1 /* 2 * Copyright (c) 2015, 2020 Joel Sing <jsing@openbsd.org> 3 * 4 * Permission to use, copy, modify, and distribute this software for any 5 * purpose with or without fee is hereby granted, provided that the above 6 * copyright notice and this permission notice appear in all copies. 7 * 8 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 9 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 10 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 11 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 12 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 13 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 14 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 15 */ 16 17 #include <openssl/evp.h> 18 #include <openssl/objects.h> 19 #include <openssl/ssl.h> 20 21 #include <err.h> 22 #include <stdio.h> 23 #include <string.h> 24 25 int ssl3_num_ciphers(void); 26 const SSL_CIPHER *ssl3_get_cipher_by_index(int idx); 27 28 int ssl_parse_ciphersuites(STACK_OF(SSL_CIPHER) **out_ciphers, const char *str); 29 30 static inline int 31 ssl_aes_is_accelerated(void) 32 { 33 return (OPENSSL_cpu_caps() & CRYPTO_CPU_CAPS_ACCELERATED_AES) != 0; 34 } 35 36 static int 37 check_cipher_order(void) 38 { 39 unsigned long id, prev_id = 0; 40 const SSL_CIPHER *cipher; 41 int num_ciphers; 42 int i; 43 44 num_ciphers = ssl3_num_ciphers(); 45 46 for (i = 0; i < num_ciphers; i++) { 47 if ((cipher = ssl3_get_cipher_by_index(i)) == NULL) { 48 fprintf(stderr, "FAIL: ssl3_get_cipher(%d) returned " 49 "NULL\n", i); 50 return 1; 51 } 52 if ((id = SSL_CIPHER_get_id(cipher)) <= prev_id) { 53 fprintf(stderr, "FAIL: ssl3_ciphers is not sorted by " 54 "id - cipher %d (%lx) <= cipher %d (%lx)\n", 55 i, id, i - 1, prev_id); 56 return 1; 57 } 58 prev_id = id; 59 } 60 61 return 0; 62 } 63 64 struct ssl_cipher_test { 65 uint16_t value; 66 int auth_nid; 67 int cipher_nid; 68 int digest_nid; 69 int handshake_digest_nid; 70 int kx_nid; 71 int strength_bits; 72 int symmetric_bits; 73 int is_aead; 74 }; 75 76 static const struct ssl_cipher_test ssl_cipher_tests[] = { 77 { 78 .value = 0x0004, 79 .auth_nid = NID_auth_rsa, 80 .cipher_nid = NID_rc4, 81 .digest_nid = NID_md5, 82 .handshake_digest_nid = NID_sha256, 83 .kx_nid = NID_kx_rsa, 84 .strength_bits = 128, 85 .symmetric_bits = 128, 86 }, 87 { 88 .value = 0x0005, 89 .auth_nid = NID_auth_rsa, 90 .cipher_nid = NID_rc4, 91 .digest_nid = NID_sha1, 92 .handshake_digest_nid = NID_sha256, 93 .kx_nid = NID_kx_rsa, 94 .strength_bits = 128, 95 .symmetric_bits = 128, 96 }, 97 { 98 .value = 0x000a, 99 .auth_nid = NID_auth_rsa, 100 .cipher_nid = NID_des_ede3_cbc, 101 .digest_nid = NID_sha1, 102 .handshake_digest_nid = NID_sha256, 103 .kx_nid = NID_kx_rsa, 104 .strength_bits = 112, 105 .symmetric_bits = 168, 106 }, 107 { 108 .value = 0x0016, 109 .auth_nid = NID_auth_rsa, 110 .cipher_nid = NID_des_ede3_cbc, 111 .digest_nid = NID_sha1, 112 .handshake_digest_nid = NID_sha256, 113 .kx_nid = NID_kx_dhe, 114 .strength_bits = 112, 115 .symmetric_bits = 168, 116 }, 117 { 118 .value = 0x0018, 119 .auth_nid = NID_auth_null, 120 .cipher_nid = NID_rc4, 121 .digest_nid = NID_md5, 122 .handshake_digest_nid = NID_sha256, 123 .kx_nid = NID_kx_dhe, 124 .strength_bits = 128, 125 .symmetric_bits = 128, 126 }, 127 { 128 .value = 0x001b, 129 .auth_nid = NID_auth_null, 130 .cipher_nid = NID_des_ede3_cbc, 131 .digest_nid = NID_sha1, 132 .handshake_digest_nid = NID_sha256, 133 .kx_nid = NID_kx_dhe, 134 .strength_bits = 112, 135 .symmetric_bits = 168, 136 }, 137 { 138 .value = 0x002f, 139 .auth_nid = NID_auth_rsa, 140 .cipher_nid = NID_aes_128_cbc, 141 .digest_nid = NID_sha1, 142 .handshake_digest_nid = NID_sha256, 143 .kx_nid = NID_kx_rsa, 144 .strength_bits = 128, 145 .symmetric_bits = 128, 146 }, 147 { 148 .value = 0x0033, 149 .auth_nid = NID_auth_rsa, 150 .cipher_nid = NID_aes_128_cbc, 151 .digest_nid = NID_sha1, 152 .handshake_digest_nid = NID_sha256, 153 .kx_nid = NID_kx_dhe, 154 .strength_bits = 128, 155 .symmetric_bits = 128, 156 }, 157 { 158 .value = 0x0034, 159 .auth_nid = NID_auth_null, 160 .cipher_nid = NID_aes_128_cbc, 161 .digest_nid = NID_sha1, 162 .handshake_digest_nid = NID_sha256, 163 .kx_nid = NID_kx_dhe, 164 .strength_bits = 128, 165 .symmetric_bits = 128, 166 }, 167 { 168 .value = 0x0035, 169 .auth_nid = NID_auth_rsa, 170 .cipher_nid = NID_aes_256_cbc, 171 .digest_nid = NID_sha1, 172 .handshake_digest_nid = NID_sha256, 173 .kx_nid = NID_kx_rsa, 174 .strength_bits = 256, 175 .symmetric_bits = 256, 176 }, 177 { 178 .value = 0x0039, 179 .auth_nid = NID_auth_rsa, 180 .cipher_nid = NID_aes_256_cbc, 181 .digest_nid = NID_sha1, 182 .handshake_digest_nid = NID_sha256, 183 .kx_nid = NID_kx_dhe, 184 .strength_bits = 256, 185 .symmetric_bits = 256, 186 }, 187 { 188 .value = 0x003a, 189 .auth_nid = NID_auth_null, 190 .cipher_nid = NID_aes_256_cbc, 191 .digest_nid = NID_sha1, 192 .handshake_digest_nid = NID_sha256, 193 .kx_nid = NID_kx_dhe, 194 .strength_bits = 256, 195 .symmetric_bits = 256, 196 }, 197 { 198 .value = 0x003c, 199 .auth_nid = NID_auth_rsa, 200 .cipher_nid = NID_aes_128_cbc, 201 .digest_nid = NID_sha256, 202 .handshake_digest_nid = NID_sha256, 203 .kx_nid = NID_kx_rsa, 204 .strength_bits = 128, 205 .symmetric_bits = 128, 206 }, 207 { 208 .value = 0x003d, 209 .auth_nid = NID_auth_rsa, 210 .cipher_nid = NID_aes_256_cbc, 211 .digest_nid = NID_sha256, 212 .handshake_digest_nid = NID_sha256, 213 .kx_nid = NID_kx_rsa, 214 .strength_bits = 256, 215 .symmetric_bits = 256, 216 }, 217 { 218 .value = 0x0041, 219 .auth_nid = NID_auth_rsa, 220 .cipher_nid = NID_camellia_128_cbc, 221 .digest_nid = NID_sha1, 222 .handshake_digest_nid = NID_sha256, 223 .kx_nid = NID_kx_rsa, 224 .strength_bits = 128, 225 .symmetric_bits = 128, 226 }, 227 { 228 .value = 0x0045, 229 .auth_nid = NID_auth_rsa, 230 .cipher_nid = NID_camellia_128_cbc, 231 .digest_nid = NID_sha1, 232 .handshake_digest_nid = NID_sha256, 233 .kx_nid = NID_kx_dhe, 234 .strength_bits = 128, 235 .symmetric_bits = 128, 236 }, 237 { 238 .value = 0x0046, 239 .auth_nid = NID_auth_null, 240 .cipher_nid = NID_camellia_128_cbc, 241 .digest_nid = NID_sha1, 242 .handshake_digest_nid = NID_sha256, 243 .kx_nid = NID_kx_dhe, 244 .strength_bits = 128, 245 .symmetric_bits = 128, 246 }, 247 { 248 .value = 0x0067, 249 .auth_nid = NID_auth_rsa, 250 .cipher_nid = NID_aes_128_cbc, 251 .digest_nid = NID_sha256, 252 .handshake_digest_nid = NID_sha256, 253 .kx_nid = NID_kx_dhe, 254 .strength_bits = 128, 255 .symmetric_bits = 128, 256 }, 257 { 258 .value = 0x006b, 259 .auth_nid = NID_auth_rsa, 260 .cipher_nid = NID_aes_256_cbc, 261 .digest_nid = NID_sha256, 262 .handshake_digest_nid = NID_sha256, 263 .kx_nid = NID_kx_dhe, 264 .strength_bits = 256, 265 .symmetric_bits = 256, 266 }, 267 { 268 .value = 0x006c, 269 .auth_nid = NID_auth_null, 270 .cipher_nid = NID_aes_128_cbc, 271 .digest_nid = NID_sha256, 272 .handshake_digest_nid = NID_sha256, 273 .kx_nid = NID_kx_dhe, 274 .strength_bits = 128, 275 .symmetric_bits = 128, 276 }, 277 { 278 .value = 0x006d, 279 .auth_nid = NID_auth_null, 280 .cipher_nid = NID_aes_256_cbc, 281 .digest_nid = NID_sha256, 282 .handshake_digest_nid = NID_sha256, 283 .kx_nid = NID_kx_dhe, 284 .strength_bits = 256, 285 .symmetric_bits = 256, 286 }, 287 { 288 .value = 0x0084, 289 .auth_nid = NID_auth_rsa, 290 .cipher_nid = NID_camellia_256_cbc, 291 .digest_nid = NID_sha1, 292 .handshake_digest_nid = NID_sha256, 293 .kx_nid = NID_kx_rsa, 294 .strength_bits = 256, 295 .symmetric_bits = 256, 296 }, 297 { 298 .value = 0x0088, 299 .auth_nid = NID_auth_rsa, 300 .cipher_nid = NID_camellia_256_cbc, 301 .digest_nid = NID_sha1, 302 .handshake_digest_nid = NID_sha256, 303 .kx_nid = NID_kx_dhe, 304 .strength_bits = 256, 305 .symmetric_bits = 256, 306 }, 307 { 308 .value = 0x0089, 309 .auth_nid = NID_auth_null, 310 .cipher_nid = NID_camellia_256_cbc, 311 .digest_nid = NID_sha1, 312 .handshake_digest_nid = NID_sha256, 313 .kx_nid = NID_kx_dhe, 314 .strength_bits = 256, 315 .symmetric_bits = 256, 316 }, 317 { 318 .value = 0x009c, 319 .auth_nid = NID_auth_rsa, 320 .cipher_nid = NID_aes_128_gcm, 321 .digest_nid = NID_undef, 322 .handshake_digest_nid = NID_sha256, 323 .kx_nid = NID_kx_rsa, 324 .strength_bits = 128, 325 .symmetric_bits = 128, 326 .is_aead = 1, 327 }, 328 { 329 .value = 0x009d, 330 .auth_nid = NID_auth_rsa, 331 .cipher_nid = NID_aes_256_gcm, 332 .digest_nid = NID_undef, 333 .handshake_digest_nid = NID_sha384, 334 .kx_nid = NID_kx_rsa, 335 .strength_bits = 256, 336 .symmetric_bits = 256, 337 .is_aead = 1, 338 }, 339 { 340 .value = 0x009e, 341 .auth_nid = NID_auth_rsa, 342 .cipher_nid = NID_aes_128_gcm, 343 .digest_nid = NID_undef, 344 .handshake_digest_nid = NID_sha256, 345 .kx_nid = NID_kx_dhe, 346 .strength_bits = 128, 347 .symmetric_bits = 128, 348 .is_aead = 1, 349 }, 350 { 351 .value = 0x009f, 352 .auth_nid = NID_auth_rsa, 353 .cipher_nid = NID_aes_256_gcm, 354 .digest_nid = NID_undef, 355 .handshake_digest_nid = NID_sha384, 356 .kx_nid = NID_kx_dhe, 357 .strength_bits = 256, 358 .symmetric_bits = 256, 359 .is_aead = 1, 360 }, 361 { 362 .value = 0x00a6, 363 .auth_nid = NID_auth_null, 364 .cipher_nid = NID_aes_128_gcm, 365 .digest_nid = NID_undef, 366 .handshake_digest_nid = NID_sha256, 367 .kx_nid = NID_kx_dhe, 368 .strength_bits = 128, 369 .symmetric_bits = 128, 370 .is_aead = 1, 371 }, 372 { 373 .value = 0x00a7, 374 .auth_nid = NID_auth_null, 375 .cipher_nid = NID_aes_256_gcm, 376 .digest_nid = NID_undef, 377 .handshake_digest_nid = NID_sha384, 378 .kx_nid = NID_kx_dhe, 379 .strength_bits = 256, 380 .symmetric_bits = 256, 381 .is_aead = 1, 382 }, 383 { 384 .value = 0x00ba, 385 .auth_nid = NID_auth_rsa, 386 .cipher_nid = NID_camellia_128_cbc, 387 .digest_nid = NID_sha256, 388 .handshake_digest_nid = NID_sha256, 389 .kx_nid = NID_kx_rsa, 390 .strength_bits = 128, 391 .symmetric_bits = 128, 392 }, 393 { 394 .value = 0x00be, 395 .auth_nid = NID_auth_rsa, 396 .cipher_nid = NID_camellia_128_cbc, 397 .digest_nid = NID_sha256, 398 .handshake_digest_nid = NID_sha256, 399 .kx_nid = NID_kx_dhe, 400 .strength_bits = 128, 401 .symmetric_bits = 128, 402 }, 403 { 404 .value = 0x00bf, 405 .auth_nid = NID_auth_null, 406 .cipher_nid = NID_camellia_128_cbc, 407 .digest_nid = NID_sha256, 408 .handshake_digest_nid = NID_sha256, 409 .kx_nid = NID_kx_dhe, 410 .strength_bits = 128, 411 .symmetric_bits = 128, 412 }, 413 { 414 .value = 0x00c0, 415 .auth_nid = NID_auth_rsa, 416 .cipher_nid = NID_camellia_256_cbc, 417 .digest_nid = NID_sha256, 418 .handshake_digest_nid = NID_sha256, 419 .kx_nid = NID_kx_rsa, 420 .strength_bits = 256, 421 .symmetric_bits = 256, 422 }, 423 { 424 .value = 0x00c4, 425 .auth_nid = NID_auth_rsa, 426 .cipher_nid = NID_camellia_256_cbc, 427 .digest_nid = NID_sha256, 428 .handshake_digest_nid = NID_sha256, 429 .kx_nid = NID_kx_dhe, 430 .strength_bits = 256, 431 .symmetric_bits = 256, 432 }, 433 { 434 .value = 0x00c5, 435 .auth_nid = NID_auth_null, 436 .cipher_nid = NID_camellia_256_cbc, 437 .digest_nid = NID_sha256, 438 .handshake_digest_nid = NID_sha256, 439 .kx_nid = NID_kx_dhe, 440 .strength_bits = 256, 441 .symmetric_bits = 256, 442 }, 443 { 444 .value = 0x1301, 445 .auth_nid = NID_undef, 446 .cipher_nid = NID_aes_128_gcm, 447 .digest_nid = NID_undef, 448 .handshake_digest_nid = NID_sha256, 449 .kx_nid = NID_undef, 450 .strength_bits = 128, 451 .symmetric_bits = 128, 452 .is_aead = 1, 453 }, 454 { 455 .value = 0x1302, 456 .auth_nid = NID_undef, 457 .cipher_nid = NID_aes_256_gcm, 458 .digest_nid = NID_undef, 459 .handshake_digest_nid = NID_sha384, 460 .kx_nid = NID_undef, 461 .strength_bits = 256, 462 .symmetric_bits = 256, 463 .is_aead = 1, 464 }, 465 { 466 .value = 0x1303, 467 .auth_nid = NID_undef, 468 .cipher_nid = NID_chacha20_poly1305, 469 .digest_nid = NID_undef, 470 .handshake_digest_nid = NID_sha256, 471 .kx_nid = NID_undef, 472 .strength_bits = 256, 473 .symmetric_bits = 256, 474 .is_aead = 1, 475 }, 476 { 477 .value = 0xc007, 478 .auth_nid = NID_auth_ecdsa, 479 .cipher_nid = NID_rc4, 480 .digest_nid = NID_sha1, 481 .handshake_digest_nid = NID_sha256, 482 .kx_nid = NID_kx_ecdhe, 483 .strength_bits = 128, 484 .symmetric_bits = 128, 485 }, 486 { 487 .value = 0xc008, 488 .auth_nid = NID_auth_ecdsa, 489 .cipher_nid = NID_des_ede3_cbc, 490 .digest_nid = NID_sha1, 491 .handshake_digest_nid = NID_sha256, 492 .kx_nid = NID_kx_ecdhe, 493 .strength_bits = 112, 494 .symmetric_bits = 168, 495 }, 496 { 497 .value = 0xc009, 498 .auth_nid = NID_auth_ecdsa, 499 .cipher_nid = NID_aes_128_cbc, 500 .digest_nid = NID_sha1, 501 .handshake_digest_nid = NID_sha256, 502 .kx_nid = NID_kx_ecdhe, 503 .strength_bits = 128, 504 .symmetric_bits = 128, 505 }, 506 { 507 .value = 0xc00a, 508 .auth_nid = NID_auth_ecdsa, 509 .cipher_nid = NID_aes_256_cbc, 510 .digest_nid = NID_sha1, 511 .handshake_digest_nid = NID_sha256, 512 .kx_nid = NID_kx_ecdhe, 513 .strength_bits = 256, 514 .symmetric_bits = 256, 515 }, 516 { 517 .value = 0xc011, 518 .auth_nid = NID_auth_rsa, 519 .cipher_nid = NID_rc4, 520 .digest_nid = NID_sha1, 521 .handshake_digest_nid = NID_sha256, 522 .kx_nid = NID_kx_ecdhe, 523 .strength_bits = 128, 524 .symmetric_bits = 128, 525 }, 526 { 527 .value = 0xc012, 528 .auth_nid = NID_auth_rsa, 529 .cipher_nid = NID_des_ede3_cbc, 530 .digest_nid = NID_sha1, 531 .handshake_digest_nid = NID_sha256, 532 .kx_nid = NID_kx_ecdhe, 533 .strength_bits = 112, 534 .symmetric_bits = 168, 535 }, 536 { 537 .value = 0xc013, 538 .auth_nid = NID_auth_rsa, 539 .cipher_nid = NID_aes_128_cbc, 540 .digest_nid = NID_sha1, 541 .handshake_digest_nid = NID_sha256, 542 .kx_nid = NID_kx_ecdhe, 543 .strength_bits = 128, 544 .symmetric_bits = 128, 545 }, 546 { 547 .value = 0xc014, 548 .auth_nid = NID_auth_rsa, 549 .cipher_nid = NID_aes_256_cbc, 550 .digest_nid = NID_sha1, 551 .handshake_digest_nid = NID_sha256, 552 .kx_nid = NID_kx_ecdhe, 553 .strength_bits = 256, 554 .symmetric_bits = 256, 555 }, 556 { 557 .value = 0xc016, 558 .auth_nid = NID_auth_null, 559 .cipher_nid = NID_rc4, 560 .digest_nid = NID_sha1, 561 .handshake_digest_nid = NID_sha256, 562 .kx_nid = NID_kx_ecdhe, 563 .strength_bits = 128, 564 .symmetric_bits = 128, 565 }, 566 { 567 .value = 0xc017, 568 .auth_nid = NID_auth_null, 569 .cipher_nid = NID_des_ede3_cbc, 570 .digest_nid = NID_sha1, 571 .handshake_digest_nid = NID_sha256, 572 .kx_nid = NID_kx_ecdhe, 573 .strength_bits = 112, 574 .symmetric_bits = 168, 575 }, 576 { 577 .value = 0xc018, 578 .auth_nid = NID_auth_null, 579 .cipher_nid = NID_aes_128_cbc, 580 .digest_nid = NID_sha1, 581 .handshake_digest_nid = NID_sha256, 582 .kx_nid = NID_kx_ecdhe, 583 .strength_bits = 128, 584 .symmetric_bits = 128, 585 }, 586 { 587 .value = 0xc019, 588 .auth_nid = NID_auth_null, 589 .cipher_nid = NID_aes_256_cbc, 590 .digest_nid = NID_sha1, 591 .handshake_digest_nid = NID_sha256, 592 .kx_nid = NID_kx_ecdhe, 593 .strength_bits = 256, 594 .symmetric_bits = 256, 595 }, 596 { 597 .value = 0xc023, 598 .auth_nid = NID_auth_ecdsa, 599 .cipher_nid = NID_aes_128_cbc, 600 .digest_nid = NID_sha256, 601 .handshake_digest_nid = NID_sha256, 602 .kx_nid = NID_kx_ecdhe, 603 .strength_bits = 128, 604 .symmetric_bits = 128, 605 }, 606 { 607 .value = 0xc024, 608 .auth_nid = NID_auth_ecdsa, 609 .cipher_nid = NID_aes_256_cbc, 610 .digest_nid = NID_sha384, 611 .handshake_digest_nid = NID_sha384, 612 .kx_nid = NID_kx_ecdhe, 613 .strength_bits = 256, 614 .symmetric_bits = 256, 615 }, 616 { 617 .value = 0xc027, 618 .auth_nid = NID_auth_rsa, 619 .cipher_nid = NID_aes_128_cbc, 620 .digest_nid = NID_sha256, 621 .handshake_digest_nid = NID_sha256, 622 .kx_nid = NID_kx_ecdhe, 623 .strength_bits = 128, 624 .symmetric_bits = 128, 625 }, 626 { 627 .value = 0xc028, 628 .auth_nid = NID_auth_rsa, 629 .cipher_nid = NID_aes_256_cbc, 630 .digest_nid = NID_sha384, 631 .handshake_digest_nid = NID_sha384, 632 .kx_nid = NID_kx_ecdhe, 633 .strength_bits = 256, 634 .symmetric_bits = 256, 635 }, 636 { 637 .value = 0xc02b, 638 .auth_nid = NID_auth_ecdsa, 639 .cipher_nid = NID_aes_128_gcm, 640 .digest_nid = NID_undef, 641 .handshake_digest_nid = NID_sha256, 642 .kx_nid = NID_kx_ecdhe, 643 .strength_bits = 128, 644 .symmetric_bits = 128, 645 .is_aead = 1, 646 }, 647 { 648 .value = 0xc02c, 649 .auth_nid = NID_auth_ecdsa, 650 .cipher_nid = NID_aes_256_gcm, 651 .digest_nid = NID_undef, 652 .handshake_digest_nid = NID_sha384, 653 .kx_nid = NID_kx_ecdhe, 654 .strength_bits = 256, 655 .symmetric_bits = 256, 656 .is_aead = 1, 657 }, 658 { 659 .value = 0xc02f, 660 .auth_nid = NID_auth_rsa, 661 .cipher_nid = NID_aes_128_gcm, 662 .digest_nid = NID_undef, 663 .handshake_digest_nid = NID_sha256, 664 .kx_nid = NID_kx_ecdhe, 665 .strength_bits = 128, 666 .symmetric_bits = 128, 667 .is_aead = 1, 668 }, 669 { 670 .value = 0xc030, 671 .auth_nid = NID_auth_rsa, 672 .cipher_nid = NID_aes_256_gcm, 673 .digest_nid = NID_undef, 674 .handshake_digest_nid = NID_sha384, 675 .kx_nid = NID_kx_ecdhe, 676 .strength_bits = 256, 677 .symmetric_bits = 256, 678 .is_aead = 1, 679 }, 680 { 681 .value = 0xcca8, 682 .auth_nid = NID_auth_rsa, 683 .cipher_nid = NID_chacha20_poly1305, 684 .digest_nid = NID_undef, 685 .handshake_digest_nid = NID_sha256, 686 .kx_nid = NID_kx_ecdhe, 687 .strength_bits = 256, 688 .symmetric_bits = 256, 689 .is_aead = 1, 690 }, 691 { 692 .value = 0xcca9, 693 .auth_nid = NID_auth_ecdsa, 694 .cipher_nid = NID_chacha20_poly1305, 695 .digest_nid = NID_undef, 696 .handshake_digest_nid = NID_sha256, 697 .kx_nid = NID_kx_ecdhe, 698 .strength_bits = 256, 699 .symmetric_bits = 256, 700 .is_aead = 1, 701 }, 702 { 703 .value = 0xccaa, 704 .auth_nid = NID_auth_rsa, 705 .cipher_nid = NID_chacha20_poly1305, 706 .digest_nid = NID_undef, 707 .handshake_digest_nid = NID_sha256, 708 .kx_nid = NID_kx_dhe, 709 .strength_bits = 256, 710 .symmetric_bits = 256, 711 .is_aead = 1, 712 }, 713 }; 714 715 #define N_SSL_CIPHER_TESTS (sizeof(ssl_cipher_tests) / sizeof(ssl_cipher_tests[0])) 716 717 static int 718 test_ssl_ciphers(void) 719 { 720 int i, strength_bits, symmetric_bits; 721 const struct ssl_cipher_test *sct; 722 STACK_OF(SSL_CIPHER) *ciphers; 723 const SSL_CIPHER *cipher; 724 const EVP_MD *digest; 725 unsigned char buf[2]; 726 const char *description; 727 char desc_buf[256]; 728 SSL_CTX *ssl_ctx = NULL; 729 SSL *ssl = NULL; 730 size_t j; 731 int ret = 1; 732 733 if ((ssl_ctx = SSL_CTX_new(TLS_method())) == NULL) { 734 fprintf(stderr, "SSL_CTX_new() returned NULL\n"); 735 goto failure; 736 } 737 if ((ssl = SSL_new(ssl_ctx)) == NULL) { 738 fprintf(stderr, "SSL_new() returned NULL\n"); 739 goto failure; 740 } 741 if (!SSL_set_cipher_list(ssl, "ALL")) { 742 fprintf(stderr, "SSL_set_cipher_list failed\n"); 743 goto failure; 744 } 745 746 if ((ciphers = SSL_get_ciphers(ssl)) == NULL) { 747 fprintf(stderr, "no ciphers\n"); 748 goto failure; 749 } 750 751 if (sk_SSL_CIPHER_num(ciphers) != N_SSL_CIPHER_TESTS) { 752 fprintf(stderr, "number of ciphers mismatch (%d != %zu)\n", 753 sk_SSL_CIPHER_num(ciphers), N_SSL_CIPHER_TESTS); 754 goto failure; 755 } 756 757 for (i = 0; i < sk_SSL_CIPHER_num(ciphers); i++) { 758 uint16_t cipher_value; 759 760 cipher = sk_SSL_CIPHER_value(ciphers, i); 761 cipher_value = SSL_CIPHER_get_value(cipher); 762 763 buf[0] = cipher_value >> 8; 764 buf[1] = cipher_value & 0xff; 765 766 if ((cipher = SSL_CIPHER_find(ssl, buf)) == NULL) { 767 fprintf(stderr, "SSL_CIPHER_find() returned NULL for %s\n", 768 SSL_CIPHER_get_name(cipher)); 769 goto failure; 770 } 771 if (SSL_CIPHER_get_value(cipher) != cipher_value) { 772 fprintf(stderr, "got cipher with value 0x%04x, want 0x%04x\n", 773 SSL_CIPHER_get_value(cipher), cipher_value); 774 goto failure; 775 } 776 if (SSL_CIPHER_get_id(cipher) != (0x03000000UL | cipher_value)) { 777 fprintf(stderr, "got cipher id 0x%08lx, want 0x%08lx\n", 778 SSL_CIPHER_get_id(cipher), (0x03000000UL | cipher_value)); 779 goto failure; 780 } 781 782 sct = NULL; 783 for (j = 0; j < N_SSL_CIPHER_TESTS; j++) { 784 if (ssl_cipher_tests[j].value == cipher_value) { 785 sct = &ssl_cipher_tests[j]; 786 break; 787 } 788 } 789 if (sct == NULL) { 790 fprintf(stderr, "cipher '%s' (0x%04x) not found in test " 791 "table\n", SSL_CIPHER_get_name(cipher), cipher_value); 792 goto failure; 793 } 794 795 if (SSL_CIPHER_get_auth_nid(cipher) != sct->auth_nid) { 796 fprintf(stderr, "cipher '%s' (0x%04x) - got auth nid %d, " 797 "want %d\n", SSL_CIPHER_get_name(cipher), cipher_value, 798 SSL_CIPHER_get_auth_nid(cipher), sct->auth_nid); 799 goto failure; 800 } 801 if (SSL_CIPHER_get_cipher_nid(cipher) != sct->cipher_nid) { 802 fprintf(stderr, "cipher '%s' (0x%04x) - got cipher nid %d, " 803 "want %d\n", SSL_CIPHER_get_name(cipher), cipher_value, 804 SSL_CIPHER_get_cipher_nid(cipher), sct->cipher_nid); 805 goto failure; 806 } 807 if (SSL_CIPHER_get_digest_nid(cipher) != sct->digest_nid) { 808 fprintf(stderr, "cipher '%s' (0x%04x) - got digest nid %d, " 809 "want %d\n", SSL_CIPHER_get_name(cipher), cipher_value, 810 SSL_CIPHER_get_digest_nid(cipher), sct->digest_nid); 811 goto failure; 812 } 813 if (SSL_CIPHER_get_kx_nid(cipher) != sct->kx_nid) { 814 fprintf(stderr, "cipher '%s' (0x%04x) - got kx nid %d, " 815 "want %d\n", SSL_CIPHER_get_name(cipher), cipher_value, 816 SSL_CIPHER_get_kx_nid(cipher), sct->kx_nid); 817 goto failure; 818 } 819 820 /* Having API consistency is a wonderful thing... */ 821 digest = SSL_CIPHER_get_handshake_digest(cipher); 822 if (EVP_MD_nid(digest) != sct->handshake_digest_nid) { 823 fprintf(stderr, "cipher '%s' (0x%04x) - got handshake " 824 "digest nid %d, want %d\n", SSL_CIPHER_get_name(cipher), 825 cipher_value, EVP_MD_nid(digest), sct->handshake_digest_nid); 826 goto failure; 827 } 828 829 strength_bits = SSL_CIPHER_get_bits(cipher, &symmetric_bits); 830 if (strength_bits != sct->strength_bits) { 831 fprintf(stderr, "cipher '%s' (0x%04x) - got strength bits " 832 "%d, want %d\n", SSL_CIPHER_get_name(cipher), 833 cipher_value, strength_bits, sct->strength_bits); 834 goto failure; 835 } 836 if (symmetric_bits != sct->symmetric_bits) { 837 fprintf(stderr, "cipher '%s' (0x%04x) - got symmetric bits " 838 "%d, want %d\n", SSL_CIPHER_get_name(cipher), 839 cipher_value, symmetric_bits, sct->symmetric_bits); 840 goto failure; 841 } 842 if (SSL_CIPHER_is_aead(cipher) != sct->is_aead) { 843 fprintf(stderr, "cipher '%s' (0x%04x) - got is aead %d, " 844 "want %d\n", SSL_CIPHER_get_name(cipher), cipher_value, 845 SSL_CIPHER_is_aead(cipher), sct->is_aead); 846 goto failure; 847 } 848 849 if ((description = SSL_CIPHER_description(cipher, desc_buf, 850 sizeof(desc_buf))) != desc_buf) { 851 fprintf(stderr, "cipher '%s' (0x%04x) - failed to get " 852 "description\n", SSL_CIPHER_get_name(cipher), cipher_value); 853 goto failure; 854 } 855 } 856 857 ret = 0; 858 859 failure: 860 SSL_CTX_free(ssl_ctx); 861 SSL_free(ssl); 862 863 return (ret); 864 } 865 866 struct parse_ciphersuites_test { 867 const char *str; 868 const int want; 869 const unsigned long cids[32]; 870 }; 871 872 struct parse_ciphersuites_test parse_ciphersuites_tests[] = { 873 { 874 /* LibreSSL names. */ 875 .str = "AEAD-AES256-GCM-SHA384:AEAD-CHACHA20-POLY1305-SHA256:AEAD-AES128-GCM-SHA256", 876 .want = 1, 877 .cids = { 878 TLS1_3_CK_AES_256_GCM_SHA384, 879 TLS1_3_CK_CHACHA20_POLY1305_SHA256, 880 TLS1_3_CK_AES_128_GCM_SHA256, 881 }, 882 }, 883 { 884 /* OpenSSL names. */ 885 .str = "TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256", 886 .want = 1, 887 .cids = { 888 TLS1_3_CK_AES_256_GCM_SHA384, 889 TLS1_3_CK_CHACHA20_POLY1305_SHA256, 890 TLS1_3_CK_AES_128_GCM_SHA256, 891 }, 892 }, 893 { 894 /* Different priority order. */ 895 .str = "AEAD-AES128-GCM-SHA256:AEAD-AES256-GCM-SHA384:AEAD-CHACHA20-POLY1305-SHA256", 896 .want = 1, 897 .cids = { 898 TLS1_3_CK_AES_128_GCM_SHA256, 899 TLS1_3_CK_AES_256_GCM_SHA384, 900 TLS1_3_CK_CHACHA20_POLY1305_SHA256, 901 }, 902 }, 903 { 904 /* Known but unsupported names. */ 905 .str = "AEAD-AES256-GCM-SHA384:AEAD-AES128-CCM-SHA256:AEAD-AES128-CCM-8-SHA256", 906 .want = 1, 907 .cids = { 908 TLS1_3_CK_AES_256_GCM_SHA384, 909 }, 910 }, 911 { 912 /* Empty string means no TLSv1.3 ciphersuites. */ 913 .str = "", 914 .want = 1, 915 .cids = { 0 }, 916 }, 917 { 918 .str = "TLS_CHACHA20_POLY1305_SHA256:TLS_NOT_A_CIPHERSUITE", 919 .want = 0, 920 }, 921 { 922 .str = "TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256,TLS_AES_128_GCM_SHA256", 923 .want = 0, 924 }, 925 }; 926 927 #define N_PARSE_CIPHERSUITES_TESTS \ 928 (sizeof(parse_ciphersuites_tests) / sizeof(*parse_ciphersuites_tests)) 929 930 static int 931 parse_ciphersuites_test(void) 932 { 933 struct parse_ciphersuites_test *pct; 934 STACK_OF(SSL_CIPHER) *ciphers = NULL; 935 SSL_CIPHER *cipher; 936 int failed = 1; 937 int j, ret; 938 size_t i; 939 940 for (i = 0; i < N_PARSE_CIPHERSUITES_TESTS; i++) { 941 pct = &parse_ciphersuites_tests[i]; 942 943 ret = ssl_parse_ciphersuites(&ciphers, pct->str); 944 if (ret != pct->want) { 945 fprintf(stderr, "FAIL: test %zu - " 946 "ssl_parse_ciphersuites returned %d, want %d\n", 947 i, ret, pct->want); 948 goto failed; 949 } 950 if (ret == 0) 951 continue; 952 953 for (j = 0; j < sk_SSL_CIPHER_num(ciphers); j++) { 954 cipher = sk_SSL_CIPHER_value(ciphers, j); 955 if (SSL_CIPHER_get_id(cipher) == pct->cids[j]) 956 continue; 957 fprintf(stderr, "FAIL: test %zu - got cipher %d with " 958 "id %lx, want %lx\n", i, j, 959 SSL_CIPHER_get_id(cipher), pct->cids[j]); 960 goto failed; 961 } 962 if (pct->cids[j] != 0) { 963 fprintf(stderr, "FAIL: test %zu - got %d ciphers, " 964 "expected more", i, sk_SSL_CIPHER_num(ciphers)); 965 goto failed; 966 } 967 } 968 969 failed = 0; 970 971 failed: 972 sk_SSL_CIPHER_free(ciphers); 973 974 return failed; 975 } 976 977 struct cipher_set_test { 978 int ctx_ciphersuites_first; 979 const char *ctx_ciphersuites; 980 const char *ctx_rulestr; 981 int ssl_ciphersuites_first; 982 const char *ssl_ciphersuites; 983 const char *ssl_rulestr; 984 int cids_aes_accel_fixup; 985 unsigned long cids[32]; 986 }; 987 988 struct cipher_set_test cipher_set_tests[] = { 989 { 990 .ctx_rulestr = "TLSv1.2+ECDHE+AEAD+AES", 991 .cids_aes_accel_fixup = 1, 992 .cids = { 993 TLS1_3_CK_AES_256_GCM_SHA384, 994 TLS1_3_CK_CHACHA20_POLY1305_SHA256, 995 TLS1_3_CK_AES_128_GCM_SHA256, 996 TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384, 997 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, 998 TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 999 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 1000 }, 1001 }, 1002 { 1003 .ssl_rulestr = "TLSv1.2+ECDHE+AEAD+AES", 1004 .cids_aes_accel_fixup = 1, 1005 .cids = { 1006 TLS1_3_CK_AES_256_GCM_SHA384, 1007 TLS1_3_CK_CHACHA20_POLY1305_SHA256, 1008 TLS1_3_CK_AES_128_GCM_SHA256, 1009 TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384, 1010 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, 1011 TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 1012 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 1013 }, 1014 }, 1015 { 1016 .ctx_ciphersuites_first = 1, 1017 .ctx_ciphersuites = "AEAD-AES256-GCM-SHA384:AEAD-CHACHA20-POLY1305-SHA256", 1018 .ctx_rulestr = "TLSv1.2+ECDHE+AEAD+AES", 1019 .cids = { 1020 TLS1_3_CK_AES_256_GCM_SHA384, 1021 TLS1_3_CK_CHACHA20_POLY1305_SHA256, 1022 TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384, 1023 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, 1024 TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 1025 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 1026 }, 1027 }, 1028 { 1029 .ssl_ciphersuites_first = 1, 1030 .ssl_ciphersuites = "AEAD-AES256-GCM-SHA384:AEAD-CHACHA20-POLY1305-SHA256", 1031 .ssl_rulestr = "TLSv1.2+ECDHE+AEAD+AES", 1032 .cids = { 1033 TLS1_3_CK_AES_256_GCM_SHA384, 1034 TLS1_3_CK_CHACHA20_POLY1305_SHA256, 1035 TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384, 1036 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, 1037 TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 1038 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 1039 }, 1040 }, 1041 { 1042 .ctx_ciphersuites_first = 0, 1043 .ctx_ciphersuites = "AEAD-AES256-GCM-SHA384:AEAD-CHACHA20-POLY1305-SHA256", 1044 .ctx_rulestr = "TLSv1.2+ECDHE+AEAD+AES", 1045 .cids = { 1046 TLS1_3_CK_AES_256_GCM_SHA384, 1047 TLS1_3_CK_CHACHA20_POLY1305_SHA256, 1048 TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384, 1049 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, 1050 TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 1051 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 1052 }, 1053 }, 1054 { 1055 .ssl_ciphersuites_first = 0, 1056 .ssl_ciphersuites = "AEAD-AES256-GCM-SHA384:AEAD-CHACHA20-POLY1305-SHA256", 1057 .ssl_rulestr = "TLSv1.2+ECDHE+AEAD+AES", 1058 .cids = { 1059 TLS1_3_CK_AES_256_GCM_SHA384, 1060 TLS1_3_CK_CHACHA20_POLY1305_SHA256, 1061 TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384, 1062 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, 1063 TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 1064 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 1065 }, 1066 }, 1067 { 1068 .ssl_ciphersuites_first = 1, 1069 .ssl_ciphersuites = "", 1070 .ssl_rulestr = "TLSv1.2+ECDHE+AEAD+AES", 1071 .cids = { 1072 TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384, 1073 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, 1074 TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 1075 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 1076 }, 1077 }, 1078 { 1079 .ssl_ciphersuites_first = 0, 1080 .ssl_ciphersuites = "", 1081 .ssl_rulestr = "TLSv1.2+ECDHE+AEAD+AES", 1082 .cids = { 1083 TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384, 1084 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, 1085 TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 1086 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 1087 }, 1088 }, 1089 { 1090 .ctx_ciphersuites = "AEAD-AES256-GCM-SHA384:AEAD-CHACHA20-POLY1305-SHA256", 1091 .ssl_rulestr = "TLSv1.2+ECDHE+AEAD+AES", 1092 .cids = { 1093 TLS1_3_CK_AES_256_GCM_SHA384, 1094 TLS1_3_CK_CHACHA20_POLY1305_SHA256, 1095 TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384, 1096 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, 1097 TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 1098 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 1099 }, 1100 }, 1101 { 1102 .ctx_rulestr = "TLSv1.2+ECDHE+AEAD+AES", 1103 .ssl_ciphersuites = "AEAD-AES256-GCM-SHA384:AEAD-CHACHA20-POLY1305-SHA256", 1104 .cids = { 1105 TLS1_3_CK_AES_256_GCM_SHA384, 1106 TLS1_3_CK_CHACHA20_POLY1305_SHA256, 1107 TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384, 1108 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, 1109 TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 1110 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 1111 }, 1112 }, 1113 }; 1114 1115 #define N_CIPHER_SET_TESTS \ 1116 (sizeof(cipher_set_tests) / sizeof(*cipher_set_tests)) 1117 1118 static int 1119 cipher_set_test(void) 1120 { 1121 struct cipher_set_test *cst; 1122 STACK_OF(SSL_CIPHER) *ciphers = NULL; 1123 SSL_CIPHER *cipher; 1124 SSL_CTX *ctx = NULL; 1125 SSL *ssl = NULL; 1126 int failed = 0; 1127 size_t i; 1128 int j; 1129 1130 for (i = 0; i < N_CIPHER_SET_TESTS; i++) { 1131 cst = &cipher_set_tests[i]; 1132 1133 if (!ssl_aes_is_accelerated() && cst->cids_aes_accel_fixup) { 1134 cst->cids[0] = TLS1_3_CK_CHACHA20_POLY1305_SHA256; 1135 cst->cids[1] = TLS1_3_CK_AES_256_GCM_SHA384; 1136 } 1137 1138 if ((ctx = SSL_CTX_new(TLS_method())) == NULL) 1139 errx(1, "SSL_CTX_new"); 1140 1141 if (cst->ctx_ciphersuites_first && cst->ctx_ciphersuites != NULL) { 1142 if (!SSL_CTX_set_ciphersuites(ctx, cst->ctx_ciphersuites)) 1143 errx(1, "SSL_CTX_set_ciphersuites"); 1144 } 1145 if (cst->ctx_rulestr != NULL) { 1146 if (!SSL_CTX_set_cipher_list(ctx, cst->ctx_rulestr)) 1147 errx(1, "SSL_CTX_set_cipher_list"); 1148 } 1149 if (!cst->ctx_ciphersuites_first && cst->ctx_ciphersuites != NULL) { 1150 if (!SSL_CTX_set_ciphersuites(ctx, cst->ctx_ciphersuites)) 1151 errx(1, "SSL_CTX_set_ciphersuites"); 1152 } 1153 1154 /* XXX - check SSL_CTX_get_ciphers(ctx) */ 1155 1156 if ((ssl = SSL_new(ctx)) == NULL) 1157 errx(1, "SSL_new"); 1158 1159 if (cst->ssl_ciphersuites_first && cst->ssl_ciphersuites != NULL) { 1160 if (!SSL_set_ciphersuites(ssl, cst->ssl_ciphersuites)) 1161 errx(1, "SSL_set_ciphersuites"); 1162 } 1163 if (cst->ssl_rulestr != NULL) { 1164 if (!SSL_set_cipher_list(ssl, cst->ssl_rulestr)) 1165 errx(1, "SSL_set_cipher_list"); 1166 } 1167 if (!cst->ssl_ciphersuites_first && cst->ssl_ciphersuites != NULL) { 1168 if (!SSL_set_ciphersuites(ssl, cst->ssl_ciphersuites)) 1169 errx(1, "SSL_set_ciphersuites"); 1170 } 1171 1172 ciphers = SSL_get_ciphers(ssl); 1173 1174 for (j = 0; j < sk_SSL_CIPHER_num(ciphers); j++) { 1175 cipher = sk_SSL_CIPHER_value(ciphers, j); 1176 if (SSL_CIPHER_get_id(cipher) == cst->cids[j]) 1177 continue; 1178 fprintf(stderr, "FAIL: test %zu - got cipher %d with " 1179 "id %lx, want %lx\n", i, j, 1180 SSL_CIPHER_get_id(cipher), cst->cids[j]); 1181 failed |= 1; 1182 } 1183 if (cst->cids[j] != 0) { 1184 fprintf(stderr, "FAIL: test %zu - got %d ciphers, " 1185 "expected more", i, sk_SSL_CIPHER_num(ciphers)); 1186 failed |= 1; 1187 } 1188 1189 SSL_CTX_free(ctx); 1190 SSL_free(ssl); 1191 } 1192 1193 return failed; 1194 } 1195 1196 int 1197 main(int argc, char **argv) 1198 { 1199 int failed = 0; 1200 1201 failed |= check_cipher_order(); 1202 1203 failed |= test_ssl_ciphers(); 1204 1205 failed |= parse_ciphersuites_test(); 1206 failed |= cipher_set_test(); 1207 1208 return (failed); 1209 } 1210