generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

SRP ciphersuite correction.

Browse Source 
SRP ciphersuites do not have no authentication. They have authentication
based on SRP. Add new SRP authentication flag and cipher string.
This commit is contained in:
Dr. Stephen Henson
2014-06-09 12:03:12 +01:00
parent 1bea384fd5
commit 447280ca7b
4 changed files with 9 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
ssl/s3_lib.c
View File

@@ -2437,7 +2437,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
TLS1_TXT_SRP_SHA_WITH_3DES_EDE_CBC_SHA, TLS1_TXT_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
TLS1_CK_SRP_SHA_WITH_3DES_EDE_CBC_SHA, TLS1_CK_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
SSL_kSRP, SSL_kSRP,
SSL_aNULL, SSL_aSRP,
SSL_3DES, SSL_3DES,
SSL_SHA1, SSL_SHA1,
SSL_TLSV1, SSL_TLSV1,
@@ -2485,7 +2485,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
TLS1_TXT_SRP_SHA_WITH_AES_128_CBC_SHA, TLS1_TXT_SRP_SHA_WITH_AES_128_CBC_SHA,
TLS1_CK_SRP_SHA_WITH_AES_128_CBC_SHA, TLS1_CK_SRP_SHA_WITH_AES_128_CBC_SHA,
SSL_kSRP, SSL_kSRP,
SSL_aNULL, SSL_aSRP,
SSL_AES128, SSL_AES128,
SSL_SHA1, SSL_SHA1,
SSL_TLSV1, SSL_TLSV1,
@@ -2533,7 +2533,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
TLS1_TXT_SRP_SHA_WITH_AES_256_CBC_SHA, TLS1_TXT_SRP_SHA_WITH_AES_256_CBC_SHA,
TLS1_CK_SRP_SHA_WITH_AES_256_CBC_SHA, TLS1_CK_SRP_SHA_WITH_AES_256_CBC_SHA,
SSL_kSRP, SSL_kSRP,
SSL_aNULL, SSL_aSRP,
SSL_AES256, SSL_AES256,
SSL_SHA1, SSL_SHA1,
SSL_TLSV1, SSL_TLSV1,

1
ssl/ssl.h
View File

@@ -266,6 +266,7 @@ extern "C" {
#define SSL_TXT_aGOST94 "aGOST94" #define SSL_TXT_aGOST94 "aGOST94"
#define SSL_TXT_aGOST01 "aGOST01" #define SSL_TXT_aGOST01 "aGOST01"
#define SSL_TXT_aGOST "aGOST" #define SSL_TXT_aGOST "aGOST"
#define SSL_TXT_aSRP "aSRP"
#define SSL_TXT_DSS "DSS" #define SSL_TXT_DSS "DSS"
#define SSL_TXT_DH "DH" #define SSL_TXT_DH "DH"

4
ssl/ssl_ciph.c
View File

@@ -272,6 +272,7 @@ static const SSL_CIPHER cipher_aliases[]={
{0,SSL_TXT_aGOST94,0,0,SSL_aGOST94,0,0,0,0,0,0,0}, {0,SSL_TXT_aGOST94,0,0,SSL_aGOST94,0,0,0,0,0,0,0},
{0,SSL_TXT_aGOST01,0,0,SSL_aGOST01,0,0,0,0,0,0,0}, {0,SSL_TXT_aGOST01,0,0,SSL_aGOST01,0,0,0,0,0,0,0},
{0,SSL_TXT_aGOST,0,0,SSL_aGOST94|SSL_aGOST01,0,0,0,0,0,0,0}, {0,SSL_TXT_aGOST,0,0,SSL_aGOST94|SSL_aGOST01,0,0,0,0,0,0,0},
{0,SSL_TXT_aSRP,0, 0,SSL_aSRP, 0,0,0,0,0,0,0},
/* aliases combining key exchange and server authentication */ /* aliases combining key exchange and server authentication */
{0,SSL_TXT_EDH,0, SSL_kDHE,~SSL_aNULL,0,0,0,0,0,0,0}, {0,SSL_TXT_EDH,0, SSL_kDHE,~SSL_aNULL,0,0,0,0,0,0,0},
@@ -1739,6 +1740,9 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
case SSL_aPSK: case SSL_aPSK:
au="PSK"; au="PSK";
break; break;
case SSL_aSRP:
au="SRP";
break;
default: default:
au="unknown"; au="unknown";
break; break;

1
ssl/ssl_locl.h
View File

@@ -313,6 +313,7 @@
#define SSL_aPSK 0x00000080L /* PSK auth */ #define SSL_aPSK 0x00000080L /* PSK auth */
#define SSL_aGOST94 0x00000100L /* GOST R 34.10-94 signature auth */ #define SSL_aGOST94 0x00000100L /* GOST R 34.10-94 signature auth */
#define SSL_aGOST01 0x00000200L /* GOST R 34.10-2001 signature auth */ #define SSL_aGOST01 0x00000200L /* GOST R 34.10-2001 signature auth */
#define SSL_aSRP 0x00000400L /* SRP auth */
/* Bits for algorithm_enc (symmetric encryption) */ /* Bits for algorithm_enc (symmetric encryption) */