aboutsummaryrefslogtreecommitdiff
path: root/openssl/ssl/tls_srp.c
diff options
context:
space:
mode:
authorMike DePaulo <mikedep333@gmail.com>2014-09-01 17:44:28 -0400
committerMike DePaulo <mikedep333@gmail.com>2014-09-01 17:44:28 -0400
commitf13663bcc1a0d7b86a29e52e0a0d5bd746bc4d21 (patch)
treefd03f01d13342419f0ebaf53daa0161a072a8d62 /openssl/ssl/tls_srp.c
parentcf84b2dc07ef59c1adb4fe29789c7dbbbd35fbb4 (diff)
downloadvcxsrv-f13663bcc1a0d7b86a29e52e0a0d5bd746bc4d21.tar.gz
vcxsrv-f13663bcc1a0d7b86a29e52e0a0d5bd746bc4d21.tar.bz2
vcxsrv-f13663bcc1a0d7b86a29e52e0a0d5bd746bc4d21.zip
Update OpenSSL from 1.0.1h to 1.0.1i
Diffstat (limited to 'openssl/ssl/tls_srp.c')
-rw-r--r--openssl/ssl/tls_srp.c48
1 files changed, 37 insertions, 11 deletions
diff --git a/openssl/ssl/tls_srp.c b/openssl/ssl/tls_srp.c
index 2315a7c0a..e7368a8f6 100644
--- a/openssl/ssl/tls_srp.c
+++ b/openssl/ssl/tls_srp.c
@@ -408,16 +408,46 @@ err:
return ret;
}
-int SRP_Calc_A_param(SSL *s)
+int srp_verify_server_param(SSL *s, int *al)
{
- unsigned char rnd[SSL_MAX_MASTER_KEY_LENGTH];
+ SRP_CTX *srp = &s->srp_ctx;
+ /* Sanity check parameters: we can quickly check B % N == 0
+ * by checking B != 0 since B < N
+ */
+ if (BN_ucmp(srp->g, srp->N) >=0 || BN_ucmp(srp->B, srp->N) >= 0
+ || BN_is_zero(srp->B))
+ {
+ *al = SSL3_AD_ILLEGAL_PARAMETER;
+ return 0;
+ }
- if (BN_num_bits(s->srp_ctx.N) < s->srp_ctx.strength)
- return -1;
+ if (BN_num_bits(srp->N) < srp->strength)
+ {
+ *al = TLS1_AD_INSUFFICIENT_SECURITY;
+ return 0;
+ }
- if (s->srp_ctx.SRP_verify_param_callback ==NULL &&
- !SRP_check_known_gN_param(s->srp_ctx.g,s->srp_ctx.N))
- return -1 ;
+ if (srp->SRP_verify_param_callback)
+ {
+ if (srp->SRP_verify_param_callback(s, srp->SRP_cb_arg) <= 0)
+ {
+ *al = TLS1_AD_INSUFFICIENT_SECURITY;
+ return 0;
+ }
+ }
+ else if(!SRP_check_known_gN_param(srp->g, srp->N))
+ {
+ *al = TLS1_AD_INSUFFICIENT_SECURITY;
+ return 0;
+ }
+
+ return 1;
+ }
+
+
+int SRP_Calc_A_param(SSL *s)
+ {
+ unsigned char rnd[SSL_MAX_MASTER_KEY_LENGTH];
RAND_bytes(rnd, sizeof(rnd));
s->srp_ctx.a = BN_bin2bn(rnd, sizeof(rnd), s->srp_ctx.a);
@@ -426,10 +456,6 @@ int SRP_Calc_A_param(SSL *s)
if (!(s->srp_ctx.A = SRP_Calc_A(s->srp_ctx.a,s->srp_ctx.N,s->srp_ctx.g)))
return -1;
- /* We can have a callback to verify SRP param!! */
- if (s->srp_ctx.SRP_verify_param_callback !=NULL)
- return s->srp_ctx.SRP_verify_param_callback(s,s->srp_ctx.SRP_cb_arg);
-
return 1;
}