]>
Commit | Line | Data |
---|---|---|
846e33c7 | 1 | /* |
2234212c | 2 | * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved. |
d02b48c6 | 3 | * |
846e33c7 RS |
4 | * Licensed under the OpenSSL license (the "License"). You may not use |
5 | * this file except in compliance with the License. You can obtain a copy | |
6 | * in the file LICENSE in the source distribution or at | |
7 | * https://www.openssl.org/source/license.html | |
d02b48c6 RE |
8 | */ |
9 | ||
10 | #include <stdio.h> | |
11 | #include <stdlib.h> | |
12 | #include <string.h> | |
d02b48c6 | 13 | #include "apps.h" |
ec577822 BM |
14 | #include <openssl/err.h> |
15 | #include <openssl/ssl.h> | |
d02b48c6 | 16 | |
7e1b7485 RS |
17 | typedef enum OPTION_choice { |
18 | OPT_ERR = -1, OPT_EOF = 0, OPT_HELP, | |
7e1b7485 | 19 | OPT_STDNAME, |
bbb4ceb8 | 20 | OPT_CONVERT, |
7e1b7485 | 21 | OPT_SSL3, |
7e1b7485 | 22 | OPT_TLS1, |
2a802c80 DSH |
23 | OPT_TLS1_1, |
24 | OPT_TLS1_2, | |
582a17d6 | 25 | OPT_TLS1_3, |
96509199 | 26 | OPT_PSK, |
1480b8a9 | 27 | OPT_SRP, |
7e1b7485 RS |
28 | OPT_V, OPT_UPPER_V, OPT_S |
29 | } OPTION_CHOICE; | |
30 | ||
44c83ebd | 31 | const OPTIONS ciphers_options[] = { |
7e1b7485 RS |
32 | {"help", OPT_HELP, '-', "Display this summary"}, |
33 | {"v", OPT_V, '-', "Verbose listing of the SSL/TLS ciphers"}, | |
34 | {"V", OPT_UPPER_V, '-', "Even more verbose"}, | |
35 | {"s", OPT_S, '-', "Only supported ciphers"}, | |
6b01bed2 VD |
36 | #ifndef OPENSSL_NO_SSL3 |
37 | {"ssl3", OPT_SSL3, '-', "SSL3 mode"}, | |
38 | #endif | |
39 | #ifndef OPENSSL_NO_TLS1 | |
9c3bcfa0 | 40 | {"tls1", OPT_TLS1, '-', "TLS1 mode"}, |
6b01bed2 VD |
41 | #endif |
42 | #ifndef OPENSSL_NO_TLS1_1 | |
2a802c80 | 43 | {"tls1_1", OPT_TLS1_1, '-', "TLS1.1 mode"}, |
6b01bed2 VD |
44 | #endif |
45 | #ifndef OPENSSL_NO_TLS1_2 | |
2a802c80 | 46 | {"tls1_2", OPT_TLS1_2, '-', "TLS1.2 mode"}, |
6b01bed2 | 47 | #endif |
582a17d6 MC |
48 | #ifndef OPENSSL_NO_TLS1_3 |
49 | {"tls1_3", OPT_TLS1_3, '-', "TLS1.3 mode"}, | |
50 | #endif | |
7e1b7485 | 51 | {"stdname", OPT_STDNAME, '-', "Show standard cipher names"}, |
96509199 DSH |
52 | #ifndef OPENSSL_NO_PSK |
53 | {"psk", OPT_PSK, '-', "include ciphersuites requiring PSK"}, | |
1480b8a9 DSH |
54 | #endif |
55 | #ifndef OPENSSL_NO_SRP | |
56 | {"srp", OPT_SRP, '-', "include ciphersuites requiring SRP"}, | |
7e1b7485 | 57 | #endif |
bbb4ceb8 | 58 | {"convert", OPT_CONVERT, 's', "Convert standard name into OpenSSL name"}, |
7e1b7485 | 59 | {NULL} |
d02b48c6 RE |
60 | }; |
61 | ||
73cd6175 | 62 | #ifndef OPENSSL_NO_PSK |
96509199 DSH |
63 | static unsigned int dummy_psk(SSL *ssl, const char *hint, char *identity, |
64 | unsigned int max_identity_len, | |
65 | unsigned char *psk, | |
66 | unsigned int max_psk_len) | |
67 | { | |
68 | return 0; | |
69 | } | |
73cd6175 | 70 | #endif |
1480b8a9 DSH |
71 | #ifndef OPENSSL_NO_SRP |
72 | static char *dummy_srp(SSL *ssl, void *arg) | |
73 | { | |
74 | return ""; | |
75 | } | |
76 | #endif | |
96509199 | 77 | |
7e1b7485 | 78 | int ciphers_main(int argc, char **argv) |
0f113f3e | 79 | { |
7e1b7485 RS |
80 | SSL_CTX *ctx = NULL; |
81 | SSL *ssl = NULL; | |
82 | STACK_OF(SSL_CIPHER) *sk = NULL; | |
32ec4153 | 83 | const SSL_METHOD *meth = TLS_server_method(); |
7e1b7485 | 84 | int ret = 1, i, verbose = 0, Verbose = 0, use_supported = 0; |
0f113f3e | 85 | int stdname = 0; |
96509199 DSH |
86 | #ifndef OPENSSL_NO_PSK |
87 | int psk = 0; | |
1480b8a9 DSH |
88 | #endif |
89 | #ifndef OPENSSL_NO_SRP | |
90 | int srp = 0; | |
51b9115b | 91 | #endif |
0f113f3e | 92 | const char *p; |
bbb4ceb8 | 93 | char *ciphers = NULL, *prog, *convert = NULL; |
0f113f3e | 94 | char buf[512]; |
7e1b7485 | 95 | OPTION_CHOICE o; |
0d5301af | 96 | int min_version = 0, max_version = 0; |
7e1b7485 RS |
97 | |
98 | prog = opt_init(argc, argv, ciphers_options); | |
99 | while ((o = opt_next()) != OPT_EOF) { | |
100 | switch (o) { | |
101 | case OPT_EOF: | |
102 | case OPT_ERR: | |
103 | opthelp: | |
104 | BIO_printf(bio_err, "%s: Use -help for summary.\n", prog); | |
105 | goto end; | |
106 | case OPT_HELP: | |
107 | opt_help(ciphers_options); | |
108 | ret = 0; | |
109 | goto end; | |
110 | case OPT_V: | |
0f113f3e | 111 | verbose = 1; |
7e1b7485 RS |
112 | break; |
113 | case OPT_UPPER_V: | |
0f113f3e | 114 | verbose = Verbose = 1; |
7e1b7485 RS |
115 | break; |
116 | case OPT_S: | |
0f113f3e | 117 | use_supported = 1; |
7e1b7485 | 118 | break; |
7e1b7485 | 119 | case OPT_STDNAME: |
0f113f3e | 120 | stdname = verbose = 1; |
bbb4ceb8 PY |
121 | break; |
122 | case OPT_CONVERT: | |
123 | convert = opt_arg(); | |
9c3bcfa0 | 124 | break; |
7e1b7485 | 125 | case OPT_SSL3: |
0d5301af KR |
126 | min_version = SSL3_VERSION; |
127 | max_version = SSL3_VERSION; | |
9c3bcfa0 | 128 | break; |
7e1b7485 | 129 | case OPT_TLS1: |
0d5301af KR |
130 | min_version = TLS1_VERSION; |
131 | max_version = TLS1_VERSION; | |
0f113f3e | 132 | break; |
2a802c80 | 133 | case OPT_TLS1_1: |
0d5301af KR |
134 | min_version = TLS1_1_VERSION; |
135 | max_version = TLS1_1_VERSION; | |
2a802c80 DSH |
136 | break; |
137 | case OPT_TLS1_2: | |
0d5301af KR |
138 | min_version = TLS1_2_VERSION; |
139 | max_version = TLS1_2_VERSION; | |
2a802c80 | 140 | break; |
582a17d6 MC |
141 | case OPT_TLS1_3: |
142 | min_version = TLS1_3_VERSION; | |
143 | max_version = TLS1_3_VERSION; | |
144 | break; | |
96509199 DSH |
145 | case OPT_PSK: |
146 | #ifndef OPENSSL_NO_PSK | |
147 | psk = 1; | |
1480b8a9 | 148 | #endif |
a45dca66 | 149 | break; |
1480b8a9 DSH |
150 | case OPT_SRP: |
151 | #ifndef OPENSSL_NO_SRP | |
152 | srp = 1; | |
96509199 DSH |
153 | #endif |
154 | break; | |
0f113f3e | 155 | } |
0f113f3e | 156 | } |
7e1b7485 RS |
157 | argv = opt_rest(); |
158 | argc = opt_num_rest(); | |
0f113f3e | 159 | |
7e1b7485 RS |
160 | if (argc == 1) |
161 | ciphers = *argv; | |
162 | else if (argc != 0) | |
163 | goto opthelp; | |
0f113f3e | 164 | |
bbb4ceb8 PY |
165 | if (convert != NULL) { |
166 | BIO_printf(bio_out, "OpenSSL cipher name: %s\n", | |
167 | OPENSSL_cipher_name(convert)); | |
168 | goto end; | |
169 | } | |
170 | ||
0f113f3e MC |
171 | ctx = SSL_CTX_new(meth); |
172 | if (ctx == NULL) | |
173 | goto err; | |
0d5301af KR |
174 | if (SSL_CTX_set_min_proto_version(ctx, min_version) == 0) |
175 | goto err; | |
176 | if (SSL_CTX_set_max_proto_version(ctx, max_version) == 0) | |
177 | goto err; | |
178 | ||
96509199 DSH |
179 | #ifndef OPENSSL_NO_PSK |
180 | if (psk) | |
181 | SSL_CTX_set_psk_client_callback(ctx, dummy_psk); | |
1480b8a9 DSH |
182 | #endif |
183 | #ifndef OPENSSL_NO_SRP | |
184 | if (srp) | |
185 | SSL_CTX_set_srp_client_pwd_callback(ctx, dummy_srp); | |
96509199 | 186 | #endif |
0f113f3e MC |
187 | if (ciphers != NULL) { |
188 | if (!SSL_CTX_set_cipher_list(ctx, ciphers)) { | |
189 | BIO_printf(bio_err, "Error in cipher list\n"); | |
190 | goto err; | |
191 | } | |
192 | } | |
193 | ssl = SSL_new(ctx); | |
194 | if (ssl == NULL) | |
195 | goto err; | |
196 | ||
197 | if (use_supported) | |
198 | sk = SSL_get1_supported_ciphers(ssl); | |
199 | else | |
200 | sk = SSL_get_ciphers(ssl); | |
201 | ||
202 | if (!verbose) { | |
203 | for (i = 0; i < sk_SSL_CIPHER_num(sk); i++) { | |
4a640fb6 | 204 | const SSL_CIPHER *c = sk_SSL_CIPHER_value(sk, i); |
0f113f3e MC |
205 | p = SSL_CIPHER_get_name(c); |
206 | if (p == NULL) | |
207 | break; | |
208 | if (i != 0) | |
7e1b7485 RS |
209 | BIO_printf(bio_out, ":"); |
210 | BIO_printf(bio_out, "%s", p); | |
0f113f3e | 211 | } |
7e1b7485 RS |
212 | BIO_printf(bio_out, "\n"); |
213 | } else { | |
0f113f3e MC |
214 | |
215 | for (i = 0; i < sk_SSL_CIPHER_num(sk); i++) { | |
4a640fb6 | 216 | const SSL_CIPHER *c; |
0f113f3e MC |
217 | |
218 | c = sk_SSL_CIPHER_value(sk, i); | |
219 | ||
220 | if (Verbose) { | |
221 | unsigned long id = SSL_CIPHER_get_id(c); | |
222 | int id0 = (int)(id >> 24); | |
223 | int id1 = (int)((id >> 16) & 0xffL); | |
224 | int id2 = (int)((id >> 8) & 0xffL); | |
225 | int id3 = (int)(id & 0xffL); | |
226 | ||
7e1b7485 RS |
227 | if ((id & 0xff000000L) == 0x03000000L) |
228 | BIO_printf(bio_out, " 0x%02X,0x%02X - ", id2, id3); /* SSL3 | |
229 | * cipher */ | |
230 | else | |
231 | BIO_printf(bio_out, "0x%02X,0x%02X,0x%02X,0x%02X - ", id0, id1, id2, id3); /* whatever */ | |
0f113f3e | 232 | } |
0f113f3e MC |
233 | if (stdname) { |
234 | const char *nm = SSL_CIPHER_standard_name(c); | |
235 | if (nm == NULL) | |
236 | nm = "UNKNOWN"; | |
7e1b7485 | 237 | BIO_printf(bio_out, "%s - ", nm); |
0f113f3e | 238 | } |
7e1b7485 | 239 | BIO_puts(bio_out, SSL_CIPHER_description(c, buf, sizeof buf)); |
0f113f3e MC |
240 | } |
241 | } | |
242 | ||
243 | ret = 0; | |
7e1b7485 | 244 | goto end; |
0f113f3e | 245 | err: |
7e1b7485 | 246 | ERR_print_errors(bio_err); |
0f113f3e | 247 | end: |
25aaa98a | 248 | if (use_supported) |
0f113f3e | 249 | sk_SSL_CIPHER_free(sk); |
62adbcee RS |
250 | SSL_CTX_free(ctx); |
251 | SSL_free(ssl); | |
bbb4ceb8 | 252 | return ret; |
0f113f3e | 253 | } |