Tree - source-git/openssl - CentOS Git server

source-git / openssl

Blame apps/ciphers.c

Blob History Raw

Packit	c4476c	`/*`
Packit	c4476c	`* Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.`
Packit	c4476c	`*`
Packit	c4476c	`* Licensed under the OpenSSL license (the "License"). You may not use`
Packit	c4476c	`* this file except in compliance with the License. You can obtain a copy`
Packit	c4476c	`* in the file LICENSE in the source distribution or at`
Packit	c4476c	`* https://www.openssl.org/source/license.html`
Packit	c4476c	`*/`
Packit	c4476c
Packit	c4476c	`#include <stdio.h>`
Packit	c4476c	`#include <stdlib.h>`
Packit	c4476c	`#include <string.h>`
Packit	c4476c	`#include "apps.h"`
Packit	c4476c	`#include "progs.h"`
Packit	c4476c	`#include <openssl/err.h>`
Packit	c4476c	`#include <openssl/ssl.h>`
Packit	c4476c
Packit	c4476c	`typedef enum OPTION_choice {`
Packit	c4476c	`OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,`
Packit	c4476c	`OPT_STDNAME,`
Packit	c4476c	`OPT_CONVERT,`
Packit	c4476c	`OPT_SSL3,`
Packit	c4476c	`OPT_TLS1,`
Packit	c4476c	`OPT_TLS1_1,`
Packit	c4476c	`OPT_TLS1_2,`
Packit	c4476c	`OPT_TLS1_3,`
Packit	c4476c	`OPT_PSK,`
Packit	c4476c	`OPT_SRP,`
Packit	c4476c	`OPT_CIPHERSUITES,`
Packit	c4476c	`OPT_V, OPT_UPPER_V, OPT_S`
Packit	c4476c	`} OPTION_CHOICE;`
Packit	c4476c
Packit	c4476c	`const OPTIONS ciphers_options[] = {`
Packit	c4476c	`{"help", OPT_HELP, '-', "Display this summary"},`
Packit	c4476c	`{"v", OPT_V, '-', "Verbose listing of the SSL/TLS ciphers"},`
Packit	c4476c	`{"V", OPT_UPPER_V, '-', "Even more verbose"},`
Packit	c4476c	`{"s", OPT_S, '-', "Only supported ciphers"},`
Packit	c4476c	`#ifndef OPENSSL_NO_SSL3`
Packit	c4476c	`{"ssl3", OPT_SSL3, '-', "SSL3 mode"},`
Packit	c4476c	`#endif`
Packit	c4476c	`#ifndef OPENSSL_NO_TLS1`
Packit	c4476c	`{"tls1", OPT_TLS1, '-', "TLS1 mode"},`
Packit	c4476c	`#endif`
Packit	c4476c	`#ifndef OPENSSL_NO_TLS1_1`
Packit	c4476c	`{"tls1_1", OPT_TLS1_1, '-', "TLS1.1 mode"},`
Packit	c4476c	`#endif`
Packit	c4476c	`#ifndef OPENSSL_NO_TLS1_2`
Packit	c4476c	`{"tls1_2", OPT_TLS1_2, '-', "TLS1.2 mode"},`
Packit	c4476c	`#endif`
Packit	c4476c	`#ifndef OPENSSL_NO_TLS1_3`
Packit	c4476c	`{"tls1_3", OPT_TLS1_3, '-', "TLS1.3 mode"},`
Packit	c4476c	`#endif`
Packit	c4476c	`{"stdname", OPT_STDNAME, '-', "Show standard cipher names"},`
Packit	c4476c	`#ifndef OPENSSL_NO_PSK`
Packit	c4476c	`{"psk", OPT_PSK, '-', "include ciphersuites requiring PSK"},`
Packit	c4476c	`#endif`
Packit	c4476c	`#ifndef OPENSSL_NO_SRP`
Packit	c4476c	`{"srp", OPT_SRP, '-', "include ciphersuites requiring SRP"},`
Packit	c4476c	`#endif`
Packit	c4476c	`{"convert", OPT_CONVERT, 's', "Convert standard name into OpenSSL name"},`
Packit	c4476c	`{"ciphersuites", OPT_CIPHERSUITES, 's',`
Packit	c4476c	`"Configure the TLSv1.3 ciphersuites to use"},`
Packit	c4476c	`{NULL}`
Packit	c4476c	`};`
Packit	c4476c
Packit	c4476c	`#ifndef OPENSSL_NO_PSK`
Packit	c4476c	`static unsigned int dummy_psk(SSL ssl, const char hint, char *identity,`
Packit	c4476c	`unsigned int max_identity_len,`
Packit	c4476c	`unsigned char *psk,`
Packit	c4476c	`unsigned int max_psk_len)`
Packit	c4476c	`{`
Packit	c4476c	`return 0;`
Packit	c4476c	`}`
Packit	c4476c	`#endif`
Packit	c4476c	`#ifndef OPENSSL_NO_SRP`
Packit	c4476c	`static char dummy_srp(SSL ssl, void *arg)`
Packit	c4476c	`{`
Packit	c4476c	`return "";`
Packit	c4476c	`}`
Packit	c4476c	`#endif`
Packit	c4476c
Packit	c4476c	`int ciphers_main(int argc, char **argv)`
Packit	c4476c	`{`
Packit	c4476c	`SSL_CTX *ctx = NULL;`
Packit	c4476c	`SSL *ssl = NULL;`
Packit	c4476c	`STACK_OF(SSL_CIPHER) *sk = NULL;`
Packit	c4476c	`const SSL_METHOD *meth = TLS_server_method();`
Packit	c4476c	`int ret = 1, i, verbose = 0, Verbose = 0, use_supported = 0;`
Packit	c4476c	`int stdname = 0;`
Packit	c4476c	`#ifndef OPENSSL_NO_PSK`
Packit	c4476c	`int psk = 0;`
Packit	c4476c	`#endif`
Packit	c4476c	`#ifndef OPENSSL_NO_SRP`
Packit	c4476c	`int srp = 0;`
Packit	c4476c	`#endif`
Packit	c4476c	`const char *p;`
Packit	c4476c	`char ciphers = NULL, prog, convert = NULL, ciphersuites = NULL;`
Packit	c4476c	`char buf[512];`
Packit	c4476c	`OPTION_CHOICE o;`
Packit	c4476c	`int min_version = 0, max_version = 0;`
Packit	c4476c
Packit	c4476c	`prog = opt_init(argc, argv, ciphers_options);`
Packit	c4476c	`while ((o = opt_next()) != OPT_EOF) {`
Packit	c4476c	`switch (o) {`
Packit	c4476c	`case OPT_EOF:`
Packit	c4476c	`case OPT_ERR:`
Packit	c4476c	`opthelp:`
Packit	c4476c	`BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);`
Packit	c4476c	`goto end;`
Packit	c4476c	`case OPT_HELP:`
Packit	c4476c	`opt_help(ciphers_options);`
Packit	c4476c	`ret = 0;`
Packit	c4476c	`goto end;`
Packit	c4476c	`case OPT_V:`
Packit	c4476c	`verbose = 1;`
Packit	c4476c	`break;`
Packit	c4476c	`case OPT_UPPER_V:`
Packit	c4476c	`verbose = Verbose = 1;`
Packit	c4476c	`break;`
Packit	c4476c	`case OPT_S:`
Packit	c4476c	`use_supported = 1;`
Packit	c4476c	`break;`
Packit	c4476c	`case OPT_STDNAME:`
Packit	c4476c	`stdname = verbose = 1;`
Packit	c4476c	`break;`
Packit	c4476c	`case OPT_CONVERT:`
Packit	c4476c	`convert = opt_arg();`
Packit	c4476c	`break;`
Packit	c4476c	`case OPT_SSL3:`
Packit	c4476c	`min_version = SSL3_VERSION;`
Packit	c4476c	`max_version = SSL3_VERSION;`
Packit	c4476c	`break;`
Packit	c4476c	`case OPT_TLS1:`
Packit	c4476c	`min_version = TLS1_VERSION;`
Packit	c4476c	`max_version = TLS1_VERSION;`
Packit	c4476c	`break;`
Packit	c4476c	`case OPT_TLS1_1:`
Packit	c4476c	`min_version = TLS1_1_VERSION;`
Packit	c4476c	`max_version = TLS1_1_VERSION;`
Packit	c4476c	`break;`
Packit	c4476c	`case OPT_TLS1_2:`
Packit	c4476c	`min_version = TLS1_2_VERSION;`
Packit	c4476c	`max_version = TLS1_2_VERSION;`
Packit	c4476c	`break;`
Packit	c4476c	`case OPT_TLS1_3:`
Packit	c4476c	`min_version = TLS1_3_VERSION;`
Packit	c4476c	`max_version = TLS1_3_VERSION;`
Packit	c4476c	`break;`
Packit	c4476c	`case OPT_PSK:`
Packit	c4476c	`#ifndef OPENSSL_NO_PSK`
Packit	c4476c	`psk = 1;`
Packit	c4476c	`#endif`
Packit	c4476c	`break;`
Packit	c4476c	`case OPT_SRP:`
Packit	c4476c	`#ifndef OPENSSL_NO_SRP`
Packit	c4476c	`srp = 1;`
Packit	c4476c	`#endif`
Packit	c4476c	`break;`
Packit	c4476c	`case OPT_CIPHERSUITES:`
Packit	c4476c	`ciphersuites = opt_arg();`
Packit	c4476c	`break;`
Packit	c4476c	`}`
Packit	c4476c	`}`
Packit	c4476c	`argv = opt_rest();`
Packit	c4476c	`argc = opt_num_rest();`
Packit	c4476c
Packit	c4476c	`if (argc == 1)`
Packit	c4476c	`ciphers = *argv;`
Packit	c4476c	`else if (argc != 0)`
Packit	c4476c	`goto opthelp;`
Packit	c4476c
Packit	c4476c	`if (convert != NULL) {`
Packit	c4476c	`BIO_printf(bio_out, "OpenSSL cipher name: %s\n",`
Packit	c4476c	`OPENSSL_cipher_name(convert));`
Packit	c4476c	`goto end;`
Packit	c4476c	`}`
Packit	c4476c
Packit	c4476c	`ctx = SSL_CTX_new(meth);`
Packit	c4476c	`if (ctx == NULL)`
Packit	c4476c	`goto err;`
Packit	c4476c	`if (SSL_CTX_set_min_proto_version(ctx, min_version) == 0)`
Packit	c4476c	`goto err;`
Packit	c4476c	`if (SSL_CTX_set_max_proto_version(ctx, max_version) == 0)`
Packit	c4476c	`goto err;`
Packit	c4476c
Packit	c4476c	`#ifndef OPENSSL_NO_PSK`
Packit	c4476c	`if (psk)`
Packit	c4476c	`SSL_CTX_set_psk_client_callback(ctx, dummy_psk);`
Packit	c4476c	`#endif`
Packit	c4476c	`#ifndef OPENSSL_NO_SRP`
Packit	c4476c	`if (srp)`
Packit	c4476c	`SSL_CTX_set_srp_client_pwd_callback(ctx, dummy_srp);`
Packit	c4476c	`#endif`
Packit	c4476c
Packit	c4476c	`if (ciphersuites != NULL && !SSL_CTX_set_ciphersuites(ctx, ciphersuites)) {`
Packit	c4476c	`BIO_printf(bio_err, "Error setting TLSv1.3 ciphersuites\n");`
Packit	c4476c	`goto err;`
Packit	c4476c	`}`
Packit	c4476c
Packit	c4476c	`if (ciphers != NULL) {`
Packit	c4476c	`if (!SSL_CTX_set_cipher_list(ctx, ciphers)) {`
Packit	c4476c	`BIO_printf(bio_err, "Error in cipher list\n");`
Packit	c4476c	`goto err;`
Packit	c4476c	`}`
Packit	c4476c	`}`
Packit	c4476c	`ssl = SSL_new(ctx);`
Packit	c4476c	`if (ssl == NULL)`
Packit	c4476c	`goto err;`
Packit	c4476c
Packit	c4476c	`if (use_supported)`
Packit	c4476c	`sk = SSL_get1_supported_ciphers(ssl);`
Packit	c4476c	`else`
Packit	c4476c	`sk = SSL_get_ciphers(ssl);`
Packit	c4476c
Packit	c4476c	`if (!verbose) {`
Packit	c4476c	`for (i = 0; i < sk_SSL_CIPHER_num(sk); i++) {`
Packit	c4476c	`const SSL_CIPHER *c = sk_SSL_CIPHER_value(sk, i);`
Packit	c4476c	`p = SSL_CIPHER_get_name(c);`
Packit	c4476c	`if (p == NULL)`
Packit	c4476c	`break;`
Packit	c4476c	`if (i != 0)`
Packit	c4476c	`BIO_printf(bio_out, ":");`
Packit	c4476c	`BIO_printf(bio_out, "%s", p);`
Packit	c4476c	`}`
Packit	c4476c	`BIO_printf(bio_out, "\n");`
Packit	c4476c	`} else {`
Packit	c4476c
Packit	c4476c	`for (i = 0; i < sk_SSL_CIPHER_num(sk); i++) {`
Packit	c4476c	`const SSL_CIPHER *c;`
Packit	c4476c
Packit	c4476c	`c = sk_SSL_CIPHER_value(sk, i);`
Packit	c4476c
Packit	c4476c	`if (Verbose) {`
Packit	c4476c	`unsigned long id = SSL_CIPHER_get_id(c);`
Packit	c4476c	`int id0 = (int)(id >> 24);`
Packit	c4476c	`int id1 = (int)((id >> 16) & 0xffL);`
Packit	c4476c	`int id2 = (int)((id >> 8) & 0xffL);`
Packit	c4476c	`int id3 = (int)(id & 0xffL);`
Packit	c4476c
Packit	c4476c	`if ((id & 0xff000000L) == 0x03000000L)`
Packit	c4476c	`BIO_printf(bio_out, " 0x%02X,0x%02X - ", id2, id3); /* SSL3`
Packit	c4476c	`* cipher */`
Packit	c4476c	`else`
Packit	c4476c	`BIO_printf(bio_out, "0x%02X,0x%02X,0x%02X,0x%02X - ", id0, id1, id2, id3); /* whatever */`
Packit	c4476c	`}`
Packit	c4476c	`if (stdname) {`
Packit	c4476c	`const char *nm = SSL_CIPHER_standard_name(c);`
Packit	c4476c	`if (nm == NULL)`
Packit	c4476c	`nm = "UNKNOWN";`
Packit	c4476c	`BIO_printf(bio_out, "%s - ", nm);`
Packit	c4476c	`}`
Packit	c4476c	`BIO_puts(bio_out, SSL_CIPHER_description(c, buf, sizeof(buf)));`
Packit	c4476c	`}`
Packit	c4476c	`}`
Packit	c4476c
Packit	c4476c	`ret = 0;`
Packit	c4476c	`goto end;`
Packit	c4476c	`err:`
Packit	c4476c	`ERR_print_errors(bio_err);`
Packit	c4476c	`end:`
Packit	c4476c	`if (use_supported)`
Packit	c4476c	`sk_SSL_CIPHER_free(sk);`
Packit	c4476c	`SSL_CTX_free(ctx);`
Packit	c4476c	`SSL_free(ssl);`
Packit	c4476c	`return ret;`
Packit	c4476c	`}`

source-git / openssl

Source Code

Blame apps/ciphers.c