SRP ciphersuite correction.

SRP ciphersuites do not have no authentication. They have authentication
based on SRP. Add new SRP authentication flag and cipher string.

diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index ba791d2c7d1729c993593f8449af6e1696093609..3a82b4080218d5cb08526ab6e07a2e9f678bca1e 100644 (file)
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -2437,7 +2437,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        TLS1_TXT_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
        TLS1_CK_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
        SSL_kSRP,
-       SSL_aNULL,
+       SSL_aSRP,
        SSL_3DES,
        SSL_SHA1,
        SSL_TLSV1,
@@ -2485,7 +2485,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        TLS1_TXT_SRP_SHA_WITH_AES_128_CBC_SHA,
        TLS1_CK_SRP_SHA_WITH_AES_128_CBC_SHA,
        SSL_kSRP,
-       SSL_aNULL,
+       SSL_aSRP,
        SSL_AES128,
        SSL_SHA1,
        SSL_TLSV1,
@@ -2533,7 +2533,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        TLS1_TXT_SRP_SHA_WITH_AES_256_CBC_SHA,
        TLS1_CK_SRP_SHA_WITH_AES_256_CBC_SHA,
        SSL_kSRP,
-       SSL_aNULL,
+       SSL_aSRP,
        SSL_AES256,
        SSL_SHA1,
        SSL_TLSV1,

diff --git a/ssl/ssl.h b/ssl/ssl.h
index 950212f8675d8a0c9b73cf82f1d67eb00e8880ca..d5e737320612a4839ef105224d7ca7d5c379713e 100644 (file)
--- a/ssl/ssl.h
+++ b/ssl/ssl.h
@@ -266,6 +266,7 @@ extern "C" {
 #define SSL_TXT_aGOST94        "aGOST94"
 #define SSL_TXT_aGOST01 "aGOST01"
 #define SSL_TXT_aGOST  "aGOST"
+#define SSL_TXT_aSRP            "aSRP"
 
 #define        SSL_TXT_DSS             "DSS"
 #define SSL_TXT_DH             "DH"

diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c
index 91f1990c62b30f4212eb0bd1e66a8532423381a8..0f03b063e874c4c7fb12cd1772f51f69df19f276 100644 (file)
--- a/ssl/ssl_ciph.c
+++ b/ssl/ssl_ciph.c
@@ -272,6 +272,7 @@ static const SSL_CIPHER cipher_aliases[]={
        {0,SSL_TXT_aGOST94,0,0,SSL_aGOST94,0,0,0,0,0,0,0},
        {0,SSL_TXT_aGOST01,0,0,SSL_aGOST01,0,0,0,0,0,0,0},
        {0,SSL_TXT_aGOST,0,0,SSL_aGOST94|SSL_aGOST01,0,0,0,0,0,0,0},
+       {0,SSL_TXT_aSRP,0,    0,SSL_aSRP,  0,0,0,0,0,0,0},
 
        /* aliases combining key exchange and server authentication */
        {0,SSL_TXT_EDH,0,     SSL_kDHE,~SSL_aNULL,0,0,0,0,0,0,0},
@@ -1739,6 +1740,9 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
        case SSL_aPSK:
                au="PSK";
                break;
+       case SSL_aSRP:
+               au="SRP";
+               break;
        default:
                au="unknown";
                break;

diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
index 0f51594739a0080d1f980542f3028857406a4999..d564bc742d20a481789a9936909e3cf2ebac7ca3 100644 (file)
--- a/ssl/ssl_locl.h
+++ b/ssl/ssl_locl.h
@@ -313,6 +313,7 @@
 #define SSL_aPSK                0x00000080L /* PSK auth */
 #define SSL_aGOST94                            0x00000100L /* GOST R 34.10-94 signature auth */
 #define SSL_aGOST01                    0x00000200L /* GOST R 34.10-2001 signature auth */
+#define SSL_aSRP               0x00000400L /* SRP auth */
 
 
 /* Bits for algorithm_enc (symmetric encryption) */