New extension callback features.

[openssl.git] / ssl / tls_srp.c

diff --git a/ssl/tls_srp.c b/ssl/tls_srp.c
index de5ee99a747edcbce3d7d82e09c6ce8aa554825b..1aa90c53078a74d0f0ecd932bc1d832c844d5736 100644 (file)
--- a/ssl/tls_srp.c
+++ b/ssl/tls_srp.c
@@ -4,7 +4,7 @@
  * for the EdelKey project and contributed to the OpenSSL project 2004.
  */
 /* ====================================================================
- * Copyright (c) 2004 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 2004-2011 The OpenSSL Project.  All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -56,12 +56,14 @@
  * Hudson (tjh@cryptsoft.com).
  *
  */
-#include "ssl_locl.h"
-#ifndef OPENSSL_NO_SRP
 
+#include <openssl/crypto.h>
 #include <openssl/rand.h>
 #include <openssl/srp.h>
 #include <openssl/err.h>
+#include "ssl_locl.h"
+
+#ifndef OPENSSL_NO_SRP
 
 int SSL_CTX_SRP_CTX_free(struct ssl_ctx_st *ctx)
        {
@@ -80,7 +82,6 @@ int SSL_CTX_SRP_CTX_free(struct ssl_ctx_st *ctx)
        ctx->srp_ctx.SRP_cb_arg = NULL;
        ctx->srp_ctx.SRP_verify_param_callback = NULL;
        ctx->srp_ctx.SRP_give_srp_client_pwd_callback = NULL;
-       ctx->srp_ctx.SRP_TLS_ext_missing_srp_client_username_callback = NULL;
        ctx->srp_ctx.N = NULL;
        ctx->srp_ctx.g = NULL;
        ctx->srp_ctx.s = NULL;
@@ -113,7 +114,6 @@ int SSL_SRP_CTX_free(struct ssl_st *s)
        s->srp_ctx.SRP_cb_arg = NULL;
        s->srp_ctx.SRP_verify_param_callback = NULL;
        s->srp_ctx.SRP_give_srp_client_pwd_callback = NULL;
-       s->srp_ctx.SRP_TLS_ext_missing_srp_client_username_callback = NULL;
        s->srp_ctx.N = NULL;
        s->srp_ctx.g = NULL;
        s->srp_ctx.s = NULL;
@@ -142,7 +142,6 @@ int SSL_SRP_CTX_init(struct ssl_st *s)
        s->srp_ctx.SRP_verify_param_callback = ctx->srp_ctx.SRP_verify_param_callback;
        /* set SRP client passwd callback */
        s->srp_ctx.SRP_give_srp_client_pwd_callback = ctx->srp_ctx.SRP_give_srp_client_pwd_callback;
-       s->srp_ctx.SRP_TLS_ext_missing_srp_client_username_callback = ctx->srp_ctx.SRP_TLS_ext_missing_srp_client_username_callback;
 
        s->srp_ctx.N = NULL;
        s->srp_ctx.g = NULL;
@@ -210,7 +209,6 @@ int SSL_CTX_SRP_CTX_init(struct ssl_ctx_st *ctx)
        ctx->srp_ctx.SRP_verify_param_callback = NULL;
        /* set SRP client passwd callback */
        ctx->srp_ctx.SRP_give_srp_client_pwd_callback = NULL;
-       ctx->srp_ctx.SRP_TLS_ext_missing_srp_client_username_callback = NULL;
 
        ctx->srp_ctx.N = NULL;
        ctx->srp_ctx.g = NULL;
@@ -234,7 +232,7 @@ int SSL_srp_server_param_with_username(SSL *s, int *ad)
        unsigned char b[SSL_MAX_MASTER_KEY_LENGTH];
        int al;
 
-       *ad = SSL_AD_UNKNOWN_SRP_USERNAME;
+       *ad = SSL_AD_UNKNOWN_PSK_IDENTITY;
        if ((s->srp_ctx.TLS_ext_srp_username_callback !=NULL) &&
                ((al = s->srp_ctx.TLS_ext_srp_username_callback(s, ad, s->srp_ctx.SRP_cb_arg))!=SSL_ERROR_NONE))
                        return al;
@@ -412,39 +410,54 @@ err:
        return ret;
        }
 
-int SRP_Calc_A_param(SSL *s)
+int srp_verify_server_param(SSL *s, int *al)
        {
-       unsigned char rand[SSL_MAX_MASTER_KEY_LENGTH];
-
-       if (BN_num_bits(s->srp_ctx.N) < s->srp_ctx.strength)
-               return 0;
-
-       if (s->srp_ctx.SRP_verify_param_callback ==NULL && 
-               !SRP_check_known_gN_param(s->srp_ctx.g,s->srp_ctx.N))
+       SRP_CTX *srp = &s->srp_ctx;
+       /* Sanity check parameters: we can quickly check B % N == 0
+        * by checking B != 0 since B < N
+        */
+       if (BN_ucmp(srp->g, srp->N) >=0 || BN_ucmp(srp->B, srp->N) >= 0
+               || BN_is_zero(srp->B))
+               {
+               *al = SSL3_AD_ILLEGAL_PARAMETER;
                return 0;
+               }
 
-       if (RAND_bytes(rand, sizeof(rand)) <= 0)
+       if (BN_num_bits(srp->N) < srp->strength)
+               {
+               *al = TLS1_AD_INSUFFICIENT_SECURITY;
                return 0;
-       s->srp_ctx.a = BN_bin2bn(rand,sizeof(rand), s->srp_ctx.a);
-       OPENSSL_cleanse(rand,sizeof(rand));
+               }
 
-       if (!(s->srp_ctx.A = SRP_Calc_A(s->srp_ctx.a,s->srp_ctx.N,s->srp_ctx.g)))
+       if (srp->SRP_verify_param_callback)
+               {
+               if (srp->SRP_verify_param_callback(s, srp->SRP_cb_arg) <= 0)
+                       {
+                       *al = TLS1_AD_INSUFFICIENT_SECURITY;
+                       return 0;
+                       }
+               }
+       else if(!SRP_check_known_gN_param(srp->g, srp->N))
+               {
+               *al = TLS1_AD_INSUFFICIENT_SECURITY;
                return 0;
-
-       /* We can have a callback to verify SRP param!! */
-       if (s->srp_ctx.SRP_verify_param_callback !=NULL) 
-               return s->srp_ctx.SRP_verify_param_callback(s,s->srp_ctx.SRP_cb_arg);
+               }
 
        return 1;
        }
 
-int SRP_have_to_put_srp_username(SSL *s)
+int SRP_Calc_A_param(SSL *s)
        {
-       if (s->srp_ctx.SRP_TLS_ext_missing_srp_client_username_callback == NULL)
+       unsigned char rnd[SSL_MAX_MASTER_KEY_LENGTH];
+
+       if (RAND_bytes(rnd, sizeof(rnd)) <= 0)
                return 0;
-       if ((s->srp_ctx.login = s->srp_ctx.SRP_TLS_ext_missing_srp_client_username_callback(s,s->srp_ctx.SRP_cb_arg)) == NULL)
+       s->srp_ctx.a = BN_bin2bn(rnd,sizeof(rnd), s->srp_ctx.a);
+       OPENSSL_cleanse(rnd,sizeof(rnd));
+
+       if (!(s->srp_ctx.A = SRP_Calc_A(s->srp_ctx.a,s->srp_ctx.N,s->srp_ctx.g)))
                return 0;
-       s->srp_ctx.srp_Mask|=SSL_kSRP;
+
        return 1;
        }
 
@@ -519,11 +532,4 @@ int SSL_CTX_set_srp_client_pwd_callback(SSL_CTX *ctx, char *(*cb)(SSL *,void *))
                                      (void (*)(void))cb);
        }
 
-int SSL_CTX_set_srp_missing_srp_username_callback(SSL_CTX *ctx,
-                                                 char *(*cb)(SSL *,void *))
-       {
-       return tls1_ctx_callback_ctrl(ctx,
-                           SSL_CTRL_SET_TLS_EXT_SRP_MISSING_CLIENT_USERNAME_CB,
-                                     (void (*)(void))cb);
-       }
 #endif