]>
Commit | Line | Data |
---|---|---|
846e33c7 | 1 | /* |
fecb3aae | 2 | * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. |
d02b48c6 | 3 | * |
dffa7520 | 4 | * Licensed under the Apache License 2.0 (the "License"). You may not use |
846e33c7 RS |
5 | * this file except in compliance with the License. You can obtain a copy |
6 | * in the file LICENSE in the source distribution or at | |
7 | * https://www.openssl.org/source/license.html | |
d02b48c6 RE |
8 | */ |
9 | ||
10 | #include <stdio.h> | |
11 | #include <stdlib.h> | |
12 | #include <string.h> | |
d02b48c6 | 13 | #include "apps.h" |
dab2cd68 | 14 | #include "progs.h" |
ec577822 BM |
15 | #include <openssl/err.h> |
16 | #include <openssl/ssl.h> | |
76cb077f | 17 | #include "s_apps.h" |
d02b48c6 | 18 | |
7e1b7485 | 19 | typedef enum OPTION_choice { |
b0f96018 | 20 | OPT_COMMON, |
7e1b7485 | 21 | OPT_STDNAME, |
bbb4ceb8 | 22 | OPT_CONVERT, |
7e1b7485 | 23 | OPT_SSL3, |
7e1b7485 | 24 | OPT_TLS1, |
2a802c80 DSH |
25 | OPT_TLS1_1, |
26 | OPT_TLS1_2, | |
582a17d6 | 27 | OPT_TLS1_3, |
96509199 | 28 | OPT_PSK, |
1480b8a9 | 29 | OPT_SRP, |
f865b081 | 30 | OPT_CIPHERSUITES, |
6bd4e3f2 | 31 | OPT_V, OPT_UPPER_V, OPT_S, OPT_PROV_ENUM |
7e1b7485 RS |
32 | } OPTION_CHOICE; |
33 | ||
44c83ebd | 34 | const OPTIONS ciphers_options[] = { |
92de469f RS |
35 | {OPT_HELP_STR, 1, '-', "Usage: %s [options] [cipher]\n"}, |
36 | ||
5388f986 | 37 | OPT_SECTION("General"), |
7e1b7485 | 38 | {"help", OPT_HELP, '-', "Display this summary"}, |
5388f986 RS |
39 | |
40 | OPT_SECTION("Output"), | |
7e1b7485 RS |
41 | {"v", OPT_V, '-', "Verbose listing of the SSL/TLS ciphers"}, |
42 | {"V", OPT_UPPER_V, '-', "Even more verbose"}, | |
5388f986 RS |
43 | {"stdname", OPT_STDNAME, '-', "Show standard cipher names"}, |
44 | {"convert", OPT_CONVERT, 's', "Convert standard name into OpenSSL name"}, | |
45 | ||
46 | OPT_SECTION("Cipher specification"), | |
7e1b7485 | 47 | {"s", OPT_S, '-', "Only supported ciphers"}, |
6b01bed2 | 48 | #ifndef OPENSSL_NO_SSL3 |
5388f986 | 49 | {"ssl3", OPT_SSL3, '-', "Ciphers compatible with SSL3"}, |
6b01bed2 VD |
50 | #endif |
51 | #ifndef OPENSSL_NO_TLS1 | |
5388f986 | 52 | {"tls1", OPT_TLS1, '-', "Ciphers compatible with TLS1"}, |
6b01bed2 VD |
53 | #endif |
54 | #ifndef OPENSSL_NO_TLS1_1 | |
5388f986 | 55 | {"tls1_1", OPT_TLS1_1, '-', "Ciphers compatible with TLS1.1"}, |
6b01bed2 VD |
56 | #endif |
57 | #ifndef OPENSSL_NO_TLS1_2 | |
5388f986 | 58 | {"tls1_2", OPT_TLS1_2, '-', "Ciphers compatible with TLS1.2"}, |
6b01bed2 | 59 | #endif |
582a17d6 | 60 | #ifndef OPENSSL_NO_TLS1_3 |
5388f986 | 61 | {"tls1_3", OPT_TLS1_3, '-', "Ciphers compatible with TLS1.3"}, |
582a17d6 | 62 | #endif |
96509199 | 63 | #ifndef OPENSSL_NO_PSK |
5388f986 | 64 | {"psk", OPT_PSK, '-', "Include ciphersuites requiring PSK"}, |
1480b8a9 DSH |
65 | #endif |
66 | #ifndef OPENSSL_NO_SRP | |
76cb077f | 67 | {"srp", OPT_SRP, '-', "(deprecated) Include ciphersuites requiring SRP"}, |
7e1b7485 | 68 | #endif |
f865b081 MC |
69 | {"ciphersuites", OPT_CIPHERSUITES, 's', |
70 | "Configure the TLSv1.3 ciphersuites to use"}, | |
6bd4e3f2 | 71 | OPT_PROV_OPTIONS, |
92de469f RS |
72 | |
73 | OPT_PARAMETERS(), | |
74 | {"cipher", 0, 0, "Cipher string to decode (optional)"}, | |
7e1b7485 | 75 | {NULL} |
d02b48c6 RE |
76 | }; |
77 | ||
73cd6175 | 78 | #ifndef OPENSSL_NO_PSK |
96509199 DSH |
79 | static unsigned int dummy_psk(SSL *ssl, const char *hint, char *identity, |
80 | unsigned int max_identity_len, | |
81 | unsigned char *psk, | |
82 | unsigned int max_psk_len) | |
83 | { | |
84 | return 0; | |
85 | } | |
73cd6175 | 86 | #endif |
96509199 | 87 | |
7e1b7485 | 88 | int ciphers_main(int argc, char **argv) |
0f113f3e | 89 | { |
7e1b7485 RS |
90 | SSL_CTX *ctx = NULL; |
91 | SSL *ssl = NULL; | |
92 | STACK_OF(SSL_CIPHER) *sk = NULL; | |
32ec4153 | 93 | const SSL_METHOD *meth = TLS_server_method(); |
7e1b7485 | 94 | int ret = 1, i, verbose = 0, Verbose = 0, use_supported = 0; |
0f113f3e | 95 | int stdname = 0; |
96509199 DSH |
96 | #ifndef OPENSSL_NO_PSK |
97 | int psk = 0; | |
1480b8a9 DSH |
98 | #endif |
99 | #ifndef OPENSSL_NO_SRP | |
100 | int srp = 0; | |
51b9115b | 101 | #endif |
0f113f3e | 102 | const char *p; |
f865b081 | 103 | char *ciphers = NULL, *prog, *convert = NULL, *ciphersuites = NULL; |
0f113f3e | 104 | char buf[512]; |
7e1b7485 | 105 | OPTION_CHOICE o; |
0d5301af | 106 | int min_version = 0, max_version = 0; |
7e1b7485 RS |
107 | |
108 | prog = opt_init(argc, argv, ciphers_options); | |
109 | while ((o = opt_next()) != OPT_EOF) { | |
110 | switch (o) { | |
111 | case OPT_EOF: | |
112 | case OPT_ERR: | |
113 | opthelp: | |
114 | BIO_printf(bio_err, "%s: Use -help for summary.\n", prog); | |
115 | goto end; | |
116 | case OPT_HELP: | |
117 | opt_help(ciphers_options); | |
118 | ret = 0; | |
119 | goto end; | |
120 | case OPT_V: | |
0f113f3e | 121 | verbose = 1; |
7e1b7485 RS |
122 | break; |
123 | case OPT_UPPER_V: | |
0f113f3e | 124 | verbose = Verbose = 1; |
7e1b7485 RS |
125 | break; |
126 | case OPT_S: | |
0f113f3e | 127 | use_supported = 1; |
7e1b7485 | 128 | break; |
7e1b7485 | 129 | case OPT_STDNAME: |
0f113f3e | 130 | stdname = verbose = 1; |
bbb4ceb8 PY |
131 | break; |
132 | case OPT_CONVERT: | |
133 | convert = opt_arg(); | |
9c3bcfa0 | 134 | break; |
7e1b7485 | 135 | case OPT_SSL3: |
0d5301af KR |
136 | min_version = SSL3_VERSION; |
137 | max_version = SSL3_VERSION; | |
9c3bcfa0 | 138 | break; |
7e1b7485 | 139 | case OPT_TLS1: |
0d5301af KR |
140 | min_version = TLS1_VERSION; |
141 | max_version = TLS1_VERSION; | |
0f113f3e | 142 | break; |
2a802c80 | 143 | case OPT_TLS1_1: |
0d5301af KR |
144 | min_version = TLS1_1_VERSION; |
145 | max_version = TLS1_1_VERSION; | |
2a802c80 DSH |
146 | break; |
147 | case OPT_TLS1_2: | |
0d5301af KR |
148 | min_version = TLS1_2_VERSION; |
149 | max_version = TLS1_2_VERSION; | |
2a802c80 | 150 | break; |
582a17d6 MC |
151 | case OPT_TLS1_3: |
152 | min_version = TLS1_3_VERSION; | |
153 | max_version = TLS1_3_VERSION; | |
154 | break; | |
96509199 DSH |
155 | case OPT_PSK: |
156 | #ifndef OPENSSL_NO_PSK | |
157 | psk = 1; | |
1480b8a9 | 158 | #endif |
a45dca66 | 159 | break; |
1480b8a9 DSH |
160 | case OPT_SRP: |
161 | #ifndef OPENSSL_NO_SRP | |
162 | srp = 1; | |
96509199 DSH |
163 | #endif |
164 | break; | |
f865b081 MC |
165 | case OPT_CIPHERSUITES: |
166 | ciphersuites = opt_arg(); | |
167 | break; | |
6bd4e3f2 P |
168 | case OPT_PROV_CASES: |
169 | if (!opt_provider(o)) | |
170 | goto end; | |
171 | break; | |
0f113f3e | 172 | } |
0f113f3e | 173 | } |
021410ea RS |
174 | |
175 | /* Optional arg is cipher name. */ | |
7e1b7485 | 176 | argv = opt_rest(); |
d9f07357 | 177 | if (opt_num_rest() == 1) |
021410ea | 178 | ciphers = argv[0]; |
d9f07357 | 179 | else if (!opt_check_rest_arg(NULL)) |
7e1b7485 | 180 | goto opthelp; |
0f113f3e | 181 | |
bbb4ceb8 PY |
182 | if (convert != NULL) { |
183 | BIO_printf(bio_out, "OpenSSL cipher name: %s\n", | |
184 | OPENSSL_cipher_name(convert)); | |
8b4e9c52 | 185 | ret = 0; |
bbb4ceb8 PY |
186 | goto end; |
187 | } | |
188 | ||
4ed38173 | 189 | ctx = SSL_CTX_new_ex(app_get0_libctx(), app_get0_propq(), meth); |
0f113f3e MC |
190 | if (ctx == NULL) |
191 | goto err; | |
0d5301af KR |
192 | if (SSL_CTX_set_min_proto_version(ctx, min_version) == 0) |
193 | goto err; | |
194 | if (SSL_CTX_set_max_proto_version(ctx, max_version) == 0) | |
195 | goto err; | |
196 | ||
96509199 DSH |
197 | #ifndef OPENSSL_NO_PSK |
198 | if (psk) | |
199 | SSL_CTX_set_psk_client_callback(ctx, dummy_psk); | |
1480b8a9 DSH |
200 | #endif |
201 | #ifndef OPENSSL_NO_SRP | |
202 | if (srp) | |
76cb077f | 203 | set_up_dummy_srp(ctx); |
96509199 | 204 | #endif |
f865b081 MC |
205 | |
206 | if (ciphersuites != NULL && !SSL_CTX_set_ciphersuites(ctx, ciphersuites)) { | |
207 | BIO_printf(bio_err, "Error setting TLSv1.3 ciphersuites\n"); | |
208 | goto err; | |
209 | } | |
210 | ||
0f113f3e MC |
211 | if (ciphers != NULL) { |
212 | if (!SSL_CTX_set_cipher_list(ctx, ciphers)) { | |
213 | BIO_printf(bio_err, "Error in cipher list\n"); | |
214 | goto err; | |
215 | } | |
216 | } | |
217 | ssl = SSL_new(ctx); | |
218 | if (ssl == NULL) | |
219 | goto err; | |
220 | ||
221 | if (use_supported) | |
222 | sk = SSL_get1_supported_ciphers(ssl); | |
223 | else | |
224 | sk = SSL_get_ciphers(ssl); | |
225 | ||
226 | if (!verbose) { | |
227 | for (i = 0; i < sk_SSL_CIPHER_num(sk); i++) { | |
4a640fb6 | 228 | const SSL_CIPHER *c = sk_SSL_CIPHER_value(sk, i); |
0f113f3e MC |
229 | p = SSL_CIPHER_get_name(c); |
230 | if (p == NULL) | |
231 | break; | |
232 | if (i != 0) | |
7e1b7485 RS |
233 | BIO_printf(bio_out, ":"); |
234 | BIO_printf(bio_out, "%s", p); | |
0f113f3e | 235 | } |
7e1b7485 RS |
236 | BIO_printf(bio_out, "\n"); |
237 | } else { | |
0f113f3e MC |
238 | |
239 | for (i = 0; i < sk_SSL_CIPHER_num(sk); i++) { | |
4a640fb6 | 240 | const SSL_CIPHER *c; |
0f113f3e MC |
241 | |
242 | c = sk_SSL_CIPHER_value(sk, i); | |
243 | ||
244 | if (Verbose) { | |
245 | unsigned long id = SSL_CIPHER_get_id(c); | |
246 | int id0 = (int)(id >> 24); | |
247 | int id1 = (int)((id >> 16) & 0xffL); | |
248 | int id2 = (int)((id >> 8) & 0xffL); | |
249 | int id3 = (int)(id & 0xffL); | |
250 | ||
7e1b7485 RS |
251 | if ((id & 0xff000000L) == 0x03000000L) |
252 | BIO_printf(bio_out, " 0x%02X,0x%02X - ", id2, id3); /* SSL3 | |
253 | * cipher */ | |
254 | else | |
255 | BIO_printf(bio_out, "0x%02X,0x%02X,0x%02X,0x%02X - ", id0, id1, id2, id3); /* whatever */ | |
0f113f3e | 256 | } |
0f113f3e MC |
257 | if (stdname) { |
258 | const char *nm = SSL_CIPHER_standard_name(c); | |
259 | if (nm == NULL) | |
260 | nm = "UNKNOWN"; | |
7817e74d | 261 | BIO_printf(bio_out, "%-45s - ", nm); |
0f113f3e | 262 | } |
cbe29648 | 263 | BIO_puts(bio_out, SSL_CIPHER_description(c, buf, sizeof(buf))); |
0f113f3e MC |
264 | } |
265 | } | |
266 | ||
267 | ret = 0; | |
7e1b7485 | 268 | goto end; |
0f113f3e | 269 | err: |
7e1b7485 | 270 | ERR_print_errors(bio_err); |
0f113f3e | 271 | end: |
25aaa98a | 272 | if (use_supported) |
0f113f3e | 273 | sk_SSL_CIPHER_free(sk); |
62adbcee RS |
274 | SSL_CTX_free(ctx); |
275 | SSL_free(ssl); | |
bbb4ceb8 | 276 | return ret; |
0f113f3e | 277 | } |