[openssl-commits] [openssl] master update

Dr. Stephen Henson steve at openssl.org
Tue May 10 21:54:14 UTC 2016 

The branch master has been updated
       via  9b5164ce7788d6985b005e410bb7b53bd553c99e (commit)
       via  1480b8a9ec3a75220da11dbbb336f3c03aa91053 (commit)
      from  bfcdd4d098d12aa621fc5fc92030423f8df053ab (commit)


- Log -----------------------------------------------------------------
commit 9b5164ce7788d6985b005e410bb7b53bd553c99e
Author: Dr. Stephen Henson <steve at openssl.org>
Date:   Tue May 10 20:49:50 2016 +0100

    Add a couple of checks to prime app.
    
    RT#4402
    
    Reviewed-by: Richard Levitte <levitte at openssl.org>

commit 1480b8a9ec3a75220da11dbbb336f3c03aa91053
Author: Dr. Stephen Henson <steve at openssl.org>
Date:   Tue May 10 22:13:03 2016 +0100

    Add -srp option to ciphers command.
    
    RT#4224
    
    Reviewed-by: Richard Levitte <levitte at openssl.org>

-----------------------------------------------------------------------

Summary of changes:
 apps/ciphers.c       | 21 +++++++++++++++++++++
 apps/prime.c         |  8 ++++++++
 doc/apps/ciphers.pod | 16 ++++++++++------
 3 files changed, 39 insertions(+), 6 deletions(-)

diff --git a/apps/ciphers.c b/apps/ciphers.c
index 924c015..44f4216 100644
--- a/apps/ciphers.c
+++ b/apps/ciphers.c
@@ -70,6 +70,7 @@ typedef enum OPTION_choice {
     OPT_TLS1_1,
     OPT_TLS1_2,
     OPT_PSK,
+    OPT_SRP,
     OPT_V, OPT_UPPER_V, OPT_S
 } OPTION_CHOICE;
 
@@ -96,6 +97,9 @@ OPTIONS ciphers_options[] = {
 #ifndef OPENSSL_NO_PSK
     {"psk", OPT_PSK, '-', "include ciphersuites requiring PSK"},
 #endif
+#ifndef OPENSSL_NO_SRP
+    {"srp", OPT_SRP, '-', "include ciphersuites requiring SRP"},
+#endif
     {NULL}
 };
 
@@ -108,6 +112,12 @@ static unsigned int dummy_psk(SSL *ssl, const char *hint, char *identity,
     return 0;
 }
 #endif
+#ifndef OPENSSL_NO_SRP
+static char *dummy_srp(SSL *ssl, void *arg)
+{
+    return "";
+}
+#endif
 
 int ciphers_main(int argc, char **argv)
 {
@@ -122,6 +132,9 @@ int ciphers_main(int argc, char **argv)
 #ifndef OPENSSL_NO_PSK
     int psk = 0;
 #endif
+#ifndef OPENSSL_NO_SRP
+    int srp = 0;
+#endif
     const char *p;
     char *ciphers = NULL, *prog;
     char buf[512];
@@ -174,6 +187,10 @@ int ciphers_main(int argc, char **argv)
 #ifndef OPENSSL_NO_PSK
             psk = 1;
 #endif
+        case OPT_SRP:
+#ifndef OPENSSL_NO_SRP
+            srp = 1;
+#endif
             break;
         }
     }
@@ -197,6 +214,10 @@ int ciphers_main(int argc, char **argv)
     if (psk)
         SSL_CTX_set_psk_client_callback(ctx, dummy_psk);
 #endif
+#ifndef OPENSSL_NO_SRP
+    if (srp)
+        SSL_CTX_set_srp_client_pwd_callback(ctx, dummy_srp);
+#endif
     if (ciphers != NULL) {
         if (!SSL_CTX_set_cipher_list(ctx, ciphers)) {
             BIO_printf(bio_err, "Error in cipher list\n");
diff --git a/apps/prime.c b/apps/prime.c
index 3cbf98d..072421e 100644
--- a/apps/prime.c
+++ b/apps/prime.c
@@ -122,11 +122,19 @@ int prime_main(int argc, char **argv)
             goto end;
         }
         bn = BN_new();
+        if (bn == NULL) {
+            BIO_printf(bio_err, "Out of memory.\n");
+            goto end;
+        }
         if (!BN_generate_prime_ex(bn, bits, safe, NULL, NULL, NULL)) {
             BIO_printf(bio_err, "Failed to generate prime.\n");
             goto end;
         }
         s = hex ? BN_bn2hex(bn) : BN_bn2dec(bn);
+        if (s == NULL) {
+            BIO_printf(bio_err, "Out of memory.\n");
+            goto end;
+        }
         BIO_printf(bio_out, "%s\n", s);
         OPENSSL_free(s);
     } else {
diff --git a/doc/apps/ciphers.pod b/doc/apps/ciphers.pod
index 9788fa3..f1d0656 100644
--- a/doc/apps/ciphers.pod
+++ b/doc/apps/ciphers.pod
@@ -17,6 +17,7 @@ B<openssl> B<ciphers>
 [B<-tls1_2>]
 [B<-s>]
 [B<-psk>]
+[B<-srp>]
 [B<-stdname>]
 [B<cipherlist>]
 
@@ -37,13 +38,12 @@ Print a usage message.
 =item B<-s>
 
 Only list supported ciphers: those consistent with the security level, and
-minimum and maximum protocol version.
-This is closer to the actual cipher list an application will support.
+minimum and maximum protocol version.  This is closer to the actual cipher list
+an application will support.
+
+PSK and SRP ciphers are not enabled by default: they require B<-psk> or B<-srp>
+to enable them.
 
-This program does not set up support for SRP and so SRP based ciphers will
-always be excluded when using this option.
-PSK ciphers are not enabled by default and it requires the B<-psk> to enable
-them.
 It also does not change the default list of supported signature algorithms.
 
 On a server the list of supported ciphers might also exclude other ciphers
@@ -56,6 +56,10 @@ listed.
 
 When combined with B<-s> includes cipher suites which require PSK.
 
+=item B<-srp>
+
+When combined with B<-s> includes cipher suites which require SRP.
+
 =item B<-v>
 
 Verbose output: For each ciphersuite, list details as provided by

More information about the openssl-commits mailing list