From 1480b8a9ec3a75220da11dbbb336f3c03aa91053 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Tue, 10 May 2016 22:13:03 +0100 Subject: [PATCH] Add -srp option to ciphers command. RT#4224 Reviewed-by: Richard Levitte --- apps/ciphers.c | 21 +++++++++++++++++++++ doc/apps/ciphers.pod | 16 ++++++++++------ 2 files changed, 31 insertions(+), 6 deletions(-) diff --git a/apps/ciphers.c b/apps/ciphers.c index 924c0153b3..44f4216363 100644 --- a/apps/ciphers.c +++ b/apps/ciphers.c @@ -70,6 +70,7 @@ typedef enum OPTION_choice { OPT_TLS1_1, OPT_TLS1_2, OPT_PSK, + OPT_SRP, OPT_V, OPT_UPPER_V, OPT_S } OPTION_CHOICE; @@ -95,6 +96,9 @@ OPTIONS ciphers_options[] = { #endif #ifndef OPENSSL_NO_PSK {"psk", OPT_PSK, '-', "include ciphersuites requiring PSK"}, +#endif +#ifndef OPENSSL_NO_SRP + {"srp", OPT_SRP, '-', "include ciphersuites requiring SRP"}, #endif {NULL} }; @@ -108,6 +112,12 @@ static unsigned int dummy_psk(SSL *ssl, const char *hint, char *identity, return 0; } #endif +#ifndef OPENSSL_NO_SRP +static char *dummy_srp(SSL *ssl, void *arg) +{ + return ""; +} +#endif int ciphers_main(int argc, char **argv) { @@ -121,6 +131,9 @@ int ciphers_main(int argc, char **argv) #endif #ifndef OPENSSL_NO_PSK int psk = 0; +#endif +#ifndef OPENSSL_NO_SRP + int srp = 0; #endif const char *p; char *ciphers = NULL, *prog; @@ -173,6 +186,10 @@ int ciphers_main(int argc, char **argv) case OPT_PSK: #ifndef OPENSSL_NO_PSK psk = 1; +#endif + case OPT_SRP: +#ifndef OPENSSL_NO_SRP + srp = 1; #endif break; } @@ -196,6 +213,10 @@ int ciphers_main(int argc, char **argv) #ifndef OPENSSL_NO_PSK if (psk) SSL_CTX_set_psk_client_callback(ctx, dummy_psk); +#endif +#ifndef OPENSSL_NO_SRP + if (srp) + SSL_CTX_set_srp_client_pwd_callback(ctx, dummy_srp); #endif if (ciphers != NULL) { if (!SSL_CTX_set_cipher_list(ctx, ciphers)) { diff --git a/doc/apps/ciphers.pod b/doc/apps/ciphers.pod index 9788fa31f0..f1d0656446 100644 --- a/doc/apps/ciphers.pod +++ b/doc/apps/ciphers.pod @@ -17,6 +17,7 @@ B B [B<-tls1_2>] [B<-s>] [B<-psk>] +[B<-srp>] [B<-stdname>] [B] @@ -37,13 +38,12 @@ Print a usage message. =item B<-s> Only list supported ciphers: those consistent with the security level, and -minimum and maximum protocol version. -This is closer to the actual cipher list an application will support. +minimum and maximum protocol version. This is closer to the actual cipher list +an application will support. + +PSK and SRP ciphers are not enabled by default: they require B<-psk> or B<-srp> +to enable them. -This program does not set up support for SRP and so SRP based ciphers will -always be excluded when using this option. -PSK ciphers are not enabled by default and it requires the B<-psk> to enable -them. It also does not change the default list of supported signature algorithms. On a server the list of supported ciphers might also exclude other ciphers @@ -56,6 +56,10 @@ listed. When combined with B<-s> includes cipher suites which require PSK. +=item B<-srp> + +When combined with B<-s> includes cipher suites which require SRP. + =item B<-v> Verbose output: For each ciphersuite, list details as provided by -- 2.25.1