]>
Commit | Line | Data |
---|---|---|
846e33c7 | 1 | /* |
2234212c | 2 | * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved. |
d02b48c6 | 3 | * |
846e33c7 RS |
4 | * Licensed under the OpenSSL license (the "License"). You may not use |
5 | * this file except in compliance with the License. You can obtain a copy | |
6 | * in the file LICENSE in the source distribution or at | |
7 | * https://www.openssl.org/source/license.html | |
d02b48c6 RE |
8 | */ |
9 | ||
10 | #include <stdio.h> | |
11 | #include <stdlib.h> | |
12 | #include <string.h> | |
d02b48c6 | 13 | #include "apps.h" |
ec577822 BM |
14 | #include <openssl/err.h> |
15 | #include <openssl/ssl.h> | |
d02b48c6 | 16 | |
7e1b7485 RS |
17 | typedef enum OPTION_choice { |
18 | OPT_ERR = -1, OPT_EOF = 0, OPT_HELP, | |
7e1b7485 | 19 | OPT_STDNAME, |
7e1b7485 | 20 | OPT_SSL3, |
7e1b7485 | 21 | OPT_TLS1, |
2a802c80 DSH |
22 | OPT_TLS1_1, |
23 | OPT_TLS1_2, | |
582a17d6 | 24 | OPT_TLS1_3, |
96509199 | 25 | OPT_PSK, |
1480b8a9 | 26 | OPT_SRP, |
7e1b7485 RS |
27 | OPT_V, OPT_UPPER_V, OPT_S |
28 | } OPTION_CHOICE; | |
29 | ||
44c83ebd | 30 | const OPTIONS ciphers_options[] = { |
7e1b7485 RS |
31 | {"help", OPT_HELP, '-', "Display this summary"}, |
32 | {"v", OPT_V, '-', "Verbose listing of the SSL/TLS ciphers"}, | |
33 | {"V", OPT_UPPER_V, '-', "Even more verbose"}, | |
34 | {"s", OPT_S, '-', "Only supported ciphers"}, | |
6b01bed2 VD |
35 | #ifndef OPENSSL_NO_SSL3 |
36 | {"ssl3", OPT_SSL3, '-', "SSL3 mode"}, | |
37 | #endif | |
38 | #ifndef OPENSSL_NO_TLS1 | |
9c3bcfa0 | 39 | {"tls1", OPT_TLS1, '-', "TLS1 mode"}, |
6b01bed2 VD |
40 | #endif |
41 | #ifndef OPENSSL_NO_TLS1_1 | |
2a802c80 | 42 | {"tls1_1", OPT_TLS1_1, '-', "TLS1.1 mode"}, |
6b01bed2 VD |
43 | #endif |
44 | #ifndef OPENSSL_NO_TLS1_2 | |
2a802c80 | 45 | {"tls1_2", OPT_TLS1_2, '-', "TLS1.2 mode"}, |
6b01bed2 | 46 | #endif |
582a17d6 MC |
47 | #ifndef OPENSSL_NO_TLS1_3 |
48 | {"tls1_3", OPT_TLS1_3, '-', "TLS1.3 mode"}, | |
49 | #endif | |
7e1b7485 RS |
50 | #ifndef OPENSSL_NO_SSL_TRACE |
51 | {"stdname", OPT_STDNAME, '-', "Show standard cipher names"}, | |
52 | #endif | |
96509199 DSH |
53 | #ifndef OPENSSL_NO_PSK |
54 | {"psk", OPT_PSK, '-', "include ciphersuites requiring PSK"}, | |
1480b8a9 DSH |
55 | #endif |
56 | #ifndef OPENSSL_NO_SRP | |
57 | {"srp", OPT_SRP, '-', "include ciphersuites requiring SRP"}, | |
7e1b7485 | 58 | #endif |
7e1b7485 | 59 | {NULL} |
d02b48c6 RE |
60 | }; |
61 | ||
73cd6175 | 62 | #ifndef OPENSSL_NO_PSK |
96509199 DSH |
63 | static unsigned int dummy_psk(SSL *ssl, const char *hint, char *identity, |
64 | unsigned int max_identity_len, | |
65 | unsigned char *psk, | |
66 | unsigned int max_psk_len) | |
67 | { | |
68 | return 0; | |
69 | } | |
73cd6175 | 70 | #endif |
1480b8a9 DSH |
71 | #ifndef OPENSSL_NO_SRP |
72 | static char *dummy_srp(SSL *ssl, void *arg) | |
73 | { | |
74 | return ""; | |
75 | } | |
76 | #endif | |
96509199 | 77 | |
7e1b7485 | 78 | int ciphers_main(int argc, char **argv) |
0f113f3e | 79 | { |
7e1b7485 RS |
80 | SSL_CTX *ctx = NULL; |
81 | SSL *ssl = NULL; | |
82 | STACK_OF(SSL_CIPHER) *sk = NULL; | |
32ec4153 | 83 | const SSL_METHOD *meth = TLS_server_method(); |
7e1b7485 | 84 | int ret = 1, i, verbose = 0, Verbose = 0, use_supported = 0; |
51b9115b | 85 | #ifndef OPENSSL_NO_SSL_TRACE |
0f113f3e | 86 | int stdname = 0; |
96509199 DSH |
87 | #endif |
88 | #ifndef OPENSSL_NO_PSK | |
89 | int psk = 0; | |
1480b8a9 DSH |
90 | #endif |
91 | #ifndef OPENSSL_NO_SRP | |
92 | int srp = 0; | |
51b9115b | 93 | #endif |
0f113f3e | 94 | const char *p; |
7e1b7485 | 95 | char *ciphers = NULL, *prog; |
0f113f3e | 96 | char buf[512]; |
7e1b7485 | 97 | OPTION_CHOICE o; |
0d5301af | 98 | int min_version = 0, max_version = 0; |
7e1b7485 RS |
99 | |
100 | prog = opt_init(argc, argv, ciphers_options); | |
101 | while ((o = opt_next()) != OPT_EOF) { | |
102 | switch (o) { | |
103 | case OPT_EOF: | |
104 | case OPT_ERR: | |
105 | opthelp: | |
106 | BIO_printf(bio_err, "%s: Use -help for summary.\n", prog); | |
107 | goto end; | |
108 | case OPT_HELP: | |
109 | opt_help(ciphers_options); | |
110 | ret = 0; | |
111 | goto end; | |
112 | case OPT_V: | |
0f113f3e | 113 | verbose = 1; |
7e1b7485 RS |
114 | break; |
115 | case OPT_UPPER_V: | |
0f113f3e | 116 | verbose = Verbose = 1; |
7e1b7485 RS |
117 | break; |
118 | case OPT_S: | |
0f113f3e | 119 | use_supported = 1; |
7e1b7485 | 120 | break; |
7e1b7485 | 121 | case OPT_STDNAME: |
9c3bcfa0 | 122 | #ifndef OPENSSL_NO_SSL_TRACE |
0f113f3e | 123 | stdname = verbose = 1; |
51b9115b | 124 | #endif |
9c3bcfa0 | 125 | break; |
7e1b7485 | 126 | case OPT_SSL3: |
0d5301af KR |
127 | min_version = SSL3_VERSION; |
128 | max_version = SSL3_VERSION; | |
9c3bcfa0 | 129 | break; |
7e1b7485 | 130 | case OPT_TLS1: |
0d5301af KR |
131 | min_version = TLS1_VERSION; |
132 | max_version = TLS1_VERSION; | |
0f113f3e | 133 | break; |
2a802c80 | 134 | case OPT_TLS1_1: |
0d5301af KR |
135 | min_version = TLS1_1_VERSION; |
136 | max_version = TLS1_1_VERSION; | |
2a802c80 DSH |
137 | break; |
138 | case OPT_TLS1_2: | |
0d5301af KR |
139 | min_version = TLS1_2_VERSION; |
140 | max_version = TLS1_2_VERSION; | |
2a802c80 | 141 | break; |
582a17d6 MC |
142 | case OPT_TLS1_3: |
143 | min_version = TLS1_3_VERSION; | |
144 | max_version = TLS1_3_VERSION; | |
145 | break; | |
96509199 DSH |
146 | case OPT_PSK: |
147 | #ifndef OPENSSL_NO_PSK | |
148 | psk = 1; | |
1480b8a9 | 149 | #endif |
a45dca66 | 150 | break; |
1480b8a9 DSH |
151 | case OPT_SRP: |
152 | #ifndef OPENSSL_NO_SRP | |
153 | srp = 1; | |
96509199 DSH |
154 | #endif |
155 | break; | |
0f113f3e | 156 | } |
0f113f3e | 157 | } |
7e1b7485 RS |
158 | argv = opt_rest(); |
159 | argc = opt_num_rest(); | |
0f113f3e | 160 | |
7e1b7485 RS |
161 | if (argc == 1) |
162 | ciphers = *argv; | |
163 | else if (argc != 0) | |
164 | goto opthelp; | |
0f113f3e MC |
165 | |
166 | ctx = SSL_CTX_new(meth); | |
167 | if (ctx == NULL) | |
168 | goto err; | |
0d5301af KR |
169 | if (SSL_CTX_set_min_proto_version(ctx, min_version) == 0) |
170 | goto err; | |
171 | if (SSL_CTX_set_max_proto_version(ctx, max_version) == 0) | |
172 | goto err; | |
173 | ||
96509199 DSH |
174 | #ifndef OPENSSL_NO_PSK |
175 | if (psk) | |
176 | SSL_CTX_set_psk_client_callback(ctx, dummy_psk); | |
1480b8a9 DSH |
177 | #endif |
178 | #ifndef OPENSSL_NO_SRP | |
179 | if (srp) | |
180 | SSL_CTX_set_srp_client_pwd_callback(ctx, dummy_srp); | |
96509199 | 181 | #endif |
0f113f3e MC |
182 | if (ciphers != NULL) { |
183 | if (!SSL_CTX_set_cipher_list(ctx, ciphers)) { | |
184 | BIO_printf(bio_err, "Error in cipher list\n"); | |
185 | goto err; | |
186 | } | |
187 | } | |
188 | ssl = SSL_new(ctx); | |
189 | if (ssl == NULL) | |
190 | goto err; | |
191 | ||
192 | if (use_supported) | |
193 | sk = SSL_get1_supported_ciphers(ssl); | |
194 | else | |
195 | sk = SSL_get_ciphers(ssl); | |
196 | ||
197 | if (!verbose) { | |
198 | for (i = 0; i < sk_SSL_CIPHER_num(sk); i++) { | |
4a640fb6 | 199 | const SSL_CIPHER *c = sk_SSL_CIPHER_value(sk, i); |
0f113f3e MC |
200 | p = SSL_CIPHER_get_name(c); |
201 | if (p == NULL) | |
202 | break; | |
203 | if (i != 0) | |
7e1b7485 RS |
204 | BIO_printf(bio_out, ":"); |
205 | BIO_printf(bio_out, "%s", p); | |
0f113f3e | 206 | } |
7e1b7485 RS |
207 | BIO_printf(bio_out, "\n"); |
208 | } else { | |
0f113f3e MC |
209 | |
210 | for (i = 0; i < sk_SSL_CIPHER_num(sk); i++) { | |
4a640fb6 | 211 | const SSL_CIPHER *c; |
0f113f3e MC |
212 | |
213 | c = sk_SSL_CIPHER_value(sk, i); | |
214 | ||
215 | if (Verbose) { | |
216 | unsigned long id = SSL_CIPHER_get_id(c); | |
217 | int id0 = (int)(id >> 24); | |
218 | int id1 = (int)((id >> 16) & 0xffL); | |
219 | int id2 = (int)((id >> 8) & 0xffL); | |
220 | int id3 = (int)(id & 0xffL); | |
221 | ||
7e1b7485 RS |
222 | if ((id & 0xff000000L) == 0x03000000L) |
223 | BIO_printf(bio_out, " 0x%02X,0x%02X - ", id2, id3); /* SSL3 | |
224 | * cipher */ | |
225 | else | |
226 | BIO_printf(bio_out, "0x%02X,0x%02X,0x%02X,0x%02X - ", id0, id1, id2, id3); /* whatever */ | |
0f113f3e | 227 | } |
51b9115b | 228 | #ifndef OPENSSL_NO_SSL_TRACE |
0f113f3e MC |
229 | if (stdname) { |
230 | const char *nm = SSL_CIPHER_standard_name(c); | |
231 | if (nm == NULL) | |
232 | nm = "UNKNOWN"; | |
7e1b7485 | 233 | BIO_printf(bio_out, "%s - ", nm); |
0f113f3e | 234 | } |
51b9115b | 235 | #endif |
7e1b7485 | 236 | BIO_puts(bio_out, SSL_CIPHER_description(c, buf, sizeof buf)); |
0f113f3e MC |
237 | } |
238 | } | |
239 | ||
240 | ret = 0; | |
7e1b7485 | 241 | goto end; |
0f113f3e | 242 | err: |
7e1b7485 | 243 | ERR_print_errors(bio_err); |
0f113f3e | 244 | end: |
25aaa98a | 245 | if (use_supported) |
0f113f3e | 246 | sk_SSL_CIPHER_free(sk); |
62adbcee RS |
247 | SSL_CTX_free(ctx); |
248 | SSL_free(ssl); | |
7e1b7485 | 249 | return (ret); |
0f113f3e | 250 | } |