summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authortedu <>2014-04-16 20:39:09 +0000
committertedu <>2014-04-16 20:39:09 +0000
commit1d9e5d416109e403a58516c271238dbc839993a2 (patch)
tree761d3461cd8f278c74120d2836c29dd21dc95be6 /src
parent73c9e533da75d578dfa576ec1e77e6ad916c409f (diff)
downloadopenbsd-1d9e5d416109e403a58516c271238dbc839993a2.tar.gz
openbsd-1d9e5d416109e403a58516c271238dbc839993a2.tar.bz2
openbsd-1d9e5d416109e403a58516c271238dbc839993a2.zip
add back SRP. i was being too greedy.
Diffstat (limited to 'src')
-rw-r--r--src/lib/libssl/s3_clnt.c106
-rw-r--r--src/lib/libssl/s3_lib.c209
-rw-r--r--src/lib/libssl/s3_srvr.c122
-rw-r--r--src/lib/libssl/src/ssl/s3_clnt.c106
-rw-r--r--src/lib/libssl/src/ssl/s3_lib.c209
-rw-r--r--src/lib/libssl/src/ssl/s3_srvr.c122
-rw-r--r--src/lib/libssl/src/ssl/ssl.h63
-rw-r--r--src/lib/libssl/src/ssl/ssl_asn1.c33
-rw-r--r--src/lib/libssl/src/ssl/ssl_ciph.c2
-rw-r--r--src/lib/libssl/src/ssl/ssl_lib.c6
-rw-r--r--src/lib/libssl/src/ssl/ssl_sess.c7
-rw-r--r--src/lib/libssl/src/ssl/ssl_txt.c6
-rw-r--r--src/lib/libssl/src/ssl/ssltest.c83
-rw-r--r--src/lib/libssl/src/ssl/t1_lib.c50
-rw-r--r--src/lib/libssl/src/ssl/tls_srp.c511
-rw-r--r--src/lib/libssl/ssl.h63
-rw-r--r--src/lib/libssl/ssl/Makefile4
-rw-r--r--src/lib/libssl/ssl_asn1.c33
-rw-r--r--src/lib/libssl/ssl_ciph.c2
-rw-r--r--src/lib/libssl/ssl_lib.c6
-rw-r--r--src/lib/libssl/ssl_sess.c7
-rw-r--r--src/lib/libssl/ssl_txt.c6
-rw-r--r--src/lib/libssl/t1_lib.c50
23 files changed, 1804 insertions, 2 deletions
diff --git a/src/lib/libssl/s3_clnt.c b/src/lib/libssl/s3_clnt.c
index 1589cdc21e..88be294ab7 100644
--- a/src/lib/libssl/s3_clnt.c
+++ b/src/lib/libssl/s3_clnt.c
@@ -365,6 +365,15 @@ ssl3_connect(SSL *s)
365 ret = ssl3_get_server_done(s); 365 ret = ssl3_get_server_done(s);
366 if (ret <= 0) 366 if (ret <= 0)
367 goto end; 367 goto end;
368#ifndef OPENSSL_NO_SRP
369 if (s->s3->tmp.new_cipher->algorithm_mkey & SSL_kSRP) {
370 if ((ret = SRP_Calc_A_param(s)) <= 0) {
371 SSLerr(SSL_F_SSL3_CONNECT, SSL_R_SRP_A_CALC);
372 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
373 goto end;
374 }
375 }
376#endif
368 if (s->s3->tmp.cert_req) 377 if (s->s3->tmp.cert_req)
369 s->state = SSL3_ST_CW_CERT_A; 378 s->state = SSL3_ST_CW_CERT_A;
370 else 379 else
@@ -1290,6 +1299,76 @@ ssl3_get_key_exchange(SSL *s)
1290 n -= param_len; 1299 n -= param_len;
1291 } else 1300 } else
1292#endif /* !OPENSSL_NO_PSK */ 1301#endif /* !OPENSSL_NO_PSK */
1302#ifndef OPENSSL_NO_SRP
1303 if (alg_k & SSL_kSRP) {
1304 n2s(p, i);
1305 param_len = i + 2;
1306 if (param_len > n) {
1307 al = SSL_AD_DECODE_ERROR;
1308 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_BAD_SRP_N_LENGTH);
1309 goto f_err;
1310 }
1311 if (!(s->srp_ctx.N = BN_bin2bn(p, i, NULL))) {
1312 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_BN_LIB);
1313 goto err;
1314 }
1315 p += i;
1316
1317 n2s(p, i);
1318 param_len += i + 2;
1319 if (param_len > n) {
1320 al = SSL_AD_DECODE_ERROR;
1321 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_BAD_SRP_G_LENGTH);
1322 goto f_err;
1323 }
1324 if (!(s->srp_ctx.g = BN_bin2bn(p, i, NULL))) {
1325 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_BN_LIB);
1326 goto err;
1327 }
1328 p += i;
1329
1330 i = (unsigned int)(p[0]);
1331 p++;
1332 param_len += i + 1;
1333 if (param_len > n) {
1334 al = SSL_AD_DECODE_ERROR;
1335 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_BAD_SRP_S_LENGTH);
1336 goto f_err;
1337 }
1338 if (!(s->srp_ctx.s = BN_bin2bn(p, i, NULL))) {
1339 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_BN_LIB);
1340 goto err;
1341 }
1342 p += i;
1343
1344 n2s(p, i);
1345 param_len += i + 2;
1346 if (param_len > n) {
1347 al = SSL_AD_DECODE_ERROR;
1348 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_BAD_SRP_B_LENGTH);
1349 goto f_err;
1350 }
1351 if (!(s->srp_ctx.B = BN_bin2bn(p, i, NULL))) {
1352 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_BN_LIB);
1353 goto err;
1354 }
1355 p += i;
1356 n -= param_len;
1357
1358/* We must check if there is a certificate */
1359#ifndef OPENSSL_NO_RSA
1360 if (alg_a & SSL_aRSA)
1361 pkey = X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509);
1362#else
1363 if (0)
1364;
1365#endif
1366#ifndef OPENSSL_NO_DSA
1367 else if (alg_a & SSL_aDSS)
1368 pkey = X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_DSA_SIGN].x509);
1369#endif
1370 } else
1371#endif /* !OPENSSL_NO_SRP */
1293#ifndef OPENSSL_NO_RSA 1372#ifndef OPENSSL_NO_RSA
1294 if (alg_k & SSL_kRSA) { 1373 if (alg_k & SSL_kRSA) {
1295 if ((rsa = RSA_new()) == NULL) { 1374 if ((rsa = RSA_new()) == NULL) {
@@ -2492,6 +2571,33 @@ ssl3_send_client_key_exchange(SSL *s)
2492 EVP_PKEY_free(pub_key); 2571 EVP_PKEY_free(pub_key);
2493 2572
2494 } 2573 }
2574#ifndef OPENSSL_NO_SRP
2575 else if (alg_k & SSL_kSRP) {
2576 if (s->srp_ctx.A != NULL) {
2577 /* send off the data */
2578 n = BN_num_bytes(s->srp_ctx.A);
2579 s2n(n, p);
2580 BN_bn2bin(s->srp_ctx.A, p);
2581 n += 2;
2582 } else {
2583 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
2584 goto err;
2585 }
2586 if (s->session->srp_username != NULL)
2587 OPENSSL_free(s->session->srp_username);
2588 s->session->srp_username = BUF_strdup(s->srp_ctx.login);
2589 if (s->session->srp_username == NULL) {
2590 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
2591 ERR_R_MALLOC_FAILURE);
2592 goto err;
2593 }
2594
2595 if ((s->session->master_key_length = SRP_generate_client_master_secret(s, s->session->master_key)) < 0) {
2596 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
2597 goto err;
2598 }
2599 }
2600#endif
2495#ifndef OPENSSL_NO_PSK 2601#ifndef OPENSSL_NO_PSK
2496 else if (alg_k & SSL_kPSK) { 2602 else if (alg_k & SSL_kPSK) {
2497 char identity[PSK_MAX_IDENTITY_LEN]; 2603 char identity[PSK_MAX_IDENTITY_LEN];
diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c
index f56dbe26d7..68a4b8ca2d 100644
--- a/src/lib/libssl/s3_lib.c
+++ b/src/lib/libssl/s3_lib.c
@@ -2419,6 +2419,151 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
2419 }, 2419 },
2420#endif /* OPENSSL_NO_ECDH */ 2420#endif /* OPENSSL_NO_ECDH */
2421 2421
2422#ifndef OPENSSL_NO_SRP
2423 /* Cipher C01A */
2424 {
2425 1,
2426 TLS1_TXT_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
2427 TLS1_CK_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
2428 SSL_kSRP,
2429 SSL_aNULL,
2430 SSL_3DES,
2431 SSL_SHA1,
2432 SSL_TLSV1,
2433 SSL_NOT_EXP|SSL_HIGH,
2434 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2435 168,
2436 168,
2437 },
2438
2439 /* Cipher C01B */
2440 {
2441 1,
2442 TLS1_TXT_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA,
2443 TLS1_CK_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA,
2444 SSL_kSRP,
2445 SSL_aRSA,
2446 SSL_3DES,
2447 SSL_SHA1,
2448 SSL_TLSV1,
2449 SSL_NOT_EXP|SSL_HIGH,
2450 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2451 168,
2452 168,
2453 },
2454
2455 /* Cipher C01C */
2456 {
2457 1,
2458 TLS1_TXT_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA,
2459 TLS1_CK_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA,
2460 SSL_kSRP,
2461 SSL_aDSS,
2462 SSL_3DES,
2463 SSL_SHA1,
2464 SSL_TLSV1,
2465 SSL_NOT_EXP|SSL_HIGH,
2466 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2467 168,
2468 168,
2469 },
2470
2471 /* Cipher C01D */
2472 {
2473 1,
2474 TLS1_TXT_SRP_SHA_WITH_AES_128_CBC_SHA,
2475 TLS1_CK_SRP_SHA_WITH_AES_128_CBC_SHA,
2476 SSL_kSRP,
2477 SSL_aNULL,
2478 SSL_AES128,
2479 SSL_SHA1,
2480 SSL_TLSV1,
2481 SSL_NOT_EXP|SSL_HIGH,
2482 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2483 128,
2484 128,
2485 },
2486
2487 /* Cipher C01E */
2488 {
2489 1,
2490 TLS1_TXT_SRP_SHA_RSA_WITH_AES_128_CBC_SHA,
2491 TLS1_CK_SRP_SHA_RSA_WITH_AES_128_CBC_SHA,
2492 SSL_kSRP,
2493 SSL_aRSA,
2494 SSL_AES128,
2495 SSL_SHA1,
2496 SSL_TLSV1,
2497 SSL_NOT_EXP|SSL_HIGH,
2498 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2499 128,
2500 128,
2501 },
2502
2503 /* Cipher C01F */
2504 {
2505 1,
2506 TLS1_TXT_SRP_SHA_DSS_WITH_AES_128_CBC_SHA,
2507 TLS1_CK_SRP_SHA_DSS_WITH_AES_128_CBC_SHA,
2508 SSL_kSRP,
2509 SSL_aDSS,
2510 SSL_AES128,
2511 SSL_SHA1,
2512 SSL_TLSV1,
2513 SSL_NOT_EXP|SSL_HIGH,
2514 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2515 128,
2516 128,
2517 },
2518
2519 /* Cipher C020 */
2520 {
2521 1,
2522 TLS1_TXT_SRP_SHA_WITH_AES_256_CBC_SHA,
2523 TLS1_CK_SRP_SHA_WITH_AES_256_CBC_SHA,
2524 SSL_kSRP,
2525 SSL_aNULL,
2526 SSL_AES256,
2527 SSL_SHA1,
2528 SSL_TLSV1,
2529 SSL_NOT_EXP|SSL_HIGH,
2530 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2531 256,
2532 256,
2533 },
2534
2535 /* Cipher C021 */
2536 {
2537 1,
2538 TLS1_TXT_SRP_SHA_RSA_WITH_AES_256_CBC_SHA,
2539 TLS1_CK_SRP_SHA_RSA_WITH_AES_256_CBC_SHA,
2540 SSL_kSRP,
2541 SSL_aRSA,
2542 SSL_AES256,
2543 SSL_SHA1,
2544 SSL_TLSV1,
2545 SSL_NOT_EXP|SSL_HIGH,
2546 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2547 256,
2548 256,
2549 },
2550
2551 /* Cipher C022 */
2552 {
2553 1,
2554 TLS1_TXT_SRP_SHA_DSS_WITH_AES_256_CBC_SHA,
2555 TLS1_CK_SRP_SHA_DSS_WITH_AES_256_CBC_SHA,
2556 SSL_kSRP,
2557 SSL_aDSS,
2558 SSL_AES256,
2559 SSL_SHA1,
2560 SSL_TLSV1,
2561 SSL_NOT_EXP|SSL_HIGH,
2562 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2563 256,
2564 256,
2565 },
2566#endif /* OPENSSL_NO_SRP */
2422#ifndef OPENSSL_NO_ECDH 2567#ifndef OPENSSL_NO_ECDH
2423 2568
2424 /* HMAC based TLS v1.2 ciphersuites from RFC5289 */ 2569 /* HMAC based TLS v1.2 ciphersuites from RFC5289 */
@@ -2808,6 +2953,9 @@ ssl3_new(SSL *s)
2808 2953
2809 s->s3 = s3; 2954 s->s3 = s3;
2810 2955
2956#ifndef OPENSSL_NO_SRP
2957 SSL_SRP_CTX_init(s);
2958#endif
2811 s->method->ssl_clear(s); 2959 s->method->ssl_clear(s);
2812 return (1); 2960 return (1);
2813err: 2961err:
@@ -2850,6 +2998,9 @@ ssl3_free(SSL *s)
2850 } 2998 }
2851 if (s->s3->handshake_dgst) 2999 if (s->s3->handshake_dgst)
2852 ssl3_free_digest_list(s); 3000 ssl3_free_digest_list(s);
3001#ifndef OPENSSL_NO_SRP
3002 SSL_SRP_CTX_free(s);
3003#endif
2853 OPENSSL_cleanse(s->s3, sizeof *s->s3); 3004 OPENSSL_cleanse(s->s3, sizeof *s->s3);
2854 OPENSSL_free(s->s3); 3005 OPENSSL_free(s->s3);
2855 s->s3 = NULL; 3006 s->s3 = NULL;
@@ -2934,6 +3085,13 @@ ssl3_clear(SSL *s)
2934#endif 3085#endif
2935} 3086}
2936 3087
3088#ifndef OPENSSL_NO_SRP
3089static char *
3090srp_password_from_info_cb(SSL *s, void *arg)
3091{
3092 return BUF_strdup(s->srp_ctx.info);
3093}
3094#endif
2937 3095
2938long 3096long
2939ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) 3097ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
@@ -3375,6 +3533,36 @@ ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
3375 return 1; 3533 return 1;
3376 break; 3534 break;
3377 3535
3536#ifndef OPENSSL_NO_SRP
3537 case SSL_CTRL_SET_TLS_EXT_SRP_USERNAME:
3538 ctx->srp_ctx.srp_Mask|=SSL_kSRP;
3539 if (ctx->srp_ctx.login != NULL)
3540 OPENSSL_free(ctx->srp_ctx.login);
3541 ctx->srp_ctx.login = NULL;
3542 if (parg == NULL)
3543 break;
3544 if (strlen((const char *)parg) > 255 || strlen((const char *)parg) < 1) {
3545 SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_INVALID_SRP_USERNAME);
3546 return 0;
3547 }
3548 if ((ctx->srp_ctx.login = BUF_strdup((char *)parg)) == NULL) {
3549 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_INTERNAL_ERROR);
3550 return 0;
3551 }
3552 break;
3553 case SSL_CTRL_SET_TLS_EXT_SRP_PASSWORD:
3554 ctx->srp_ctx.SRP_give_srp_client_pwd_callback = srp_password_from_info_cb;
3555 ctx->srp_ctx.info = parg;
3556 break;
3557 case SSL_CTRL_SET_SRP_ARG:
3558 ctx->srp_ctx.srp_Mask|=SSL_kSRP;
3559 ctx->srp_ctx.SRP_cb_arg = parg;
3560 break;
3561
3562 case SSL_CTRL_SET_TLS_EXT_SRP_STRENGTH:
3563 ctx->srp_ctx.strength = larg;
3564 break;
3565#endif
3378#endif /* !OPENSSL_NO_TLSEXT */ 3566#endif /* !OPENSSL_NO_TLSEXT */
3379 3567
3380 /* A Thawte special :-) */ 3568 /* A Thawte special :-) */
@@ -3452,6 +3640,23 @@ ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void))
3452 unsigned char *, EVP_CIPHER_CTX *, HMAC_CTX *, int))fp; 3640 unsigned char *, EVP_CIPHER_CTX *, HMAC_CTX *, int))fp;
3453 break; 3641 break;
3454 3642
3643#ifndef OPENSSL_NO_SRP
3644 case SSL_CTRL_SET_SRP_VERIFY_PARAM_CB:
3645 ctx->srp_ctx.srp_Mask|=SSL_kSRP;
3646 ctx->srp_ctx.SRP_verify_param_callback =
3647 (int (*)(SSL *, void *))fp;
3648 break;
3649 case SSL_CTRL_SET_TLS_EXT_SRP_USERNAME_CB:
3650 ctx->srp_ctx.srp_Mask|=SSL_kSRP;
3651 ctx->srp_ctx.TLS_ext_srp_username_callback =
3652 (int (*)(SSL *, int *, void *))fp;
3653 break;
3654 case SSL_CTRL_SET_SRP_GIVE_CLIENT_PWD_CB:
3655 ctx->srp_ctx.srp_Mask|=SSL_kSRP;
3656 ctx->srp_ctx.SRP_give_srp_client_pwd_callback =
3657 (char *(*)(SSL *, void *))fp;
3658 break;
3659#endif
3455#endif 3660#endif
3456 default: 3661 default:
3457 return (0); 3662 return (0);
@@ -3557,6 +3762,10 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
3557 mask_a = cert->mask_a; 3762 mask_a = cert->mask_a;
3558 emask_k = cert->export_mask_k; 3763 emask_k = cert->export_mask_k;
3559 emask_a = cert->export_mask_a; 3764 emask_a = cert->export_mask_a;
3765#ifndef OPENSSL_NO_SRP
3766 mask_k = cert->mask_k | s->srp_ctx.srp_Mask;
3767 emask_k = cert->export_mask_k | s->srp_ctx.srp_Mask;
3768#endif
3560 3769
3561#ifdef KSSL_DEBUG 3770#ifdef KSSL_DEBUG
3562/* printf("ssl3_choose_cipher %d alg= %lx\n", i,c->algorithms);*/ 3771/* printf("ssl3_choose_cipher %d alg= %lx\n", i,c->algorithms);*/
diff --git a/src/lib/libssl/s3_srvr.c b/src/lib/libssl/s3_srvr.c
index 1a924f828e..cc46e241d4 100644
--- a/src/lib/libssl/s3_srvr.c
+++ b/src/lib/libssl/s3_srvr.c
@@ -180,6 +180,28 @@ static const SSL_METHOD
180 return (NULL); 180 return (NULL);
181} 181}
182 182
183#ifndef OPENSSL_NO_SRP
184static int
185ssl_check_srp_ext_ClientHello(SSL *s, int *al)
186{
187 int ret = SSL_ERROR_NONE;
188
189 *al = SSL_AD_UNRECOGNIZED_NAME;
190
191 if ((s->s3->tmp.new_cipher->algorithm_mkey & SSL_kSRP) &&
192 (s->srp_ctx.TLS_ext_srp_username_callback != NULL)) {
193 if (s->srp_ctx.login == NULL) {
194 /* RFC 5054 says SHOULD reject,
195 we do so if There is no srp login name */
196 ret = SSL3_AL_FATAL;
197 *al = SSL_AD_UNKNOWN_PSK_IDENTITY;
198 } else {
199 ret = SSL_srp_server_param_with_username(s, al);
200 }
201 }
202 return ret;
203}
204#endif
183 205
184IMPLEMENT_ssl3_meth_func(SSLv3_server_method, 206IMPLEMENT_ssl3_meth_func(SSLv3_server_method,
185 ssl3_accept, ssl_undefined_function, ssl3_get_server_method) 207 ssl3_accept, ssl_undefined_function, ssl3_get_server_method)
@@ -317,6 +339,39 @@ ssl3_accept(SSL *s)
317 if (ret <= 0) 339 if (ret <= 0)
318 goto end; 340 goto end;
319 } 341 }
342#ifndef OPENSSL_NO_SRP
343 {
344 int al;
345 if ((ret =
346 ssl_check_srp_ext_ClientHello(s, &al))
347 < 0) {
348 /*
349 * Callback indicates further work to
350 * be done.
351 */
352 s->rwstate = SSL_X509_LOOKUP;
353 goto end;
354 }
355 if (ret != SSL_ERROR_NONE) {
356 ssl3_send_alert(s, SSL3_AL_FATAL, al);
357
358 /*
359 * This is not really an error but the
360 * only means for a client to detect
361 * whether srp is supported.
362 */
363 if (al != TLS1_AD_UNKNOWN_PSK_IDENTITY)
364 SSLerr(SSL_F_SSL3_ACCEPT,
365 SSL_R_CLIENTHELLO_TLSEXT);
366
367 ret = SSL_TLSEXT_ERR_ALERT_FATAL;
368
369 ret = -1;
370 goto end;
371
372 }
373 }
374#endif
320 375
321 s->renegotiate = 2; 376 s->renegotiate = 2;
322 s->state = SSL3_ST_SW_SRVR_HELLO_A; 377 s->state = SSL3_ST_SW_SRVR_HELLO_A;
@@ -415,6 +470,10 @@ ssl3_accept(SSL *s)
415#ifndef OPENSSL_NO_PSK 470#ifndef OPENSSL_NO_PSK
416 || ((alg_k & SSL_kPSK) && s->ctx->psk_identity_hint) 471 || ((alg_k & SSL_kPSK) && s->ctx->psk_identity_hint)
417#endif 472#endif
473#ifndef OPENSSL_NO_SRP
474 /* SRP: send ServerKeyExchange */
475 || (alg_k & SSL_kSRP)
476#endif
418 || (alg_k & (SSL_kDHr|SSL_kDHd|SSL_kEDH)) 477 || (alg_k & (SSL_kDHr|SSL_kDHd|SSL_kEDH))
419 || (alg_k & SSL_kEECDH) 478 || (alg_k & SSL_kEECDH)
420 || ((alg_k & SSL_kRSA) 479 || ((alg_k & SSL_kRSA)
@@ -1751,6 +1810,19 @@ ssl3_send_server_key_exchange(SSL *s)
1751 n += 2 + pskhintlen; 1810 n += 2 + pskhintlen;
1752 } else 1811 } else
1753#endif /* !OPENSSL_NO_PSK */ 1812#endif /* !OPENSSL_NO_PSK */
1813#ifndef OPENSSL_NO_SRP
1814 if (type & SSL_kSRP) {
1815 if ((s->srp_ctx.N == NULL) || (s->srp_ctx.g == NULL) ||
1816 (s->srp_ctx.s == NULL) || (s->srp_ctx.B == NULL)) {
1817 SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, SSL_R_MISSING_SRP_PARAM);
1818 goto err;
1819 }
1820 r[0] = s->srp_ctx.N;
1821 r[1] = s->srp_ctx.g;
1822 r[2] = s->srp_ctx.s;
1823 r[3] = s->srp_ctx.B;
1824 } else
1825#endif
1754 { 1826 {
1755 al = SSL_AD_HANDSHAKE_FAILURE; 1827 al = SSL_AD_HANDSHAKE_FAILURE;
1756 SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE); 1828 SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE);
@@ -1758,6 +1830,11 @@ ssl3_send_server_key_exchange(SSL *s)
1758 } 1830 }
1759 for (i = 0; i < 4 && r[i] != NULL; i++) { 1831 for (i = 0; i < 4 && r[i] != NULL; i++) {
1760 nr[i] = BN_num_bytes(r[i]); 1832 nr[i] = BN_num_bytes(r[i]);
1833#ifndef OPENSSL_NO_SRP
1834 if ((i == 2) && (type & SSL_kSRP))
1835 n += 1 + nr[i];
1836 else
1837#endif
1761 n += 2 + nr[i]; 1838 n += 2 + nr[i];
1762 } 1839 }
1763 1840
@@ -1783,6 +1860,12 @@ ssl3_send_server_key_exchange(SSL *s)
1783 p = &(d[4]); 1860 p = &(d[4]);
1784 1861
1785 for (i = 0; i < 4 && r[i] != NULL; i++) { 1862 for (i = 0; i < 4 && r[i] != NULL; i++) {
1863#ifndef OPENSSL_NO_SRP
1864 if ((i == 2) && (type & SSL_kSRP)) {
1865 *p = nr[i];
1866 p++;
1867 } else
1868#endif
1786 s2n(nr[i], p); 1869 s2n(nr[i], p);
1787 BN_bn2bin(r[i], p); 1870 BN_bn2bin(r[i], p);
1788 p += nr[i]; 1871 p += nr[i];
@@ -2651,6 +2734,43 @@ ssl3_get_client_key_exchange(SSL *s)
2651 goto f_err; 2734 goto f_err;
2652 } else 2735 } else
2653#endif 2736#endif
2737#ifndef OPENSSL_NO_SRP
2738 if (alg_k & SSL_kSRP) {
2739 int param_len;
2740
2741 n2s(p, i);
2742 param_len = i + 2;
2743 if (param_len > n) {
2744 al = SSL_AD_DECODE_ERROR;
2745 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
2746 SSL_R_BAD_SRP_A_LENGTH);
2747 goto f_err;
2748 }
2749 if (!(s->srp_ctx.A = BN_bin2bn(p, i, NULL))) {
2750 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
2751 ERR_R_BN_LIB);
2752 goto err;
2753 }
2754 if (s->session->srp_username != NULL)
2755 OPENSSL_free(s->session->srp_username);
2756 s->session->srp_username = BUF_strdup(s->srp_ctx.login);
2757 if (s->session->srp_username == NULL) {
2758 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
2759 ERR_R_MALLOC_FAILURE);
2760 goto err;
2761 }
2762
2763 if ((s->session->master_key_length =
2764 SRP_generate_server_master_secret(s,
2765 s->session->master_key)) < 0) {
2766 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
2767 ERR_R_INTERNAL_ERROR);
2768 goto err;
2769 }
2770
2771 p += i;
2772 } else
2773#endif /* OPENSSL_NO_SRP */
2654 if (alg_k & SSL_kGOST) { 2774 if (alg_k & SSL_kGOST) {
2655 int ret = 0; 2775 int ret = 0;
2656 EVP_PKEY_CTX *pkey_ctx; 2776 EVP_PKEY_CTX *pkey_ctx;
@@ -2731,7 +2851,9 @@ ssl3_get_client_key_exchange(SSL *s)
2731 return (1); 2851 return (1);
2732f_err: 2852f_err:
2733 ssl3_send_alert(s, SSL3_AL_FATAL, al); 2853 ssl3_send_alert(s, SSL3_AL_FATAL, al);
2854#if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_RSA) || !defined(OPENSSL_NO_ECDH) || defined(OPENSSL_NO_SRP)
2734err: 2855err:
2856#endif
2735#ifndef OPENSSL_NO_ECDH 2857#ifndef OPENSSL_NO_ECDH
2736 EVP_PKEY_free(clnt_pub_pkey); 2858 EVP_PKEY_free(clnt_pub_pkey);
2737 EC_POINT_free(clnt_ecpoint); 2859 EC_POINT_free(clnt_ecpoint);
diff --git a/src/lib/libssl/src/ssl/s3_clnt.c b/src/lib/libssl/src/ssl/s3_clnt.c
index 1589cdc21e..88be294ab7 100644
--- a/src/lib/libssl/src/ssl/s3_clnt.c
+++ b/src/lib/libssl/src/ssl/s3_clnt.c
@@ -365,6 +365,15 @@ ssl3_connect(SSL *s)
365 ret = ssl3_get_server_done(s); 365 ret = ssl3_get_server_done(s);
366 if (ret <= 0) 366 if (ret <= 0)
367 goto end; 367 goto end;
368#ifndef OPENSSL_NO_SRP
369 if (s->s3->tmp.new_cipher->algorithm_mkey & SSL_kSRP) {
370 if ((ret = SRP_Calc_A_param(s)) <= 0) {
371 SSLerr(SSL_F_SSL3_CONNECT, SSL_R_SRP_A_CALC);
372 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
373 goto end;
374 }
375 }
376#endif
368 if (s->s3->tmp.cert_req) 377 if (s->s3->tmp.cert_req)
369 s->state = SSL3_ST_CW_CERT_A; 378 s->state = SSL3_ST_CW_CERT_A;
370 else 379 else
@@ -1290,6 +1299,76 @@ ssl3_get_key_exchange(SSL *s)
1290 n -= param_len; 1299 n -= param_len;
1291 } else 1300 } else
1292#endif /* !OPENSSL_NO_PSK */ 1301#endif /* !OPENSSL_NO_PSK */
1302#ifndef OPENSSL_NO_SRP
1303 if (alg_k & SSL_kSRP) {
1304 n2s(p, i);
1305 param_len = i + 2;
1306 if (param_len > n) {
1307 al = SSL_AD_DECODE_ERROR;
1308 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_BAD_SRP_N_LENGTH);
1309 goto f_err;
1310 }
1311 if (!(s->srp_ctx.N = BN_bin2bn(p, i, NULL))) {
1312 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_BN_LIB);
1313 goto err;
1314 }
1315 p += i;
1316
1317 n2s(p, i);
1318 param_len += i + 2;
1319 if (param_len > n) {
1320 al = SSL_AD_DECODE_ERROR;
1321 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_BAD_SRP_G_LENGTH);
1322 goto f_err;
1323 }
1324 if (!(s->srp_ctx.g = BN_bin2bn(p, i, NULL))) {
1325 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_BN_LIB);
1326 goto err;
1327 }
1328 p += i;
1329
1330 i = (unsigned int)(p[0]);
1331 p++;
1332 param_len += i + 1;
1333 if (param_len > n) {
1334 al = SSL_AD_DECODE_ERROR;
1335 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_BAD_SRP_S_LENGTH);
1336 goto f_err;
1337 }
1338 if (!(s->srp_ctx.s = BN_bin2bn(p, i, NULL))) {
1339 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_BN_LIB);
1340 goto err;
1341 }
1342 p += i;
1343
1344 n2s(p, i);
1345 param_len += i + 2;
1346 if (param_len > n) {
1347 al = SSL_AD_DECODE_ERROR;
1348 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_BAD_SRP_B_LENGTH);
1349 goto f_err;
1350 }
1351 if (!(s->srp_ctx.B = BN_bin2bn(p, i, NULL))) {
1352 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_BN_LIB);
1353 goto err;
1354 }
1355 p += i;
1356 n -= param_len;
1357
1358/* We must check if there is a certificate */
1359#ifndef OPENSSL_NO_RSA
1360 if (alg_a & SSL_aRSA)
1361 pkey = X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509);
1362#else
1363 if (0)
1364;
1365#endif
1366#ifndef OPENSSL_NO_DSA
1367 else if (alg_a & SSL_aDSS)
1368 pkey = X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_DSA_SIGN].x509);
1369#endif
1370 } else
1371#endif /* !OPENSSL_NO_SRP */
1293#ifndef OPENSSL_NO_RSA 1372#ifndef OPENSSL_NO_RSA
1294 if (alg_k & SSL_kRSA) { 1373 if (alg_k & SSL_kRSA) {
1295 if ((rsa = RSA_new()) == NULL) { 1374 if ((rsa = RSA_new()) == NULL) {
@@ -2492,6 +2571,33 @@ ssl3_send_client_key_exchange(SSL *s)
2492 EVP_PKEY_free(pub_key); 2571 EVP_PKEY_free(pub_key);
2493 2572
2494 } 2573 }
2574#ifndef OPENSSL_NO_SRP
2575 else if (alg_k & SSL_kSRP) {
2576 if (s->srp_ctx.A != NULL) {
2577 /* send off the data */
2578 n = BN_num_bytes(s->srp_ctx.A);
2579 s2n(n, p);
2580 BN_bn2bin(s->srp_ctx.A, p);
2581 n += 2;
2582 } else {
2583 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
2584 goto err;
2585 }
2586 if (s->session->srp_username != NULL)
2587 OPENSSL_free(s->session->srp_username);
2588 s->session->srp_username = BUF_strdup(s->srp_ctx.login);
2589 if (s->session->srp_username == NULL) {
2590 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
2591 ERR_R_MALLOC_FAILURE);
2592 goto err;
2593 }
2594
2595 if ((s->session->master_key_length = SRP_generate_client_master_secret(s, s->session->master_key)) < 0) {
2596 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
2597 goto err;
2598 }
2599 }
2600#endif
2495#ifndef OPENSSL_NO_PSK 2601#ifndef OPENSSL_NO_PSK
2496 else if (alg_k & SSL_kPSK) { 2602 else if (alg_k & SSL_kPSK) {
2497 char identity[PSK_MAX_IDENTITY_LEN]; 2603 char identity[PSK_MAX_IDENTITY_LEN];
diff --git a/src/lib/libssl/src/ssl/s3_lib.c b/src/lib/libssl/src/ssl/s3_lib.c
index f56dbe26d7..68a4b8ca2d 100644
--- a/src/lib/libssl/src/ssl/s3_lib.c
+++ b/src/lib/libssl/src/ssl/s3_lib.c
@@ -2419,6 +2419,151 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
2419 }, 2419 },
2420#endif /* OPENSSL_NO_ECDH */ 2420#endif /* OPENSSL_NO_ECDH */
2421 2421
2422#ifndef OPENSSL_NO_SRP
2423 /* Cipher C01A */
2424 {
2425 1,
2426 TLS1_TXT_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
2427 TLS1_CK_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
2428 SSL_kSRP,
2429 SSL_aNULL,
2430 SSL_3DES,
2431 SSL_SHA1,
2432 SSL_TLSV1,
2433 SSL_NOT_EXP|SSL_HIGH,
2434 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2435 168,
2436 168,
2437 },
2438
2439 /* Cipher C01B */
2440 {
2441 1,
2442 TLS1_TXT_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA,
2443 TLS1_CK_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA,
2444 SSL_kSRP,
2445 SSL_aRSA,
2446 SSL_3DES,
2447 SSL_SHA1,
2448 SSL_TLSV1,
2449 SSL_NOT_EXP|SSL_HIGH,
2450 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2451 168,
2452 168,
2453 },
2454
2455 /* Cipher C01C */
2456 {
2457 1,
2458 TLS1_TXT_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA,
2459 TLS1_CK_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA,
2460 SSL_kSRP,
2461 SSL_aDSS,
2462 SSL_3DES,
2463 SSL_SHA1,
2464 SSL_TLSV1,
2465 SSL_NOT_EXP|SSL_HIGH,
2466 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2467 168,
2468 168,
2469 },
2470
2471 /* Cipher C01D */
2472 {
2473 1,
2474 TLS1_TXT_SRP_SHA_WITH_AES_128_CBC_SHA,
2475 TLS1_CK_SRP_SHA_WITH_AES_128_CBC_SHA,
2476 SSL_kSRP,
2477 SSL_aNULL,
2478 SSL_AES128,
2479 SSL_SHA1,
2480 SSL_TLSV1,
2481 SSL_NOT_EXP|SSL_HIGH,
2482 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2483 128,
2484 128,
2485 },
2486
2487 /* Cipher C01E */
2488 {
2489 1,
2490 TLS1_TXT_SRP_SHA_RSA_WITH_AES_128_CBC_SHA,
2491 TLS1_CK_SRP_SHA_RSA_WITH_AES_128_CBC_SHA,
2492 SSL_kSRP,
2493 SSL_aRSA,
2494 SSL_AES128,
2495 SSL_SHA1,
2496 SSL_TLSV1,
2497 SSL_NOT_EXP|SSL_HIGH,
2498 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2499 128,
2500 128,
2501 },
2502
2503 /* Cipher C01F */
2504 {
2505 1,
2506 TLS1_TXT_SRP_SHA_DSS_WITH_AES_128_CBC_SHA,
2507 TLS1_CK_SRP_SHA_DSS_WITH_AES_128_CBC_SHA,
2508 SSL_kSRP,
2509 SSL_aDSS,
2510 SSL_AES128,
2511 SSL_SHA1,
2512 SSL_TLSV1,
2513 SSL_NOT_EXP|SSL_HIGH,
2514 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2515 128,
2516 128,
2517 },
2518
2519 /* Cipher C020 */
2520 {
2521 1,
2522 TLS1_TXT_SRP_SHA_WITH_AES_256_CBC_SHA,
2523 TLS1_CK_SRP_SHA_WITH_AES_256_CBC_SHA,
2524 SSL_kSRP,
2525 SSL_aNULL,
2526 SSL_AES256,
2527 SSL_SHA1,
2528 SSL_TLSV1,
2529 SSL_NOT_EXP|SSL_HIGH,
2530 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2531 256,
2532 256,
2533 },
2534
2535 /* Cipher C021 */
2536 {
2537 1,
2538 TLS1_TXT_SRP_SHA_RSA_WITH_AES_256_CBC_SHA,
2539 TLS1_CK_SRP_SHA_RSA_WITH_AES_256_CBC_SHA,
2540 SSL_kSRP,
2541 SSL_aRSA,
2542 SSL_AES256,
2543 SSL_SHA1,
2544 SSL_TLSV1,
2545 SSL_NOT_EXP|SSL_HIGH,
2546 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2547 256,
2548 256,
2549 },
2550
2551 /* Cipher C022 */
2552 {
2553 1,
2554 TLS1_TXT_SRP_SHA_DSS_WITH_AES_256_CBC_SHA,
2555 TLS1_CK_SRP_SHA_DSS_WITH_AES_256_CBC_SHA,
2556 SSL_kSRP,
2557 SSL_aDSS,
2558 SSL_AES256,
2559 SSL_SHA1,
2560 SSL_TLSV1,
2561 SSL_NOT_EXP|SSL_HIGH,
2562 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2563 256,
2564 256,
2565 },
2566#endif /* OPENSSL_NO_SRP */
2422#ifndef OPENSSL_NO_ECDH 2567#ifndef OPENSSL_NO_ECDH
2423 2568
2424 /* HMAC based TLS v1.2 ciphersuites from RFC5289 */ 2569 /* HMAC based TLS v1.2 ciphersuites from RFC5289 */
@@ -2808,6 +2953,9 @@ ssl3_new(SSL *s)
2808 2953
2809 s->s3 = s3; 2954 s->s3 = s3;
2810 2955
2956#ifndef OPENSSL_NO_SRP
2957 SSL_SRP_CTX_init(s);
2958#endif
2811 s->method->ssl_clear(s); 2959 s->method->ssl_clear(s);
2812 return (1); 2960 return (1);
2813err: 2961err:
@@ -2850,6 +2998,9 @@ ssl3_free(SSL *s)
2850 } 2998 }
2851 if (s->s3->handshake_dgst) 2999 if (s->s3->handshake_dgst)
2852 ssl3_free_digest_list(s); 3000 ssl3_free_digest_list(s);
3001#ifndef OPENSSL_NO_SRP
3002 SSL_SRP_CTX_free(s);
3003#endif
2853 OPENSSL_cleanse(s->s3, sizeof *s->s3); 3004 OPENSSL_cleanse(s->s3, sizeof *s->s3);
2854 OPENSSL_free(s->s3); 3005 OPENSSL_free(s->s3);
2855 s->s3 = NULL; 3006 s->s3 = NULL;
@@ -2934,6 +3085,13 @@ ssl3_clear(SSL *s)
2934#endif 3085#endif
2935} 3086}
2936 3087
3088#ifndef OPENSSL_NO_SRP
3089static char *
3090srp_password_from_info_cb(SSL *s, void *arg)
3091{
3092 return BUF_strdup(s->srp_ctx.info);
3093}
3094#endif
2937 3095
2938long 3096long
2939ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) 3097ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
@@ -3375,6 +3533,36 @@ ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
3375 return 1; 3533 return 1;
3376 break; 3534 break;
3377 3535
3536#ifndef OPENSSL_NO_SRP
3537 case SSL_CTRL_SET_TLS_EXT_SRP_USERNAME:
3538 ctx->srp_ctx.srp_Mask|=SSL_kSRP;
3539 if (ctx->srp_ctx.login != NULL)
3540 OPENSSL_free(ctx->srp_ctx.login);
3541 ctx->srp_ctx.login = NULL;
3542 if (parg == NULL)
3543 break;
3544 if (strlen((const char *)parg) > 255 || strlen((const char *)parg) < 1) {
3545 SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_INVALID_SRP_USERNAME);
3546 return 0;
3547 }
3548 if ((ctx->srp_ctx.login = BUF_strdup((char *)parg)) == NULL) {
3549 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_INTERNAL_ERROR);
3550 return 0;
3551 }
3552 break;
3553 case SSL_CTRL_SET_TLS_EXT_SRP_PASSWORD:
3554 ctx->srp_ctx.SRP_give_srp_client_pwd_callback = srp_password_from_info_cb;
3555 ctx->srp_ctx.info = parg;
3556 break;
3557 case SSL_CTRL_SET_SRP_ARG:
3558 ctx->srp_ctx.srp_Mask|=SSL_kSRP;
3559 ctx->srp_ctx.SRP_cb_arg = parg;
3560 break;
3561
3562 case SSL_CTRL_SET_TLS_EXT_SRP_STRENGTH:
3563 ctx->srp_ctx.strength = larg;
3564 break;
3565#endif
3378#endif /* !OPENSSL_NO_TLSEXT */ 3566#endif /* !OPENSSL_NO_TLSEXT */
3379 3567
3380 /* A Thawte special :-) */ 3568 /* A Thawte special :-) */
@@ -3452,6 +3640,23 @@ ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void))
3452 unsigned char *, EVP_CIPHER_CTX *, HMAC_CTX *, int))fp; 3640 unsigned char *, EVP_CIPHER_CTX *, HMAC_CTX *, int))fp;
3453 break; 3641 break;
3454 3642
3643#ifndef OPENSSL_NO_SRP
3644 case SSL_CTRL_SET_SRP_VERIFY_PARAM_CB:
3645 ctx->srp_ctx.srp_Mask|=SSL_kSRP;
3646 ctx->srp_ctx.SRP_verify_param_callback =
3647 (int (*)(SSL *, void *))fp;
3648 break;
3649 case SSL_CTRL_SET_TLS_EXT_SRP_USERNAME_CB:
3650 ctx->srp_ctx.srp_Mask|=SSL_kSRP;
3651 ctx->srp_ctx.TLS_ext_srp_username_callback =
3652 (int (*)(SSL *, int *, void *))fp;
3653 break;
3654 case SSL_CTRL_SET_SRP_GIVE_CLIENT_PWD_CB:
3655 ctx->srp_ctx.srp_Mask|=SSL_kSRP;
3656 ctx->srp_ctx.SRP_give_srp_client_pwd_callback =
3657 (char *(*)(SSL *, void *))fp;
3658 break;
3659#endif
3455#endif 3660#endif
3456 default: 3661 default:
3457 return (0); 3662 return (0);
@@ -3557,6 +3762,10 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
3557 mask_a = cert->mask_a; 3762 mask_a = cert->mask_a;
3558 emask_k = cert->export_mask_k; 3763 emask_k = cert->export_mask_k;
3559 emask_a = cert->export_mask_a; 3764 emask_a = cert->export_mask_a;
3765#ifndef OPENSSL_NO_SRP
3766 mask_k = cert->mask_k | s->srp_ctx.srp_Mask;
3767 emask_k = cert->export_mask_k | s->srp_ctx.srp_Mask;
3768#endif
3560 3769
3561#ifdef KSSL_DEBUG 3770#ifdef KSSL_DEBUG
3562/* printf("ssl3_choose_cipher %d alg= %lx\n", i,c->algorithms);*/ 3771/* printf("ssl3_choose_cipher %d alg= %lx\n", i,c->algorithms);*/
diff --git a/src/lib/libssl/src/ssl/s3_srvr.c b/src/lib/libssl/src/ssl/s3_srvr.c
index 1a924f828e..cc46e241d4 100644
--- a/src/lib/libssl/src/ssl/s3_srvr.c
+++ b/src/lib/libssl/src/ssl/s3_srvr.c
@@ -180,6 +180,28 @@ static const SSL_METHOD
180 return (NULL); 180 return (NULL);
181} 181}
182 182
183#ifndef OPENSSL_NO_SRP
184static int
185ssl_check_srp_ext_ClientHello(SSL *s, int *al)
186{
187 int ret = SSL_ERROR_NONE;
188
189 *al = SSL_AD_UNRECOGNIZED_NAME;
190
191 if ((s->s3->tmp.new_cipher->algorithm_mkey & SSL_kSRP) &&
192 (s->srp_ctx.TLS_ext_srp_username_callback != NULL)) {
193 if (s->srp_ctx.login == NULL) {
194 /* RFC 5054 says SHOULD reject,
195 we do so if There is no srp login name */
196 ret = SSL3_AL_FATAL;
197 *al = SSL_AD_UNKNOWN_PSK_IDENTITY;
198 } else {
199 ret = SSL_srp_server_param_with_username(s, al);
200 }
201 }
202 return ret;
203}
204#endif
183 205
184IMPLEMENT_ssl3_meth_func(SSLv3_server_method, 206IMPLEMENT_ssl3_meth_func(SSLv3_server_method,
185 ssl3_accept, ssl_undefined_function, ssl3_get_server_method) 207 ssl3_accept, ssl_undefined_function, ssl3_get_server_method)
@@ -317,6 +339,39 @@ ssl3_accept(SSL *s)
317 if (ret <= 0) 339 if (ret <= 0)
318 goto end; 340 goto end;
319 } 341 }
342#ifndef OPENSSL_NO_SRP
343 {
344 int al;
345 if ((ret =
346 ssl_check_srp_ext_ClientHello(s, &al))
347 < 0) {
348 /*
349 * Callback indicates further work to
350 * be done.
351 */
352 s->rwstate = SSL_X509_LOOKUP;
353 goto end;
354 }
355 if (ret != SSL_ERROR_NONE) {
356 ssl3_send_alert(s, SSL3_AL_FATAL, al);
357
358 /*
359 * This is not really an error but the
360 * only means for a client to detect
361 * whether srp is supported.
362 */
363 if (al != TLS1_AD_UNKNOWN_PSK_IDENTITY)
364 SSLerr(SSL_F_SSL3_ACCEPT,
365 SSL_R_CLIENTHELLO_TLSEXT);
366
367 ret = SSL_TLSEXT_ERR_ALERT_FATAL;
368
369 ret = -1;
370 goto end;
371
372 }
373 }
374#endif
320 375
321 s->renegotiate = 2; 376 s->renegotiate = 2;
322 s->state = SSL3_ST_SW_SRVR_HELLO_A; 377 s->state = SSL3_ST_SW_SRVR_HELLO_A;
@@ -415,6 +470,10 @@ ssl3_accept(SSL *s)
415#ifndef OPENSSL_NO_PSK 470#ifndef OPENSSL_NO_PSK
416 || ((alg_k & SSL_kPSK) && s->ctx->psk_identity_hint) 471 || ((alg_k & SSL_kPSK) && s->ctx->psk_identity_hint)
417#endif 472#endif
473#ifndef OPENSSL_NO_SRP
474 /* SRP: send ServerKeyExchange */
475 || (alg_k & SSL_kSRP)
476#endif
418 || (alg_k & (SSL_kDHr|SSL_kDHd|SSL_kEDH)) 477 || (alg_k & (SSL_kDHr|SSL_kDHd|SSL_kEDH))
419 || (alg_k & SSL_kEECDH) 478 || (alg_k & SSL_kEECDH)
420 || ((alg_k & SSL_kRSA) 479 || ((alg_k & SSL_kRSA)
@@ -1751,6 +1810,19 @@ ssl3_send_server_key_exchange(SSL *s)
1751 n += 2 + pskhintlen; 1810 n += 2 + pskhintlen;
1752 } else 1811 } else
1753#endif /* !OPENSSL_NO_PSK */ 1812#endif /* !OPENSSL_NO_PSK */
1813#ifndef OPENSSL_NO_SRP
1814 if (type & SSL_kSRP) {
1815 if ((s->srp_ctx.N == NULL) || (s->srp_ctx.g == NULL) ||
1816 (s->srp_ctx.s == NULL) || (s->srp_ctx.B == NULL)) {
1817 SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, SSL_R_MISSING_SRP_PARAM);
1818 goto err;
1819 }
1820 r[0] = s->srp_ctx.N;
1821 r[1] = s->srp_ctx.g;
1822 r[2] = s->srp_ctx.s;
1823 r[3] = s->srp_ctx.B;
1824 } else
1825#endif
1754 { 1826 {
1755 al = SSL_AD_HANDSHAKE_FAILURE; 1827 al = SSL_AD_HANDSHAKE_FAILURE;
1756 SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE); 1828 SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE);
@@ -1758,6 +1830,11 @@ ssl3_send_server_key_exchange(SSL *s)
1758 } 1830 }
1759 for (i = 0; i < 4 && r[i] != NULL; i++) { 1831 for (i = 0; i < 4 && r[i] != NULL; i++) {
1760 nr[i] = BN_num_bytes(r[i]); 1832 nr[i] = BN_num_bytes(r[i]);
1833#ifndef OPENSSL_NO_SRP
1834 if ((i == 2) && (type & SSL_kSRP))
1835 n += 1 + nr[i];
1836 else
1837#endif
1761 n += 2 + nr[i]; 1838 n += 2 + nr[i];
1762 } 1839 }
1763 1840
@@ -1783,6 +1860,12 @@ ssl3_send_server_key_exchange(SSL *s)
1783 p = &(d[4]); 1860 p = &(d[4]);
1784 1861
1785 for (i = 0; i < 4 && r[i] != NULL; i++) { 1862 for (i = 0; i < 4 && r[i] != NULL; i++) {
1863#ifndef OPENSSL_NO_SRP
1864 if ((i == 2) && (type & SSL_kSRP)) {
1865 *p = nr[i];
1866 p++;
1867 } else
1868#endif
1786 s2n(nr[i], p); 1869 s2n(nr[i], p);
1787 BN_bn2bin(r[i], p); 1870 BN_bn2bin(r[i], p);
1788 p += nr[i]; 1871 p += nr[i];
@@ -2651,6 +2734,43 @@ ssl3_get_client_key_exchange(SSL *s)
2651 goto f_err; 2734 goto f_err;
2652 } else 2735 } else
2653#endif 2736#endif
2737#ifndef OPENSSL_NO_SRP
2738 if (alg_k & SSL_kSRP) {
2739 int param_len;
2740
2741 n2s(p, i);
2742 param_len = i + 2;
2743 if (param_len > n) {
2744 al = SSL_AD_DECODE_ERROR;
2745 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
2746 SSL_R_BAD_SRP_A_LENGTH);
2747 goto f_err;
2748 }
2749 if (!(s->srp_ctx.A = BN_bin2bn(p, i, NULL))) {
2750 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
2751 ERR_R_BN_LIB);
2752 goto err;
2753 }
2754 if (s->session->srp_username != NULL)
2755 OPENSSL_free(s->session->srp_username);
2756 s->session->srp_username = BUF_strdup(s->srp_ctx.login);
2757 if (s->session->srp_username == NULL) {
2758 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
2759 ERR_R_MALLOC_FAILURE);
2760 goto err;
2761 }
2762
2763 if ((s->session->master_key_length =
2764 SRP_generate_server_master_secret(s,
2765 s->session->master_key)) < 0) {
2766 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
2767 ERR_R_INTERNAL_ERROR);
2768 goto err;
2769 }
2770
2771 p += i;
2772 } else
2773#endif /* OPENSSL_NO_SRP */
2654 if (alg_k & SSL_kGOST) { 2774 if (alg_k & SSL_kGOST) {
2655 int ret = 0; 2775 int ret = 0;
2656 EVP_PKEY_CTX *pkey_ctx; 2776 EVP_PKEY_CTX *pkey_ctx;
@@ -2731,7 +2851,9 @@ ssl3_get_client_key_exchange(SSL *s)
2731 return (1); 2851 return (1);
2732f_err: 2852f_err:
2733 ssl3_send_alert(s, SSL3_AL_FATAL, al); 2853 ssl3_send_alert(s, SSL3_AL_FATAL, al);
2854#if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_RSA) || !defined(OPENSSL_NO_ECDH) || defined(OPENSSL_NO_SRP)
2734err: 2855err:
2856#endif
2735#ifndef OPENSSL_NO_ECDH 2857#ifndef OPENSSL_NO_ECDH
2736 EVP_PKEY_free(clnt_pub_pkey); 2858 EVP_PKEY_free(clnt_pub_pkey);
2737 EC_POINT_free(clnt_ecpoint); 2859 EC_POINT_free(clnt_ecpoint);
diff --git a/src/lib/libssl/src/ssl/ssl.h b/src/lib/libssl/src/ssl/ssl.h
index 3f99de1616..d3e015e738 100644
--- a/src/lib/libssl/src/ssl/ssl.h
+++ b/src/lib/libssl/src/ssl/ssl.h
@@ -533,6 +533,9 @@ struct ssl_session_st {
533 size_t tlsext_ticklen; /* Session ticket length */ 533 size_t tlsext_ticklen; /* Session ticket length */
534 long tlsext_tick_lifetime_hint; /* Session lifetime hint in seconds */ 534 long tlsext_tick_lifetime_hint; /* Session lifetime hint in seconds */
535#endif 535#endif
536#ifndef OPENSSL_NO_SRP
537 char *srp_username;
538#endif
536}; 539};
537 540
538#endif 541#endif
@@ -682,6 +685,42 @@ void SSL_set_msg_callback(SSL *ssl, void (*cb)(int write_p, int version,
682#define SSL_CTX_set_msg_callback_arg(ctx, arg) SSL_CTX_ctrl((ctx), SSL_CTRL_SET_MSG_CALLBACK_ARG, 0, (arg)) 685#define SSL_CTX_set_msg_callback_arg(ctx, arg) SSL_CTX_ctrl((ctx), SSL_CTRL_SET_MSG_CALLBACK_ARG, 0, (arg))
683#define SSL_set_msg_callback_arg(ssl, arg) SSL_ctrl((ssl), SSL_CTRL_SET_MSG_CALLBACK_ARG, 0, (arg)) 686#define SSL_set_msg_callback_arg(ssl, arg) SSL_ctrl((ssl), SSL_CTRL_SET_MSG_CALLBACK_ARG, 0, (arg))
684 687
688#ifndef OPENSSL_NO_SRP
689
690#ifndef OPENSSL_NO_SSL_INTERN
691
692typedef struct srp_ctx_st {
693 /* param for all the callbacks */
694 void *SRP_cb_arg;
695 /* set client Hello login callback */
696 int (*TLS_ext_srp_username_callback)(SSL *, int *, void *);
697 /* set SRP N/g param callback for verification */
698 int (*SRP_verify_param_callback)(SSL *, void *);
699 /* set SRP client passwd callback */
700 char *(*SRP_give_srp_client_pwd_callback)(SSL *, void *);
701
702 char *login;
703 BIGNUM *N, *g, *s, *B, *A;
704 BIGNUM *a, *b, *v;
705 char *info;
706 int strength;
707
708 unsigned long srp_Mask;
709} SRP_CTX;
710
711#endif
712
713/* see tls_srp.c */
714int SSL_SRP_CTX_init(SSL *s);
715int SSL_CTX_SRP_CTX_init(SSL_CTX *ctx);
716int SSL_SRP_CTX_free(SSL *ctx);
717int SSL_CTX_SRP_CTX_free(SSL_CTX *ctx);
718int SSL_srp_server_param_with_username(SSL *s, int *ad);
719int SRP_generate_server_master_secret(SSL *s, unsigned char *master_key);
720int SRP_Calc_A_param(SSL *s);
721int SRP_generate_client_master_secret(SSL *s, unsigned char *master_key);
722
723#endif
685 724
686#define SSL_MAX_CERT_LIST_DEFAULT 1024*100 /* 100k max cert list :-) */ 725#define SSL_MAX_CERT_LIST_DEFAULT 1024*100 /* 100k max cert list :-) */
687 726
@@ -903,6 +942,9 @@ struct ssl_ctx_st {
903 struct ssl3_buf_freelist_st *wbuf_freelist; 942 struct ssl3_buf_freelist_st *wbuf_freelist;
904 struct ssl3_buf_freelist_st *rbuf_freelist; 943 struct ssl3_buf_freelist_st *rbuf_freelist;
905#endif 944#endif
945#ifndef OPENSSL_NO_SRP
946 SRP_CTX srp_ctx; /* ctx for SRP authentication */
947#endif
906 948
907#ifndef OPENSSL_NO_TLSEXT 949#ifndef OPENSSL_NO_TLSEXT
908 950
@@ -1306,6 +1348,9 @@ struct ssl_st {
1306 * 2 if we are a server and are inside a handshake 1348 * 2 if we are a server and are inside a handshake
1307 * (i.e. not just sending a HelloRequest) */ 1349 * (i.e. not just sending a HelloRequest) */
1308 1350
1351#ifndef OPENSSL_NO_SRP
1352 SRP_CTX srp_ctx; /* ctx for SRP authentication */
1353#endif
1309}; 1354};
1310 1355
1311#endif 1356#endif
@@ -1754,6 +1799,24 @@ int SSL_set_trust(SSL *s, int trust);
1754int SSL_CTX_set1_param(SSL_CTX *ctx, X509_VERIFY_PARAM *vpm); 1799int SSL_CTX_set1_param(SSL_CTX *ctx, X509_VERIFY_PARAM *vpm);
1755int SSL_set1_param(SSL *ssl, X509_VERIFY_PARAM *vpm); 1800int SSL_set1_param(SSL *ssl, X509_VERIFY_PARAM *vpm);
1756 1801
1802#ifndef OPENSSL_NO_SRP
1803int SSL_CTX_set_srp_username(SSL_CTX *ctx, char *name);
1804int SSL_CTX_set_srp_password(SSL_CTX *ctx, char *password);
1805int SSL_CTX_set_srp_strength(SSL_CTX *ctx, int strength);
1806int SSL_CTX_set_srp_client_pwd_callback(SSL_CTX *ctx, char *(*cb)(SSL *, void *));
1807int SSL_CTX_set_srp_verify_param_callback(SSL_CTX *ctx, int (*cb)(SSL *, void *));
1808int SSL_CTX_set_srp_username_callback(SSL_CTX *ctx, int (*cb)(SSL *, int *, void *));
1809int SSL_CTX_set_srp_cb_arg(SSL_CTX *ctx, void *arg);
1810
1811int SSL_set_srp_server_param(SSL *s, const BIGNUM *N, const BIGNUM *g, BIGNUM *sa, BIGNUM *v, char *info);
1812int SSL_set_srp_server_param_pw(SSL *s, const char *user, const char *pass, const char *grp);
1813
1814BIGNUM *SSL_get_srp_g(SSL *s);
1815BIGNUM *SSL_get_srp_N(SSL *s);
1816
1817char *SSL_get_srp_username(SSL *s);
1818char *SSL_get_srp_userinfo(SSL *s);
1819#endif
1757 1820
1758void SSL_free(SSL *ssl); 1821void SSL_free(SSL *ssl);
1759int SSL_accept(SSL *ssl); 1822int SSL_accept(SSL *ssl);
diff --git a/src/lib/libssl/src/ssl/ssl_asn1.c b/src/lib/libssl/src/ssl/ssl_asn1.c
index b1a3876c91..28e295f6a4 100644
--- a/src/lib/libssl/src/ssl/ssl_asn1.c
+++ b/src/lib/libssl/src/ssl/ssl_asn1.c
@@ -113,6 +113,9 @@ typedef struct ssl_session_asn1_st {
113 ASN1_OCTET_STRING psk_identity_hint; 113 ASN1_OCTET_STRING psk_identity_hint;
114 ASN1_OCTET_STRING psk_identity; 114 ASN1_OCTET_STRING psk_identity;
115#endif /* OPENSSL_NO_PSK */ 115#endif /* OPENSSL_NO_PSK */
116#ifndef OPENSSL_NO_SRP
117 ASN1_OCTET_STRING srp_username;
118#endif /* OPENSSL_NO_SRP */
116} SSL_SESSION_ASN1; 119} SSL_SESSION_ASN1;
117 120
118int 121int
@@ -130,6 +133,9 @@ i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp)
130 unsigned char cbuf; 133 unsigned char cbuf;
131 int v11 = 0; 134 int v11 = 0;
132#endif 135#endif
136#ifndef OPENSSL_NO_SRP
137 int v12 = 0;
138#endif
133 long l; 139 long l;
134 SSL_SESSION_ASN1 a; 140 SSL_SESSION_ASN1 a;
135 M_ASN1_I2D_vars(in); 141 M_ASN1_I2D_vars(in);
@@ -247,6 +253,13 @@ i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp)
247 a.psk_identity.data = (unsigned char *)(in->psk_identity); 253 a.psk_identity.data = (unsigned char *)(in->psk_identity);
248 } 254 }
249#endif /* OPENSSL_NO_PSK */ 255#endif /* OPENSSL_NO_PSK */
256#ifndef OPENSSL_NO_SRP
257 if (in->srp_username) {
258 a.srp_username.length = strlen(in->srp_username);
259 a.srp_username.type = V_ASN1_OCTET_STRING;
260 a.srp_username.data = (unsigned char *)(in->srp_username);
261 }
262#endif /* OPENSSL_NO_SRP */
250 263
251 M_ASN1_I2D_len(&(a.version), i2d_ASN1_INTEGER); 264 M_ASN1_I2D_len(&(a.version), i2d_ASN1_INTEGER);
252 M_ASN1_I2D_len(&(a.ssl_version), i2d_ASN1_INTEGER); 265 M_ASN1_I2D_len(&(a.ssl_version), i2d_ASN1_INTEGER);
@@ -287,6 +300,10 @@ i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp)
287 if (in->psk_identity) 300 if (in->psk_identity)
288 M_ASN1_I2D_len_EXP_opt(&(a.psk_identity), i2d_ASN1_OCTET_STRING, 8, v8); 301 M_ASN1_I2D_len_EXP_opt(&(a.psk_identity), i2d_ASN1_OCTET_STRING, 8, v8);
289#endif /* OPENSSL_NO_PSK */ 302#endif /* OPENSSL_NO_PSK */
303#ifndef OPENSSL_NO_SRP
304 if (in->srp_username)
305 M_ASN1_I2D_len_EXP_opt(&(a.srp_username), i2d_ASN1_OCTET_STRING, 12, v12);
306#endif /* OPENSSL_NO_SRP */
290 307
291 M_ASN1_I2D_seq_total(); 308 M_ASN1_I2D_seq_total();
292 309
@@ -331,6 +348,10 @@ i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp)
331 if (in->compress_meth) 348 if (in->compress_meth)
332 M_ASN1_I2D_put_EXP_opt(&(a.comp_id), i2d_ASN1_OCTET_STRING, 11, v11); 349 M_ASN1_I2D_put_EXP_opt(&(a.comp_id), i2d_ASN1_OCTET_STRING, 11, v11);
333#endif 350#endif
351#ifndef OPENSSL_NO_SRP
352 if (in->srp_username)
353 M_ASN1_I2D_put_EXP_opt(&(a.srp_username), i2d_ASN1_OCTET_STRING, 12, v12);
354#endif /* OPENSSL_NO_SRP */
334 M_ASN1_I2D_finish(); 355 M_ASN1_I2D_finish();
335} 356}
336 357
@@ -559,6 +580,18 @@ long length)
559 } 580 }
560#endif 581#endif
561 582
583#ifndef OPENSSL_NO_SRP
584 os.length = 0;
585 os.data = NULL;
586 M_ASN1_D2I_get_EXP_opt(osp, d2i_ASN1_OCTET_STRING, 12);
587 if (os.data) {
588 ret->srp_username = BUF_strndup((char *)os.data, os.length);
589 OPENSSL_free(os.data);
590 os.data = NULL;
591 os.length = 0;
592 } else
593 ret->srp_username = NULL;
594#endif /* OPENSSL_NO_SRP */
562 595
563 M_ASN1_D2I_Finish(a, SSL_SESSION_free, SSL_F_D2I_SSL_SESSION); 596 M_ASN1_D2I_Finish(a, SSL_SESSION_free, SSL_F_D2I_SSL_SESSION);
564} 597}
diff --git a/src/lib/libssl/src/ssl/ssl_ciph.c b/src/lib/libssl/src/ssl/ssl_ciph.c
index 1a87cc255d..4bd3be0d41 100644
--- a/src/lib/libssl/src/ssl/ssl_ciph.c
+++ b/src/lib/libssl/src/ssl/ssl_ciph.c
@@ -724,7 +724,9 @@ ssl_cipher_get_disabled(unsigned long *mkey, unsigned long *auth, unsigned long
724 *mkey |= SSL_kPSK; 724 *mkey |= SSL_kPSK;
725 *auth |= SSL_aPSK; 725 *auth |= SSL_aPSK;
726#endif 726#endif
727#ifdef OPENSSL_NO_SRP
727 *mkey |= SSL_kSRP; 728 *mkey |= SSL_kSRP;
729#endif
728 /* Check for presence of GOST 34.10 algorithms, and if they 730 /* Check for presence of GOST 34.10 algorithms, and if they
729 * do not present, disable appropriate auth and key exchange */ 731 * do not present, disable appropriate auth and key exchange */
730 if (!get_optional_pkey_id("gost94")) { 732 if (!get_optional_pkey_id("gost94")) {
diff --git a/src/lib/libssl/src/ssl/ssl_lib.c b/src/lib/libssl/src/ssl/ssl_lib.c
index d0c79710ef..a0882e4521 100644
--- a/src/lib/libssl/src/ssl/ssl_lib.c
+++ b/src/lib/libssl/src/ssl/ssl_lib.c
@@ -1823,6 +1823,9 @@ SSL_CTX
1823 ret->psk_client_callback = NULL; 1823 ret->psk_client_callback = NULL;
1824 ret->psk_server_callback = NULL; 1824 ret->psk_server_callback = NULL;
1825#endif 1825#endif
1826#ifndef OPENSSL_NO_SRP
1827 SSL_CTX_SRP_CTX_init(ret);
1828#endif
1826#ifndef OPENSSL_NO_BUF_FREELISTS 1829#ifndef OPENSSL_NO_BUF_FREELISTS
1827 ret->freelist_max_len = SSL_MAX_BUF_FREELIST_LEN_DEFAULT; 1830 ret->freelist_max_len = SSL_MAX_BUF_FREELIST_LEN_DEFAULT;
1828 ret->rbuf_freelist = OPENSSL_malloc(sizeof(SSL3_BUF_FREELIST)); 1831 ret->rbuf_freelist = OPENSSL_malloc(sizeof(SSL3_BUF_FREELIST));
@@ -1962,6 +1965,9 @@ SSL_CTX_free(SSL_CTX *a)
1962 if (a->psk_identity_hint) 1965 if (a->psk_identity_hint)
1963 OPENSSL_free(a->psk_identity_hint); 1966 OPENSSL_free(a->psk_identity_hint);
1964#endif 1967#endif
1968#ifndef OPENSSL_NO_SRP
1969 SSL_CTX_SRP_CTX_free(a);
1970#endif
1965#ifndef OPENSSL_NO_ENGINE 1971#ifndef OPENSSL_NO_ENGINE
1966 if (a->client_cert_engine) 1972 if (a->client_cert_engine)
1967 ENGINE_finish(a->client_cert_engine); 1973 ENGINE_finish(a->client_cert_engine);
diff --git a/src/lib/libssl/src/ssl/ssl_sess.c b/src/lib/libssl/src/ssl/ssl_sess.c
index 5c5ef4a312..0b1c655820 100644
--- a/src/lib/libssl/src/ssl/ssl_sess.c
+++ b/src/lib/libssl/src/ssl/ssl_sess.c
@@ -224,6 +224,9 @@ SSL_SESSION
224 ss->psk_identity_hint = NULL; 224 ss->psk_identity_hint = NULL;
225 ss->psk_identity = NULL; 225 ss->psk_identity = NULL;
226#endif 226#endif
227#ifndef OPENSSL_NO_SRP
228 ss->srp_username = NULL;
229#endif
227 return (ss); 230 return (ss);
228} 231}
229 232
@@ -734,6 +737,10 @@ SSL_SESSION_free(SSL_SESSION *ss)
734 if (ss->psk_identity != NULL) 737 if (ss->psk_identity != NULL)
735 OPENSSL_free(ss->psk_identity); 738 OPENSSL_free(ss->psk_identity);
736#endif 739#endif
740#ifndef OPENSSL_NO_SRP
741 if (ss->srp_username != NULL)
742 OPENSSL_free(ss->srp_username);
743#endif
737 OPENSSL_cleanse(ss, sizeof(*ss)); 744 OPENSSL_cleanse(ss, sizeof(*ss));
738 OPENSSL_free(ss); 745 OPENSSL_free(ss);
739} 746}
diff --git a/src/lib/libssl/src/ssl/ssl_txt.c b/src/lib/libssl/src/ssl/ssl_txt.c
index d3f304b73d..91664ffe43 100644
--- a/src/lib/libssl/src/ssl/ssl_txt.c
+++ b/src/lib/libssl/src/ssl/ssl_txt.c
@@ -193,6 +193,12 @@ SSL_SESSION_print(BIO *bp, const SSL_SESSION *x)
193 if (BIO_printf(bp, "%s", x->psk_identity_hint ? x->psk_identity_hint : "None") 193 if (BIO_printf(bp, "%s", x->psk_identity_hint ? x->psk_identity_hint : "None")
194 <= 0) goto err; 194 <= 0) goto err;
195#endif 195#endif
196#ifndef OPENSSL_NO_SRP
197 if (BIO_puts(bp, "\n SRP username: ")
198 <= 0) goto err;
199 if (BIO_printf(bp, "%s", x->srp_username ? x->srp_username : "None")
200 <= 0) goto err;
201#endif
196#ifndef OPENSSL_NO_TLSEXT 202#ifndef OPENSSL_NO_TLSEXT
197 if (x->tlsext_tick_lifetime_hint) { 203 if (x->tlsext_tick_lifetime_hint) {
198 if (BIO_printf(bp, 204 if (BIO_printf(bp,
diff --git a/src/lib/libssl/src/ssl/ssltest.c b/src/lib/libssl/src/ssl/ssltest.c
index 1d43f5a0e8..771c50a3e1 100644
--- a/src/lib/libssl/src/ssl/ssltest.c
+++ b/src/lib/libssl/src/ssl/ssltest.c
@@ -182,6 +182,9 @@
182#ifndef OPENSSL_NO_DH 182#ifndef OPENSSL_NO_DH
183#include <openssl/dh.h> 183#include <openssl/dh.h>
184#endif 184#endif
185#ifndef OPENSSL_NO_SRP
186#include <openssl/srp.h>
187#endif
185#include <openssl/bn.h> 188#include <openssl/bn.h>
186 189
187#define _XOPEN_SOURCE_EXTENDED 1 /* Or gethostname won't be declared properly 190#define _XOPEN_SOURCE_EXTENDED 1 /* Or gethostname won't be declared properly
@@ -231,6 +234,46 @@ static unsigned int psk_server_callback(SSL *ssl, const char *identity,
231 unsigned char *psk, unsigned int max_psk_len); 234 unsigned char *psk, unsigned int max_psk_len);
232#endif 235#endif
233 236
237#ifndef OPENSSL_NO_SRP
238/* SRP client */
239/* This is a context that we pass to all callbacks */
240typedef struct srp_client_arg_st {
241 char *srppassin;
242 char *srplogin;
243} SRP_CLIENT_ARG;
244
245#define PWD_STRLEN 1024
246
247static char *
248ssl_give_srp_client_pwd_cb(SSL *s, void *arg)
249{
250 SRP_CLIENT_ARG *srp_client_arg = (SRP_CLIENT_ARG *)arg;
251 return BUF_strdup((char *)srp_client_arg->srppassin);
252}
253
254/* SRP server */
255/* This is a context that we pass to SRP server callbacks */
256typedef struct srp_server_arg_st {
257 char *expected_user;
258 char *pass;
259} SRP_SERVER_ARG;
260
261static int
262ssl_srp_server_param_cb(SSL *s, int *ad, void *arg)
263{
264 SRP_SERVER_ARG *p = (SRP_SERVER_ARG *) arg;
265
266 if (strcmp(p->expected_user, SSL_get_srp_username(s)) != 0) {
267 fprintf(stderr, "User %s doesn't exist\n", SSL_get_srp_username(s));
268 return SSL3_AL_FATAL;
269 }
270 if (SSL_set_srp_server_param_pw(s, p->expected_user, p->pass, "1024") < 0) {
271 *ad = SSL_AD_INTERNAL_ERROR;
272 return SSL3_AL_FATAL;
273 }
274 return SSL_ERROR_NONE;
275}
276#endif
234 277
235static BIO *bio_err = NULL; 278static BIO *bio_err = NULL;
236static BIO *bio_stdout = NULL; 279static BIO *bio_stdout = NULL;
@@ -277,6 +320,10 @@ sv_usage(void)
277#ifndef OPENSSL_NO_PSK 320#ifndef OPENSSL_NO_PSK
278 fprintf(stderr, " -psk arg - PSK in hex (without 0x)\n"); 321 fprintf(stderr, " -psk arg - PSK in hex (without 0x)\n");
279#endif 322#endif
323#ifndef OPENSSL_NO_SRP
324 fprintf(stderr, " -srpuser user - SRP username to use\n");
325 fprintf(stderr, " -srppass arg - password for 'user'\n");
326#endif
280 fprintf(stderr, " -ssl3 - use SSLv3\n"); 327 fprintf(stderr, " -ssl3 - use SSLv3\n");
281 fprintf(stderr, " -tls1 - use TLSv1\n"); 328 fprintf(stderr, " -tls1 - use TLSv1\n");
282 fprintf(stderr, " -CApath arg - PEM format directory of CA's\n"); 329 fprintf(stderr, " -CApath arg - PEM format directory of CA's\n");
@@ -452,6 +499,12 @@ main(int argc, char *argv[])
452#ifndef OPENSSL_NO_ECDH 499#ifndef OPENSSL_NO_ECDH
453 EC_KEY *ecdh = NULL; 500 EC_KEY *ecdh = NULL;
454#endif 501#endif
502#ifndef OPENSSL_NO_SRP
503 /* client */
504 SRP_CLIENT_ARG srp_client_arg = {NULL, NULL};
505 /* server */
506 SRP_SERVER_ARG srp_server_arg = {NULL, NULL};
507#endif
455 int no_dhe = 0; 508 int no_dhe = 0;
456 int no_ecdhe = 0; 509 int no_ecdhe = 0;
457 int no_psk = 0; 510 int no_psk = 0;
@@ -541,6 +594,19 @@ main(int argc, char *argv[])
541 no_psk = 1; 594 no_psk = 1;
542#endif 595#endif
543 } 596 }
597#ifndef OPENSSL_NO_SRP
598 else if (strcmp(*argv, "-srpuser") == 0) {
599 if (--argc < 1)
600 goto bad;
601 srp_server_arg.expected_user = srp_client_arg.srplogin= *(++argv);
602 tls1 = 1;
603 } else if (strcmp(*argv, "-srppass") == 0) {
604 if (--argc < 1)
605 goto bad;
606 srp_server_arg.pass = srp_client_arg.srppassin= *(++argv);
607 tls1 = 1;
608 }
609#endif
544 else if (strcmp(*argv, "-ssl2") == 0) 610 else if (strcmp(*argv, "-ssl2") == 0)
545 ssl2 = 1; 611 ssl2 = 1;
546 else if (strcmp(*argv, "-tls1") == 0) 612 else if (strcmp(*argv, "-tls1") == 0)
@@ -848,6 +914,23 @@ bad:
848 } 914 }
849#endif 915#endif
850 } 916 }
917#ifndef OPENSSL_NO_SRP
918 if (srp_client_arg.srplogin) {
919 if (!SSL_CTX_set_srp_username(c_ctx, srp_client_arg.srplogin)) {
920 BIO_printf(bio_err, "Unable to set SRP username\n");
921 goto end;
922 }
923 SSL_CTX_set_srp_cb_arg(c_ctx, &srp_client_arg);
924 SSL_CTX_set_srp_client_pwd_callback(c_ctx, ssl_give_srp_client_pwd_cb);
925 /*SSL_CTX_set_srp_strength(c_ctx, srp_client_arg.strength);*/
926 }
927
928 if (srp_server_arg.expected_user != NULL) {
929 SSL_CTX_set_verify(s_ctx, SSL_VERIFY_NONE, verify_callback);
930 SSL_CTX_set_srp_cb_arg(s_ctx, &srp_server_arg);
931 SSL_CTX_set_srp_username_callback(s_ctx, ssl_srp_server_param_cb);
932 }
933#endif
851 934
852 c_ssl = SSL_new(c_ctx); 935 c_ssl = SSL_new(c_ctx);
853 s_ssl = SSL_new(s_ctx); 936 s_ssl = SSL_new(s_ctx);
diff --git a/src/lib/libssl/src/ssl/t1_lib.c b/src/lib/libssl/src/ssl/t1_lib.c
index c4eeb7a41d..c3d62957ae 100644
--- a/src/lib/libssl/src/ssl/t1_lib.c
+++ b/src/lib/libssl/src/ssl/t1_lib.c
@@ -427,6 +427,35 @@ unsigned char
427 ret += el; 427 ret += el;
428 } 428 }
429 429
430#ifndef OPENSSL_NO_SRP
431 /* Add SRP username if there is one */
432 if (s->srp_ctx.login != NULL)
433 { /* Add TLS extension SRP username to the Client Hello message */
434
435 int login_len = strlen(s->srp_ctx.login);
436
437 if (login_len > 255 || login_len == 0) {
438 SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, ERR_R_INTERNAL_ERROR);
439 return NULL;
440 }
441
442 /* check for enough space.
443 4 for the srp type type and entension length
444 1 for the srp user identity
445 + srp user identity length
446 */
447 if ((limit - ret - 5 - login_len)
448 < 0) return NULL;
449
450
451 /* fill in the extension */
452 s2n(TLSEXT_TYPE_srp, ret);
453 s2n(login_len + 1, ret);
454 (*ret++) = (unsigned char) login_len;
455 memcpy(ret, s->srp_ctx.login, login_len);
456 ret += login_len;
457 }
458#endif
430 459
431#ifndef OPENSSL_NO_EC 460#ifndef OPENSSL_NO_EC
432 if (s->tlsext_ecpointformatlist != NULL && 461 if (s->tlsext_ecpointformatlist != NULL &&
@@ -1042,6 +1071,27 @@ ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d,
1042 } 1071 }
1043 1072
1044 } 1073 }
1074#ifndef OPENSSL_NO_SRP
1075 else if (type == TLSEXT_TYPE_srp) {
1076 if (size <= 0 || ((len = data[0])) != (size - 1)) {
1077 *al = SSL_AD_DECODE_ERROR;
1078 return 0;
1079 }
1080 if (s->srp_ctx.login != NULL) {
1081 *al = SSL_AD_DECODE_ERROR;
1082 return 0;
1083 }
1084 if ((s->srp_ctx.login = OPENSSL_malloc(len + 1)) == NULL)
1085 return -1;
1086 memcpy(s->srp_ctx.login, &data[1], len);
1087 s->srp_ctx.login[len] = '\0';
1088
1089 if (strlen(s->srp_ctx.login) != len) {
1090 *al = SSL_AD_DECODE_ERROR;
1091 return 0;
1092 }
1093 }
1094#endif
1045 1095
1046#ifndef OPENSSL_NO_EC 1096#ifndef OPENSSL_NO_EC
1047 else if (type == TLSEXT_TYPE_ec_point_formats && 1097 else if (type == TLSEXT_TYPE_ec_point_formats &&
diff --git a/src/lib/libssl/src/ssl/tls_srp.c b/src/lib/libssl/src/ssl/tls_srp.c
new file mode 100644
index 0000000000..25ab73af9d
--- /dev/null
+++ b/src/lib/libssl/src/ssl/tls_srp.c
@@ -0,0 +1,511 @@
1/* ssl/tls_srp.c */
2/* Written by Christophe Renou (christophe.renou@edelweb.fr) with
3 * the precious help of Peter Sylvester (peter.sylvester@edelweb.fr)
4 * for the EdelKey project and contributed to the OpenSSL project 2004.
5 */
6/* ====================================================================
7 * Copyright (c) 2004-2011 The OpenSSL Project. All rights reserved.
8 *
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
11 * are met:
12 *
13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer.
15 *
16 * 2. Redistributions in binary form must reproduce the above copyright
17 * notice, this list of conditions and the following disclaimer in
18 * the documentation and/or other materials provided with the
19 * distribution.
20 *
21 * 3. All advertising materials mentioning features or use of this
22 * software must display the following acknowledgment:
23 * "This product includes software developed by the OpenSSL Project
24 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
25 *
26 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
27 * endorse or promote products derived from this software without
28 * prior written permission. For written permission, please contact
29 * licensing@OpenSSL.org.
30 *
31 * 5. Products derived from this software may not be called "OpenSSL"
32 * nor may "OpenSSL" appear in their names without prior written
33 * permission of the OpenSSL Project.
34 *
35 * 6. Redistributions of any form whatsoever must retain the following
36 * acknowledgment:
37 * "This product includes software developed by the OpenSSL Project
38 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
39 *
40 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
41 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
42 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
43 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
44 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
45 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
46 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
47 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
49 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
50 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
51 * OF THE POSSIBILITY OF SUCH DAMAGE.
52 * ====================================================================
53 *
54 * This product includes cryptographic software written by Eric Young
55 * (eay@cryptsoft.com). This product includes software written by Tim
56 * Hudson (tjh@cryptsoft.com).
57 *
58 */
59#include "ssl_locl.h"
60#ifndef OPENSSL_NO_SRP
61
62#include <openssl/rand.h>
63#include <openssl/srp.h>
64#include <openssl/err.h>
65
66int
67SSL_CTX_SRP_CTX_free(struct ssl_ctx_st *ctx) {
68 if (ctx == NULL)
69 return 0;
70 OPENSSL_free(ctx->srp_ctx.login);
71 BN_free(ctx->srp_ctx.N);
72 BN_free(ctx->srp_ctx.g);
73 BN_free(ctx->srp_ctx.s);
74 BN_free(ctx->srp_ctx.B);
75 BN_free(ctx->srp_ctx.A);
76 BN_free(ctx->srp_ctx.a);
77 BN_free(ctx->srp_ctx.b);
78 BN_free(ctx->srp_ctx.v);
79 ctx->srp_ctx.TLS_ext_srp_username_callback = NULL;
80 ctx->srp_ctx.SRP_cb_arg = NULL;
81 ctx->srp_ctx.SRP_verify_param_callback = NULL;
82 ctx->srp_ctx.SRP_give_srp_client_pwd_callback = NULL;
83 ctx->srp_ctx.N = NULL;
84 ctx->srp_ctx.g = NULL;
85 ctx->srp_ctx.s = NULL;
86 ctx->srp_ctx.B = NULL;
87 ctx->srp_ctx.A = NULL;
88 ctx->srp_ctx.a = NULL;
89 ctx->srp_ctx.b = NULL;
90 ctx->srp_ctx.v = NULL;
91 ctx->srp_ctx.login = NULL;
92 ctx->srp_ctx.info = NULL;
93 ctx->srp_ctx.strength = SRP_MINIMAL_N;
94 ctx->srp_ctx.srp_Mask = 0;
95 return (1);
96}
97
98int
99SSL_SRP_CTX_free(struct ssl_st *s) {
100 if (s == NULL)
101 return 0;
102 OPENSSL_free(s->srp_ctx.login);
103 BN_free(s->srp_ctx.N);
104 BN_free(s->srp_ctx.g);
105 BN_free(s->srp_ctx.s);
106 BN_free(s->srp_ctx.B);
107 BN_free(s->srp_ctx.A);
108 BN_free(s->srp_ctx.a);
109 BN_free(s->srp_ctx.b);
110 BN_free(s->srp_ctx.v);
111 s->srp_ctx.TLS_ext_srp_username_callback = NULL;
112 s->srp_ctx.SRP_cb_arg = NULL;
113 s->srp_ctx.SRP_verify_param_callback = NULL;
114 s->srp_ctx.SRP_give_srp_client_pwd_callback = NULL;
115 s->srp_ctx.N = NULL;
116 s->srp_ctx.g = NULL;
117 s->srp_ctx.s = NULL;
118 s->srp_ctx.B = NULL;
119 s->srp_ctx.A = NULL;
120 s->srp_ctx.a = NULL;
121 s->srp_ctx.b = NULL;
122 s->srp_ctx.v = NULL;
123 s->srp_ctx.login = NULL;
124 s->srp_ctx.info = NULL;
125 s->srp_ctx.strength = SRP_MINIMAL_N;
126 s->srp_ctx.srp_Mask = 0;
127 return (1);
128}
129
130int
131SSL_SRP_CTX_init(struct ssl_st *s) {
132 SSL_CTX *ctx;
133
134 if ((s == NULL) || ((ctx = s->ctx) == NULL))
135 return 0;
136 s->srp_ctx.SRP_cb_arg = ctx->srp_ctx.SRP_cb_arg;
137 /* set client Hello login callback */
138 s->srp_ctx.TLS_ext_srp_username_callback = ctx->srp_ctx.TLS_ext_srp_username_callback;
139 /* set SRP N/g param callback for verification */
140 s->srp_ctx.SRP_verify_param_callback = ctx->srp_ctx.SRP_verify_param_callback;
141 /* set SRP client passwd callback */
142 s->srp_ctx.SRP_give_srp_client_pwd_callback = ctx->srp_ctx.SRP_give_srp_client_pwd_callback;
143
144 s->srp_ctx.N = NULL;
145 s->srp_ctx.g = NULL;
146 s->srp_ctx.s = NULL;
147 s->srp_ctx.B = NULL;
148 s->srp_ctx.A = NULL;
149 s->srp_ctx.a = NULL;
150 s->srp_ctx.b = NULL;
151 s->srp_ctx.v = NULL;
152 s->srp_ctx.login = NULL;
153 s->srp_ctx.info = ctx->srp_ctx.info;
154 s->srp_ctx.strength = ctx->srp_ctx.strength;
155
156 if (((ctx->srp_ctx.N != NULL) &&
157 ((s->srp_ctx.N = BN_dup(ctx->srp_ctx.N)) == NULL)) ||
158 ((ctx->srp_ctx.g != NULL) &&
159 ((s->srp_ctx.g = BN_dup(ctx->srp_ctx.g)) == NULL)) ||
160 ((ctx->srp_ctx.s != NULL) &&
161 ((s->srp_ctx.s = BN_dup(ctx->srp_ctx.s)) == NULL)) ||
162 ((ctx->srp_ctx.B != NULL) &&
163 ((s->srp_ctx.B = BN_dup(ctx->srp_ctx.B)) == NULL)) ||
164 ((ctx->srp_ctx.A != NULL) &&
165 ((s->srp_ctx.A = BN_dup(ctx->srp_ctx.A)) == NULL)) ||
166 ((ctx->srp_ctx.a != NULL) &&
167 ((s->srp_ctx.a = BN_dup(ctx->srp_ctx.a)) == NULL)) ||
168 ((ctx->srp_ctx.v != NULL) &&
169 ((s->srp_ctx.v = BN_dup(ctx->srp_ctx.v)) == NULL)) ||
170 ((ctx->srp_ctx.b != NULL) &&
171 ((s->srp_ctx.b = BN_dup(ctx->srp_ctx.b)) == NULL))) {
172 SSLerr(SSL_F_SSL_SRP_CTX_INIT, ERR_R_BN_LIB);
173 goto err;
174 }
175 if ((ctx->srp_ctx.login != NULL) &&
176 ((s->srp_ctx.login = BUF_strdup(ctx->srp_ctx.login)) == NULL)) {
177 SSLerr(SSL_F_SSL_SRP_CTX_INIT, ERR_R_INTERNAL_ERROR);
178 goto err;
179 }
180 s->srp_ctx.srp_Mask = ctx->srp_ctx.srp_Mask;
181
182 return (1);
183err:
184 OPENSSL_free(s->srp_ctx.login);
185 BN_free(s->srp_ctx.N);
186 BN_free(s->srp_ctx.g);
187 BN_free(s->srp_ctx.s);
188 BN_free(s->srp_ctx.B);
189 BN_free(s->srp_ctx.A);
190 BN_free(s->srp_ctx.a);
191 BN_free(s->srp_ctx.b);
192 BN_free(s->srp_ctx.v);
193 return (0);
194}
195
196int
197SSL_CTX_SRP_CTX_init(struct ssl_ctx_st *ctx) {
198 if (ctx == NULL)
199 return 0;
200
201 ctx->srp_ctx.SRP_cb_arg = NULL;
202 /* set client Hello login callback */
203 ctx->srp_ctx.TLS_ext_srp_username_callback = NULL;
204 /* set SRP N/g param callback for verification */
205 ctx->srp_ctx.SRP_verify_param_callback = NULL;
206 /* set SRP client passwd callback */
207 ctx->srp_ctx.SRP_give_srp_client_pwd_callback = NULL;
208
209 ctx->srp_ctx.N = NULL;
210 ctx->srp_ctx.g = NULL;
211 ctx->srp_ctx.s = NULL;
212 ctx->srp_ctx.B = NULL;
213 ctx->srp_ctx.A = NULL;
214 ctx->srp_ctx.a = NULL;
215 ctx->srp_ctx.b = NULL;
216 ctx->srp_ctx.v = NULL;
217 ctx->srp_ctx.login = NULL;
218 ctx->srp_ctx.srp_Mask = 0;
219 ctx->srp_ctx.info = NULL;
220 ctx->srp_ctx.strength = SRP_MINIMAL_N;
221
222 return (1);
223}
224
225/* server side */
226int
227SSL_srp_server_param_with_username(SSL *s, int *ad)
228{
229 unsigned char b[SSL_MAX_MASTER_KEY_LENGTH];
230 int al;
231
232 *ad = SSL_AD_UNKNOWN_PSK_IDENTITY;
233 if ((s->srp_ctx.TLS_ext_srp_username_callback !=NULL) &&
234 ((al = s->srp_ctx.TLS_ext_srp_username_callback(s, ad,
235 s->srp_ctx.SRP_cb_arg)) != SSL_ERROR_NONE))
236 return al;
237
238 *ad = SSL_AD_INTERNAL_ERROR;
239 if ((s->srp_ctx.N == NULL) || (s->srp_ctx.g == NULL) ||
240 (s->srp_ctx.s == NULL) || (s->srp_ctx.v == NULL))
241 return SSL3_AL_FATAL;
242
243 if (RAND_bytes(b, sizeof(b)) <= 0)
244 return SSL3_AL_FATAL;
245 s->srp_ctx.b = BN_bin2bn(b, sizeof(b), NULL);
246 OPENSSL_cleanse(b, sizeof(b));
247
248 /* Calculate: B = (kv + g^b) % N */
249
250 return ((s->srp_ctx.B = SRP_Calc_B(s->srp_ctx.b, s->srp_ctx.N, s->srp_ctx.g, s->srp_ctx.v)) != NULL) ? SSL_ERROR_NONE : SSL3_AL_FATAL;
251}
252
253/* If the server just has the raw password, make up a verifier entry on the fly */
254int
255SSL_set_srp_server_param_pw(SSL *s, const char *user, const char *pass, const char *grp)
256{
257 SRP_gN *GN = SRP_get_default_gN(grp);
258 if (GN == NULL)
259 return -1;
260 s->srp_ctx.N = BN_dup(GN->N);
261 s->srp_ctx.g = BN_dup(GN->g);
262 if (s->srp_ctx.v != NULL) {
263 BN_clear_free(s->srp_ctx.v);
264 s->srp_ctx.v = NULL;
265 }
266 if (s->srp_ctx.s != NULL) {
267 BN_clear_free(s->srp_ctx.s);
268 s->srp_ctx.s = NULL;
269 }
270 if (!SRP_create_verifier_BN(user, pass, &s->srp_ctx.s, &s->srp_ctx.v,
271 GN->N, GN->g))
272 return -1;
273
274 return 1;
275}
276
277int
278SSL_set_srp_server_param(SSL *s, const BIGNUM *N, const BIGNUM *g,
279 BIGNUM *sa, BIGNUM *v, char *info)
280{
281 if (N != NULL) {
282 if (s->srp_ctx.N != NULL) {
283 if (!BN_copy(s->srp_ctx.N, N)) {
284 BN_free(s->srp_ctx.N);
285 s->srp_ctx.N = NULL;
286 }
287 } else
288 s->srp_ctx.N = BN_dup(N);
289 }
290 if (g != NULL) {
291 if (s->srp_ctx.g != NULL) {
292 if (!BN_copy(s->srp_ctx.g, g)) {
293 BN_free(s->srp_ctx.g);
294 s->srp_ctx.g = NULL;
295 }
296 } else
297 s->srp_ctx.g = BN_dup(g);
298 }
299 if (sa != NULL) {
300 if (s->srp_ctx.s != NULL) {
301 if (!BN_copy(s->srp_ctx.s, sa)) {
302 BN_free(s->srp_ctx.s);
303 s->srp_ctx.s = NULL;
304 }
305 } else
306 s->srp_ctx.s = BN_dup(sa);
307 }
308 if (v != NULL) {
309 if (s->srp_ctx.v != NULL) {
310 if (!BN_copy(s->srp_ctx.v, v)) {
311 BN_free(s->srp_ctx.v);
312 s->srp_ctx.v = NULL;
313 }
314 } else
315 s->srp_ctx.v = BN_dup(v);
316 }
317 s->srp_ctx.info = info;
318
319 if (!(s->srp_ctx.N) || !(s->srp_ctx.g) ||
320 !(s->srp_ctx.s) || !(s->srp_ctx.v))
321 return -1;
322
323 return 1;
324}
325
326int
327SRP_generate_server_master_secret(SSL *s, unsigned char *master_key)
328{
329 BIGNUM *K = NULL, *u = NULL;
330 int ret = -1, tmp_len;
331 unsigned char *tmp = NULL;
332
333 if (!SRP_Verify_A_mod_N(s->srp_ctx.A, s->srp_ctx.N))
334 goto err;
335 if (!(u = SRP_Calc_u(s->srp_ctx.A, s->srp_ctx.B, s->srp_ctx.N)))
336 goto err;
337 if (!(K = SRP_Calc_server_key(s->srp_ctx.A, s->srp_ctx.v, u, s->srp_ctx.b, s->srp_ctx.N)))
338 goto err;
339
340 tmp_len = BN_num_bytes(K);
341 if ((tmp = OPENSSL_malloc(tmp_len)) == NULL)
342 goto err;
343 BN_bn2bin(K, tmp);
344 ret = s->method->ssl3_enc->generate_master_secret(s, master_key, tmp, tmp_len);
345err:
346 if (tmp) {
347 OPENSSL_cleanse(tmp, tmp_len);
348 OPENSSL_free(tmp);
349 }
350 BN_clear_free(K);
351 BN_clear_free(u);
352 return ret;
353}
354
355/* client side */
356int
357SRP_generate_client_master_secret(SSL *s, unsigned char *master_key)
358{
359 BIGNUM *x = NULL, *u = NULL, *K = NULL;
360 int ret = -1, tmp_len;
361 char *passwd = NULL;
362 unsigned char *tmp = NULL;
363
364 /* Checks if b % n == 0
365 */
366 if (SRP_Verify_B_mod_N(s->srp_ctx.B, s->srp_ctx.N) == 0)
367 goto err;
368 if (!(u = SRP_Calc_u(s->srp_ctx.A, s->srp_ctx.B, s->srp_ctx.N)))
369 goto err;
370 if (s->srp_ctx.SRP_give_srp_client_pwd_callback == NULL)
371 goto err;
372 if (!(passwd = s->srp_ctx.SRP_give_srp_client_pwd_callback(s,
373 s->srp_ctx.SRP_cb_arg)))
374 goto err;
375 if (!(x = SRP_Calc_x(s->srp_ctx.s, s->srp_ctx.login, passwd)))
376 goto err;
377 if (!(K = SRP_Calc_client_key(s->srp_ctx.N, s->srp_ctx.B, s->srp_ctx.g,
378 x, s->srp_ctx.a, u)))
379 goto err;
380
381 tmp_len = BN_num_bytes(K);
382 if ((tmp = OPENSSL_malloc(tmp_len)) == NULL) goto err;
383 BN_bn2bin(K, tmp);
384 ret = s->method->ssl3_enc->generate_master_secret(s, master_key,
385 tmp, tmp_len);
386err:
387 if (tmp) {
388 OPENSSL_cleanse(tmp, tmp_len);
389 OPENSSL_free(tmp);
390 }
391 BN_clear_free(K);
392 BN_clear_free(x);
393 if (passwd) {
394 OPENSSL_cleanse(passwd, strlen(passwd));
395 OPENSSL_free(passwd);
396 }
397 BN_clear_free(u);
398 return ret;
399}
400
401int
402SRP_Calc_A_param(SSL *s)
403{
404 unsigned char rnd[SSL_MAX_MASTER_KEY_LENGTH];
405
406 if (BN_num_bits(s->srp_ctx.N) < s->srp_ctx.strength)
407 return -1;
408
409 if (s->srp_ctx.SRP_verify_param_callback ==NULL &&
410 !SRP_check_known_gN_param(s->srp_ctx.g, s->srp_ctx.N))
411 return -1;
412
413 RAND_bytes(rnd, sizeof(rnd));
414 s->srp_ctx.a = BN_bin2bn(rnd, sizeof(rnd), s->srp_ctx.a);
415 OPENSSL_cleanse(rnd, sizeof(rnd));
416
417 if (!(s->srp_ctx.A = SRP_Calc_A(s->srp_ctx.a, s->srp_ctx.N,
418 s->srp_ctx.g)))
419 return -1;
420
421 /* We can have a callback to verify SRP param!! */
422 if (s->srp_ctx.SRP_verify_param_callback !=NULL)
423 return s->srp_ctx.SRP_verify_param_callback(s,
424 s->srp_ctx.SRP_cb_arg);
425
426 return 1;
427}
428
429BIGNUM
430*SSL_get_srp_g(SSL *s)
431{
432 if (s->srp_ctx.g != NULL)
433 return s->srp_ctx.g;
434 return s->ctx->srp_ctx.g;
435}
436
437BIGNUM
438*SSL_get_srp_N(SSL *s)
439{
440 if (s->srp_ctx.N != NULL)
441 return s->srp_ctx.N;
442 return s->ctx->srp_ctx.N;
443}
444
445char
446*SSL_get_srp_username(SSL *s)
447{
448 if (s->srp_ctx.login != NULL)
449 return s->srp_ctx.login;
450 return s->ctx->srp_ctx.login;
451}
452
453char
454*SSL_get_srp_userinfo(SSL *s)
455{
456 if (s->srp_ctx.info != NULL)
457 return s->srp_ctx.info;
458 return s->ctx->srp_ctx.info;
459}
460
461#define tls1_ctx_ctrl ssl3_ctx_ctrl
462#define tls1_ctx_callback_ctrl ssl3_ctx_callback_ctrl
463
464int
465SSL_CTX_set_srp_username(SSL_CTX *ctx, char *name)
466{
467 return tls1_ctx_ctrl(ctx, SSL_CTRL_SET_TLS_EXT_SRP_USERNAME, 0, name);
468}
469
470int
471SSL_CTX_set_srp_password(SSL_CTX *ctx, char *password)
472{
473 return tls1_ctx_ctrl(ctx, SSL_CTRL_SET_TLS_EXT_SRP_PASSWORD, 0, password);
474}
475
476int
477SSL_CTX_set_srp_strength(SSL_CTX *ctx, int strength)
478{
479 return tls1_ctx_ctrl(ctx, SSL_CTRL_SET_TLS_EXT_SRP_STRENGTH, strength,
480 NULL);
481}
482
483int
484SSL_CTX_set_srp_verify_param_callback(SSL_CTX *ctx, int (*cb)(SSL *, void *))
485{
486 return tls1_ctx_callback_ctrl(ctx, SSL_CTRL_SET_SRP_VERIFY_PARAM_CB,
487 (void (*)(void))cb);
488}
489
490int
491SSL_CTX_set_srp_cb_arg(SSL_CTX *ctx, void *arg)
492{
493 return tls1_ctx_ctrl(ctx, SSL_CTRL_SET_SRP_ARG, 0, arg);
494}
495
496int
497SSL_CTX_set_srp_username_callback(SSL_CTX *ctx,
498 int (*cb)(SSL *, int *, void *))
499{
500 return tls1_ctx_callback_ctrl(ctx, SSL_CTRL_SET_TLS_EXT_SRP_USERNAME_CB,
501 (void (*)(void))cb);
502}
503
504int
505SSL_CTX_set_srp_client_pwd_callback(SSL_CTX *ctx, char *(*cb)(SSL *, void *))
506{
507 return tls1_ctx_callback_ctrl(ctx, SSL_CTRL_SET_SRP_GIVE_CLIENT_PWD_CB,
508 (void (*)(void))cb);
509}
510
511#endif
diff --git a/src/lib/libssl/ssl.h b/src/lib/libssl/ssl.h
index 3f99de1616..d3e015e738 100644
--- a/src/lib/libssl/ssl.h
+++ b/src/lib/libssl/ssl.h
@@ -533,6 +533,9 @@ struct ssl_session_st {
533 size_t tlsext_ticklen; /* Session ticket length */ 533 size_t tlsext_ticklen; /* Session ticket length */
534 long tlsext_tick_lifetime_hint; /* Session lifetime hint in seconds */ 534 long tlsext_tick_lifetime_hint; /* Session lifetime hint in seconds */
535#endif 535#endif
536#ifndef OPENSSL_NO_SRP
537 char *srp_username;
538#endif
536}; 539};
537 540
538#endif 541#endif
@@ -682,6 +685,42 @@ void SSL_set_msg_callback(SSL *ssl, void (*cb)(int write_p, int version,
682#define SSL_CTX_set_msg_callback_arg(ctx, arg) SSL_CTX_ctrl((ctx), SSL_CTRL_SET_MSG_CALLBACK_ARG, 0, (arg)) 685#define SSL_CTX_set_msg_callback_arg(ctx, arg) SSL_CTX_ctrl((ctx), SSL_CTRL_SET_MSG_CALLBACK_ARG, 0, (arg))
683#define SSL_set_msg_callback_arg(ssl, arg) SSL_ctrl((ssl), SSL_CTRL_SET_MSG_CALLBACK_ARG, 0, (arg)) 686#define SSL_set_msg_callback_arg(ssl, arg) SSL_ctrl((ssl), SSL_CTRL_SET_MSG_CALLBACK_ARG, 0, (arg))
684 687
688#ifndef OPENSSL_NO_SRP
689
690#ifndef OPENSSL_NO_SSL_INTERN
691
692typedef struct srp_ctx_st {
693 /* param for all the callbacks */
694 void *SRP_cb_arg;
695 /* set client Hello login callback */
696 int (*TLS_ext_srp_username_callback)(SSL *, int *, void *);
697 /* set SRP N/g param callback for verification */
698 int (*SRP_verify_param_callback)(SSL *, void *);
699 /* set SRP client passwd callback */
700 char *(*SRP_give_srp_client_pwd_callback)(SSL *, void *);
701
702 char *login;
703 BIGNUM *N, *g, *s, *B, *A;
704 BIGNUM *a, *b, *v;
705 char *info;
706 int strength;
707
708 unsigned long srp_Mask;
709} SRP_CTX;
710
711#endif
712
713/* see tls_srp.c */
714int SSL_SRP_CTX_init(SSL *s);
715int SSL_CTX_SRP_CTX_init(SSL_CTX *ctx);
716int SSL_SRP_CTX_free(SSL *ctx);
717int SSL_CTX_SRP_CTX_free(SSL_CTX *ctx);
718int SSL_srp_server_param_with_username(SSL *s, int *ad);
719int SRP_generate_server_master_secret(SSL *s, unsigned char *master_key);
720int SRP_Calc_A_param(SSL *s);
721int SRP_generate_client_master_secret(SSL *s, unsigned char *master_key);
722
723#endif
685 724
686#define SSL_MAX_CERT_LIST_DEFAULT 1024*100 /* 100k max cert list :-) */ 725#define SSL_MAX_CERT_LIST_DEFAULT 1024*100 /* 100k max cert list :-) */
687 726
@@ -903,6 +942,9 @@ struct ssl_ctx_st {
903 struct ssl3_buf_freelist_st *wbuf_freelist; 942 struct ssl3_buf_freelist_st *wbuf_freelist;
904 struct ssl3_buf_freelist_st *rbuf_freelist; 943 struct ssl3_buf_freelist_st *rbuf_freelist;
905#endif 944#endif
945#ifndef OPENSSL_NO_SRP
946 SRP_CTX srp_ctx; /* ctx for SRP authentication */
947#endif
906 948
907#ifndef OPENSSL_NO_TLSEXT 949#ifndef OPENSSL_NO_TLSEXT
908 950
@@ -1306,6 +1348,9 @@ struct ssl_st {
1306 * 2 if we are a server and are inside a handshake 1348 * 2 if we are a server and are inside a handshake
1307 * (i.e. not just sending a HelloRequest) */ 1349 * (i.e. not just sending a HelloRequest) */
1308 1350
1351#ifndef OPENSSL_NO_SRP
1352 SRP_CTX srp_ctx; /* ctx for SRP authentication */
1353#endif
1309}; 1354};
1310 1355
1311#endif 1356#endif
@@ -1754,6 +1799,24 @@ int SSL_set_trust(SSL *s, int trust);
1754int SSL_CTX_set1_param(SSL_CTX *ctx, X509_VERIFY_PARAM *vpm); 1799int SSL_CTX_set1_param(SSL_CTX *ctx, X509_VERIFY_PARAM *vpm);
1755int SSL_set1_param(SSL *ssl, X509_VERIFY_PARAM *vpm); 1800int SSL_set1_param(SSL *ssl, X509_VERIFY_PARAM *vpm);
1756 1801
1802#ifndef OPENSSL_NO_SRP
1803int SSL_CTX_set_srp_username(SSL_CTX *ctx, char *name);
1804int SSL_CTX_set_srp_password(SSL_CTX *ctx, char *password);
1805int SSL_CTX_set_srp_strength(SSL_CTX *ctx, int strength);
1806int SSL_CTX_set_srp_client_pwd_callback(SSL_CTX *ctx, char *(*cb)(SSL *, void *));
1807int SSL_CTX_set_srp_verify_param_callback(SSL_CTX *ctx, int (*cb)(SSL *, void *));
1808int SSL_CTX_set_srp_username_callback(SSL_CTX *ctx, int (*cb)(SSL *, int *, void *));
1809int SSL_CTX_set_srp_cb_arg(SSL_CTX *ctx, void *arg);
1810
1811int SSL_set_srp_server_param(SSL *s, const BIGNUM *N, const BIGNUM *g, BIGNUM *sa, BIGNUM *v, char *info);
1812int SSL_set_srp_server_param_pw(SSL *s, const char *user, const char *pass, const char *grp);
1813
1814BIGNUM *SSL_get_srp_g(SSL *s);
1815BIGNUM *SSL_get_srp_N(SSL *s);
1816
1817char *SSL_get_srp_username(SSL *s);
1818char *SSL_get_srp_userinfo(SSL *s);
1819#endif
1757 1820
1758void SSL_free(SSL *ssl); 1821void SSL_free(SSL *ssl);
1759int SSL_accept(SSL *ssl); 1822int SSL_accept(SSL *ssl);
diff --git a/src/lib/libssl/ssl/Makefile b/src/lib/libssl/ssl/Makefile
index 81b90e3fc3..6c8584e80d 100644
--- a/src/lib/libssl/ssl/Makefile
+++ b/src/lib/libssl/ssl/Makefile
@@ -1,4 +1,4 @@
1# $OpenBSD: Makefile,v 1.36 2014/04/16 17:59:17 tedu Exp $ 1# $OpenBSD: Makefile,v 1.37 2014/04/16 20:39:09 tedu Exp $
2 2
3LIB= ssl 3LIB= ssl
4 4
@@ -19,7 +19,7 @@ SRCS=\
19 ssl_lib.c ssl_err2.c ssl_cert.c ssl_sess.c \ 19 ssl_lib.c ssl_err2.c ssl_cert.c ssl_sess.c \
20 ssl_ciph.c ssl_stat.c ssl_rsa.c \ 20 ssl_ciph.c ssl_stat.c ssl_rsa.c \
21 ssl_asn1.c ssl_txt.c ssl_algs.c \ 21 ssl_asn1.c ssl_txt.c ssl_algs.c \
22 bio_ssl.c ssl_err.c kssl.c t1_reneg.c 22 bio_ssl.c ssl_err.c kssl.c tls_srp.c t1_reneg.c
23SRCS+= s3_cbc.c 23SRCS+= s3_cbc.c
24 24
25HDRS= srtp.h ssl.h ssl2.h ssl3.h ssl23.h tls1.h dtls1.h kssl.h 25HDRS= srtp.h ssl.h ssl2.h ssl3.h ssl23.h tls1.h dtls1.h kssl.h
diff --git a/src/lib/libssl/ssl_asn1.c b/src/lib/libssl/ssl_asn1.c
index b1a3876c91..28e295f6a4 100644
--- a/src/lib/libssl/ssl_asn1.c
+++ b/src/lib/libssl/ssl_asn1.c
@@ -113,6 +113,9 @@ typedef struct ssl_session_asn1_st {
113 ASN1_OCTET_STRING psk_identity_hint; 113 ASN1_OCTET_STRING psk_identity_hint;
114 ASN1_OCTET_STRING psk_identity; 114 ASN1_OCTET_STRING psk_identity;
115#endif /* OPENSSL_NO_PSK */ 115#endif /* OPENSSL_NO_PSK */
116#ifndef OPENSSL_NO_SRP
117 ASN1_OCTET_STRING srp_username;
118#endif /* OPENSSL_NO_SRP */
116} SSL_SESSION_ASN1; 119} SSL_SESSION_ASN1;
117 120
118int 121int
@@ -130,6 +133,9 @@ i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp)
130 unsigned char cbuf; 133 unsigned char cbuf;
131 int v11 = 0; 134 int v11 = 0;
132#endif 135#endif
136#ifndef OPENSSL_NO_SRP
137 int v12 = 0;
138#endif
133 long l; 139 long l;
134 SSL_SESSION_ASN1 a; 140 SSL_SESSION_ASN1 a;
135 M_ASN1_I2D_vars(in); 141 M_ASN1_I2D_vars(in);
@@ -247,6 +253,13 @@ i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp)
247 a.psk_identity.data = (unsigned char *)(in->psk_identity); 253 a.psk_identity.data = (unsigned char *)(in->psk_identity);
248 } 254 }
249#endif /* OPENSSL_NO_PSK */ 255#endif /* OPENSSL_NO_PSK */
256#ifndef OPENSSL_NO_SRP
257 if (in->srp_username) {
258 a.srp_username.length = strlen(in->srp_username);
259 a.srp_username.type = V_ASN1_OCTET_STRING;
260 a.srp_username.data = (unsigned char *)(in->srp_username);
261 }
262#endif /* OPENSSL_NO_SRP */
250 263
251 M_ASN1_I2D_len(&(a.version), i2d_ASN1_INTEGER); 264 M_ASN1_I2D_len(&(a.version), i2d_ASN1_INTEGER);
252 M_ASN1_I2D_len(&(a.ssl_version), i2d_ASN1_INTEGER); 265 M_ASN1_I2D_len(&(a.ssl_version), i2d_ASN1_INTEGER);
@@ -287,6 +300,10 @@ i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp)
287 if (in->psk_identity) 300 if (in->psk_identity)
288 M_ASN1_I2D_len_EXP_opt(&(a.psk_identity), i2d_ASN1_OCTET_STRING, 8, v8); 301 M_ASN1_I2D_len_EXP_opt(&(a.psk_identity), i2d_ASN1_OCTET_STRING, 8, v8);
289#endif /* OPENSSL_NO_PSK */ 302#endif /* OPENSSL_NO_PSK */
303#ifndef OPENSSL_NO_SRP
304 if (in->srp_username)
305 M_ASN1_I2D_len_EXP_opt(&(a.srp_username), i2d_ASN1_OCTET_STRING, 12, v12);
306#endif /* OPENSSL_NO_SRP */
290 307
291 M_ASN1_I2D_seq_total(); 308 M_ASN1_I2D_seq_total();
292 309
@@ -331,6 +348,10 @@ i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp)
331 if (in->compress_meth) 348 if (in->compress_meth)
332 M_ASN1_I2D_put_EXP_opt(&(a.comp_id), i2d_ASN1_OCTET_STRING, 11, v11); 349 M_ASN1_I2D_put_EXP_opt(&(a.comp_id), i2d_ASN1_OCTET_STRING, 11, v11);
333#endif 350#endif
351#ifndef OPENSSL_NO_SRP
352 if (in->srp_username)
353 M_ASN1_I2D_put_EXP_opt(&(a.srp_username), i2d_ASN1_OCTET_STRING, 12, v12);
354#endif /* OPENSSL_NO_SRP */
334 M_ASN1_I2D_finish(); 355 M_ASN1_I2D_finish();
335} 356}
336 357
@@ -559,6 +580,18 @@ long length)
559 } 580 }
560#endif 581#endif
561 582
583#ifndef OPENSSL_NO_SRP
584 os.length = 0;
585 os.data = NULL;
586 M_ASN1_D2I_get_EXP_opt(osp, d2i_ASN1_OCTET_STRING, 12);
587 if (os.data) {
588 ret->srp_username = BUF_strndup((char *)os.data, os.length);
589 OPENSSL_free(os.data);
590 os.data = NULL;
591 os.length = 0;
592 } else
593 ret->srp_username = NULL;
594#endif /* OPENSSL_NO_SRP */
562 595
563 M_ASN1_D2I_Finish(a, SSL_SESSION_free, SSL_F_D2I_SSL_SESSION); 596 M_ASN1_D2I_Finish(a, SSL_SESSION_free, SSL_F_D2I_SSL_SESSION);
564} 597}
diff --git a/src/lib/libssl/ssl_ciph.c b/src/lib/libssl/ssl_ciph.c
index 1a87cc255d..4bd3be0d41 100644
--- a/src/lib/libssl/ssl_ciph.c
+++ b/src/lib/libssl/ssl_ciph.c
@@ -724,7 +724,9 @@ ssl_cipher_get_disabled(unsigned long *mkey, unsigned long *auth, unsigned long
724 *mkey |= SSL_kPSK; 724 *mkey |= SSL_kPSK;
725 *auth |= SSL_aPSK; 725 *auth |= SSL_aPSK;
726#endif 726#endif
727#ifdef OPENSSL_NO_SRP
727 *mkey |= SSL_kSRP; 728 *mkey |= SSL_kSRP;
729#endif
728 /* Check for presence of GOST 34.10 algorithms, and if they 730 /* Check for presence of GOST 34.10 algorithms, and if they
729 * do not present, disable appropriate auth and key exchange */ 731 * do not present, disable appropriate auth and key exchange */
730 if (!get_optional_pkey_id("gost94")) { 732 if (!get_optional_pkey_id("gost94")) {
diff --git a/src/lib/libssl/ssl_lib.c b/src/lib/libssl/ssl_lib.c
index d0c79710ef..a0882e4521 100644
--- a/src/lib/libssl/ssl_lib.c
+++ b/src/lib/libssl/ssl_lib.c
@@ -1823,6 +1823,9 @@ SSL_CTX
1823 ret->psk_client_callback = NULL; 1823 ret->psk_client_callback = NULL;
1824 ret->psk_server_callback = NULL; 1824 ret->psk_server_callback = NULL;
1825#endif 1825#endif
1826#ifndef OPENSSL_NO_SRP
1827 SSL_CTX_SRP_CTX_init(ret);
1828#endif
1826#ifndef OPENSSL_NO_BUF_FREELISTS 1829#ifndef OPENSSL_NO_BUF_FREELISTS
1827 ret->freelist_max_len = SSL_MAX_BUF_FREELIST_LEN_DEFAULT; 1830 ret->freelist_max_len = SSL_MAX_BUF_FREELIST_LEN_DEFAULT;
1828 ret->rbuf_freelist = OPENSSL_malloc(sizeof(SSL3_BUF_FREELIST)); 1831 ret->rbuf_freelist = OPENSSL_malloc(sizeof(SSL3_BUF_FREELIST));
@@ -1962,6 +1965,9 @@ SSL_CTX_free(SSL_CTX *a)
1962 if (a->psk_identity_hint) 1965 if (a->psk_identity_hint)
1963 OPENSSL_free(a->psk_identity_hint); 1966 OPENSSL_free(a->psk_identity_hint);
1964#endif 1967#endif
1968#ifndef OPENSSL_NO_SRP
1969 SSL_CTX_SRP_CTX_free(a);
1970#endif
1965#ifndef OPENSSL_NO_ENGINE 1971#ifndef OPENSSL_NO_ENGINE
1966 if (a->client_cert_engine) 1972 if (a->client_cert_engine)
1967 ENGINE_finish(a->client_cert_engine); 1973 ENGINE_finish(a->client_cert_engine);
diff --git a/src/lib/libssl/ssl_sess.c b/src/lib/libssl/ssl_sess.c
index 5c5ef4a312..0b1c655820 100644
--- a/src/lib/libssl/ssl_sess.c
+++ b/src/lib/libssl/ssl_sess.c
@@ -224,6 +224,9 @@ SSL_SESSION
224 ss->psk_identity_hint = NULL; 224 ss->psk_identity_hint = NULL;
225 ss->psk_identity = NULL; 225 ss->psk_identity = NULL;
226#endif 226#endif
227#ifndef OPENSSL_NO_SRP
228 ss->srp_username = NULL;
229#endif
227 return (ss); 230 return (ss);
228} 231}
229 232
@@ -734,6 +737,10 @@ SSL_SESSION_free(SSL_SESSION *ss)
734 if (ss->psk_identity != NULL) 737 if (ss->psk_identity != NULL)
735 OPENSSL_free(ss->psk_identity); 738 OPENSSL_free(ss->psk_identity);
736#endif 739#endif
740#ifndef OPENSSL_NO_SRP
741 if (ss->srp_username != NULL)
742 OPENSSL_free(ss->srp_username);
743#endif
737 OPENSSL_cleanse(ss, sizeof(*ss)); 744 OPENSSL_cleanse(ss, sizeof(*ss));
738 OPENSSL_free(ss); 745 OPENSSL_free(ss);
739} 746}
diff --git a/src/lib/libssl/ssl_txt.c b/src/lib/libssl/ssl_txt.c
index d3f304b73d..91664ffe43 100644
--- a/src/lib/libssl/ssl_txt.c
+++ b/src/lib/libssl/ssl_txt.c
@@ -193,6 +193,12 @@ SSL_SESSION_print(BIO *bp, const SSL_SESSION *x)
193 if (BIO_printf(bp, "%s", x->psk_identity_hint ? x->psk_identity_hint : "None") 193 if (BIO_printf(bp, "%s", x->psk_identity_hint ? x->psk_identity_hint : "None")
194 <= 0) goto err; 194 <= 0) goto err;
195#endif 195#endif
196#ifndef OPENSSL_NO_SRP
197 if (BIO_puts(bp, "\n SRP username: ")
198 <= 0) goto err;
199 if (BIO_printf(bp, "%s", x->srp_username ? x->srp_username : "None")
200 <= 0) goto err;
201#endif
196#ifndef OPENSSL_NO_TLSEXT 202#ifndef OPENSSL_NO_TLSEXT
197 if (x->tlsext_tick_lifetime_hint) { 203 if (x->tlsext_tick_lifetime_hint) {
198 if (BIO_printf(bp, 204 if (BIO_printf(bp,
diff --git a/src/lib/libssl/t1_lib.c b/src/lib/libssl/t1_lib.c
index c4eeb7a41d..c3d62957ae 100644
--- a/src/lib/libssl/t1_lib.c
+++ b/src/lib/libssl/t1_lib.c
@@ -427,6 +427,35 @@ unsigned char
427 ret += el; 427 ret += el;
428 } 428 }
429 429
430#ifndef OPENSSL_NO_SRP
431 /* Add SRP username if there is one */
432 if (s->srp_ctx.login != NULL)
433 { /* Add TLS extension SRP username to the Client Hello message */
434
435 int login_len = strlen(s->srp_ctx.login);
436
437 if (login_len > 255 || login_len == 0) {
438 SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, ERR_R_INTERNAL_ERROR);
439 return NULL;
440 }
441
442 /* check for enough space.
443 4 for the srp type type and entension length
444 1 for the srp user identity
445 + srp user identity length
446 */
447 if ((limit - ret - 5 - login_len)
448 < 0) return NULL;
449
450
451 /* fill in the extension */
452 s2n(TLSEXT_TYPE_srp, ret);
453 s2n(login_len + 1, ret);
454 (*ret++) = (unsigned char) login_len;
455 memcpy(ret, s->srp_ctx.login, login_len);
456 ret += login_len;
457 }
458#endif
430 459
431#ifndef OPENSSL_NO_EC 460#ifndef OPENSSL_NO_EC
432 if (s->tlsext_ecpointformatlist != NULL && 461 if (s->tlsext_ecpointformatlist != NULL &&
@@ -1042,6 +1071,27 @@ ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d,
1042 } 1071 }
1043 1072
1044 } 1073 }
1074#ifndef OPENSSL_NO_SRP
1075 else if (type == TLSEXT_TYPE_srp) {
1076 if (size <= 0 || ((len = data[0])) != (size - 1)) {
1077 *al = SSL_AD_DECODE_ERROR;
1078 return 0;
1079 }
1080 if (s->srp_ctx.login != NULL) {
1081 *al = SSL_AD_DECODE_ERROR;
1082 return 0;
1083 }
1084 if ((s->srp_ctx.login = OPENSSL_malloc(len + 1)) == NULL)
1085 return -1;
1086 memcpy(s->srp_ctx.login, &data[1], len);
1087 s->srp_ctx.login[len] = '\0';
1088
1089 if (strlen(s->srp_ctx.login) != len) {
1090 *al = SSL_AD_DECODE_ERROR;
1091 return 0;
1092 }
1093 }
1094#endif
1045 1095
1046#ifndef OPENSSL_NO_EC 1096#ifndef OPENSSL_NO_EC
1047 else if (type == TLSEXT_TYPE_ec_point_formats && 1097 else if (type == TLSEXT_TYPE_ec_point_formats &&
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-10-24 20:00:33 +0000