kris
/
boringssl
1
0
Форк 0
Код Проблеми 0 Запити на злиття 0 Релізи 0 Вікі Активність
Ви не можете вибрати більше 25 тем Теми мають розпочинатися з літери або цифри, можуть містити дефіси (-) і не повинні перевищувати 35 символів.
3902 Коміти
12 Гілки
38 MiB
Дерево: 4c341d0299
Гілки Теги
${ item.name }
Створити гілку ${ searchTerm }
з '4c341d0299'
${ noResults }
boringssl/tool/ciphers.cc

ciphers.cc 2.0 KiB
Неформатований Звичайний вигляд Історія

Add ciphers option to bssl. This simply converts a cipher suite string to the list of cipher suites that it implies. Change-Id: Id8b31086715d619ea6601c40a6eb84dc0d8c500d Reviewed-on: https://boringssl-review.googlesource.com/6370 Reviewed-by: Adam Langley <agl@google.com>
9 роки тому
Replace Scoped* heap types with bssl::UniquePtr. Unlike the Scoped* types, bssl::UniquePtr is available to C++ users, and offered for a large variety of types. The 'extern "C++"' trick is used to make the C++ bits digestible to C callers that wrap header files in 'extern "C"'. Change-Id: Ifbca4c2997d6628e33028c7d7620c72aff0f862e Reviewed-on: https://boringssl-review.googlesource.com/10521 Reviewed-by: David Benjamin <davidben@google.com> Commit-Queue: David Benjamin <davidben@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
8 роки тому
Add new cipherlist-setting APIs that reject nonsense. The new APIs are SSL_CTX_set_strict_cipher_list() and SSL_set_strict_cipher_list(). They have two motivations: First, typos in cipher lists can go undetected for a long time, and can have surprising consequences when silently ignored. Second, there is a tendency to use superstition in the construction of cipher lists, for example by "turning off" things that do not actually exist. This leads to the corrosive belief that DEFAULT and ALL ought not to be trusted. This belief is false. Change-Id: I42909b69186e0b4cf45457e5c0bc968f6bbf231a Reviewed-on: https://boringssl-review.googlesource.com/13925 Commit-Queue: Matt Braithwaite <mab@google.com> Reviewed-by: Matt Braithwaite <mab@google.com>
7 роки тому
Add ciphers option to bssl. This simply converts a cipher suite string to the list of cipher suites that it implies. Change-Id: Id8b31086715d619ea6601c40a6eb84dc0d8c500d Reviewed-on: https://boringssl-review.googlesource.com/6370 Reviewed-by: Adam Langley <agl@google.com>
9 роки тому
 12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364 
  1. /* Copyright (c) 2015, Google Inc.

  2.  *

  3.  * Permission to use, copy, modify, and/or distribute this software for any

  4.  * purpose with or without fee is hereby granted, provided that the above

  5.  * copyright notice and this permission notice appear in all copies.

  6.  *

  7.  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES

  8.  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF

  9.  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY

  10.  * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES

  11.  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION

  12.  * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN

  13.  * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */

  14. 

  15. #include <string>

  16. #include <vector>

  17. 

  18. #include <stdint.h>

  19. #include <stdlib.h>

  20. 

  21. #include <openssl/ssl.h>

  22. 

  23. #include "internal.h"

  24. 

  25. 

  26. bool Ciphers(const std::vector<std::string> &args) {

  27.   if (args.size() != 1) {

  28.     fprintf(stderr, "Usage: bssl ciphers <cipher suite string>\n");

  29.     return false;

  30.   }

  31. 

  32.   const std::string &ciphers_string = args.back();

  33. 

  34.   bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(SSLv23_client_method()));

  35.   if (!SSL_CTX_set_strict_cipher_list(ctx.get(), ciphers_string.c_str())) {

  36.     fprintf(stderr, "Failed to parse cipher suite config.\n");

  37.     ERR_print_errors_fp(stderr);

  38.     return false;

  39.   }

  40. 

  41.   const struct ssl_cipher_preference_list_st *pref_list = ctx->cipher_list;

  42.   STACK_OF(SSL_CIPHER) *ciphers = pref_list->ciphers;

  43. 

  44.   bool last_in_group = false;

  45.   for (size_t i = 0; i < sk_SSL_CIPHER_num(ciphers); i++) {

  46.     bool in_group = pref_list->in_group_flags[i];

  47.     const SSL_CIPHER *cipher = sk_SSL_CIPHER_value(ciphers, i);

  48. 

  49.     if (in_group && !last_in_group) {

  50.       printf("[\n  ");

  51.     } else if (last_in_group) {

  52.       printf("  ");

  53.     }

  54. 

  55.     printf("%s\n", SSL_CIPHER_get_name(cipher));

  56. 

  57.     if (!in_group && last_in_group) {

  58.       printf("]\n");

  59.     }

  60.     last_in_group = in_group;

  61.   }

  62. 

  63.   return true;

  64. }