From: Dr. Stephen Henson Date: Fri, 25 Nov 2011 00:17:44 +0000 (+0000) Subject: PR: 1794 X-Git-Tag: master-post-reformat~2071 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=ebba6c48958f5ceaea7ae0749a320e68943234bc;p=oweals%2Fopenssl.git PR: 1794 Submitted by: Peter Sylvester Reviewed by: steve Make SRP conformant to rfc 5054. Changes are: - removal of the addition state after client hello - removal of all pre-rfc srp alert ids - sending a fatal alert when there is no srp extension but when the server wants SRP - removal of unnecessary code in the client. --- diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c index a32978be30..ca9667c198 100644 --- a/ssl/s3_clnt.c +++ b/ssl/s3_clnt.c @@ -281,20 +281,6 @@ int ssl3_connect(SSL *s) case SSL3_ST_CR_SRVR_HELLO_A: case SSL3_ST_CR_SRVR_HELLO_B: ret=ssl3_get_server_hello(s); -#ifndef OPENSSL_NO_SRP - if ((ret == 0) && (s->s3->warn_alert == SSL_AD_MISSING_SRP_USERNAME)) - { - if (!SRP_have_to_put_srp_username(s)) - { - SSLerr(SSL_F_SSL3_CONNECT,SSL_R_MISSING_SRP_USERNAME); - ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_USER_CANCELLED); - goto end; - } - s->state=SSL3_ST_CW_CLNT_HELLO_A; - if (!ssl_init_wbio_buffer(s,0)) { ret= -1; goto end; } - break; - } -#endif if (ret <= 0) goto end; if (s->hit) diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c index 7551220e06..f17afaf330 100644 --- a/ssl/s3_srvr.c +++ b/ssl/s3_srvr.c @@ -181,24 +181,25 @@ static const SSL_METHOD *ssl3_get_server_method(int ver) } #ifndef OPENSSL_NO_SRP -static int SSL_check_srp_ext_ClientHello(SSL *s,int *ad) +static int ssl_check_srp_ext_ClientHello(SSL *s,int *al) { int ret = SSL_ERROR_NONE; - *ad = SSL_AD_UNRECOGNIZED_NAME; + *al = SSL_AD_UNRECOGNIZED_NAME; if ((s->s3->tmp.new_cipher->algorithm_mkey & SSL_kSRP) && (s->srp_ctx.TLS_ext_srp_username_callback != NULL)) { if(s->srp_ctx.login == NULL) { - /* There isn't any srp login extension !!! */ - ret = SSL3_AL_WARNING; - *ad = SSL_AD_MISSING_SRP_USERNAME; + /* RFC 5054 says SHOULD reject, + we do so if There is no srp login name */ + ret = SSL3_AL_FATAL; + *al = SSL_AD_UNKNOWN_PSK_IDENTITY; } else { - ret = SSL_srp_server_param_with_username(s,ad); + ret = SSL_srp_server_param_with_username(s,al); } } return ret; @@ -217,9 +218,6 @@ int ssl3_accept(SSL *s) void (*cb)(const SSL *ssl,int type,int val)=NULL; int ret= -1; int new_state,state,skip=0; -#ifndef OPENSSL_NO_SRP - int srp_no_username =0; -#endif RAND_add(&Time,sizeof(Time),0); ERR_clear_error(); @@ -340,35 +338,22 @@ int ssl3_accept(SSL *s) case SSL3_ST_SR_CLNT_HELLO_A: case SSL3_ST_SR_CLNT_HELLO_B: case SSL3_ST_SR_CLNT_HELLO_C: -#ifndef OPENSSL_NO_SRP - case SSL3_ST_SR_CLNT_HELLO_SRP_USERNAME: -#endif s->shutdown=0; ret=ssl3_get_client_hello(s); if (ret <= 0) goto end; #ifndef OPENSSL_NO_SRP { - int extension_error = 0,al; + int al; - if ((al = SSL_check_srp_ext_ClientHello(s,&extension_error)) != SSL_ERROR_NONE) - { - ssl3_send_alert(s,al,extension_error); - if (extension_error == SSL_AD_MISSING_SRP_USERNAME) - { - if (srp_no_username) goto end; - ERR_clear_error(); - srp_no_username = 1; - s->state=SSL3_ST_SR_CLNT_HELLO_SRP_USERNAME; - if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1); - if ((ret=BIO_flush(s->wbio)) <= 0) goto end; - s->init_num=0; - break; - } - ret = -1; - SSLerr(SSL_F_SSL3_ACCEPT,SSL_R_CLIENTHELLO_TLSEXT); - goto end; - } + if ((ret = ssl_check_srp_ext_ClientHello(s,&al)) != SSL_ERROR_NONE) + { + ssl3_send_alert(s,SSL3_AL_FATAL,al); + SSLerr(SSL_F_SSL3_ACCEPT,SSL_R_CLIENTHELLO_TLSEXT); + ret = SSL_TLSEXT_ERR_ALERT_FATAL; + ret= -1; + goto end; + } } #endif @@ -917,9 +902,6 @@ int ssl3_get_client_hello(SSL *s) * TLSv1. */ if (s->state == SSL3_ST_SR_CLNT_HELLO_A -#ifndef OPENSSL_NO_SRP - || (s->state == SSL3_ST_SR_CLNT_HELLO_SRP_USERNAME) -#endif ) { s->state=SSL3_ST_SR_CLNT_HELLO_B; diff --git a/ssl/ssl.h b/ssl/ssl.h index ffbe6114a4..7c01268564 100644 --- a/ssl/ssl.h +++ b/ssl/ssl.h @@ -1494,8 +1494,6 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) #define SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE #define SSL_AD_BAD_CERTIFICATE_HASH_VALUE TLS1_AD_BAD_CERTIFICATE_HASH_VALUE #define SSL_AD_UNKNOWN_PSK_IDENTITY TLS1_AD_UNKNOWN_PSK_IDENTITY /* fatal */ -#define SSL_AD_UNKNOWN_SRP_USERNAME TLS1_AD_UNKNOWN_SRP_USERNAME -#define SSL_AD_MISSING_SRP_USERNAME TLS1_AD_MISSING_SRP_USERNAME #define SSL_ERROR_NONE 0 #define SSL_ERROR_SSL 1 diff --git a/ssl/ssl3.h b/ssl/ssl3.h index aa9987f3e6..289e9e9a8a 100644 --- a/ssl/ssl3.h +++ b/ssl/ssl3.h @@ -584,8 +584,6 @@ typedef struct ssl3_state_st #define SSL3_ST_SR_CLNT_HELLO_A (0x110|SSL_ST_ACCEPT) #define SSL3_ST_SR_CLNT_HELLO_B (0x111|SSL_ST_ACCEPT) #define SSL3_ST_SR_CLNT_HELLO_C (0x112|SSL_ST_ACCEPT) -/* a new state to remember that we have already receive a ClientHello without srp username extension */ -#define SSL3_ST_SR_CLNT_HELLO_SRP_USERNAME (0x1E2|SSL_ST_ACCEPT) /* write to client */ #define DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A (0x113|SSL_ST_ACCEPT) #define DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B (0x114|SSL_ST_ACCEPT) diff --git a/ssl/ssl_stat.c b/ssl/ssl_stat.c index cd2290a157..144b81e55f 100644 --- a/ssl/ssl_stat.c +++ b/ssl/ssl_stat.c @@ -210,9 +210,6 @@ case SSL3_ST_SR_KEY_EXCH_A: str="SSLv3 read client key exchange A"; break; case SSL3_ST_SR_KEY_EXCH_B: str="SSLv3 read client key exchange B"; break; case SSL3_ST_SR_CERT_VRFY_A: str="SSLv3 read certificate verify A"; break; case SSL3_ST_SR_CERT_VRFY_B: str="SSLv3 read certificate verify B"; break; -#ifndef OPENSSL_NO_SRP -case SSL3_ST_SR_CLNT_HELLO_SRP_USERNAME: str="SSLv3 waiting for a SRP username"; break; -#endif #endif #if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3) diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c index a28bb7d229..1c6fe5d82a 100644 --- a/ssl/t1_enc.c +++ b/ssl/t1_enc.c @@ -1242,9 +1242,6 @@ int tls1_alert_code(int code) case SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE: return(TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE); case SSL_AD_BAD_CERTIFICATE_HASH_VALUE: return(TLS1_AD_BAD_CERTIFICATE_HASH_VALUE); case SSL_AD_UNKNOWN_PSK_IDENTITY:return(TLS1_AD_UNKNOWN_PSK_IDENTITY); -#ifndef OPENSSL_NO_SRP - case SSL_AD_MISSING_SRP_USERNAME:return(TLS1_AD_MISSING_SRP_USERNAME); -#endif #if 0 /* not appropriate for TLS, not used for DTLS */ case DTLS1_AD_MISSING_HANDSHAKE_MESSAGE: return (DTLS1_AD_MISSING_HANDSHAKE_MESSAGE); diff --git a/ssl/tls1.h b/ssl/tls1.h index 545383a5ee..f121e04271 100644 --- a/ssl/tls1.h +++ b/ssl/tls1.h @@ -196,8 +196,6 @@ extern "C" { #define TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE 113 #define TLS1_AD_BAD_CERTIFICATE_HASH_VALUE 114 #define TLS1_AD_UNKNOWN_PSK_IDENTITY 115 /* fatal */ -#define TLS1_AD_UNKNOWN_SRP_USERNAME 120 /* fatal */ -#define TLS1_AD_MISSING_SRP_USERNAME 121 /* ExtensionType values from RFC3546 / RFC4366 */ #define TLSEXT_TYPE_server_name 0 diff --git a/ssl/tls_srp.c b/ssl/tls_srp.c index 98925f702e..febddc7624 100644 --- a/ssl/tls_srp.c +++ b/ssl/tls_srp.c @@ -236,7 +236,7 @@ int SSL_srp_server_param_with_username(SSL *s, int *ad) unsigned char b[SSL_MAX_MASTER_KEY_LENGTH]; int al; - *ad = SSL_AD_UNKNOWN_SRP_USERNAME; + *ad = SSL_AD_UNKNOWN_PSK_IDENTITY; if ((s->srp_ctx.TLS_ext_srp_username_callback !=NULL) && ((al = s->srp_ctx.TLS_ext_srp_username_callback(s, ad, s->srp_ctx.SRP_cb_arg))!=SSL_ERROR_NONE)) return al;