ciphers.c 7.2 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266
  1. /*
  2. * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
  3. *
  4. * Licensed under the Apache License 2.0 (the "License"). You may not use
  5. * this file except in compliance with the License. You can obtain a copy
  6. * in the file LICENSE in the source distribution or at
  7. * https://www.openssl.org/source/license.html
  8. */
  9. #include <stdio.h>
  10. #include <stdlib.h>
  11. #include <string.h>
  12. #include "apps.h"
  13. #include "progs.h"
  14. #include <openssl/err.h>
  15. #include <openssl/ssl.h>
  16. typedef enum OPTION_choice {
  17. OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
  18. OPT_STDNAME,
  19. OPT_CONVERT,
  20. OPT_SSL3,
  21. OPT_TLS1,
  22. OPT_TLS1_1,
  23. OPT_TLS1_2,
  24. OPT_TLS1_3,
  25. OPT_PSK,
  26. OPT_SRP,
  27. OPT_CIPHERSUITES,
  28. OPT_V, OPT_UPPER_V, OPT_S
  29. } OPTION_CHOICE;
  30. const OPTIONS ciphers_options[] = {
  31. {"help", OPT_HELP, '-', "Display this summary"},
  32. {"v", OPT_V, '-', "Verbose listing of the SSL/TLS ciphers"},
  33. {"V", OPT_UPPER_V, '-', "Even more verbose"},
  34. {"s", OPT_S, '-', "Only supported ciphers"},
  35. #ifndef OPENSSL_NO_SSL3
  36. {"ssl3", OPT_SSL3, '-', "SSL3 mode"},
  37. #endif
  38. #ifndef OPENSSL_NO_TLS1
  39. {"tls1", OPT_TLS1, '-', "TLS1 mode"},
  40. #endif
  41. #ifndef OPENSSL_NO_TLS1_1
  42. {"tls1_1", OPT_TLS1_1, '-', "TLS1.1 mode"},
  43. #endif
  44. #ifndef OPENSSL_NO_TLS1_2
  45. {"tls1_2", OPT_TLS1_2, '-', "TLS1.2 mode"},
  46. #endif
  47. #ifndef OPENSSL_NO_TLS1_3
  48. {"tls1_3", OPT_TLS1_3, '-', "TLS1.3 mode"},
  49. #endif
  50. {"stdname", OPT_STDNAME, '-', "Show standard cipher names"},
  51. #ifndef OPENSSL_NO_PSK
  52. {"psk", OPT_PSK, '-', "include ciphersuites requiring PSK"},
  53. #endif
  54. #ifndef OPENSSL_NO_SRP
  55. {"srp", OPT_SRP, '-', "include ciphersuites requiring SRP"},
  56. #endif
  57. {"convert", OPT_CONVERT, 's', "Convert standard name into OpenSSL name"},
  58. {"ciphersuites", OPT_CIPHERSUITES, 's',
  59. "Configure the TLSv1.3 ciphersuites to use"},
  60. {NULL}
  61. };
  62. #ifndef OPENSSL_NO_PSK
  63. static unsigned int dummy_psk(SSL *ssl, const char *hint, char *identity,
  64. unsigned int max_identity_len,
  65. unsigned char *psk,
  66. unsigned int max_psk_len)
  67. {
  68. return 0;
  69. }
  70. #endif
  71. #ifndef OPENSSL_NO_SRP
  72. static char *dummy_srp(SSL *ssl, void *arg)
  73. {
  74. return "";
  75. }
  76. #endif
  77. int ciphers_main(int argc, char **argv)
  78. {
  79. SSL_CTX *ctx = NULL;
  80. SSL *ssl = NULL;
  81. STACK_OF(SSL_CIPHER) *sk = NULL;
  82. const SSL_METHOD *meth = TLS_server_method();
  83. int ret = 1, i, verbose = 0, Verbose = 0, use_supported = 0;
  84. int stdname = 0;
  85. #ifndef OPENSSL_NO_PSK
  86. int psk = 0;
  87. #endif
  88. #ifndef OPENSSL_NO_SRP
  89. int srp = 0;
  90. #endif
  91. const char *p;
  92. char *ciphers = NULL, *prog, *convert = NULL, *ciphersuites = NULL;
  93. char buf[512];
  94. OPTION_CHOICE o;
  95. int min_version = 0, max_version = 0;
  96. prog = opt_init(argc, argv, ciphers_options);
  97. while ((o = opt_next()) != OPT_EOF) {
  98. switch (o) {
  99. case OPT_EOF:
  100. case OPT_ERR:
  101. opthelp:
  102. BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
  103. goto end;
  104. case OPT_HELP:
  105. opt_help(ciphers_options);
  106. ret = 0;
  107. goto end;
  108. case OPT_V:
  109. verbose = 1;
  110. break;
  111. case OPT_UPPER_V:
  112. verbose = Verbose = 1;
  113. break;
  114. case OPT_S:
  115. use_supported = 1;
  116. break;
  117. case OPT_STDNAME:
  118. stdname = verbose = 1;
  119. break;
  120. case OPT_CONVERT:
  121. convert = opt_arg();
  122. break;
  123. case OPT_SSL3:
  124. min_version = SSL3_VERSION;
  125. max_version = SSL3_VERSION;
  126. break;
  127. case OPT_TLS1:
  128. min_version = TLS1_VERSION;
  129. max_version = TLS1_VERSION;
  130. break;
  131. case OPT_TLS1_1:
  132. min_version = TLS1_1_VERSION;
  133. max_version = TLS1_1_VERSION;
  134. break;
  135. case OPT_TLS1_2:
  136. min_version = TLS1_2_VERSION;
  137. max_version = TLS1_2_VERSION;
  138. break;
  139. case OPT_TLS1_3:
  140. min_version = TLS1_3_VERSION;
  141. max_version = TLS1_3_VERSION;
  142. break;
  143. case OPT_PSK:
  144. #ifndef OPENSSL_NO_PSK
  145. psk = 1;
  146. #endif
  147. break;
  148. case OPT_SRP:
  149. #ifndef OPENSSL_NO_SRP
  150. srp = 1;
  151. #endif
  152. break;
  153. case OPT_CIPHERSUITES:
  154. ciphersuites = opt_arg();
  155. break;
  156. }
  157. }
  158. argv = opt_rest();
  159. argc = opt_num_rest();
  160. if (argc == 1)
  161. ciphers = *argv;
  162. else if (argc != 0)
  163. goto opthelp;
  164. if (convert != NULL) {
  165. BIO_printf(bio_out, "OpenSSL cipher name: %s\n",
  166. OPENSSL_cipher_name(convert));
  167. goto end;
  168. }
  169. ctx = SSL_CTX_new(meth);
  170. if (ctx == NULL)
  171. goto err;
  172. if (SSL_CTX_set_min_proto_version(ctx, min_version) == 0)
  173. goto err;
  174. if (SSL_CTX_set_max_proto_version(ctx, max_version) == 0)
  175. goto err;
  176. #ifndef OPENSSL_NO_PSK
  177. if (psk)
  178. SSL_CTX_set_psk_client_callback(ctx, dummy_psk);
  179. #endif
  180. #ifndef OPENSSL_NO_SRP
  181. if (srp)
  182. SSL_CTX_set_srp_client_pwd_callback(ctx, dummy_srp);
  183. #endif
  184. if (ciphersuites != NULL && !SSL_CTX_set_ciphersuites(ctx, ciphersuites)) {
  185. BIO_printf(bio_err, "Error setting TLSv1.3 ciphersuites\n");
  186. goto err;
  187. }
  188. if (ciphers != NULL) {
  189. if (!SSL_CTX_set_cipher_list(ctx, ciphers)) {
  190. BIO_printf(bio_err, "Error in cipher list\n");
  191. goto err;
  192. }
  193. }
  194. ssl = SSL_new(ctx);
  195. if (ssl == NULL)
  196. goto err;
  197. if (use_supported)
  198. sk = SSL_get1_supported_ciphers(ssl);
  199. else
  200. sk = SSL_get_ciphers(ssl);
  201. if (!verbose) {
  202. for (i = 0; i < sk_SSL_CIPHER_num(sk); i++) {
  203. const SSL_CIPHER *c = sk_SSL_CIPHER_value(sk, i);
  204. p = SSL_CIPHER_get_name(c);
  205. if (p == NULL)
  206. break;
  207. if (i != 0)
  208. BIO_printf(bio_out, ":");
  209. BIO_printf(bio_out, "%s", p);
  210. }
  211. BIO_printf(bio_out, "\n");
  212. } else {
  213. for (i = 0; i < sk_SSL_CIPHER_num(sk); i++) {
  214. const SSL_CIPHER *c;
  215. c = sk_SSL_CIPHER_value(sk, i);
  216. if (Verbose) {
  217. unsigned long id = SSL_CIPHER_get_id(c);
  218. int id0 = (int)(id >> 24);
  219. int id1 = (int)((id >> 16) & 0xffL);
  220. int id2 = (int)((id >> 8) & 0xffL);
  221. int id3 = (int)(id & 0xffL);
  222. if ((id & 0xff000000L) == 0x03000000L)
  223. BIO_printf(bio_out, " 0x%02X,0x%02X - ", id2, id3); /* SSL3
  224. * cipher */
  225. else
  226. BIO_printf(bio_out, "0x%02X,0x%02X,0x%02X,0x%02X - ", id0, id1, id2, id3); /* whatever */
  227. }
  228. if (stdname) {
  229. const char *nm = SSL_CIPHER_standard_name(c);
  230. if (nm == NULL)
  231. nm = "UNKNOWN";
  232. BIO_printf(bio_out, "%-45s - ", nm);
  233. }
  234. BIO_puts(bio_out, SSL_CIPHER_description(c, buf, sizeof(buf)));
  235. }
  236. }
  237. ret = 0;
  238. goto end;
  239. err:
  240. ERR_print_errors(bio_err);
  241. end:
  242. if (use_supported)
  243. sk_SSL_CIPHER_free(sk);
  244. SSL_CTX_free(ctx);
  245. SSL_free(ssl);
  246. return ret;
  247. }