1 | /*
|
---|
2 | * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
|
---|
3 | *
|
---|
4 | * Licensed under the OpenSSL license (the "License"). You may not use
|
---|
5 | * this file except in compliance with the License. You can obtain a copy
|
---|
6 | * in the file LICENSE in the source distribution or at
|
---|
7 | * https://www.openssl.org/source/license.html
|
---|
8 | */
|
---|
9 |
|
---|
10 | #include <stdio.h>
|
---|
11 | #include <stdlib.h>
|
---|
12 | #include <string.h>
|
---|
13 | #include "apps.h"
|
---|
14 | #include <openssl/err.h>
|
---|
15 | #include <openssl/ssl.h>
|
---|
16 |
|
---|
17 | typedef enum OPTION_choice {
|
---|
18 | OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
|
---|
19 | OPT_STDNAME,
|
---|
20 | OPT_SSL3,
|
---|
21 | OPT_TLS1,
|
---|
22 | OPT_TLS1_1,
|
---|
23 | OPT_TLS1_2,
|
---|
24 | OPT_PSK,
|
---|
25 | OPT_SRP,
|
---|
26 | OPT_V, OPT_UPPER_V, OPT_S
|
---|
27 | } OPTION_CHOICE;
|
---|
28 |
|
---|
29 | OPTIONS ciphers_options[] = {
|
---|
30 | {"help", OPT_HELP, '-', "Display this summary"},
|
---|
31 | {"v", OPT_V, '-', "Verbose listing of the SSL/TLS ciphers"},
|
---|
32 | {"V", OPT_UPPER_V, '-', "Even more verbose"},
|
---|
33 | {"s", OPT_S, '-', "Only supported ciphers"},
|
---|
34 | #ifndef OPENSSL_NO_SSL3
|
---|
35 | {"ssl3", OPT_SSL3, '-', "SSL3 mode"},
|
---|
36 | #endif
|
---|
37 | #ifndef OPENSSL_NO_TLS1
|
---|
38 | {"tls1", OPT_TLS1, '-', "TLS1 mode"},
|
---|
39 | #endif
|
---|
40 | #ifndef OPENSSL_NO_TLS1_1
|
---|
41 | {"tls1_1", OPT_TLS1_1, '-', "TLS1.1 mode"},
|
---|
42 | #endif
|
---|
43 | #ifndef OPENSSL_NO_TLS1_2
|
---|
44 | {"tls1_2", OPT_TLS1_2, '-', "TLS1.2 mode"},
|
---|
45 | #endif
|
---|
46 | #ifndef OPENSSL_NO_SSL_TRACE
|
---|
47 | {"stdname", OPT_STDNAME, '-', "Show standard cipher names"},
|
---|
48 | #endif
|
---|
49 | #ifndef OPENSSL_NO_PSK
|
---|
50 | {"psk", OPT_PSK, '-', "include ciphersuites requiring PSK"},
|
---|
51 | #endif
|
---|
52 | #ifndef OPENSSL_NO_SRP
|
---|
53 | {"srp", OPT_SRP, '-', "include ciphersuites requiring SRP"},
|
---|
54 | #endif
|
---|
55 | {NULL}
|
---|
56 | };
|
---|
57 |
|
---|
58 | #ifndef OPENSSL_NO_PSK
|
---|
59 | static unsigned int dummy_psk(SSL *ssl, const char *hint, char *identity,
|
---|
60 | unsigned int max_identity_len,
|
---|
61 | unsigned char *psk,
|
---|
62 | unsigned int max_psk_len)
|
---|
63 | {
|
---|
64 | return 0;
|
---|
65 | }
|
---|
66 | #endif
|
---|
67 | #ifndef OPENSSL_NO_SRP
|
---|
68 | static char *dummy_srp(SSL *ssl, void *arg)
|
---|
69 | {
|
---|
70 | return "";
|
---|
71 | }
|
---|
72 | #endif
|
---|
73 |
|
---|
74 | int ciphers_main(int argc, char **argv)
|
---|
75 | {
|
---|
76 | SSL_CTX *ctx = NULL;
|
---|
77 | SSL *ssl = NULL;
|
---|
78 | STACK_OF(SSL_CIPHER) *sk = NULL;
|
---|
79 | const SSL_METHOD *meth = TLS_server_method();
|
---|
80 | int ret = 1, i, verbose = 0, Verbose = 0, use_supported = 0;
|
---|
81 | #ifndef OPENSSL_NO_SSL_TRACE
|
---|
82 | int stdname = 0;
|
---|
83 | #endif
|
---|
84 | #ifndef OPENSSL_NO_PSK
|
---|
85 | int psk = 0;
|
---|
86 | #endif
|
---|
87 | #ifndef OPENSSL_NO_SRP
|
---|
88 | int srp = 0;
|
---|
89 | #endif
|
---|
90 | const char *p;
|
---|
91 | char *ciphers = NULL, *prog;
|
---|
92 | char buf[512];
|
---|
93 | OPTION_CHOICE o;
|
---|
94 | int min_version = 0, max_version = 0;
|
---|
95 |
|
---|
96 | prog = opt_init(argc, argv, ciphers_options);
|
---|
97 | while ((o = opt_next()) != OPT_EOF) {
|
---|
98 | switch (o) {
|
---|
99 | case OPT_EOF:
|
---|
100 | case OPT_ERR:
|
---|
101 | opthelp:
|
---|
102 | BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
|
---|
103 | goto end;
|
---|
104 | case OPT_HELP:
|
---|
105 | opt_help(ciphers_options);
|
---|
106 | ret = 0;
|
---|
107 | goto end;
|
---|
108 | case OPT_V:
|
---|
109 | verbose = 1;
|
---|
110 | break;
|
---|
111 | case OPT_UPPER_V:
|
---|
112 | verbose = Verbose = 1;
|
---|
113 | break;
|
---|
114 | case OPT_S:
|
---|
115 | use_supported = 1;
|
---|
116 | break;
|
---|
117 | case OPT_STDNAME:
|
---|
118 | #ifndef OPENSSL_NO_SSL_TRACE
|
---|
119 | stdname = verbose = 1;
|
---|
120 | #endif
|
---|
121 | break;
|
---|
122 | case OPT_SSL3:
|
---|
123 | min_version = SSL3_VERSION;
|
---|
124 | max_version = SSL3_VERSION;
|
---|
125 | break;
|
---|
126 | case OPT_TLS1:
|
---|
127 | min_version = TLS1_VERSION;
|
---|
128 | max_version = TLS1_VERSION;
|
---|
129 | break;
|
---|
130 | case OPT_TLS1_1:
|
---|
131 | min_version = TLS1_1_VERSION;
|
---|
132 | max_version = TLS1_1_VERSION;
|
---|
133 | break;
|
---|
134 | case OPT_TLS1_2:
|
---|
135 | min_version = TLS1_2_VERSION;
|
---|
136 | max_version = TLS1_2_VERSION;
|
---|
137 | break;
|
---|
138 | case OPT_PSK:
|
---|
139 | #ifndef OPENSSL_NO_PSK
|
---|
140 | psk = 1;
|
---|
141 | #endif
|
---|
142 | break;
|
---|
143 | case OPT_SRP:
|
---|
144 | #ifndef OPENSSL_NO_SRP
|
---|
145 | srp = 1;
|
---|
146 | #endif
|
---|
147 | break;
|
---|
148 | }
|
---|
149 | }
|
---|
150 | argv = opt_rest();
|
---|
151 | argc = opt_num_rest();
|
---|
152 |
|
---|
153 | if (argc == 1)
|
---|
154 | ciphers = *argv;
|
---|
155 | else if (argc != 0)
|
---|
156 | goto opthelp;
|
---|
157 |
|
---|
158 | ctx = SSL_CTX_new(meth);
|
---|
159 | if (ctx == NULL)
|
---|
160 | goto err;
|
---|
161 | if (SSL_CTX_set_min_proto_version(ctx, min_version) == 0)
|
---|
162 | goto err;
|
---|
163 | if (SSL_CTX_set_max_proto_version(ctx, max_version) == 0)
|
---|
164 | goto err;
|
---|
165 |
|
---|
166 | #ifndef OPENSSL_NO_PSK
|
---|
167 | if (psk)
|
---|
168 | SSL_CTX_set_psk_client_callback(ctx, dummy_psk);
|
---|
169 | #endif
|
---|
170 | #ifndef OPENSSL_NO_SRP
|
---|
171 | if (srp)
|
---|
172 | SSL_CTX_set_srp_client_pwd_callback(ctx, dummy_srp);
|
---|
173 | #endif
|
---|
174 | if (ciphers != NULL) {
|
---|
175 | if (!SSL_CTX_set_cipher_list(ctx, ciphers)) {
|
---|
176 | BIO_printf(bio_err, "Error in cipher list\n");
|
---|
177 | goto err;
|
---|
178 | }
|
---|
179 | }
|
---|
180 | ssl = SSL_new(ctx);
|
---|
181 | if (ssl == NULL)
|
---|
182 | goto err;
|
---|
183 |
|
---|
184 | if (use_supported)
|
---|
185 | sk = SSL_get1_supported_ciphers(ssl);
|
---|
186 | else
|
---|
187 | sk = SSL_get_ciphers(ssl);
|
---|
188 |
|
---|
189 | if (!verbose) {
|
---|
190 | for (i = 0; i < sk_SSL_CIPHER_num(sk); i++) {
|
---|
191 | const SSL_CIPHER *c = sk_SSL_CIPHER_value(sk, i);
|
---|
192 | p = SSL_CIPHER_get_name(c);
|
---|
193 | if (p == NULL)
|
---|
194 | break;
|
---|
195 | if (i != 0)
|
---|
196 | BIO_printf(bio_out, ":");
|
---|
197 | BIO_printf(bio_out, "%s", p);
|
---|
198 | }
|
---|
199 | BIO_printf(bio_out, "\n");
|
---|
200 | } else {
|
---|
201 |
|
---|
202 | for (i = 0; i < sk_SSL_CIPHER_num(sk); i++) {
|
---|
203 | const SSL_CIPHER *c;
|
---|
204 |
|
---|
205 | c = sk_SSL_CIPHER_value(sk, i);
|
---|
206 |
|
---|
207 | if (Verbose) {
|
---|
208 | unsigned long id = SSL_CIPHER_get_id(c);
|
---|
209 | int id0 = (int)(id >> 24);
|
---|
210 | int id1 = (int)((id >> 16) & 0xffL);
|
---|
211 | int id2 = (int)((id >> 8) & 0xffL);
|
---|
212 | int id3 = (int)(id & 0xffL);
|
---|
213 |
|
---|
214 | if ((id & 0xff000000L) == 0x03000000L)
|
---|
215 | BIO_printf(bio_out, " 0x%02X,0x%02X - ", id2, id3); /* SSL3
|
---|
216 | * cipher */
|
---|
217 | else
|
---|
218 | BIO_printf(bio_out, "0x%02X,0x%02X,0x%02X,0x%02X - ", id0, id1, id2, id3); /* whatever */
|
---|
219 | }
|
---|
220 | #ifndef OPENSSL_NO_SSL_TRACE
|
---|
221 | if (stdname) {
|
---|
222 | const char *nm = SSL_CIPHER_standard_name(c);
|
---|
223 | if (nm == NULL)
|
---|
224 | nm = "UNKNOWN";
|
---|
225 | BIO_printf(bio_out, "%s - ", nm);
|
---|
226 | }
|
---|
227 | #endif
|
---|
228 | BIO_puts(bio_out, SSL_CIPHER_description(c, buf, sizeof buf));
|
---|
229 | }
|
---|
230 | }
|
---|
231 |
|
---|
232 | ret = 0;
|
---|
233 | goto end;
|
---|
234 | err:
|
---|
235 | ERR_print_errors(bio_err);
|
---|
236 | end:
|
---|
237 | if (use_supported)
|
---|
238 | sk_SSL_CIPHER_free(sk);
|
---|
239 | SSL_CTX_free(ctx);
|
---|
240 | SSL_free(ssl);
|
---|
241 | return (ret);
|
---|
242 | }
|
---|