PR: 1794

Submitted by: Peter Sylvester <peter.sylvester@edelweb.fr> Reviewed by: steve Make SRP conformant to rfc 5054. Changes are: - removal of the addition state after client hello - removal of all pre-rfc srp alert ids - sending a fatal alert when there is no srp extension but when the server wants SRP - removal of unnecessary code in the client.
author: Dr. Stephen Henson <steve@openssl.org> 2011-11-25 00:18:10 +0000
committer: Dr. Stephen Henson <steve@openssl.org> 2011-11-25 00:18:10 +0000
commit: 2c7d978c2d4db664d1c5d164685480eed818d281 (patch)
tree: c61562b448898555f5f964e86cf62d5a0fc6a805
parent: 8cd897a42c973ed3a76ef1946f0d9eda1b6b12ec (diff)
8 files changed, 17 insertions, 61 deletions
diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
index 26673cfdee..d1110e02c3 100644
--- a/ssl/s3_clnt.c
+++ b/ssl/s3_clnt.c
@@ -280,20 +280,6 @@ int ssl3_connect(SSL *s)
 		case SSL3_ST_CR_SRVR_HELLO_A:
 		case SSL3_ST_CR_SRVR_HELLO_B:
 			ret=ssl3_get_server_hello(s);
-#ifndef OPENSSL_NO_SRP
-			if (ret == 0 && s->s3->warn_alert == SSL_AD_MISSING_SRP_USERNAME)
-				{
-				if (!SRP_have_to_put_srp_username(s))
-					{
-					SSLerr(SSL_F_SSL3_CONNECT,SSL_R_MISSING_SRP_USERNAME);
-					ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_USER_CANCELLED);
-					goto end;
-					}
-				s->state=SSL3_ST_CW_CLNT_HELLO_A;
-				if (!ssl_init_wbio_buffer(s,0)) { ret= -1; goto end; }
-				break;
-				}
-#endif
 			if (ret <= 0) goto end;
 
 			if (s->hit)
diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
index 4088598d23..bae14c17e5 100644
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -180,11 +180,11 @@ static const SSL_METHOD *ssl3_get_server_method(int ver)
 	}
 
 #ifndef OPENSSL_NO_SRP
-static int SSL_check_srp_ext_ClientHello(SSL *s, int *ad)
+static int ssl_check_srp_ext_ClientHello(SSL *s, int *al)
 	{
 	int ret = SSL_ERROR_NONE;
 
-	*ad = SSL_AD_UNRECOGNIZED_NAME;
+	*al = SSL_AD_UNRECOGNIZED_NAME;
 
 	if ((s->s3->tmp.new_cipher->algorithm_mkey & SSL_kSRP) &&
 	    (s->srp_ctx.TLS_ext_srp_username_callback != NULL))
@@ -192,12 +192,12 @@ static int SSL_check_srp_ext_ClientHello(SSL *s, int *ad)
 		if(s->srp_ctx.login == NULL)
 			{
 			/* There isn't any srp login extension !!! */
-			ret = SSL3_AL_WARNING;
-			*ad = SSL_AD_MISSING_SRP_USERNAME;
+			ret = SSL3_AL_FATAL;
+			*al = SSL_AD_UNKNOWN_PSK_IDENTITY;
 			}
 		else
 			{
-			ret = SSL_srp_server_param_with_username(s,ad);
+			ret = SSL_srp_server_param_with_username(s,al);
 			}
 		}
 	return ret;
@@ -216,10 +216,6 @@ int ssl3_accept(SSL *s)
 	void (*cb)(const SSL *ssl,int type,int val)=NULL;
 	int ret= -1;
 	int new_state,state,skip=0;
-#ifndef OPENSSL_NO_SRP
-	int srp_no_username=0;
-	int extension_error,al;
-#endif
 
 	RAND_add(&Time,sizeof(Time),0);
 	ERR_clear_error();
@@ -340,35 +336,24 @@ int ssl3_accept(SSL *s)
 		case SSL3_ST_SR_CLNT_HELLO_A:
 		case SSL3_ST_SR_CLNT_HELLO_B:
 		case SSL3_ST_SR_CLNT_HELLO_C:
-#ifndef OPENSSL_NO_SRP
-		case SSL3_ST_SR_CLNT_HELLO_SRP_USERNAME:
-#endif
 
 			s->shutdown=0;
+
 			ret=ssl3_get_client_hello(s);
 			if (ret <= 0) goto end;
 #ifndef OPENSSL_NO_SRP
-			extension_error = 0;
-			if ((al = SSL_check_srp_ext_ClientHello(s,&extension_error)) != SSL_ERROR_NONE)
+			{
+			int al;
+			if ((ret = ssl_check_srp_ext_ClientHello(s,&al)) != SSL_ERROR_NONE)
 				{
-				ssl3_send_alert(s,al,extension_error);
-				if (extension_error == SSL_AD_MISSING_SRP_USERNAME)
-					{
-					if (srp_no_username) goto end;
-					ERR_clear_error();
-					srp_no_username = 1;
-					s->state=SSL3_ST_SR_CLNT_HELLO_SRP_USERNAME;
-					if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1);
-					if ((ret=BIO_flush(s->wbio)) <= 0) goto end;
-					s->init_num=0;
-					break;
-					}
-				ret = -1;
-				SSLerr(SSL_F_SSL3_ACCEPT,SSL_R_CLIENTHELLO_TLSEXT);
-				goto end;
+				ssl3_send_alert(s,SSL3_AL_FATAL,al);				
+				SSLerr(SSL_F_SSL3_ACCEPT,SSL_R_CLIENTHELLO_TLSEXT);			
+				ret = SSL_TLSEXT_ERR_ALERT_FATAL;			
+				ret= -1;
+				goto end;	
 				}
-#endif
-			
+			}
+#endif		
 			s->renegotiate = 2;
 			s->state=SSL3_ST_SW_SRVR_HELLO_A;
 			s->init_num=0;
@@ -914,9 +899,6 @@ int ssl3_get_client_hello(SSL *s)
 	 * TLSv1.
 	 */
 	if (s->state == SSL3_ST_SR_CLNT_HELLO_A
-#ifndef OPENSSL_NO_SRP
-		|| (s->state == SSL3_ST_SR_CLNT_HELLO_SRP_USERNAME)
-#endif
 		)
 		{
 		s->state=SSL3_ST_SR_CLNT_HELLO_B;
diff --git a/ssl/ssl.h b/ssl/ssl.h
index a2803e23ab..1809946fca 100644
--- a/ssl/ssl.h
+++ b/ssl/ssl.h
@@ -1486,8 +1486,6 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
 #define SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE
 #define SSL_AD_BAD_CERTIFICATE_HASH_VALUE TLS1_AD_BAD_CERTIFICATE_HASH_VALUE
 #define SSL_AD_UNKNOWN_PSK_IDENTITY     TLS1_AD_UNKNOWN_PSK_IDENTITY /* fatal */
-#define SSL_AD_UNKNOWN_SRP_USERNAME	TLS1_AD_UNKNOWN_SRP_USERNAME
-#define SSL_AD_MISSING_SRP_USERNAME	TLS1_AD_MISSING_SRP_USERNAME
 
 #define SSL_ERROR_NONE			0
 #define SSL_ERROR_SSL			1
diff --git a/ssl/ssl3.h b/ssl/ssl3.h
index bef479a55f..43aadbd013 100644
--- a/ssl/ssl3.h
+++ b/ssl/ssl3.h
@@ -581,8 +581,6 @@ typedef struct ssl3_state_st
 #define SSL3_ST_SR_CLNT_HELLO_A		(0x110|SSL_ST_ACCEPT)
 #define SSL3_ST_SR_CLNT_HELLO_B		(0x111|SSL_ST_ACCEPT)
 #define SSL3_ST_SR_CLNT_HELLO_C		(0x112|SSL_ST_ACCEPT)
-/* a new state to remember that we have already receive a ClientHello without srp username extension */
-#define SSL3_ST_SR_CLNT_HELLO_SRP_USERNAME (0x1E2|SSL_ST_ACCEPT)
 /* write to client */
 #define DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A (0x113|SSL_ST_ACCEPT)
 #define DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B (0x114|SSL_ST_ACCEPT)
diff --git a/ssl/ssl_stat.c b/ssl/ssl_stat.c
index cd2290a157..144b81e55f 100644
--- a/ssl/ssl_stat.c
+++ b/ssl/ssl_stat.c
@@ -210,9 +210,6 @@ case SSL3_ST_SR_KEY_EXCH_A:	str="SSLv3 read client key exchange A"; break;
 case SSL3_ST_SR_KEY_EXCH_B:	str="SSLv3 read client key exchange B"; break;
 case SSL3_ST_SR_CERT_VRFY_A:	str="SSLv3 read certificate verify A"; break;
 case SSL3_ST_SR_CERT_VRFY_B:	str="SSLv3 read certificate verify B"; break;
-#ifndef OPENSSL_NO_SRP
-case SSL3_ST_SR_CLNT_HELLO_SRP_USERNAME:	str="SSLv3 waiting for a SRP username"; break;
-#endif
 #endif
 
 #if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3)
diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c
index a28bb7d229..1c6fe5d82a 100644
--- a/ssl/t1_enc.c
+++ b/ssl/t1_enc.c
@@ -1242,9 +1242,6 @@ int tls1_alert_code(int code)
 	case SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE: return(TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE);
 	case SSL_AD_BAD_CERTIFICATE_HASH_VALUE: return(TLS1_AD_BAD_CERTIFICATE_HASH_VALUE);
 	case SSL_AD_UNKNOWN_PSK_IDENTITY:return(TLS1_AD_UNKNOWN_PSK_IDENTITY);
-#ifndef OPENSSL_NO_SRP
-	case SSL_AD_MISSING_SRP_USERNAME:return(TLS1_AD_MISSING_SRP_USERNAME);
-#endif
 #if 0 /* not appropriate for TLS, not used for DTLS */
 	case DTLS1_AD_MISSING_HANDSHAKE_MESSAGE: return 
 					  (DTLS1_AD_MISSING_HANDSHAKE_MESSAGE);
diff --git a/ssl/tls1.h b/ssl/tls1.h
index 545383a5ee..f121e04271 100644
--- a/ssl/tls1.h
+++ b/ssl/tls1.h
@@ -196,8 +196,6 @@ extern "C" {
 #define TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE 113
 #define TLS1_AD_BAD_CERTIFICATE_HASH_VALUE 114
 #define TLS1_AD_UNKNOWN_PSK_IDENTITY	115	/* fatal */
-#define TLS1_AD_UNKNOWN_SRP_USERNAME 120 /* fatal */
-#define TLS1_AD_MISSING_SRP_USERNAME 121
 
 /* ExtensionType values from RFC3546 / RFC4366 */
 #define TLSEXT_TYPE_server_name			0
diff --git a/ssl/tls_srp.c b/ssl/tls_srp.c
index 6d78c49ea0..433d286d3d 100644
--- a/ssl/tls_srp.c
+++ b/ssl/tls_srp.c
@@ -234,7 +234,7 @@ int SSL_srp_server_param_with_username(SSL *s, int *ad)
 	unsigned char b[SSL_MAX_MASTER_KEY_LENGTH];
 	int al;
 
-	*ad = SSL_AD_UNKNOWN_SRP_USERNAME;
+	*ad = SSL_AD_UNKNOWN_PSK_IDENTITY;
 	if ((s->srp_ctx.TLS_ext_srp_username_callback !=NULL) &&
 		((al = s->srp_ctx.TLS_ext_srp_username_callback(s, ad, s->srp_ctx.SRP_cb_arg))!=SSL_ERROR_NONE))
 			return al;
author	Dr. Stephen Henson <steve@openssl.org>	2011-11-25 00:18:10 +0000
committer	Dr. Stephen Henson <steve@openssl.org>	2011-11-25 00:18:10 +0000
commit	2c7d978c2d4db664d1c5d164685480eed818d281 (patch)
tree	c61562b448898555f5f964e86cf62d5a0fc6a805
parent	8cd897a42c973ed3a76ef1946f0d9eda1b6b12ec (diff)