- if (!PACKET_get_bytes(&pkt, &data, i)) {
- SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_BAD_SRP_B_LENGTH);
- goto f_err;
- }
-
- if ((s->srp_ctx.B = BN_bin2bn(data, i, NULL)) == NULL) {
- SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_BN_LIB);
- goto err;
- }
-
- if (!srp_verify_server_param(s, &al)) {
- SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_BAD_SRP_PARAMETERS);
- goto f_err;
- }
-
-/* We must check if there is a certificate */
- if (alg_a & (SSL_aRSA|SSL_aDSS))
- pkey = X509_get_pubkey(s->session->peer);
- } else
-#endif /* !OPENSSL_NO_SRP */
-#ifndef OPENSSL_NO_RSA
- if (alg_k & SSL_kRSA) {
- /* Temporary RSA keys only allowed in export ciphersuites */
- if (!SSL_C_IS_EXPORT(s->s3->tmp.new_cipher)) {
- al = SSL_AD_UNEXPECTED_MESSAGE;
- SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_UNEXPECTED_MESSAGE);
- goto f_err;
- }
- if ((rsa = RSA_new()) == NULL) {
- SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE);
- goto err;
- }
-
- if (!PACKET_get_net_2(&pkt, &i)) {
- SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_LENGTH_TOO_SHORT);
- goto f_err;
- }
-
- if (!PACKET_get_bytes(&pkt, &data, i)) {
- SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_BAD_RSA_MODULUS_LENGTH);
- goto f_err;
- }
-
- if ((rsa->n = BN_bin2bn(data, i, rsa->n)) == NULL) {
- SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_BN_LIB);
- goto err;
- }
-
- if (!PACKET_get_net_2(&pkt, &i)) {
- SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_LENGTH_TOO_SHORT);
- goto f_err;
- }
-
- if (!PACKET_get_bytes(&pkt, &data, i)) {
- SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_BAD_RSA_E_LENGTH);
- goto f_err;
- }
-
- if ((rsa->e = BN_bin2bn(data, i, rsa->e)) == NULL) {
- SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_BN_LIB);
- goto err;
- }
-
- /* this should be because we are using an export cipher */
- if (alg_a & SSL_aRSA)
- pkey = X509_get_pubkey(s->session->peer);
- else {
- SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
- goto err;
- }
-
- if (EVP_PKEY_bits(pkey) <= SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)) {
- al = SSL_AD_UNEXPECTED_MESSAGE;
- SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_UNEXPECTED_MESSAGE);