]>
Commit | Line | Data |
---|---|---|
846e33c7 | 1 | /* |
6738bf14 | 2 | * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. |
d02b48c6 | 3 | * |
dffa7520 | 4 | * Licensed under the Apache License 2.0 (the "License"). You may not use |
846e33c7 RS |
5 | * this file except in compliance with the License. You can obtain a copy |
6 | * in the file LICENSE in the source distribution or at | |
7 | * https://www.openssl.org/source/license.html | |
d02b48c6 RE |
8 | */ |
9 | ||
10 | #include <stdio.h> | |
11 | #include <stdlib.h> | |
12 | #include <string.h> | |
d02b48c6 | 13 | #include "apps.h" |
dab2cd68 | 14 | #include "progs.h" |
ec577822 BM |
15 | #include <openssl/err.h> |
16 | #include <openssl/ssl.h> | |
d02b48c6 | 17 | |
7e1b7485 RS |
18 | typedef enum OPTION_choice { |
19 | OPT_ERR = -1, OPT_EOF = 0, OPT_HELP, | |
7e1b7485 | 20 | OPT_STDNAME, |
bbb4ceb8 | 21 | OPT_CONVERT, |
7e1b7485 | 22 | OPT_SSL3, |
7e1b7485 | 23 | OPT_TLS1, |
2a802c80 DSH |
24 | OPT_TLS1_1, |
25 | OPT_TLS1_2, | |
582a17d6 | 26 | OPT_TLS1_3, |
96509199 | 27 | OPT_PSK, |
1480b8a9 | 28 | OPT_SRP, |
f865b081 | 29 | OPT_CIPHERSUITES, |
7e1b7485 RS |
30 | OPT_V, OPT_UPPER_V, OPT_S |
31 | } OPTION_CHOICE; | |
32 | ||
44c83ebd | 33 | const OPTIONS ciphers_options[] = { |
92de469f RS |
34 | {OPT_HELP_STR, 1, '-', "Usage: %s [options] [cipher]\n"}, |
35 | ||
5388f986 | 36 | OPT_SECTION("General"), |
7e1b7485 | 37 | {"help", OPT_HELP, '-', "Display this summary"}, |
5388f986 RS |
38 | |
39 | OPT_SECTION("Output"), | |
7e1b7485 RS |
40 | {"v", OPT_V, '-', "Verbose listing of the SSL/TLS ciphers"}, |
41 | {"V", OPT_UPPER_V, '-', "Even more verbose"}, | |
5388f986 RS |
42 | {"stdname", OPT_STDNAME, '-', "Show standard cipher names"}, |
43 | {"convert", OPT_CONVERT, 's', "Convert standard name into OpenSSL name"}, | |
44 | ||
45 | OPT_SECTION("Cipher specification"), | |
7e1b7485 | 46 | {"s", OPT_S, '-', "Only supported ciphers"}, |
6b01bed2 | 47 | #ifndef OPENSSL_NO_SSL3 |
5388f986 | 48 | {"ssl3", OPT_SSL3, '-', "Ciphers compatible with SSL3"}, |
6b01bed2 VD |
49 | #endif |
50 | #ifndef OPENSSL_NO_TLS1 | |
5388f986 | 51 | {"tls1", OPT_TLS1, '-', "Ciphers compatible with TLS1"}, |
6b01bed2 VD |
52 | #endif |
53 | #ifndef OPENSSL_NO_TLS1_1 | |
5388f986 | 54 | {"tls1_1", OPT_TLS1_1, '-', "Ciphers compatible with TLS1.1"}, |
6b01bed2 VD |
55 | #endif |
56 | #ifndef OPENSSL_NO_TLS1_2 | |
5388f986 | 57 | {"tls1_2", OPT_TLS1_2, '-', "Ciphers compatible with TLS1.2"}, |
6b01bed2 | 58 | #endif |
582a17d6 | 59 | #ifndef OPENSSL_NO_TLS1_3 |
5388f986 | 60 | {"tls1_3", OPT_TLS1_3, '-', "Ciphers compatible with TLS1.3"}, |
582a17d6 | 61 | #endif |
96509199 | 62 | #ifndef OPENSSL_NO_PSK |
5388f986 | 63 | {"psk", OPT_PSK, '-', "Include ciphersuites requiring PSK"}, |
1480b8a9 DSH |
64 | #endif |
65 | #ifndef OPENSSL_NO_SRP | |
5388f986 | 66 | {"srp", OPT_SRP, '-', "Include ciphersuites requiring SRP"}, |
7e1b7485 | 67 | #endif |
f865b081 MC |
68 | {"ciphersuites", OPT_CIPHERSUITES, 's', |
69 | "Configure the TLSv1.3 ciphersuites to use"}, | |
92de469f RS |
70 | |
71 | OPT_PARAMETERS(), | |
72 | {"cipher", 0, 0, "Cipher string to decode (optional)"}, | |
7e1b7485 | 73 | {NULL} |
d02b48c6 RE |
74 | }; |
75 | ||
73cd6175 | 76 | #ifndef OPENSSL_NO_PSK |
96509199 DSH |
77 | static unsigned int dummy_psk(SSL *ssl, const char *hint, char *identity, |
78 | unsigned int max_identity_len, | |
79 | unsigned char *psk, | |
80 | unsigned int max_psk_len) | |
81 | { | |
82 | return 0; | |
83 | } | |
73cd6175 | 84 | #endif |
1480b8a9 DSH |
85 | #ifndef OPENSSL_NO_SRP |
86 | static char *dummy_srp(SSL *ssl, void *arg) | |
87 | { | |
88 | return ""; | |
89 | } | |
90 | #endif | |
96509199 | 91 | |
7e1b7485 | 92 | int ciphers_main(int argc, char **argv) |
0f113f3e | 93 | { |
7e1b7485 RS |
94 | SSL_CTX *ctx = NULL; |
95 | SSL *ssl = NULL; | |
96 | STACK_OF(SSL_CIPHER) *sk = NULL; | |
32ec4153 | 97 | const SSL_METHOD *meth = TLS_server_method(); |
7e1b7485 | 98 | int ret = 1, i, verbose = 0, Verbose = 0, use_supported = 0; |
0f113f3e | 99 | int stdname = 0; |
96509199 DSH |
100 | #ifndef OPENSSL_NO_PSK |
101 | int psk = 0; | |
1480b8a9 DSH |
102 | #endif |
103 | #ifndef OPENSSL_NO_SRP | |
104 | int srp = 0; | |
51b9115b | 105 | #endif |
0f113f3e | 106 | const char *p; |
f865b081 | 107 | char *ciphers = NULL, *prog, *convert = NULL, *ciphersuites = NULL; |
0f113f3e | 108 | char buf[512]; |
7e1b7485 | 109 | OPTION_CHOICE o; |
0d5301af | 110 | int min_version = 0, max_version = 0; |
7e1b7485 RS |
111 | |
112 | prog = opt_init(argc, argv, ciphers_options); | |
113 | while ((o = opt_next()) != OPT_EOF) { | |
114 | switch (o) { | |
115 | case OPT_EOF: | |
116 | case OPT_ERR: | |
117 | opthelp: | |
118 | BIO_printf(bio_err, "%s: Use -help for summary.\n", prog); | |
119 | goto end; | |
120 | case OPT_HELP: | |
121 | opt_help(ciphers_options); | |
122 | ret = 0; | |
123 | goto end; | |
124 | case OPT_V: | |
0f113f3e | 125 | verbose = 1; |
7e1b7485 RS |
126 | break; |
127 | case OPT_UPPER_V: | |
0f113f3e | 128 | verbose = Verbose = 1; |
7e1b7485 RS |
129 | break; |
130 | case OPT_S: | |
0f113f3e | 131 | use_supported = 1; |
7e1b7485 | 132 | break; |
7e1b7485 | 133 | case OPT_STDNAME: |
0f113f3e | 134 | stdname = verbose = 1; |
bbb4ceb8 PY |
135 | break; |
136 | case OPT_CONVERT: | |
137 | convert = opt_arg(); | |
9c3bcfa0 | 138 | break; |
7e1b7485 | 139 | case OPT_SSL3: |
0d5301af KR |
140 | min_version = SSL3_VERSION; |
141 | max_version = SSL3_VERSION; | |
9c3bcfa0 | 142 | break; |
7e1b7485 | 143 | case OPT_TLS1: |
0d5301af KR |
144 | min_version = TLS1_VERSION; |
145 | max_version = TLS1_VERSION; | |
0f113f3e | 146 | break; |
2a802c80 | 147 | case OPT_TLS1_1: |
0d5301af KR |
148 | min_version = TLS1_1_VERSION; |
149 | max_version = TLS1_1_VERSION; | |
2a802c80 DSH |
150 | break; |
151 | case OPT_TLS1_2: | |
0d5301af KR |
152 | min_version = TLS1_2_VERSION; |
153 | max_version = TLS1_2_VERSION; | |
2a802c80 | 154 | break; |
582a17d6 MC |
155 | case OPT_TLS1_3: |
156 | min_version = TLS1_3_VERSION; | |
157 | max_version = TLS1_3_VERSION; | |
158 | break; | |
96509199 DSH |
159 | case OPT_PSK: |
160 | #ifndef OPENSSL_NO_PSK | |
161 | psk = 1; | |
1480b8a9 | 162 | #endif |
a45dca66 | 163 | break; |
1480b8a9 DSH |
164 | case OPT_SRP: |
165 | #ifndef OPENSSL_NO_SRP | |
166 | srp = 1; | |
96509199 DSH |
167 | #endif |
168 | break; | |
f865b081 MC |
169 | case OPT_CIPHERSUITES: |
170 | ciphersuites = opt_arg(); | |
171 | break; | |
0f113f3e | 172 | } |
0f113f3e | 173 | } |
7e1b7485 RS |
174 | argv = opt_rest(); |
175 | argc = opt_num_rest(); | |
0f113f3e | 176 | |
7e1b7485 RS |
177 | if (argc == 1) |
178 | ciphers = *argv; | |
179 | else if (argc != 0) | |
180 | goto opthelp; | |
0f113f3e | 181 | |
bbb4ceb8 PY |
182 | if (convert != NULL) { |
183 | BIO_printf(bio_out, "OpenSSL cipher name: %s\n", | |
184 | OPENSSL_cipher_name(convert)); | |
185 | goto end; | |
186 | } | |
187 | ||
0f113f3e MC |
188 | ctx = SSL_CTX_new(meth); |
189 | if (ctx == NULL) | |
190 | goto err; | |
0d5301af KR |
191 | if (SSL_CTX_set_min_proto_version(ctx, min_version) == 0) |
192 | goto err; | |
193 | if (SSL_CTX_set_max_proto_version(ctx, max_version) == 0) | |
194 | goto err; | |
195 | ||
96509199 DSH |
196 | #ifndef OPENSSL_NO_PSK |
197 | if (psk) | |
198 | SSL_CTX_set_psk_client_callback(ctx, dummy_psk); | |
1480b8a9 DSH |
199 | #endif |
200 | #ifndef OPENSSL_NO_SRP | |
201 | if (srp) | |
202 | SSL_CTX_set_srp_client_pwd_callback(ctx, dummy_srp); | |
96509199 | 203 | #endif |
f865b081 MC |
204 | |
205 | if (ciphersuites != NULL && !SSL_CTX_set_ciphersuites(ctx, ciphersuites)) { | |
206 | BIO_printf(bio_err, "Error setting TLSv1.3 ciphersuites\n"); | |
207 | goto err; | |
208 | } | |
209 | ||
0f113f3e MC |
210 | if (ciphers != NULL) { |
211 | if (!SSL_CTX_set_cipher_list(ctx, ciphers)) { | |
212 | BIO_printf(bio_err, "Error in cipher list\n"); | |
213 | goto err; | |
214 | } | |
215 | } | |
216 | ssl = SSL_new(ctx); | |
217 | if (ssl == NULL) | |
218 | goto err; | |
219 | ||
220 | if (use_supported) | |
221 | sk = SSL_get1_supported_ciphers(ssl); | |
222 | else | |
223 | sk = SSL_get_ciphers(ssl); | |
224 | ||
225 | if (!verbose) { | |
226 | for (i = 0; i < sk_SSL_CIPHER_num(sk); i++) { | |
4a640fb6 | 227 | const SSL_CIPHER *c = sk_SSL_CIPHER_value(sk, i); |
0f113f3e MC |
228 | p = SSL_CIPHER_get_name(c); |
229 | if (p == NULL) | |
230 | break; | |
231 | if (i != 0) | |
7e1b7485 RS |
232 | BIO_printf(bio_out, ":"); |
233 | BIO_printf(bio_out, "%s", p); | |
0f113f3e | 234 | } |
7e1b7485 RS |
235 | BIO_printf(bio_out, "\n"); |
236 | } else { | |
0f113f3e MC |
237 | |
238 | for (i = 0; i < sk_SSL_CIPHER_num(sk); i++) { | |
4a640fb6 | 239 | const SSL_CIPHER *c; |
0f113f3e MC |
240 | |
241 | c = sk_SSL_CIPHER_value(sk, i); | |
242 | ||
243 | if (Verbose) { | |
244 | unsigned long id = SSL_CIPHER_get_id(c); | |
245 | int id0 = (int)(id >> 24); | |
246 | int id1 = (int)((id >> 16) & 0xffL); | |
247 | int id2 = (int)((id >> 8) & 0xffL); | |
248 | int id3 = (int)(id & 0xffL); | |
249 | ||
7e1b7485 RS |
250 | if ((id & 0xff000000L) == 0x03000000L) |
251 | BIO_printf(bio_out, " 0x%02X,0x%02X - ", id2, id3); /* SSL3 | |
252 | * cipher */ | |
253 | else | |
254 | BIO_printf(bio_out, "0x%02X,0x%02X,0x%02X,0x%02X - ", id0, id1, id2, id3); /* whatever */ | |
0f113f3e | 255 | } |
0f113f3e MC |
256 | if (stdname) { |
257 | const char *nm = SSL_CIPHER_standard_name(c); | |
258 | if (nm == NULL) | |
259 | nm = "UNKNOWN"; | |
7817e74d | 260 | BIO_printf(bio_out, "%-45s - ", nm); |
0f113f3e | 261 | } |
cbe29648 | 262 | BIO_puts(bio_out, SSL_CIPHER_description(c, buf, sizeof(buf))); |
0f113f3e MC |
263 | } |
264 | } | |
265 | ||
266 | ret = 0; | |
7e1b7485 | 267 | goto end; |
0f113f3e | 268 | err: |
7e1b7485 | 269 | ERR_print_errors(bio_err); |
0f113f3e | 270 | end: |
25aaa98a | 271 | if (use_supported) |
0f113f3e | 272 | sk_SSL_CIPHER_free(sk); |
62adbcee RS |
273 | SSL_CTX_free(ctx); |
274 | SSL_free(ssl); | |
bbb4ceb8 | 275 | return ret; |
0f113f3e | 276 | } |