Commit ebba6c48 authored by Dr. Stephen Henson's avatar Dr. Stephen Henson
Browse files

PR: 1794 

Submitted by: Peter Sylvester <peter.sylvester@edelweb.fr>
Reviewed by: steve

Make SRP conformant to rfc 5054.

Changes are:

- removal of the addition state after client hello
- removal of all pre-rfc srp alert ids
- sending a fatal alert when there is no srp extension but when the
server wants SRP
- removal of unnecessary code in the client.
parent 6f31dd72

ssl/s3_clnt.c

+0 −14
Original line number Diff line number Diff line
@@ -281,20 +281,6 @@ int ssl3_connect(SSL *s) 
		case SSL3_ST_CR_SRVR_HELLO_A:

		case SSL3_ST_CR_SRVR_HELLO_B:

			ret=ssl3_get_server_hello(s);

#ifndef OPENSSL_NO_SRP

			if ((ret == 0) && (s->s3->warn_alert == SSL_AD_MISSING_SRP_USERNAME))

				{

				if (!SRP_have_to_put_srp_username(s))

					{

					SSLerr(SSL_F_SSL3_CONNECT,SSL_R_MISSING_SRP_USERNAME);

					ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_USER_CANCELLED);

					goto end;

					}

				s->state=SSL3_ST_CW_CLNT_HELLO_A;

				if (!ssl_init_wbio_buffer(s,0)) { ret= -1; goto end; }

				break;

				}

#endif

			if (ret <= 0) goto end;



			if (s->hit)

ssl/s3_srvr.c

+16 −34
Original line number Diff line number Diff line
@@ -181,24 +181,25 @@ static const SSL_METHOD *ssl3_get_server_method(int ver) 
	}



#ifndef OPENSSL_NO_SRP

static int SSL_check_srp_ext_ClientHello(SSL *s,int *ad)

static int ssl_check_srp_ext_ClientHello(SSL *s,int *al)

	{

	int ret = SSL_ERROR_NONE;



	*ad = SSL_AD_UNRECOGNIZED_NAME;

	*al = SSL_AD_UNRECOGNIZED_NAME;



	if ((s->s3->tmp.new_cipher->algorithm_mkey & SSL_kSRP) &&

	    (s->srp_ctx.TLS_ext_srp_username_callback != NULL))

		{

		if(s->srp_ctx.login == NULL)

			{

			/* There isn't any srp login extension !!! */

			ret = SSL3_AL_WARNING;

			*ad = SSL_AD_MISSING_SRP_USERNAME;

			/* RFC 5054 says SHOULD reject, 

			   we do so if There is no srp login name */

			ret = SSL3_AL_FATAL;

			*al = SSL_AD_UNKNOWN_PSK_IDENTITY;

			}

		else

			{

			ret = SSL_srp_server_param_with_username(s,ad);

			ret = SSL_srp_server_param_with_username(s,al);

			}

		}

	return ret;
@@ -217,9 +218,6 @@ int ssl3_accept(SSL *s) 
	void (*cb)(const SSL *ssl,int type,int val)=NULL;

	int ret= -1;

	int new_state,state,skip=0;

#ifndef OPENSSL_NO_SRP

	int srp_no_username =0;

#endif



	RAND_add(&Time,sizeof(Time),0);

	ERR_clear_error();
@@ -340,33 +338,20 @@ int ssl3_accept(SSL *s) 
		case SSL3_ST_SR_CLNT_HELLO_A:

		case SSL3_ST_SR_CLNT_HELLO_B:

		case SSL3_ST_SR_CLNT_HELLO_C:

#ifndef OPENSSL_NO_SRP

		case SSL3_ST_SR_CLNT_HELLO_SRP_USERNAME:

#endif



			s->shutdown=0;

			ret=ssl3_get_client_hello(s);

			if (ret <= 0) goto end;

#ifndef OPENSSL_NO_SRP

			{

			int extension_error = 0,al;

			int al;



			if ((al = SSL_check_srp_ext_ClientHello(s,&extension_error)) != SSL_ERROR_NONE)

 			if ((ret = ssl_check_srp_ext_ClientHello(s,&al)) != SSL_ERROR_NONE)

  				{

				ssl3_send_alert(s,al,extension_error);

				if (extension_error == SSL_AD_MISSING_SRP_USERNAME)

					{

					if (srp_no_username) goto end;

					ERR_clear_error();

					srp_no_username = 1;

					s->state=SSL3_ST_SR_CLNT_HELLO_SRP_USERNAME;

					if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1);

					if ((ret=BIO_flush(s->wbio)) <= 0) goto end;

					s->init_num=0;

					break;

					}

				ret = -1;

				ssl3_send_alert(s,SSL3_AL_FATAL,al);				

				SSLerr(SSL_F_SSL3_ACCEPT,SSL_R_CLIENTHELLO_TLSEXT);			

				ret = SSL_TLSEXT_ERR_ALERT_FATAL;			

				ret= -1;

				goto end;	

  				}

			}
@@ -917,9 +902,6 @@ int ssl3_get_client_hello(SSL *s) 
	 * TLSv1.

	 */

	if (s->state == SSL3_ST_SR_CLNT_HELLO_A

#ifndef OPENSSL_NO_SRP

		|| (s->state == SSL3_ST_SR_CLNT_HELLO_SRP_USERNAME)

#endif

		)

		{

		s->state=SSL3_ST_SR_CLNT_HELLO_B;

ssl/ssl.h

+0 −2
Original line number Diff line number Diff line
@@ -1494,8 +1494,6 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) 
#define SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE

#define SSL_AD_BAD_CERTIFICATE_HASH_VALUE TLS1_AD_BAD_CERTIFICATE_HASH_VALUE

#define SSL_AD_UNKNOWN_PSK_IDENTITY     TLS1_AD_UNKNOWN_PSK_IDENTITY /* fatal */

#define SSL_AD_UNKNOWN_SRP_USERNAME	TLS1_AD_UNKNOWN_SRP_USERNAME

#define SSL_AD_MISSING_SRP_USERNAME	TLS1_AD_MISSING_SRP_USERNAME



#define SSL_ERROR_NONE			0

#define SSL_ERROR_SSL			1

ssl/ssl3.h

+0 −2
Original line number Diff line number Diff line
@@ -584,8 +584,6 @@ typedef struct ssl3_state_st 
#define SSL3_ST_SR_CLNT_HELLO_A		(0x110|SSL_ST_ACCEPT)

#define SSL3_ST_SR_CLNT_HELLO_B		(0x111|SSL_ST_ACCEPT)

#define SSL3_ST_SR_CLNT_HELLO_C		(0x112|SSL_ST_ACCEPT)

/* a new state to remember that we have already receive a ClientHello without srp username extension */

#define SSL3_ST_SR_CLNT_HELLO_SRP_USERNAME (0x1E2|SSL_ST_ACCEPT)

/* write to client */

#define DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A (0x113|SSL_ST_ACCEPT)

#define DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B (0x114|SSL_ST_ACCEPT)

ssl/ssl_stat.c

+0 −3
Original line number Diff line number Diff line
@@ -210,9 +210,6 @@ case SSL3_ST_SR_KEY_EXCH_A: str="SSLv3 read client key exchange A"; break; 
case SSL3_ST_SR_KEY_EXCH_B:	str="SSLv3 read client key exchange B"; break;

case SSL3_ST_SR_CERT_VRFY_A:	str="SSLv3 read certificate verify A"; break;

case SSL3_ST_SR_CERT_VRFY_B:	str="SSLv3 read certificate verify B"; break;

#ifndef OPENSSL_NO_SRP

case SSL3_ST_SR_CLNT_HELLO_SRP_USERNAME:	str="SSLv3 waiting for a SRP username"; break;

#endif

#endif



#if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3)