version 1.1, 2014/08/26 17:47:24 |
version 1.2, 2015/02/09 01:15:28 |
|
|
/* $OpenBSD$ */ |
/* $OpenBSD$ */ |
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
/* |
* All rights reserved. |
* Copyright (c) 2014 Joel Sing <jsing@openbsd.org> |
* |
* |
* This package is an SSL implementation written |
* Permission to use, copy, modify, and distribute this software for any |
* by Eric Young (eay@cryptsoft.com). |
* purpose with or without fee is hereby granted, provided that the above |
* The implementation was written so as to conform with Netscapes SSL. |
* copyright notice and this permission notice appear in all copies. |
* |
* |
* This library is free for commercial and non-commercial use as long as |
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES |
* the following conditions are aheared to. The following conditions |
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF |
* apply to all code found in this distribution, be it the RC4, RSA, |
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR |
* lhash, DES, etc., code; not just the SSL code. The SSL documentation |
* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES |
* included with this distribution is covered by the same copyright terms |
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN |
* except that the holder is Tim Hudson (tjh@cryptsoft.com). |
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF |
* |
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. |
* Copyright remains Eric Young's, and as such any Copyright notices in |
|
* the code are not to be removed. |
|
* If this package is used in a product, Eric Young should be given attribution |
|
* as the author of the parts of the library used. |
|
* This can be in the form of a textual message at program startup or |
|
* in documentation (online or textual) provided with the package. |
|
* |
|
* Redistribution and use in source and binary forms, with or without |
|
* modification, are permitted provided that the following conditions |
|
* are met: |
|
* 1. Redistributions of source code must retain the copyright |
|
* notice, this list of conditions and the following disclaimer. |
|
* 2. Redistributions in binary form must reproduce the above copyright |
|
* notice, this list of conditions and the following disclaimer in the |
|
* documentation and/or other materials provided with the distribution. |
|
* 3. All advertising materials mentioning features or use of this software |
|
* must display the following acknowledgement: |
|
* "This product includes cryptographic software written by |
|
* Eric Young (eay@cryptsoft.com)" |
|
* The word 'cryptographic' can be left out if the rouines from the library |
|
* being used are not cryptographic related :-). |
|
* 4. If you include any Windows specific code (or a derivative thereof) from |
|
* the apps directory (application code) you must include an acknowledgement: |
|
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" |
|
* |
|
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND |
|
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
|
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE |
|
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE |
|
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL |
|
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS |
|
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) |
|
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT |
|
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY |
|
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF |
|
* SUCH DAMAGE. |
|
* |
|
* The licence and distribution terms for any publically available version or |
|
* derivative of this code cannot be changed. i.e. this code cannot simply be |
|
* copied and put under another distribution licence |
|
* [including the GNU Public Licence.] |
|
*/ |
*/ |
|
|
#include <stdio.h> |
#include <stdio.h> |
#include <stdlib.h> |
#include <stdlib.h> |
#include <string.h> |
|
|
|
#include "apps.h" |
|
|
|
#include <openssl/err.h> |
#include <openssl/err.h> |
#include <openssl/ssl.h> |
#include <openssl/ssl.h> |
|
|
static const char *ciphers_usage[] = { |
#include "apps.h" |
"usage: ciphers args\n", |
|
" -v - verbose mode, a textual listing of the SSL/TLS ciphers in OpenSSL\n", |
struct { |
" -V - even more verbose\n", |
int ssl_version; |
" -ssl3 - SSL3 mode\n", |
int usage; |
" -tls1 - TLS1 mode\n", |
int verbose; |
NULL |
} ciphers_config; |
|
|
|
struct option ciphers_options[] = { |
|
{ |
|
.name = "h", |
|
.type = OPTION_FLAG, |
|
.opt.flag = &ciphers_config.usage, |
|
}, |
|
{ |
|
.name = "?", |
|
.type = OPTION_FLAG, |
|
.opt.flag = &ciphers_config.usage, |
|
}, |
|
{ |
|
.name = "ssl3", |
|
.desc = "Only include SSLv3 ciphers", |
|
.type = OPTION_VALUE, |
|
.opt.value = &ciphers_config.ssl_version, |
|
.value = SSL3_VERSION, |
|
}, |
|
{ |
|
.name = "tls1", |
|
.desc = "Only include TLSv1 ciphers", |
|
.type = OPTION_VALUE, |
|
.opt.value = &ciphers_config.ssl_version, |
|
.value = TLS1_VERSION, |
|
}, |
|
{ |
|
.name = "v", |
|
.desc = "Provide cipher listing", |
|
.type = OPTION_VALUE, |
|
.opt.value = &ciphers_config.verbose, |
|
.value = 1, |
|
}, |
|
{ |
|
.name = "V", |
|
.desc = "Provide cipher listing with cipher suite values", |
|
.type = OPTION_VALUE, |
|
.opt.value = &ciphers_config.verbose, |
|
.value = 2, |
|
}, |
|
{}, |
}; |
}; |
|
|
int ciphers_main(int, char **); |
static void |
|
ciphers_usage(void) |
|
{ |
|
fprintf(stderr, "usage: ciphers [-hVv] [-ssl3 | -tls1] [cipherlist]\n"); |
|
options_usage(ciphers_options); |
|
} |
|
|
int |
int |
ciphers_main(int argc, char **argv) |
ciphers_main(int argc, char **argv) |
{ |
{ |
int ret = 1, i; |
char *cipherlist = NULL; |
int verbose = 0, Verbose = 0; |
STACK_OF(SSL_CIPHER) *ciphers; |
const char **pp; |
const SSL_METHOD *ssl_method; |
const char *p; |
const SSL_CIPHER *cipher; |
int badops = 0; |
SSL_CTX *ssl_ctx = NULL; |
SSL_CTX *ctx = NULL; |
|
SSL *ssl = NULL; |
SSL *ssl = NULL; |
char *ciphers = NULL; |
uint16_t value; |
const SSL_METHOD *meth = NULL; |
int i, rv = 0; |
STACK_OF(SSL_CIPHER) * sk; |
|
BIO *STDout = NULL; |
|
char *desc; |
char *desc; |
|
|
meth = SSLv3_server_method(); |
if (options_parse(argc, argv, ciphers_options, &cipherlist, |
|
NULL) != 0) { |
|
ciphers_usage(); |
|
return (1); |
|
} |
|
|
STDout = BIO_new_fp(stdout, BIO_NOCLOSE); |
if (ciphers_config.usage) { |
|
ciphers_usage(); |
argc--; |
return (1); |
argv++; |
|
while (argc >= 1) { |
|
if (strcmp(*argv, "-v") == 0) |
|
verbose = 1; |
|
else if (strcmp(*argv, "-V") == 0) |
|
verbose = Verbose = 1; |
|
else if (strcmp(*argv, "-ssl3") == 0) |
|
meth = SSLv3_client_method(); |
|
else if (strcmp(*argv, "-tls1") == 0) |
|
meth = TLSv1_client_method(); |
|
else if ((strncmp(*argv, "-h", 2) == 0) || |
|
(strcmp(*argv, "-?") == 0)) { |
|
badops = 1; |
|
break; |
|
} else { |
|
ciphers = *argv; |
|
} |
|
argc--; |
|
argv++; |
|
} |
} |
|
|
if (badops) { |
switch (ciphers_config.ssl_version) { |
for (pp = ciphers_usage; (*pp != NULL); pp++) |
case SSL3_VERSION: |
BIO_printf(bio_err, "%s", *pp); |
ssl_method = SSLv3_client_method(); |
goto end; |
break; |
|
case TLS1_VERSION: |
|
ssl_method = TLSv1_client_method(); |
|
break; |
|
default: |
|
ssl_method = SSLv3_server_method(); |
} |
} |
|
|
ctx = SSL_CTX_new(meth); |
if ((ssl_ctx = SSL_CTX_new(ssl_method)) == NULL) |
if (ctx == NULL) |
|
goto err; |
goto err; |
if (ciphers != NULL) { |
|
if (!SSL_CTX_set_cipher_list(ctx, ciphers)) { |
if (cipherlist != NULL) { |
BIO_printf(bio_err, "Error in cipher list\n"); |
if (SSL_CTX_set_cipher_list(ssl_ctx, cipherlist) == 0) |
goto err; |
goto err; |
} |
|
} |
} |
ssl = SSL_new(ctx); |
|
if (ssl == NULL) |
if ((ssl = SSL_new(ssl_ctx)) == NULL) |
goto err; |
goto err; |
|
|
if (!verbose) { |
if ((ciphers = SSL_get_ciphers(ssl)) == NULL) |
for (i = 0; ; i++) { |
goto err; |
p = SSL_get_cipher_list(ssl, i); |
|
if (p == NULL) |
|
break; |
|
if (i != 0) |
|
BIO_printf(STDout, ":"); |
|
BIO_printf(STDout, "%s", p); |
|
} |
|
BIO_printf(STDout, "\n"); |
|
} else { /* verbose */ |
|
sk = SSL_get_ciphers(ssl); |
|
|
|
for (i = 0; i < sk_SSL_CIPHER_num(sk); i++) { |
for (i = 0; i < sk_SSL_CIPHER_num(ciphers); i++) { |
SSL_CIPHER *c; |
cipher = sk_SSL_CIPHER_value(ciphers, i); |
|
if (ciphers_config.verbose == 0) { |
c = sk_SSL_CIPHER_value(sk, i); |
fprintf(stdout, "%s%s", (i ? ":" : ""), |
|
SSL_CIPHER_get_name(cipher)); |
if (Verbose) { |
continue; |
unsigned long id = SSL_CIPHER_get_id(c); |
|
int id0 = (int) (id >> 24); |
|
int id1 = (int) ((id >> 16) & 0xffL); |
|
int id2 = (int) ((id >> 8) & 0xffL); |
|
int id3 = (int) (id & 0xffL); |
|
|
|
if ((id & 0xff000000L) == 0x02000000L) |
|
BIO_printf(STDout, " 0x%02X,0x%02X,0x%02X - ", id1, id2, id3); /* SSL2 cipher */ |
|
else if ((id & 0xff000000L) == 0x03000000L) |
|
BIO_printf(STDout, " 0x%02X,0x%02X - ", id2, id3); /* SSL3 cipher */ |
|
else |
|
BIO_printf(STDout, "0x%02X,0x%02X,0x%02X,0x%02X - ", id0, id1, id2, id3); /* whatever */ |
|
} |
|
desc = SSL_CIPHER_description(c, NULL, 0); |
|
BIO_puts(STDout, desc); |
|
if (strcmp(desc, "OPENSSL_malloc Error") != 0) |
|
free(desc); |
|
} |
} |
|
if (ciphers_config.verbose > 1) { |
|
value = SSL_CIPHER_get_value(cipher); |
|
fprintf(stdout, "%-*s0x%02hX,0x%02hX - ", 10, "", |
|
((value >> 8) & 0xff), (value & 0xff)); |
|
} |
|
desc = SSL_CIPHER_description(cipher, NULL, 0); |
|
if (strcmp(desc, "OPENSSL_malloc Error") == 0) { |
|
fprintf(stderr, "out of memory\n"); |
|
goto err; |
|
} |
|
fprintf(stdout, "%s", desc); |
|
free(desc); |
} |
} |
|
if (ciphers_config.verbose == 0) |
|
fprintf(stdout, "\n"); |
|
|
ret = 0; |
goto done; |
if (0) { |
|
err: |
err: |
ERR_print_errors(bio_err); |
ERR_print_errors_fp(stderr); |
} |
rv = 1; |
|
|
end: |
done: |
if (ctx != NULL) |
SSL_CTX_free(ssl_ctx); |
SSL_CTX_free(ctx); |
SSL_free(ssl); |
if (ssl != NULL) |
|
SSL_free(ssl); |
|
if (STDout != NULL) |
|
BIO_free_all(STDout); |
|
|
|
return (ret); |
return (rv); |
} |
} |