add back SRP. i was being too greedy.

author: tedu <> 2014-04-16 20:39:09 +0000
committer: tedu <> 2014-04-16 20:39:09 +0000
commit: e7892d59587f55067ca2e2bc6fa26cf4bcd6c084 (patch)
tree: 761d3461cd8f278c74120d2836c29dd21dc95be6 /src/lib/libssl/s3_srvr.c
parent: 750d86a4fc04f53024575d65269281ea6c4e450c (diff)
download: openbsd-e7892d59587f55067ca2e2bc6fa26cf4bcd6c084.tar.gz
openbsd-e7892d59587f55067ca2e2bc6fa26cf4bcd6c084.tar.bz2
openbsd-e7892d59587f55067ca2e2bc6fa26cf4bcd6c084.zip
1 files changed, 122 insertions, 0 deletions
diff --git a/src/lib/libssl/s3_srvr.c b/src/lib/libssl/s3_srvr.c
index 1a924f828e..cc46e241d4 100644
--- a/src/lib/libssl/s3_srvr.c
+++ b/src/lib/libssl/s3_srvr.c
@@ -180,6 +180,28 @@ static const SSL_METHOD
                return (NULL);
 }
+#ifndef OPENSSL_NO_SRP
+static int
+ssl_check_srp_ext_ClientHello(SSL *s, int *al)
+{
+        int ret = SSL_ERROR_NONE;
+        *al = SSL_AD_UNRECOGNIZED_NAME;
+        if ((s->s3->tmp.new_cipher->algorithm_mkey & SSL_kSRP) &&
+                (s->srp_ctx.TLS_ext_srp_username_callback != NULL)) {
+                if (s->srp_ctx.login == NULL) {
+                        /* RFC 5054 says SHOULD reject, 
+                           we do so if There is no srp login name */
+                        ret = SSL3_AL_FATAL;
+                        *al = SSL_AD_UNKNOWN_PSK_IDENTITY;
+                } else {
+                        ret = SSL_srp_server_param_with_username(s, al);
+                }
+        }
+        return ret;
+}
+#endif
 IMPLEMENT_ssl3_meth_func(SSLv3_server_method,
    ssl3_accept, ssl_undefined_function, ssl3_get_server_method)
@@ -317,6 +339,39 @@ ssl3_accept(SSL *s)
                                if (ret <= 0)
                                        goto end;
                        }
+#ifndef OPENSSL_NO_SRP
+                        {
+                                int al;
+                                if ((ret =
+                                    ssl_check_srp_ext_ClientHello(s, &al)) 
+                                    < 0) {
+                                        /*
+                                         * Callback indicates further work to
+                                         * be done.
+                                         */
+                                        s->rwstate = SSL_X509_LOOKUP;
+                                        goto end;
+                                }
+                                if (ret != SSL_ERROR_NONE) {
+                                        ssl3_send_alert(s, SSL3_AL_FATAL, al);
+                                        /*
+                                         * This is not really an error but the
+                                         * only means for a client to detect
+                                         * whether srp is supported.
+                                         */
+                                        if (al != TLS1_AD_UNKNOWN_PSK_IDENTITY)
+                                                SSLerr(SSL_F_SSL3_ACCEPT,
+                                                    SSL_R_CLIENTHELLO_TLSEXT);
+                                        ret = SSL_TLSEXT_ERR_ALERT_FATAL;
+                                        ret = -1;
+                                        goto end;
+                                }
+                        }
+#endif          
                        s->renegotiate = 2;
                        s->state = SSL3_ST_SW_SRVR_HELLO_A;
@@ -415,6 +470,10 @@ ssl3_accept(SSL *s)
 #ifndef OPENSSL_NO_PSK
                            || ((alg_k & SSL_kPSK) && s->ctx->psk_identity_hint)
 #endif
+#ifndef OPENSSL_NO_SRP
+                        /* SRP: send ServerKeyExchange */
+                            || (alg_k & SSL_kSRP)
+#endif
                            || (alg_k & (SSL_kDHr|SSL_kDHd|SSL_kEDH))
                            || (alg_k & SSL_kEECDH)
                            || ((alg_k & SSL_kRSA)
@@ -1751,6 +1810,19 @@ ssl3_send_server_key_exchange(SSL *s)
                        n += 2 + pskhintlen;
                } else
 #endif /* !OPENSSL_NO_PSK */
+#ifndef OPENSSL_NO_SRP
+                if (type & SSL_kSRP) {
+                        if ((s->srp_ctx.N == NULL) || (s->srp_ctx.g == NULL) ||
+                            (s->srp_ctx.s == NULL) || (s->srp_ctx.B == NULL)) {
+                                SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, SSL_R_MISSING_SRP_PARAM);
+                                goto err;
+                        }
+                        r[0] = s->srp_ctx.N;
+                        r[1] = s->srp_ctx.g;
+                        r[2] = s->srp_ctx.s;
+                        r[3] = s->srp_ctx.B;
+                } else
+#endif
                {
                        al = SSL_AD_HANDSHAKE_FAILURE;
                        SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE);
@@ -1758,6 +1830,11 @@ ssl3_send_server_key_exchange(SSL *s)
                }
                for (i = 0; i < 4 && r[i] != NULL; i++) {
                        nr[i] = BN_num_bytes(r[i]);
+#ifndef OPENSSL_NO_SRP
+                        if ((i == 2) && (type & SSL_kSRP))
+                                n += 1 + nr[i];
+                        else
+#endif
                        n += 2 + nr[i];
                }
@@ -1783,6 +1860,12 @@ ssl3_send_server_key_exchange(SSL *s)
                p = &(d[4]);
                for (i = 0; i < 4 && r[i] != NULL; i++) {
+#ifndef OPENSSL_NO_SRP
+                        if ((i == 2) && (type & SSL_kSRP)) {
+                                *p = nr[i];
+                                p++;
+                        } else
+#endif
                        s2n(nr[i], p);
                        BN_bn2bin(r[i], p);
                        p += nr[i];
@@ -2651,6 +2734,43 @@ ssl3_get_client_key_exchange(SSL *s)
                        goto f_err;
        } else
 #endif
+#ifndef OPENSSL_NO_SRP
+        if (alg_k & SSL_kSRP) {
+                int param_len;
+                n2s(p, i);
+                param_len = i + 2;
+                if (param_len > n) {
+                        al = SSL_AD_DECODE_ERROR;
+                        SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
+                            SSL_R_BAD_SRP_A_LENGTH);
+                        goto f_err;
+                }
+                if (!(s->srp_ctx.A = BN_bin2bn(p, i, NULL))) {
+                        SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
+                            ERR_R_BN_LIB);
+                        goto err;
+                }
+                if (s->session->srp_username != NULL)
+                        OPENSSL_free(s->session->srp_username);
+                s->session->srp_username = BUF_strdup(s->srp_ctx.login);
+                if (s->session->srp_username == NULL) {
+                        SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
+                            ERR_R_MALLOC_FAILURE);
+                        goto err;
+                }
+                if ((s->session->master_key_length =
+                    SRP_generate_server_master_secret(s,
+                    s->session->master_key)) < 0) {
+                        SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
+                            ERR_R_INTERNAL_ERROR);
+                        goto err;
+                }
+                p += i;
+        } else
+#endif  /* OPENSSL_NO_SRP */
        if (alg_k & SSL_kGOST) {
                int ret = 0;
                EVP_PKEY_CTX *pkey_ctx;
@@ -2731,7 +2851,9 @@ ssl3_get_client_key_exchange(SSL *s)
        return (1);
 f_err:
        ssl3_send_alert(s, SSL3_AL_FATAL, al);
+#if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_RSA) || !defined(OPENSSL_NO_ECDH) || defined(OPENSSL_NO_SRP)
 err:
+#endif
 #ifndef OPENSSL_NO_ECDH
        EVP_PKEY_free(clnt_pub_pkey);
        EC_POINT_free(clnt_ecpoint);
author	tedu <>	2014-04-16 20:39:09 +0000
committer	tedu <>	2014-04-16 20:39:09 +0000
commit	e7892d59587f55067ca2e2bc6fa26cf4bcd6c084 (patch)
tree	761d3461cd8f278c74120d2836c29dd21dc95be6 /src/lib/libssl/s3_srvr.c
parent	750d86a4fc04f53024575d65269281ea6c4e450c (diff)
download	openbsd-e7892d59587f55067ca2e2bc6fa26cf4bcd6c084.tar.gz openbsd-e7892d59587f55067ca2e2bc6fa26cf4bcd6c084.tar.bz2 openbsd-e7892d59587f55067ca2e2bc6fa26cf4bcd6c084.zip

diff --git a/src/lib/libssl/s3_srvr.c b/src/lib/libssl/s3_srvr.c index 1a924f828e..cc46e241d4 100644 --- a/src/lib/libssl/s3_srvr.c +++ b/src/lib/libssl/s3_srvr.c
@@ -180,6 +180,28 @@ static const SSL_METHOD
180	return (NULL);	180	return (NULL);
181	}	181	}
182		182
		183	#ifndef OPENSSL_NO_SRP
		184	static int
		185	ssl_check_srp_ext_ClientHello(SSL s, int al)
		186	{
		187	int ret = SSL_ERROR_NONE;
		188
		189	*al = SSL_AD_UNRECOGNIZED_NAME;
		190
		191	if ((s->s3->tmp.new_cipher->algorithm_mkey & SSL_kSRP) &&
		192	(s->srp_ctx.TLS_ext_srp_username_callback != NULL)) {
		193	if (s->srp_ctx.login == NULL) {
		194	/* RFC 5054 says SHOULD reject,
		195	we do so if There is no srp login name */
		196	ret = SSL3_AL_FATAL;
		197	*al = SSL_AD_UNKNOWN_PSK_IDENTITY;
		198	} else {
		199	ret = SSL_srp_server_param_with_username(s, al);
		200	}
		201	}
		202	return ret;
		203	}
		204	#endif
183		205
184	IMPLEMENT_ssl3_meth_func(SSLv3_server_method,	206	IMPLEMENT_ssl3_meth_func(SSLv3_server_method,
185	ssl3_accept, ssl_undefined_function, ssl3_get_server_method)	207	ssl3_accept, ssl_undefined_function, ssl3_get_server_method)
@@ -317,6 +339,39 @@ ssl3_accept(SSL *s)
317	if (ret <= 0)	339	if (ret <= 0)
318	goto end;	340	goto end;
319	}	341	}
		342	#ifndef OPENSSL_NO_SRP
		343	{
		344	int al;
		345	if ((ret =
		346	ssl_check_srp_ext_ClientHello(s, &al))
		347	< 0) {
		348	/*
		349	* Callback indicates further work to
		350	* be done.
		351	*/
		352	s->rwstate = SSL_X509_LOOKUP;
		353	goto end;
		354	}
		355	if (ret != SSL_ERROR_NONE) {
		356	ssl3_send_alert(s, SSL3_AL_FATAL, al);
		357
		358	/*
		359	* This is not really an error but the
		360	* only means for a client to detect
		361	* whether srp is supported.
		362	*/
		363	if (al != TLS1_AD_UNKNOWN_PSK_IDENTITY)
		364	SSLerr(SSL_F_SSL3_ACCEPT,
		365	SSL_R_CLIENTHELLO_TLSEXT);
		366
		367	ret = SSL_TLSEXT_ERR_ALERT_FATAL;
		368
		369	ret = -1;
		370	goto end;
		371
		372	}
		373	}
		374	#endif
320		375
321	s->renegotiate = 2;	376	s->renegotiate = 2;
322	s->state = SSL3_ST_SW_SRVR_HELLO_A;	377	s->state = SSL3_ST_SW_SRVR_HELLO_A;
@@ -415,6 +470,10 @@ ssl3_accept(SSL *s)
415	#ifndef OPENSSL_NO_PSK	470	#ifndef OPENSSL_NO_PSK
416	\|\| ((alg_k & SSL_kPSK) && s->ctx->psk_identity_hint)	471	\|\| ((alg_k & SSL_kPSK) && s->ctx->psk_identity_hint)
417	#endif	472	#endif
		473	#ifndef OPENSSL_NO_SRP
		474	/* SRP: send ServerKeyExchange */
		475	\|\| (alg_k & SSL_kSRP)
		476	#endif
418	\|\| (alg_k & (SSL_kDHr\|SSL_kDHd\|SSL_kEDH))	477	\|\| (alg_k & (SSL_kDHr\|SSL_kDHd\|SSL_kEDH))
419	\|\| (alg_k & SSL_kEECDH)	478	\|\| (alg_k & SSL_kEECDH)
420	\|\| ((alg_k & SSL_kRSA)	479	\|\| ((alg_k & SSL_kRSA)
@@ -1751,6 +1810,19 @@ ssl3_send_server_key_exchange(SSL *s)
1751	n += 2 + pskhintlen;	1810	n += 2 + pskhintlen;
1752	} else	1811	} else
1753	#endif /* !OPENSSL_NO_PSK */	1812	#endif /* !OPENSSL_NO_PSK */
		1813	#ifndef OPENSSL_NO_SRP
		1814	if (type & SSL_kSRP) {
		1815	if ((s->srp_ctx.N == NULL) \|\| (s->srp_ctx.g == NULL) \|\|
		1816	(s->srp_ctx.s == NULL) \|\| (s->srp_ctx.B == NULL)) {
		1817	SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, SSL_R_MISSING_SRP_PARAM);
		1818	goto err;
		1819	}
		1820	r[0] = s->srp_ctx.N;
		1821	r[1] = s->srp_ctx.g;
		1822	r[2] = s->srp_ctx.s;
		1823	r[3] = s->srp_ctx.B;
		1824	} else
		1825	#endif
1754	{	1826	{
1755	al = SSL_AD_HANDSHAKE_FAILURE;	1827	al = SSL_AD_HANDSHAKE_FAILURE;
1756	SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE);	1828	SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE);
@@ -1758,6 +1830,11 @@ ssl3_send_server_key_exchange(SSL *s)
1758	}	1830	}
1759	for (i = 0; i < 4 && r[i] != NULL; i++) {	1831	for (i = 0; i < 4 && r[i] != NULL; i++) {
1760	nr[i] = BN_num_bytes(r[i]);	1832	nr[i] = BN_num_bytes(r[i]);
		1833	#ifndef OPENSSL_NO_SRP
		1834	if ((i == 2) && (type & SSL_kSRP))
		1835	n += 1 + nr[i];
		1836	else
		1837	#endif
1761	n += 2 + nr[i];	1838	n += 2 + nr[i];
1762	}	1839	}
1763		1840
@@ -1783,6 +1860,12 @@ ssl3_send_server_key_exchange(SSL *s)
1783	p = &(d[4]);	1860	p = &(d[4]);
1784		1861
1785	for (i = 0; i < 4 && r[i] != NULL; i++) {	1862	for (i = 0; i < 4 && r[i] != NULL; i++) {
		1863	#ifndef OPENSSL_NO_SRP
		1864	if ((i == 2) && (type & SSL_kSRP)) {
		1865	*p = nr[i];
		1866	p++;
		1867	} else
		1868	#endif
1786	s2n(nr[i], p);	1869	s2n(nr[i], p);
1787	BN_bn2bin(r[i], p);	1870	BN_bn2bin(r[i], p);
1788	p += nr[i];	1871	p += nr[i];
@@ -2651,6 +2734,43 @@ ssl3_get_client_key_exchange(SSL *s)
2651	goto f_err;	2734	goto f_err;
2652	} else	2735	} else
2653	#endif	2736	#endif
		2737	#ifndef OPENSSL_NO_SRP
		2738	if (alg_k & SSL_kSRP) {
		2739	int param_len;
		2740
		2741	n2s(p, i);
		2742	param_len = i + 2;
		2743	if (param_len > n) {
		2744	al = SSL_AD_DECODE_ERROR;
		2745	SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
		2746	SSL_R_BAD_SRP_A_LENGTH);
		2747	goto f_err;
		2748	}
		2749	if (!(s->srp_ctx.A = BN_bin2bn(p, i, NULL))) {
		2750	SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
		2751	ERR_R_BN_LIB);
		2752	goto err;
		2753	}
		2754	if (s->session->srp_username != NULL)
		2755	OPENSSL_free(s->session->srp_username);
		2756	s->session->srp_username = BUF_strdup(s->srp_ctx.login);
		2757	if (s->session->srp_username == NULL) {
		2758	SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
		2759	ERR_R_MALLOC_FAILURE);
		2760	goto err;
		2761	}
		2762
		2763	if ((s->session->master_key_length =
		2764	SRP_generate_server_master_secret(s,
		2765	s->session->master_key)) < 0) {
		2766	SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
		2767	ERR_R_INTERNAL_ERROR);
		2768	goto err;
		2769	}
		2770
		2771	p += i;
		2772	} else
		2773	#endif /* OPENSSL_NO_SRP */
2654	if (alg_k & SSL_kGOST) {	2774	if (alg_k & SSL_kGOST) {
2655	int ret = 0;	2775	int ret = 0;
2656	EVP_PKEY_CTX *pkey_ctx;	2776	EVP_PKEY_CTX *pkey_ctx;
@@ -2731,7 +2851,9 @@ ssl3_get_client_key_exchange(SSL *s)
2731	return (1);	2851	return (1);
2732	f_err:	2852	f_err:
2733	ssl3_send_alert(s, SSL3_AL_FATAL, al);	2853	ssl3_send_alert(s, SSL3_AL_FATAL, al);
		2854	#if !defined(OPENSSL_NO_DH) \|\| !defined(OPENSSL_NO_RSA) \|\| !defined(OPENSSL_NO_ECDH) \|\| defined(OPENSSL_NO_SRP)
2734	err:	2855	err:
		2856	#endif
2735	#ifndef OPENSSL_NO_ECDH	2857	#ifndef OPENSSL_NO_ECDH
2736	EVP_PKEY_free(clnt_pub_pkey);	2858	EVP_PKEY_free(clnt_pub_pkey);
2737	EC_POINT_free(clnt_ecpoint);	2859	EC_POINT_free(clnt_ecpoint);