diff options
Diffstat (limited to 'src/lib/libssl/s3_clnt.c')
| -rw-r--r-- | src/lib/libssl/s3_clnt.c | 106 |
1 files changed, 106 insertions, 0 deletions
diff --git a/src/lib/libssl/s3_clnt.c b/src/lib/libssl/s3_clnt.c index 1589cdc21e..88be294ab7 100644 --- a/src/lib/libssl/s3_clnt.c +++ b/src/lib/libssl/s3_clnt.c | |||
| @@ -365,6 +365,15 @@ ssl3_connect(SSL *s) | |||
| 365 | ret = ssl3_get_server_done(s); | 365 | ret = ssl3_get_server_done(s); |
| 366 | if (ret <= 0) | 366 | if (ret <= 0) |
| 367 | goto end; | 367 | goto end; |
| 368 | #ifndef OPENSSL_NO_SRP | ||
| 369 | if (s->s3->tmp.new_cipher->algorithm_mkey & SSL_kSRP) { | ||
| 370 | if ((ret = SRP_Calc_A_param(s)) <= 0) { | ||
| 371 | SSLerr(SSL_F_SSL3_CONNECT, SSL_R_SRP_A_CALC); | ||
| 372 | ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR); | ||
| 373 | goto end; | ||
| 374 | } | ||
| 375 | } | ||
| 376 | #endif | ||
| 368 | if (s->s3->tmp.cert_req) | 377 | if (s->s3->tmp.cert_req) |
| 369 | s->state = SSL3_ST_CW_CERT_A; | 378 | s->state = SSL3_ST_CW_CERT_A; |
| 370 | else | 379 | else |
| @@ -1290,6 +1299,76 @@ ssl3_get_key_exchange(SSL *s) | |||
| 1290 | n -= param_len; | 1299 | n -= param_len; |
| 1291 | } else | 1300 | } else |
| 1292 | #endif /* !OPENSSL_NO_PSK */ | 1301 | #endif /* !OPENSSL_NO_PSK */ |
| 1302 | #ifndef OPENSSL_NO_SRP | ||
| 1303 | if (alg_k & SSL_kSRP) { | ||
| 1304 | n2s(p, i); | ||
| 1305 | param_len = i + 2; | ||
| 1306 | if (param_len > n) { | ||
| 1307 | al = SSL_AD_DECODE_ERROR; | ||
| 1308 | SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_BAD_SRP_N_LENGTH); | ||
| 1309 | goto f_err; | ||
| 1310 | } | ||
| 1311 | if (!(s->srp_ctx.N = BN_bin2bn(p, i, NULL))) { | ||
| 1312 | SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_BN_LIB); | ||
| 1313 | goto err; | ||
| 1314 | } | ||
| 1315 | p += i; | ||
| 1316 | |||
| 1317 | n2s(p, i); | ||
| 1318 | param_len += i + 2; | ||
| 1319 | if (param_len > n) { | ||
| 1320 | al = SSL_AD_DECODE_ERROR; | ||
| 1321 | SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_BAD_SRP_G_LENGTH); | ||
| 1322 | goto f_err; | ||
| 1323 | } | ||
| 1324 | if (!(s->srp_ctx.g = BN_bin2bn(p, i, NULL))) { | ||
| 1325 | SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_BN_LIB); | ||
| 1326 | goto err; | ||
| 1327 | } | ||
| 1328 | p += i; | ||
| 1329 | |||
| 1330 | i = (unsigned int)(p[0]); | ||
| 1331 | p++; | ||
| 1332 | param_len += i + 1; | ||
| 1333 | if (param_len > n) { | ||
| 1334 | al = SSL_AD_DECODE_ERROR; | ||
| 1335 | SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_BAD_SRP_S_LENGTH); | ||
| 1336 | goto f_err; | ||
| 1337 | } | ||
| 1338 | if (!(s->srp_ctx.s = BN_bin2bn(p, i, NULL))) { | ||
| 1339 | SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_BN_LIB); | ||
| 1340 | goto err; | ||
| 1341 | } | ||
| 1342 | p += i; | ||
| 1343 | |||
| 1344 | n2s(p, i); | ||
| 1345 | param_len += i + 2; | ||
| 1346 | if (param_len > n) { | ||
| 1347 | al = SSL_AD_DECODE_ERROR; | ||
| 1348 | SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_BAD_SRP_B_LENGTH); | ||
| 1349 | goto f_err; | ||
| 1350 | } | ||
| 1351 | if (!(s->srp_ctx.B = BN_bin2bn(p, i, NULL))) { | ||
| 1352 | SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_BN_LIB); | ||
| 1353 | goto err; | ||
| 1354 | } | ||
| 1355 | p += i; | ||
| 1356 | n -= param_len; | ||
| 1357 | |||
| 1358 | /* We must check if there is a certificate */ | ||
| 1359 | #ifndef OPENSSL_NO_RSA | ||
| 1360 | if (alg_a & SSL_aRSA) | ||
| 1361 | pkey = X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509); | ||
| 1362 | #else | ||
| 1363 | if (0) | ||
| 1364 | ; | ||
| 1365 | #endif | ||
| 1366 | #ifndef OPENSSL_NO_DSA | ||
| 1367 | else if (alg_a & SSL_aDSS) | ||
| 1368 | pkey = X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_DSA_SIGN].x509); | ||
| 1369 | #endif | ||
| 1370 | } else | ||
| 1371 | #endif /* !OPENSSL_NO_SRP */ | ||
| 1293 | #ifndef OPENSSL_NO_RSA | 1372 | #ifndef OPENSSL_NO_RSA |
| 1294 | if (alg_k & SSL_kRSA) { | 1373 | if (alg_k & SSL_kRSA) { |
| 1295 | if ((rsa = RSA_new()) == NULL) { | 1374 | if ((rsa = RSA_new()) == NULL) { |
| @@ -2492,6 +2571,33 @@ ssl3_send_client_key_exchange(SSL *s) | |||
| 2492 | EVP_PKEY_free(pub_key); | 2571 | EVP_PKEY_free(pub_key); |
| 2493 | 2572 | ||
| 2494 | } | 2573 | } |
| 2574 | #ifndef OPENSSL_NO_SRP | ||
| 2575 | else if (alg_k & SSL_kSRP) { | ||
| 2576 | if (s->srp_ctx.A != NULL) { | ||
| 2577 | /* send off the data */ | ||
| 2578 | n = BN_num_bytes(s->srp_ctx.A); | ||
| 2579 | s2n(n, p); | ||
| 2580 | BN_bn2bin(s->srp_ctx.A, p); | ||
| 2581 | n += 2; | ||
| 2582 | } else { | ||
| 2583 | SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR); | ||
| 2584 | goto err; | ||
| 2585 | } | ||
| 2586 | if (s->session->srp_username != NULL) | ||
| 2587 | OPENSSL_free(s->session->srp_username); | ||
| 2588 | s->session->srp_username = BUF_strdup(s->srp_ctx.login); | ||
| 2589 | if (s->session->srp_username == NULL) { | ||
| 2590 | SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, | ||
| 2591 | ERR_R_MALLOC_FAILURE); | ||
| 2592 | goto err; | ||
| 2593 | } | ||
| 2594 | |||
| 2595 | if ((s->session->master_key_length = SRP_generate_client_master_secret(s, s->session->master_key)) < 0) { | ||
| 2596 | SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR); | ||
| 2597 | goto err; | ||
| 2598 | } | ||
| 2599 | } | ||
| 2600 | #endif | ||
| 2495 | #ifndef OPENSSL_NO_PSK | 2601 | #ifndef OPENSSL_NO_PSK |
| 2496 | else if (alg_k & SSL_kPSK) { | 2602 | else if (alg_k & SSL_kPSK) { |
| 2497 | char identity[PSK_MAX_IDENTITY_LEN]; | 2603 | char identity[PSK_MAX_IDENTITY_LEN]; |