PR: 1794
authorDr. Stephen Henson <steve@openssl.org>
Fri, 25 Nov 2011 00:18:10 +0000 (00:18 +0000)
committerDr. Stephen Henson <steve@openssl.org>
Fri, 25 Nov 2011 00:18:10 +0000 (00:18 +0000)
Submitted by: Peter Sylvester <peter.sylvester@edelweb.fr>
Reviewed by: steve

Make SRP conformant to rfc 5054.

Changes are:

- removal of the addition state after client hello
- removal of all pre-rfc srp alert ids
- sending a fatal alert when there is no srp extension but when the
server wants SRP
- removal of unnecessary code in the client.

ssl/s3_clnt.c
ssl/s3_srvr.c
ssl/ssl.h
ssl/ssl3.h
ssl/ssl_stat.c
ssl/t1_enc.c
ssl/tls1.h
ssl/tls_srp.c

index 26673cfdee04203cb3a07f07c8faad274e5f6ac1..d1110e02c3254826871731cb662f6a227536793d 100644 (file)
@@ -280,20 +280,6 @@ int ssl3_connect(SSL *s)
                case SSL3_ST_CR_SRVR_HELLO_A:
                case SSL3_ST_CR_SRVR_HELLO_B:
                        ret=ssl3_get_server_hello(s);
-#ifndef OPENSSL_NO_SRP
-                       if (ret == 0 && s->s3->warn_alert == SSL_AD_MISSING_SRP_USERNAME)
-                               {
-                               if (!SRP_have_to_put_srp_username(s))
-                                       {
-                                       SSLerr(SSL_F_SSL3_CONNECT,SSL_R_MISSING_SRP_USERNAME);
-                                       ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_USER_CANCELLED);
-                                       goto end;
-                                       }
-                               s->state=SSL3_ST_CW_CLNT_HELLO_A;
-                               if (!ssl_init_wbio_buffer(s,0)) { ret= -1; goto end; }
-                               break;
-                               }
-#endif
                        if (ret <= 0) goto end;
 
                        if (s->hit)
index 4088598d239f69b4a48c6f577e600c260d786202..bae14c17e59ceb8921f12922e006dcad3c8bc777 100644 (file)
@@ -180,11 +180,11 @@ static const SSL_METHOD *ssl3_get_server_method(int ver)
        }
 
 #ifndef OPENSSL_NO_SRP
-static int SSL_check_srp_ext_ClientHello(SSL *s, int *ad)
+static int ssl_check_srp_ext_ClientHello(SSL *s, int *al)
        {
        int ret = SSL_ERROR_NONE;
 
-       *ad = SSL_AD_UNRECOGNIZED_NAME;
+       *al = SSL_AD_UNRECOGNIZED_NAME;
 
        if ((s->s3->tmp.new_cipher->algorithm_mkey & SSL_kSRP) &&
            (s->srp_ctx.TLS_ext_srp_username_callback != NULL))
@@ -192,12 +192,12 @@ static int SSL_check_srp_ext_ClientHello(SSL *s, int *ad)
                if(s->srp_ctx.login == NULL)
                        {
                        /* There isn't any srp login extension !!! */
-                       ret = SSL3_AL_WARNING;
-                       *ad = SSL_AD_MISSING_SRP_USERNAME;
+                       ret = SSL3_AL_FATAL;
+                       *al = SSL_AD_UNKNOWN_PSK_IDENTITY;
                        }
                else
                        {
-                       ret = SSL_srp_server_param_with_username(s,ad);
+                       ret = SSL_srp_server_param_with_username(s,al);
                        }
                }
        return ret;
@@ -216,10 +216,6 @@ int ssl3_accept(SSL *s)
        void (*cb)(const SSL *ssl,int type,int val)=NULL;
        int ret= -1;
        int new_state,state,skip=0;
-#ifndef OPENSSL_NO_SRP
-       int srp_no_username=0;
-       int extension_error,al;
-#endif
 
        RAND_add(&Time,sizeof(Time),0);
        ERR_clear_error();
@@ -340,35 +336,24 @@ int ssl3_accept(SSL *s)
                case SSL3_ST_SR_CLNT_HELLO_A:
                case SSL3_ST_SR_CLNT_HELLO_B:
                case SSL3_ST_SR_CLNT_HELLO_C:
-#ifndef OPENSSL_NO_SRP
-               case SSL3_ST_SR_CLNT_HELLO_SRP_USERNAME:
-#endif
 
                        s->shutdown=0;
+
                        ret=ssl3_get_client_hello(s);
                        if (ret <= 0) goto end;
 #ifndef OPENSSL_NO_SRP
-                       extension_error = 0;
-                       if ((al = SSL_check_srp_ext_ClientHello(s,&extension_error)) != SSL_ERROR_NONE)
+                       {
+                       int al;
+                       if ((ret = ssl_check_srp_ext_ClientHello(s,&al)) != SSL_ERROR_NONE)
                                {
-                               ssl3_send_alert(s,al,extension_error);
-                               if (extension_error == SSL_AD_MISSING_SRP_USERNAME)
-                                       {
-                                       if (srp_no_username) goto end;
-                                       ERR_clear_error();
-                                       srp_no_username = 1;
-                                       s->state=SSL3_ST_SR_CLNT_HELLO_SRP_USERNAME;
-                                       if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1);
-                                       if ((ret=BIO_flush(s->wbio)) <= 0) goto end;
-                                       s->init_num=0;
-                                       break;
-                                       }
-                               ret = -1;
-                               SSLerr(SSL_F_SSL3_ACCEPT,SSL_R_CLIENTHELLO_TLSEXT);
-                               goto end;
+                               ssl3_send_alert(s,SSL3_AL_FATAL,al);                            
+                               SSLerr(SSL_F_SSL3_ACCEPT,SSL_R_CLIENTHELLO_TLSEXT);                     
+                               ret = SSL_TLSEXT_ERR_ALERT_FATAL;                       
+                               ret= -1;
+                               goto end;       
                                }
-#endif
-                       
+                       }
+#endif         
                        s->renegotiate = 2;
                        s->state=SSL3_ST_SW_SRVR_HELLO_A;
                        s->init_num=0;
@@ -914,9 +899,6 @@ int ssl3_get_client_hello(SSL *s)
         * TLSv1.
         */
        if (s->state == SSL3_ST_SR_CLNT_HELLO_A
-#ifndef OPENSSL_NO_SRP
-               || (s->state == SSL3_ST_SR_CLNT_HELLO_SRP_USERNAME)
-#endif
                )
                {
                s->state=SSL3_ST_SR_CLNT_HELLO_B;
index a2803e23abf5b42fcc1d2537608d7fae14c9e103..1809946fca50369a991d0403cf81b93e6a6d9950 100644 (file)
--- a/ssl/ssl.h
+++ b/ssl/ssl.h
@@ -1486,8 +1486,6 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
 #define SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE
 #define SSL_AD_BAD_CERTIFICATE_HASH_VALUE TLS1_AD_BAD_CERTIFICATE_HASH_VALUE
 #define SSL_AD_UNKNOWN_PSK_IDENTITY     TLS1_AD_UNKNOWN_PSK_IDENTITY /* fatal */
-#define SSL_AD_UNKNOWN_SRP_USERNAME    TLS1_AD_UNKNOWN_SRP_USERNAME
-#define SSL_AD_MISSING_SRP_USERNAME    TLS1_AD_MISSING_SRP_USERNAME
 
 #define SSL_ERROR_NONE                 0
 #define SSL_ERROR_SSL                  1
index bef479a55fc6b7919e4295e4d9270ac0ea7ef531..43aadbd01319c5c7888a175e8da86a2c94e05e3a 100644 (file)
@@ -581,8 +581,6 @@ typedef struct ssl3_state_st
 #define SSL3_ST_SR_CLNT_HELLO_A                (0x110|SSL_ST_ACCEPT)
 #define SSL3_ST_SR_CLNT_HELLO_B                (0x111|SSL_ST_ACCEPT)
 #define SSL3_ST_SR_CLNT_HELLO_C                (0x112|SSL_ST_ACCEPT)
-/* a new state to remember that we have already receive a ClientHello without srp username extension */
-#define SSL3_ST_SR_CLNT_HELLO_SRP_USERNAME (0x1E2|SSL_ST_ACCEPT)
 /* write to client */
 #define DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A (0x113|SSL_ST_ACCEPT)
 #define DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B (0x114|SSL_ST_ACCEPT)
index cd2290a157a07b8938e02abc4a93cf1482fd0fa9..144b81e55fe41ffc267b8c8ab6aff202ccdbbd98 100644 (file)
@@ -210,9 +210,6 @@ case SSL3_ST_SR_KEY_EXCH_A: str="SSLv3 read client key exchange A"; break;
 case SSL3_ST_SR_KEY_EXCH_B:    str="SSLv3 read client key exchange B"; break;
 case SSL3_ST_SR_CERT_VRFY_A:   str="SSLv3 read certificate verify A"; break;
 case SSL3_ST_SR_CERT_VRFY_B:   str="SSLv3 read certificate verify B"; break;
-#ifndef OPENSSL_NO_SRP
-case SSL3_ST_SR_CLNT_HELLO_SRP_USERNAME:       str="SSLv3 waiting for a SRP username"; break;
-#endif
 #endif
 
 #if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3)
index a28bb7d2296768d7e8f2f5e7c86c006e233b9273..1c6fe5d82ae92dbf574b4b2ab10666245bab3685 100644 (file)
@@ -1242,9 +1242,6 @@ int tls1_alert_code(int code)
        case SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE: return(TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE);
        case SSL_AD_BAD_CERTIFICATE_HASH_VALUE: return(TLS1_AD_BAD_CERTIFICATE_HASH_VALUE);
        case SSL_AD_UNKNOWN_PSK_IDENTITY:return(TLS1_AD_UNKNOWN_PSK_IDENTITY);
-#ifndef OPENSSL_NO_SRP
-       case SSL_AD_MISSING_SRP_USERNAME:return(TLS1_AD_MISSING_SRP_USERNAME);
-#endif
 #if 0 /* not appropriate for TLS, not used for DTLS */
        case DTLS1_AD_MISSING_HANDSHAKE_MESSAGE: return 
                                          (DTLS1_AD_MISSING_HANDSHAKE_MESSAGE);
index 545383a5eedf52ea3beabacabe605f72b8de8f49..f121e042719e1cce6a64b7ffd898e86368cb3892 100644 (file)
@@ -196,8 +196,6 @@ extern "C" {
 #define TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE 113
 #define TLS1_AD_BAD_CERTIFICATE_HASH_VALUE 114
 #define TLS1_AD_UNKNOWN_PSK_IDENTITY   115     /* fatal */
-#define TLS1_AD_UNKNOWN_SRP_USERNAME 120 /* fatal */
-#define TLS1_AD_MISSING_SRP_USERNAME 121
 
 /* ExtensionType values from RFC3546 / RFC4366 */
 #define TLSEXT_TYPE_server_name                        0
index 6d78c49ea04398e53e996bf6e3ccc549e2efb957..433d286d3d86b775b40fd9f8b037da3aef2fd5c7 100644 (file)
@@ -234,7 +234,7 @@ int SSL_srp_server_param_with_username(SSL *s, int *ad)
        unsigned char b[SSL_MAX_MASTER_KEY_LENGTH];
        int al;
 
-       *ad = SSL_AD_UNKNOWN_SRP_USERNAME;
+       *ad = SSL_AD_UNKNOWN_PSK_IDENTITY;
        if ((s->srp_ctx.TLS_ext_srp_username_callback !=NULL) &&
                ((al = s->srp_ctx.TLS_ext_srp_username_callback(s, ad, s->srp_ctx.SRP_cb_arg))!=SSL_ERROR_NONE))
                        return al;