From e7892d59587f55067ca2e2bc6fa26cf4bcd6c084 Mon Sep 17 00:00:00 2001 From: tedu <> Date: Wed, 16 Apr 2014 20:39:09 +0000 Subject: add back SRP. i was being too greedy. --- src/lib/libssl/t1_lib.c | 50 +++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 50 insertions(+) (limited to 'src/lib/libssl/t1_lib.c') diff --git a/src/lib/libssl/t1_lib.c b/src/lib/libssl/t1_lib.c index c4eeb7a41d..c3d62957ae 100644 --- a/src/lib/libssl/t1_lib.c +++ b/src/lib/libssl/t1_lib.c @@ -427,6 +427,35 @@ unsigned char ret += el; } +#ifndef OPENSSL_NO_SRP + /* Add SRP username if there is one */ + if (s->srp_ctx.login != NULL) + { /* Add TLS extension SRP username to the Client Hello message */ + + int login_len = strlen(s->srp_ctx.login); + + if (login_len > 255 || login_len == 0) { + SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, ERR_R_INTERNAL_ERROR); + return NULL; + } + + /* check for enough space. + 4 for the srp type type and entension length + 1 for the srp user identity + + srp user identity length + */ + if ((limit - ret - 5 - login_len) + < 0) return NULL; + + + /* fill in the extension */ + s2n(TLSEXT_TYPE_srp, ret); + s2n(login_len + 1, ret); + (*ret++) = (unsigned char) login_len; + memcpy(ret, s->srp_ctx.login, login_len); + ret += login_len; + } +#endif #ifndef OPENSSL_NO_EC if (s->tlsext_ecpointformatlist != NULL && @@ -1042,6 +1071,27 @@ ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, } } +#ifndef OPENSSL_NO_SRP + else if (type == TLSEXT_TYPE_srp) { + if (size <= 0 || ((len = data[0])) != (size - 1)) { + *al = SSL_AD_DECODE_ERROR; + return 0; + } + if (s->srp_ctx.login != NULL) { + *al = SSL_AD_DECODE_ERROR; + return 0; + } + if ((s->srp_ctx.login = OPENSSL_malloc(len + 1)) == NULL) + return -1; + memcpy(s->srp_ctx.login, &data[1], len); + s->srp_ctx.login[len] = '\0'; + + if (strlen(s->srp_ctx.login) != len) { + *al = SSL_AD_DECODE_ERROR; + return 0; + } + } +#endif #ifndef OPENSSL_NO_EC else if (type == TLSEXT_TYPE_ec_point_formats && -- cgit v1.2.3-55-g6feb