diff options
author | Mike DePaulo <mikedep333@gmail.com> | 2014-09-01 17:44:28 -0400 |
---|---|---|
committer | Mike DePaulo <mikedep333@gmail.com> | 2014-09-01 17:44:28 -0400 |
commit | f13663bcc1a0d7b86a29e52e0a0d5bd746bc4d21 (patch) | |
tree | fd03f01d13342419f0ebaf53daa0161a072a8d62 /openssl/ssl/tls_srp.c | |
parent | cf84b2dc07ef59c1adb4fe29789c7dbbbd35fbb4 (diff) | |
download | vcxsrv-f13663bcc1a0d7b86a29e52e0a0d5bd746bc4d21.tar.gz vcxsrv-f13663bcc1a0d7b86a29e52e0a0d5bd746bc4d21.tar.bz2 vcxsrv-f13663bcc1a0d7b86a29e52e0a0d5bd746bc4d21.zip |
Update OpenSSL from 1.0.1h to 1.0.1i
Diffstat (limited to 'openssl/ssl/tls_srp.c')
-rw-r--r-- | openssl/ssl/tls_srp.c | 48 |
1 files changed, 37 insertions, 11 deletions
diff --git a/openssl/ssl/tls_srp.c b/openssl/ssl/tls_srp.c index 2315a7c0a..e7368a8f6 100644 --- a/openssl/ssl/tls_srp.c +++ b/openssl/ssl/tls_srp.c @@ -408,16 +408,46 @@ err: return ret; } -int SRP_Calc_A_param(SSL *s) +int srp_verify_server_param(SSL *s, int *al) { - unsigned char rnd[SSL_MAX_MASTER_KEY_LENGTH]; + SRP_CTX *srp = &s->srp_ctx; + /* Sanity check parameters: we can quickly check B % N == 0 + * by checking B != 0 since B < N + */ + if (BN_ucmp(srp->g, srp->N) >=0 || BN_ucmp(srp->B, srp->N) >= 0 + || BN_is_zero(srp->B)) + { + *al = SSL3_AD_ILLEGAL_PARAMETER; + return 0; + } - if (BN_num_bits(s->srp_ctx.N) < s->srp_ctx.strength) - return -1; + if (BN_num_bits(srp->N) < srp->strength) + { + *al = TLS1_AD_INSUFFICIENT_SECURITY; + return 0; + } - if (s->srp_ctx.SRP_verify_param_callback ==NULL && - !SRP_check_known_gN_param(s->srp_ctx.g,s->srp_ctx.N)) - return -1 ; + if (srp->SRP_verify_param_callback) + { + if (srp->SRP_verify_param_callback(s, srp->SRP_cb_arg) <= 0) + { + *al = TLS1_AD_INSUFFICIENT_SECURITY; + return 0; + } + } + else if(!SRP_check_known_gN_param(srp->g, srp->N)) + { + *al = TLS1_AD_INSUFFICIENT_SECURITY; + return 0; + } + + return 1; + } + + +int SRP_Calc_A_param(SSL *s) + { + unsigned char rnd[SSL_MAX_MASTER_KEY_LENGTH]; RAND_bytes(rnd, sizeof(rnd)); s->srp_ctx.a = BN_bin2bn(rnd, sizeof(rnd), s->srp_ctx.a); @@ -426,10 +456,6 @@ int SRP_Calc_A_param(SSL *s) if (!(s->srp_ctx.A = SRP_Calc_A(s->srp_ctx.a,s->srp_ctx.N,s->srp_ctx.g))) return -1; - /* We can have a callback to verify SRP param!! */ - if (s->srp_ctx.SRP_verify_param_callback !=NULL) - return s->srp_ctx.SRP_verify_param_callback(s,s->srp_ctx.SRP_cb_arg); - return 1; } |