Commit 0989790b authored Aug 03, 2014 by Dr. Stephen Henson Committed by Matt Caswell Aug 06, 2014

Check SRP parameters early.



Check SRP parameters when they are received so we can send back an
appropriate alert.
Reviewed-by: Kurt Roeckx <kurt@openssl.org>

parent 4a23b12a

ssl/s3_clnt.c

+6 −0

Original line number	Diff line number	Diff line
		@@ -1570,6 +1570,12 @@ int ssl3_get_key_exchange(SSL *s)
		p+=i;
		n-=param_len;

		if (!srp_verify_server_param(s, &al))
		{
		SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_SRP_PARAMETERS);
		goto f_err;
		}

		/* We must check if there is a certificate */
		#ifndef OPENSSL_NO_RSA
		if (alg_a & SSL_aRSA)

ssl/s3_srvr.c

+7 −0

Original line number	Diff line number	Diff line
		@@ -2929,6 +2929,13 @@ int ssl3_get_client_key_exchange(SSL *s)
		SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,ERR_R_BN_LIB);
		goto err;
		}
		if (BN_ucmp(s->srp_ctx.A, s->srp_ctx.N) >= 0
		\|\| BN_is_zero(s->srp_ctx.A))
		{
		al=SSL_AD_ILLEGAL_PARAMETER;
		SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_BAD_SRP_PARAMETERS);
		goto f_err;
		}
		if (s->session->srp_username != NULL)
		OPENSSL_free(s->session->srp_username);
		s->session->srp_username = BUF_strdup(s->srp_ctx.login);

ssl/ssl.h

+1 −1

Original line number	Diff line number	Diff line
		@@ -2853,6 +2853,7 @@ void ERR_load_SSL_strings(void);
		#define SSL_R_BAD_SRP_B_LENGTH 348
		#define SSL_R_BAD_SRP_G_LENGTH 349
		#define SSL_R_BAD_SRP_N_LENGTH 350
		#define SSL_R_BAD_SRP_PARAMETERS 371
		#define SSL_R_BAD_SRP_S_LENGTH 351
		#define SSL_R_BAD_SRTP_MKI_VALUE 352
		#define SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST 353
		@@ -2914,7 +2915,6 @@ void ERR_load_SSL_strings(void);
		#define SSL_R_ILLEGAL_PADDING 283
		#define SSL_R_ILLEGAL_SUITEB_DIGEST 380
		#define SSL_R_INCONSISTENT_COMPRESSION 340
		#define SSL_R_INVALID_AUDIT_PROOF 371
		#define SSL_R_INVALID_CHALLENGE_LENGTH 158
		#define SSL_R_INVALID_COMMAND 280
		#define SSL_R_INVALID_COMPRESSION_ALGORITHM 341

ssl/ssl_err.c

+1 −1

Original line number	Diff line number	Diff line
		@@ -343,6 +343,7 @@ static ERR_STRING_DATA SSL_str_reasons[]=
		{ERR_REASON(SSL_R_BAD_SRP_B_LENGTH) ,"bad srp b length"},
		{ERR_REASON(SSL_R_BAD_SRP_G_LENGTH) ,"bad srp g length"},
		{ERR_REASON(SSL_R_BAD_SRP_N_LENGTH) ,"bad srp n length"},
		{ERR_REASON(SSL_R_BAD_SRP_PARAMETERS) ,"bad srp parameters"},
		{ERR_REASON(SSL_R_BAD_SRP_S_LENGTH) ,"bad srp s length"},
		{ERR_REASON(SSL_R_BAD_SRTP_MKI_VALUE) ,"bad srtp mki value"},
		{ERR_REASON(SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST),"bad srtp protection profile list"},
		@@ -404,7 +405,6 @@ static ERR_STRING_DATA SSL_str_reasons[]=
		{ERR_REASON(SSL_R_ILLEGAL_PADDING) ,"illegal padding"},
		{ERR_REASON(SSL_R_ILLEGAL_SUITEB_DIGEST) ,"illegal Suite B digest"},
		{ERR_REASON(SSL_R_INCONSISTENT_COMPRESSION),"inconsistent compression"},
		{ERR_REASON(SSL_R_INVALID_AUDIT_PROOF) ,"invalid audit proof"},
		{ERR_REASON(SSL_R_INVALID_CHALLENGE_LENGTH),"invalid challenge length"},
		{ERR_REASON(SSL_R_INVALID_COMMAND) ,"invalid command"},
		{ERR_REASON(SSL_R_INVALID_COMPRESSION_ALGORITHM),"invalid compression algorithm"},

ssl/ssl_locl.h

+3 −0

Original line number	Diff line number	Diff line
		@@ -1390,6 +1390,9 @@ void ssl3_cbc_digest_record(
		void tls_fips_digest_extra(
		const EVP_CIPHER_CTX cipher_ctx, EVP_MD_CTX mac_ctx,
		const unsigned char *data, size_t data_len, size_t orig_len);

		int srp_verify_server_param(SSL s, int al);

		#else

		#define ssl_init_wbio_buffer SSL_test_functions()->p_ssl_init_wbio_buffer