Revision aa3b4b4d deps/openssl/openssl/ssl/tls_srp.c
deps/openssl/openssl/ssl/tls_srp.c | ||
---|---|---|
408 | 408 |
return ret; |
409 | 409 |
} |
410 | 410 |
|
411 |
int SRP_Calc_A_param(SSL *s)
|
|
411 |
int srp_verify_server_param(SSL *s, int *al)
|
|
412 | 412 |
{ |
413 |
unsigned char rnd[SSL_MAX_MASTER_KEY_LENGTH]; |
|
413 |
SRP_CTX *srp = &s->srp_ctx; |
|
414 |
/* Sanity check parameters: we can quickly check B % N == 0 |
|
415 |
* by checking B != 0 since B < N |
|
416 |
*/ |
|
417 |
if (BN_ucmp(srp->g, srp->N) >=0 || BN_ucmp(srp->B, srp->N) >= 0 |
|
418 |
|| BN_is_zero(srp->B)) |
|
419 |
{ |
|
420 |
*al = SSL3_AD_ILLEGAL_PARAMETER; |
|
421 |
return 0; |
|
422 |
} |
|
414 | 423 |
|
415 |
if (BN_num_bits(s->srp_ctx.N) < s->srp_ctx.strength) |
|
416 |
return -1; |
|
424 |
if (BN_num_bits(srp->N) < srp->strength) |
|
425 |
{ |
|
426 |
*al = TLS1_AD_INSUFFICIENT_SECURITY; |
|
427 |
return 0; |
|
428 |
} |
|
417 | 429 |
|
418 |
if (s->srp_ctx.SRP_verify_param_callback ==NULL && |
|
419 |
!SRP_check_known_gN_param(s->srp_ctx.g,s->srp_ctx.N)) |
|
420 |
return -1 ; |
|
430 |
if (srp->SRP_verify_param_callback) |
|
431 |
{ |
|
432 |
if (srp->SRP_verify_param_callback(s, srp->SRP_cb_arg) <= 0) |
|
433 |
{ |
|
434 |
*al = TLS1_AD_INSUFFICIENT_SECURITY; |
|
435 |
return 0; |
|
436 |
} |
|
437 |
} |
|
438 |
else if(!SRP_check_known_gN_param(srp->g, srp->N)) |
|
439 |
{ |
|
440 |
*al = TLS1_AD_INSUFFICIENT_SECURITY; |
|
441 |
return 0; |
|
442 |
} |
|
443 |
|
|
444 |
return 1; |
|
445 |
} |
|
446 |
|
|
447 |
|
|
448 |
int SRP_Calc_A_param(SSL *s) |
|
449 |
{ |
|
450 |
unsigned char rnd[SSL_MAX_MASTER_KEY_LENGTH]; |
|
421 | 451 |
|
422 | 452 |
RAND_bytes(rnd, sizeof(rnd)); |
423 | 453 |
s->srp_ctx.a = BN_bin2bn(rnd, sizeof(rnd), s->srp_ctx.a); |
... | ... | |
426 | 456 |
if (!(s->srp_ctx.A = SRP_Calc_A(s->srp_ctx.a,s->srp_ctx.N,s->srp_ctx.g))) |
427 | 457 |
return -1; |
428 | 458 |
|
429 |
/* We can have a callback to verify SRP param!! */ |
|
430 |
if (s->srp_ctx.SRP_verify_param_callback !=NULL) |
|
431 |
return s->srp_ctx.SRP_verify_param_callback(s,s->srp_ctx.SRP_cb_arg); |
|
432 |
|
|
433 | 459 |
return 1; |
434 | 460 |
} |
435 | 461 |
|
Also available in: Unified diff