Fix SRP authentication ciphersuites.
authorDr. Stephen Henson <steve@openssl.org>
Fri, 8 Aug 2014 10:24:25 +0000 (11:24 +0100)
committerDr. Stephen Henson <steve@openssl.org>
Fri, 8 Aug 2014 23:09:14 +0000 (00:09 +0100)
The addition of SRP authentication needs to be checked in various places
to work properly. Specifically:

A certificate is not sent.
A certificate request must not be sent.
Server key exchange message must not contain a signature.
If appropriate SRP authentication ciphersuites should be chosen.
Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit 8f5a8805b82d1ae81168b11b7f1506db9e047dec)

ssl/s3_clnt.c
ssl/s3_lib.c
ssl/s3_srvr.c

index b4964f29e4bbd2d229599ca90ae5977c21fe9a01..d7722ed812ba3327d3a2135df23d72eea5711250 100644 (file)
@@ -327,9 +327,9 @@ int ssl3_connect(SSL *s)
                                break;
                                }
 #endif
-                       /* Check if it is anon DH/ECDH */
+                       /* Check if it is anon DH/ECDH, SRP auth */
                        /* or PSK */
-                       if (!(s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL) &&
+                       if (!(s->s3->tmp.new_cipher->algorithm_auth & (SSL_aNULL|SSL_aSRP)) &&
                            !(s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK))
                                {
                                ret=ssl3_get_server_certificate(s);
@@ -1916,8 +1916,8 @@ fprintf(stderr, "USING TLSv1.2 HASH %s\n", EVP_MD_name(md));
                }
        else
                {
-               /* aNULL or kPSK do not need public keys */
-               if (!(alg_a & SSL_aNULL) && !(alg_k & SSL_kPSK))
+               /* aNULL, aSRP or kPSK do not need public keys */
+               if (!(alg_a & (SSL_aNULL|SSL_aSRP)) && !(alg_k & SSL_kPSK))
                        {
                        /* Might be wrong key type, check it */
                        if (ssl3_check_cert_and_algorithm(s))
index a792edc1a47687be7d48c89b961e20ad241b397e..1a1e3faac21159f579c7604b8eb3fd384e721f09 100644 (file)
@@ -3441,8 +3441,10 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
                        cipher = s->s3->tmp.new_cipher;
                        if (!cipher)
                                return 0;
-                       /* No certificate for unauthenticated ciphersuites */
-                       if (cipher->algorithm_auth & SSL_aNULL)
+                       /* No certificate for unauthenticated ciphersuites
+                        * or using SRP authentication
+                        */
+                       if (cipher->algorithm_auth & (SSL_aNULL|SSL_aSRP))
                                return 2;
                        cpk = ssl_get_server_send_pkey(s);
                        if (!cpk)
@@ -4133,8 +4135,13 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
                emask_k = cert->export_mask_k;
                emask_a = cert->export_mask_a;
 #ifndef OPENSSL_NO_SRP
-               mask_k=cert->mask_k | s->srp_ctx.srp_Mask;
-               emask_k=cert->export_mask_k | s->srp_ctx.srp_Mask;
+               if (s->srp_ctx.srp_Mask & SSL_kSRP)
+                       {
+                       mask_k |= SSL_kSRP;
+                       emask_k |= SSL_kSRP;
+                       mask_a |= SSL_aSRP;
+                       emask_a |= SSL_aSRP;
+                       }
 #endif
                        
 #ifdef KSSL_DEBUG
index 0c998a1fde6499fe5d5989492cebcadba24e3a21..e1d35f791127d0a5ce04d45395891c98b287839b 100644 (file)
@@ -410,9 +410,8 @@ int ssl3_accept(SSL *s)
                case SSL3_ST_SW_CERT_B:
                        /* Check if it is anon DH or anon ECDH, */
                        /* normal PSK or KRB5 or SRP */
-                       if (!(s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL)
-                               && !(s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK)
-                               && !(s->s3->tmp.new_cipher->algorithm_auth & SSL_aKRB5))
+                       if (!(s->s3->tmp.new_cipher->algorithm_auth & (SSL_aNULL|SSL_aKRB5|SSL_aSRP))
+                               && !(s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK))
                                {
                                ret=ssl3_send_server_certificate(s);
                                if (ret <= 0) goto end;
@@ -515,7 +514,9 @@ int ssl3_accept(SSL *s)
                                  * (against the specs, but s3_clnt.c accepts this for SSL 3) */
                                 !(s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)) ||
                                 /* never request cert in Kerberos ciphersuites */
-                               (s->s3->tmp.new_cipher->algorithm_auth & SSL_aKRB5)
+                               (s->s3->tmp.new_cipher->algorithm_auth & SSL_aKRB5) ||
+                               /* don't request certificate for SRP auth */
+                               (s->s3->tmp.new_cipher->algorithm_auth & SSL_aSRP)
                                /* With normal PSK Certificates and
                                 * Certificate Requests are omitted */
                                || (s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK))
@@ -1875,7 +1876,7 @@ int ssl3_send_server_key_exchange(SSL *s)
                        n+=2+nr[i];
                        }
 
-               if (!(s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL)
+               if (!(s->s3->tmp.new_cipher->algorithm_auth & (SSL_aNULL|SSL_aSRP))
                        && !(s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK))
                        {
                        if ((pkey=ssl_get_sign_pkey(s,s->s3->tmp.new_cipher,&md))