Annotation of src/usr.bin/openssl/ciphers.c, Revision 1.2
1.2 ! jsing 1: /* $OpenBSD$ */
! 2: /*
! 3: * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
! 4: *
! 5: * Permission to use, copy, modify, and distribute this software for any
! 6: * purpose with or without fee is hereby granted, provided that the above
! 7: * copyright notice and this permission notice appear in all copies.
! 8: *
! 9: * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
! 10: * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
! 11: * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
! 12: * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
! 13: * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
! 14: * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
! 15: * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
1.1 jsing 16: */
17:
18: #include <stdio.h>
19: #include <stdlib.h>
20:
21: #include <openssl/err.h>
22: #include <openssl/ssl.h>
23:
1.2 ! jsing 24: #include "apps.h"
! 25:
! 26: struct {
! 27: int ssl_version;
! 28: int usage;
! 29: int verbose;
! 30: } ciphers_config;
! 31:
! 32: struct option ciphers_options[] = {
! 33: {
! 34: .name = "h",
! 35: .type = OPTION_FLAG,
! 36: .opt.flag = &ciphers_config.usage,
! 37: },
! 38: {
! 39: .name = "?",
! 40: .type = OPTION_FLAG,
! 41: .opt.flag = &ciphers_config.usage,
! 42: },
! 43: {
! 44: .name = "ssl3",
! 45: .desc = "Only include SSLv3 ciphers",
! 46: .type = OPTION_VALUE,
! 47: .opt.value = &ciphers_config.ssl_version,
! 48: .value = SSL3_VERSION,
! 49: },
! 50: {
! 51: .name = "tls1",
! 52: .desc = "Only include TLSv1 ciphers",
! 53: .type = OPTION_VALUE,
! 54: .opt.value = &ciphers_config.ssl_version,
! 55: .value = TLS1_VERSION,
! 56: },
! 57: {
! 58: .name = "v",
! 59: .desc = "Provide cipher listing",
! 60: .type = OPTION_VALUE,
! 61: .opt.value = &ciphers_config.verbose,
! 62: .value = 1,
! 63: },
! 64: {
! 65: .name = "V",
! 66: .desc = "Provide cipher listing with cipher suite values",
! 67: .type = OPTION_VALUE,
! 68: .opt.value = &ciphers_config.verbose,
! 69: .value = 2,
! 70: },
! 71: {},
1.1 jsing 72: };
73:
1.2 ! jsing 74: static void
! 75: ciphers_usage(void)
! 76: {
! 77: fprintf(stderr, "usage: ciphers [-hVv] [-ssl3 | -tls1] [cipherlist]\n");
! 78: options_usage(ciphers_options);
! 79: }
1.1 jsing 80:
81: int
82: ciphers_main(int argc, char **argv)
83: {
1.2 ! jsing 84: char *cipherlist = NULL;
! 85: STACK_OF(SSL_CIPHER) *ciphers;
! 86: const SSL_METHOD *ssl_method;
! 87: const SSL_CIPHER *cipher;
! 88: SSL_CTX *ssl_ctx = NULL;
1.1 jsing 89: SSL *ssl = NULL;
1.2 ! jsing 90: uint16_t value;
! 91: int i, rv = 0;
1.1 jsing 92: char *desc;
93:
1.2 ! jsing 94: if (options_parse(argc, argv, ciphers_options, &cipherlist,
! 95: NULL) != 0) {
! 96: ciphers_usage();
! 97: return (1);
! 98: }
1.1 jsing 99:
1.2 ! jsing 100: if (ciphers_config.usage) {
! 101: ciphers_usage();
! 102: return (1);
1.1 jsing 103: }
104:
1.2 ! jsing 105: switch (ciphers_config.ssl_version) {
! 106: case SSL3_VERSION:
! 107: ssl_method = SSLv3_client_method();
! 108: break;
! 109: case TLS1_VERSION:
! 110: ssl_method = TLSv1_client_method();
! 111: break;
! 112: default:
! 113: ssl_method = SSLv3_server_method();
1.1 jsing 114: }
115:
1.2 ! jsing 116: if ((ssl_ctx = SSL_CTX_new(ssl_method)) == NULL)
1.1 jsing 117: goto err;
1.2 ! jsing 118:
! 119: if (cipherlist != NULL) {
! 120: if (SSL_CTX_set_cipher_list(ssl_ctx, cipherlist) == 0)
1.1 jsing 121: goto err;
122: }
1.2 ! jsing 123:
! 124: if ((ssl = SSL_new(ssl_ctx)) == NULL)
1.1 jsing 125: goto err;
126:
1.2 ! jsing 127: if ((ciphers = SSL_get_ciphers(ssl)) == NULL)
! 128: goto err;
! 129:
! 130: for (i = 0; i < sk_SSL_CIPHER_num(ciphers); i++) {
! 131: cipher = sk_SSL_CIPHER_value(ciphers, i);
! 132: if (ciphers_config.verbose == 0) {
! 133: fprintf(stdout, "%s%s", (i ? ":" : ""),
! 134: SSL_CIPHER_get_name(cipher));
! 135: continue;
! 136: }
! 137: if (ciphers_config.verbose > 1) {
! 138: value = SSL_CIPHER_get_value(cipher);
! 139: fprintf(stdout, "%-*s0x%02hX,0x%02hX - ", 10, "",
! 140: ((value >> 8) & 0xff), (value & 0xff));
1.1 jsing 141: }
1.2 ! jsing 142: desc = SSL_CIPHER_description(cipher, NULL, 0);
! 143: if (strcmp(desc, "OPENSSL_malloc Error") == 0) {
! 144: fprintf(stderr, "out of memory\n");
! 145: goto err;
1.1 jsing 146: }
1.2 ! jsing 147: fprintf(stdout, "%s", desc);
! 148: free(desc);
1.1 jsing 149: }
1.2 ! jsing 150: if (ciphers_config.verbose == 0)
! 151: fprintf(stdout, "\n");
! 152:
! 153: goto done;
1.1 jsing 154:
155: err:
1.2 ! jsing 156: ERR_print_errors_fp(stderr);
! 157: rv = 1;
1.1 jsing 158:
1.2 ! jsing 159: done:
! 160: SSL_CTX_free(ssl_ctx);
! 161: SSL_free(ssl);
1.1 jsing 162:
1.2 ! jsing 163: return (rv);
1.1 jsing 164: }