From 18c7f2fce8a82b13506cac7ca69fc333baf76408 Mon Sep 17 00:00:00 2001
From: "Dr. Stephen Henson" <steve@openssl.org>
Date: Mon, 9 Jun 2014 12:03:12 +0100
Subject: [PATCH] SRP ciphersuite correction.

SRP ciphersuites do not have no authentication. They have authentication
based on SRP. Add new SRP authentication flag and cipher string.
(cherry picked from commit a86b88acc373ac1fb0ca709a5fb8a8fa74683f67)
---
 ssl/s3_lib.c   | 6 +++---
 ssl/ssl.h      | 1 +
 ssl/ssl_ciph.c | 4 ++++
 ssl/ssl_locl.h | 1 +
 4 files changed, 9 insertions(+), 3 deletions(-)

diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index 36dd1f6..4835bef 100644
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -2426,7 +2426,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
 	TLS1_TXT_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
 	TLS1_CK_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
 	SSL_kSRP,
-	SSL_aNULL,
+	SSL_aSRP,
 	SSL_3DES,
 	SSL_SHA1,
 	SSL_TLSV1,
@@ -2474,7 +2474,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
 	TLS1_TXT_SRP_SHA_WITH_AES_128_CBC_SHA,
 	TLS1_CK_SRP_SHA_WITH_AES_128_CBC_SHA,
 	SSL_kSRP,
-	SSL_aNULL,
+	SSL_aSRP,
 	SSL_AES128,
 	SSL_SHA1,
 	SSL_TLSV1,
@@ -2522,7 +2522,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
 	TLS1_TXT_SRP_SHA_WITH_AES_256_CBC_SHA,
 	TLS1_CK_SRP_SHA_WITH_AES_256_CBC_SHA,
 	SSL_kSRP,
-	SSL_aNULL,
+	SSL_aSRP,
 	SSL_AES256,
 	SSL_SHA1,
 	SSL_TLSV1,
diff --git a/ssl/ssl.h b/ssl/ssl.h
index 4c1242c..a9b15d4 100644
--- a/ssl/ssl.h
+++ b/ssl/ssl.h
@@ -264,6 +264,7 @@ extern "C" {
 #define SSL_TXT_aGOST94	"aGOST94"
 #define SSL_TXT_aGOST01 "aGOST01"
 #define SSL_TXT_aGOST  "aGOST"
+#define SSL_TXT_aSRP            "aSRP"
 
 #define	SSL_TXT_DSS		"DSS"
 #define SSL_TXT_DH		"DH"
diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c
index 0aba8e0..06da26a 100644
--- a/ssl/ssl_ciph.c
+++ b/ssl/ssl_ciph.c
@@ -270,6 +270,7 @@ static const SSL_CIPHER cipher_aliases[]={
 	{0,SSL_TXT_aGOST94,0,0,SSL_aGOST94,0,0,0,0,0,0,0},
 	{0,SSL_TXT_aGOST01,0,0,SSL_aGOST01,0,0,0,0,0,0,0},
 	{0,SSL_TXT_aGOST,0,0,SSL_aGOST94|SSL_aGOST01,0,0,0,0,0,0,0},
+	{0,SSL_TXT_aSRP,0,    0,SSL_aSRP,  0,0,0,0,0,0,0},
 
 	/* aliases combining key exchange and server authentication */
 	{0,SSL_TXT_EDH,0,     SSL_kEDH,~SSL_aNULL,0,0,0,0,0,0,0},
@@ -1628,6 +1629,9 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
 	case SSL_aPSK:
 		au="PSK";
 		break;
+	case SSL_aSRP:
+		au="SRP";
+		break;
 	default:
 		au="unknown";
 		break;
diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
index e485907..eb4d8f2 100644
--- a/ssl/ssl_locl.h
+++ b/ssl/ssl_locl.h
@@ -311,6 +311,7 @@
 #define SSL_aPSK                0x00000080L /* PSK auth */
 #define SSL_aGOST94				0x00000100L /* GOST R 34.10-94 signature auth */
 #define SSL_aGOST01 			0x00000200L /* GOST R 34.10-2001 signature auth */
+#define SSL_aSRP 		0x00000400L /* SRP auth */
 
 
 /* Bits for algorithm_enc (symmetric encryption) */
-- 
2.0.1