Commit 9e72d496 authored by Dr. Stephen Henson's avatar Dr. Stephen Henson
Browse files

Fix SRP authentication ciphersuites. 



The addition of SRP authentication needs to be checked in various places
to work properly. Specifically:

A certificate is not sent.
A certificate request must not be sent.
Server key exchange message must not contain a signature.
If appropriate SRP authentication ciphersuites should be chosen.
Reviewed-by: default avatarMatt Caswell <matt@openssl.org>
parent 562fd0d8

ssl/s3_clnt.c

+4 −4
Original line number Diff line number Diff line
@@ -334,9 +334,9 @@ int ssl3_connect(SSL *s) 
				break;

				}

#endif

			/* Check if it is anon DH/ECDH */

			/* Check if it is anon DH/ECDH, SRP auth */

			/* or PSK */

			if (!(s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL) &&

			if (!(s->s3->tmp.new_cipher->algorithm_auth & (SSL_aNULL|SSL_aSRP)) &&

			    !(s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK))

				{

				ret=ssl3_get_server_certificate(s);
@@ -1939,8 +1939,8 @@ fprintf(stderr, "USING TLSv1.2 HASH %s\n", EVP_MD_name(md)); 
		}

	else

		{

		/* aNULL or kPSK do not need public keys */

		if (!(alg_a & SSL_aNULL) && !(alg_k & SSL_kPSK))

		/* aNULL, aSRP or kPSK do not need public keys */

		if (!(alg_a & (SSL_aNULL|SSL_aSRP)) && !(alg_k & SSL_kPSK))

			{

			/* Might be wrong key type, check it */

			if (ssl3_check_cert_and_algorithm(s))

ssl/s3_lib.c

+11 −4
Original line number Diff line number Diff line
@@ -3646,8 +3646,10 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) 
			cipher = s->s3->tmp.new_cipher;

			if (!cipher)

				return 0;

			/* No certificate for unauthenticated ciphersuites */

			if (cipher->algorithm_auth & SSL_aNULL)

			/* No certificate for unauthenticated ciphersuites

			 * or using SRP authentication

			 */

			if (cipher->algorithm_auth & (SSL_aNULL|SSL_aSRP))

				return 2;

			cpk = ssl_get_server_send_pkey(s);

			if (!cpk)
@@ -4357,8 +4359,13 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, 
		emask_k = cert->export_mask_k;

		emask_a = cert->export_mask_a;

#ifndef OPENSSL_NO_SRP

		mask_k=cert->mask_k | s->srp_ctx.srp_Mask;

		emask_k=cert->export_mask_k | s->srp_ctx.srp_Mask;

		if (s->srp_ctx.srp_Mask & SSL_kSRP)

			{

			mask_k |= SSL_kSRP;

			emask_k |= SSL_kSRP;

			mask_a |= SSL_aSRP;

			emask_a |= SSL_aSRP;

			}

#endif

			

#ifdef KSSL_DEBUG

ssl/s3_srvr.c

+6 −5
Original line number Diff line number Diff line
@@ -417,9 +417,8 @@ int ssl3_accept(SSL *s) 
		case SSL3_ST_SW_CERT_B:

			/* Check if it is anon DH or anon ECDH, */

			/* normal PSK or KRB5 or SRP */

			if (!(s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL)

				&& !(s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK)

				&& !(s->s3->tmp.new_cipher->algorithm_auth & SSL_aKRB5))

			if (!(s->s3->tmp.new_cipher->algorithm_auth & (SSL_aNULL|SSL_aKRB5|SSL_aSRP))

				&& !(s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK))

				{

				ret=ssl3_send_server_certificate(s);

				if (ret <= 0) goto end;
@@ -522,7 +521,9 @@ int ssl3_accept(SSL *s) 
				  * (against the specs, but s3_clnt.c accepts this for SSL 3) */

				 !(s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)) ||

				 /* never request cert in Kerberos ciphersuites */

				(s->s3->tmp.new_cipher->algorithm_auth & SSL_aKRB5)

				(s->s3->tmp.new_cipher->algorithm_auth & SSL_aKRB5) ||

				/* don't request certificate for SRP auth */

				(s->s3->tmp.new_cipher->algorithm_auth & SSL_aSRP)

				/* With normal PSK Certificates and

				 * Certificate Requests are omitted */

				|| (s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK))
@@ -1909,7 +1910,7 @@ int ssl3_send_server_key_exchange(SSL *s) 
			n+=2+nr[i];

			}



		if (!(s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL)

		if (!(s->s3->tmp.new_cipher->algorithm_auth & (SSL_aNULL|SSL_aSRP))

			&& !(s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK))

			{

			if ((pkey=ssl_get_sign_pkey(s,s->s3->tmp.new_cipher,&md))