On Fri, Aug 08, 2014, Norm Green wrote:
> Then what would you suggest? SRP is completely broken for us with 1.0.1i
>
Please try the attached patch against 1.0.1i.
[BTW removing the aSRP references is fine as long as you don't delete the kSRP
references too]
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
index ea0c82d..2ceaa1e 100644
--- a/ssl/s3_clnt.c
+++ b/ssl/s3_clnt.c
@@ -326,9 +326,9 @@ int ssl3_connect(SSL *s)
break;
}
#endif
- /* Check if it is anon DH/ECDH */
+ /* Check if it is anon DH/ECDH, SRP auth */
/* or PSK */
- if (!(s->s3->tmp.new_cipher->algorithm_auth &
SSL_aNULL) &&
+ if (!(s->s3->tmp.new_cipher->algorithm_auth &
(SSL_aNULL|SSL_aSRP)) &&
!(s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK))
{
ret=ssl3_get_server_certificate(s);
@@ -1835,8 +1835,8 @@ fprintf(stderr, "USING TLSv1.2 HASH %s\n",
EVP_MD_name(md));
}
else
{
- if (!(alg_a & SSL_aNULL) && !(alg_k & SSL_kPSK))
- /* aNULL or kPSK do not need public keys */
+ /* aNULL, aSRP or kPSK do not need public keys */
+ if (!(alg_a & (SSL_aNULL|SSL_aSRP)) && !(alg_k & SSL_kPSK))
{
SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_INTERNAL_ERROR);
goto err;
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index 4835bef..c5f3e93 100644
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -3824,6 +3824,8 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s,
STACK_OF(SSL_CIPHER) *clnt,
#ifndef OPENSSL_NO_SRP
mask_k=cert->mask_k | s->srp_ctx.srp_Mask;
emask_k=cert->export_mask_k | s->srp_ctx.srp_Mask;
+ mask_a=cert->mask_a | s->srp_ctx.srp_Mask;
+ emask_a=cert->export_mask_a | s->srp_ctx.srp_Mask;
#endif
#ifdef KSSL_DEBUG
diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
index 2867501..b0538d1 100644
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -412,7 +412,7 @@ int ssl3_accept(SSL *s)
/* normal PSK or KRB5 or SRP */
if (!(s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL)
&& !(s->s3->tmp.new_cipher->algorithm_mkey &
SSL_kPSK)
- && !(s->s3->tmp.new_cipher->algorithm_auth &
SSL_aKRB5))
+ && !(s->s3->tmp.new_cipher->algorithm_auth &
(SSL_aKRB5|SSL_aSRP)))
{
ret=ssl3_send_server_certificate(s);
if (ret <= 0) goto end;
@@ -515,7 +515,9 @@ int ssl3_accept(SSL *s)
* (against the specs, but s3_clnt.c accepts
this for SSL 3) */
!(s->verify_mode &
SSL_VERIFY_FAIL_IF_NO_PEER_CERT)) ||
/* never request cert in Kerberos ciphersuites
*/
- (s->s3->tmp.new_cipher->algorithm_auth &
SSL_aKRB5)
+ (s->s3->tmp.new_cipher->algorithm_auth &
SSL_aKRB5) ||
+ /* don't request certificate with SRP auth */
+ (s->s3->tmp.new_cipher->algorithm_auth &
SSL_aSRP)
/* With normal PSK Certificates and
* Certificate Requests are omitted */
|| (s->s3->tmp.new_cipher->algorithm_mkey &
SSL_kPSK))
@@ -1846,7 +1848,7 @@ int ssl3_send_server_key_exchange(SSL *s)
n+=2+nr[i];
}
- if (!(s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL)
+ if (!(s->s3->tmp.new_cipher->algorithm_auth &
(SSL_aNULL|SSL_aSRP))
&& !(s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK))
{
if
((pkey=ssl_get_sign_pkey(s,s->s3->tmp.new_cipher,&md))
