]>
Commit | Line | Data |
---|---|---|
58964a49 | 1 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
d02b48c6 RE |
2 | * All rights reserved. |
3 | * | |
4 | * This package is an SSL implementation written | |
5 | * by Eric Young (eay@cryptsoft.com). | |
6 | * The implementation was written so as to conform with Netscapes SSL. | |
0f113f3e | 7 | * |
d02b48c6 RE |
8 | * This library is free for commercial and non-commercial use as long as |
9 | * the following conditions are aheared to. The following conditions | |
10 | * apply to all code found in this distribution, be it the RC4, RSA, | |
11 | * lhash, DES, etc., code; not just the SSL code. The SSL documentation | |
12 | * included with this distribution is covered by the same copyright terms | |
13 | * except that the holder is Tim Hudson (tjh@cryptsoft.com). | |
0f113f3e | 14 | * |
d02b48c6 RE |
15 | * Copyright remains Eric Young's, and as such any Copyright notices in |
16 | * the code are not to be removed. | |
17 | * If this package is used in a product, Eric Young should be given attribution | |
18 | * as the author of the parts of the library used. | |
19 | * This can be in the form of a textual message at program startup or | |
20 | * in documentation (online or textual) provided with the package. | |
0f113f3e | 21 | * |
d02b48c6 RE |
22 | * Redistribution and use in source and binary forms, with or without |
23 | * modification, are permitted provided that the following conditions | |
24 | * are met: | |
25 | * 1. Redistributions of source code must retain the copyright | |
26 | * notice, this list of conditions and the following disclaimer. | |
27 | * 2. Redistributions in binary form must reproduce the above copyright | |
28 | * notice, this list of conditions and the following disclaimer in the | |
29 | * documentation and/or other materials provided with the distribution. | |
30 | * 3. All advertising materials mentioning features or use of this software | |
31 | * must display the following acknowledgement: | |
32 | * "This product includes cryptographic software written by | |
33 | * Eric Young (eay@cryptsoft.com)" | |
34 | * The word 'cryptographic' can be left out if the rouines from the library | |
35 | * being used are not cryptographic related :-). | |
0f113f3e | 36 | * 4. If you include any Windows specific code (or a derivative thereof) from |
d02b48c6 RE |
37 | * the apps directory (application code) you must include an acknowledgement: |
38 | * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" | |
0f113f3e | 39 | * |
d02b48c6 RE |
40 | * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND |
41 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | |
42 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | |
43 | * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE | |
44 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | |
45 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | |
46 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |
47 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | |
48 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | |
49 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | |
50 | * SUCH DAMAGE. | |
0f113f3e | 51 | * |
d02b48c6 RE |
52 | * The licence and distribution terms for any publically available version or |
53 | * derivative of this code cannot be changed. i.e. this code cannot simply be | |
54 | * copied and put under another distribution licence | |
55 | * [including the GNU Public Licence.] | |
56 | */ | |
57 | ||
58 | #include <stdio.h> | |
59 | #include <stdlib.h> | |
60 | #include <string.h> | |
d02b48c6 | 61 | #include "apps.h" |
ec577822 BM |
62 | #include <openssl/err.h> |
63 | #include <openssl/ssl.h> | |
d02b48c6 | 64 | |
7e1b7485 RS |
65 | typedef enum OPTION_choice { |
66 | OPT_ERR = -1, OPT_EOF = 0, OPT_HELP, | |
7e1b7485 | 67 | OPT_STDNAME, |
7e1b7485 | 68 | OPT_SSL3, |
7e1b7485 | 69 | OPT_TLS1, |
2a802c80 DSH |
70 | OPT_TLS1_1, |
71 | OPT_TLS1_2, | |
96509199 | 72 | OPT_PSK, |
7e1b7485 RS |
73 | OPT_V, OPT_UPPER_V, OPT_S |
74 | } OPTION_CHOICE; | |
75 | ||
76 | OPTIONS ciphers_options[] = { | |
77 | {"help", OPT_HELP, '-', "Display this summary"}, | |
78 | {"v", OPT_V, '-', "Verbose listing of the SSL/TLS ciphers"}, | |
79 | {"V", OPT_UPPER_V, '-', "Even more verbose"}, | |
80 | {"s", OPT_S, '-', "Only supported ciphers"}, | |
6b01bed2 VD |
81 | #ifndef OPENSSL_NO_SSL3 |
82 | {"ssl3", OPT_SSL3, '-', "SSL3 mode"}, | |
83 | #endif | |
84 | #ifndef OPENSSL_NO_TLS1 | |
9c3bcfa0 | 85 | {"tls1", OPT_TLS1, '-', "TLS1 mode"}, |
6b01bed2 VD |
86 | #endif |
87 | #ifndef OPENSSL_NO_TLS1_1 | |
2a802c80 | 88 | {"tls1_1", OPT_TLS1_1, '-', "TLS1.1 mode"}, |
6b01bed2 VD |
89 | #endif |
90 | #ifndef OPENSSL_NO_TLS1_2 | |
2a802c80 | 91 | {"tls1_2", OPT_TLS1_2, '-', "TLS1.2 mode"}, |
6b01bed2 | 92 | #endif |
7e1b7485 RS |
93 | #ifndef OPENSSL_NO_SSL_TRACE |
94 | {"stdname", OPT_STDNAME, '-', "Show standard cipher names"}, | |
95 | #endif | |
96509199 DSH |
96 | #ifndef OPENSSL_NO_PSK |
97 | {"psk", OPT_PSK, '-', "include ciphersuites requiring PSK"}, | |
7e1b7485 | 98 | #endif |
7e1b7485 | 99 | {NULL} |
d02b48c6 RE |
100 | }; |
101 | ||
73cd6175 | 102 | #ifndef OPENSSL_NO_PSK |
96509199 DSH |
103 | static unsigned int dummy_psk(SSL *ssl, const char *hint, char *identity, |
104 | unsigned int max_identity_len, | |
105 | unsigned char *psk, | |
106 | unsigned int max_psk_len) | |
107 | { | |
108 | return 0; | |
109 | } | |
73cd6175 | 110 | #endif |
96509199 | 111 | |
7e1b7485 | 112 | int ciphers_main(int argc, char **argv) |
0f113f3e | 113 | { |
7e1b7485 RS |
114 | SSL_CTX *ctx = NULL; |
115 | SSL *ssl = NULL; | |
116 | STACK_OF(SSL_CIPHER) *sk = NULL; | |
32ec4153 | 117 | const SSL_METHOD *meth = TLS_server_method(); |
7e1b7485 | 118 | int ret = 1, i, verbose = 0, Verbose = 0, use_supported = 0; |
51b9115b | 119 | #ifndef OPENSSL_NO_SSL_TRACE |
0f113f3e | 120 | int stdname = 0; |
96509199 DSH |
121 | #endif |
122 | #ifndef OPENSSL_NO_PSK | |
123 | int psk = 0; | |
51b9115b | 124 | #endif |
0f113f3e | 125 | const char *p; |
7e1b7485 | 126 | char *ciphers = NULL, *prog; |
0f113f3e | 127 | char buf[512]; |
7e1b7485 | 128 | OPTION_CHOICE o; |
0d5301af | 129 | int min_version = 0, max_version = 0; |
7e1b7485 RS |
130 | |
131 | prog = opt_init(argc, argv, ciphers_options); | |
132 | while ((o = opt_next()) != OPT_EOF) { | |
133 | switch (o) { | |
134 | case OPT_EOF: | |
135 | case OPT_ERR: | |
136 | opthelp: | |
137 | BIO_printf(bio_err, "%s: Use -help for summary.\n", prog); | |
138 | goto end; | |
139 | case OPT_HELP: | |
140 | opt_help(ciphers_options); | |
141 | ret = 0; | |
142 | goto end; | |
143 | case OPT_V: | |
0f113f3e | 144 | verbose = 1; |
7e1b7485 RS |
145 | break; |
146 | case OPT_UPPER_V: | |
0f113f3e | 147 | verbose = Verbose = 1; |
7e1b7485 RS |
148 | break; |
149 | case OPT_S: | |
0f113f3e | 150 | use_supported = 1; |
7e1b7485 | 151 | break; |
7e1b7485 | 152 | case OPT_STDNAME: |
9c3bcfa0 | 153 | #ifndef OPENSSL_NO_SSL_TRACE |
0f113f3e | 154 | stdname = verbose = 1; |
51b9115b | 155 | #endif |
9c3bcfa0 | 156 | break; |
7e1b7485 | 157 | case OPT_SSL3: |
0d5301af KR |
158 | min_version = SSL3_VERSION; |
159 | max_version = SSL3_VERSION; | |
9c3bcfa0 | 160 | break; |
7e1b7485 | 161 | case OPT_TLS1: |
0d5301af KR |
162 | min_version = TLS1_VERSION; |
163 | max_version = TLS1_VERSION; | |
0f113f3e | 164 | break; |
2a802c80 | 165 | case OPT_TLS1_1: |
0d5301af KR |
166 | min_version = TLS1_1_VERSION; |
167 | max_version = TLS1_1_VERSION; | |
2a802c80 DSH |
168 | break; |
169 | case OPT_TLS1_2: | |
0d5301af KR |
170 | min_version = TLS1_2_VERSION; |
171 | max_version = TLS1_2_VERSION; | |
2a802c80 | 172 | break; |
96509199 DSH |
173 | case OPT_PSK: |
174 | #ifndef OPENSSL_NO_PSK | |
175 | psk = 1; | |
176 | #endif | |
177 | break; | |
0f113f3e | 178 | } |
0f113f3e | 179 | } |
7e1b7485 RS |
180 | argv = opt_rest(); |
181 | argc = opt_num_rest(); | |
0f113f3e | 182 | |
7e1b7485 RS |
183 | if (argc == 1) |
184 | ciphers = *argv; | |
185 | else if (argc != 0) | |
186 | goto opthelp; | |
0f113f3e MC |
187 | |
188 | ctx = SSL_CTX_new(meth); | |
189 | if (ctx == NULL) | |
190 | goto err; | |
0d5301af KR |
191 | if (SSL_CTX_set_min_proto_version(ctx, min_version) == 0) |
192 | goto err; | |
193 | if (SSL_CTX_set_max_proto_version(ctx, max_version) == 0) | |
194 | goto err; | |
195 | ||
96509199 DSH |
196 | #ifndef OPENSSL_NO_PSK |
197 | if (psk) | |
198 | SSL_CTX_set_psk_client_callback(ctx, dummy_psk); | |
199 | #endif | |
0f113f3e MC |
200 | if (ciphers != NULL) { |
201 | if (!SSL_CTX_set_cipher_list(ctx, ciphers)) { | |
202 | BIO_printf(bio_err, "Error in cipher list\n"); | |
203 | goto err; | |
204 | } | |
205 | } | |
206 | ssl = SSL_new(ctx); | |
207 | if (ssl == NULL) | |
208 | goto err; | |
209 | ||
210 | if (use_supported) | |
211 | sk = SSL_get1_supported_ciphers(ssl); | |
212 | else | |
213 | sk = SSL_get_ciphers(ssl); | |
214 | ||
215 | if (!verbose) { | |
216 | for (i = 0; i < sk_SSL_CIPHER_num(sk); i++) { | |
4a640fb6 | 217 | const SSL_CIPHER *c = sk_SSL_CIPHER_value(sk, i); |
0f113f3e MC |
218 | p = SSL_CIPHER_get_name(c); |
219 | if (p == NULL) | |
220 | break; | |
221 | if (i != 0) | |
7e1b7485 RS |
222 | BIO_printf(bio_out, ":"); |
223 | BIO_printf(bio_out, "%s", p); | |
0f113f3e | 224 | } |
7e1b7485 RS |
225 | BIO_printf(bio_out, "\n"); |
226 | } else { | |
0f113f3e MC |
227 | |
228 | for (i = 0; i < sk_SSL_CIPHER_num(sk); i++) { | |
4a640fb6 | 229 | const SSL_CIPHER *c; |
0f113f3e MC |
230 | |
231 | c = sk_SSL_CIPHER_value(sk, i); | |
232 | ||
233 | if (Verbose) { | |
234 | unsigned long id = SSL_CIPHER_get_id(c); | |
235 | int id0 = (int)(id >> 24); | |
236 | int id1 = (int)((id >> 16) & 0xffL); | |
237 | int id2 = (int)((id >> 8) & 0xffL); | |
238 | int id3 = (int)(id & 0xffL); | |
239 | ||
7e1b7485 RS |
240 | if ((id & 0xff000000L) == 0x03000000L) |
241 | BIO_printf(bio_out, " 0x%02X,0x%02X - ", id2, id3); /* SSL3 | |
242 | * cipher */ | |
243 | else | |
244 | BIO_printf(bio_out, "0x%02X,0x%02X,0x%02X,0x%02X - ", id0, id1, id2, id3); /* whatever */ | |
0f113f3e | 245 | } |
51b9115b | 246 | #ifndef OPENSSL_NO_SSL_TRACE |
0f113f3e MC |
247 | if (stdname) { |
248 | const char *nm = SSL_CIPHER_standard_name(c); | |
249 | if (nm == NULL) | |
250 | nm = "UNKNOWN"; | |
7e1b7485 | 251 | BIO_printf(bio_out, "%s - ", nm); |
0f113f3e | 252 | } |
51b9115b | 253 | #endif |
7e1b7485 | 254 | BIO_puts(bio_out, SSL_CIPHER_description(c, buf, sizeof buf)); |
0f113f3e MC |
255 | } |
256 | } | |
257 | ||
258 | ret = 0; | |
7e1b7485 | 259 | goto end; |
0f113f3e | 260 | err: |
7e1b7485 | 261 | ERR_print_errors(bio_err); |
0f113f3e | 262 | end: |
25aaa98a | 263 | if (use_supported) |
0f113f3e | 264 | sk_SSL_CIPHER_free(sk); |
62adbcee RS |
265 | SSL_CTX_free(ctx); |
266 | SSL_free(ssl); | |
7e1b7485 | 267 | return (ret); |
0f113f3e | 268 | } |