On Fri, Aug 08, 2014, Norm Green wrote: > Then what would you suggest? SRP is completely broken for us with 1.0.1i >
Please try the attached patch against 1.0.1i. [BTW removing the aSRP references is fine as long as you don't delete the kSRP references too] Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org
diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c index ea0c82d..2ceaa1e 100644 --- a/ssl/s3_clnt.c +++ b/ssl/s3_clnt.c @@ -326,9 +326,9 @@ int ssl3_connect(SSL *s) break; } #endif - /* Check if it is anon DH/ECDH */ + /* Check if it is anon DH/ECDH, SRP auth */ /* or PSK */ - if (!(s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL) && + if (!(s->s3->tmp.new_cipher->algorithm_auth & (SSL_aNULL|SSL_aSRP)) && !(s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK)) { ret=ssl3_get_server_certificate(s); @@ -1835,8 +1835,8 @@ fprintf(stderr, "USING TLSv1.2 HASH %s\n", EVP_MD_name(md)); } else { - if (!(alg_a & SSL_aNULL) && !(alg_k & SSL_kPSK)) - /* aNULL or kPSK do not need public keys */ + /* aNULL, aSRP or kPSK do not need public keys */ + if (!(alg_a & (SSL_aNULL|SSL_aSRP)) && !(alg_k & SSL_kPSK)) { SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_INTERNAL_ERROR); goto err; diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index 4835bef..c5f3e93 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -3824,6 +3824,8 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, #ifndef OPENSSL_NO_SRP mask_k=cert->mask_k | s->srp_ctx.srp_Mask; emask_k=cert->export_mask_k | s->srp_ctx.srp_Mask; + mask_a=cert->mask_a | s->srp_ctx.srp_Mask; + emask_a=cert->export_mask_a | s->srp_ctx.srp_Mask; #endif #ifdef KSSL_DEBUG diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c index 2867501..b0538d1 100644 --- a/ssl/s3_srvr.c +++ b/ssl/s3_srvr.c @@ -412,7 +412,7 @@ int ssl3_accept(SSL *s) /* normal PSK or KRB5 or SRP */ if (!(s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL) && !(s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK) - && !(s->s3->tmp.new_cipher->algorithm_auth & SSL_aKRB5)) + && !(s->s3->tmp.new_cipher->algorithm_auth & (SSL_aKRB5|SSL_aSRP))) { ret=ssl3_send_server_certificate(s); if (ret <= 0) goto end; @@ -515,7 +515,9 @@ int ssl3_accept(SSL *s) * (against the specs, but s3_clnt.c accepts this for SSL 3) */ !(s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)) || /* never request cert in Kerberos ciphersuites */ - (s->s3->tmp.new_cipher->algorithm_auth & SSL_aKRB5) + (s->s3->tmp.new_cipher->algorithm_auth & SSL_aKRB5) || + /* don't request certificate with SRP auth */ + (s->s3->tmp.new_cipher->algorithm_auth & SSL_aSRP) /* With normal PSK Certificates and * Certificate Requests are omitted */ || (s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK)) @@ -1846,7 +1848,7 @@ int ssl3_send_server_key_exchange(SSL *s) n+=2+nr[i]; } - if (!(s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL) + if (!(s->s3->tmp.new_cipher->algorithm_auth & (SSL_aNULL|SSL_aSRP)) && !(s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK)) { if ((pkey=ssl_get_sign_pkey(s,s->s3->tmp.new_cipher,&md))