1 /* $OpenBSD: ciphers.c,v 1.9 2018/02/07 05:47:55 jsing Exp $ */
3 * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
5 * Permission to use, copy, modify, and distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
21 #include <openssl/err.h>
22 #include <openssl/ssl.h>
32 struct option ciphers_options
[] = {
36 .opt
.flag
= &ciphers_config
.usage
,
41 .opt
.flag
= &ciphers_config
.usage
,
45 .desc
= "This option is deprecated since it is the default",
46 .type
= OPTION_DISCARD
,
50 .desc
= "Provide cipher listing",
52 .opt
.value
= &ciphers_config
.verbose
,
57 .desc
= "Provide cipher listing with cipher suite values",
59 .opt
.value
= &ciphers_config
.verbose
,
68 fprintf(stderr
, "usage: ciphers [-hVv] [-tls1] [cipherlist]\n");
69 options_usage(ciphers_options
);
73 ciphers_main(int argc
, char **argv
)
75 char *cipherlist
= NULL
;
76 STACK_OF(SSL_CIPHER
) *ciphers
;
77 const SSL_CIPHER
*cipher
;
78 SSL_CTX
*ssl_ctx
= NULL
;
84 if (single_execution
) {
85 if (pledge("stdio rpath", NULL
) == -1) {
91 memset(&ciphers_config
, 0, sizeof(ciphers_config
));
93 if (options_parse(argc
, argv
, ciphers_options
, &cipherlist
,
99 if (ciphers_config
.usage
) {
104 if ((ssl_ctx
= SSL_CTX_new(TLSv1_client_method())) == NULL
)
107 if (cipherlist
!= NULL
) {
108 if (SSL_CTX_set_cipher_list(ssl_ctx
, cipherlist
) == 0)
112 if ((ssl
= SSL_new(ssl_ctx
)) == NULL
)
115 if ((ciphers
= SSL_get_ciphers(ssl
)) == NULL
)
118 for (i
= 0; i
< sk_SSL_CIPHER_num(ciphers
); i
++) {
119 cipher
= sk_SSL_CIPHER_value(ciphers
, i
);
120 if (ciphers_config
.verbose
== 0) {
121 fprintf(stdout
, "%s%s", (i
? ":" : ""),
122 SSL_CIPHER_get_name(cipher
));
125 if (ciphers_config
.verbose
> 1) {
126 value
= SSL_CIPHER_get_value(cipher
);
127 fprintf(stdout
, "%-*s0x%02X,0x%02X - ", 10, "",
128 ((value
>> 8) & 0xff), (value
& 0xff));
130 desc
= SSL_CIPHER_description(cipher
, NULL
, 0);
131 if (strcmp(desc
, "OPENSSL_malloc Error") == 0) {
132 fprintf(stderr
, "out of memory\n");
135 fprintf(stdout
, "%s", desc
);
138 if (ciphers_config
.verbose
== 0)
139 fprintf(stdout
, "\n");
144 ERR_print_errors_fp(stderr
);
148 SSL_CTX_free(ssl_ctx
);