disentangle SRP code from TLS

author: tedu <> 2014-04-16 17:59:17 +0000
committer: tedu <> 2014-04-16 17:59:17 +0000
commit: 8cf170bf672c7d86b3903a219e445ba6138e7e95 (patch)
tree: fa8aa2c33679a60946ff76922a99938af26dde80 /src/lib/libssl/s3_clnt.c
parent: 2a02c4f91789a07715ed68ed2af2782ad52c815a (diff)
download: openbsd-8cf170bf672c7d86b3903a219e445ba6138e7e95.tar.gz
openbsd-8cf170bf672c7d86b3903a219e445ba6138e7e95.tar.bz2
openbsd-8cf170bf672c7d86b3903a219e445ba6138e7e95.zip
1 files changed, 0 insertions, 106 deletions
diff --git a/src/lib/libssl/s3_clnt.c b/src/lib/libssl/s3_clnt.c
index 88be294ab7..1589cdc21e 100644
--- a/src/lib/libssl/s3_clnt.c
+++ b/src/lib/libssl/s3_clnt.c
@@ -365,15 +365,6 @@ ssl3_connect(SSL *s)
                        ret = ssl3_get_server_done(s);
                        if (ret <= 0)
                                goto end;
-#ifndef OPENSSL_NO_SRP
-                        if (s->s3->tmp.new_cipher->algorithm_mkey & SSL_kSRP) {
-                                if ((ret = SRP_Calc_A_param(s)) <= 0) {
-                                        SSLerr(SSL_F_SSL3_CONNECT, SSL_R_SRP_A_CALC);
-                                        ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
-                                        goto end;
-                                }
-                        }
-#endif
                        if (s->s3->tmp.cert_req)
                                s->state = SSL3_ST_CW_CERT_A;
                        else
@@ -1299,76 +1290,6 @@ ssl3_get_key_exchange(SSL *s)
                n -= param_len;
        } else
 #endif /* !OPENSSL_NO_PSK */
-#ifndef OPENSSL_NO_SRP
-        if (alg_k & SSL_kSRP) {
-                n2s(p, i);
-                param_len = i + 2;
-                if (param_len > n) {
-                        al = SSL_AD_DECODE_ERROR;
-                        SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_BAD_SRP_N_LENGTH);
-                        goto f_err;
-                }
-                if (!(s->srp_ctx.N = BN_bin2bn(p, i, NULL))) {
-                        SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_BN_LIB);
-                        goto err;
-                }
-                p += i;
-                n2s(p, i);
-                param_len += i + 2;
-                if (param_len > n) {
-                        al = SSL_AD_DECODE_ERROR;
-                        SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_BAD_SRP_G_LENGTH);
-                        goto f_err;
-                }
-                if (!(s->srp_ctx.g = BN_bin2bn(p, i, NULL))) {
-                        SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_BN_LIB);
-                        goto err;
-                }
-                p += i;
-                i = (unsigned int)(p[0]);
-                p++;
-                param_len += i + 1;
-                if (param_len > n) {
-                        al = SSL_AD_DECODE_ERROR;
-                        SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_BAD_SRP_S_LENGTH);
-                        goto f_err;
-                }
-                if (!(s->srp_ctx.s = BN_bin2bn(p, i, NULL))) {
-                        SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_BN_LIB);
-                        goto err;
-                }
-                p += i;
-                n2s(p, i);
-                param_len += i + 2;
-                if (param_len > n) {
-                        al = SSL_AD_DECODE_ERROR;
-                        SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_BAD_SRP_B_LENGTH);
-                        goto f_err;
-                }
-                if (!(s->srp_ctx.B = BN_bin2bn(p, i, NULL))) {
-                        SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_BN_LIB);
-                        goto err;
-                }
-                p += i;
-                n -= param_len;
-/* We must check if there is a certificate */
-#ifndef OPENSSL_NO_RSA
-                if (alg_a & SSL_aRSA)
-                        pkey = X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509);
-#else
-                if (0)
-;
-#endif
-#ifndef OPENSSL_NO_DSA
-                else if (alg_a & SSL_aDSS)
-                        pkey = X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_DSA_SIGN].x509);
-#endif
-        } else
-#endif /* !OPENSSL_NO_SRP */
 #ifndef OPENSSL_NO_RSA
        if (alg_k & SSL_kRSA) {
                if ((rsa = RSA_new()) == NULL) {
@@ -2571,33 +2492,6 @@ ssl3_send_client_key_exchange(SSL *s)
                        EVP_PKEY_free(pub_key);
                }
-#ifndef OPENSSL_NO_SRP
-                else if (alg_k & SSL_kSRP) {
-                        if (s->srp_ctx.A != NULL) {
-                                /* send off the data */
-                                n = BN_num_bytes(s->srp_ctx.A);
-                                s2n(n, p);
-                                BN_bn2bin(s->srp_ctx.A, p);
-                                n += 2;
-                        } else {
-                                SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
-                                goto err;
-                        }
-                        if (s->session->srp_username != NULL)
-                                OPENSSL_free(s->session->srp_username);
-                        s->session->srp_username = BUF_strdup(s->srp_ctx.login);
-                        if (s->session->srp_username == NULL) {
-                                SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
-                                ERR_R_MALLOC_FAILURE);
-                                goto err;
-                        }
-                        if ((s->session->master_key_length = SRP_generate_client_master_secret(s, s->session->master_key)) < 0) {
-                                SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
-                                goto err;
-                        }
-                }
-#endif
 #ifndef OPENSSL_NO_PSK
                else if (alg_k & SSL_kPSK) {
                        char identity[PSK_MAX_IDENTITY_LEN];
author	tedu <>	2014-04-16 17:59:17 +0000
committer	tedu <>	2014-04-16 17:59:17 +0000
commit	8cf170bf672c7d86b3903a219e445ba6138e7e95 (patch)
tree	fa8aa2c33679a60946ff76922a99938af26dde80 /src/lib/libssl/s3_clnt.c
parent	2a02c4f91789a07715ed68ed2af2782ad52c815a (diff)
download	openbsd-8cf170bf672c7d86b3903a219e445ba6138e7e95.tar.gz openbsd-8cf170bf672c7d86b3903a219e445ba6138e7e95.tar.bz2 openbsd-8cf170bf672c7d86b3903a219e445ba6138e7e95.zip

diff --git a/src/lib/libssl/s3_clnt.c b/src/lib/libssl/s3_clnt.c index 88be294ab7..1589cdc21e 100644 --- a/src/lib/libssl/s3_clnt.c +++ b/src/lib/libssl/s3_clnt.c
@@ -365,15 +365,6 @@ ssl3_connect(SSL *s)
365	ret = ssl3_get_server_done(s);	365	ret = ssl3_get_server_done(s);
366	if (ret <= 0)	366	if (ret <= 0)
367	goto end;	367	goto end;
368	#ifndef OPENSSL_NO_SRP
369	if (s->s3->tmp.new_cipher->algorithm_mkey & SSL_kSRP) {
370	if ((ret = SRP_Calc_A_param(s)) <= 0) {
371	SSLerr(SSL_F_SSL3_CONNECT, SSL_R_SRP_A_CALC);
372	ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
373	goto end;
374	}
375	}
376	#endif
377	if (s->s3->tmp.cert_req)	368	if (s->s3->tmp.cert_req)
378	s->state = SSL3_ST_CW_CERT_A;	369	s->state = SSL3_ST_CW_CERT_A;
379	else	370	else
@@ -1299,76 +1290,6 @@ ssl3_get_key_exchange(SSL *s)
1299	n -= param_len;	1290	n -= param_len;
1300	} else	1291	} else
1301	#endif /* !OPENSSL_NO_PSK */	1292	#endif /* !OPENSSL_NO_PSK */
1302	#ifndef OPENSSL_NO_SRP
1303	if (alg_k & SSL_kSRP) {
1304	n2s(p, i);
1305	param_len = i + 2;
1306	if (param_len > n) {
1307	al = SSL_AD_DECODE_ERROR;
1308	SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_BAD_SRP_N_LENGTH);
1309	goto f_err;
1310	}
1311	if (!(s->srp_ctx.N = BN_bin2bn(p, i, NULL))) {
1312	SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_BN_LIB);
1313	goto err;
1314	}
1315	p += i;
1316
1317	n2s(p, i);
1318	param_len += i + 2;
1319	if (param_len > n) {
1320	al = SSL_AD_DECODE_ERROR;
1321	SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_BAD_SRP_G_LENGTH);
1322	goto f_err;
1323	}
1324	if (!(s->srp_ctx.g = BN_bin2bn(p, i, NULL))) {
1325	SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_BN_LIB);
1326	goto err;
1327	}
1328	p += i;
1329
1330	i = (unsigned int)(p[0]);
1331	p++;
1332	param_len += i + 1;
1333	if (param_len > n) {
1334	al = SSL_AD_DECODE_ERROR;
1335	SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_BAD_SRP_S_LENGTH);
1336	goto f_err;
1337	}
1338	if (!(s->srp_ctx.s = BN_bin2bn(p, i, NULL))) {
1339	SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_BN_LIB);
1340	goto err;
1341	}
1342	p += i;
1343
1344	n2s(p, i);
1345	param_len += i + 2;
1346	if (param_len > n) {
1347	al = SSL_AD_DECODE_ERROR;
1348	SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_BAD_SRP_B_LENGTH);
1349	goto f_err;
1350	}
1351	if (!(s->srp_ctx.B = BN_bin2bn(p, i, NULL))) {
1352	SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_BN_LIB);
1353	goto err;
1354	}
1355	p += i;
1356	n -= param_len;
1357
1358	/* We must check if there is a certificate */
1359	#ifndef OPENSSL_NO_RSA
1360	if (alg_a & SSL_aRSA)
1361	pkey = X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509);
1362	#else
1363	if (0)
1364	;
1365	#endif
1366	#ifndef OPENSSL_NO_DSA
1367	else if (alg_a & SSL_aDSS)
1368	pkey = X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_DSA_SIGN].x509);
1369	#endif
1370	} else
1371	#endif /* !OPENSSL_NO_SRP */
1372	#ifndef OPENSSL_NO_RSA	1293	#ifndef OPENSSL_NO_RSA
1373	if (alg_k & SSL_kRSA) {	1294	if (alg_k & SSL_kRSA) {
1374	if ((rsa = RSA_new()) == NULL) {	1295	if ((rsa = RSA_new()) == NULL) {
@@ -2571,33 +2492,6 @@ ssl3_send_client_key_exchange(SSL *s)
2571	EVP_PKEY_free(pub_key);	2492	EVP_PKEY_free(pub_key);
2572		2493
2573	}	2494	}
2574	#ifndef OPENSSL_NO_SRP
2575	else if (alg_k & SSL_kSRP) {
2576	if (s->srp_ctx.A != NULL) {
2577	/* send off the data */
2578	n = BN_num_bytes(s->srp_ctx.A);
2579	s2n(n, p);
2580	BN_bn2bin(s->srp_ctx.A, p);
2581	n += 2;
2582	} else {
2583	SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
2584	goto err;
2585	}
2586	if (s->session->srp_username != NULL)
2587	OPENSSL_free(s->session->srp_username);
2588	s->session->srp_username = BUF_strdup(s->srp_ctx.login);
2589	if (s->session->srp_username == NULL) {
2590	SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
2591	ERR_R_MALLOC_FAILURE);
2592	goto err;
2593	}
2594
2595	if ((s->session->master_key_length = SRP_generate_client_master_secret(s, s->session->master_key)) < 0) {
2596	SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
2597	goto err;
2598	}
2599	}
2600	#endif
2601	#ifndef OPENSSL_NO_PSK	2495	#ifndef OPENSSL_NO_PSK
2602	else if (alg_k & SSL_kPSK) {	2496	else if (alg_k & SSL_kPSK) {
2603	char identity[PSK_MAX_IDENTITY_LEN];	2497	char identity[PSK_MAX_IDENTITY_LEN];