Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
freebsd
GitHub Repository: freebsd/freebsd-src
 Path: blob/main/crypto/openssl/apps/ciphers.c
104660 views
1
/*

2
 * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.

3
 *

4
 * Licensed under the Apache License 2.0 (the "License").  You may not use

5
 * this file except in compliance with the License.  You can obtain a copy

6
 * in the file LICENSE in the source distribution or at

7
 * https://www.openssl.org/source/license.html

8
 */

9


10
#include <stdio.h>

11
#include <stdlib.h>

12
#include <string.h>

13
#include "apps.h"

14
#include "progs.h"

15
#include <openssl/err.h>

16
#include <openssl/ssl.h>

17
#include "s_apps.h"

18


19
typedef enum OPTION_choice {

20
    OPT_COMMON,

21
    OPT_STDNAME,

22
    OPT_CONVERT,

23
    OPT_SSL3,

24
    OPT_TLS1,

25
    OPT_TLS1_1,

26
    OPT_TLS1_2,

27
    OPT_TLS1_3,

28
    OPT_PSK,

29
    OPT_SRP,

30
    OPT_CIPHERSUITES,

31
    OPT_V,

32
    OPT_UPPER_V,

33
    OPT_S,

34
    OPT_PROV_ENUM

35
} OPTION_CHOICE;

36


37
const OPTIONS ciphers_options[] = {

38
    { OPT_HELP_STR, 1, '-', "Usage: %s [options] [cipher]\n" },

39


40
    OPT_SECTION("General"),

41
    { "help", OPT_HELP, '-', "Display this summary" },

42


43
    OPT_SECTION("Output"),

44
    { "v", OPT_V, '-', "Verbose listing of the SSL/TLS ciphers" },

45
    { "V", OPT_UPPER_V, '-', "Even more verbose" },

46
    { "stdname", OPT_STDNAME, '-', "Show standard cipher names" },

47
    { "convert", OPT_CONVERT, 's', "Convert standard name into OpenSSL name" },

48


49
    OPT_SECTION("Cipher specification"),

50
    { "s", OPT_S, '-', "Only supported ciphers" },

51
#ifndef OPENSSL_NO_SSL3

52
    { "ssl3", OPT_SSL3, '-', "Ciphers compatible with SSL3" },

53
#endif

54
#ifndef OPENSSL_NO_TLS1

55
    { "tls1", OPT_TLS1, '-', "Ciphers compatible with TLS1" },

56
#endif

57
#ifndef OPENSSL_NO_TLS1_1

58
    { "tls1_1", OPT_TLS1_1, '-', "Ciphers compatible with TLS1.1" },

59
#endif

60
#ifndef OPENSSL_NO_TLS1_2

61
    { "tls1_2", OPT_TLS1_2, '-', "Ciphers compatible with TLS1.2" },

62
#endif

63
#ifndef OPENSSL_NO_TLS1_3

64
    { "tls1_3", OPT_TLS1_3, '-', "Ciphers compatible with TLS1.3" },

65
#endif

66
#ifndef OPENSSL_NO_PSK

67
    { "psk", OPT_PSK, '-', "Include ciphersuites requiring PSK" },

68
#endif

69
#ifndef OPENSSL_NO_SRP

70
    { "srp", OPT_SRP, '-', "(deprecated) Include ciphersuites requiring SRP" },

71
#endif

72
    { "ciphersuites", OPT_CIPHERSUITES, 's',

73
        "Configure the TLSv1.3 ciphersuites to use" },

74
    OPT_PROV_OPTIONS,

75


76
    OPT_PARAMETERS(),

77
    { "cipher", 0, 0, "Cipher string to decode (optional)" },

78
    { NULL }

79
};

80


81
#ifndef OPENSSL_NO_PSK

82
static unsigned int dummy_psk(SSL *ssl, const char *hint, char *identity,

83
    unsigned int max_identity_len,

84
    unsigned char *psk,

85
    unsigned int max_psk_len)

86
{

87
    return 0;

88
}

89
#endif

90


91
int ciphers_main(int argc, char **argv)

92
{

93
    SSL_CTX *ctx = NULL;

94
    SSL *ssl = NULL;

95
    STACK_OF(SSL_CIPHER) *sk = NULL;

96
    const SSL_METHOD *meth = TLS_server_method();

97
    int ret = 1, i, verbose = 0, Verbose = 0, use_supported = 0;

98
    int stdname = 0;

99
#ifndef OPENSSL_NO_PSK

100
    int psk = 0;

101
#endif

102
#ifndef OPENSSL_NO_SRP

103
    int srp = 0;

104
#endif

105
    const char *p;

106
    char *ciphers = NULL, *prog, *convert = NULL, *ciphersuites = NULL;

107
    char buf[512];

108
    OPTION_CHOICE o;

109
    int min_version = 0, max_version = 0;

110


111
    prog = opt_init(argc, argv, ciphers_options);

112
    while ((o = opt_next()) != OPT_EOF) {

113
        switch (o) {

114
        case OPT_EOF:

115
        case OPT_ERR:

116
        opthelp:

117
            BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);

118
            goto end;

119
        case OPT_HELP:

120
            opt_help(ciphers_options);

121
            ret = 0;

122
            goto end;

123
        case OPT_V:

124
            verbose = 1;

125
            break;

126
        case OPT_UPPER_V:

127
            verbose = Verbose = 1;

128
            break;

129
        case OPT_S:

130
            use_supported = 1;

131
            break;

132
        case OPT_STDNAME:

133
            stdname = verbose = 1;

134
            break;

135
        case OPT_CONVERT:

136
            convert = opt_arg();

137
            break;

138
        case OPT_SSL3:

139
            min_version = SSL3_VERSION;

140
            max_version = SSL3_VERSION;

141
            break;

142
        case OPT_TLS1:

143
            min_version = TLS1_VERSION;

144
            max_version = TLS1_VERSION;

145
            break;

146
        case OPT_TLS1_1:

147
            min_version = TLS1_1_VERSION;

148
            max_version = TLS1_1_VERSION;

149
            break;

150
        case OPT_TLS1_2:

151
            min_version = TLS1_2_VERSION;

152
            max_version = TLS1_2_VERSION;

153
            break;

154
        case OPT_TLS1_3:

155
            min_version = TLS1_3_VERSION;

156
            max_version = TLS1_3_VERSION;

157
            break;

158
        case OPT_PSK:

159
#ifndef OPENSSL_NO_PSK

160
            psk = 1;

161
#endif

162
            break;

163
        case OPT_SRP:

164
#ifndef OPENSSL_NO_SRP

165
            srp = 1;

166
#endif

167
            break;

168
        case OPT_CIPHERSUITES:

169
            ciphersuites = opt_arg();

170
            break;

171
        case OPT_PROV_CASES:

172
            if (!opt_provider(o))

173
                goto end;

174
            break;

175
        }

176
    }

177


178
    /* Optional arg is cipher name. */

179
    argv = opt_rest();

180
    if (opt_num_rest() == 1)

181
        ciphers = argv[0];

182
    else if (!opt_check_rest_arg(NULL))

183
        goto opthelp;

184


185
    if (convert != NULL) {

186
        BIO_printf(bio_out, "OpenSSL cipher name: %s\n",

187
            OPENSSL_cipher_name(convert));

188
        ret = 0;

189
        goto end;

190
    }

191


192
    ctx = SSL_CTX_new_ex(app_get0_libctx(), app_get0_propq(), meth);

193
    if (ctx == NULL)

194
        goto err;

195
    if (SSL_CTX_set_min_proto_version(ctx, min_version) == 0)

196
        goto err;

197
    if (SSL_CTX_set_max_proto_version(ctx, max_version) == 0)

198
        goto err;

199


200
#ifndef OPENSSL_NO_PSK

201
    if (psk)

202
        SSL_CTX_set_psk_client_callback(ctx, dummy_psk);

203
#endif

204
#ifndef OPENSSL_NO_SRP

205
    if (srp)

206
        set_up_dummy_srp(ctx);

207
#endif

208


209
    if (ciphersuites != NULL && !SSL_CTX_set_ciphersuites(ctx, ciphersuites)) {

210
        BIO_printf(bio_err, "Error setting TLSv1.3 ciphersuites\n");

211
        goto err;

212
    }

213


214
    if (ciphers != NULL) {

215
        if (!SSL_CTX_set_cipher_list(ctx, ciphers)) {

216
            BIO_printf(bio_err, "Error in cipher list\n");

217
            goto err;

218
        }

219
    }

220
    ssl = SSL_new(ctx);

221
    if (ssl == NULL)

222
        goto err;

223


224
    if (use_supported)

225
        sk = SSL_get1_supported_ciphers(ssl);

226
    else

227
        sk = SSL_get_ciphers(ssl);

228


229
    if (!verbose) {

230
        for (i = 0; i < sk_SSL_CIPHER_num(sk); i++) {

231
            const SSL_CIPHER *c = sk_SSL_CIPHER_value(sk, i);

232


233
            if (!ossl_assert(c != NULL))

234
                continue;

235


236
            p = SSL_CIPHER_get_name(c);

237
            if (p == NULL)

238
                break;

239
            if (i != 0)

240
                BIO_printf(bio_out, ":");

241
            BIO_printf(bio_out, "%s", p);

242
        }

243
        BIO_printf(bio_out, "\n");

244
    } else {

245


246
        for (i = 0; i < sk_SSL_CIPHER_num(sk); i++) {

247
            const SSL_CIPHER *c;

248


249
            c = sk_SSL_CIPHER_value(sk, i);

250


251
            if (!ossl_assert(c != NULL))

252
                continue;

253


254
            if (Verbose) {

255
                unsigned long id = SSL_CIPHER_get_id(c);

256
                int id0 = (int)(id >> 24);

257
                int id1 = (int)((id >> 16) & 0xffL);

258
                int id2 = (int)((id >> 8) & 0xffL);

259
                int id3 = (int)(id & 0xffL);

260


261
                if ((id & 0xff000000L) == 0x03000000L)

262
                    BIO_printf(bio_out, "          0x%02X,0x%02X - ", id2, id3); /* SSL3

263
                                                                                  * cipher */

264
                else

265
                    BIO_printf(bio_out, "0x%02X,0x%02X,0x%02X,0x%02X - ", id0, id1, id2, id3); /* whatever */

266
            }

267
            if (stdname) {

268
                const char *nm = SSL_CIPHER_standard_name(c);

269
                if (nm == NULL)

270
                    nm = "UNKNOWN";

271
                BIO_printf(bio_out, "%-45s - ", nm);

272
            }

273
            BIO_puts(bio_out, SSL_CIPHER_description(c, buf, sizeof(buf)));

274
        }

275
    }

276


277
    ret = 0;

278
    goto end;

279
err:

280
    ERR_print_errors(bio_err);

281
end:

282
    if (use_supported)

283
        sk_SSL_CIPHER_free(sk);

284
    SSL_CTX_free(ctx);

285
    SSL_free(ssl);

286
    return ret;

287
}

288


289