Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
freebsd
GitHub Repository: freebsd/freebsd-src
 Path: blob/main/crypto/openssl/apps/ciphers.c
34870 views
1
/*

2
 * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.

3
 *

4
 * Licensed under the Apache License 2.0 (the "License").  You may not use

5
 * this file except in compliance with the License.  You can obtain a copy

6
 * in the file LICENSE in the source distribution or at

7
 * https://www.openssl.org/source/license.html

8
 */

9


10
#include <stdio.h>

11
#include <stdlib.h>

12
#include <string.h>

13
#include "apps.h"

14
#include "progs.h"

15
#include <openssl/err.h>

16
#include <openssl/ssl.h>

17
#include "s_apps.h"

18


19
typedef enum OPTION_choice {

20
    OPT_COMMON,

21
    OPT_STDNAME,

22
    OPT_CONVERT,

23
    OPT_SSL3,

24
    OPT_TLS1,

25
    OPT_TLS1_1,

26
    OPT_TLS1_2,

27
    OPT_TLS1_3,

28
    OPT_PSK,

29
    OPT_SRP,

30
    OPT_CIPHERSUITES,

31
    OPT_V, OPT_UPPER_V, OPT_S, OPT_PROV_ENUM

32
} OPTION_CHOICE;

33


34
const OPTIONS ciphers_options[] = {

35
    {OPT_HELP_STR, 1, '-', "Usage: %s [options] [cipher]\n"},

36


37
    OPT_SECTION("General"),

38
    {"help", OPT_HELP, '-', "Display this summary"},

39


40
    OPT_SECTION("Output"),

41
    {"v", OPT_V, '-', "Verbose listing of the SSL/TLS ciphers"},

42
    {"V", OPT_UPPER_V, '-', "Even more verbose"},

43
    {"stdname", OPT_STDNAME, '-', "Show standard cipher names"},

44
    {"convert", OPT_CONVERT, 's', "Convert standard name into OpenSSL name"},

45


46
    OPT_SECTION("Cipher specification"),

47
    {"s", OPT_S, '-', "Only supported ciphers"},

48
#ifndef OPENSSL_NO_SSL3

49
    {"ssl3", OPT_SSL3, '-', "Ciphers compatible with SSL3"},

50
#endif

51
#ifndef OPENSSL_NO_TLS1

52
    {"tls1", OPT_TLS1, '-', "Ciphers compatible with TLS1"},

53
#endif

54
#ifndef OPENSSL_NO_TLS1_1

55
    {"tls1_1", OPT_TLS1_1, '-', "Ciphers compatible with TLS1.1"},

56
#endif

57
#ifndef OPENSSL_NO_TLS1_2

58
    {"tls1_2", OPT_TLS1_2, '-', "Ciphers compatible with TLS1.2"},

59
#endif

60
#ifndef OPENSSL_NO_TLS1_3

61
    {"tls1_3", OPT_TLS1_3, '-', "Ciphers compatible with TLS1.3"},

62
#endif

63
#ifndef OPENSSL_NO_PSK

64
    {"psk", OPT_PSK, '-', "Include ciphersuites requiring PSK"},

65
#endif

66
#ifndef OPENSSL_NO_SRP

67
    {"srp", OPT_SRP, '-', "(deprecated) Include ciphersuites requiring SRP"},

68
#endif

69
    {"ciphersuites", OPT_CIPHERSUITES, 's',

70
     "Configure the TLSv1.3 ciphersuites to use"},

71
    OPT_PROV_OPTIONS,

72


73
    OPT_PARAMETERS(),

74
    {"cipher", 0, 0, "Cipher string to decode (optional)"},

75
    {NULL}

76
};

77


78
#ifndef OPENSSL_NO_PSK

79
static unsigned int dummy_psk(SSL *ssl, const char *hint, char *identity,

80
                              unsigned int max_identity_len,

81
                              unsigned char *psk,

82
                              unsigned int max_psk_len)

83
{

84
    return 0;

85
}

86
#endif

87


88
int ciphers_main(int argc, char **argv)

89
{

90
    SSL_CTX *ctx = NULL;

91
    SSL *ssl = NULL;

92
    STACK_OF(SSL_CIPHER) *sk = NULL;

93
    const SSL_METHOD *meth = TLS_server_method();

94
    int ret = 1, i, verbose = 0, Verbose = 0, use_supported = 0;

95
    int stdname = 0;

96
#ifndef OPENSSL_NO_PSK

97
    int psk = 0;

98
#endif

99
#ifndef OPENSSL_NO_SRP

100
    int srp = 0;

101
#endif

102
    const char *p;

103
    char *ciphers = NULL, *prog, *convert = NULL, *ciphersuites = NULL;

104
    char buf[512];

105
    OPTION_CHOICE o;

106
    int min_version = 0, max_version = 0;

107


108
    prog = opt_init(argc, argv, ciphers_options);

109
    while ((o = opt_next()) != OPT_EOF) {

110
        switch (o) {

111
        case OPT_EOF:

112
        case OPT_ERR:

113
 opthelp:

114
            BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);

115
            goto end;

116
        case OPT_HELP:

117
            opt_help(ciphers_options);

118
            ret = 0;

119
            goto end;

120
        case OPT_V:

121
            verbose = 1;

122
            break;

123
        case OPT_UPPER_V:

124
            verbose = Verbose = 1;

125
            break;

126
        case OPT_S:

127
            use_supported = 1;

128
            break;

129
        case OPT_STDNAME:

130
            stdname = verbose = 1;

131
            break;

132
        case OPT_CONVERT:

133
            convert = opt_arg();

134
            break;

135
        case OPT_SSL3:

136
            min_version = SSL3_VERSION;

137
            max_version = SSL3_VERSION;

138
            break;

139
        case OPT_TLS1:

140
            min_version = TLS1_VERSION;

141
            max_version = TLS1_VERSION;

142
            break;

143
        case OPT_TLS1_1:

144
            min_version = TLS1_1_VERSION;

145
            max_version = TLS1_1_VERSION;

146
            break;

147
        case OPT_TLS1_2:

148
            min_version = TLS1_2_VERSION;

149
            max_version = TLS1_2_VERSION;

150
            break;

151
        case OPT_TLS1_3:

152
            min_version = TLS1_3_VERSION;

153
            max_version = TLS1_3_VERSION;

154
            break;

155
        case OPT_PSK:

156
#ifndef OPENSSL_NO_PSK

157
            psk = 1;

158
#endif

159
            break;

160
        case OPT_SRP:

161
#ifndef OPENSSL_NO_SRP

162
            srp = 1;

163
#endif

164
            break;

165
        case OPT_CIPHERSUITES:

166
            ciphersuites = opt_arg();

167
            break;

168
        case OPT_PROV_CASES:

169
            if (!opt_provider(o))

170
                goto end;

171
            break;

172
        }

173
    }

174


175
    /* Optional arg is cipher name. */

176
    argv = opt_rest();

177
    if (opt_num_rest() == 1)

178
        ciphers = argv[0];

179
    else if (!opt_check_rest_arg(NULL))

180
        goto opthelp;

181


182
    if (convert != NULL) {

183
        BIO_printf(bio_out, "OpenSSL cipher name: %s\n",

184
                   OPENSSL_cipher_name(convert));

185
        ret = 0;

186
        goto end;

187
    }

188


189
    ctx = SSL_CTX_new_ex(app_get0_libctx(), app_get0_propq(), meth);

190
    if (ctx == NULL)

191
        goto err;

192
    if (SSL_CTX_set_min_proto_version(ctx, min_version) == 0)

193
        goto err;

194
    if (SSL_CTX_set_max_proto_version(ctx, max_version) == 0)

195
        goto err;

196


197
#ifndef OPENSSL_NO_PSK

198
    if (psk)

199
        SSL_CTX_set_psk_client_callback(ctx, dummy_psk);

200
#endif

201
#ifndef OPENSSL_NO_SRP

202
    if (srp)

203
        set_up_dummy_srp(ctx);

204
#endif

205


206
    if (ciphersuites != NULL && !SSL_CTX_set_ciphersuites(ctx, ciphersuites)) {

207
        BIO_printf(bio_err, "Error setting TLSv1.3 ciphersuites\n");

208
        goto err;

209
    }

210


211
    if (ciphers != NULL) {

212
        if (!SSL_CTX_set_cipher_list(ctx, ciphers)) {

213
            BIO_printf(bio_err, "Error in cipher list\n");

214
            goto err;

215
        }

216
    }

217
    ssl = SSL_new(ctx);

218
    if (ssl == NULL)

219
        goto err;

220


221
    if (use_supported)

222
        sk = SSL_get1_supported_ciphers(ssl);

223
    else

224
        sk = SSL_get_ciphers(ssl);

225


226
    if (!verbose) {

227
        for (i = 0; i < sk_SSL_CIPHER_num(sk); i++) {

228
            const SSL_CIPHER *c = sk_SSL_CIPHER_value(sk, i);

229


230
            if (!ossl_assert(c != NULL))

231
                continue;

232


233
            p = SSL_CIPHER_get_name(c);

234
            if (p == NULL)

235
                break;

236
            if (i != 0)

237
                BIO_printf(bio_out, ":");

238
            BIO_printf(bio_out, "%s", p);

239
        }

240
        BIO_printf(bio_out, "\n");

241
    } else {

242


243
        for (i = 0; i < sk_SSL_CIPHER_num(sk); i++) {

244
            const SSL_CIPHER *c;

245


246
            c = sk_SSL_CIPHER_value(sk, i);

247


248
            if (!ossl_assert(c != NULL))

249
                continue;

250


251
            if (Verbose) {

252
                unsigned long id = SSL_CIPHER_get_id(c);

253
                int id0 = (int)(id >> 24);

254
                int id1 = (int)((id >> 16) & 0xffL);

255
                int id2 = (int)((id >> 8) & 0xffL);

256
                int id3 = (int)(id & 0xffL);

257


258
                if ((id & 0xff000000L) == 0x03000000L)

259
                    BIO_printf(bio_out, "          0x%02X,0x%02X - ", id2, id3); /* SSL3

260
                                                                                  * cipher */

261
                else

262
                    BIO_printf(bio_out, "0x%02X,0x%02X,0x%02X,0x%02X - ", id0, id1, id2, id3); /* whatever */

263
            }

264
            if (stdname) {

265
                const char *nm = SSL_CIPHER_standard_name(c);

266
                if (nm == NULL)

267
                    nm = "UNKNOWN";

268
                BIO_printf(bio_out, "%-45s - ", nm);

269
            }

270
            BIO_puts(bio_out, SSL_CIPHER_description(c, buf, sizeof(buf)));

271
        }

272
    }

273


274
    ret = 0;

275
    goto end;

276
 err:

277
    ERR_print_errors(bio_err);

278
 end:

279
    if (use_supported)

280
        sk_SSL_CIPHER_free(sk);

281
    SSL_CTX_free(ctx);

282
    SSL_free(ssl);

283
    return ret;

284
}

285


286