Add -srp option to ciphers command.

RT#4224 Reviewed-by: Richard Levitte <levitte@openssl.org>
7 years ago · 1480b8a9ec
parent bfcdd4d098
commit 1480b8a9ec
2 changed files with 31 additions and 6 deletions
--- a/apps/ciphers.c
+++ b/apps/ciphers.c
@ -70,6 +70,7 @@ typedef enum OPTION_choice {
    OPT_TLS1_1,
    OPT_TLS1_2,
    OPT_PSK,
+    OPT_SRP,
    OPT_V, OPT_UPPER_V, OPT_S
 } OPTION_CHOICE;

@ -95,6 +96,9 @@ OPTIONS ciphers_options[] = {
 #endif
 #ifndef OPENSSL_NO_PSK
    {"psk", OPT_PSK, '-', "include ciphersuites requiring PSK"},
+#endif
+#ifndef OPENSSL_NO_SRP
+    {"srp", OPT_SRP, '-', "include ciphersuites requiring SRP"},
 #endif
    {NULL}
 };
@ -108,6 +112,12 @@ static unsigned int dummy_psk(SSL *ssl, const char *hint, char *identity,
    return 0;
 }
 #endif
+#ifndef OPENSSL_NO_SRP
+static char *dummy_srp(SSL *ssl, void *arg)
+{
+    return "";
+}
+#endif

 int ciphers_main(int argc, char **argv)
 {
@ -121,6 +131,9 @@ int ciphers_main(int argc, char **argv)
 #endif
 #ifndef OPENSSL_NO_PSK
    int psk = 0;
+#endif
+#ifndef OPENSSL_NO_SRP
+    int srp = 0;
 #endif
    const char *p;
    char *ciphers = NULL, *prog;
@ -173,6 +186,10 @@ int ciphers_main(int argc, char **argv)
        case OPT_PSK:
 #ifndef OPENSSL_NO_PSK
            psk = 1;
+#endif
+        case OPT_SRP:
+#ifndef OPENSSL_NO_SRP
+            srp = 1;
 #endif
            break;
        }
@ -196,6 +213,10 @@ int ciphers_main(int argc, char **argv)
 #ifndef OPENSSL_NO_PSK
    if (psk)
        SSL_CTX_set_psk_client_callback(ctx, dummy_psk);
+#endif
+#ifndef OPENSSL_NO_SRP
+    if (srp)
+        SSL_CTX_set_srp_client_pwd_callback(ctx, dummy_srp);
 #endif
    if (ciphers != NULL) {
        if (!SSL_CTX_set_cipher_list(ctx, ciphers)) {
--- a/doc/apps/ciphers.pod
+++ b/doc/apps/ciphers.pod
@ -17,6 +17,7 @@ B<openssl> B<ciphers>
 [B<-tls1_2>]
 [B<-s>]
 [B<-psk>]
+[B<-srp>]
 [B<-stdname>]
 [B<cipherlist>]

@ -37,13 +38,12 @@ Print a usage message.
 =item B<-s>

 Only list supported ciphers: those consistent with the security level, and
-minimum and maximum protocol version.
-This is closer to the actual cipher list an application will support.
+minimum and maximum protocol version.  This is closer to the actual cipher list
+an application will support.
+
+PSK and SRP ciphers are not enabled by default: they require B<-psk> or B<-srp>
+to enable them.

-This program does not set up support for SRP and so SRP based ciphers will
-always be excluded when using this option.
-PSK ciphers are not enabled by default and it requires the B<-psk> to enable
-them.
 It also does not change the default list of supported signature algorithms.

 On a server the list of supported ciphers might also exclude other ciphers
@ -56,6 +56,10 @@ listed.

 When combined with B<-s> includes cipher suites which require PSK.

+=item B<-srp>
+
+When combined with B<-s> includes cipher suites which require SRP.
+
 =item B<-v>

 Verbose output: For each ciphersuite, list details as provided by