Annotation of src/usr.bin/openssl/ciphers.c, Revision 1.11
1.11 ! tb 1: /* $OpenBSD: ciphers.c,v 1.10 2019/07/14 03:30:45 guenther Exp $ */
1.2 jsing 2: /*
3: * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
4: *
5: * Permission to use, copy, modify, and distribute this software for any
6: * purpose with or without fee is hereby granted, provided that the above
7: * copyright notice and this permission notice appear in all copies.
8: *
9: * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10: * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11: * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12: * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13: * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14: * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15: * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
1.1 jsing 16: */
17:
18: #include <stdio.h>
19: #include <stdlib.h>
20:
21: #include <openssl/err.h>
22: #include <openssl/ssl.h>
23:
1.2 jsing 24: #include "apps.h"
1.6 deraadt 25: #include "progs.h"
1.2 jsing 26:
27: struct {
28: int usage;
1.11 ! tb 29: int use_supported;
1.2 jsing 30: int verbose;
31: } ciphers_config;
32:
1.10 guenther 33: static const struct option ciphers_options[] = {
1.2 jsing 34: {
35: .name = "h",
36: .type = OPTION_FLAG,
37: .opt.flag = &ciphers_config.usage,
38: },
39: {
40: .name = "?",
41: .type = OPTION_FLAG,
42: .opt.flag = &ciphers_config.usage,
43: },
44: {
1.11 ! tb 45: .name = "s",
! 46: .desc = "Only list ciphers that are supported by the TLS method",
! 47: .type = OPTION_FLAG,
! 48: .opt.flag = &ciphers_config.use_supported,
! 49: },
! 50: {
1.2 jsing 51: .name = "tls1",
1.5 doug 52: .desc = "This option is deprecated since it is the default",
53: .type = OPTION_DISCARD,
1.2 jsing 54: },
55: {
56: .name = "v",
57: .desc = "Provide cipher listing",
58: .type = OPTION_VALUE,
59: .opt.value = &ciphers_config.verbose,
60: .value = 1,
61: },
62: {
63: .name = "V",
64: .desc = "Provide cipher listing with cipher suite values",
65: .type = OPTION_VALUE,
66: .opt.value = &ciphers_config.verbose,
67: .value = 2,
68: },
1.3 jsing 69: { NULL },
1.1 jsing 70: };
71:
1.2 jsing 72: static void
73: ciphers_usage(void)
74: {
1.11 ! tb 75: fprintf(stderr, "usage: ciphers [-hsVv] [-tls1] [cipherlist]\n");
1.2 jsing 76: options_usage(ciphers_options);
77: }
1.1 jsing 78:
79: int
80: ciphers_main(int argc, char **argv)
81: {
1.2 jsing 82: char *cipherlist = NULL;
83: STACK_OF(SSL_CIPHER) *ciphers;
1.11 ! tb 84: STACK_OF(SSL_CIPHER) *supported_ciphers = NULL;
1.2 jsing 85: const SSL_CIPHER *cipher;
86: SSL_CTX *ssl_ctx = NULL;
1.1 jsing 87: SSL *ssl = NULL;
1.2 jsing 88: uint16_t value;
89: int i, rv = 0;
1.1 jsing 90: char *desc;
1.7 doug 91:
92: if (single_execution) {
1.8 doug 93: if (pledge("stdio rpath", NULL) == -1) {
1.7 doug 94: perror("pledge");
1.8 doug 95: exit(1);
96: }
1.7 doug 97: }
1.3 jsing 98:
99: memset(&ciphers_config, 0, sizeof(ciphers_config));
1.1 jsing 100:
1.2 jsing 101: if (options_parse(argc, argv, ciphers_options, &cipherlist,
102: NULL) != 0) {
103: ciphers_usage();
104: return (1);
105: }
1.1 jsing 106:
1.2 jsing 107: if (ciphers_config.usage) {
108: ciphers_usage();
109: return (1);
1.1 jsing 110: }
111:
1.5 doug 112: if ((ssl_ctx = SSL_CTX_new(TLSv1_client_method())) == NULL)
1.1 jsing 113: goto err;
1.2 jsing 114:
115: if (cipherlist != NULL) {
116: if (SSL_CTX_set_cipher_list(ssl_ctx, cipherlist) == 0)
1.1 jsing 117: goto err;
118: }
1.2 jsing 119:
120: if ((ssl = SSL_new(ssl_ctx)) == NULL)
1.1 jsing 121: goto err;
122:
1.11 ! tb 123: if (ciphers_config.use_supported) {
! 124: if ((supported_ciphers =
! 125: SSL_get1_supported_ciphers(ssl)) == NULL)
! 126: goto err;
! 127: ciphers = supported_ciphers;
! 128: } else {
! 129: if ((ciphers = SSL_get_ciphers(ssl)) == NULL)
! 130: goto err;
! 131: }
1.2 jsing 132:
133: for (i = 0; i < sk_SSL_CIPHER_num(ciphers); i++) {
134: cipher = sk_SSL_CIPHER_value(ciphers, i);
135: if (ciphers_config.verbose == 0) {
136: fprintf(stdout, "%s%s", (i ? ":" : ""),
137: SSL_CIPHER_get_name(cipher));
138: continue;
139: }
140: if (ciphers_config.verbose > 1) {
141: value = SSL_CIPHER_get_value(cipher);
1.4 bcook 142: fprintf(stdout, "%-*s0x%02X,0x%02X - ", 10, "",
1.2 jsing 143: ((value >> 8) & 0xff), (value & 0xff));
1.1 jsing 144: }
1.2 jsing 145: desc = SSL_CIPHER_description(cipher, NULL, 0);
146: if (strcmp(desc, "OPENSSL_malloc Error") == 0) {
147: fprintf(stderr, "out of memory\n");
148: goto err;
1.1 jsing 149: }
1.2 jsing 150: fprintf(stdout, "%s", desc);
151: free(desc);
1.1 jsing 152: }
1.2 jsing 153: if (ciphers_config.verbose == 0)
154: fprintf(stdout, "\n");
155:
156: goto done;
1.1 jsing 157:
1.9 jsing 158: err:
1.2 jsing 159: ERR_print_errors_fp(stderr);
160: rv = 1;
1.1 jsing 161:
1.9 jsing 162: done:
1.11 ! tb 163: sk_SSL_CIPHER_free(supported_ciphers);
1.2 jsing 164: SSL_CTX_free(ssl_ctx);
165: SSL_free(ssl);
1.1 jsing 166:
1.2 jsing 167: return (rv);
1.1 jsing 168: }