add back SRP. i was being too greedy.

author: tedu <> 2014-04-16 20:39:09 +0000
committer: tedu <> 2014-04-16 20:39:09 +0000
commit: 1d9e5d416109e403a58516c271238dbc839993a2 (patch)
tree: 761d3461cd8f278c74120d2836c29dd21dc95be6 /src/lib/libssl/t1_lib.c
parent: 73c9e533da75d578dfa576ec1e77e6ad916c409f (diff)
download: openbsd-1d9e5d416109e403a58516c271238dbc839993a2.tar.gz
openbsd-1d9e5d416109e403a58516c271238dbc839993a2.tar.bz2
openbsd-1d9e5d416109e403a58516c271238dbc839993a2.zip
1 files changed, 50 insertions, 0 deletions
diff --git a/src/lib/libssl/t1_lib.c b/src/lib/libssl/t1_lib.c
index c4eeb7a41d..c3d62957ae 100644
--- a/src/lib/libssl/t1_lib.c
+++ b/src/lib/libssl/t1_lib.c
@@ -427,6 +427,35 @@ unsigned char
                ret += el;
        }
+#ifndef OPENSSL_NO_SRP
+        /* Add SRP username if there is one */
+        if (s->srp_ctx.login != NULL)
+                        { /* Add TLS extension SRP username to the Client Hello message */
+                int login_len = strlen(s->srp_ctx.login);
+                if (login_len > 255 || login_len == 0) {
+                        SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, ERR_R_INTERNAL_ERROR);
+                        return NULL;
+                }
+                /* check for enough space.
+                   4 for the srp type type and entension length
+                   1 for the srp user identity
+                   + srp user identity length 
+                */
+                if ((limit - ret - 5 - login_len)
+                        < 0) return NULL;
+                /* fill in the extension */
+                s2n(TLSEXT_TYPE_srp, ret);
+                s2n(login_len + 1, ret);
+                (*ret++) = (unsigned char) login_len;
+                memcpy(ret, s->srp_ctx.login, login_len);
+                ret += login_len;
+        }
+#endif
 #ifndef OPENSSL_NO_EC
        if (s->tlsext_ecpointformatlist != NULL &&
@@ -1042,6 +1071,27 @@ ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d,
                        }
                }
+#ifndef OPENSSL_NO_SRP
+                else if (type == TLSEXT_TYPE_srp) {
+                        if (size <= 0 || ((len = data[0])) != (size - 1)) {
+                                *al = SSL_AD_DECODE_ERROR;
+                                return 0;
+                        }
+                        if (s->srp_ctx.login != NULL) {
+                                *al = SSL_AD_DECODE_ERROR;
+                                return 0;
+                        }
+                        if ((s->srp_ctx.login = OPENSSL_malloc(len + 1)) == NULL)
+                                return -1;
+                        memcpy(s->srp_ctx.login, &data[1], len);
+                        s->srp_ctx.login[len] = '\0';
+                        if (strlen(s->srp_ctx.login) != len) {
+                                *al = SSL_AD_DECODE_ERROR;
+                                return 0;
+                        }
+                }
+#endif
 #ifndef OPENSSL_NO_EC
                else if (type == TLSEXT_TYPE_ec_point_formats &&
author	tedu <>	2014-04-16 20:39:09 +0000
committer	tedu <>	2014-04-16 20:39:09 +0000
commit	1d9e5d416109e403a58516c271238dbc839993a2 (patch)
tree	761d3461cd8f278c74120d2836c29dd21dc95be6 /src/lib/libssl/t1_lib.c
parent	73c9e533da75d578dfa576ec1e77e6ad916c409f (diff)
download	openbsd-1d9e5d416109e403a58516c271238dbc839993a2.tar.gz openbsd-1d9e5d416109e403a58516c271238dbc839993a2.tar.bz2 openbsd-1d9e5d416109e403a58516c271238dbc839993a2.zip

diff --git a/src/lib/libssl/t1_lib.c b/src/lib/libssl/t1_lib.c index c4eeb7a41d..c3d62957ae 100644 --- a/src/lib/libssl/t1_lib.c +++ b/src/lib/libssl/t1_lib.c
@@ -427,6 +427,35 @@ unsigned char
427	ret += el;	427	ret += el;
428	}	428	}
429		429
		430	#ifndef OPENSSL_NO_SRP
		431	/* Add SRP username if there is one */
		432	if (s->srp_ctx.login != NULL)
		433	{ /* Add TLS extension SRP username to the Client Hello message */
		434
		435	int login_len = strlen(s->srp_ctx.login);
		436
		437	if (login_len > 255 \|\| login_len == 0) {
		438	SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, ERR_R_INTERNAL_ERROR);
		439	return NULL;
		440	}
		441
		442	/* check for enough space.
		443	4 for the srp type type and entension length
		444	1 for the srp user identity
		445	+ srp user identity length
		446	*/
		447	if ((limit - ret - 5 - login_len)
		448	< 0) return NULL;
		449
		450
		451	/* fill in the extension */
		452	s2n(TLSEXT_TYPE_srp, ret);
		453	s2n(login_len + 1, ret);
		454	(*ret++) = (unsigned char) login_len;
		455	memcpy(ret, s->srp_ctx.login, login_len);
		456	ret += login_len;
		457	}
		458	#endif
430		459
431	#ifndef OPENSSL_NO_EC	460	#ifndef OPENSSL_NO_EC
432	if (s->tlsext_ecpointformatlist != NULL &&	461	if (s->tlsext_ecpointformatlist != NULL &&
@@ -1042,6 +1071,27 @@ ssl_parse_clienthello_tlsext(SSL s, unsigned char p, unsigned char d,
1042	}	1071	}
1043		1072
1044	}	1073	}
		1074	#ifndef OPENSSL_NO_SRP
		1075	else if (type == TLSEXT_TYPE_srp) {
		1076	if (size <= 0 \|\| ((len = data[0])) != (size - 1)) {
		1077	*al = SSL_AD_DECODE_ERROR;
		1078	return 0;
		1079	}
		1080	if (s->srp_ctx.login != NULL) {
		1081	*al = SSL_AD_DECODE_ERROR;
		1082	return 0;
		1083	}
		1084	if ((s->srp_ctx.login = OPENSSL_malloc(len + 1)) == NULL)
		1085	return -1;
		1086	memcpy(s->srp_ctx.login, &data[1], len);
		1087	s->srp_ctx.login[len] = '\0';
		1088
		1089	if (strlen(s->srp_ctx.login) != len) {
		1090	*al = SSL_AD_DECODE_ERROR;
		1091	return 0;
		1092	}
		1093	}
		1094	#endif
1045		1095
1046	#ifndef OPENSSL_NO_EC	1096	#ifndef OPENSSL_NO_EC
1047	else if (type == TLSEXT_TYPE_ec_point_formats &&	1097	else if (type == TLSEXT_TYPE_ec_point_formats &&