1 /* 2 * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. 3 * 4 * Licensed under the OpenSSL license (the "License"). You may not use 5 * this file except in compliance with the License. You can obtain a copy 6 * in the file LICENSE in the source distribution or at 7 * https://www.openssl.org/source/license.html 8 */ 9 10 #include <stdio.h> 11 #include <stdlib.h> 12 #include <string.h> 13 #include "apps.h" 14 #include <openssl/err.h> 15 #include <openssl/ssl.h> 16 17 typedef enum OPTION_choice { 18 OPT_ERR = -1, OPT_EOF = 0, OPT_HELP, 19 OPT_STDNAME, 20 OPT_SSL3, 21 OPT_TLS1, 22 OPT_TLS1_1, 23 OPT_TLS1_2, 24 OPT_PSK, 25 OPT_SRP, 26 OPT_V, OPT_UPPER_V, OPT_S 27 } OPTION_CHOICE; 28 29 OPTIONS ciphers_options[] = { 30 {"help", OPT_HELP, '-', "Display this summary"}, 31 {"v", OPT_V, '-', "Verbose listing of the SSL/TLS ciphers"}, 32 {"V", OPT_UPPER_V, '-', "Even more verbose"}, 33 {"s", OPT_S, '-', "Only supported ciphers"}, 34 #ifndef OPENSSL_NO_SSL3 35 {"ssl3", OPT_SSL3, '-', "SSL3 mode"}, 36 #endif 37 #ifndef OPENSSL_NO_TLS1 38 {"tls1", OPT_TLS1, '-', "TLS1 mode"}, 39 #endif 40 #ifndef OPENSSL_NO_TLS1_1 41 {"tls1_1", OPT_TLS1_1, '-', "TLS1.1 mode"}, 42 #endif 43 #ifndef OPENSSL_NO_TLS1_2 44 {"tls1_2", OPT_TLS1_2, '-', "TLS1.2 mode"}, 45 #endif 46 #ifndef OPENSSL_NO_SSL_TRACE 47 {"stdname", OPT_STDNAME, '-', "Show standard cipher names"}, 48 #endif 49 #ifndef OPENSSL_NO_PSK 50 {"psk", OPT_PSK, '-', "include ciphersuites requiring PSK"}, 51 #endif 52 #ifndef OPENSSL_NO_SRP 53 {"srp", OPT_SRP, '-', "include ciphersuites requiring SRP"}, 54 #endif 55 {NULL} 56 }; 57 58 #ifndef OPENSSL_NO_PSK 59 static unsigned int dummy_psk(SSL *ssl, const char *hint, char *identity, 60 unsigned int max_identity_len, 61 unsigned char *psk, 62 unsigned int max_psk_len) 63 { 64 return 0; 65 } 66 #endif 67 #ifndef OPENSSL_NO_SRP 68 static char *dummy_srp(SSL *ssl, void *arg) 69 { 70 return ""; 71 } 72 #endif 73 74 int ciphers_main(int argc, char **argv) 75 { 76 SSL_CTX *ctx = NULL; 77 SSL *ssl = NULL; 78 STACK_OF(SSL_CIPHER) *sk = NULL; 79 const SSL_METHOD *meth = TLS_server_method(); 80 int ret = 1, i, verbose = 0, Verbose = 0, use_supported = 0; 81 #ifndef OPENSSL_NO_SSL_TRACE 82 int stdname = 0; 83 #endif 84 #ifndef OPENSSL_NO_PSK 85 int psk = 0; 86 #endif 87 #ifndef OPENSSL_NO_SRP 88 int srp = 0; 89 #endif 90 const char *p; 91 char *ciphers = NULL, *prog; 92 char buf[512]; 93 OPTION_CHOICE o; 94 int min_version = 0, max_version = 0; 95 96 prog = opt_init(argc, argv, ciphers_options); 97 while ((o = opt_next()) != OPT_EOF) { 98 switch (o) { 99 case OPT_EOF: 100 case OPT_ERR: 101 opthelp: 102 BIO_printf(bio_err, "%s: Use -help for summary.\n", prog); 103 goto end; 104 case OPT_HELP: 105 opt_help(ciphers_options); 106 ret = 0; 107 goto end; 108 case OPT_V: 109 verbose = 1; 110 break; 111 case OPT_UPPER_V: 112 verbose = Verbose = 1; 113 break; 114 case OPT_S: 115 use_supported = 1; 116 break; 117 case OPT_STDNAME: 118 #ifndef OPENSSL_NO_SSL_TRACE 119 stdname = verbose = 1; 120 #endif 121 break; 122 case OPT_SSL3: 123 min_version = SSL3_VERSION; 124 max_version = SSL3_VERSION; 125 break; 126 case OPT_TLS1: 127 min_version = TLS1_VERSION; 128 max_version = TLS1_VERSION; 129 break; 130 case OPT_TLS1_1: 131 min_version = TLS1_1_VERSION; 132 max_version = TLS1_1_VERSION; 133 break; 134 case OPT_TLS1_2: 135 min_version = TLS1_2_VERSION; 136 max_version = TLS1_2_VERSION; 137 break; 138 case OPT_PSK: 139 #ifndef OPENSSL_NO_PSK 140 psk = 1; 141 #endif 142 break; 143 case OPT_SRP: 144 #ifndef OPENSSL_NO_SRP 145 srp = 1; 146 #endif 147 break; 148 } 149 } 150 argv = opt_rest(); 151 argc = opt_num_rest(); 152 153 if (argc == 1) 154 ciphers = *argv; 155 else if (argc != 0) 156 goto opthelp; 157 158 ctx = SSL_CTX_new(meth); 159 if (ctx == NULL) 160 goto err; 161 if (SSL_CTX_set_min_proto_version(ctx, min_version) == 0) 162 goto err; 163 if (SSL_CTX_set_max_proto_version(ctx, max_version) == 0) 164 goto err; 165 166 #ifndef OPENSSL_NO_PSK 167 if (psk) 168 SSL_CTX_set_psk_client_callback(ctx, dummy_psk); 169 #endif 170 #ifndef OPENSSL_NO_SRP 171 if (srp) 172 SSL_CTX_set_srp_client_pwd_callback(ctx, dummy_srp); 173 #endif 174 if (ciphers != NULL) { 175 if (!SSL_CTX_set_cipher_list(ctx, ciphers)) { 176 BIO_printf(bio_err, "Error in cipher list\n"); 177 goto err; 178 } 179 } 180 ssl = SSL_new(ctx); 181 if (ssl == NULL) 182 goto err; 183 184 if (use_supported) 185 sk = SSL_get1_supported_ciphers(ssl); 186 else 187 sk = SSL_get_ciphers(ssl); 188 189 if (!verbose) { 190 for (i = 0; i < sk_SSL_CIPHER_num(sk); i++) { 191 const SSL_CIPHER *c = sk_SSL_CIPHER_value(sk, i); 192 p = SSL_CIPHER_get_name(c); 193 if (p == NULL) 194 break; 195 if (i != 0) 196 BIO_printf(bio_out, ":"); 197 BIO_printf(bio_out, "%s", p); 198 } 199 BIO_printf(bio_out, "\n"); 200 } else { 201 202 for (i = 0; i < sk_SSL_CIPHER_num(sk); i++) { 203 const SSL_CIPHER *c; 204 205 c = sk_SSL_CIPHER_value(sk, i); 206 207 if (Verbose) { 208 unsigned long id = SSL_CIPHER_get_id(c); 209 int id0 = (int)(id >> 24); 210 int id1 = (int)((id >> 16) & 0xffL); 211 int id2 = (int)((id >> 8) & 0xffL); 212 int id3 = (int)(id & 0xffL); 213 214 if ((id & 0xff000000L) == 0x03000000L) 215 BIO_printf(bio_out, " 0x%02X,0x%02X - ", id2, id3); /* SSL3 216 * cipher */ 217 else 218 BIO_printf(bio_out, "0x%02X,0x%02X,0x%02X,0x%02X - ", id0, id1, id2, id3); /* whatever */ 219 } 220 #ifndef OPENSSL_NO_SSL_TRACE 221 if (stdname) { 222 const char *nm = SSL_CIPHER_standard_name(c); 223 if (nm == NULL) 224 nm = "UNKNOWN"; 225 BIO_printf(bio_out, "%s - ", nm); 226 } 227 #endif 228 BIO_puts(bio_out, SSL_CIPHER_description(c, buf, sizeof(buf))); 229 } 230 } 231 232 ret = 0; 233 goto end; 234 err: 235 ERR_print_errors(bio_err); 236 end: 237 if (use_supported) 238 sk_SSL_CIPHER_free(sk); 239 SSL_CTX_free(ctx); 240 SSL_free(ssl); 241 return (ret); 242 } 243