1 1.1.1.2 christos /* 2 1.1.1.2 christos * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. 3 1.1 christos * 4 1.1.1.2 christos * Licensed under the OpenSSL license (the "License"). You may not use 5 1.1.1.2 christos * this file except in compliance with the License. You can obtain a copy 6 1.1.1.2 christos * in the file LICENSE in the source distribution or at 7 1.1.1.2 christos * https://www.openssl.org/source/license.html 8 1.1 christos */ 9 1.1 christos 10 1.1 christos #include <stdio.h> 11 1.1 christos #include <stdlib.h> 12 1.1 christos #include <string.h> 13 1.1 christos #include "apps.h" 14 1.1.1.2 christos #include "progs.h" 15 1.1 christos #include <openssl/err.h> 16 1.1 christos #include <openssl/ssl.h> 17 1.1 christos 18 1.1.1.2 christos typedef enum OPTION_choice { 19 1.1.1.2 christos OPT_ERR = -1, OPT_EOF = 0, OPT_HELP, 20 1.1.1.2 christos OPT_STDNAME, 21 1.1.1.2 christos OPT_CONVERT, 22 1.1.1.2 christos OPT_SSL3, 23 1.1.1.2 christos OPT_TLS1, 24 1.1.1.2 christos OPT_TLS1_1, 25 1.1.1.2 christos OPT_TLS1_2, 26 1.1.1.2 christos OPT_TLS1_3, 27 1.1.1.2 christos OPT_PSK, 28 1.1.1.2 christos OPT_SRP, 29 1.1.1.2 christos OPT_CIPHERSUITES, 30 1.1.1.2 christos OPT_V, OPT_UPPER_V, OPT_S 31 1.1.1.2 christos } OPTION_CHOICE; 32 1.1.1.2 christos 33 1.1.1.2 christos const OPTIONS ciphers_options[] = { 34 1.1.1.2 christos {"help", OPT_HELP, '-', "Display this summary"}, 35 1.1.1.2 christos {"v", OPT_V, '-', "Verbose listing of the SSL/TLS ciphers"}, 36 1.1.1.2 christos {"V", OPT_UPPER_V, '-', "Even more verbose"}, 37 1.1.1.2 christos {"s", OPT_S, '-', "Only supported ciphers"}, 38 1.1.1.2 christos #ifndef OPENSSL_NO_SSL3 39 1.1.1.2 christos {"ssl3", OPT_SSL3, '-', "SSL3 mode"}, 40 1.1.1.2 christos #endif 41 1.1.1.2 christos #ifndef OPENSSL_NO_TLS1 42 1.1.1.2 christos {"tls1", OPT_TLS1, '-', "TLS1 mode"}, 43 1.1.1.2 christos #endif 44 1.1.1.2 christos #ifndef OPENSSL_NO_TLS1_1 45 1.1.1.2 christos {"tls1_1", OPT_TLS1_1, '-', "TLS1.1 mode"}, 46 1.1.1.2 christos #endif 47 1.1.1.2 christos #ifndef OPENSSL_NO_TLS1_2 48 1.1.1.2 christos {"tls1_2", OPT_TLS1_2, '-', "TLS1.2 mode"}, 49 1.1.1.2 christos #endif 50 1.1.1.2 christos #ifndef OPENSSL_NO_TLS1_3 51 1.1.1.2 christos {"tls1_3", OPT_TLS1_3, '-', "TLS1.3 mode"}, 52 1.1.1.2 christos #endif 53 1.1.1.2 christos {"stdname", OPT_STDNAME, '-', "Show standard cipher names"}, 54 1.1.1.2 christos #ifndef OPENSSL_NO_PSK 55 1.1.1.2 christos {"psk", OPT_PSK, '-', "include ciphersuites requiring PSK"}, 56 1.1.1.2 christos #endif 57 1.1.1.2 christos #ifndef OPENSSL_NO_SRP 58 1.1.1.2 christos {"srp", OPT_SRP, '-', "include ciphersuites requiring SRP"}, 59 1.1.1.2 christos #endif 60 1.1.1.2 christos {"convert", OPT_CONVERT, 's', "Convert standard name into OpenSSL name"}, 61 1.1.1.2 christos {"ciphersuites", OPT_CIPHERSUITES, 's', 62 1.1.1.2 christos "Configure the TLSv1.3 ciphersuites to use"}, 63 1.1.1.2 christos {NULL} 64 1.1 christos }; 65 1.1 christos 66 1.1.1.2 christos #ifndef OPENSSL_NO_PSK 67 1.1.1.2 christos static unsigned int dummy_psk(SSL *ssl, const char *hint, char *identity, 68 1.1.1.2 christos unsigned int max_identity_len, 69 1.1.1.2 christos unsigned char *psk, 70 1.1.1.2 christos unsigned int max_psk_len) 71 1.1.1.2 christos { 72 1.1.1.2 christos return 0; 73 1.1.1.2 christos } 74 1.1.1.2 christos #endif 75 1.1.1.2 christos #ifndef OPENSSL_NO_SRP 76 1.1.1.2 christos static char *dummy_srp(SSL *ssl, void *arg) 77 1.1.1.2 christos { 78 1.1.1.2 christos return ""; 79 1.1.1.2 christos } 80 1.1.1.2 christos #endif 81 1.1 christos 82 1.1.1.2 christos int ciphers_main(int argc, char **argv) 83 1.1 christos { 84 1.1.1.2 christos SSL_CTX *ctx = NULL; 85 1.1.1.2 christos SSL *ssl = NULL; 86 1.1.1.2 christos STACK_OF(SSL_CIPHER) *sk = NULL; 87 1.1.1.2 christos const SSL_METHOD *meth = TLS_server_method(); 88 1.1.1.2 christos int ret = 1, i, verbose = 0, Verbose = 0, use_supported = 0; 89 1.1 christos int stdname = 0; 90 1.1.1.2 christos #ifndef OPENSSL_NO_PSK 91 1.1.1.2 christos int psk = 0; 92 1.1.1.2 christos #endif 93 1.1.1.2 christos #ifndef OPENSSL_NO_SRP 94 1.1.1.2 christos int srp = 0; 95 1.1 christos #endif 96 1.1 christos const char *p; 97 1.1.1.2 christos char *ciphers = NULL, *prog, *convert = NULL, *ciphersuites = NULL; 98 1.1 christos char buf[512]; 99 1.1.1.2 christos OPTION_CHOICE o; 100 1.1.1.2 christos int min_version = 0, max_version = 0; 101 1.1 christos 102 1.1.1.2 christos prog = opt_init(argc, argv, ciphers_options); 103 1.1.1.2 christos while ((o = opt_next()) != OPT_EOF) { 104 1.1.1.2 christos switch (o) { 105 1.1.1.2 christos case OPT_EOF: 106 1.1.1.2 christos case OPT_ERR: 107 1.1.1.2 christos opthelp: 108 1.1.1.2 christos BIO_printf(bio_err, "%s: Use -help for summary.\n", prog); 109 1.1.1.2 christos goto end; 110 1.1.1.2 christos case OPT_HELP: 111 1.1.1.2 christos opt_help(ciphers_options); 112 1.1.1.2 christos ret = 0; 113 1.1.1.2 christos goto end; 114 1.1.1.2 christos case OPT_V: 115 1.1 christos verbose = 1; 116 1.1.1.2 christos break; 117 1.1.1.2 christos case OPT_UPPER_V: 118 1.1 christos verbose = Verbose = 1; 119 1.1.1.2 christos break; 120 1.1.1.2 christos case OPT_S: 121 1.1.1.2 christos use_supported = 1; 122 1.1.1.2 christos break; 123 1.1.1.2 christos case OPT_STDNAME: 124 1.1 christos stdname = verbose = 1; 125 1.1.1.2 christos break; 126 1.1.1.2 christos case OPT_CONVERT: 127 1.1.1.2 christos convert = opt_arg(); 128 1.1.1.2 christos break; 129 1.1.1.2 christos case OPT_SSL3: 130 1.1.1.2 christos min_version = SSL3_VERSION; 131 1.1.1.2 christos max_version = SSL3_VERSION; 132 1.1.1.2 christos break; 133 1.1.1.2 christos case OPT_TLS1: 134 1.1.1.2 christos min_version = TLS1_VERSION; 135 1.1.1.2 christos max_version = TLS1_VERSION; 136 1.1.1.2 christos break; 137 1.1.1.2 christos case OPT_TLS1_1: 138 1.1.1.2 christos min_version = TLS1_1_VERSION; 139 1.1.1.2 christos max_version = TLS1_1_VERSION; 140 1.1.1.2 christos break; 141 1.1.1.2 christos case OPT_TLS1_2: 142 1.1.1.2 christos min_version = TLS1_2_VERSION; 143 1.1.1.2 christos max_version = TLS1_2_VERSION; 144 1.1.1.2 christos break; 145 1.1.1.2 christos case OPT_TLS1_3: 146 1.1.1.2 christos min_version = TLS1_3_VERSION; 147 1.1.1.2 christos max_version = TLS1_3_VERSION; 148 1.1.1.2 christos break; 149 1.1.1.2 christos case OPT_PSK: 150 1.1.1.2 christos #ifndef OPENSSL_NO_PSK 151 1.1.1.2 christos psk = 1; 152 1.1 christos #endif 153 1.1.1.2 christos break; 154 1.1.1.2 christos case OPT_SRP: 155 1.1.1.2 christos #ifndef OPENSSL_NO_SRP 156 1.1.1.2 christos srp = 1; 157 1.1 christos #endif 158 1.1 christos break; 159 1.1.1.2 christos case OPT_CIPHERSUITES: 160 1.1.1.2 christos ciphersuites = opt_arg(); 161 1.1.1.2 christos break; 162 1.1 christos } 163 1.1 christos } 164 1.1.1.2 christos argv = opt_rest(); 165 1.1.1.2 christos argc = opt_num_rest(); 166 1.1 christos 167 1.1.1.2 christos if (argc == 1) 168 1.1.1.2 christos ciphers = *argv; 169 1.1.1.2 christos else if (argc != 0) 170 1.1.1.2 christos goto opthelp; 171 1.1.1.2 christos 172 1.1.1.2 christos if (convert != NULL) { 173 1.1.1.2 christos BIO_printf(bio_out, "OpenSSL cipher name: %s\n", 174 1.1.1.2 christos OPENSSL_cipher_name(convert)); 175 1.1.1.2 christos ret = 0; 176 1.1 christos goto end; 177 1.1 christos } 178 1.1 christos 179 1.1 christos ctx = SSL_CTX_new(meth); 180 1.1 christos if (ctx == NULL) 181 1.1 christos goto err; 182 1.1.1.2 christos if (SSL_CTX_set_min_proto_version(ctx, min_version) == 0) 183 1.1.1.2 christos goto err; 184 1.1.1.2 christos if (SSL_CTX_set_max_proto_version(ctx, max_version) == 0) 185 1.1.1.2 christos goto err; 186 1.1.1.2 christos 187 1.1.1.2 christos #ifndef OPENSSL_NO_PSK 188 1.1.1.2 christos if (psk) 189 1.1.1.2 christos SSL_CTX_set_psk_client_callback(ctx, dummy_psk); 190 1.1.1.2 christos #endif 191 1.1.1.2 christos #ifndef OPENSSL_NO_SRP 192 1.1.1.2 christos if (srp) 193 1.1.1.2 christos SSL_CTX_set_srp_client_pwd_callback(ctx, dummy_srp); 194 1.1.1.2 christos #endif 195 1.1.1.2 christos 196 1.1.1.2 christos if (ciphersuites != NULL && !SSL_CTX_set_ciphersuites(ctx, ciphersuites)) { 197 1.1.1.2 christos BIO_printf(bio_err, "Error setting TLSv1.3 ciphersuites\n"); 198 1.1.1.2 christos goto err; 199 1.1.1.2 christos } 200 1.1.1.2 christos 201 1.1 christos if (ciphers != NULL) { 202 1.1 christos if (!SSL_CTX_set_cipher_list(ctx, ciphers)) { 203 1.1 christos BIO_printf(bio_err, "Error in cipher list\n"); 204 1.1 christos goto err; 205 1.1 christos } 206 1.1 christos } 207 1.1 christos ssl = SSL_new(ctx); 208 1.1 christos if (ssl == NULL) 209 1.1 christos goto err; 210 1.1 christos 211 1.1.1.2 christos if (use_supported) 212 1.1.1.2 christos sk = SSL_get1_supported_ciphers(ssl); 213 1.1.1.2 christos else 214 1.1.1.2 christos sk = SSL_get_ciphers(ssl); 215 1.1.1.2 christos 216 1.1 christos if (!verbose) { 217 1.1.1.2 christos for (i = 0; i < sk_SSL_CIPHER_num(sk); i++) { 218 1.1.1.2 christos const SSL_CIPHER *c = sk_SSL_CIPHER_value(sk, i); 219 1.1.1.2 christos p = SSL_CIPHER_get_name(c); 220 1.1 christos if (p == NULL) 221 1.1 christos break; 222 1.1 christos if (i != 0) 223 1.1.1.2 christos BIO_printf(bio_out, ":"); 224 1.1.1.2 christos BIO_printf(bio_out, "%s", p); 225 1.1 christos } 226 1.1.1.2 christos BIO_printf(bio_out, "\n"); 227 1.1.1.2 christos } else { 228 1.1 christos 229 1.1 christos for (i = 0; i < sk_SSL_CIPHER_num(sk); i++) { 230 1.1.1.2 christos const SSL_CIPHER *c; 231 1.1 christos 232 1.1 christos c = sk_SSL_CIPHER_value(sk, i); 233 1.1 christos 234 1.1 christos if (Verbose) { 235 1.1 christos unsigned long id = SSL_CIPHER_get_id(c); 236 1.1 christos int id0 = (int)(id >> 24); 237 1.1 christos int id1 = (int)((id >> 16) & 0xffL); 238 1.1 christos int id2 = (int)((id >> 8) & 0xffL); 239 1.1 christos int id3 = (int)(id & 0xffL); 240 1.1 christos 241 1.1.1.2 christos if ((id & 0xff000000L) == 0x03000000L) 242 1.1.1.2 christos BIO_printf(bio_out, " 0x%02X,0x%02X - ", id2, id3); /* SSL3 243 1.1.1.2 christos * cipher */ 244 1.1.1.2 christos else 245 1.1.1.2 christos BIO_printf(bio_out, "0x%02X,0x%02X,0x%02X,0x%02X - ", id0, id1, id2, id3); /* whatever */ 246 1.1 christos } 247 1.1 christos if (stdname) { 248 1.1 christos const char *nm = SSL_CIPHER_standard_name(c); 249 1.1 christos if (nm == NULL) 250 1.1 christos nm = "UNKNOWN"; 251 1.1.1.2 christos BIO_printf(bio_out, "%s - ", nm); 252 1.1 christos } 253 1.1.1.2 christos BIO_puts(bio_out, SSL_CIPHER_description(c, buf, sizeof(buf))); 254 1.1 christos } 255 1.1 christos } 256 1.1 christos 257 1.1 christos ret = 0; 258 1.1.1.2 christos goto end; 259 1.1 christos err: 260 1.1.1.2 christos ERR_print_errors(bio_err); 261 1.1 christos end: 262 1.1.1.2 christos if (use_supported) 263 1.1.1.2 christos sk_SSL_CIPHER_free(sk); 264 1.1.1.2 christos SSL_CTX_free(ctx); 265 1.1.1.2 christos SSL_free(ssl); 266 1.1.1.2 christos return ret; 267 1.1 christos } 268
Indexes created Sat Feb 28 05:31:39 UTC 2026