diff options
Diffstat (limited to 'src/usr.bin/openssl/ciphers.c')
| -rw-r--r-- | src/usr.bin/openssl/ciphers.c | 24 |
1 files changed, 20 insertions, 4 deletions
diff --git a/src/usr.bin/openssl/ciphers.c b/src/usr.bin/openssl/ciphers.c index a20f19c3af..6a96dfcc92 100644 --- a/src/usr.bin/openssl/ciphers.c +++ b/src/usr.bin/openssl/ciphers.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ciphers.c,v 1.10 2019/07/14 03:30:45 guenther Exp $ */ | 1 | /* $OpenBSD: ciphers.c,v 1.11 2022/07/14 08:07:54 tb Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2014 Joel Sing <jsing@openbsd.org> | 3 | * Copyright (c) 2014 Joel Sing <jsing@openbsd.org> |
| 4 | * | 4 | * |
| @@ -26,6 +26,7 @@ | |||
| 26 | 26 | ||
| 27 | struct { | 27 | struct { |
| 28 | int usage; | 28 | int usage; |
| 29 | int use_supported; | ||
| 29 | int verbose; | 30 | int verbose; |
| 30 | } ciphers_config; | 31 | } ciphers_config; |
| 31 | 32 | ||
| @@ -41,6 +42,12 @@ static const struct option ciphers_options[] = { | |||
| 41 | .opt.flag = &ciphers_config.usage, | 42 | .opt.flag = &ciphers_config.usage, |
| 42 | }, | 43 | }, |
| 43 | { | 44 | { |
| 45 | .name = "s", | ||
| 46 | .desc = "Only list ciphers that are supported by the TLS method", | ||
| 47 | .type = OPTION_FLAG, | ||
| 48 | .opt.flag = &ciphers_config.use_supported, | ||
| 49 | }, | ||
| 50 | { | ||
| 44 | .name = "tls1", | 51 | .name = "tls1", |
| 45 | .desc = "This option is deprecated since it is the default", | 52 | .desc = "This option is deprecated since it is the default", |
| 46 | .type = OPTION_DISCARD, | 53 | .type = OPTION_DISCARD, |
| @@ -65,7 +72,7 @@ static const struct option ciphers_options[] = { | |||
| 65 | static void | 72 | static void |
| 66 | ciphers_usage(void) | 73 | ciphers_usage(void) |
| 67 | { | 74 | { |
| 68 | fprintf(stderr, "usage: ciphers [-hVv] [-tls1] [cipherlist]\n"); | 75 | fprintf(stderr, "usage: ciphers [-hsVv] [-tls1] [cipherlist]\n"); |
| 69 | options_usage(ciphers_options); | 76 | options_usage(ciphers_options); |
| 70 | } | 77 | } |
| 71 | 78 | ||
| @@ -74,6 +81,7 @@ ciphers_main(int argc, char **argv) | |||
| 74 | { | 81 | { |
| 75 | char *cipherlist = NULL; | 82 | char *cipherlist = NULL; |
| 76 | STACK_OF(SSL_CIPHER) *ciphers; | 83 | STACK_OF(SSL_CIPHER) *ciphers; |
| 84 | STACK_OF(SSL_CIPHER) *supported_ciphers = NULL; | ||
| 77 | const SSL_CIPHER *cipher; | 85 | const SSL_CIPHER *cipher; |
| 78 | SSL_CTX *ssl_ctx = NULL; | 86 | SSL_CTX *ssl_ctx = NULL; |
| 79 | SSL *ssl = NULL; | 87 | SSL *ssl = NULL; |
| @@ -112,8 +120,15 @@ ciphers_main(int argc, char **argv) | |||
| 112 | if ((ssl = SSL_new(ssl_ctx)) == NULL) | 120 | if ((ssl = SSL_new(ssl_ctx)) == NULL) |
| 113 | goto err; | 121 | goto err; |
| 114 | 122 | ||
| 115 | if ((ciphers = SSL_get_ciphers(ssl)) == NULL) | 123 | if (ciphers_config.use_supported) { |
| 116 | goto err; | 124 | if ((supported_ciphers = |
| 125 | SSL_get1_supported_ciphers(ssl)) == NULL) | ||
| 126 | goto err; | ||
| 127 | ciphers = supported_ciphers; | ||
| 128 | } else { | ||
| 129 | if ((ciphers = SSL_get_ciphers(ssl)) == NULL) | ||
| 130 | goto err; | ||
| 131 | } | ||
| 117 | 132 | ||
| 118 | for (i = 0; i < sk_SSL_CIPHER_num(ciphers); i++) { | 133 | for (i = 0; i < sk_SSL_CIPHER_num(ciphers); i++) { |
| 119 | cipher = sk_SSL_CIPHER_value(ciphers, i); | 134 | cipher = sk_SSL_CIPHER_value(ciphers, i); |
| @@ -145,6 +160,7 @@ ciphers_main(int argc, char **argv) | |||
| 145 | rv = 1; | 160 | rv = 1; |
| 146 | 161 | ||
| 147 | done: | 162 | done: |
| 163 | sk_SSL_CIPHER_free(supported_ciphers); | ||
| 148 | SSL_CTX_free(ssl_ctx); | 164 | SSL_CTX_free(ssl_ctx); |
| 149 | SSL_free(ssl); | 165 | SSL_free(ssl); |
| 150 | 166 | ||