From 5ed0b6ac0c9226ee539f2f35871c10ee83a80b26 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Fri, 8 Aug 2014 11:24:25 +0100 Subject: [PATCH] Fix SRP authentication ciphersuites. The addition of SRP authentication needs to be checked in various places to work properly. Specifically: A certificate is not sent. A certificate request must not be sent. Server key exchange message must not contain a signature. If appropriate SRP authentication ciphersuites should be chosen. Reviewed-by: Matt Caswell (cherry picked from commit 8f5a8805b82d1ae81168b11b7f1506db9e047dec) --- ssl/s3_clnt.c | 8 ++++---- ssl/s3_lib.c | 15 +++++++++++---- ssl/s3_srvr.c | 11 ++++++----- 3 files changed, 21 insertions(+), 13 deletions(-) diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c index b4964f29e4..d7722ed812 100644 --- a/ssl/s3_clnt.c +++ b/ssl/s3_clnt.c @@ -327,9 +327,9 @@ int ssl3_connect(SSL *s) break; } #endif - /* Check if it is anon DH/ECDH */ + /* Check if it is anon DH/ECDH, SRP auth */ /* or PSK */ - if (!(s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL) && + if (!(s->s3->tmp.new_cipher->algorithm_auth & (SSL_aNULL|SSL_aSRP)) && !(s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK)) { ret=ssl3_get_server_certificate(s); @@ -1916,8 +1916,8 @@ fprintf(stderr, "USING TLSv1.2 HASH %s\n", EVP_MD_name(md)); } else { - /* aNULL or kPSK do not need public keys */ - if (!(alg_a & SSL_aNULL) && !(alg_k & SSL_kPSK)) + /* aNULL, aSRP or kPSK do not need public keys */ + if (!(alg_a & (SSL_aNULL|SSL_aSRP)) && !(alg_k & SSL_kPSK)) { /* Might be wrong key type, check it */ if (ssl3_check_cert_and_algorithm(s)) diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index a792edc1a4..1a1e3faac2 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -3441,8 +3441,10 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) cipher = s->s3->tmp.new_cipher; if (!cipher) return 0; - /* No certificate for unauthenticated ciphersuites */ - if (cipher->algorithm_auth & SSL_aNULL) + /* No certificate for unauthenticated ciphersuites + * or using SRP authentication + */ + if (cipher->algorithm_auth & (SSL_aNULL|SSL_aSRP)) return 2; cpk = ssl_get_server_send_pkey(s); if (!cpk) @@ -4133,8 +4135,13 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, emask_k = cert->export_mask_k; emask_a = cert->export_mask_a; #ifndef OPENSSL_NO_SRP - mask_k=cert->mask_k | s->srp_ctx.srp_Mask; - emask_k=cert->export_mask_k | s->srp_ctx.srp_Mask; + if (s->srp_ctx.srp_Mask & SSL_kSRP) + { + mask_k |= SSL_kSRP; + emask_k |= SSL_kSRP; + mask_a |= SSL_aSRP; + emask_a |= SSL_aSRP; + } #endif #ifdef KSSL_DEBUG diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c index 0c998a1fde..e1d35f7911 100644 --- a/ssl/s3_srvr.c +++ b/ssl/s3_srvr.c @@ -410,9 +410,8 @@ int ssl3_accept(SSL *s) case SSL3_ST_SW_CERT_B: /* Check if it is anon DH or anon ECDH, */ /* normal PSK or KRB5 or SRP */ - if (!(s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL) - && !(s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK) - && !(s->s3->tmp.new_cipher->algorithm_auth & SSL_aKRB5)) + if (!(s->s3->tmp.new_cipher->algorithm_auth & (SSL_aNULL|SSL_aKRB5|SSL_aSRP)) + && !(s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK)) { ret=ssl3_send_server_certificate(s); if (ret <= 0) goto end; @@ -515,7 +514,9 @@ int ssl3_accept(SSL *s) * (against the specs, but s3_clnt.c accepts this for SSL 3) */ !(s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)) || /* never request cert in Kerberos ciphersuites */ - (s->s3->tmp.new_cipher->algorithm_auth & SSL_aKRB5) + (s->s3->tmp.new_cipher->algorithm_auth & SSL_aKRB5) || + /* don't request certificate for SRP auth */ + (s->s3->tmp.new_cipher->algorithm_auth & SSL_aSRP) /* With normal PSK Certificates and * Certificate Requests are omitted */ || (s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK)) @@ -1875,7 +1876,7 @@ int ssl3_send_server_key_exchange(SSL *s) n+=2+nr[i]; } - if (!(s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL) + if (!(s->s3->tmp.new_cipher->algorithm_auth & (SSL_aNULL|SSL_aSRP)) && !(s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK)) { if ((pkey=ssl_get_sign_pkey(s,s->s3->tmp.new_cipher,&md)) -- 2.25.1