From f472ada00681d0de7c68d13ecbd404d822afa8b1 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Mon, 9 Jun 2014 12:03:12 +0100 Subject: [PATCH] SRP ciphersuite correction. SRP ciphersuites do not have no authentication. They have authentication based on SRP. Add new SRP authentication flag and cipher string. (cherry picked from commit a86b88acc373ac1fb0ca709a5fb8a8fa74683f67) --- ssl/s3_lib.c | 6 +++--- ssl/ssl.h | 1 + ssl/ssl_ciph.c | 4 ++++ ssl/ssl_locl.h | 1 + 4 files changed, 9 insertions(+), 3 deletions(-) diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index e8140e2c74..a792edc1a4 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -2437,7 +2437,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ TLS1_TXT_SRP_SHA_WITH_3DES_EDE_CBC_SHA, TLS1_CK_SRP_SHA_WITH_3DES_EDE_CBC_SHA, SSL_kSRP, - SSL_aNULL, + SSL_aSRP, SSL_3DES, SSL_SHA1, SSL_TLSV1, @@ -2485,7 +2485,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ TLS1_TXT_SRP_SHA_WITH_AES_128_CBC_SHA, TLS1_CK_SRP_SHA_WITH_AES_128_CBC_SHA, SSL_kSRP, - SSL_aNULL, + SSL_aSRP, SSL_AES128, SSL_SHA1, SSL_TLSV1, @@ -2533,7 +2533,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ TLS1_TXT_SRP_SHA_WITH_AES_256_CBC_SHA, TLS1_CK_SRP_SHA_WITH_AES_256_CBC_SHA, SSL_kSRP, - SSL_aNULL, + SSL_aSRP, SSL_AES256, SSL_SHA1, SSL_TLSV1, diff --git a/ssl/ssl.h b/ssl/ssl.h index e3715b53f3..dec44493dd 100644 --- a/ssl/ssl.h +++ b/ssl/ssl.h @@ -264,6 +264,7 @@ extern "C" { #define SSL_TXT_aGOST94 "aGOST94" #define SSL_TXT_aGOST01 "aGOST01" #define SSL_TXT_aGOST "aGOST" +#define SSL_TXT_aSRP "aSRP" #define SSL_TXT_DSS "DSS" #define SSL_TXT_DH "DH" diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c index c8057aa85d..13127d725e 100644 --- a/ssl/ssl_ciph.c +++ b/ssl/ssl_ciph.c @@ -270,6 +270,7 @@ static const SSL_CIPHER cipher_aliases[]={ {0,SSL_TXT_aGOST94,0,0,SSL_aGOST94,0,0,0,0,0,0,0}, {0,SSL_TXT_aGOST01,0,0,SSL_aGOST01,0,0,0,0,0,0,0}, {0,SSL_TXT_aGOST,0,0,SSL_aGOST94|SSL_aGOST01,0,0,0,0,0,0,0}, + {0,SSL_TXT_aSRP,0, 0,SSL_aSRP, 0,0,0,0,0,0,0}, /* aliases combining key exchange and server authentication */ {0,SSL_TXT_EDH,0, SSL_kEDH,~SSL_aNULL,0,0,0,0,0,0,0}, @@ -1702,6 +1703,9 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len) case SSL_aPSK: au="PSK"; break; + case SSL_aSRP: + au="SRP"; + break; default: au="unknown"; break; diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h index 4d6e29dc42..1d90ddda53 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h @@ -311,6 +311,7 @@ #define SSL_aPSK 0x00000080L /* PSK auth */ #define SSL_aGOST94 0x00000100L /* GOST R 34.10-94 signature auth */ #define SSL_aGOST01 0x00000200L /* GOST R 34.10-2001 signature auth */ +#define SSL_aSRP 0x00000400L /* SRP auth */ /* Bits for algorithm_enc (symmetric encryption) */ -- 2.40.0