X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=blobdiff_plain;f=apps%2Fciphers.c;h=cc71e50049f305569b1c79f85e9d354b33b10f9e;hp=b6e2f966d86e78d7b01c097ea655fc4932920156;hb=80c455d5ae405e855391e298a2bf8a24629dd95d;hpb=645749ef98612340b11c4bf2ba856e1fa469912b

diff --git a/apps/ciphers.c b/apps/ciphers.c
index b6e2f966d8..cc71e50049 100644
--- a/apps/ciphers.c
+++ b/apps/ciphers.c
@@ -1,207 +1,266 @@
-/* apps/ciphers.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
-#ifdef NO_STDIO
-#define APPS_WIN16
-#endif
 #include "apps.h"
+#include "progs.h"
 #include <openssl/err.h>
 #include <openssl/ssl.h>
 
-#undef PROG
-#define PROG	ciphers_main
+typedef enum OPTION_choice {
+    OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
+    OPT_STDNAME,
+    OPT_CONVERT,
+    OPT_SSL3,
+    OPT_TLS1,
+    OPT_TLS1_1,
+    OPT_TLS1_2,
+    OPT_TLS1_3,
+    OPT_PSK,
+    OPT_SRP,
+    OPT_CIPHERSUITES,
+    OPT_V, OPT_UPPER_V, OPT_S
+} OPTION_CHOICE;
 
-static char *ciphers_usage[]={
-"usage: ciphers args\n",
-" -v          - verbose mode, a textual listing of the ciphers in SSLeay\n",
-" -ssl2       - SSL2 mode\n",
-" -ssl3       - SSL3 mode\n",
-" -tls1       - TLS1 mode\n",
-NULL
+const OPTIONS ciphers_options[] = {
+    {"help", OPT_HELP, '-', "Display this summary"},
+    {"v", OPT_V, '-', "Verbose listing of the SSL/TLS ciphers"},
+    {"V", OPT_UPPER_V, '-', "Even more verbose"},
+    {"s", OPT_S, '-', "Only supported ciphers"},
+#ifndef OPENSSL_NO_SSL3
+    {"ssl3", OPT_SSL3, '-', "SSL3 mode"},
+#endif
+#ifndef OPENSSL_NO_TLS1
+    {"tls1", OPT_TLS1, '-', "TLS1 mode"},
+#endif
+#ifndef OPENSSL_NO_TLS1_1
+    {"tls1_1", OPT_TLS1_1, '-', "TLS1.1 mode"},
+#endif
+#ifndef OPENSSL_NO_TLS1_2
+    {"tls1_2", OPT_TLS1_2, '-', "TLS1.2 mode"},
+#endif
+#ifndef OPENSSL_NO_TLS1_3
+    {"tls1_3", OPT_TLS1_3, '-', "TLS1.3 mode"},
+#endif
+    {"stdname", OPT_STDNAME, '-', "Show standard cipher names"},
+#ifndef OPENSSL_NO_PSK
+    {"psk", OPT_PSK, '-', "include ciphersuites requiring PSK"},
+#endif
+#ifndef OPENSSL_NO_SRP
+    {"srp", OPT_SRP, '-', "include ciphersuites requiring SRP"},
+#endif
+    {"convert", OPT_CONVERT, 's', "Convert standard name into OpenSSL name"},
+    {"ciphersuites", OPT_CIPHERSUITES, 's',
+     "Configure the TLSv1.3 ciphersuites to use"},
+    {NULL}
 };
 
-int MAIN(int, char **);
-
-int MAIN(int argc, char **argv)
-	{
-	int ret=1,i;
-	int verbose=0;
-	char **pp;
-	const char *p;
-	int badops=0;
-	SSL_CTX *ctx=NULL;
-	SSL *ssl=NULL;
-	char *ciphers=NULL;
-	SSL_METHOD *meth=NULL;
-	STACK_OF(SSL_CIPHER) *sk;
-	char buf[512];
-	BIO *STDout=NULL;
-
-#if !defined(NO_SSL2) && !defined(NO_SSL3)
-	meth=SSLv23_server_method();
-#elif !defined(NO_SSL3)
-	meth=SSLv3_server_method();
-#elif !defined(NO_SSL2)
-	meth=SSLv2_server_method();
+#ifndef OPENSSL_NO_PSK
+static unsigned int dummy_psk(SSL *ssl, const char *hint, char *identity,
+                              unsigned int max_identity_len,
+                              unsigned char *psk,
+                              unsigned int max_psk_len)
+{
+    return 0;
+}
+#endif
+#ifndef OPENSSL_NO_SRP
+static char *dummy_srp(SSL *ssl, void *arg)
+{
+    return "";
+}
 #endif
 
-	apps_startup();
-
-	if (bio_err == NULL)
-		bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
-	STDout=BIO_new_fp(stdout,BIO_NOCLOSE);
-#ifdef VMS
-	{
-	BIO *tmpbio = BIO_new(BIO_f_linebuffer());
-	STDout = BIO_push(tmpbio, STDout);
-	}
+int ciphers_main(int argc, char **argv)
+{
+    SSL_CTX *ctx = NULL;
+    SSL *ssl = NULL;
+    STACK_OF(SSL_CIPHER) *sk = NULL;
+    const SSL_METHOD *meth = TLS_server_method();
+    int ret = 1, i, verbose = 0, Verbose = 0, use_supported = 0;
+    int stdname = 0;
+#ifndef OPENSSL_NO_PSK
+    int psk = 0;
+#endif
+#ifndef OPENSSL_NO_SRP
+    int srp = 0;
 #endif
+    const char *p;
+    char *ciphers = NULL, *prog, *convert = NULL, *ciphersuites = NULL;
+    char buf[512];
+    OPTION_CHOICE o;
+    int min_version = 0, max_version = 0;
 
-	argc--;
-	argv++;
-	while (argc >= 1)
-		{
-		if (strcmp(*argv,"-v") == 0)
-			verbose=1;
-#ifndef NO_SSL2
-		else if (strcmp(*argv,"-ssl2") == 0)
-			meth=SSLv2_client_method();
+    prog = opt_init(argc, argv, ciphers_options);
+    while ((o = opt_next()) != OPT_EOF) {
+        switch (o) {
+        case OPT_EOF:
+        case OPT_ERR:
+ opthelp:
+            BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
+            goto end;
+        case OPT_HELP:
+            opt_help(ciphers_options);
+            ret = 0;
+            goto end;
+        case OPT_V:
+            verbose = 1;
+            break;
+        case OPT_UPPER_V:
+            verbose = Verbose = 1;
+            break;
+        case OPT_S:
+            use_supported = 1;
+            break;
+        case OPT_STDNAME:
+            stdname = verbose = 1;
+            break;
+        case OPT_CONVERT:
+            convert = opt_arg();
+            break;
+        case OPT_SSL3:
+            min_version = SSL3_VERSION;
+            max_version = SSL3_VERSION;
+            break;
+        case OPT_TLS1:
+            min_version = TLS1_VERSION;
+            max_version = TLS1_VERSION;
+            break;
+        case OPT_TLS1_1:
+            min_version = TLS1_1_VERSION;
+            max_version = TLS1_1_VERSION;
+            break;
+        case OPT_TLS1_2:
+            min_version = TLS1_2_VERSION;
+            max_version = TLS1_2_VERSION;
+            break;
+        case OPT_TLS1_3:
+            min_version = TLS1_3_VERSION;
+            max_version = TLS1_3_VERSION;
+            break;
+        case OPT_PSK:
+#ifndef OPENSSL_NO_PSK
+            psk = 1;
+#endif
+            break;
+        case OPT_SRP:
+#ifndef OPENSSL_NO_SRP
+            srp = 1;
 #endif
-#ifndef NO_SSL3
-		else if (strcmp(*argv,"-ssl3") == 0)
-			meth=SSLv3_client_method();
+            break;
+        case OPT_CIPHERSUITES:
+            ciphersuites = opt_arg();
+            break;
+        }
+    }
+    argv = opt_rest();
+    argc = opt_num_rest();
+
+    if (argc == 1)
+        ciphers = *argv;
+    else if (argc != 0)
+        goto opthelp;
+
+    if (convert != NULL) {
+        BIO_printf(bio_out, "OpenSSL cipher name: %s\n",
+                   OPENSSL_cipher_name(convert));
+        goto end;
+    }
+
+    ctx = SSL_CTX_new(meth);
+    if (ctx == NULL)
+        goto err;
+    if (SSL_CTX_set_min_proto_version(ctx, min_version) == 0)
+        goto err;
+    if (SSL_CTX_set_max_proto_version(ctx, max_version) == 0)
+        goto err;
+
+#ifndef OPENSSL_NO_PSK
+    if (psk)
+        SSL_CTX_set_psk_client_callback(ctx, dummy_psk);
 #endif
-#ifndef NO_TLS1
-		else if (strcmp(*argv,"-tls1") == 0)
-			meth=TLSv1_client_method();
+#ifndef OPENSSL_NO_SRP
+    if (srp)
+        SSL_CTX_set_srp_client_pwd_callback(ctx, dummy_srp);
 #endif
-		else if ((strncmp(*argv,"-h",2) == 0) ||
-			 (strcmp(*argv,"-?") == 0))
-			{
-			badops=1;
-			break;
-			}
-		else
-			{
-			ciphers= *argv;
-			}
-		argc--;
-		argv++;
-		}
-
-	if (badops)
-		{
-		for (pp=ciphers_usage; (*pp != NULL); pp++)
-			BIO_printf(bio_err,*pp);
-		goto end;
-		}
-
-	OpenSSL_add_ssl_algorithms();
-
-	ctx=SSL_CTX_new(meth);
-	if (ctx == NULL) goto err;
-	if (ciphers != NULL) {
-		if(!SSL_CTX_set_cipher_list(ctx,ciphers)) {
-			BIO_printf(bio_err, "Error in cipher list\n");
-			goto err;
-		}
-	}
-	ssl=SSL_new(ctx);
-	if (ssl == NULL) goto err;
-
-
-	if (!verbose)
-		{
-		for (i=0; ; i++)
-			{
-			p=SSL_get_cipher_list(ssl,i);
-			if (p == NULL) break;
-			if (i != 0) BIO_printf(STDout,":");
-			BIO_printf(STDout,"%s",p);
-			}
-		BIO_printf(STDout,"\n");
-		}
-	else
-		{
-		sk=SSL_get_ciphers(ssl);
-
-		for (i=0; i<sk_SSL_CIPHER_num(sk); i++)
-			{
-			BIO_puts(STDout,SSL_CIPHER_description(
-				sk_SSL_CIPHER_value(sk,i),
-				buf,512));
-			}
-		}
-
-	ret=0;
-	if (0)
-		{
-err:
-		SSL_load_error_strings();
-		ERR_print_errors(bio_err);
-		}
-end:
-	if (ctx != NULL) SSL_CTX_free(ctx);
-	if (ssl != NULL) SSL_free(ssl);
-	if (STDout != NULL) BIO_free_all(STDout);
-	EXIT(ret);
-	}
 
+    if (ciphersuites != NULL && !SSL_CTX_set_ciphersuites(ctx, ciphersuites)) {
+        BIO_printf(bio_err, "Error setting TLSv1.3 ciphersuites\n");
+        goto err;
+    }
+
+    if (ciphers != NULL) {
+        if (!SSL_CTX_set_cipher_list(ctx, ciphers)) {
+            BIO_printf(bio_err, "Error in cipher list\n");
+            goto err;
+        }
+    }
+    ssl = SSL_new(ctx);
+    if (ssl == NULL)
+        goto err;
+
+    if (use_supported)
+        sk = SSL_get1_supported_ciphers(ssl);
+    else
+        sk = SSL_get_ciphers(ssl);
+
+    if (!verbose) {
+        for (i = 0; i < sk_SSL_CIPHER_num(sk); i++) {
+            const SSL_CIPHER *c = sk_SSL_CIPHER_value(sk, i);
+            p = SSL_CIPHER_get_name(c);
+            if (p == NULL)
+                break;
+            if (i != 0)
+                BIO_printf(bio_out, ":");
+            BIO_printf(bio_out, "%s", p);
+        }
+        BIO_printf(bio_out, "\n");
+    } else {
+
+        for (i = 0; i < sk_SSL_CIPHER_num(sk); i++) {
+            const SSL_CIPHER *c;
+
+            c = sk_SSL_CIPHER_value(sk, i);
+
+            if (Verbose) {
+                unsigned long id = SSL_CIPHER_get_id(c);
+                int id0 = (int)(id >> 24);
+                int id1 = (int)((id >> 16) & 0xffL);
+                int id2 = (int)((id >> 8) & 0xffL);
+                int id3 = (int)(id & 0xffL);
+
+                if ((id & 0xff000000L) == 0x03000000L)
+                    BIO_printf(bio_out, "          0x%02X,0x%02X - ", id2, id3); /* SSL3
+                                                                                  * cipher */
+                else
+                    BIO_printf(bio_out, "0x%02X,0x%02X,0x%02X,0x%02X - ", id0, id1, id2, id3); /* whatever */
+            }
+            if (stdname) {
+                const char *nm = SSL_CIPHER_standard_name(c);
+                if (nm == NULL)
+                    nm = "UNKNOWN";
+                BIO_printf(bio_out, "%s - ", nm);
+            }
+            BIO_puts(bio_out, SSL_CIPHER_description(c, buf, sizeof(buf)));
+        }
+    }
+
+    ret = 0;
+    goto end;
+ err:
+    ERR_print_errors(bio_err);
+ end:
+    if (use_supported)
+        sk_SSL_CIPHER_free(sk);
+    SSL_CTX_free(ctx);
+    SSL_free(ssl);
+    return ret;
+}