From 840a2bf8eccc5efa77f84e8470b33ac0c64bb020 Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Fri, 8 Jul 2016 10:43:59 +0100 Subject: [PATCH] Split out SRP CKE construction into a separate function Continuing previous commit to break up the tls_construct_client_key_exchange() function. This splits out the SRP code. Reviewed-by: Richard Levitte --- ssl/statem/statem_clnt.c | 56 +++++++++++++++++++++++----------------- 1 file changed, 33 insertions(+), 23 deletions(-) diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c index a9fcf10f32..125f7c4cc9 100644 --- a/ssl/statem/statem_clnt.c +++ b/ssl/statem/statem_clnt.c @@ -2425,6 +2425,36 @@ static int tls_construct_cke_gost(SSL *s, unsigned char **p, int *len, int *al) #endif } +static int tls_construct_cke_srp(SSL *s, unsigned char **p, int *len, int *al) +{ +#ifndef OPENSSL_NO_SRT + if (s->srp_ctx.A != NULL) { + /* send off the data */ + *len = BN_num_bytes(s->srp_ctx.A); + s2n(*len, *p); + BN_bn2bin(s->srp_ctx.A, *p); + *len += 2; + } else { + SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE, + ERR_R_INTERNAL_ERROR); + return 0; + } + OPENSSL_free(s->session->srp_username); + s->session->srp_username = OPENSSL_strdup(s->srp_ctx.login); + if (s->session->srp_username == NULL) { + SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE, + ERR_R_MALLOC_FAILURE); + return 0; + } + + return 1; +#else + SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR); + *al = SSL_AD_INTERNAL_ERROR; + return 0; +#endif +} + int tls_construct_client_key_exchange(SSL *s) { unsigned char *p; @@ -2457,30 +2487,10 @@ int tls_construct_client_key_exchange(SSL *s) } else if (alg_k & SSL_kGOST) { if (!tls_construct_cke_gost(s, &p, &n, &al)) goto err; - } -#ifndef OPENSSL_NO_SRP - else if (alg_k & SSL_kSRP) { - if (s->srp_ctx.A != NULL) { - /* send off the data */ - n = BN_num_bytes(s->srp_ctx.A); - s2n(n, p); - BN_bn2bin(s->srp_ctx.A, p); - n += 2; - } else { - SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE, - ERR_R_INTERNAL_ERROR); - goto err; - } - OPENSSL_free(s->session->srp_username); - s->session->srp_username = OPENSSL_strdup(s->srp_ctx.login); - if (s->session->srp_username == NULL) { - SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE, - ERR_R_MALLOC_FAILURE); + } else if (alg_k & SSL_kSRP) { + if (!tls_construct_cke_srp(s, &p, &n, &al)) goto err; - } - } -#endif - else { + } else { ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE); SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR); goto err; -- 2.25.1