security/nss/cmd/listsuites/listsuites.c@6474c204b198 (annotated)
security/nss/cmd/listsuites/listsuites.c
Wed, 31 Dec 2014 06:09:35 +0100
- author
- Michael Schloh von Bennewitz <michael@schloh.com>
- date
- Wed, 31 Dec 2014 06:09:35 +0100
- changeset 0
- 6474c204b198
- permissions
- -rw-r--r--
Cloned upstream origin tor-browser at tor-browser-31.3.0esr-4.5-1-build1
revision ID fc1c9ff7c1b2defdbc039f12214767608f46423f for hacking purpose.
| michael@0 | 1 | /* This Source Code Form is subject to the terms of the Mozilla Public |
| michael@0 | 2 | * License, v. 2.0. If a copy of the MPL was not distributed with this |
| michael@0 | 3 | * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ |
| michael@0 | 4 | |
| michael@0 | 5 | /* This program demonstrates the use of SSL_GetCipherSuiteInfo to avoid |
| michael@0 | 6 | * all compiled-in knowledge of SSL cipher suites. |
| michael@0 | 7 | * |
| michael@0 | 8 | * Try: ./listsuites | grep -v : | sort -b +4rn -5 +1 -2 +2 -3 +3 -4 +5r -6 |
| michael@0 | 9 | */ |
| michael@0 | 10 | |
| michael@0 | 11 | #include <errno.h> |
| michael@0 | 12 | #include <stdio.h> |
| michael@0 | 13 | #include "secport.h" |
| michael@0 | 14 | #include "ssl.h" |
| michael@0 | 15 | |
| michael@0 | 16 | int main(int argc, char **argv) |
| michael@0 | 17 | { |
| michael@0 | 18 | const PRUint16 *cipherSuites = SSL_ImplementedCiphers; |
| michael@0 | 19 | int i; |
| michael@0 | 20 | int errCount = 0; |
| michael@0 | 21 | |
| michael@0 | 22 | fputs("This version of libSSL supports these cipher suites:\n\n", stdout); |
| michael@0 | 23 | |
| michael@0 | 24 | /* disable all the SSL3 cipher suites */ |
| michael@0 | 25 | for (i = 0; i < SSL_NumImplementedCiphers; i++) { |
| michael@0 | 26 | PRUint16 suite = cipherSuites[i]; |
| michael@0 | 27 | SECStatus rv; |
| michael@0 | 28 | PRBool enabled; |
| michael@0 | 29 | PRErrorCode err; |
| michael@0 | 30 | SSLCipherSuiteInfo info; |
| michael@0 | 31 | |
| michael@0 | 32 | rv = SSL_CipherPrefGetDefault(suite, &enabled); |
| michael@0 | 33 | if (rv != SECSuccess) { |
| michael@0 | 34 | err = PR_GetError(); |
| michael@0 | 35 | ++errCount; |
| michael@0 | 36 | fprintf(stderr, |
| michael@0 | 37 | "SSL_CipherPrefGetDefault didn't like value 0x%04x (i = %d): %s\n", |
| michael@0 | 38 | suite, i, PORT_ErrorToString(err)); |
| michael@0 | 39 | continue; |
| michael@0 | 40 | } |
| michael@0 | 41 | rv = SSL_GetCipherSuiteInfo(suite, &info, (int)(sizeof info)); |
| michael@0 | 42 | if (rv != SECSuccess) { |
| michael@0 | 43 | err = PR_GetError(); |
| michael@0 | 44 | ++errCount; |
| michael@0 | 45 | fprintf(stderr, |
| michael@0 | 46 | "SSL_GetCipherSuiteInfo didn't like value 0x%04x (i = %d): %s\n", |
| michael@0 | 47 | suite, i, PORT_ErrorToString(err)); |
| michael@0 | 48 | continue; |
| michael@0 | 49 | } |
| michael@0 | 50 | fprintf(stdout, |
| michael@0 | 51 | "%s:\n" /* up to 37 spaces */ |
| michael@0 | 52 | " 0x%04hx %-5s %-5s %-8s %3hd %-6s %-8s %-4s %-8s %-11s\n", |
| michael@0 | 53 | info.cipherSuiteName, info.cipherSuite, |
| michael@0 | 54 | info.keaTypeName, info.authAlgorithmName, info.symCipherName, |
| michael@0 | 55 | info.effectiveKeyBits, info.macAlgorithmName, |
| michael@0 | 56 | enabled ? "Enabled" : "Disabled", |
| michael@0 | 57 | info.isFIPS ? "FIPS" : |
| michael@0 | 58 | (SSL_IS_SSL2_CIPHER(info.cipherSuite) ? "SSL2" : ""), |
| michael@0 | 59 | info.isExportable ? "Export" : "Domestic", |
| michael@0 | 60 | info.nonStandard ? "nonStandard" : ""); |
| michael@0 | 61 | } |
| michael@0 | 62 | return errCount; |
| michael@0 | 63 | } |
