Remove SRP and Kerberos support from libssl. These are complex protocols

all on their own and we can't effectively maintain them without using them, which we don't. If the need arises, the code can be resurrected.
author: tedu <> 2014-05-05 15:03:22 +0000
committer: tedu <> 2014-05-05 15:03:22 +0000
commit: 5b4326f23352be2e7084f2020795d8aa042c746f (patch)
tree: c342d9903092a19dfda173837629fd04c429eda9 /src/lib/libssl/s3_srvr.c
parent: 77dd1ca11ad22b323b27beea447edd1e35c3b24e (diff)
download: openbsd-5b4326f23352be2e7084f2020795d8aa042c746f.tar.gz
openbsd-5b4326f23352be2e7084f2020795d8aa042c746f.tar.bz2
openbsd-5b4326f23352be2e7084f2020795d8aa042c746f.zip
1 files changed, 0 insertions, 317 deletions
diff --git a/src/lib/libssl/s3_srvr.c b/src/lib/libssl/s3_srvr.c
index 6d8ccd66b7..081aebf1f5 100644
--- a/src/lib/libssl/s3_srvr.c
+++ b/src/lib/libssl/s3_srvr.c
@@ -164,9 +164,6 @@
 #include <openssl/dh.h>
 #endif
 #include <openssl/bn.h>
-#ifndef OPENSSL_NO_KRB5
-#include <openssl/krb5_asn.h>
-#endif
 #include <openssl/md5.h>
 static const SSL_METHOD *ssl3_get_server_method(int ver);
@@ -179,30 +176,6 @@ ssl3_get_server_method(int ver)
        return (NULL);
 }
-#ifndef OPENSSL_NO_SRP
-static int
-ssl_check_srp_ext_ClientHello(SSL *s, int *al)
-{
-        int ret = SSL_ERROR_NONE;
-        *al = SSL_AD_UNRECOGNIZED_NAME;
-        if ((s->s3->tmp.new_cipher->algorithm_mkey & SSL_kSRP) &&
-                (s->srp_ctx.TLS_ext_srp_username_callback != NULL)) {
-                if (s->srp_ctx.login == NULL) {
-                        /*
-                         * RFC 5054 says SHOULD reject,
-                         * we do so if There is no srp login name
-                         */
-                        ret = SSL3_AL_FATAL;
-                        *al = SSL_AD_UNKNOWN_PSK_IDENTITY;
-                } else {
-                        ret = SSL_srp_server_param_with_username(s, al);
-                }
-        }
-        return (ret);
-}
-#endif
 IMPLEMENT_ssl3_meth_func(SSLv3_server_method,
    ssl3_accept, ssl_undefined_function, ssl3_get_server_method)
@@ -342,39 +315,6 @@ ssl3_accept(SSL *s)
                                if (ret <= 0)
                                        goto end;
                        }
-#ifndef OPENSSL_NO_SRP
-                        {
-                                int al;
-                                if ((ret =
-                                    ssl_check_srp_ext_ClientHello(s, &al))
-                                    < 0) {
-                                        /*
-                                         * Callback indicates further work to
-                                         * be done.
-                                         */
-                                        s->rwstate = SSL_X509_LOOKUP;
-                                        goto end;
-                                }
-                                if (ret != SSL_ERROR_NONE) {
-                                        ssl3_send_alert(s, SSL3_AL_FATAL, al);
-                                        /*
-                                         * This is not really an error but the
-                                         * only means for a client to detect
-                                         * whether srp is supported.
-                                         */
-                                        if (al != TLS1_AD_UNKNOWN_PSK_IDENTITY)
-                                                SSLerr(SSL_F_SSL3_ACCEPT,
-                                                    SSL_R_CLIENTHELLO_TLSEXT);
-                                        ret = SSL_TLSEXT_ERR_ALERT_FATAL;
-                                        ret = -1;
-                                        goto end;
-                                }
-                        }
-#endif          
                        s->renegotiate = 2;
                        s->state = SSL3_ST_SW_SRVR_HELLO_A;
@@ -441,9 +381,6 @@ ssl3_accept(SSL *s)
                         * send_server_key_exchange.
                         */
                        if ((s->options & SSL_OP_EPHEMERAL_RSA)
-#ifndef OPENSSL_NO_KRB5
-                            && !(alg_k & SSL_kKRB5)
-#endif /* OPENSSL_NO_KRB5 */
                            )
                                /*
                                 * option SSL_OP_EPHEMERAL_RSA sends temporary
@@ -473,10 +410,6 @@ ssl3_accept(SSL *s)
 #ifndef OPENSSL_NO_PSK
                            || ((alg_k & SSL_kPSK) && s->ctx->psk_identity_hint)
 #endif
-#ifndef OPENSSL_NO_SRP
-                        /* SRP: send ServerKeyExchange */
-                            || (alg_k & SSL_kSRP)
-#endif
                            || (alg_k & (SSL_kDHr|SSL_kDHd|SSL_kEDH))
                            || (alg_k & SSL_kEECDH)
                            || ((alg_k & SSL_kRSA)
@@ -1796,20 +1729,6 @@ ssl3_send_server_key_exchange(SSL *s)
                        n += 2 + pskhintlen;
                } else
 #endif /* !OPENSSL_NO_PSK */
-#ifndef OPENSSL_NO_SRP
-                if (type & SSL_kSRP) {
-                        if ((s->srp_ctx.N == NULL) || (s->srp_ctx.g == NULL) ||
-                            (s->srp_ctx.s == NULL) || (s->srp_ctx.B == NULL)) {
-                                SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,
-                                    SSL_R_MISSING_SRP_PARAM);
-                                goto err;
-                        }
-                        r[0] = s->srp_ctx.N;
-                        r[1] = s->srp_ctx.g;
-                        r[2] = s->srp_ctx.s;
-                        r[3] = s->srp_ctx.B;
-                } else
-#endif
                {
                        al = SSL_AD_HANDSHAKE_FAILURE;
                        SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,
@@ -1818,11 +1737,6 @@ ssl3_send_server_key_exchange(SSL *s)
                }
                for (i = 0; i < 4 && r[i] != NULL; i++) {
                        nr[i] = BN_num_bytes(r[i]);
-#ifndef OPENSSL_NO_SRP
-                        if ((i == 2) && (type & SSL_kSRP))
-                                n += 1 + nr[i];
-                        else
-#endif
                        n += 2 + nr[i];
                }
@@ -1848,12 +1762,6 @@ ssl3_send_server_key_exchange(SSL *s)
                p = &(d[4]);
                for (i = 0; i < 4 && r[i] != NULL; i++) {
-#ifndef OPENSSL_NO_SRP
-                        if ((i == 2) && (type & SSL_kSRP)) {
-                                *p = nr[i];
-                                p++;
-                        } else
-#endif
                        s2n(nr[i], p);
                        BN_bn2bin(r[i], p);
                        p += nr[i];
@@ -2112,9 +2020,6 @@ ssl3_get_client_key_exchange(SSL *s)
        BIGNUM *pub = NULL;
        DH *dh_srvr;
 #endif
-#ifndef OPENSSL_NO_KRB5
-        KSSL_ERR kssl_err;
-#endif /* OPENSSL_NO_KRB5 */
 #ifndef OPENSSL_NO_ECDH
        EC_KEY *srvr_ecdh = NULL;
@@ -2299,191 +2204,6 @@ ssl3_get_client_key_exchange(SSL *s)
                OPENSSL_cleanse(p, i);
        } else
 #endif
-#ifndef OPENSSL_NO_KRB5
-        if (alg_k & SSL_kKRB5) {
-                krb5_error_code         krb5rc;
-                krb5_data               enc_ticket;
-                krb5_data               authenticator;
-                krb5_data               enc_pms;
-                KSSL_CTX                *kssl_ctx = s->kssl_ctx;
-                EVP_CIPHER_CTX          ciph_ctx;
-                const EVP_CIPHER        *enc = NULL;
-                unsigned char           iv[EVP_MAX_IV_LENGTH];
-                unsigned char           pms[SSL_MAX_MASTER_KEY_LENGTH
-                + EVP_MAX_BLOCK_LENGTH];
-                int                  padl, outl;
-                krb5_timestamp          authtime = 0;
-                krb5_ticket_times       ttimes;
-                EVP_CIPHER_CTX_init(&ciph_ctx);
-                if (!kssl_ctx)
-                        kssl_ctx = kssl_ctx_new();
-                n2s(p, i);
-                enc_ticket.length = i;
-                if (n < (long)(enc_ticket.length + 6)) {
-                        SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
-                            SSL_R_DATA_LENGTH_TOO_LONG);
-                        goto err;
-                }
-                enc_ticket.data = (char *)p;
-                p += enc_ticket.length;
-                n2s(p, i);
-                authenticator.length = i;
-                if (n < (long)(enc_ticket.length + authenticator.length + 6)) {
-                        SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
-                            SSL_R_DATA_LENGTH_TOO_LONG);
-                        goto err;
-                }
-                authenticator.data = (char *)p;
-                p += authenticator.length;
-                n2s(p, i);
-                enc_pms.length = i;
-                enc_pms.data = (char *)p;
-                p += enc_pms.length;
-                /*
-                 * Note that the length is checked again below,
-                 * after decryption
-                 */
-                if (enc_pms.length > sizeof pms) {
-                        SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
-                            SSL_R_DATA_LENGTH_TOO_LONG);
-                        goto err;
-                }
-                if (n != (long)(enc_ticket.length + authenticator.length +
-                    enc_pms.length + 6)) {
-                        SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
-                            SSL_R_DATA_LENGTH_TOO_LONG);
-                        goto err;
-                }
-                if ((krb5rc = kssl_sget_tkt(kssl_ctx, &enc_ticket, &ttimes,
-                    &kssl_err)) != 0) {
-#ifdef KSSL_DEBUG
-                        printf("kssl_sget_tkt rtn %d [%d]\n",
-                        krb5rc, kssl_err.reason);
-                        if (kssl_err.text)
-                                printf("kssl_err text= %s\n", kssl_err.text);
-#endif  /* KSSL_DEBUG */
-                        SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
-                        kssl_err.reason);
-                        goto err;
-                }
-                /*  Note: no authenticator is not considered an error,
-                **  but will return authtime == 0.
-                */
-                if ((krb5rc = kssl_check_authent(kssl_ctx, &authenticator,
-                    &authtime, &kssl_err)) != 0) {
-#ifdef KSSL_DEBUG
-                        printf("kssl_check_authent rtn %d [%d]\n",
-                        krb5rc, kssl_err.reason);
-                        if (kssl_err.text)
-                                printf("kssl_err text= %s\n", kssl_err.text);
-#endif  /* KSSL_DEBUG */
-                        SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
-                            kssl_err.reason);
-                        goto err;
-                }
-                if ((krb5rc = kssl_validate_times(authtime, &ttimes)) != 0) {
-                        SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
-                            krb5rc);
-                        goto err;
-                }
-#ifdef KSSL_DEBUG
-                kssl_ctx_show(kssl_ctx);
-#endif  /* KSSL_DEBUG */
-                enc = kssl_map_enc(kssl_ctx->enctype);
-                if (enc == NULL)
-                        goto err;
-                memset(iv, 0, sizeof iv);       /* per RFC 1510 */
-                if (!EVP_DecryptInit_ex(&ciph_ctx, enc, NULL,
-                    kssl_ctx->key, iv)) {
-                        SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
-                            SSL_R_DECRYPTION_FAILED);
-                        goto err;
-                }
-                if (!EVP_DecryptUpdate(&ciph_ctx, pms, &outl,
-                    (unsigned char *)enc_pms.data, enc_pms.length)) {
-                        SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
-                            SSL_R_DECRYPTION_FAILED);
-                        goto err;
-                }
-                if (outl > SSL_MAX_MASTER_KEY_LENGTH) {
-                        SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
-                            SSL_R_DATA_LENGTH_TOO_LONG);
-                        goto err;
-                }
-                if (!EVP_DecryptFinal_ex(&ciph_ctx, &(pms[outl]), &padl)) {
-                        SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
-                            SSL_R_DECRYPTION_FAILED);
-                        goto err;
-                }
-                outl += padl;
-                if (outl > SSL_MAX_MASTER_KEY_LENGTH) {
-                        SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
-                            SSL_R_DATA_LENGTH_TOO_LONG);
-                        goto err;
-                }
-                if (!((pms[0] == (s->client_version >> 8)) && (pms[1] == (s->client_version & 0xff)))) {
-                        /*
-                         * The premaster secret must contain the same version
-                         * number as the ClientHello to detect version rollback
-                         * attacks (strangely, the protocol does not offer such
-                         * protection for DH ciphersuites).
-                         * However, buggy clients exist that send random bytes
-                         * instead of the protocol version.
-                         *
-                         * If SSL_OP_TLS_ROLLBACK_BUG is set, tolerate such
-                         * clients.
-                         * (Perhaps we should have a separate BUG value for
-                         * the Kerberos cipher)
-                         */
-                        if (!(s->options & SSL_OP_TLS_ROLLBACK_BUG)) {
-                                SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
-                                    SSL_AD_DECODE_ERROR);
-                                goto err;
-                        }
-                }
-                EVP_CIPHER_CTX_cleanup(&ciph_ctx);
-                s->session->master_key_length =
-                s->method->ssl3_enc->generate_master_secret(s,
-                    s->session->master_key, pms, outl);
-                if (kssl_ctx->client_princ) {
-                        size_t len = strlen(kssl_ctx->client_princ);
-                        if (len < SSL_MAX_KRB5_PRINCIPAL_LENGTH ) {
-                                s->session->krb5_client_princ_len = len;
-                                memcpy(s->session->krb5_client_princ,
-                                    kssl_ctx->client_princ, len);
-                        }
-                }
-                /*
-                 * Was doing kssl_ctx_free() here, but it caused problems for
-                 * apache.
-                 * kssl_ctx = kssl_ctx_free(kssl_ctx);
-                 * if (s->kssl_ctx)  s->kssl_ctx = NULL;
-                 */
-        } else
-#endif  /* OPENSSL_NO_KRB5 */
 #ifndef OPENSSL_NO_ECDH
        if (alg_k & (SSL_kEECDH|SSL_kECDHr|SSL_kECDHe)) {
@@ -2717,43 +2437,6 @@ ssl3_get_client_key_exchange(SSL *s)
                        goto f_err;
        } else
 #endif
-#ifndef OPENSSL_NO_SRP
-        if (alg_k & SSL_kSRP) {
-                int param_len;
-                n2s(p, i);
-                param_len = i + 2;
-                if (param_len > n) {
-                        al = SSL_AD_DECODE_ERROR;
-                        SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
-                            SSL_R_BAD_SRP_A_LENGTH);
-                        goto f_err;
-                }
-                if (!(s->srp_ctx.A = BN_bin2bn(p, i, NULL))) {
-                        SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
-                            ERR_R_BN_LIB);
-                        goto err;
-                }
-                if (s->session->srp_username != NULL)
-                        free(s->session->srp_username);
-                s->session->srp_username = BUF_strdup(s->srp_ctx.login);
-                if (s->session->srp_username == NULL) {
-                        SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
-                            ERR_R_MALLOC_FAILURE);
-                        goto err;
-                }
-                if ((s->session->master_key_length =
-                    SRP_generate_server_master_secret(s,
-                    s->session->master_key)) < 0) {
-                        SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
-                            ERR_R_INTERNAL_ERROR);
-                        goto err;
-                }
-                p += i;
-        } else
-#endif  /* OPENSSL_NO_SRP */
        if (alg_k & SSL_kGOST) {
                int ret = 0;
                EVP_PKEY_CTX *pkey_ctx;
author	tedu <>	2014-05-05 15:03:22 +0000
committer	tedu <>	2014-05-05 15:03:22 +0000
commit	5b4326f23352be2e7084f2020795d8aa042c746f (patch)
tree	c342d9903092a19dfda173837629fd04c429eda9 /src/lib/libssl/s3_srvr.c
parent	77dd1ca11ad22b323b27beea447edd1e35c3b24e (diff)
download	openbsd-5b4326f23352be2e7084f2020795d8aa042c746f.tar.gz openbsd-5b4326f23352be2e7084f2020795d8aa042c746f.tar.bz2 openbsd-5b4326f23352be2e7084f2020795d8aa042c746f.zip

diff --git a/src/lib/libssl/s3_srvr.c b/src/lib/libssl/s3_srvr.c index 6d8ccd66b7..081aebf1f5 100644 --- a/src/lib/libssl/s3_srvr.c +++ b/src/lib/libssl/s3_srvr.c
@@ -164,9 +164,6 @@
164	#include <openssl/dh.h>	164	#include <openssl/dh.h>
165	#endif	165	#endif
166	#include <openssl/bn.h>	166	#include <openssl/bn.h>
167	#ifndef OPENSSL_NO_KRB5
168	#include <openssl/krb5_asn.h>
169	#endif
170	#include <openssl/md5.h>	167	#include <openssl/md5.h>
171		168
172	static const SSL_METHOD *ssl3_get_server_method(int ver);	169	static const SSL_METHOD *ssl3_get_server_method(int ver);
@@ -179,30 +176,6 @@ ssl3_get_server_method(int ver)
179	return (NULL);	176	return (NULL);
180	}	177	}
181		178
182	#ifndef OPENSSL_NO_SRP
183	static int
184	ssl_check_srp_ext_ClientHello(SSL s, int al)
185	{
186	int ret = SSL_ERROR_NONE;
187
188	*al = SSL_AD_UNRECOGNIZED_NAME;
189
190	if ((s->s3->tmp.new_cipher->algorithm_mkey & SSL_kSRP) &&
191	(s->srp_ctx.TLS_ext_srp_username_callback != NULL)) {
192	if (s->srp_ctx.login == NULL) {
193	/*
194	* RFC 5054 says SHOULD reject,
195	* we do so if There is no srp login name
196	*/
197	ret = SSL3_AL_FATAL;
198	*al = SSL_AD_UNKNOWN_PSK_IDENTITY;
199	} else {
200	ret = SSL_srp_server_param_with_username(s, al);
201	}
202	}
203	return (ret);
204	}
205	#endif
206		179
207	IMPLEMENT_ssl3_meth_func(SSLv3_server_method,	180	IMPLEMENT_ssl3_meth_func(SSLv3_server_method,
208	ssl3_accept, ssl_undefined_function, ssl3_get_server_method)	181	ssl3_accept, ssl_undefined_function, ssl3_get_server_method)
@@ -342,39 +315,6 @@ ssl3_accept(SSL *s)
342	if (ret <= 0)	315	if (ret <= 0)
343	goto end;	316	goto end;
344	}	317	}
345	#ifndef OPENSSL_NO_SRP
346	{
347	int al;
348	if ((ret =
349	ssl_check_srp_ext_ClientHello(s, &al))
350	< 0) {
351	/*
352	* Callback indicates further work to
353	* be done.
354	*/
355	s->rwstate = SSL_X509_LOOKUP;
356	goto end;
357	}
358	if (ret != SSL_ERROR_NONE) {
359	ssl3_send_alert(s, SSL3_AL_FATAL, al);
360
361	/*
362	* This is not really an error but the
363	* only means for a client to detect
364	* whether srp is supported.
365	*/
366	if (al != TLS1_AD_UNKNOWN_PSK_IDENTITY)
367	SSLerr(SSL_F_SSL3_ACCEPT,
368	SSL_R_CLIENTHELLO_TLSEXT);
369
370	ret = SSL_TLSEXT_ERR_ALERT_FATAL;
371
372	ret = -1;
373	goto end;
374
375	}
376	}
377	#endif
378		318
379	s->renegotiate = 2;	319	s->renegotiate = 2;
380	s->state = SSL3_ST_SW_SRVR_HELLO_A;	320	s->state = SSL3_ST_SW_SRVR_HELLO_A;
@@ -441,9 +381,6 @@ ssl3_accept(SSL *s)
441	* send_server_key_exchange.	381	* send_server_key_exchange.
442	*/	382	*/
443	if ((s->options & SSL_OP_EPHEMERAL_RSA)	383	if ((s->options & SSL_OP_EPHEMERAL_RSA)
444	#ifndef OPENSSL_NO_KRB5
445	&& !(alg_k & SSL_kKRB5)
446	#endif /* OPENSSL_NO_KRB5 */
447	)	384	)
448	/*	385	/*
449	* option SSL_OP_EPHEMERAL_RSA sends temporary	386	* option SSL_OP_EPHEMERAL_RSA sends temporary
@@ -473,10 +410,6 @@ ssl3_accept(SSL *s)
473	#ifndef OPENSSL_NO_PSK	410	#ifndef OPENSSL_NO_PSK
474	\|\| ((alg_k & SSL_kPSK) && s->ctx->psk_identity_hint)	411	\|\| ((alg_k & SSL_kPSK) && s->ctx->psk_identity_hint)
475	#endif	412	#endif
476	#ifndef OPENSSL_NO_SRP
477	/* SRP: send ServerKeyExchange */
478	\|\| (alg_k & SSL_kSRP)
479	#endif
480	\|\| (alg_k & (SSL_kDHr\|SSL_kDHd\|SSL_kEDH))	413	\|\| (alg_k & (SSL_kDHr\|SSL_kDHd\|SSL_kEDH))
481	\|\| (alg_k & SSL_kEECDH)	414	\|\| (alg_k & SSL_kEECDH)
482	\|\| ((alg_k & SSL_kRSA)	415	\|\| ((alg_k & SSL_kRSA)
@@ -1796,20 +1729,6 @@ ssl3_send_server_key_exchange(SSL *s)
1796	n += 2 + pskhintlen;	1729	n += 2 + pskhintlen;
1797	} else	1730	} else
1798	#endif /* !OPENSSL_NO_PSK */	1731	#endif /* !OPENSSL_NO_PSK */
1799	#ifndef OPENSSL_NO_SRP
1800	if (type & SSL_kSRP) {
1801	if ((s->srp_ctx.N == NULL) \|\| (s->srp_ctx.g == NULL) \|\|
1802	(s->srp_ctx.s == NULL) \|\| (s->srp_ctx.B == NULL)) {
1803	SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,
1804	SSL_R_MISSING_SRP_PARAM);
1805	goto err;
1806	}
1807	r[0] = s->srp_ctx.N;
1808	r[1] = s->srp_ctx.g;
1809	r[2] = s->srp_ctx.s;
1810	r[3] = s->srp_ctx.B;
1811	} else
1812	#endif
1813	{	1732	{
1814	al = SSL_AD_HANDSHAKE_FAILURE;	1733	al = SSL_AD_HANDSHAKE_FAILURE;
1815	SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,	1734	SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,
@@ -1818,11 +1737,6 @@ ssl3_send_server_key_exchange(SSL *s)
1818	}	1737	}
1819	for (i = 0; i < 4 && r[i] != NULL; i++) {	1738	for (i = 0; i < 4 && r[i] != NULL; i++) {
1820	nr[i] = BN_num_bytes(r[i]);	1739	nr[i] = BN_num_bytes(r[i]);
1821	#ifndef OPENSSL_NO_SRP
1822	if ((i == 2) && (type & SSL_kSRP))
1823	n += 1 + nr[i];
1824	else
1825	#endif
1826	n += 2 + nr[i];	1740	n += 2 + nr[i];
1827	}	1741	}
1828		1742
@@ -1848,12 +1762,6 @@ ssl3_send_server_key_exchange(SSL *s)
1848	p = &(d[4]);	1762	p = &(d[4]);
1849		1763
1850	for (i = 0; i < 4 && r[i] != NULL; i++) {	1764	for (i = 0; i < 4 && r[i] != NULL; i++) {
1851	#ifndef OPENSSL_NO_SRP
1852	if ((i == 2) && (type & SSL_kSRP)) {
1853	*p = nr[i];
1854	p++;
1855	} else
1856	#endif
1857	s2n(nr[i], p);	1765	s2n(nr[i], p);
1858	BN_bn2bin(r[i], p);	1766	BN_bn2bin(r[i], p);
1859	p += nr[i];	1767	p += nr[i];
@@ -2112,9 +2020,6 @@ ssl3_get_client_key_exchange(SSL *s)
2112	BIGNUM *pub = NULL;	2020	BIGNUM *pub = NULL;
2113	DH *dh_srvr;	2021	DH *dh_srvr;
2114	#endif	2022	#endif
2115	#ifndef OPENSSL_NO_KRB5
2116	KSSL_ERR kssl_err;
2117	#endif /* OPENSSL_NO_KRB5 */
2118		2023
2119	#ifndef OPENSSL_NO_ECDH	2024	#ifndef OPENSSL_NO_ECDH
2120	EC_KEY *srvr_ecdh = NULL;	2025	EC_KEY *srvr_ecdh = NULL;
@@ -2299,191 +2204,6 @@ ssl3_get_client_key_exchange(SSL *s)
2299	OPENSSL_cleanse(p, i);	2204	OPENSSL_cleanse(p, i);
2300	} else	2205	} else
2301	#endif	2206	#endif
2302	#ifndef OPENSSL_NO_KRB5
2303	if (alg_k & SSL_kKRB5) {
2304	krb5_error_code krb5rc;
2305	krb5_data enc_ticket;
2306	krb5_data authenticator;
2307	krb5_data enc_pms;
2308	KSSL_CTX *kssl_ctx = s->kssl_ctx;
2309	EVP_CIPHER_CTX ciph_ctx;
2310	const EVP_CIPHER *enc = NULL;
2311	unsigned char iv[EVP_MAX_IV_LENGTH];
2312	unsigned char pms[SSL_MAX_MASTER_KEY_LENGTH
2313	+ EVP_MAX_BLOCK_LENGTH];
2314	int padl, outl;
2315	krb5_timestamp authtime = 0;
2316	krb5_ticket_times ttimes;
2317
2318	EVP_CIPHER_CTX_init(&ciph_ctx);
2319
2320	if (!kssl_ctx)
2321	kssl_ctx = kssl_ctx_new();
2322
2323	n2s(p, i);
2324	enc_ticket.length = i;
2325
2326	if (n < (long)(enc_ticket.length + 6)) {
2327	SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
2328	SSL_R_DATA_LENGTH_TOO_LONG);
2329	goto err;
2330	}
2331
2332	enc_ticket.data = (char *)p;
2333	p += enc_ticket.length;
2334
2335	n2s(p, i);
2336	authenticator.length = i;
2337
2338	if (n < (long)(enc_ticket.length + authenticator.length + 6)) {
2339	SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
2340	SSL_R_DATA_LENGTH_TOO_LONG);
2341	goto err;
2342	}
2343
2344	authenticator.data = (char *)p;
2345	p += authenticator.length;
2346
2347	n2s(p, i);
2348	enc_pms.length = i;
2349	enc_pms.data = (char *)p;
2350	p += enc_pms.length;
2351
2352	/*
2353	* Note that the length is checked again below,
2354	* after decryption
2355	*/
2356	if (enc_pms.length > sizeof pms) {
2357	SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
2358	SSL_R_DATA_LENGTH_TOO_LONG);
2359	goto err;
2360	}
2361
2362	if (n != (long)(enc_ticket.length + authenticator.length +
2363	enc_pms.length + 6)) {
2364	SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
2365	SSL_R_DATA_LENGTH_TOO_LONG);
2366	goto err;
2367	}
2368
2369	if ((krb5rc = kssl_sget_tkt(kssl_ctx, &enc_ticket, &ttimes,
2370	&kssl_err)) != 0) {
2371	#ifdef KSSL_DEBUG
2372	printf("kssl_sget_tkt rtn %d [%d]\n",
2373	krb5rc, kssl_err.reason);
2374	if (kssl_err.text)
2375	printf("kssl_err text= %s\n", kssl_err.text);
2376	#endif /* KSSL_DEBUG */
2377	SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
2378	kssl_err.reason);
2379	goto err;
2380	}
2381
2382	/* Note: no authenticator is not considered an error,
2383	** but will return authtime == 0.
2384	*/
2385	if ((krb5rc = kssl_check_authent(kssl_ctx, &authenticator,
2386	&authtime, &kssl_err)) != 0) {
2387	#ifdef KSSL_DEBUG
2388	printf("kssl_check_authent rtn %d [%d]\n",
2389	krb5rc, kssl_err.reason);
2390	if (kssl_err.text)
2391	printf("kssl_err text= %s\n", kssl_err.text);
2392	#endif /* KSSL_DEBUG */
2393	SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
2394	kssl_err.reason);
2395	goto err;
2396	}
2397
2398	if ((krb5rc = kssl_validate_times(authtime, &ttimes)) != 0) {
2399	SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
2400	krb5rc);
2401	goto err;
2402	}
2403
2404	#ifdef KSSL_DEBUG
2405	kssl_ctx_show(kssl_ctx);
2406	#endif /* KSSL_DEBUG */
2407
2408	enc = kssl_map_enc(kssl_ctx->enctype);
2409	if (enc == NULL)
2410	goto err;
2411
2412	memset(iv, 0, sizeof iv); /* per RFC 1510 */
2413
2414	if (!EVP_DecryptInit_ex(&ciph_ctx, enc, NULL,
2415	kssl_ctx->key, iv)) {
2416	SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
2417	SSL_R_DECRYPTION_FAILED);
2418	goto err;
2419	}
2420	if (!EVP_DecryptUpdate(&ciph_ctx, pms, &outl,
2421	(unsigned char *)enc_pms.data, enc_pms.length)) {
2422	SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
2423	SSL_R_DECRYPTION_FAILED);
2424	goto err;
2425	}
2426	if (outl > SSL_MAX_MASTER_KEY_LENGTH) {
2427	SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
2428	SSL_R_DATA_LENGTH_TOO_LONG);
2429	goto err;
2430	}
2431	if (!EVP_DecryptFinal_ex(&ciph_ctx, &(pms[outl]), &padl)) {
2432	SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
2433	SSL_R_DECRYPTION_FAILED);
2434	goto err;
2435	}
2436	outl += padl;
2437	if (outl > SSL_MAX_MASTER_KEY_LENGTH) {
2438	SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
2439	SSL_R_DATA_LENGTH_TOO_LONG);
2440	goto err;
2441	}
2442	if (!((pms[0] == (s->client_version >> 8)) && (pms[1] == (s->client_version & 0xff)))) {
2443	/*
2444	* The premaster secret must contain the same version
2445	* number as the ClientHello to detect version rollback
2446	* attacks (strangely, the protocol does not offer such
2447	* protection for DH ciphersuites).
2448	* However, buggy clients exist that send random bytes
2449	* instead of the protocol version.
2450	*
2451	* If SSL_OP_TLS_ROLLBACK_BUG is set, tolerate such
2452	* clients.
2453	* (Perhaps we should have a separate BUG value for
2454	* the Kerberos cipher)
2455	*/
2456	if (!(s->options & SSL_OP_TLS_ROLLBACK_BUG)) {
2457	SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
2458	SSL_AD_DECODE_ERROR);
2459	goto err;
2460	}
2461	}
2462
2463	EVP_CIPHER_CTX_cleanup(&ciph_ctx);
2464
2465	s->session->master_key_length =
2466	s->method->ssl3_enc->generate_master_secret(s,
2467	s->session->master_key, pms, outl);
2468
2469	if (kssl_ctx->client_princ) {
2470	size_t len = strlen(kssl_ctx->client_princ);
2471	if (len < SSL_MAX_KRB5_PRINCIPAL_LENGTH ) {
2472	s->session->krb5_client_princ_len = len;
2473	memcpy(s->session->krb5_client_princ,
2474	kssl_ctx->client_princ, len);
2475	}
2476	}
2477
2478
2479	/*
2480	* Was doing kssl_ctx_free() here, but it caused problems for
2481	* apache.
2482	* kssl_ctx = kssl_ctx_free(kssl_ctx);
2483	* if (s->kssl_ctx) s->kssl_ctx = NULL;
2484	*/
2485	} else
2486	#endif /* OPENSSL_NO_KRB5 */
2487		2207
2488	#ifndef OPENSSL_NO_ECDH	2208	#ifndef OPENSSL_NO_ECDH
2489	if (alg_k & (SSL_kEECDH\|SSL_kECDHr\|SSL_kECDHe)) {	2209	if (alg_k & (SSL_kEECDH\|SSL_kECDHr\|SSL_kECDHe)) {
@@ -2717,43 +2437,6 @@ ssl3_get_client_key_exchange(SSL *s)
2717	goto f_err;	2437	goto f_err;
2718	} else	2438	} else
2719	#endif	2439	#endif
2720	#ifndef OPENSSL_NO_SRP
2721	if (alg_k & SSL_kSRP) {
2722	int param_len;
2723
2724	n2s(p, i);
2725	param_len = i + 2;
2726	if (param_len > n) {
2727	al = SSL_AD_DECODE_ERROR;
2728	SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
2729	SSL_R_BAD_SRP_A_LENGTH);
2730	goto f_err;
2731	}
2732	if (!(s->srp_ctx.A = BN_bin2bn(p, i, NULL))) {
2733	SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
2734	ERR_R_BN_LIB);
2735	goto err;
2736	}
2737	if (s->session->srp_username != NULL)
2738	free(s->session->srp_username);
2739	s->session->srp_username = BUF_strdup(s->srp_ctx.login);
2740	if (s->session->srp_username == NULL) {
2741	SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
2742	ERR_R_MALLOC_FAILURE);
2743	goto err;
2744	}
2745
2746	if ((s->session->master_key_length =
2747	SRP_generate_server_master_secret(s,
2748	s->session->master_key)) < 0) {
2749	SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
2750	ERR_R_INTERNAL_ERROR);
2751	goto err;
2752	}
2753
2754	p += i;
2755	} else
2756	#endif /* OPENSSL_NO_SRP */
2757	if (alg_k & SSL_kGOST) {	2440	if (alg_k & SSL_kGOST) {
2758	int ret = 0;	2441	int ret = 0;
2759	EVP_PKEY_CTX *pkey_ctx;	2442	EVP_PKEY_CTX *pkey_ctx;