srp_vfy.c 18 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656
  1. /* crypto/srp/srp_vfy.c */
  2. /*
  3. * Written by Christophe Renou (christophe.renou@edelweb.fr) with the
  4. * precious help of Peter Sylvester (peter.sylvester@edelweb.fr) for the
  5. * EdelKey project and contributed to the OpenSSL project 2004.
  6. */
  7. /* ====================================================================
  8. * Copyright (c) 2004 The OpenSSL Project. All rights reserved.
  9. *
  10. * Redistribution and use in source and binary forms, with or without
  11. * modification, are permitted provided that the following conditions
  12. * are met:
  13. *
  14. * 1. Redistributions of source code must retain the above copyright
  15. * notice, this list of conditions and the following disclaimer.
  16. *
  17. * 2. Redistributions in binary form must reproduce the above copyright
  18. * notice, this list of conditions and the following disclaimer in
  19. * the documentation and/or other materials provided with the
  20. * distribution.
  21. *
  22. * 3. All advertising materials mentioning features or use of this
  23. * software must display the following acknowledgment:
  24. * "This product includes software developed by the OpenSSL Project
  25. * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
  26. *
  27. * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
  28. * endorse or promote products derived from this software without
  29. * prior written permission. For written permission, please contact
  30. * licensing@OpenSSL.org.
  31. *
  32. * 5. Products derived from this software may not be called "OpenSSL"
  33. * nor may "OpenSSL" appear in their names without prior written
  34. * permission of the OpenSSL Project.
  35. *
  36. * 6. Redistributions of any form whatsoever must retain the following
  37. * acknowledgment:
  38. * "This product includes software developed by the OpenSSL Project
  39. * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
  40. *
  41. * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
  42. * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  43. * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
  44. * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
  45. * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
  46. * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
  47. * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
  48. * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  49. * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
  50. * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
  51. * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
  52. * OF THE POSSIBILITY OF SUCH DAMAGE.
  53. * ====================================================================
  54. *
  55. * This product includes cryptographic software written by Eric Young
  56. * (eay@cryptsoft.com). This product includes software written by Tim
  57. * Hudson (tjh@cryptsoft.com).
  58. *
  59. */
  60. #ifndef OPENSSL_NO_SRP
  61. # include "internal/cryptlib.h"
  62. # include <openssl/sha.h>
  63. # include <openssl/srp.h>
  64. # include <openssl/evp.h>
  65. # include <openssl/buffer.h>
  66. # include <openssl/rand.h>
  67. # include <openssl/txt_db.h>
  68. # define SRP_RANDOM_SALT_LEN 20
  69. # define MAX_LEN 2500
  70. static char b64table[] =
  71. "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz./";
  72. /*
  73. * the following two conversion routines have been inspired by code from
  74. * Stanford
  75. */
  76. /*
  77. * Convert a base64 string into raw byte array representation.
  78. */
  79. static int t_fromb64(unsigned char *a, const char *src)
  80. {
  81. char *loc;
  82. int i, j;
  83. int size;
  84. while (*src && (*src == ' ' || *src == '\t' || *src == '\n'))
  85. ++src;
  86. size = strlen(src);
  87. i = 0;
  88. while (i < size) {
  89. loc = strchr(b64table, src[i]);
  90. if (loc == (char *)0)
  91. break;
  92. else
  93. a[i] = loc - b64table;
  94. ++i;
  95. }
  96. /* if nothing valid to process we have a zero length response */
  97. if (i == 0)
  98. return 0;
  99. size = i;
  100. i = size - 1;
  101. j = size;
  102. while (1) {
  103. a[j] = a[i];
  104. if (--i < 0)
  105. break;
  106. a[j] |= (a[i] & 3) << 6;
  107. --j;
  108. a[j] = (unsigned char)((a[i] & 0x3c) >> 2);
  109. if (--i < 0)
  110. break;
  111. a[j] |= (a[i] & 0xf) << 4;
  112. --j;
  113. a[j] = (unsigned char)((a[i] & 0x30) >> 4);
  114. if (--i < 0)
  115. break;
  116. a[j] |= (a[i] << 2);
  117. a[--j] = 0;
  118. if (--i < 0)
  119. break;
  120. }
  121. while (a[j] == 0 && j <= size)
  122. ++j;
  123. i = 0;
  124. while (j <= size)
  125. a[i++] = a[j++];
  126. return i;
  127. }
  128. /*
  129. * Convert a raw byte string into a null-terminated base64 ASCII string.
  130. */
  131. static char *t_tob64(char *dst, const unsigned char *src, int size)
  132. {
  133. int c, pos = size % 3;
  134. unsigned char b0 = 0, b1 = 0, b2 = 0, notleading = 0;
  135. char *olddst = dst;
  136. switch (pos) {
  137. case 1:
  138. b2 = src[0];
  139. break;
  140. case 2:
  141. b1 = src[0];
  142. b2 = src[1];
  143. break;
  144. }
  145. while (1) {
  146. c = (b0 & 0xfc) >> 2;
  147. if (notleading || c != 0) {
  148. *dst++ = b64table[c];
  149. notleading = 1;
  150. }
  151. c = ((b0 & 3) << 4) | ((b1 & 0xf0) >> 4);
  152. if (notleading || c != 0) {
  153. *dst++ = b64table[c];
  154. notleading = 1;
  155. }
  156. c = ((b1 & 0xf) << 2) | ((b2 & 0xc0) >> 6);
  157. if (notleading || c != 0) {
  158. *dst++ = b64table[c];
  159. notleading = 1;
  160. }
  161. c = b2 & 0x3f;
  162. if (notleading || c != 0) {
  163. *dst++ = b64table[c];
  164. notleading = 1;
  165. }
  166. if (pos >= size)
  167. break;
  168. else {
  169. b0 = src[pos++];
  170. b1 = src[pos++];
  171. b2 = src[pos++];
  172. }
  173. }
  174. *dst++ = '\0';
  175. return olddst;
  176. }
  177. static void SRP_user_pwd_free(SRP_user_pwd *user_pwd)
  178. {
  179. if (user_pwd == NULL)
  180. return;
  181. BN_free(user_pwd->s);
  182. BN_clear_free(user_pwd->v);
  183. OPENSSL_free(user_pwd->id);
  184. OPENSSL_free(user_pwd->info);
  185. OPENSSL_free(user_pwd);
  186. }
  187. static SRP_user_pwd *SRP_user_pwd_new(void)
  188. {
  189. SRP_user_pwd *ret = OPENSSL_malloc(sizeof(*ret));
  190. if (ret == NULL)
  191. return NULL;
  192. ret->N = NULL;
  193. ret->g = NULL;
  194. ret->s = NULL;
  195. ret->v = NULL;
  196. ret->id = NULL;
  197. ret->info = NULL;
  198. return ret;
  199. }
  200. static void SRP_user_pwd_set_gN(SRP_user_pwd *vinfo, const BIGNUM *g,
  201. const BIGNUM *N)
  202. {
  203. vinfo->N = N;
  204. vinfo->g = g;
  205. }
  206. static int SRP_user_pwd_set_ids(SRP_user_pwd *vinfo, const char *id,
  207. const char *info)
  208. {
  209. if (id != NULL && NULL == (vinfo->id = OPENSSL_strdup(id)))
  210. return 0;
  211. return (info == NULL || NULL != (vinfo->info = OPENSSL_strdup(info)));
  212. }
  213. static int SRP_user_pwd_set_sv(SRP_user_pwd *vinfo, const char *s,
  214. const char *v)
  215. {
  216. unsigned char tmp[MAX_LEN];
  217. int len;
  218. if (strlen(s) > MAX_LEN || strlen(v) > MAX_LEN)
  219. return 0;
  220. len = t_fromb64(tmp, v);
  221. if (NULL == (vinfo->v = BN_bin2bn(tmp, len, NULL)))
  222. return 0;
  223. len = t_fromb64(tmp, s);
  224. return ((vinfo->s = BN_bin2bn(tmp, len, NULL)) != NULL);
  225. }
  226. static int SRP_user_pwd_set_sv_BN(SRP_user_pwd *vinfo, BIGNUM *s, BIGNUM *v)
  227. {
  228. vinfo->v = v;
  229. vinfo->s = s;
  230. return (vinfo->s != NULL && vinfo->v != NULL);
  231. }
  232. SRP_VBASE *SRP_VBASE_new(char *seed_key)
  233. {
  234. SRP_VBASE *vb = OPENSSL_malloc(sizeof(*vb));
  235. if (vb == NULL)
  236. return NULL;
  237. if ((vb->users_pwd = sk_SRP_user_pwd_new_null()) == NULL
  238. || (vb->gN_cache = sk_SRP_gN_cache_new_null()) == NULL) {
  239. OPENSSL_free(vb);
  240. return NULL;
  241. }
  242. vb->default_g = NULL;
  243. vb->default_N = NULL;
  244. vb->seed_key = NULL;
  245. if ((seed_key != NULL) && (vb->seed_key = OPENSSL_strdup(seed_key)) == NULL) {
  246. sk_SRP_user_pwd_free(vb->users_pwd);
  247. sk_SRP_gN_cache_free(vb->gN_cache);
  248. OPENSSL_free(vb);
  249. return NULL;
  250. }
  251. return vb;
  252. }
  253. void SRP_VBASE_free(SRP_VBASE *vb)
  254. {
  255. if (!vb)
  256. return;
  257. sk_SRP_user_pwd_pop_free(vb->users_pwd, SRP_user_pwd_free);
  258. sk_SRP_gN_cache_free(vb->gN_cache);
  259. OPENSSL_free(vb->seed_key);
  260. OPENSSL_free(vb);
  261. }
  262. static SRP_gN_cache *SRP_gN_new_init(const char *ch)
  263. {
  264. unsigned char tmp[MAX_LEN];
  265. int len;
  266. SRP_gN_cache *newgN = OPENSSL_malloc(sizeof(*newgN));
  267. if (newgN == NULL)
  268. return NULL;
  269. if ((newgN->b64_bn = OPENSSL_strdup(ch)) == NULL)
  270. goto err;
  271. len = t_fromb64(tmp, ch);
  272. if ((newgN->bn = BN_bin2bn(tmp, len, NULL)))
  273. return newgN;
  274. OPENSSL_free(newgN->b64_bn);
  275. err:
  276. OPENSSL_free(newgN);
  277. return NULL;
  278. }
  279. static void SRP_gN_free(SRP_gN_cache *gN_cache)
  280. {
  281. if (gN_cache == NULL)
  282. return;
  283. OPENSSL_free(gN_cache->b64_bn);
  284. BN_free(gN_cache->bn);
  285. OPENSSL_free(gN_cache);
  286. }
  287. static SRP_gN *SRP_get_gN_by_id(const char *id, STACK_OF(SRP_gN) *gN_tab)
  288. {
  289. int i;
  290. SRP_gN *gN;
  291. if (gN_tab != NULL)
  292. for (i = 0; i < sk_SRP_gN_num(gN_tab); i++) {
  293. gN = sk_SRP_gN_value(gN_tab, i);
  294. if (gN && (id == NULL || strcmp(gN->id, id) == 0))
  295. return gN;
  296. }
  297. return SRP_get_default_gN(id);
  298. }
  299. static BIGNUM *SRP_gN_place_bn(STACK_OF(SRP_gN_cache) *gN_cache, char *ch)
  300. {
  301. int i;
  302. if (gN_cache == NULL)
  303. return NULL;
  304. /* search if we have already one... */
  305. for (i = 0; i < sk_SRP_gN_cache_num(gN_cache); i++) {
  306. SRP_gN_cache *cache = sk_SRP_gN_cache_value(gN_cache, i);
  307. if (strcmp(cache->b64_bn, ch) == 0)
  308. return cache->bn;
  309. }
  310. { /* it is the first time that we find it */
  311. SRP_gN_cache *newgN = SRP_gN_new_init(ch);
  312. if (newgN) {
  313. if (sk_SRP_gN_cache_insert(gN_cache, newgN, 0) > 0)
  314. return newgN->bn;
  315. SRP_gN_free(newgN);
  316. }
  317. }
  318. return NULL;
  319. }
  320. /*
  321. * this function parses verifier file. Format is:
  322. * string(index):base64(N):base64(g):0
  323. * string(username):base64(v):base64(salt):int(index)
  324. */
  325. int SRP_VBASE_init(SRP_VBASE *vb, char *verifier_file)
  326. {
  327. int error_code;
  328. STACK_OF(SRP_gN) *SRP_gN_tab = sk_SRP_gN_new_null();
  329. char *last_index = NULL;
  330. int i;
  331. char **pp;
  332. SRP_gN *gN = NULL;
  333. SRP_user_pwd *user_pwd = NULL;
  334. TXT_DB *tmpdb = NULL;
  335. BIO *in = BIO_new(BIO_s_file());
  336. error_code = SRP_ERR_OPEN_FILE;
  337. if (in == NULL || BIO_read_filename(in, verifier_file) <= 0)
  338. goto err;
  339. error_code = SRP_ERR_VBASE_INCOMPLETE_FILE;
  340. if ((tmpdb = TXT_DB_read(in, DB_NUMBER)) == NULL)
  341. goto err;
  342. error_code = SRP_ERR_MEMORY;
  343. if (vb->seed_key) {
  344. last_index = SRP_get_default_gN(NULL)->id;
  345. }
  346. for (i = 0; i < sk_OPENSSL_PSTRING_num(tmpdb->data); i++) {
  347. pp = sk_OPENSSL_PSTRING_value(tmpdb->data, i);
  348. if (pp[DB_srptype][0] == DB_SRP_INDEX) {
  349. /*
  350. * we add this couple in the internal Stack
  351. */
  352. if ((gN = OPENSSL_malloc(sizeof(*gN))) == NULL)
  353. goto err;
  354. if ((gN->id = OPENSSL_strdup(pp[DB_srpid])) == NULL
  355. || (gN->N = SRP_gN_place_bn(vb->gN_cache, pp[DB_srpverifier]))
  356. == NULL
  357. || (gN->g = SRP_gN_place_bn(vb->gN_cache, pp[DB_srpsalt]))
  358. == NULL
  359. || sk_SRP_gN_insert(SRP_gN_tab, gN, 0) == 0)
  360. goto err;
  361. gN = NULL;
  362. if (vb->seed_key != NULL) {
  363. last_index = pp[DB_srpid];
  364. }
  365. } else if (pp[DB_srptype][0] == DB_SRP_VALID) {
  366. /* it is a user .... */
  367. const SRP_gN *lgN;
  368. if ((lgN = SRP_get_gN_by_id(pp[DB_srpgN], SRP_gN_tab)) != NULL) {
  369. error_code = SRP_ERR_MEMORY;
  370. if ((user_pwd = SRP_user_pwd_new()) == NULL)
  371. goto err;
  372. SRP_user_pwd_set_gN(user_pwd, lgN->g, lgN->N);
  373. if (!SRP_user_pwd_set_ids
  374. (user_pwd, pp[DB_srpid], pp[DB_srpinfo]))
  375. goto err;
  376. error_code = SRP_ERR_VBASE_BN_LIB;
  377. if (!SRP_user_pwd_set_sv
  378. (user_pwd, pp[DB_srpsalt], pp[DB_srpverifier]))
  379. goto err;
  380. if (sk_SRP_user_pwd_insert(vb->users_pwd, user_pwd, 0) == 0)
  381. goto err;
  382. user_pwd = NULL; /* abandon responsability */
  383. }
  384. }
  385. }
  386. if (last_index != NULL) {
  387. /* this means that we want to simulate a default user */
  388. if (((gN = SRP_get_gN_by_id(last_index, SRP_gN_tab)) == NULL)) {
  389. error_code = SRP_ERR_VBASE_BN_LIB;
  390. goto err;
  391. }
  392. vb->default_g = gN->g;
  393. vb->default_N = gN->N;
  394. gN = NULL;
  395. }
  396. error_code = SRP_NO_ERROR;
  397. err:
  398. /*
  399. * there may be still some leaks to fix, if this fails, the application
  400. * terminates most likely
  401. */
  402. if (gN != NULL) {
  403. OPENSSL_free(gN->id);
  404. OPENSSL_free(gN);
  405. }
  406. SRP_user_pwd_free(user_pwd);
  407. TXT_DB_free(tmpdb);
  408. BIO_free_all(in);
  409. sk_SRP_gN_free(SRP_gN_tab);
  410. return error_code;
  411. }
  412. SRP_user_pwd *SRP_VBASE_get_by_user(SRP_VBASE *vb, char *username)
  413. {
  414. int i;
  415. SRP_user_pwd *user;
  416. unsigned char digv[SHA_DIGEST_LENGTH];
  417. unsigned char digs[SHA_DIGEST_LENGTH];
  418. EVP_MD_CTX *ctxt = NULL;
  419. if (vb == NULL)
  420. return NULL;
  421. for (i = 0; i < sk_SRP_user_pwd_num(vb->users_pwd); i++) {
  422. user = sk_SRP_user_pwd_value(vb->users_pwd, i);
  423. if (strcmp(user->id, username) == 0)
  424. return user;
  425. }
  426. if ((vb->seed_key == NULL) ||
  427. (vb->default_g == NULL) || (vb->default_N == NULL))
  428. return NULL;
  429. /* if the user is unknown we set parameters as well if we have a seed_key */
  430. if ((user = SRP_user_pwd_new()) == NULL)
  431. return NULL;
  432. SRP_user_pwd_set_gN(user, vb->default_g, vb->default_N);
  433. if (!SRP_user_pwd_set_ids(user, username, NULL))
  434. goto err;
  435. if (RAND_bytes(digv, SHA_DIGEST_LENGTH) <= 0)
  436. goto err;
  437. ctxt = EVP_MD_CTX_new();
  438. EVP_DigestInit_ex(ctxt, EVP_sha1(), NULL);
  439. EVP_DigestUpdate(ctxt, vb->seed_key, strlen(vb->seed_key));
  440. EVP_DigestUpdate(ctxt, username, strlen(username));
  441. EVP_DigestFinal_ex(ctxt, digs, NULL);
  442. EVP_MD_CTX_free(ctxt);
  443. ctxt = NULL;
  444. if (SRP_user_pwd_set_sv_BN(user,
  445. BN_bin2bn(digs, SHA_DIGEST_LENGTH, NULL),
  446. BN_bin2bn(digv, SHA_DIGEST_LENGTH, NULL)))
  447. return user;
  448. err:
  449. EVP_MD_CTX_free(ctxt);
  450. SRP_user_pwd_free(user);
  451. return NULL;
  452. }
  453. /*
  454. * create a verifier (*salt,*verifier,g and N are in base64)
  455. */
  456. char *SRP_create_verifier(const char *user, const char *pass, char **salt,
  457. char **verifier, const char *N, const char *g)
  458. {
  459. int len;
  460. char *result = NULL, *vf = NULL;
  461. BIGNUM *N_bn = NULL, *g_bn = NULL, *s = NULL, *v = NULL;
  462. unsigned char tmp[MAX_LEN];
  463. unsigned char tmp2[MAX_LEN];
  464. char *defgNid = NULL;
  465. int vfsize = 0;
  466. if ((user == NULL) ||
  467. (pass == NULL) || (salt == NULL) || (verifier == NULL))
  468. goto err;
  469. if (N) {
  470. if ((len = t_fromb64(tmp, N)) == 0)
  471. goto err;
  472. N_bn = BN_bin2bn(tmp, len, NULL);
  473. if ((len = t_fromb64(tmp, g)) == 0)
  474. goto err;
  475. g_bn = BN_bin2bn(tmp, len, NULL);
  476. defgNid = "*";
  477. } else {
  478. SRP_gN *gN = SRP_get_gN_by_id(g, NULL);
  479. if (gN == NULL)
  480. goto err;
  481. N_bn = gN->N;
  482. g_bn = gN->g;
  483. defgNid = gN->id;
  484. }
  485. if (*salt == NULL) {
  486. if (RAND_bytes(tmp2, SRP_RANDOM_SALT_LEN) <= 0)
  487. goto err;
  488. s = BN_bin2bn(tmp2, SRP_RANDOM_SALT_LEN, NULL);
  489. } else {
  490. if ((len = t_fromb64(tmp2, *salt)) == 0)
  491. goto err;
  492. s = BN_bin2bn(tmp2, len, NULL);
  493. }
  494. if (!SRP_create_verifier_BN(user, pass, &s, &v, N_bn, g_bn))
  495. goto err;
  496. BN_bn2bin(v, tmp);
  497. vfsize = BN_num_bytes(v) * 2;
  498. if (((vf = OPENSSL_malloc(vfsize)) == NULL))
  499. goto err;
  500. t_tob64(vf, tmp, BN_num_bytes(v));
  501. if (*salt == NULL) {
  502. char *tmp_salt;
  503. if ((tmp_salt = OPENSSL_malloc(SRP_RANDOM_SALT_LEN * 2)) == NULL) {
  504. goto err;
  505. }
  506. t_tob64(tmp_salt, tmp2, SRP_RANDOM_SALT_LEN);
  507. *salt = tmp_salt;
  508. }
  509. *verifier = vf;
  510. vf = NULL;
  511. result = defgNid;
  512. err:
  513. if (N) {
  514. BN_free(N_bn);
  515. BN_free(g_bn);
  516. }
  517. OPENSSL_clear_free(vf, vfsize);
  518. BN_clear_free(s);
  519. BN_clear_free(v);
  520. return result;
  521. }
  522. /*
  523. * create a verifier (*salt,*verifier,g and N are BIGNUMs). If *salt != NULL
  524. * then the provided salt will be used. On successful exit *verifier will point
  525. * to a newly allocated BIGNUM containing the verifier and (if a salt was not
  526. * provided) *salt will be populated with a newly allocated BIGNUM containing a
  527. * random salt.
  528. * The caller is responsible for freeing the allocated *salt and *verifier
  529. * BIGNUMS.
  530. */
  531. int SRP_create_verifier_BN(const char *user, const char *pass, BIGNUM **salt,
  532. BIGNUM **verifier, const BIGNUM *N,
  533. const BIGNUM *g)
  534. {
  535. int result = 0;
  536. BIGNUM *x = NULL;
  537. BN_CTX *bn_ctx = BN_CTX_new();
  538. unsigned char tmp2[MAX_LEN];
  539. BIGNUM *salttmp = NULL;
  540. if ((user == NULL) ||
  541. (pass == NULL) ||
  542. (salt == NULL) ||
  543. (verifier == NULL) || (N == NULL) || (g == NULL) || (bn_ctx == NULL))
  544. goto err;
  545. if (*salt == NULL) {
  546. if (RAND_bytes(tmp2, SRP_RANDOM_SALT_LEN) <= 0)
  547. goto err;
  548. salttmp = BN_bin2bn(tmp2, SRP_RANDOM_SALT_LEN, NULL);
  549. } else {
  550. salttmp = *salt;
  551. }
  552. x = SRP_Calc_x(salttmp, user, pass);
  553. *verifier = BN_new();
  554. if (*verifier == NULL)
  555. goto err;
  556. if (!BN_mod_exp(*verifier, g, x, N, bn_ctx)) {
  557. BN_clear_free(*verifier);
  558. goto err;
  559. }
  560. result = 1;
  561. *salt = salttmp;
  562. err:
  563. if (salt != NULL && *salt != salttmp)
  564. BN_clear_free(salttmp);
  565. BN_clear_free(x);
  566. BN_CTX_free(bn_ctx);
  567. return result;
  568. }
  569. #endif