Refactored show_available_* functions

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: David Sommerseth <davids@redhat.com>
Signed-off-by: David Sommerseth <davids@redhat.com>

1 files changed, 121 insertions, 0 deletions

diff --git a/crypto_openssl.c b/crypto_openssl.c
index 9e547b4..9edcf40 100644
--- a/crypto_openssl.c
+++ b/crypto_openssl.c
@@ -51,6 +51,127 @@
 
 /*
  *
+ * Workarounds for incompatibilites between OpenSSL libraries.
+ * Right now we accept OpenSSL libraries from 0.9.5 to 0.9.7.
+ *
+ */
+
+#if SSLEAY_VERSION_NUMBER < 0x00907000L
+
+#endif
+
+#if SSLEAY_VERSION_NUMBER < 0x00906000
+
+static inline bool
+cipher_ok (const char* name)
+{
+  const int i = strlen (name) - 4;
+  if (i >= 0)
+    return !strcmp (name + i, "-CBC");
+  else
+    return false;
+}
+
+#else
+
+static inline bool
+cipher_ok (const char* name)
+{
+  return true;
+}
+
+#endif
+
+#if SSLEAY_VERSION_NUMBER < 0x0090581f
+
+#endif
+
+void
+show_available_ciphers ()
+{
+  int nid;
+
+#ifndef ENABLE_SMALL
+  printf ("The following ciphers and cipher modes are available\n"
+	  "for use with " PACKAGE_NAME ".  Each cipher shown below may be\n"
+	  "used as a parameter to the --cipher option.  The default\n"
+	  "key size is shown as well as whether or not it can be\n"
+          "changed with the --keysize directive.  Using a CBC mode\n"
+	  "is recommended.\n\n");
+#endif
+
+  for (nid = 0; nid < 10000; ++nid)	/* is there a better way to get the size of the nid list? */
+    {
+      const EVP_CIPHER *cipher = EVP_get_cipherbynid (nid);
+      if (cipher && cipher_ok (OBJ_nid2sn (nid)))
+	{
+	  const unsigned int mode = EVP_CIPHER_mode (cipher);
+	  if (mode == EVP_CIPH_CBC_MODE
+#ifdef ALLOW_NON_CBC_CIPHERS
+	      || mode == EVP_CIPH_CFB_MODE || mode == EVP_CIPH_OFB_MODE
+#endif
+	      )
+	    printf ("%s %d bit default key (%s)\n",
+		    OBJ_nid2sn (nid),
+		    EVP_CIPHER_key_length (cipher) * 8,
+		    ((EVP_CIPHER_flags (cipher) & EVP_CIPH_VARIABLE_LENGTH) ?
+		     "variable" : "fixed"));
+	}
+    }
+  printf ("\n");
+}
+
+void
+show_available_digests ()
+{
+  int nid;
+
+#ifndef ENABLE_SMALL
+  printf ("The following message digests are available for use with\n"
+	  PACKAGE_NAME ".  A message digest is used in conjunction with\n"
+	  "the HMAC function, to authenticate received packets.\n"
+	  "You can specify a message digest as parameter to\n"
+	  "the --auth option.\n\n");
+#endif
+
+  for (nid = 0; nid < 10000; ++nid)
+    {
+      const EVP_MD *digest = EVP_get_digestbynid (nid);
+      if (digest)
+	{
+	  printf ("%s %d bit digest size\n",
+		  OBJ_nid2sn (nid), EVP_MD_size (digest) * 8);
+	}
+    }
+  printf ("\n");
+}
+
+void
+show_available_engines ()
+{
+#if CRYPTO_ENGINE /* Only defined for OpenSSL */
+  ENGINE *e;
+
+  printf ("OpenSSL Crypto Engines\n\n");
+
+  ENGINE_load_builtin_engines ();
+
+  e = ENGINE_get_first ();
+  while (e)
+    {
+      printf ("%s [%s]\n",
+	      ENGINE_get_name (e),
+	      ENGINE_get_id (e));
+      e = ENGINE_get_next (e);
+    }
+  ENGINE_cleanup ();
+#else
+  printf ("Sorry, OpenSSL hardware crypto engine functionality is not available.\n");
+#endif
+}
+
+/*
+ *
  * Random number functions, used in cases where we want
  * reasonably strong cryptographic random number generation
  * without depleting our entropy pool.  Used for random