apps/ciphers.c

   1 /*
   2  * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
   3  *
   4  * Licensed under the OpenSSL license (the "License").  You may not use
   5  * this file except in compliance with the License.  You can obtain a copy
   6  * in the file LICENSE in the source distribution or at
   7  * https://www.openssl.org/source/license.html
   8  */
   9
  10 #include <stdio.h>
  11 #include <stdlib.h>
  12 #include <string.h>
  13 #include "apps.h"
  14 #include "progs.h"
  15 #include <openssl/err.h>
  16 #include <openssl/ssl.h>
  17
  18 typedef enum OPTION_choice {
  19     OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
  20     OPT_STDNAME,
  21     OPT_CONVERT,
  22     OPT_SSL3,
  23     OPT_TLS1,
  24     OPT_TLS1_1,
  25     OPT_TLS1_2,
  26     OPT_TLS1_3,
  27     OPT_PSK,
  28     OPT_SRP,
  29     OPT_V, OPT_UPPER_V, OPT_S
  30 } OPTION_CHOICE;
  31
  32 const OPTIONS ciphers_options[] = {
  33     {"help", OPT_HELP, '-', "Display this summary"},
  34     {"v", OPT_V, '-', "Verbose listing of the SSL/TLS ciphers"},
  35     {"V", OPT_UPPER_V, '-', "Even more verbose"},
  36     {"s", OPT_S, '-', "Only supported ciphers"},
  37 #ifndef OPENSSL_NO_SSL3
  38     {"ssl3", OPT_SSL3, '-', "SSL3 mode"},
  39 #endif
  40 #ifndef OPENSSL_NO_TLS1
  41     {"tls1", OPT_TLS1, '-', "TLS1 mode"},
  42 #endif
  43 #ifndef OPENSSL_NO_TLS1_1
  44     {"tls1_1", OPT_TLS1_1, '-', "TLS1.1 mode"},
  45 #endif
  46 #ifndef OPENSSL_NO_TLS1_2
  47     {"tls1_2", OPT_TLS1_2, '-', "TLS1.2 mode"},
  48 #endif
  49 #ifndef OPENSSL_NO_TLS1_3
  50     {"tls1_3", OPT_TLS1_3, '-', "TLS1.3 mode"},
  51 #endif
  52     {"stdname", OPT_STDNAME, '-', "Show standard cipher names"},
  53 #ifndef OPENSSL_NO_PSK
  54     {"psk", OPT_PSK, '-', "include ciphersuites requiring PSK"},
  55 #endif
  56 #ifndef OPENSSL_NO_SRP
  57     {"srp", OPT_SRP, '-', "include ciphersuites requiring SRP"},
  58 #endif
  59     {"convert", OPT_CONVERT, 's', "Convert standard name into OpenSSL name"},
  60     {NULL}
  61 };
  62
  63 #ifndef OPENSSL_NO_PSK
  64 static unsigned int dummy_psk(SSL *ssl, const char *hint, char *identity,
  65                               unsigned int max_identity_len,
  66                               unsigned char *psk,
  67                               unsigned int max_psk_len)
  68 {
  69     return 0;
  70 }
  71 #endif
  72 #ifndef OPENSSL_NO_SRP
  73 static char *dummy_srp(SSL *ssl, void *arg)
  74 {
  75     return "";
  76 }
  77 #endif
  78
  79 int ciphers_main(int argc, char **argv)
  80 {
  81     SSL_CTX *ctx = NULL;
  82     SSL *ssl = NULL;
  83     STACK_OF(SSL_CIPHER) *sk = NULL;
  84     const SSL_METHOD *meth = TLS_server_method();
  85     int ret = 1, i, verbose = 0, Verbose = 0, use_supported = 0;
  86     int stdname = 0;
  87 #ifndef OPENSSL_NO_PSK
  88     int psk = 0;
  89 #endif
  90 #ifndef OPENSSL_NO_SRP
  91     int srp = 0;
  92 #endif
  93     const char *p;
  94     char *ciphers = NULL, *prog, *convert = NULL;
  95     char buf[512];
  96     OPTION_CHOICE o;
  97     int min_version = 0, max_version = 0;
  98
  99     prog = opt_init(argc, argv, ciphers_options);
 100     while ((o = opt_next()) != OPT_EOF) {
 101         switch (o) {
 102         case OPT_EOF:
 103         case OPT_ERR:
 104  opthelp:
 105             BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
 106             goto end;
 107         case OPT_HELP:
 108             opt_help(ciphers_options);
 109             ret = 0;
 110             goto end;
 111         case OPT_V:
 112             verbose = 1;
 113             break;
 114         case OPT_UPPER_V:
 115             verbose = Verbose = 1;
 116             break;
 117         case OPT_S:
 118             use_supported = 1;
 119             break;
 120         case OPT_STDNAME:
 121             stdname = verbose = 1;
 122             break;
 123         case OPT_CONVERT:
 124             convert = opt_arg();
 125             break;
 126         case OPT_SSL3:
 127             min_version = SSL3_VERSION;
 128             max_version = SSL3_VERSION;
 129             break;
 130         case OPT_TLS1:
 131             min_version = TLS1_VERSION;
 132             max_version = TLS1_VERSION;
 133             break;
 134         case OPT_TLS1_1:
 135             min_version = TLS1_1_VERSION;
 136             max_version = TLS1_1_VERSION;
 137             break;
 138         case OPT_TLS1_2:
 139             min_version = TLS1_2_VERSION;
 140             max_version = TLS1_2_VERSION;
 141             break;
 142         case OPT_TLS1_3:
 143             min_version = TLS1_3_VERSION;
 144             max_version = TLS1_3_VERSION;
 145             break;
 146         case OPT_PSK:
 147 #ifndef OPENSSL_NO_PSK
 148             psk = 1;
 149 #endif
 150             break;
 151         case OPT_SRP:
 152 #ifndef OPENSSL_NO_SRP
 153             srp = 1;
 154 #endif
 155             break;
 156         }
 157     }
 158     argv = opt_rest();
 159     argc = opt_num_rest();
 160
 161     if (argc == 1)
 162         ciphers = *argv;
 163     else if (argc != 0)
 164         goto opthelp;
 165
 166     if (convert != NULL) {
 167         BIO_printf(bio_out, "OpenSSL cipher name: %s\n",
 168                    OPENSSL_cipher_name(convert));
 169         goto end;
 170     }
 171
 172     ctx = SSL_CTX_new(meth);
 173     if (ctx == NULL)
 174         goto err;
 175     if (SSL_CTX_set_min_proto_version(ctx, min_version) == 0)
 176         goto err;
 177     if (SSL_CTX_set_max_proto_version(ctx, max_version) == 0)
 178         goto err;
 179
 180 #ifndef OPENSSL_NO_PSK
 181     if (psk)
 182         SSL_CTX_set_psk_client_callback(ctx, dummy_psk);
 183 #endif
 184 #ifndef OPENSSL_NO_SRP
 185     if (srp)
 186         SSL_CTX_set_srp_client_pwd_callback(ctx, dummy_srp);
 187 #endif
 188     if (ciphers != NULL) {
 189         if (!SSL_CTX_set_cipher_list(ctx, ciphers)) {
 190             BIO_printf(bio_err, "Error in cipher list\n");
 191             goto err;
 192         }
 193     }
 194     ssl = SSL_new(ctx);
 195     if (ssl == NULL)
 196         goto err;
 197
 198     if (use_supported)
 199         sk = SSL_get1_supported_ciphers(ssl);
 200     else
 201         sk = SSL_get_ciphers(ssl);
 202
 203     if (!verbose) {
 204         for (i = 0; i < sk_SSL_CIPHER_num(sk); i++) {
 205             const SSL_CIPHER *c = sk_SSL_CIPHER_value(sk, i);
 206             p = SSL_CIPHER_get_name(c);
 207             if (p == NULL)
 208                 break;
 209             if (i != 0)
 210                 BIO_printf(bio_out, ":");
 211             BIO_printf(bio_out, "%s", p);
 212         }
 213         BIO_printf(bio_out, "\n");
 214     } else {
 215
 216         for (i = 0; i < sk_SSL_CIPHER_num(sk); i++) {
 217             const SSL_CIPHER *c;
 218
 219             c = sk_SSL_CIPHER_value(sk, i);
 220
 221             if (Verbose) {
 222                 unsigned long id = SSL_CIPHER_get_id(c);
 223                 int id0 = (int)(id >> 24);
 224                 int id1 = (int)((id >> 16) & 0xffL);
 225                 int id2 = (int)((id >> 8) & 0xffL);
 226                 int id3 = (int)(id & 0xffL);
 227
 228                 if ((id & 0xff000000L) == 0x03000000L)
 229                     BIO_printf(bio_out, "          0x%02X,0x%02X - ", id2, id3); /* SSL3
 230                                                                                   * cipher */
 231                 else
 232                     BIO_printf(bio_out, "0x%02X,0x%02X,0x%02X,0x%02X - ", id0, id1, id2, id3); /* whatever */
 233             }
 234             if (stdname) {
 235                 const char *nm = SSL_CIPHER_standard_name(c);
 236                 if (nm == NULL)
 237                     nm = "UNKNOWN";
 238                 BIO_printf(bio_out, "%s - ", nm);
 239             }
 240             BIO_puts(bio_out, SSL_CIPHER_description(c, buf, sizeof(buf)));
 241         }
 242     }
 243
 244     ret = 0;
 245     goto end;
 246  err:
 247     ERR_print_errors(bio_err);
 248  end:
 249     if (use_supported)
 250         sk_SSL_CIPHER_free(sk);
 251     SSL_CTX_free(ctx);
 252     SSL_free(ssl);
 253     return ret;
 254 }