| version 1.1, 2014/08/26 17:47:24 |
version 1.2, 2015/02/09 01:15:28 |
|
|
| /* $OpenBSD$ */ |
/* $OpenBSD$ */ |
| /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
/* |
| * All rights reserved. |
* Copyright (c) 2014 Joel Sing <jsing@openbsd.org> |
| * |
* |
| * This package is an SSL implementation written |
* Permission to use, copy, modify, and distribute this software for any |
| * by Eric Young (eay@cryptsoft.com). |
* purpose with or without fee is hereby granted, provided that the above |
| * The implementation was written so as to conform with Netscapes SSL. |
* copyright notice and this permission notice appear in all copies. |
| * |
* |
| * This library is free for commercial and non-commercial use as long as |
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES |
| * the following conditions are aheared to. The following conditions |
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF |
| * apply to all code found in this distribution, be it the RC4, RSA, |
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR |
| * lhash, DES, etc., code; not just the SSL code. The SSL documentation |
* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES |
| * included with this distribution is covered by the same copyright terms |
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN |
| * except that the holder is Tim Hudson (tjh@cryptsoft.com). |
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF |
| * |
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. |
| * Copyright remains Eric Young's, and as such any Copyright notices in |
|
| * the code are not to be removed. |
|
| * If this package is used in a product, Eric Young should be given attribution |
|
| * as the author of the parts of the library used. |
|
| * This can be in the form of a textual message at program startup or |
|
| * in documentation (online or textual) provided with the package. |
|
| * |
|
| * Redistribution and use in source and binary forms, with or without |
|
| * modification, are permitted provided that the following conditions |
|
| * are met: |
|
| * 1. Redistributions of source code must retain the copyright |
|
| * notice, this list of conditions and the following disclaimer. |
|
| * 2. Redistributions in binary form must reproduce the above copyright |
|
| * notice, this list of conditions and the following disclaimer in the |
|
| * documentation and/or other materials provided with the distribution. |
|
| * 3. All advertising materials mentioning features or use of this software |
|
| * must display the following acknowledgement: |
|
| * "This product includes cryptographic software written by |
|
| * Eric Young (eay@cryptsoft.com)" |
|
| * The word 'cryptographic' can be left out if the rouines from the library |
|
| * being used are not cryptographic related :-). |
|
| * 4. If you include any Windows specific code (or a derivative thereof) from |
|
| * the apps directory (application code) you must include an acknowledgement: |
|
| * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" |
|
| * |
|
| * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND |
|
| * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
|
| * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE |
|
| * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE |
|
| * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL |
|
| * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS |
|
| * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) |
|
| * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT |
|
| * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY |
|
| * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF |
|
| * SUCH DAMAGE. |
|
| * |
|
| * The licence and distribution terms for any publically available version or |
|
| * derivative of this code cannot be changed. i.e. this code cannot simply be |
|
| * copied and put under another distribution licence |
|
| * [including the GNU Public Licence.] |
|
| */ |
*/ |
| |
|
| #include <stdio.h> |
#include <stdio.h> |
| #include <stdlib.h> |
#include <stdlib.h> |
| #include <string.h> |
|
| |
|
| #include "apps.h" |
|
| |
|
| #include <openssl/err.h> |
#include <openssl/err.h> |
| #include <openssl/ssl.h> |
#include <openssl/ssl.h> |
| |
|
| static const char *ciphers_usage[] = { |
#include "apps.h" |
| "usage: ciphers args\n", |
|
| " -v - verbose mode, a textual listing of the SSL/TLS ciphers in OpenSSL\n", |
struct { |
| " -V - even more verbose\n", |
int ssl_version; |
| " -ssl3 - SSL3 mode\n", |
int usage; |
| " -tls1 - TLS1 mode\n", |
int verbose; |
| NULL |
} ciphers_config; |
| |
|
| |
struct option ciphers_options[] = { |
| |
{ |
| |
.name = "h", |
| |
.type = OPTION_FLAG, |
| |
.opt.flag = &ciphers_config.usage, |
| |
}, |
| |
{ |
| |
.name = "?", |
| |
.type = OPTION_FLAG, |
| |
.opt.flag = &ciphers_config.usage, |
| |
}, |
| |
{ |
| |
.name = "ssl3", |
| |
.desc = "Only include SSLv3 ciphers", |
| |
.type = OPTION_VALUE, |
| |
.opt.value = &ciphers_config.ssl_version, |
| |
.value = SSL3_VERSION, |
| |
}, |
| |
{ |
| |
.name = "tls1", |
| |
.desc = "Only include TLSv1 ciphers", |
| |
.type = OPTION_VALUE, |
| |
.opt.value = &ciphers_config.ssl_version, |
| |
.value = TLS1_VERSION, |
| |
}, |
| |
{ |
| |
.name = "v", |
| |
.desc = "Provide cipher listing", |
| |
.type = OPTION_VALUE, |
| |
.opt.value = &ciphers_config.verbose, |
| |
.value = 1, |
| |
}, |
| |
{ |
| |
.name = "V", |
| |
.desc = "Provide cipher listing with cipher suite values", |
| |
.type = OPTION_VALUE, |
| |
.opt.value = &ciphers_config.verbose, |
| |
.value = 2, |
| |
}, |
| |
{}, |
| }; |
}; |
| |
|
| int ciphers_main(int, char **); |
static void |
| |
ciphers_usage(void) |
| |
{ |
| |
fprintf(stderr, "usage: ciphers [-hVv] [-ssl3 | -tls1] [cipherlist]\n"); |
| |
options_usage(ciphers_options); |
| |
} |
| |
|
| int |
int |
| ciphers_main(int argc, char **argv) |
ciphers_main(int argc, char **argv) |
| { |
{ |
| int ret = 1, i; |
char *cipherlist = NULL; |
| int verbose = 0, Verbose = 0; |
STACK_OF(SSL_CIPHER) *ciphers; |
| const char **pp; |
const SSL_METHOD *ssl_method; |
| const char *p; |
const SSL_CIPHER *cipher; |
| int badops = 0; |
SSL_CTX *ssl_ctx = NULL; |
| SSL_CTX *ctx = NULL; |
|
| SSL *ssl = NULL; |
SSL *ssl = NULL; |
| char *ciphers = NULL; |
uint16_t value; |
| const SSL_METHOD *meth = NULL; |
int i, rv = 0; |
| STACK_OF(SSL_CIPHER) * sk; |
|
| BIO *STDout = NULL; |
|
| char *desc; |
char *desc; |
| |
|
| meth = SSLv3_server_method(); |
if (options_parse(argc, argv, ciphers_options, &cipherlist, |
| |
NULL) != 0) { |
| |
ciphers_usage(); |
| |
return (1); |
| |
} |
| |
|
| STDout = BIO_new_fp(stdout, BIO_NOCLOSE); |
if (ciphers_config.usage) { |
| |
ciphers_usage(); |
| argc--; |
return (1); |
| argv++; |
|
| while (argc >= 1) { |
|
| if (strcmp(*argv, "-v") == 0) |
|
| verbose = 1; |
|
| else if (strcmp(*argv, "-V") == 0) |
|
| verbose = Verbose = 1; |
|
| else if (strcmp(*argv, "-ssl3") == 0) |
|
| meth = SSLv3_client_method(); |
|
| else if (strcmp(*argv, "-tls1") == 0) |
|
| meth = TLSv1_client_method(); |
|
| else if ((strncmp(*argv, "-h", 2) == 0) || |
|
| (strcmp(*argv, "-?") == 0)) { |
|
| badops = 1; |
|
| break; |
|
| } else { |
|
| ciphers = *argv; |
|
| } |
|
| argc--; |
|
| argv++; |
|
| } |
} |
| |
|
| if (badops) { |
switch (ciphers_config.ssl_version) { |
| for (pp = ciphers_usage; (*pp != NULL); pp++) |
case SSL3_VERSION: |
| BIO_printf(bio_err, "%s", *pp); |
ssl_method = SSLv3_client_method(); |
| goto end; |
break; |
| |
case TLS1_VERSION: |
| |
ssl_method = TLSv1_client_method(); |
| |
break; |
| |
default: |
| |
ssl_method = SSLv3_server_method(); |
| } |
} |
| |
|
| ctx = SSL_CTX_new(meth); |
if ((ssl_ctx = SSL_CTX_new(ssl_method)) == NULL) |
| if (ctx == NULL) |
|
| goto err; |
goto err; |
| if (ciphers != NULL) { |
|
| if (!SSL_CTX_set_cipher_list(ctx, ciphers)) { |
if (cipherlist != NULL) { |
| BIO_printf(bio_err, "Error in cipher list\n"); |
if (SSL_CTX_set_cipher_list(ssl_ctx, cipherlist) == 0) |
| goto err; |
goto err; |
| } |
|
| } |
} |
| ssl = SSL_new(ctx); |
|
| if (ssl == NULL) |
if ((ssl = SSL_new(ssl_ctx)) == NULL) |
| goto err; |
goto err; |
| |
|
| if (!verbose) { |
if ((ciphers = SSL_get_ciphers(ssl)) == NULL) |
| for (i = 0; ; i++) { |
goto err; |
| p = SSL_get_cipher_list(ssl, i); |
|
| if (p == NULL) |
|
| break; |
|
| if (i != 0) |
|
| BIO_printf(STDout, ":"); |
|
| BIO_printf(STDout, "%s", p); |
|
| } |
|
| BIO_printf(STDout, "\n"); |
|
| } else { /* verbose */ |
|
| sk = SSL_get_ciphers(ssl); |
|
| |
|
| for (i = 0; i < sk_SSL_CIPHER_num(sk); i++) { |
for (i = 0; i < sk_SSL_CIPHER_num(ciphers); i++) { |
| SSL_CIPHER *c; |
cipher = sk_SSL_CIPHER_value(ciphers, i); |
| |
if (ciphers_config.verbose == 0) { |
| c = sk_SSL_CIPHER_value(sk, i); |
fprintf(stdout, "%s%s", (i ? ":" : ""), |
| |
SSL_CIPHER_get_name(cipher)); |
| if (Verbose) { |
continue; |
| unsigned long id = SSL_CIPHER_get_id(c); |
|
| int id0 = (int) (id >> 24); |
|
| int id1 = (int) ((id >> 16) & 0xffL); |
|
| int id2 = (int) ((id >> 8) & 0xffL); |
|
| int id3 = (int) (id & 0xffL); |
|
| |
|
| if ((id & 0xff000000L) == 0x02000000L) |
|
| BIO_printf(STDout, " 0x%02X,0x%02X,0x%02X - ", id1, id2, id3); /* SSL2 cipher */ |
|
| else if ((id & 0xff000000L) == 0x03000000L) |
|
| BIO_printf(STDout, " 0x%02X,0x%02X - ", id2, id3); /* SSL3 cipher */ |
|
| else |
|
| BIO_printf(STDout, "0x%02X,0x%02X,0x%02X,0x%02X - ", id0, id1, id2, id3); /* whatever */ |
|
| } |
|
| desc = SSL_CIPHER_description(c, NULL, 0); |
|
| BIO_puts(STDout, desc); |
|
| if (strcmp(desc, "OPENSSL_malloc Error") != 0) |
|
| free(desc); |
|
| } |
} |
| |
if (ciphers_config.verbose > 1) { |
| |
value = SSL_CIPHER_get_value(cipher); |
| |
fprintf(stdout, "%-*s0x%02hX,0x%02hX - ", 10, "", |
| |
((value >> 8) & 0xff), (value & 0xff)); |
| |
} |
| |
desc = SSL_CIPHER_description(cipher, NULL, 0); |
| |
if (strcmp(desc, "OPENSSL_malloc Error") == 0) { |
| |
fprintf(stderr, "out of memory\n"); |
| |
goto err; |
| |
} |
| |
fprintf(stdout, "%s", desc); |
| |
free(desc); |
| } |
} |
| |
if (ciphers_config.verbose == 0) |
| |
fprintf(stdout, "\n"); |
| |
|
| ret = 0; |
goto done; |
| if (0) { |
|
| err: |
err: |
| ERR_print_errors(bio_err); |
ERR_print_errors_fp(stderr); |
| } |
rv = 1; |
| |
|
| end: |
done: |
| if (ctx != NULL) |
SSL_CTX_free(ssl_ctx); |
| SSL_CTX_free(ctx); |
SSL_free(ssl); |
| if (ssl != NULL) |
|
| SSL_free(ssl); |
|
| if (STDout != NULL) |
|
| BIO_free_all(STDout); |
|
| |
|
| return (ret); |
return (rv); |
| } |
} |
![[BACK]](/icons/back.gif){kind=icon}
Return to ciphers.c CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / src / usr.bin / openssl