* for the EdelKey project and contributed to the OpenSSL project 2004.
*/
/* ====================================================================
- * Copyright (c) 2004 The OpenSSL Project. All rights reserved.
+ * Copyright (c) 2004-2011 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* Hudson (tjh@cryptsoft.com).
*
*/
-#include "ssl_locl.h"
-#ifndef OPENSSL_NO_SRP
+#include <openssl/crypto.h>
#include <openssl/rand.h>
#include <openssl/srp.h>
#include <openssl/err.h>
+#include "ssl_locl.h"
+
+#ifndef OPENSSL_NO_SRP
int SSL_CTX_SRP_CTX_free(struct ssl_ctx_st *ctx)
{
ctx->srp_ctx.SRP_cb_arg = NULL;
ctx->srp_ctx.SRP_verify_param_callback = NULL;
ctx->srp_ctx.SRP_give_srp_client_pwd_callback = NULL;
- ctx->srp_ctx.SRP_TLS_ext_missing_srp_client_username_callback = NULL;
ctx->srp_ctx.N = NULL;
ctx->srp_ctx.g = NULL;
ctx->srp_ctx.s = NULL;
s->srp_ctx.SRP_cb_arg = NULL;
s->srp_ctx.SRP_verify_param_callback = NULL;
s->srp_ctx.SRP_give_srp_client_pwd_callback = NULL;
- s->srp_ctx.SRP_TLS_ext_missing_srp_client_username_callback = NULL;
s->srp_ctx.N = NULL;
s->srp_ctx.g = NULL;
s->srp_ctx.s = NULL;
s->srp_ctx.SRP_verify_param_callback = ctx->srp_ctx.SRP_verify_param_callback;
/* set SRP client passwd callback */
s->srp_ctx.SRP_give_srp_client_pwd_callback = ctx->srp_ctx.SRP_give_srp_client_pwd_callback;
- s->srp_ctx.SRP_TLS_ext_missing_srp_client_username_callback = ctx->srp_ctx.SRP_TLS_ext_missing_srp_client_username_callback;
s->srp_ctx.N = NULL;
s->srp_ctx.g = NULL;
ctx->srp_ctx.SRP_verify_param_callback = NULL;
/* set SRP client passwd callback */
ctx->srp_ctx.SRP_give_srp_client_pwd_callback = NULL;
- ctx->srp_ctx.SRP_TLS_ext_missing_srp_client_username_callback = NULL;
ctx->srp_ctx.N = NULL;
ctx->srp_ctx.g = NULL;
unsigned char b[SSL_MAX_MASTER_KEY_LENGTH];
int al;
- *ad = SSL_AD_UNKNOWN_SRP_USERNAME;
+ *ad = SSL_AD_UNKNOWN_PSK_IDENTITY;
if ((s->srp_ctx.TLS_ext_srp_username_callback !=NULL) &&
((al = s->srp_ctx.TLS_ext_srp_username_callback(s, ad, s->srp_ctx.SRP_cb_arg))!=SSL_ERROR_NONE))
return al;
return ret;
}
-int SRP_Calc_A_param(SSL *s)
+int srp_verify_server_param(SSL *s, int *al)
{
- unsigned char rand[SSL_MAX_MASTER_KEY_LENGTH];
-
- if (BN_num_bits(s->srp_ctx.N) < s->srp_ctx.strength)
- return 0;
-
- if (s->srp_ctx.SRP_verify_param_callback ==NULL &&
- !SRP_check_known_gN_param(s->srp_ctx.g,s->srp_ctx.N))
+ SRP_CTX *srp = &s->srp_ctx;
+ /* Sanity check parameters: we can quickly check B % N == 0
+ * by checking B != 0 since B < N
+ */
+ if (BN_ucmp(srp->g, srp->N) >=0 || BN_ucmp(srp->B, srp->N) >= 0
+ || BN_is_zero(srp->B))
+ {
+ *al = SSL3_AD_ILLEGAL_PARAMETER;
return 0;
+ }
- if (RAND_bytes(rand, sizeof(rand)) <= 0)
+ if (BN_num_bits(srp->N) < srp->strength)
+ {
+ *al = TLS1_AD_INSUFFICIENT_SECURITY;
return 0;
- s->srp_ctx.a = BN_bin2bn(rand,sizeof(rand), s->srp_ctx.a);
- OPENSSL_cleanse(rand,sizeof(rand));
+ }
- if (!(s->srp_ctx.A = SRP_Calc_A(s->srp_ctx.a,s->srp_ctx.N,s->srp_ctx.g)))
+ if (srp->SRP_verify_param_callback)
+ {
+ if (srp->SRP_verify_param_callback(s, srp->SRP_cb_arg) <= 0)
+ {
+ *al = TLS1_AD_INSUFFICIENT_SECURITY;
+ return 0;
+ }
+ }
+ else if(!SRP_check_known_gN_param(srp->g, srp->N))
+ {
+ *al = TLS1_AD_INSUFFICIENT_SECURITY;
return 0;
-
- /* We can have a callback to verify SRP param!! */
- if (s->srp_ctx.SRP_verify_param_callback !=NULL)
- return s->srp_ctx.SRP_verify_param_callback(s,s->srp_ctx.SRP_cb_arg);
+ }
return 1;
}
-int SRP_have_to_put_srp_username(SSL *s)
+int SRP_Calc_A_param(SSL *s)
{
- if (s->srp_ctx.SRP_TLS_ext_missing_srp_client_username_callback == NULL)
+ unsigned char rnd[SSL_MAX_MASTER_KEY_LENGTH];
+
+ if (RAND_bytes(rnd, sizeof(rnd)) <= 0)
return 0;
- if ((s->srp_ctx.login = s->srp_ctx.SRP_TLS_ext_missing_srp_client_username_callback(s,s->srp_ctx.SRP_cb_arg)) == NULL)
+ s->srp_ctx.a = BN_bin2bn(rnd,sizeof(rnd), s->srp_ctx.a);
+ OPENSSL_cleanse(rnd,sizeof(rnd));
+
+ if (!(s->srp_ctx.A = SRP_Calc_A(s->srp_ctx.a,s->srp_ctx.N,s->srp_ctx.g)))
return 0;
- s->srp_ctx.srp_Mask|=SSL_kSRP;
+
return 1;
}
(void (*)(void))cb);
}
-int SSL_CTX_set_srp_missing_srp_username_callback(SSL_CTX *ctx,
- char *(*cb)(SSL *,void *))
- {
- return tls1_ctx_callback_ctrl(ctx,
- SSL_CTRL_SET_TLS_EXT_SRP_MISSING_CLIENT_USERNAME_CB,
- (void (*)(void))cb);
- }
#endif