]>
Commit | Line | Data |
---|---|---|
846e33c7 | 1 | /* |
6738bf14 | 2 | * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. |
d02b48c6 | 3 | * |
846e33c7 RS |
4 | * Licensed under the OpenSSL license (the "License"). You may not use |
5 | * this file except in compliance with the License. You can obtain a copy | |
6 | * in the file LICENSE in the source distribution or at | |
7 | * https://www.openssl.org/source/license.html | |
d02b48c6 RE |
8 | */ |
9 | ||
10 | #include <stdio.h> | |
11 | #include <stdlib.h> | |
12 | #include <string.h> | |
d02b48c6 | 13 | #include "apps.h" |
dab2cd68 | 14 | #include "progs.h" |
ec577822 BM |
15 | #include <openssl/err.h> |
16 | #include <openssl/ssl.h> | |
d02b48c6 | 17 | |
7e1b7485 RS |
18 | typedef enum OPTION_choice { |
19 | OPT_ERR = -1, OPT_EOF = 0, OPT_HELP, | |
7e1b7485 | 20 | OPT_STDNAME, |
bbb4ceb8 | 21 | OPT_CONVERT, |
7e1b7485 | 22 | OPT_SSL3, |
7e1b7485 | 23 | OPT_TLS1, |
2a802c80 DSH |
24 | OPT_TLS1_1, |
25 | OPT_TLS1_2, | |
582a17d6 | 26 | OPT_TLS1_3, |
96509199 | 27 | OPT_PSK, |
1480b8a9 | 28 | OPT_SRP, |
f865b081 | 29 | OPT_CIPHERSUITES, |
7e1b7485 RS |
30 | OPT_V, OPT_UPPER_V, OPT_S |
31 | } OPTION_CHOICE; | |
32 | ||
44c83ebd | 33 | const OPTIONS ciphers_options[] = { |
7e1b7485 RS |
34 | {"help", OPT_HELP, '-', "Display this summary"}, |
35 | {"v", OPT_V, '-', "Verbose listing of the SSL/TLS ciphers"}, | |
36 | {"V", OPT_UPPER_V, '-', "Even more verbose"}, | |
37 | {"s", OPT_S, '-', "Only supported ciphers"}, | |
6b01bed2 VD |
38 | #ifndef OPENSSL_NO_SSL3 |
39 | {"ssl3", OPT_SSL3, '-', "SSL3 mode"}, | |
40 | #endif | |
41 | #ifndef OPENSSL_NO_TLS1 | |
9c3bcfa0 | 42 | {"tls1", OPT_TLS1, '-', "TLS1 mode"}, |
6b01bed2 VD |
43 | #endif |
44 | #ifndef OPENSSL_NO_TLS1_1 | |
2a802c80 | 45 | {"tls1_1", OPT_TLS1_1, '-', "TLS1.1 mode"}, |
6b01bed2 VD |
46 | #endif |
47 | #ifndef OPENSSL_NO_TLS1_2 | |
2a802c80 | 48 | {"tls1_2", OPT_TLS1_2, '-', "TLS1.2 mode"}, |
6b01bed2 | 49 | #endif |
582a17d6 MC |
50 | #ifndef OPENSSL_NO_TLS1_3 |
51 | {"tls1_3", OPT_TLS1_3, '-', "TLS1.3 mode"}, | |
52 | #endif | |
7e1b7485 | 53 | {"stdname", OPT_STDNAME, '-', "Show standard cipher names"}, |
96509199 DSH |
54 | #ifndef OPENSSL_NO_PSK |
55 | {"psk", OPT_PSK, '-', "include ciphersuites requiring PSK"}, | |
1480b8a9 DSH |
56 | #endif |
57 | #ifndef OPENSSL_NO_SRP | |
58 | {"srp", OPT_SRP, '-', "include ciphersuites requiring SRP"}, | |
7e1b7485 | 59 | #endif |
bbb4ceb8 | 60 | {"convert", OPT_CONVERT, 's', "Convert standard name into OpenSSL name"}, |
f865b081 MC |
61 | {"ciphersuites", OPT_CIPHERSUITES, 's', |
62 | "Configure the TLSv1.3 ciphersuites to use"}, | |
7e1b7485 | 63 | {NULL} |
d02b48c6 RE |
64 | }; |
65 | ||
73cd6175 | 66 | #ifndef OPENSSL_NO_PSK |
96509199 DSH |
67 | static unsigned int dummy_psk(SSL *ssl, const char *hint, char *identity, |
68 | unsigned int max_identity_len, | |
69 | unsigned char *psk, | |
70 | unsigned int max_psk_len) | |
71 | { | |
72 | return 0; | |
73 | } | |
73cd6175 | 74 | #endif |
1480b8a9 DSH |
75 | #ifndef OPENSSL_NO_SRP |
76 | static char *dummy_srp(SSL *ssl, void *arg) | |
77 | { | |
78 | return ""; | |
79 | } | |
80 | #endif | |
96509199 | 81 | |
7e1b7485 | 82 | int ciphers_main(int argc, char **argv) |
0f113f3e | 83 | { |
7e1b7485 RS |
84 | SSL_CTX *ctx = NULL; |
85 | SSL *ssl = NULL; | |
86 | STACK_OF(SSL_CIPHER) *sk = NULL; | |
32ec4153 | 87 | const SSL_METHOD *meth = TLS_server_method(); |
7e1b7485 | 88 | int ret = 1, i, verbose = 0, Verbose = 0, use_supported = 0; |
0f113f3e | 89 | int stdname = 0; |
96509199 DSH |
90 | #ifndef OPENSSL_NO_PSK |
91 | int psk = 0; | |
1480b8a9 DSH |
92 | #endif |
93 | #ifndef OPENSSL_NO_SRP | |
94 | int srp = 0; | |
51b9115b | 95 | #endif |
0f113f3e | 96 | const char *p; |
f865b081 | 97 | char *ciphers = NULL, *prog, *convert = NULL, *ciphersuites = NULL; |
0f113f3e | 98 | char buf[512]; |
7e1b7485 | 99 | OPTION_CHOICE o; |
0d5301af | 100 | int min_version = 0, max_version = 0; |
7e1b7485 RS |
101 | |
102 | prog = opt_init(argc, argv, ciphers_options); | |
103 | while ((o = opt_next()) != OPT_EOF) { | |
104 | switch (o) { | |
105 | case OPT_EOF: | |
106 | case OPT_ERR: | |
107 | opthelp: | |
108 | BIO_printf(bio_err, "%s: Use -help for summary.\n", prog); | |
109 | goto end; | |
110 | case OPT_HELP: | |
111 | opt_help(ciphers_options); | |
112 | ret = 0; | |
113 | goto end; | |
114 | case OPT_V: | |
0f113f3e | 115 | verbose = 1; |
7e1b7485 RS |
116 | break; |
117 | case OPT_UPPER_V: | |
0f113f3e | 118 | verbose = Verbose = 1; |
7e1b7485 RS |
119 | break; |
120 | case OPT_S: | |
0f113f3e | 121 | use_supported = 1; |
7e1b7485 | 122 | break; |
7e1b7485 | 123 | case OPT_STDNAME: |
0f113f3e | 124 | stdname = verbose = 1; |
bbb4ceb8 PY |
125 | break; |
126 | case OPT_CONVERT: | |
127 | convert = opt_arg(); | |
9c3bcfa0 | 128 | break; |
7e1b7485 | 129 | case OPT_SSL3: |
0d5301af KR |
130 | min_version = SSL3_VERSION; |
131 | max_version = SSL3_VERSION; | |
9c3bcfa0 | 132 | break; |
7e1b7485 | 133 | case OPT_TLS1: |
0d5301af KR |
134 | min_version = TLS1_VERSION; |
135 | max_version = TLS1_VERSION; | |
0f113f3e | 136 | break; |
2a802c80 | 137 | case OPT_TLS1_1: |
0d5301af KR |
138 | min_version = TLS1_1_VERSION; |
139 | max_version = TLS1_1_VERSION; | |
2a802c80 DSH |
140 | break; |
141 | case OPT_TLS1_2: | |
0d5301af KR |
142 | min_version = TLS1_2_VERSION; |
143 | max_version = TLS1_2_VERSION; | |
2a802c80 | 144 | break; |
582a17d6 MC |
145 | case OPT_TLS1_3: |
146 | min_version = TLS1_3_VERSION; | |
147 | max_version = TLS1_3_VERSION; | |
148 | break; | |
96509199 DSH |
149 | case OPT_PSK: |
150 | #ifndef OPENSSL_NO_PSK | |
151 | psk = 1; | |
1480b8a9 | 152 | #endif |
a45dca66 | 153 | break; |
1480b8a9 DSH |
154 | case OPT_SRP: |
155 | #ifndef OPENSSL_NO_SRP | |
156 | srp = 1; | |
96509199 DSH |
157 | #endif |
158 | break; | |
f865b081 MC |
159 | case OPT_CIPHERSUITES: |
160 | ciphersuites = opt_arg(); | |
161 | break; | |
0f113f3e | 162 | } |
0f113f3e | 163 | } |
7e1b7485 RS |
164 | argv = opt_rest(); |
165 | argc = opt_num_rest(); | |
0f113f3e | 166 | |
7e1b7485 RS |
167 | if (argc == 1) |
168 | ciphers = *argv; | |
169 | else if (argc != 0) | |
170 | goto opthelp; | |
0f113f3e | 171 | |
bbb4ceb8 PY |
172 | if (convert != NULL) { |
173 | BIO_printf(bio_out, "OpenSSL cipher name: %s\n", | |
174 | OPENSSL_cipher_name(convert)); | |
175 | goto end; | |
176 | } | |
177 | ||
0f113f3e MC |
178 | ctx = SSL_CTX_new(meth); |
179 | if (ctx == NULL) | |
180 | goto err; | |
0d5301af KR |
181 | if (SSL_CTX_set_min_proto_version(ctx, min_version) == 0) |
182 | goto err; | |
183 | if (SSL_CTX_set_max_proto_version(ctx, max_version) == 0) | |
184 | goto err; | |
185 | ||
96509199 DSH |
186 | #ifndef OPENSSL_NO_PSK |
187 | if (psk) | |
188 | SSL_CTX_set_psk_client_callback(ctx, dummy_psk); | |
1480b8a9 DSH |
189 | #endif |
190 | #ifndef OPENSSL_NO_SRP | |
191 | if (srp) | |
192 | SSL_CTX_set_srp_client_pwd_callback(ctx, dummy_srp); | |
96509199 | 193 | #endif |
f865b081 MC |
194 | |
195 | if (ciphersuites != NULL && !SSL_CTX_set_ciphersuites(ctx, ciphersuites)) { | |
196 | BIO_printf(bio_err, "Error setting TLSv1.3 ciphersuites\n"); | |
197 | goto err; | |
198 | } | |
199 | ||
0f113f3e MC |
200 | if (ciphers != NULL) { |
201 | if (!SSL_CTX_set_cipher_list(ctx, ciphers)) { | |
202 | BIO_printf(bio_err, "Error in cipher list\n"); | |
203 | goto err; | |
204 | } | |
205 | } | |
206 | ssl = SSL_new(ctx); | |
207 | if (ssl == NULL) | |
208 | goto err; | |
209 | ||
210 | if (use_supported) | |
211 | sk = SSL_get1_supported_ciphers(ssl); | |
212 | else | |
213 | sk = SSL_get_ciphers(ssl); | |
214 | ||
215 | if (!verbose) { | |
216 | for (i = 0; i < sk_SSL_CIPHER_num(sk); i++) { | |
4a640fb6 | 217 | const SSL_CIPHER *c = sk_SSL_CIPHER_value(sk, i); |
0f113f3e MC |
218 | p = SSL_CIPHER_get_name(c); |
219 | if (p == NULL) | |
220 | break; | |
221 | if (i != 0) | |
7e1b7485 RS |
222 | BIO_printf(bio_out, ":"); |
223 | BIO_printf(bio_out, "%s", p); | |
0f113f3e | 224 | } |
7e1b7485 RS |
225 | BIO_printf(bio_out, "\n"); |
226 | } else { | |
0f113f3e MC |
227 | |
228 | for (i = 0; i < sk_SSL_CIPHER_num(sk); i++) { | |
4a640fb6 | 229 | const SSL_CIPHER *c; |
0f113f3e MC |
230 | |
231 | c = sk_SSL_CIPHER_value(sk, i); | |
232 | ||
233 | if (Verbose) { | |
234 | unsigned long id = SSL_CIPHER_get_id(c); | |
235 | int id0 = (int)(id >> 24); | |
236 | int id1 = (int)((id >> 16) & 0xffL); | |
237 | int id2 = (int)((id >> 8) & 0xffL); | |
238 | int id3 = (int)(id & 0xffL); | |
239 | ||
7e1b7485 RS |
240 | if ((id & 0xff000000L) == 0x03000000L) |
241 | BIO_printf(bio_out, " 0x%02X,0x%02X - ", id2, id3); /* SSL3 | |
242 | * cipher */ | |
243 | else | |
244 | BIO_printf(bio_out, "0x%02X,0x%02X,0x%02X,0x%02X - ", id0, id1, id2, id3); /* whatever */ | |
0f113f3e | 245 | } |
0f113f3e MC |
246 | if (stdname) { |
247 | const char *nm = SSL_CIPHER_standard_name(c); | |
248 | if (nm == NULL) | |
249 | nm = "UNKNOWN"; | |
7e1b7485 | 250 | BIO_printf(bio_out, "%s - ", nm); |
0f113f3e | 251 | } |
cbe29648 | 252 | BIO_puts(bio_out, SSL_CIPHER_description(c, buf, sizeof(buf))); |
0f113f3e MC |
253 | } |
254 | } | |
255 | ||
256 | ret = 0; | |
7e1b7485 | 257 | goto end; |
0f113f3e | 258 | err: |
7e1b7485 | 259 | ERR_print_errors(bio_err); |
0f113f3e | 260 | end: |
25aaa98a | 261 | if (use_supported) |
0f113f3e | 262 | sk_SSL_CIPHER_free(sk); |
62adbcee RS |
263 | SSL_CTX_free(ctx); |
264 | SSL_free(ssl); | |
bbb4ceb8 | 265 | return ret; |
0f113f3e | 266 | } |