Annotation of src/usr.bin/openssl/ciphers.c, Revision 1.17
1.17 ! tb 1: /* $OpenBSD: ciphers.c,v 1.16 2022/11/11 17:07:38 joshua Exp $ */
1.2 jsing 2: /*
3: * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
4: *
5: * Permission to use, copy, modify, and distribute this software for any
6: * purpose with or without fee is hereby granted, provided that the above
7: * copyright notice and this permission notice appear in all copies.
8: *
9: * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10: * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11: * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12: * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13: * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14: * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15: * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
1.1 jsing 16: */
17:
18: #include <stdio.h>
19: #include <stdlib.h>
20:
21: #include <openssl/err.h>
22: #include <openssl/ssl.h>
23:
1.2 jsing 24: #include "apps.h"
1.6 deraadt 25: #include "progs.h"
1.2 jsing 26:
1.17 ! tb 27: static struct {
1.2 jsing 28: int usage;
1.11 tb 29: int use_supported;
1.2 jsing 30: int verbose;
1.14 tb 31: int version;
1.2 jsing 32: } ciphers_config;
33:
1.10 guenther 34: static const struct option ciphers_options[] = {
1.2 jsing 35: {
36: .name = "h",
37: .type = OPTION_FLAG,
38: .opt.flag = &ciphers_config.usage,
39: },
40: {
41: .name = "?",
42: .type = OPTION_FLAG,
43: .opt.flag = &ciphers_config.usage,
44: },
45: {
1.11 tb 46: .name = "s",
47: .desc = "Only list ciphers that are supported by the TLS method",
48: .type = OPTION_FLAG,
49: .opt.flag = &ciphers_config.use_supported,
50: },
51: {
1.2 jsing 52: .name = "tls1",
1.14 tb 53: .desc = "Use TLS protocol version 1",
54: .type = OPTION_VALUE,
55: .opt.value = &ciphers_config.version,
56: .value = TLS1_VERSION,
57: },
58: {
59: .name = "tls1_1",
60: .desc = "Use TLS protocol version 1.1",
61: .type = OPTION_VALUE,
62: .opt.value = &ciphers_config.version,
63: .value = TLS1_1_VERSION,
64: },
65: {
66: .name = "tls1_2",
67: .desc = "Use TLS protocol version 1.2",
68: .type = OPTION_VALUE,
69: .opt.value = &ciphers_config.version,
70: .value = TLS1_2_VERSION,
71: },
72: {
73: .name = "tls1_3",
74: .desc = "Use TLS protocol version 1.3",
75: .type = OPTION_VALUE,
76: .opt.value = &ciphers_config.version,
77: .value = TLS1_3_VERSION,
1.2 jsing 78: },
79: {
80: .name = "v",
81: .desc = "Provide cipher listing",
82: .type = OPTION_VALUE,
83: .opt.value = &ciphers_config.verbose,
84: .value = 1,
85: },
86: {
87: .name = "V",
88: .desc = "Provide cipher listing with cipher suite values",
89: .type = OPTION_VALUE,
90: .opt.value = &ciphers_config.verbose,
91: .value = 2,
92: },
1.3 jsing 93: { NULL },
1.1 jsing 94: };
95:
1.2 jsing 96: static void
97: ciphers_usage(void)
98: {
1.14 tb 99: fprintf(stderr, "usage: ciphers [-hsVv] [-tls1] [-tls1_1] [-tls1_2] "
100: "[-tls1_3] [cipherlist]\n");
1.2 jsing 101: options_usage(ciphers_options);
102: }
1.1 jsing 103:
104: int
105: ciphers_main(int argc, char **argv)
106: {
1.2 jsing 107: char *cipherlist = NULL;
108: STACK_OF(SSL_CIPHER) *ciphers;
1.11 tb 109: STACK_OF(SSL_CIPHER) *supported_ciphers = NULL;
1.2 jsing 110: const SSL_CIPHER *cipher;
111: SSL_CTX *ssl_ctx = NULL;
1.1 jsing 112: SSL *ssl = NULL;
1.2 jsing 113: uint16_t value;
114: int i, rv = 0;
1.1 jsing 115: char *desc;
1.7 doug 116:
1.16 joshua 117: if (pledge("stdio rpath", NULL) == -1) {
118: perror("pledge");
119: exit(1);
1.7 doug 120: }
1.3 jsing 121:
122: memset(&ciphers_config, 0, sizeof(ciphers_config));
1.1 jsing 123:
1.2 jsing 124: if (options_parse(argc, argv, ciphers_options, &cipherlist,
125: NULL) != 0) {
126: ciphers_usage();
127: return (1);
128: }
1.1 jsing 129:
1.2 jsing 130: if (ciphers_config.usage) {
131: ciphers_usage();
132: return (1);
1.1 jsing 133: }
134:
1.14 tb 135: if ((ssl_ctx = SSL_CTX_new(TLS_method())) == NULL)
1.1 jsing 136: goto err;
1.14 tb 137:
138: if (ciphers_config.version != 0) {
139: if (!SSL_CTX_set_min_proto_version(ssl_ctx,
140: ciphers_config.version))
141: goto err;
142: if (!SSL_CTX_set_max_proto_version(ssl_ctx,
143: ciphers_config.version))
144: goto err;
145: }
1.2 jsing 146:
147: if (cipherlist != NULL) {
148: if (SSL_CTX_set_cipher_list(ssl_ctx, cipherlist) == 0)
1.1 jsing 149: goto err;
150: }
1.2 jsing 151:
152: if ((ssl = SSL_new(ssl_ctx)) == NULL)
1.1 jsing 153: goto err;
154:
1.11 tb 155: if (ciphers_config.use_supported) {
156: if ((supported_ciphers =
157: SSL_get1_supported_ciphers(ssl)) == NULL)
158: goto err;
159: ciphers = supported_ciphers;
160: } else {
161: if ((ciphers = SSL_get_ciphers(ssl)) == NULL)
162: goto err;
163: }
1.2 jsing 164:
165: for (i = 0; i < sk_SSL_CIPHER_num(ciphers); i++) {
166: cipher = sk_SSL_CIPHER_value(ciphers, i);
167: if (ciphers_config.verbose == 0) {
168: fprintf(stdout, "%s%s", (i ? ":" : ""),
169: SSL_CIPHER_get_name(cipher));
170: continue;
171: }
172: if (ciphers_config.verbose > 1) {
173: value = SSL_CIPHER_get_value(cipher);
1.4 bcook 174: fprintf(stdout, "%-*s0x%02X,0x%02X - ", 10, "",
1.15 tb 175: ((value >> 8) & 0xff), (value & 0xff));
1.1 jsing 176: }
1.2 jsing 177: desc = SSL_CIPHER_description(cipher, NULL, 0);
178: if (strcmp(desc, "OPENSSL_malloc Error") == 0) {
179: fprintf(stderr, "out of memory\n");
180: goto err;
1.1 jsing 181: }
1.2 jsing 182: fprintf(stdout, "%s", desc);
183: free(desc);
1.1 jsing 184: }
1.2 jsing 185: if (ciphers_config.verbose == 0)
186: fprintf(stdout, "\n");
187:
188: goto done;
1.1 jsing 189:
1.9 jsing 190: err:
1.2 jsing 191: ERR_print_errors_fp(stderr);
192: rv = 1;
1.1 jsing 193:
1.9 jsing 194: done:
1.11 tb 195: sk_SSL_CIPHER_free(supported_ciphers);
1.2 jsing 196: SSL_CTX_free(ssl_ctx);
197: SSL_free(ssl);
1.1 jsing 198:
1.2 jsing 199: return (rv);
1.1 jsing 200: }
![[BACK]](/icons/back.gif){kind=icon}
Return to ciphers.c CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / src / usr.bin / openssl