[thirdparty/openssl.git] / apps / ciphers.c

/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
 * This library is free for commercial and non-commercial use as long as
 * the following conditions are aheared to.  The following conditions
 * apply to all code found in this distribution, be it the RC4, RSA,
 * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
 * included with this distribution is covered by the same copyright terms
 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
 *
 * Copyright remains Eric Young's, and as such any Copyright notices in
 * the code are not to be removed.
 * If this package is used in a product, Eric Young should be given attribution
 * as the author of the parts of the library used.
 * This can be in the form of a textual message at program startup or
 * in documentation (online or textual) provided with the package.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 * 3. All advertising materials mentioning features or use of this software
 *    must display the following acknowledgement:
 *    "This product includes cryptographic software written by
 *     Eric Young (eay@cryptsoft.com)"
 *    The word 'cryptographic' can be left out if the rouines from the library
 *    being used are not cryptographic related :-).
 * 4. If you include any Windows specific code (or a derivative thereof) from
 *    the apps directory (application code) you must include an acknowledgement:
 *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
 *
 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
 *
 * The licence and distribution terms for any publically available version or
 * derivative of this code cannot be changed.  i.e. this code cannot simply be
 * copied and put under another distribution licence
 * [including the GNU Public Licence.]
 */

#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include "apps.h"
#include <openssl/err.h>
#include <openssl/ssl.h>

typedef enum OPTION_choice {
    OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
    OPT_STDNAME,
    OPT_SSL3,
    OPT_TLS1,
    OPT_TLS1_1,
    OPT_TLS1_2,
    OPT_PSK,
    OPT_V, OPT_UPPER_V, OPT_S
} OPTION_CHOICE;

OPTIONS ciphers_options[] = {
    {"help", OPT_HELP, '-', "Display this summary"},
    {"v", OPT_V, '-', "Verbose listing of the SSL/TLS ciphers"},
    {"V", OPT_UPPER_V, '-', "Even more verbose"},
    {"s", OPT_S, '-', "Only supported ciphers"},
#ifndef OPENSSL_NO_SSL3
    {"ssl3", OPT_SSL3, '-', "SSL3 mode"},
#endif
#ifndef OPENSSL_NO_TLS1
    {"tls1", OPT_TLS1, '-', "TLS1 mode"},
#endif
#ifndef OPENSSL_NO_TLS1_1
    {"tls1_1", OPT_TLS1_1, '-', "TLS1.1 mode"},
#endif
#ifndef OPENSSL_NO_TLS1_2
    {"tls1_2", OPT_TLS1_2, '-', "TLS1.2 mode"},
#endif
#ifndef OPENSSL_NO_SSL_TRACE
    {"stdname", OPT_STDNAME, '-', "Show standard cipher names"},
#endif
#ifndef OPENSSL_NO_PSK
    {"psk", OPT_PSK, '-', "include ciphersuites requiring PSK"},
#endif
    {NULL}
};

#ifndef OPENSSL_NO_PSK
static unsigned int dummy_psk(SSL *ssl, const char *hint, char *identity,
                              unsigned int max_identity_len,
                              unsigned char *psk,
                              unsigned int max_psk_len)
{
    return 0;
}
#endif

int ciphers_main(int argc, char **argv)
{
    SSL_CTX *ctx = NULL;
    SSL *ssl = NULL;
    STACK_OF(SSL_CIPHER) *sk = NULL;
    const SSL_METHOD *meth = TLS_server_method();
    int ret = 1, i, verbose = 0, Verbose = 0, use_supported = 0;
#ifndef OPENSSL_NO_SSL_TRACE
    int stdname = 0;
#endif
#ifndef OPENSSL_NO_PSK
    int psk = 0;
#endif
    const char *p;
    char *ciphers = NULL, *prog;
    char buf[512];
    OPTION_CHOICE o;
    int min_version = 0, max_version = 0;

    prog = opt_init(argc, argv, ciphers_options);
    while ((o = opt_next()) != OPT_EOF) {
        switch (o) {
        case OPT_EOF:
        case OPT_ERR:
 opthelp:
            BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
            goto end;
        case OPT_HELP:
            opt_help(ciphers_options);
            ret = 0;
            goto end;
        case OPT_V:
            verbose = 1;
            break;
        case OPT_UPPER_V:
            verbose = Verbose = 1;
            break;
        case OPT_S:
            use_supported = 1;
            break;
        case OPT_STDNAME:
#ifndef OPENSSL_NO_SSL_TRACE
            stdname = verbose = 1;
#endif
            break;
        case OPT_SSL3:
            min_version = SSL3_VERSION;
            max_version = SSL3_VERSION;
            break;
        case OPT_TLS1:
            min_version = TLS1_VERSION;
            max_version = TLS1_VERSION;
            break;
        case OPT_TLS1_1:
            min_version = TLS1_1_VERSION;
            max_version = TLS1_1_VERSION;
            break;
        case OPT_TLS1_2:
            min_version = TLS1_2_VERSION;
            max_version = TLS1_2_VERSION;
            break;
        case OPT_PSK:
#ifndef OPENSSL_NO_PSK
            psk = 1;
#endif
            break;
        }
    }
    argv = opt_rest();
    argc = opt_num_rest();

    if (argc == 1)
        ciphers = *argv;
    else if (argc != 0)
        goto opthelp;

    ctx = SSL_CTX_new(meth);
    if (ctx == NULL)
        goto err;
    if (SSL_CTX_set_min_proto_version(ctx, min_version) == 0)
        goto err;
    if (SSL_CTX_set_max_proto_version(ctx, max_version) == 0)
        goto err;

#ifndef OPENSSL_NO_PSK
    if (psk)
        SSL_CTX_set_psk_client_callback(ctx, dummy_psk);
#endif
    if (ciphers != NULL) {
        if (!SSL_CTX_set_cipher_list(ctx, ciphers)) {
            BIO_printf(bio_err, "Error in cipher list\n");
            goto err;
        }
    }
    ssl = SSL_new(ctx);
    if (ssl == NULL)
        goto err;

    if (use_supported)
        sk = SSL_get1_supported_ciphers(ssl);
    else
        sk = SSL_get_ciphers(ssl);

    if (!verbose) {
        for (i = 0; i < sk_SSL_CIPHER_num(sk); i++) {
            const SSL_CIPHER *c = sk_SSL_CIPHER_value(sk, i);
            p = SSL_CIPHER_get_name(c);
            if (p == NULL)
                break;
            if (i != 0)
                BIO_printf(bio_out, ":");
            BIO_printf(bio_out, "%s", p);
        }
        BIO_printf(bio_out, "\n");
    } else {

        for (i = 0; i < sk_SSL_CIPHER_num(sk); i++) {
            const SSL_CIPHER *c;

            c = sk_SSL_CIPHER_value(sk, i);

            if (Verbose) {
                unsigned long id = SSL_CIPHER_get_id(c);
                int id0 = (int)(id >> 24);
                int id1 = (int)((id >> 16) & 0xffL);
                int id2 = (int)((id >> 8) & 0xffL);
                int id3 = (int)(id & 0xffL);

                if ((id & 0xff000000L) == 0x03000000L)
                    BIO_printf(bio_out, "          0x%02X,0x%02X - ", id2, id3); /* SSL3
                                                                                  * cipher */
                else
                    BIO_printf(bio_out, "0x%02X,0x%02X,0x%02X,0x%02X - ", id0, id1, id2, id3); /* whatever */
            }
#ifndef OPENSSL_NO_SSL_TRACE
            if (stdname) {
                const char *nm = SSL_CIPHER_standard_name(c);
                if (nm == NULL)
                    nm = "UNKNOWN";
                BIO_printf(bio_out, "%s - ", nm);
            }
#endif
            BIO_puts(bio_out, SSL_CIPHER_description(c, buf, sizeof buf));
        }
    }

    ret = 0;
    goto end;
 err:
    ERR_print_errors(bio_err);
 end:
    if (use_supported)
        sk_SSL_CIPHER_free(sk);
    SSL_CTX_free(ctx);
    SSL_free(ssl);
    return (ret);
}
Commit	Line	Data
58964a49	1	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
d02b48c6 RE	2	* All rights reserved.
	3	*
	4	* This package is an SSL implementation written
	5	* by Eric Young (eay@cryptsoft.com).
	6	* The implementation was written so as to conform with Netscapes SSL.
0f113f3e	7	*
d02b48c6 RE	8	* This library is free for commercial and non-commercial use as long as
	9	* the following conditions are aheared to. The following conditions
	10	* apply to all code found in this distribution, be it the RC4, RSA,
	11	* lhash, DES, etc., code; not just the SSL code. The SSL documentation
	12	* included with this distribution is covered by the same copyright terms
	13	* except that the holder is Tim Hudson (tjh@cryptsoft.com).
0f113f3e	14	*
d02b48c6 RE	15	* Copyright remains Eric Young's, and as such any Copyright notices in
	16	* the code are not to be removed.
	17	* If this package is used in a product, Eric Young should be given attribution
	18	* as the author of the parts of the library used.
	19	* This can be in the form of a textual message at program startup or
	20	* in documentation (online or textual) provided with the package.
0f113f3e	21	*
d02b48c6 RE	22	* Redistribution and use in source and binary forms, with or without
	23	* modification, are permitted provided that the following conditions
	24	* are met:
	25	* 1. Redistributions of source code must retain the copyright
	26	* notice, this list of conditions and the following disclaimer.
	27	* 2. Redistributions in binary form must reproduce the above copyright
	28	* notice, this list of conditions and the following disclaimer in the
	29	* documentation and/or other materials provided with the distribution.
	30	* 3. All advertising materials mentioning features or use of this software
	31	* must display the following acknowledgement:
	32	* "This product includes cryptographic software written by
	33	* Eric Young (eay@cryptsoft.com)"
	34	* The word 'cryptographic' can be left out if the rouines from the library
	35	* being used are not cryptographic related :-).
0f113f3e	36	* 4. If you include any Windows specific code (or a derivative thereof) from
d02b48c6 RE	37	* the apps directory (application code) you must include an acknowledgement:
d02b48c6 RE	38	* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
0f113f3e	39	*
d02b48c6 RE	40	* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
	41	* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
	42	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
	43	* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
	44	* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
	45	* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
	46	* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
	47	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
	48	* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
	49	* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
	50	* SUCH DAMAGE.
0f113f3e	51	*
d02b48c6 RE	52	* The licence and distribution terms for any publically available version or
	53	* derivative of this code cannot be changed. i.e. this code cannot simply be
	54	* copied and put under another distribution licence
	55	* [including the GNU Public Licence.]
	56	*/
	57
	58	#include <stdio.h>
	59	#include <stdlib.h>
	60	#include <string.h>
d02b48c6	61	#include "apps.h"
ec577822 BM	62	#include <openssl/err.h>
ec577822 BM	63	#include <openssl/ssl.h>
d02b48c6	64
7e1b7485 RS	65	typedef enum OPTION_choice {
7e1b7485 RS	66	OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
7e1b7485	67	OPT_STDNAME,
7e1b7485	68	OPT_SSL3,
7e1b7485	69	OPT_TLS1,
2a802c80 DSH	70	OPT_TLS1_1,
2a802c80 DSH	71	OPT_TLS1_2,
96509199	72	OPT_PSK,
7e1b7485 RS	73	OPT_V, OPT_UPPER_V, OPT_S
	74	} OPTION_CHOICE;
	75
	76	OPTIONS ciphers_options[] = {
	77	{"help", OPT_HELP, '-', "Display this summary"},
	78	{"v", OPT_V, '-', "Verbose listing of the SSL/TLS ciphers"},
	79	{"V", OPT_UPPER_V, '-', "Even more verbose"},
	80	{"s", OPT_S, '-', "Only supported ciphers"},
6b01bed2 VD	81	#ifndef OPENSSL_NO_SSL3
	82	{"ssl3", OPT_SSL3, '-', "SSL3 mode"},
	83	#endif
	84	#ifndef OPENSSL_NO_TLS1
9c3bcfa0	85	{"tls1", OPT_TLS1, '-', "TLS1 mode"},
6b01bed2 VD	86	#endif
6b01bed2 VD	87	#ifndef OPENSSL_NO_TLS1_1
2a802c80	88	{"tls1_1", OPT_TLS1_1, '-', "TLS1.1 mode"},
6b01bed2 VD	89	#endif
6b01bed2 VD	90	#ifndef OPENSSL_NO_TLS1_2
2a802c80	91	{"tls1_2", OPT_TLS1_2, '-', "TLS1.2 mode"},
6b01bed2	92	#endif
7e1b7485 RS	93	#ifndef OPENSSL_NO_SSL_TRACE
	94	{"stdname", OPT_STDNAME, '-', "Show standard cipher names"},
	95	#endif
96509199 DSH	96	#ifndef OPENSSL_NO_PSK
96509199 DSH	97	{"psk", OPT_PSK, '-', "include ciphersuites requiring PSK"},
7e1b7485	98	#endif
7e1b7485	99	{NULL}
d02b48c6 RE	100	};
d02b48c6 RE	101
73cd6175	102	#ifndef OPENSSL_NO_PSK
96509199 DSH	103	static unsigned int dummy_psk(SSL ssl, const char hint, char *identity,
	104	unsigned int max_identity_len,
	105	unsigned char *psk,
	106	unsigned int max_psk_len)
	107	{
	108	return 0;
	109	}
73cd6175	110	#endif
96509199	111
7e1b7485	112	int ciphers_main(int argc, char **argv)
0f113f3e	113	{
7e1b7485 RS	114	SSL_CTX *ctx = NULL;
	115	SSL *ssl = NULL;
	116	STACK_OF(SSL_CIPHER) *sk = NULL;
32ec4153	117	const SSL_METHOD *meth = TLS_server_method();
7e1b7485	118	int ret = 1, i, verbose = 0, Verbose = 0, use_supported = 0;
51b9115b	119	#ifndef OPENSSL_NO_SSL_TRACE
0f113f3e	120	int stdname = 0;
96509199 DSH	121	#endif
	122	#ifndef OPENSSL_NO_PSK
	123	int psk = 0;
51b9115b	124	#endif
0f113f3e	125	const char *p;
7e1b7485	126	char ciphers = NULL, prog;
0f113f3e	127	char buf[512];
7e1b7485	128	OPTION_CHOICE o;
0d5301af	129	int min_version = 0, max_version = 0;
7e1b7485 RS	130
	131	prog = opt_init(argc, argv, ciphers_options);
	132	while ((o = opt_next()) != OPT_EOF) {
	133	switch (o) {
	134	case OPT_EOF:
	135	case OPT_ERR:
	136	opthelp:
	137	BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
	138	goto end;
	139	case OPT_HELP:
	140	opt_help(ciphers_options);
	141	ret = 0;
	142	goto end;
	143	case OPT_V:
0f113f3e	144	verbose = 1;
7e1b7485 RS	145	break;
7e1b7485 RS	146	case OPT_UPPER_V:
0f113f3e	147	verbose = Verbose = 1;
7e1b7485 RS	148	break;
7e1b7485 RS	149	case OPT_S:
0f113f3e	150	use_supported = 1;
7e1b7485	151	break;
7e1b7485	152	case OPT_STDNAME:
9c3bcfa0	153	#ifndef OPENSSL_NO_SSL_TRACE
0f113f3e	154	stdname = verbose = 1;
51b9115b	155	#endif
9c3bcfa0	156	break;
7e1b7485	157	case OPT_SSL3:
0d5301af KR	158	min_version = SSL3_VERSION;
0d5301af KR	159	max_version = SSL3_VERSION;
9c3bcfa0	160	break;
7e1b7485	161	case OPT_TLS1:
0d5301af KR	162	min_version = TLS1_VERSION;
0d5301af KR	163	max_version = TLS1_VERSION;
0f113f3e	164	break;
2a802c80	165	case OPT_TLS1_1:
0d5301af KR	166	min_version = TLS1_1_VERSION;
0d5301af KR	167	max_version = TLS1_1_VERSION;
2a802c80 DSH	168	break;
2a802c80 DSH	169	case OPT_TLS1_2:
0d5301af KR	170	min_version = TLS1_2_VERSION;
0d5301af KR	171	max_version = TLS1_2_VERSION;
2a802c80	172	break;
96509199 DSH	173	case OPT_PSK:
	174	#ifndef OPENSSL_NO_PSK
	175	psk = 1;
	176	#endif
	177	break;
0f113f3e	178	}
0f113f3e	179	}
7e1b7485 RS	180	argv = opt_rest();
7e1b7485 RS	181	argc = opt_num_rest();
0f113f3e	182
7e1b7485 RS	183	if (argc == 1)
	184	ciphers = *argv;
	185	else if (argc != 0)
	186	goto opthelp;
0f113f3e MC	187
	188	ctx = SSL_CTX_new(meth);
	189	if (ctx == NULL)
	190	goto err;
0d5301af KR	191	if (SSL_CTX_set_min_proto_version(ctx, min_version) == 0)
	192	goto err;
	193	if (SSL_CTX_set_max_proto_version(ctx, max_version) == 0)
	194	goto err;
	195
96509199 DSH	196	#ifndef OPENSSL_NO_PSK
	197	if (psk)
	198	SSL_CTX_set_psk_client_callback(ctx, dummy_psk);
	199	#endif
0f113f3e MC	200	if (ciphers != NULL) {
	201	if (!SSL_CTX_set_cipher_list(ctx, ciphers)) {
	202	BIO_printf(bio_err, "Error in cipher list\n");
	203	goto err;
	204	}
	205	}
	206	ssl = SSL_new(ctx);
	207	if (ssl == NULL)
	208	goto err;
	209
	210	if (use_supported)
	211	sk = SSL_get1_supported_ciphers(ssl);
	212	else
	213	sk = SSL_get_ciphers(ssl);
	214
	215	if (!verbose) {
	216	for (i = 0; i < sk_SSL_CIPHER_num(sk); i++) {
4a640fb6	217	const SSL_CIPHER *c = sk_SSL_CIPHER_value(sk, i);
0f113f3e MC	218	p = SSL_CIPHER_get_name(c);
	219	if (p == NULL)
	220	break;
	221	if (i != 0)
7e1b7485 RS	222	BIO_printf(bio_out, ":");
7e1b7485 RS	223	BIO_printf(bio_out, "%s", p);
0f113f3e	224	}
7e1b7485 RS	225	BIO_printf(bio_out, "\n");
7e1b7485 RS	226	} else {
0f113f3e MC	227
0f113f3e MC	228	for (i = 0; i < sk_SSL_CIPHER_num(sk); i++) {
4a640fb6	229	const SSL_CIPHER *c;
0f113f3e MC	230
	231	c = sk_SSL_CIPHER_value(sk, i);
	232
	233	if (Verbose) {
	234	unsigned long id = SSL_CIPHER_get_id(c);
	235	int id0 = (int)(id >> 24);
	236	int id1 = (int)((id >> 16) & 0xffL);
	237	int id2 = (int)((id >> 8) & 0xffL);
	238	int id3 = (int)(id & 0xffL);
	239
7e1b7485 RS	240	if ((id & 0xff000000L) == 0x03000000L)
	241	BIO_printf(bio_out, " 0x%02X,0x%02X - ", id2, id3); /* SSL3
	242	* cipher */
	243	else
	244	BIO_printf(bio_out, "0x%02X,0x%02X,0x%02X,0x%02X - ", id0, id1, id2, id3); /* whatever */
0f113f3e	245	}
51b9115b	246	#ifndef OPENSSL_NO_SSL_TRACE
0f113f3e MC	247	if (stdname) {
	248	const char *nm = SSL_CIPHER_standard_name(c);
	249	if (nm == NULL)
	250	nm = "UNKNOWN";
7e1b7485	251	BIO_printf(bio_out, "%s - ", nm);
0f113f3e	252	}
51b9115b	253	#endif
7e1b7485	254	BIO_puts(bio_out, SSL_CIPHER_description(c, buf, sizeof buf));
0f113f3e MC	255	}
	256	}
	257
	258	ret = 0;
7e1b7485	259	goto end;
0f113f3e	260	err:
7e1b7485	261	ERR_print_errors(bio_err);
0f113f3e	262	end:
25aaa98a	263	if (use_supported)
0f113f3e	264	sk_SSL_CIPHER_free(sk);
62adbcee RS	265	SSL_CTX_free(ctx);
62adbcee RS	266	SSL_free(ssl);
7e1b7485	267	return (ret);
0f113f3e	268	}