1 files changed, 0 insertions, 317 deletions
diff --git a/src/lib/libssl/s3_srvr.c b/src/lib/libssl/s3_srvr.c
index 6d8ccd66b7..081aebf1f5 100644
--- a/src/lib/libssl/s3_srvr.c
+++ b/src/lib/libssl/s3_srvr.c
@@ -164,9 +164,6 @@
 #include <openssl/dh.h>
 #endif
 #include <openssl/bn.h>
-#ifndef OPENSSL_NO_KRB5
-#include <openssl/krb5_asn.h>
-#endif
 #include <openssl/md5.h>
 static const SSL_METHOD *ssl3_get_server_method(int ver);
@@ -179,30 +176,6 @@ ssl3_get_server_method(int ver)
        return (NULL);
 }
-#ifndef OPENSSL_NO_SRP
-static int
-ssl_check_srp_ext_ClientHello(SSL *s, int *al)
-{
-        int ret = SSL_ERROR_NONE;
-        *al = SSL_AD_UNRECOGNIZED_NAME;
-        if ((s->s3->tmp.new_cipher->algorithm_mkey & SSL_kSRP) &&
-                (s->srp_ctx.TLS_ext_srp_username_callback != NULL)) {
-                if (s->srp_ctx.login == NULL) {
-                        /*
-                         * RFC 5054 says SHOULD reject,
-                         * we do so if There is no srp login name
-                         */
-                        ret = SSL3_AL_FATAL;
-                        *al = SSL_AD_UNKNOWN_PSK_IDENTITY;
-                } else {
-                        ret = SSL_srp_server_param_with_username(s, al);
-                }
-        }
-        return (ret);
-}
-#endif
 IMPLEMENT_ssl3_meth_func(SSLv3_server_method,
    ssl3_accept, ssl_undefined_function, ssl3_get_server_method)
@@ -342,39 +315,6 @@ ssl3_accept(SSL *s)
                                if (ret <= 0)
                                        goto end;
                        }
-#ifndef OPENSSL_NO_SRP
-                        {
-                                int al;
-                                if ((ret =
-                                    ssl_check_srp_ext_ClientHello(s, &al))
-                                    < 0) {
-                                        /*
-                                         * Callback indicates further work to
-                                         * be done.
-                                         */
-                                        s->rwstate = SSL_X509_LOOKUP;
-                                        goto end;
-                                }
-                                if (ret != SSL_ERROR_NONE) {
-                                        ssl3_send_alert(s, SSL3_AL_FATAL, al);
-                                        /*
-                                         * This is not really an error but the
-                                         * only means for a client to detect
-                                         * whether srp is supported.
-                                         */
-                                        if (al != TLS1_AD_UNKNOWN_PSK_IDENTITY)
-                                                SSLerr(SSL_F_SSL3_ACCEPT,
-                                                    SSL_R_CLIENTHELLO_TLSEXT);
-                                        ret = SSL_TLSEXT_ERR_ALERT_FATAL;
-                                        ret = -1;
-                                        goto end;
-                                }
-                        }
-#endif          
                        s->renegotiate = 2;
                        s->state = SSL3_ST_SW_SRVR_HELLO_A;
@@ -441,9 +381,6 @@ ssl3_accept(SSL *s)
                         * send_server_key_exchange.
                         */
                        if ((s->options & SSL_OP_EPHEMERAL_RSA)
-#ifndef OPENSSL_NO_KRB5
-                            && !(alg_k & SSL_kKRB5)
-#endif /* OPENSSL_NO_KRB5 */
                            )
                                /*
                                 * option SSL_OP_EPHEMERAL_RSA sends temporary
@@ -473,10 +410,6 @@ ssl3_accept(SSL *s)
 #ifndef OPENSSL_NO_PSK
                            || ((alg_k & SSL_kPSK) && s->ctx->psk_identity_hint)
 #endif
-#ifndef OPENSSL_NO_SRP
-                        /* SRP: send ServerKeyExchange */
-                            || (alg_k & SSL_kSRP)
-#endif
                            || (alg_k & (SSL_kDHr|SSL_kDHd|SSL_kEDH))
                            || (alg_k & SSL_kEECDH)
                            || ((alg_k & SSL_kRSA)
@@ -1796,20 +1729,6 @@ ssl3_send_server_key_exchange(SSL *s)
                        n += 2 + pskhintlen;
                } else
 #endif /* !OPENSSL_NO_PSK */
-#ifndef OPENSSL_NO_SRP
-                if (type & SSL_kSRP) {
-                        if ((s->srp_ctx.N == NULL) || (s->srp_ctx.g == NULL) ||
-                            (s->srp_ctx.s == NULL) || (s->srp_ctx.B == NULL)) {
-                                SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,
-                                    SSL_R_MISSING_SRP_PARAM);
-                                goto err;
-                        }
-                        r[0] = s->srp_ctx.N;
-                        r[1] = s->srp_ctx.g;
-                        r[2] = s->srp_ctx.s;
-                        r[3] = s->srp_ctx.B;
-                } else
-#endif
                {
                        al = SSL_AD_HANDSHAKE_FAILURE;
                        SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,
@@ -1818,11 +1737,6 @@ ssl3_send_server_key_exchange(SSL *s)
                }
                for (i = 0; i < 4 && r[i] != NULL; i++) {
                        nr[i] = BN_num_bytes(r[i]);
-#ifndef OPENSSL_NO_SRP
-                        if ((i == 2) && (type & SSL_kSRP))
-                                n += 1 + nr[i];
-                        else
-#endif
                        n += 2 + nr[i];
                }
@@ -1848,12 +1762,6 @@ ssl3_send_server_key_exchange(SSL *s)
                p = &(d[4]);
                for (i = 0; i < 4 && r[i] != NULL; i++) {
-#ifndef OPENSSL_NO_SRP
-                        if ((i == 2) && (type & SSL_kSRP)) {
-                                *p = nr[i];
-                                p++;
-                        } else
-#endif
                        s2n(nr[i], p);
                        BN_bn2bin(r[i], p);
                        p += nr[i];
@@ -2112,9 +2020,6 @@ ssl3_get_client_key_exchange(SSL *s)
        BIGNUM *pub = NULL;
        DH *dh_srvr;
 #endif
-#ifndef OPENSSL_NO_KRB5
-        KSSL_ERR kssl_err;
-#endif /* OPENSSL_NO_KRB5 */
 #ifndef OPENSSL_NO_ECDH
        EC_KEY *srvr_ecdh = NULL;
@@ -2299,191 +2204,6 @@ ssl3_get_client_key_exchange(SSL *s)
                OPENSSL_cleanse(p, i);
        } else
 #endif
-#ifndef OPENSSL_NO_KRB5
-        if (alg_k & SSL_kKRB5) {
-                krb5_error_code         krb5rc;
-                krb5_data               enc_ticket;
-                krb5_data               authenticator;
-                krb5_data               enc_pms;
-                KSSL_CTX                *kssl_ctx = s->kssl_ctx;
-                EVP_CIPHER_CTX          ciph_ctx;
-                const EVP_CIPHER        *enc = NULL;
-                unsigned char           iv[EVP_MAX_IV_LENGTH];
-                unsigned char           pms[SSL_MAX_MASTER_KEY_LENGTH
-                + EVP_MAX_BLOCK_LENGTH];
-                int                  padl, outl;
-                krb5_timestamp          authtime = 0;
-                krb5_ticket_times       ttimes;
-                EVP_CIPHER_CTX_init(&ciph_ctx);
-                if (!kssl_ctx)
-                        kssl_ctx = kssl_ctx_new();
-                n2s(p, i);
-                enc_ticket.length = i;
-                if (n < (long)(enc_ticket.length + 6)) {
-                        SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
-                            SSL_R_DATA_LENGTH_TOO_LONG);
-                        goto err;
-                }
-                enc_ticket.data = (char *)p;
-                p += enc_ticket.length;
-                n2s(p, i);
-                authenticator.length = i;
-                if (n < (long)(enc_ticket.length + authenticator.length + 6)) {
-                        SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
-                            SSL_R_DATA_LENGTH_TOO_LONG);
-                        goto err;
-                }
-                authenticator.data = (char *)p;
-                p += authenticator.length;
-                n2s(p, i);
-                enc_pms.length = i;
-                enc_pms.data = (char *)p;
-                p += enc_pms.length;
-                /*
-                 * Note that the length is checked again below,
-                 * after decryption
-                 */
-                if (enc_pms.length > sizeof pms) {
-                        SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
-                            SSL_R_DATA_LENGTH_TOO_LONG);
-                        goto err;
-                }
-                if (n != (long)(enc_ticket.length + authenticator.length +
-                    enc_pms.length + 6)) {
-                        SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
-                            SSL_R_DATA_LENGTH_TOO_LONG);
-                        goto err;
-                }
-                if ((krb5rc = kssl_sget_tkt(kssl_ctx, &enc_ticket, &ttimes,
-                    &kssl_err)) != 0) {
-#ifdef KSSL_DEBUG
-                        printf("kssl_sget_tkt rtn %d [%d]\n",
-                        krb5rc, kssl_err.reason);
-                        if (kssl_err.text)
-                                printf("kssl_err text= %s\n", kssl_err.text);
-#endif  /* KSSL_DEBUG */
-                        SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
-                        kssl_err.reason);
-                        goto err;
-                }
-                /*  Note: no authenticator is not considered an error,
-                **  but will return authtime == 0.
-                */
-                if ((krb5rc = kssl_check_authent(kssl_ctx, &authenticator,
-                    &authtime, &kssl_err)) != 0) {
-#ifdef KSSL_DEBUG
-                        printf("kssl_check_authent rtn %d [%d]\n",
-                        krb5rc, kssl_err.reason);
-                        if (kssl_err.text)
-                                printf("kssl_err text= %s\n", kssl_err.text);
-#endif  /* KSSL_DEBUG */
-                        SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
-                            kssl_err.reason);
-                        goto err;
-                }
-                if ((krb5rc = kssl_validate_times(authtime, &ttimes)) != 0) {
-                        SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
-                            krb5rc);
-                        goto err;
-                }
-#ifdef KSSL_DEBUG
-                kssl_ctx_show(kssl_ctx);
-#endif  /* KSSL_DEBUG */
-                enc = kssl_map_enc(kssl_ctx->enctype);
-                if (enc == NULL)
-                        goto err;
-                memset(iv, 0, sizeof iv);       /* per RFC 1510 */
-                if (!EVP_DecryptInit_ex(&ciph_ctx, enc, NULL,
-                    kssl_ctx->key, iv)) {
-                        SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
-                            SSL_R_DECRYPTION_FAILED);
-                        goto err;
-                }
-                if (!EVP_DecryptUpdate(&ciph_ctx, pms, &outl,
-                    (unsigned char *)enc_pms.data, enc_pms.length)) {
-                        SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
-                            SSL_R_DECRYPTION_FAILED);
-                        goto err;
-                }
-                if (outl > SSL_MAX_MASTER_KEY_LENGTH) {
-                        SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
-                            SSL_R_DATA_LENGTH_TOO_LONG);
-                        goto err;
-                }
-                if (!EVP_DecryptFinal_ex(&ciph_ctx, &(pms[outl]), &padl)) {
-                        SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
-                            SSL_R_DECRYPTION_FAILED);
-                        goto err;
-                }
-                outl += padl;
-                if (outl > SSL_MAX_MASTER_KEY_LENGTH) {
-                        SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
-                            SSL_R_DATA_LENGTH_TOO_LONG);
-                        goto err;
-                }
-                if (!((pms[0] == (s->client_version >> 8)) && (pms[1] == (s->client_version & 0xff)))) {
-                        /*
-                         * The premaster secret must contain the same version
-                         * number as the ClientHello to detect version rollback
-                         * attacks (strangely, the protocol does not offer such
-                         * protection for DH ciphersuites).
-                         * However, buggy clients exist that send random bytes
-                         * instead of the protocol version.
-                         *
-                         * If SSL_OP_TLS_ROLLBACK_BUG is set, tolerate such
-                         * clients.
-                         * (Perhaps we should have a separate BUG value for
-                         * the Kerberos cipher)
-                         */
-                        if (!(s->options & SSL_OP_TLS_ROLLBACK_BUG)) {
-                                SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
-                                    SSL_AD_DECODE_ERROR);
-                                goto err;
-                        }
-                }
-                EVP_CIPHER_CTX_cleanup(&ciph_ctx);
-                s->session->master_key_length =
-                s->method->ssl3_enc->generate_master_secret(s,
-                    s->session->master_key, pms, outl);
-                if (kssl_ctx->client_princ) {
-                        size_t len = strlen(kssl_ctx->client_princ);
-                        if (len < SSL_MAX_KRB5_PRINCIPAL_LENGTH ) {
-                                s->session->krb5_client_princ_len = len;
-                                memcpy(s->session->krb5_client_princ,
-                                    kssl_ctx->client_princ, len);
-                        }
-                }
-                /*
-                 * Was doing kssl_ctx_free() here, but it caused problems for
-                 * apache.
-                 * kssl_ctx = kssl_ctx_free(kssl_ctx);
-                 * if (s->kssl_ctx)  s->kssl_ctx = NULL;
-                 */
-        } else
-#endif  /* OPENSSL_NO_KRB5 */
 #ifndef OPENSSL_NO_ECDH
        if (alg_k & (SSL_kEECDH|SSL_kECDHr|SSL_kECDHe)) {
@@ -2717,43 +2437,6 @@ ssl3_get_client_key_exchange(SSL *s)
                        goto f_err;
        } else
 #endif
-#ifndef OPENSSL_NO_SRP
-        if (alg_k & SSL_kSRP) {
-                int param_len;
-                n2s(p, i);
-                param_len = i + 2;
-                if (param_len > n) {
-                        al = SSL_AD_DECODE_ERROR;
-                        SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
-                            SSL_R_BAD_SRP_A_LENGTH);
-                        goto f_err;
-                }
-                if (!(s->srp_ctx.A = BN_bin2bn(p, i, NULL))) {
-                        SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
-                            ERR_R_BN_LIB);
-                        goto err;
-                }
-                if (s->session->srp_username != NULL)
-                        free(s->session->srp_username);
-                s->session->srp_username = BUF_strdup(s->srp_ctx.login);
-                if (s->session->srp_username == NULL) {
-                        SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
-                            ERR_R_MALLOC_FAILURE);
-                        goto err;
-                }
-                if ((s->session->master_key_length =
-                    SRP_generate_server_master_secret(s,
-                    s->session->master_key)) < 0) {
-                        SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
-                            ERR_R_INTERNAL_ERROR);
-                        goto err;
-                }
-                p += i;
-        } else
-#endif  /* OPENSSL_NO_SRP */
        if (alg_k & SSL_kGOST) {
                int ret = 0;
                EVP_PKEY_CTX *pkey_ctx;

diff --git a/src/lib/libssl/s3_srvr.c b/src/lib/libssl/s3_srvr.c index 6d8ccd66b7..081aebf1f5 100644 --- a/src/lib/libssl/s3_srvr.c +++ b/src/lib/libssl/s3_srvr.c
@@ -164,9 +164,6 @@
164	#include <openssl/dh.h>	164	#include <openssl/dh.h>
165	#endif	165	#endif
166	#include <openssl/bn.h>	166	#include <openssl/bn.h>
167	#ifndef OPENSSL_NO_KRB5
168	#include <openssl/krb5_asn.h>
169	#endif
170	#include <openssl/md5.h>	167	#include <openssl/md5.h>
171		168
172	static const SSL_METHOD *ssl3_get_server_method(int ver);	169	static const SSL_METHOD *ssl3_get_server_method(int ver);
@@ -179,30 +176,6 @@ ssl3_get_server_method(int ver)
179	return (NULL);	176	return (NULL);
180	}	177	}
181		178
182	#ifndef OPENSSL_NO_SRP
183	static int
184	ssl_check_srp_ext_ClientHello(SSL s, int al)
185	{
186	int ret = SSL_ERROR_NONE;
187
188	*al = SSL_AD_UNRECOGNIZED_NAME;
189
190	if ((s->s3->tmp.new_cipher->algorithm_mkey & SSL_kSRP) &&
191	(s->srp_ctx.TLS_ext_srp_username_callback != NULL)) {
192	if (s->srp_ctx.login == NULL) {
193	/*
194	* RFC 5054 says SHOULD reject,
195	* we do so if There is no srp login name
196	*/
197	ret = SSL3_AL_FATAL;
198	*al = SSL_AD_UNKNOWN_PSK_IDENTITY;
199	} else {
200	ret = SSL_srp_server_param_with_username(s, al);
201	}
202	}
203	return (ret);
204	}
205	#endif
206		179
207	IMPLEMENT_ssl3_meth_func(SSLv3_server_method,	180	IMPLEMENT_ssl3_meth_func(SSLv3_server_method,
208	ssl3_accept, ssl_undefined_function, ssl3_get_server_method)	181	ssl3_accept, ssl_undefined_function, ssl3_get_server_method)
@@ -342,39 +315,6 @@ ssl3_accept(SSL *s)
342	if (ret <= 0)	315	if (ret <= 0)
343	goto end;	316	goto end;
344	}	317	}
345	#ifndef OPENSSL_NO_SRP
346	{
347	int al;
348	if ((ret =
349	ssl_check_srp_ext_ClientHello(s, &al))
350	< 0) {
351	/*
352	* Callback indicates further work to
353	* be done.
354	*/
355	s->rwstate = SSL_X509_LOOKUP;
356	goto end;
357	}
358	if (ret != SSL_ERROR_NONE) {
359	ssl3_send_alert(s, SSL3_AL_FATAL, al);
360
361	/*
362	* This is not really an error but the
363	* only means for a client to detect
364	* whether srp is supported.
365	*/
366	if (al != TLS1_AD_UNKNOWN_PSK_IDENTITY)
367	SSLerr(SSL_F_SSL3_ACCEPT,
368	SSL_R_CLIENTHELLO_TLSEXT);
369
370	ret = SSL_TLSEXT_ERR_ALERT_FATAL;
371
372	ret = -1;
373	goto end;
374
375	}
376	}
377	#endif
378		318
379	s->renegotiate = 2;	319	s->renegotiate = 2;
380	s->state = SSL3_ST_SW_SRVR_HELLO_A;	320	s->state = SSL3_ST_SW_SRVR_HELLO_A;
@@ -441,9 +381,6 @@ ssl3_accept(SSL *s)
441	* send_server_key_exchange.	381	* send_server_key_exchange.
442	*/	382	*/
443	if ((s->options & SSL_OP_EPHEMERAL_RSA)	383	if ((s->options & SSL_OP_EPHEMERAL_RSA)
444	#ifndef OPENSSL_NO_KRB5
445	&& !(alg_k & SSL_kKRB5)
446	#endif /* OPENSSL_NO_KRB5 */
447	)	384	)
448	/*	385	/*
449	* option SSL_OP_EPHEMERAL_RSA sends temporary	386	* option SSL_OP_EPHEMERAL_RSA sends temporary
@@ -473,10 +410,6 @@ ssl3_accept(SSL *s)
473	#ifndef OPENSSL_NO_PSK	410	#ifndef OPENSSL_NO_PSK
474	\|\| ((alg_k & SSL_kPSK) && s->ctx->psk_identity_hint)	411	\|\| ((alg_k & SSL_kPSK) && s->ctx->psk_identity_hint)
475	#endif	412	#endif
476	#ifndef OPENSSL_NO_SRP
477	/* SRP: send ServerKeyExchange */
478	\|\| (alg_k & SSL_kSRP)
479	#endif
480	\|\| (alg_k & (SSL_kDHr\|SSL_kDHd\|SSL_kEDH))	413	\|\| (alg_k & (SSL_kDHr\|SSL_kDHd\|SSL_kEDH))
481	\|\| (alg_k & SSL_kEECDH)	414	\|\| (alg_k & SSL_kEECDH)
482	\|\| ((alg_k & SSL_kRSA)	415	\|\| ((alg_k & SSL_kRSA)
@@ -1796,20 +1729,6 @@ ssl3_send_server_key_exchange(SSL *s)
1796	n += 2 + pskhintlen;	1729	n += 2 + pskhintlen;
1797	} else	1730	} else
1798	#endif /* !OPENSSL_NO_PSK */	1731	#endif /* !OPENSSL_NO_PSK */
1799	#ifndef OPENSSL_NO_SRP
1800	if (type & SSL_kSRP) {
1801	if ((s->srp_ctx.N == NULL) \|\| (s->srp_ctx.g == NULL) \|\|
1802	(s->srp_ctx.s == NULL) \|\| (s->srp_ctx.B == NULL)) {
1803	SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,
1804	SSL_R_MISSING_SRP_PARAM);
1805	goto err;
1806	}
1807	r[0] = s->srp_ctx.N;
1808	r[1] = s->srp_ctx.g;
1809	r[2] = s->srp_ctx.s;
1810	r[3] = s->srp_ctx.B;
1811	} else
1812	#endif
1813	{	1732	{
1814	al = SSL_AD_HANDSHAKE_FAILURE;	1733	al = SSL_AD_HANDSHAKE_FAILURE;
1815	SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,	1734	SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,
@@ -1818,11 +1737,6 @@ ssl3_send_server_key_exchange(SSL *s)
1818	}	1737	}
1819	for (i = 0; i < 4 && r[i] != NULL; i++) {	1738	for (i = 0; i < 4 && r[i] != NULL; i++) {
1820	nr[i] = BN_num_bytes(r[i]);	1739	nr[i] = BN_num_bytes(r[i]);
1821	#ifndef OPENSSL_NO_SRP
1822	if ((i == 2) && (type & SSL_kSRP))
1823	n += 1 + nr[i];
1824	else
1825	#endif
1826	n += 2 + nr[i];	1740	n += 2 + nr[i];
1827	}	1741	}
1828		1742
@@ -1848,12 +1762,6 @@ ssl3_send_server_key_exchange(SSL *s)
1848	p = &(d[4]);	1762	p = &(d[4]);
1849		1763
1850	for (i = 0; i < 4 && r[i] != NULL; i++) {	1764	for (i = 0; i < 4 && r[i] != NULL; i++) {
1851	#ifndef OPENSSL_NO_SRP
1852	if ((i == 2) && (type & SSL_kSRP)) {
1853	*p = nr[i];
1854	p++;
1855	} else
1856	#endif
1857	s2n(nr[i], p);	1765	s2n(nr[i], p);
1858	BN_bn2bin(r[i], p);	1766	BN_bn2bin(r[i], p);
1859	p += nr[i];	1767	p += nr[i];
@@ -2112,9 +2020,6 @@ ssl3_get_client_key_exchange(SSL *s)
2112	BIGNUM *pub = NULL;	2020	BIGNUM *pub = NULL;
2113	DH *dh_srvr;	2021	DH *dh_srvr;
2114	#endif	2022	#endif
2115	#ifndef OPENSSL_NO_KRB5
2116	KSSL_ERR kssl_err;
2117	#endif /* OPENSSL_NO_KRB5 */
2118		2023
2119	#ifndef OPENSSL_NO_ECDH	2024	#ifndef OPENSSL_NO_ECDH
2120	EC_KEY *srvr_ecdh = NULL;	2025	EC_KEY *srvr_ecdh = NULL;
@@ -2299,191 +2204,6 @@ ssl3_get_client_key_exchange(SSL *s)
2299	OPENSSL_cleanse(p, i);	2204	OPENSSL_cleanse(p, i);
2300	} else	2205	} else
2301	#endif	2206	#endif
2302	#ifndef OPENSSL_NO_KRB5
2303	if (alg_k & SSL_kKRB5) {
2304	krb5_error_code krb5rc;
2305	krb5_data enc_ticket;
2306	krb5_data authenticator;
2307	krb5_data enc_pms;
2308	KSSL_CTX *kssl_ctx = s->kssl_ctx;
2309	EVP_CIPHER_CTX ciph_ctx;
2310	const EVP_CIPHER *enc = NULL;
2311	unsigned char iv[EVP_MAX_IV_LENGTH];
2312	unsigned char pms[SSL_MAX_MASTER_KEY_LENGTH
2313	+ EVP_MAX_BLOCK_LENGTH];
2314	int padl, outl;
2315	krb5_timestamp authtime = 0;
2316	krb5_ticket_times ttimes;
2317
2318	EVP_CIPHER_CTX_init(&ciph_ctx);
2319
2320	if (!kssl_ctx)
2321	kssl_ctx = kssl_ctx_new();
2322
2323	n2s(p, i);
2324	enc_ticket.length = i;
2325
2326	if (n < (long)(enc_ticket.length + 6)) {
2327	SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
2328	SSL_R_DATA_LENGTH_TOO_LONG);
2329	goto err;
2330	}
2331
2332	enc_ticket.data = (char *)p;
2333	p += enc_ticket.length;
2334
2335	n2s(p, i);
2336	authenticator.length = i;
2337
2338	if (n < (long)(enc_ticket.length + authenticator.length + 6)) {
2339	SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
2340	SSL_R_DATA_LENGTH_TOO_LONG);
2341	goto err;
2342	}
2343
2344	authenticator.data = (char *)p;
2345	p += authenticator.length;
2346
2347	n2s(p, i);
2348	enc_pms.length = i;
2349	enc_pms.data = (char *)p;
2350	p += enc_pms.length;
2351
2352	/*
2353	* Note that the length is checked again below,
2354	* after decryption
2355	*/
2356	if (enc_pms.length > sizeof pms) {
2357	SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
2358	SSL_R_DATA_LENGTH_TOO_LONG);
2359	goto err;
2360	}
2361
2362	if (n != (long)(enc_ticket.length + authenticator.length +
2363	enc_pms.length + 6)) {
2364	SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
2365	SSL_R_DATA_LENGTH_TOO_LONG);
2366	goto err;
2367	}
2368
2369	if ((krb5rc = kssl_sget_tkt(kssl_ctx, &enc_ticket, &ttimes,
2370	&kssl_err)) != 0) {
2371	#ifdef KSSL_DEBUG
2372	printf("kssl_sget_tkt rtn %d [%d]\n",
2373	krb5rc, kssl_err.reason);
2374	if (kssl_err.text)
2375	printf("kssl_err text= %s\n", kssl_err.text);
2376	#endif /* KSSL_DEBUG */
2377	SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
2378	kssl_err.reason);
2379	goto err;
2380	}
2381
2382	/* Note: no authenticator is not considered an error,
2383	** but will return authtime == 0.
2384	*/
2385	if ((krb5rc = kssl_check_authent(kssl_ctx, &authenticator,
2386	&authtime, &kssl_err)) != 0) {
2387	#ifdef KSSL_DEBUG
2388	printf("kssl_check_authent rtn %d [%d]\n",
2389	krb5rc, kssl_err.reason);
2390	if (kssl_err.text)
2391	printf("kssl_err text= %s\n", kssl_err.text);
2392	#endif /* KSSL_DEBUG */
2393	SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
2394	kssl_err.reason);
2395	goto err;
2396	}
2397
2398	if ((krb5rc = kssl_validate_times(authtime, &ttimes)) != 0) {
2399	SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
2400	krb5rc);
2401	goto err;
2402	}
2403
2404	#ifdef KSSL_DEBUG
2405	kssl_ctx_show(kssl_ctx);
2406	#endif /* KSSL_DEBUG */
2407
2408	enc = kssl_map_enc(kssl_ctx->enctype);
2409	if (enc == NULL)
2410	goto err;
2411
2412	memset(iv, 0, sizeof iv); /* per RFC 1510 */
2413
2414	if (!EVP_DecryptInit_ex(&ciph_ctx, enc, NULL,
2415	kssl_ctx->key, iv)) {
2416	SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
2417	SSL_R_DECRYPTION_FAILED);
2418	goto err;
2419	}
2420	if (!EVP_DecryptUpdate(&ciph_ctx, pms, &outl,
2421	(unsigned char *)enc_pms.data, enc_pms.length)) {
2422	SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
2423	SSL_R_DECRYPTION_FAILED);
2424	goto err;
2425	}
2426	if (outl > SSL_MAX_MASTER_KEY_LENGTH) {
2427	SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
2428	SSL_R_DATA_LENGTH_TOO_LONG);
2429	goto err;
2430	}
2431	if (!EVP_DecryptFinal_ex(&ciph_ctx, &(pms[outl]), &padl)) {
2432	SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
2433	SSL_R_DECRYPTION_FAILED);
2434	goto err;
2435	}
2436	outl += padl;
2437	if (outl > SSL_MAX_MASTER_KEY_LENGTH) {
2438	SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
2439	SSL_R_DATA_LENGTH_TOO_LONG);
2440	goto err;
2441	}
2442	if (!((pms[0] == (s->client_version >> 8)) && (pms[1] == (s->client_version & 0xff)))) {
2443	/*
2444	* The premaster secret must contain the same version
2445	* number as the ClientHello to detect version rollback
2446	* attacks (strangely, the protocol does not offer such
2447	* protection for DH ciphersuites).
2448	* However, buggy clients exist that send random bytes
2449	* instead of the protocol version.
2450	*
2451	* If SSL_OP_TLS_ROLLBACK_BUG is set, tolerate such
2452	* clients.
2453	* (Perhaps we should have a separate BUG value for
2454	* the Kerberos cipher)
2455	*/
2456	if (!(s->options & SSL_OP_TLS_ROLLBACK_BUG)) {
2457	SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
2458	SSL_AD_DECODE_ERROR);
2459	goto err;
2460	}
2461	}
2462
2463	EVP_CIPHER_CTX_cleanup(&ciph_ctx);
2464
2465	s->session->master_key_length =
2466	s->method->ssl3_enc->generate_master_secret(s,
2467	s->session->master_key, pms, outl);
2468
2469	if (kssl_ctx->client_princ) {
2470	size_t len = strlen(kssl_ctx->client_princ);
2471	if (len < SSL_MAX_KRB5_PRINCIPAL_LENGTH ) {
2472	s->session->krb5_client_princ_len = len;
2473	memcpy(s->session->krb5_client_princ,
2474	kssl_ctx->client_princ, len);
2475	}
2476	}
2477
2478
2479	/*
2480	* Was doing kssl_ctx_free() here, but it caused problems for
2481	* apache.
2482	* kssl_ctx = kssl_ctx_free(kssl_ctx);
2483	* if (s->kssl_ctx) s->kssl_ctx = NULL;
2484	*/
2485	} else
2486	#endif /* OPENSSL_NO_KRB5 */
2487		2207
2488	#ifndef OPENSSL_NO_ECDH	2208	#ifndef OPENSSL_NO_ECDH
2489	if (alg_k & (SSL_kEECDH\|SSL_kECDHr\|SSL_kECDHe)) {	2209	if (alg_k & (SSL_kEECDH\|SSL_kECDHr\|SSL_kECDHe)) {
@@ -2717,43 +2437,6 @@ ssl3_get_client_key_exchange(SSL *s)
2717	goto f_err;	2437	goto f_err;
2718	} else	2438	} else
2719	#endif	2439	#endif
2720	#ifndef OPENSSL_NO_SRP
2721	if (alg_k & SSL_kSRP) {
2722	int param_len;
2723
2724	n2s(p, i);
2725	param_len = i + 2;
2726	if (param_len > n) {
2727	al = SSL_AD_DECODE_ERROR;
2728	SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
2729	SSL_R_BAD_SRP_A_LENGTH);
2730	goto f_err;
2731	}
2732	if (!(s->srp_ctx.A = BN_bin2bn(p, i, NULL))) {
2733	SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
2734	ERR_R_BN_LIB);
2735	goto err;
2736	}
2737	if (s->session->srp_username != NULL)
2738	free(s->session->srp_username);
2739	s->session->srp_username = BUF_strdup(s->srp_ctx.login);
2740	if (s->session->srp_username == NULL) {
2741	SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
2742	ERR_R_MALLOC_FAILURE);
2743	goto err;
2744	}
2745
2746	if ((s->session->master_key_length =
2747	SRP_generate_server_master_secret(s,
2748	s->session->master_key)) < 0) {
2749	SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
2750	ERR_R_INTERNAL_ERROR);
2751	goto err;
2752	}
2753
2754	p += i;
2755	} else
2756	#endif /* OPENSSL_NO_SRP */
2757	if (alg_k & SSL_kGOST) {	2440	if (alg_k & SSL_kGOST) {
2758	int ret = 0;	2441	int ret = 0;
2759	EVP_PKEY_CTX *pkey_ctx;	2442	EVP_PKEY_CTX *pkey_ctx;