN_tab); i++) { + gN = sk_SRP_gN_value(gN_tab, i); + if (gN && (id == NULL || strcmp(gN->id,id)==0)) + return gN; + } + + return SRP_get_default_gN(id); +} + +BIGNUM *SRP_gN_place_bn(STACK_OF(SRP_gN_cache) *gN_cache, char *ch) +{ + int i; + if (gN_cache == NULL) + return NULL; + + /* search if we have already one... */ + for(i = 0; i < sk_SRP_gN_cache_num(gN_cache); i++) { + SRP_gN_cache *cache = sk_SRP_gN_cache_value(gN_cache, i); + if (strcmp(cache->b64_bn,ch)==0) + return cache->bn; + } + { /* it is the first time that we find it */ + SRP_gN_cache *newgN = SRP_gN_new_init(ch); + if (newgN){ + if (sk_SRP_gN_cache_insert(gN_cache,newgN,0)>0) + return newgN->bn; + SRP_gN_free(newgN); + } + } + return NULL; +} + +/* this function parses verifier file. Format is: + * string(index):base64(N):base64(g):0 + * string(username):base64(v):base64(salt):int(index) + */ + + +int SRP_VBASE_init(SRP_VBASE *vb, char * verifier_file) +{ + int error_code ; + STACK_OF(SRP_gN) *SRP_gN_tab = sk_SRP_gN_new_null(); + char * last_index = NULL; + int i; + char ** pp; + + SRP_gN *gN = NULL; + SRP_user_pwd *user_pwd = NULL ; + + TXT_DB *tmpdb = NULL; + BIO *in = BIO_new(BIO_s_file()); + + error_code = SRP_ERR_OPEN_FILE; + + if (in == NULL || BIO_read_filename(in,verifier_file) <= 0) + goto err; + + error_code = SRP_ERR_VBASE_INCOMPLETE_FILE; + + if ((tmpdb =TXT_DB_read(in,DB_NUMBER)) == NULL) + goto err; + + error_code = SRP_ERR_MEMORY; + + + if (vb->seed_key){ + last_index = SRP_get_default_gN(NULL)->id; + } + for (i=0; i<sk_num(tmpdb->data); i++) { + pp=(char **)sk_value(tmpdb->data,i); + if (pp[DB_srptype][0] == DB_SRP_INDEX) { + + /*we add this couple in the internal Stack */ + + if ((gN = (SRP_gN *)OPENSSL_malloc(sizeof(SRP_gN))) == NULL) + goto err; + + if (!(gN->id = BUF_strdup(pp[DB_srpid])) + || !(gN->N =
SRP_gN_place_bn(vb->gN_cache,pp[DB_srpverifier])) + || !(gN->g = SRP_gN_place_bn(vb->gN_cache,pp[DB_srpsalt])) + || sk_SRP_gN_insert(SRP_gN_tab,gN,0) == 0) + goto err; + + gN = NULL; + + if (vb->seed_key != NULL){ + last_index = pp[DB_srpid]; + } + + } else if (pp[DB_srptype][0] == DB_SRP_VALID) { + /* it is a user .... */ + SRP_gN *gN; + if ((gN = SRP_get_gN_by_id(pp[DB_srpgN],SRP_gN_tab))!=NULL) + { + + error_code = SRP_ERR_MEMORY; + if ((user_pwd = SRP_user_pwd_new()) == NULL) + goto err; + + SRP_user_pwd_set_gN(user_pwd,gN->g,gN->N); + if (!SRP_user_pwd_set_ids(user_pwd,pp[DB_srpid],pp[DB_srpinfo])) + goto err; + + error_code = SRP_ERR_VBASE_BN_LIB; + if (!SRP_user_pwd_set_sv(user_pwd,pp[DB_srpsalt],pp[DB_srpverifier])) + goto err; + + if (sk_SRP_gN_insert(vb->users_pwd,user_pwd,0) == 0) + goto err; + user_pwd = NULL; /* abandon responsability */ + } + } + } + + if (last_index != NULL){ + /* this means that we want to simulate a default user */ + + if (((gN = SRP_get_gN_by_id(last_index,SRP_gN_tab))==NULL)) { + error_code = SRP_ERR_VBASE_BN_LIB; + goto err; + } + vb->default_g = gN->g ; + vb->default_N = gN->N ; + + } + error_code = SRP_NO_ERROR; + + err: + /* there may be still some leaks to fix, if this fails, the application
terminates most likely */ + + if (gN != NULL) { + OPENSSL_free(gN->id); + OPENSSL_free(gN); + } + + SRP_user_pwd_free(user_pwd); + + if (tmpdb) TXT_DB_free(tmpdb); + if (in) BIO_free_all(in); + + sk_SRP_gN_free(SRP_gN_tab); + + return error_code; + + } + + +SRP_user_pwd *SRP_VBASE_get_by_user(SRP_VBASE *vb, char *username) +{ + int i; + SRP_user_pwd *user; + unsigned char digv[SHA_DIGEST_LENGTH]; + unsigned char digs[SHA_DIGEST_LENGTH]; + SHA_CTX ctxt; + + if (vb == NULL) + return NULL; + for(i = 0; i < sk_SRP_user_pwd_num(vb->users_pwd); i++) { + user = sk_SRP_user_pwd_value(vb->users_pwd, i); + if (strcmp(user->id,username)==0) + return user; + } + if ((vb->seed_key == NULL) || + (vb->default_g == NULL) || + (vb->default_N == NULL)) + return NULL; + +/* if the user is unknown we set parameters as well if we have a seed_key */ + + if ((user = SRP_user_pwd_new()) == NULL) + return NULL; + + SRP_user_pwd_set_gN(user,vb->default_g,vb->default_N); + + if (!SRP_user_pwd_set_ids(user,username,NULL)) + goto err; + + RAND_pseudo_bytes(digv, SHA_DIGEST_LENGTH); + SHA1_Init(&ctxt); + SHA1_Update(&ctxt, vb->seed_key, strlen(vb->seed_key)); + SHA1_Update(&ctxt, username, strlen(username)); + SHA1_Final(digs, &ctxt); + if (SRP_user_pwd_set_sv_BN(user, BN_bin2bn(digs,SHA_DIGEST_LENGTH,NULL),
BN_bin2bn(digv,SHA_DIGEST_LENGTH, NULL))) + return user; + +err: SRP_user_pwd_free(user); + return NULL; +} + + +/* + create a verifier (*salt,*verifier,g and N are in base64) +*/ +char * SRP_create_verifier(char *user, char *pass, char **salt, char
**verifier, char *N, char *g) +{ + char * result=NULL; + int len; + char *vf; + BIGNUM *N_bn = NULL, *g_bn = NULL, *s = NULL, *x = NULL, *v = BN_new(); + BN_CTX *bn_ctx = BN_CTX_new(); + char tmp[MAX_LEN]; + char tmp2[MAX_LEN]; + char * defgNid = NULL; + + if ((user == NULL)|| + (pass == NULL)|| + (salt == NULL)|| + (verifier == NULL)|| + (bn_ctx == NULL)|| + (v == NULL)) + goto err; + + + if (N) { + if (!(len = t_fromb64(tmp,N))){ + goto err;} + N_bn = BN_bin2bn(tmp,len,NULL); + if (!(len = t_fromb64(tmp,g))){ + goto err;} + g_bn = BN_bin2bn(tmp,len,NULL); + defgNid = "*"; + + } else { + SRP_gN * gN = SRP_get_gN_by_id(g, NULL) ; + if (gN == NULL) + goto err; + N_bn = gN->N; + g_bn = gN->g; + defgNid = gN->id; + } + + + srp_bn_print(N_bn); + srp_bn_print(g_bn); + + if (*salt == NULL){ + RAND_pseudo_bytes(tmp2, SRP_RANDOM_SALT_LEN); + + s = BN_bin2bn(tmp2,SRP_RANDOM_SALT_LEN,NULL); + } + else + { + if (!(len = t_fromb64(tmp2,*salt))) + goto err; + s = BN_bin2bn(tmp2,len,NULL); + } + + x = SRP_Calc_x(s,user,pass); + + if (!BN_mod_exp(v,g_bn,x,N_bn,bn_ctx)) + goto err; + + srp_bn_print(v); + + BN_bn2bin(v,tmp); + if (((vf = OPENSSL_malloc(BN_num_bytes(v)*2)) == NULL)) + goto err; + t_tob64(vf,tmp,BN_num_bytes(v)); + + + if (*salt == NULL){ + if ((*salt = (char *)OPENSSL_malloc(SRP_RANDOM_SALT_LEN*2)) == NULL){ + OPENSSL_free(vf); + goto err; + } + t_tob64(*salt,tmp2,SRP_RANDOM_SALT_LEN); + } + *verifier = vf; + result=defgNid; + +err: + + BN_free(N_bn); + BN_free(g_bn); + BN_free(s); + BN_clear_free(x); + BN_clear_free(v); + BN_CTX_free(bn_ctx); + return result; +} + + + +#endif diff -ruN openssl-SNAP-20081125-orig/crypto/stack/safestack.h
openssl-SNAP-20081125-srp/crypto/stack/safestack.h --- openssl-SNAP-20081125-orig/crypto/stack/safestack.h 2008-10-14
09:00:13.000000000 +0000 +++ openssl-SNAP-20081125-srp/crypto/stack/safestack.h 2008-11-25
23:04:38.000000000 +0000 @@ -1507,6 +1507,66 @@ #define sk_POLICY_MAPPING_sort(st) SKM_sk_sort(POLICY_MAPPING, (st)) #define sk_POLICY_MAPPING_is_sorted(st) SKM_sk_is_sorted(POLICY_MAPPING, (st))

+#define sk_SRP_gN_new(st) SKM_sk_new(SRP_gN, (st)) +#define sk_SRP_gN_new_null() SKM_sk_new_null(SRP_gN) +#define sk_SRP_gN_free(st) SKM_sk_free(SRP_gN, (st)) +#define sk_SRP_gN_num(st) SKM_sk_num(SRP_gN, (st)) +#define sk_SRP_gN_value(st, i) SKM_sk_value(SRP_gN, (st), (i)) +#define sk_SRP_gN_set(st, i, val) SKM_sk_set(SRP_gN, (st), (i), (val)) +#define sk_SRP_gN_zero(st) SKM_sk_zero(SRP_gN, (st)) +#define sk_SRP_gN_push(st, val) SKM_sk_push(SRP_gN, (st), (val)) +#define sk_SRP_gN_unshift(st, val) SKM_sk_unshift(SRP_gN, (st), (val)) +#define sk_SRP_gN_find(st, val) SKM_sk_find(SRP_gN, (st), (val)) +#define sk_SRP_gN_delete(st, i) SKM_sk_delete(SRP_gN, (st), (i)) +#define sk_SRP_gN_delete_ptr(st, ptr) SKM_sk_delete_ptr(SRP_gN, (st), (ptr)) +#define sk_SRP_gN_insert(st, val, i) SKM_sk_insert(SRP_gN, (st), (val), (i)) +#define sk_SRP_gN_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(SRP_gN, (st),
(cmp)) +#define sk_SRP_gN_dup(st) SKM_sk_dup(SRP_gN, st) +#define sk_SRP_gN_pop_free(st, free_func) SKM_sk_pop_free(SRP_gN, (st),
(free_func)) +#define sk_SRP_gN_shift(st) SKM_sk_shift(SRP_gN, (st)) +#define sk_SRP_gN_pop(st) SKM_sk_pop(SRP_gN, (st)) +#define sk_SRP_gN_sort(st) SKM_sk_sort(SRP_gN, (st)) + +#define sk_SRP_gN_cache_new(st) SKM_sk_new(SRP_gN_cache, (st)) +#define sk_SRP_gN_cache_new_null() SKM_sk_new_null(SRP_gN_cache) +#define sk_SRP_gN_cache_free(st) SKM_sk_free(SRP_gN_cache, (st)) +#define sk_SRP_gN_cache_num(st) SKM_sk_num(SRP_gN_cache, (st)) +#define sk_SRP_gN_cache_value(st, i) SKM_sk_value(SRP_gN_cache, (st), (i)) +#define sk_SRP_gN_cache_set(st, i, val) SKM_sk_set(SRP_gN_cache, (st), (i),
(val)) +#define sk_SRP_gN_cache_zero(st) SKM_sk_zero(SRP_gN_cache, (st)) +#define sk_SRP_gN_cache_push(st, val) SKM_sk_push(SRP_gN_cache, (st), (val)) +#define sk_SRP_gN_cache_unshift(st, val) SKM_sk_unshift(SRP_gN_cache, (st),
(val)) +#define sk_SRP_gN_cache_find(st, val) SKM_sk_find(SRP_gN_cache, (st), (val)) +#define sk_SRP_gN_cache_delete(st, i) SKM_sk_delete(SRP_gN_cache, (st), (i)) +#define sk_SRP_gN_cache_delete_ptr(st, ptr) SKM_sk_delete_ptr(SRP_gN_cache,
(st), (ptr)) +#define sk_SRP_gN_cache_insert(st, val, i) SKM_sk_insert(SRP_gN_cache, (st),
(val), (i)) +#define sk_SRP_gN_cache_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(SRP_gN_cache,
(st), (cmp)) +#define sk_SRP_gN_cache_dup(st) SKM_sk_dup(SRP_gN_cache, st) +#define sk_SRP_gN_cache_pop_free(st, free_func) SKM_sk_pop_free(SRP_gN_cache,
(st), (free_func)) +#define sk_SRP_gN_cache_shift(st) SKM_sk_shift(SRP_gN_cache, (st)) +#define sk_SRP_gN_cache_pop(st) SKM_sk_pop(SRP_gN_cache, (st)) +#define sk_SRP_gN_cache_sort(st) SKM_sk_sort(SRP_gN_cache, (st)) + +#define sk_SRP_user_pwd_new(st) SKM_sk_new(SRP_user_pwd, (st)) +#define sk_SRP_user_pwd_new_null() SKM_sk_new_null(SRP_user_pwd) +#define sk_SRP_user_pwd_free(st) SKM_sk_free(SRP_user_pwd, (st)) +#define sk_SRP_user_pwd_num(st) SKM_sk_num(SRP_user_pwd, (st)) +#define sk_SRP_user_pwd_value(st, i) SKM_sk_value(SRP_user_pwd, (st), (i)) +#define sk_SRP_user_pwd_set(st, i, val) SKM_sk_set(SRP_user_pwd, (st), (i),
(val)) +#define sk_SRP_user_pwd_zero(st) SKM_sk_zero(SRP_user_pwd, (st)) +#define sk_SRP_user_pwd_push(st, val) SKM_sk_push(SRP_user_pwd, (st), (val)) +#define sk_SRP_user_pwd_unshift(st, val) SKM_sk_unshift(SRP_user_pwd, (st),
(val)) +#define sk_SRP_user_pwd_find(st, val) SKM_sk_find(SRP_user_pwd, (st), (val)) +#define sk_SRP_user_pwd_delete(st, i) SKM_sk_delete(SRP_user_pwd, (st), (i)) +#define sk_SRP_user_pwd_delete_ptr(st, ptr) SKM_sk_delete_ptr(SRP_user_pwd,
(st), (ptr)) +#define sk_SRP_user_pwd_insert(st, val, i) SKM_sk_insert(SRP_user_pwd, (st),
(val), (i)) +#define sk_SRP_user_pwd_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(SRP_user_pwd,
(st), (cmp)) +#define sk_SRP_user_pwd_dup(st) SKM_sk_dup(SRP_user_pwd, st) +#define sk_SRP_user_pwd_pop_free(st, free_func) SKM_sk_pop_free(SRP_user_pwd,
(st), (free_func)) +#define sk_SRP_user_pwd_shift(st) SKM_sk_shift(SRP_user_pwd, (st)) +#define sk_SRP_user_pwd_pop(st) SKM_sk_pop(SRP_user_pwd, (st)) +#define sk_SRP_user_pwd_sort(st) SKM_sk_sort(SRP_user_pwd, (st)) + #define sk_SSL_CIPHER_new(cmp) SKM_sk_new(SSL_CIPHER, (cmp)) #define sk_SSL_CIPHER_new_null() SKM_sk_new_null(SSL_CIPHER) #define sk_SSL_CIPHER_free(st) SKM_sk_free(SSL_CIPHER, (st)) diff -ruN openssl-SNAP-20081125-orig/Makefile.org
openssl-SNAP-20081125-srp/Makefile.org --- openssl-SNAP-20081125-orig/Makefile.org 2008-10-26 19:00:05.000000000 +0000 +++ openssl-SNAP-20081125-srp/Makefile.org 2008-11-25 23:04:38.000000000 +0000 @@ -119,7 +119,7 @@ bn ec rsa dsa ecdsa dh ecdh dso engine \ buffer bio stack lhash rand err \ evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp ocsp ui krb5 \ - cms pqueue ts jpake + cms pqueue ts jpake srp # keep in mind that the above list is adjusted by ./Configure # according to no-xxx arguments...

diff -ruN openssl-SNAP-20081125-orig/util/mk1mf.pl
openssl-SNAP-20081125-srp/util/mk1mf.pl --- openssl-SNAP-20081125-orig/util/mk1mf.pl 2008-11-24 18:01:23.000000000 +0000 +++ openssl-SNAP-20081125-srp/util/mk1mf.pl 2008-11-25 23:00:14.000000000 +0000 @@ -101,6 +101,7 @@ just-ssl - remove all non-ssl keys/digest no-asm - No x86 asm no-krb5 - No KRB5 + no-srp - No SRP no-ec - No EC no-ecdsa - No ECDSA no-ecdh - No ECDH @@ -258,6 +259,7 @@ $cflags.=" -DOPENSSL_NO_SSL2" if $no_ssl2; $cflags.=" -DOPENSSL_NO_SSL3" if $no_ssl3; $cflags.=" -DOPENSSL_NO_TLSEXT" if $no_tlsext; +$cflags.=" -DOPENSSL_NO_SRP" if $no_srp; $cflags.=" -DOPENSSL_NO_CMS" if $no_cms; $cflags.=" -DOPENSSL_NO_ERR" if $no_err; $cflags.=" -DOPENSSL_NO_KRB5" if $no_krb5; @@ -761,6 +763,8 @@ @a=grep(!/(^sha1)|(_sha1$)|(m_dss1$)/,@a) if $no_sha1; @a=grep(!/_mdc2$/,@a) if $no_mdc2;

+ @a=grep(!/(srp)/,@a) if $no_srp; + @a=grep(!/^engine$/,@a) if $no_engine; @a=grep(!/^hw$/,@a) if $no_hw; @a=grep(!/(^rsa$)|(^genrsa$)/,@a) if $no_rsa; @@ -1036,6 +1040,7 @@ "no-ssl2" => \$no_ssl2, "no-ssl3" => \$no_ssl3, "no-tlsext" => \$no_tlsext, + "no-srp" => \$no_srp, "no-cms" => \$no_cms, "no-jpake" => \$no_jpake, "no-err" => \$no_err, @@ -1050,7 +1055,7 @@ [\$no_rc2, \$no_idea, \$no_des, \$no_bf, \$no_cast, \$no_md2, \$no_sha, \$no_mdc2, \$no_dsa, \$no_dh, \$no_ssl2, \$no_err, \$no_ripemd, \$no_rc5, - \$no_aes, \$no_camellia, \$no_seed], + \$no_aes, \$no_camellia, \$no_seed, \$no_srp], "rsaref" => 0, "gcc" => \$gcc, "debug" => \$debug, diff -ruN openssl-SNAP-20081125-orig/util/mkdef.pl
openssl-SNAP-20081125-srp/util/mkdef.pl --- openssl-SNAP-20081125-orig/util/mkdef.pl 2008-11-24 18:01:23.000000000 +0000 +++ openssl-SNAP-20081125-srp/util/mkdef.pl 2008-11-25 23:04:20.000000000 +0000 @@ -98,7 +98,7 @@ # RFC3779 "RFC3779", # TLS - "TLSEXT", "PSK", + "TLSEXT", "PSK", "SRP", # CMS "CMS", # CryptoAPI Engine @@ -125,7 +125,7 @@ my $no_ec; my $no_ecdsa; my $no_ecdh; my $no_engine; my $no_hw; my $no_fp_api; my $no_static_engine=1; my $no_gmp; my $no_deprecated; my $no_rfc3779; my $no_psk; my $no_tlsext; my $no_cms; my $no_capieng; -my $no_jpake; +my $no_jpake; my $no_srp;

my $zlib;

@@ -215,6 +215,7 @@ elsif (/^no-cms$/) { $no_cms=1; } elsif (/^no-capieng$/) { $no_capieng=1; } elsif (/^no-jpake$/) { $no_jpake=1; } + elsif (/^no-srp$/) { $no_srp=1; } }

@@ -313,6 +314,7 @@ $crypto.=" crypto/pqueue/pqueue.h"; $crypto.=" crypto/cms/cms.h"; $crypto.=" crypto/jpake/jpake.h"; +$crypto.=" crypto/srp/srp.h";

my $symhacks="crypto/symhacks.h";

@@ -1147,6 +1149,7 @@ if ($keyword eq "CMS" && $no_cms) { return 0; } if ($keyword eq "CAPIENG" && $no_capieng) { return 0; } if ($keyword eq "JPAKE" && $no_jpake) { return 0; } + if ($keyword eq "SRP" && $no_srp) { return 0; } if ($keyword eq "DEPRECATED" && $no_deprecated) { return 0; }

# Nothing recognise as true diff -ruN openssl-SNAP-20081125-orig/util/mkfiles.pl
openssl-SNAP-20081125-srp/util/mkfiles.pl --- openssl-SNAP-20081125-orig/util/mkfiles.pl 2008-10-27 13:00:27.000000000
+0000 +++ openssl-SNAP-20081125-srp/util/mkfiles.pl 2008-11-25 23:04:38.000000000
+0000 @@ -61,6 +61,7 @@ "crypto/pqueue", "crypto/whrlpool", "crypto/ts", +"crypto/srp", "ssl", "apps", "engines",