1bd69bbf0Sjsing /* 26b911d76Sjsing * Copyright (c) 2015, 2020 Joel Sing <jsing@openbsd.org> 3bd69bbf0Sjsing * 4bd69bbf0Sjsing * Permission to use, copy, modify, and distribute this software for any 5bd69bbf0Sjsing * purpose with or without fee is hereby granted, provided that the above 6bd69bbf0Sjsing * copyright notice and this permission notice appear in all copies. 7bd69bbf0Sjsing * 8bd69bbf0Sjsing * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 9bd69bbf0Sjsing * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 10bd69bbf0Sjsing * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 11bd69bbf0Sjsing * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 12bd69bbf0Sjsing * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 13bd69bbf0Sjsing * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 14bd69bbf0Sjsing * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 15bd69bbf0Sjsing */ 16bd69bbf0Sjsing 176cd8a8c9Sjsing #include <openssl/evp.h> 186cd8a8c9Sjsing #include <openssl/objects.h> 19bd69bbf0Sjsing #include <openssl/ssl.h> 20bd69bbf0Sjsing 21bd69bbf0Sjsing #include <err.h> 22bd69bbf0Sjsing #include <stdio.h> 23bd69bbf0Sjsing #include <string.h> 24bd69bbf0Sjsing 256676c440Sjsing int ssl3_num_ciphers(void); 26b7814219Sjsing const SSL_CIPHER *ssl3_get_cipher_by_index(int idx); 276676c440Sjsing 286b911d76Sjsing int ssl_parse_ciphersuites(STACK_OF(SSL_CIPHER) **out_ciphers, const char *str); 296b911d76Sjsing 30e5c1aa10Sjsing static inline int 31e5c1aa10Sjsing ssl_aes_is_accelerated(void) 32e5c1aa10Sjsing { 33*a75d20e9Sjsing return (OPENSSL_cpu_caps() & CRYPTO_CPU_CAPS_ACCELERATED_AES) != 0; 34e5c1aa10Sjsing } 35e5c1aa10Sjsing 36bd69bbf0Sjsing static int 376676c440Sjsing check_cipher_order(void) 386676c440Sjsing { 396676c440Sjsing unsigned long id, prev_id = 0; 406676c440Sjsing const SSL_CIPHER *cipher; 416676c440Sjsing int num_ciphers; 426676c440Sjsing int i; 436676c440Sjsing 446676c440Sjsing num_ciphers = ssl3_num_ciphers(); 456676c440Sjsing 46b7814219Sjsing for (i = 0; i < num_ciphers; i++) { 47b7814219Sjsing if ((cipher = ssl3_get_cipher_by_index(i)) == NULL) { 486676c440Sjsing fprintf(stderr, "FAIL: ssl3_get_cipher(%d) returned " 496676c440Sjsing "NULL\n", i); 506676c440Sjsing return 1; 516676c440Sjsing } 526676c440Sjsing if ((id = SSL_CIPHER_get_id(cipher)) <= prev_id) { 536676c440Sjsing fprintf(stderr, "FAIL: ssl3_ciphers is not sorted by " 546676c440Sjsing "id - cipher %d (%lx) <= cipher %d (%lx)\n", 556676c440Sjsing i, id, i - 1, prev_id); 566676c440Sjsing return 1; 576676c440Sjsing } 586676c440Sjsing prev_id = id; 596676c440Sjsing } 606676c440Sjsing 616676c440Sjsing return 0; 626676c440Sjsing } 636676c440Sjsing 646cd8a8c9Sjsing struct ssl_cipher_test { 656cd8a8c9Sjsing uint16_t value; 666cd8a8c9Sjsing int auth_nid; 676cd8a8c9Sjsing int cipher_nid; 686cd8a8c9Sjsing int digest_nid; 696cd8a8c9Sjsing int handshake_digest_nid; 706cd8a8c9Sjsing int kx_nid; 716cd8a8c9Sjsing int strength_bits; 726cd8a8c9Sjsing int symmetric_bits; 736cd8a8c9Sjsing int is_aead; 746cd8a8c9Sjsing }; 756cd8a8c9Sjsing 766cd8a8c9Sjsing static const struct ssl_cipher_test ssl_cipher_tests[] = { 77bd69bbf0Sjsing { 786cd8a8c9Sjsing .value = 0x0004, 796cd8a8c9Sjsing .auth_nid = NID_auth_rsa, 806cd8a8c9Sjsing .cipher_nid = NID_rc4, 816cd8a8c9Sjsing .digest_nid = NID_md5, 826cd8a8c9Sjsing .handshake_digest_nid = NID_sha256, 836cd8a8c9Sjsing .kx_nid = NID_kx_rsa, 846cd8a8c9Sjsing .strength_bits = 128, 856cd8a8c9Sjsing .symmetric_bits = 128, 866cd8a8c9Sjsing }, 876cd8a8c9Sjsing { 886cd8a8c9Sjsing .value = 0x0005, 896cd8a8c9Sjsing .auth_nid = NID_auth_rsa, 906cd8a8c9Sjsing .cipher_nid = NID_rc4, 916cd8a8c9Sjsing .digest_nid = NID_sha1, 926cd8a8c9Sjsing .handshake_digest_nid = NID_sha256, 936cd8a8c9Sjsing .kx_nid = NID_kx_rsa, 946cd8a8c9Sjsing .strength_bits = 128, 956cd8a8c9Sjsing .symmetric_bits = 128, 966cd8a8c9Sjsing }, 976cd8a8c9Sjsing { 986cd8a8c9Sjsing .value = 0x000a, 996cd8a8c9Sjsing .auth_nid = NID_auth_rsa, 1006cd8a8c9Sjsing .cipher_nid = NID_des_ede3_cbc, 1016cd8a8c9Sjsing .digest_nid = NID_sha1, 1026cd8a8c9Sjsing .handshake_digest_nid = NID_sha256, 1036cd8a8c9Sjsing .kx_nid = NID_kx_rsa, 1046cd8a8c9Sjsing .strength_bits = 112, 1056cd8a8c9Sjsing .symmetric_bits = 168, 1066cd8a8c9Sjsing }, 1076cd8a8c9Sjsing { 1086cd8a8c9Sjsing .value = 0x0016, 1096cd8a8c9Sjsing .auth_nid = NID_auth_rsa, 1106cd8a8c9Sjsing .cipher_nid = NID_des_ede3_cbc, 1116cd8a8c9Sjsing .digest_nid = NID_sha1, 1126cd8a8c9Sjsing .handshake_digest_nid = NID_sha256, 1136cd8a8c9Sjsing .kx_nid = NID_kx_dhe, 1146cd8a8c9Sjsing .strength_bits = 112, 1156cd8a8c9Sjsing .symmetric_bits = 168, 1166cd8a8c9Sjsing }, 1176cd8a8c9Sjsing { 1186cd8a8c9Sjsing .value = 0x0018, 1196cd8a8c9Sjsing .auth_nid = NID_auth_null, 1206cd8a8c9Sjsing .cipher_nid = NID_rc4, 1216cd8a8c9Sjsing .digest_nid = NID_md5, 1226cd8a8c9Sjsing .handshake_digest_nid = NID_sha256, 1236cd8a8c9Sjsing .kx_nid = NID_kx_dhe, 1246cd8a8c9Sjsing .strength_bits = 128, 1256cd8a8c9Sjsing .symmetric_bits = 128, 1266cd8a8c9Sjsing }, 1276cd8a8c9Sjsing { 1286cd8a8c9Sjsing .value = 0x001b, 1296cd8a8c9Sjsing .auth_nid = NID_auth_null, 1306cd8a8c9Sjsing .cipher_nid = NID_des_ede3_cbc, 1316cd8a8c9Sjsing .digest_nid = NID_sha1, 1326cd8a8c9Sjsing .handshake_digest_nid = NID_sha256, 1336cd8a8c9Sjsing .kx_nid = NID_kx_dhe, 1346cd8a8c9Sjsing .strength_bits = 112, 1356cd8a8c9Sjsing .symmetric_bits = 168, 1366cd8a8c9Sjsing }, 1376cd8a8c9Sjsing { 1386cd8a8c9Sjsing .value = 0x002f, 1396cd8a8c9Sjsing .auth_nid = NID_auth_rsa, 1406cd8a8c9Sjsing .cipher_nid = NID_aes_128_cbc, 1416cd8a8c9Sjsing .digest_nid = NID_sha1, 1426cd8a8c9Sjsing .handshake_digest_nid = NID_sha256, 1436cd8a8c9Sjsing .kx_nid = NID_kx_rsa, 1446cd8a8c9Sjsing .strength_bits = 128, 1456cd8a8c9Sjsing .symmetric_bits = 128, 1466cd8a8c9Sjsing }, 1476cd8a8c9Sjsing { 1486cd8a8c9Sjsing .value = 0x0033, 1496cd8a8c9Sjsing .auth_nid = NID_auth_rsa, 1506cd8a8c9Sjsing .cipher_nid = NID_aes_128_cbc, 1516cd8a8c9Sjsing .digest_nid = NID_sha1, 1526cd8a8c9Sjsing .handshake_digest_nid = NID_sha256, 1536cd8a8c9Sjsing .kx_nid = NID_kx_dhe, 1546cd8a8c9Sjsing .strength_bits = 128, 1556cd8a8c9Sjsing .symmetric_bits = 128, 1566cd8a8c9Sjsing }, 1576cd8a8c9Sjsing { 1586cd8a8c9Sjsing .value = 0x0034, 1596cd8a8c9Sjsing .auth_nid = NID_auth_null, 1606cd8a8c9Sjsing .cipher_nid = NID_aes_128_cbc, 1616cd8a8c9Sjsing .digest_nid = NID_sha1, 1626cd8a8c9Sjsing .handshake_digest_nid = NID_sha256, 1636cd8a8c9Sjsing .kx_nid = NID_kx_dhe, 1646cd8a8c9Sjsing .strength_bits = 128, 1656cd8a8c9Sjsing .symmetric_bits = 128, 1666cd8a8c9Sjsing }, 1676cd8a8c9Sjsing { 1686cd8a8c9Sjsing .value = 0x0035, 1696cd8a8c9Sjsing .auth_nid = NID_auth_rsa, 1706cd8a8c9Sjsing .cipher_nid = NID_aes_256_cbc, 1716cd8a8c9Sjsing .digest_nid = NID_sha1, 1726cd8a8c9Sjsing .handshake_digest_nid = NID_sha256, 1736cd8a8c9Sjsing .kx_nid = NID_kx_rsa, 1746cd8a8c9Sjsing .strength_bits = 256, 1756cd8a8c9Sjsing .symmetric_bits = 256, 1766cd8a8c9Sjsing }, 1776cd8a8c9Sjsing { 1786cd8a8c9Sjsing .value = 0x0039, 1796cd8a8c9Sjsing .auth_nid = NID_auth_rsa, 1806cd8a8c9Sjsing .cipher_nid = NID_aes_256_cbc, 1816cd8a8c9Sjsing .digest_nid = NID_sha1, 1826cd8a8c9Sjsing .handshake_digest_nid = NID_sha256, 1836cd8a8c9Sjsing .kx_nid = NID_kx_dhe, 1846cd8a8c9Sjsing .strength_bits = 256, 1856cd8a8c9Sjsing .symmetric_bits = 256, 1866cd8a8c9Sjsing }, 1876cd8a8c9Sjsing { 1886cd8a8c9Sjsing .value = 0x003a, 1896cd8a8c9Sjsing .auth_nid = NID_auth_null, 1906cd8a8c9Sjsing .cipher_nid = NID_aes_256_cbc, 1916cd8a8c9Sjsing .digest_nid = NID_sha1, 1926cd8a8c9Sjsing .handshake_digest_nid = NID_sha256, 1936cd8a8c9Sjsing .kx_nid = NID_kx_dhe, 1946cd8a8c9Sjsing .strength_bits = 256, 1956cd8a8c9Sjsing .symmetric_bits = 256, 1966cd8a8c9Sjsing }, 1976cd8a8c9Sjsing { 1986cd8a8c9Sjsing .value = 0x003c, 1996cd8a8c9Sjsing .auth_nid = NID_auth_rsa, 2006cd8a8c9Sjsing .cipher_nid = NID_aes_128_cbc, 2016cd8a8c9Sjsing .digest_nid = NID_sha256, 2026cd8a8c9Sjsing .handshake_digest_nid = NID_sha256, 2036cd8a8c9Sjsing .kx_nid = NID_kx_rsa, 2046cd8a8c9Sjsing .strength_bits = 128, 2056cd8a8c9Sjsing .symmetric_bits = 128, 2066cd8a8c9Sjsing }, 2076cd8a8c9Sjsing { 2086cd8a8c9Sjsing .value = 0x003d, 2096cd8a8c9Sjsing .auth_nid = NID_auth_rsa, 2106cd8a8c9Sjsing .cipher_nid = NID_aes_256_cbc, 2116cd8a8c9Sjsing .digest_nid = NID_sha256, 2126cd8a8c9Sjsing .handshake_digest_nid = NID_sha256, 2136cd8a8c9Sjsing .kx_nid = NID_kx_rsa, 2146cd8a8c9Sjsing .strength_bits = 256, 2156cd8a8c9Sjsing .symmetric_bits = 256, 2166cd8a8c9Sjsing }, 2176cd8a8c9Sjsing { 2186cd8a8c9Sjsing .value = 0x0041, 2196cd8a8c9Sjsing .auth_nid = NID_auth_rsa, 2206cd8a8c9Sjsing .cipher_nid = NID_camellia_128_cbc, 2216cd8a8c9Sjsing .digest_nid = NID_sha1, 2226cd8a8c9Sjsing .handshake_digest_nid = NID_sha256, 2236cd8a8c9Sjsing .kx_nid = NID_kx_rsa, 2246cd8a8c9Sjsing .strength_bits = 128, 2256cd8a8c9Sjsing .symmetric_bits = 128, 2266cd8a8c9Sjsing }, 2276cd8a8c9Sjsing { 2286cd8a8c9Sjsing .value = 0x0045, 2296cd8a8c9Sjsing .auth_nid = NID_auth_rsa, 2306cd8a8c9Sjsing .cipher_nid = NID_camellia_128_cbc, 2316cd8a8c9Sjsing .digest_nid = NID_sha1, 2326cd8a8c9Sjsing .handshake_digest_nid = NID_sha256, 2336cd8a8c9Sjsing .kx_nid = NID_kx_dhe, 2346cd8a8c9Sjsing .strength_bits = 128, 2356cd8a8c9Sjsing .symmetric_bits = 128, 2366cd8a8c9Sjsing }, 2376cd8a8c9Sjsing { 2386cd8a8c9Sjsing .value = 0x0046, 2396cd8a8c9Sjsing .auth_nid = NID_auth_null, 2406cd8a8c9Sjsing .cipher_nid = NID_camellia_128_cbc, 2416cd8a8c9Sjsing .digest_nid = NID_sha1, 2426cd8a8c9Sjsing .handshake_digest_nid = NID_sha256, 2436cd8a8c9Sjsing .kx_nid = NID_kx_dhe, 2446cd8a8c9Sjsing .strength_bits = 128, 2456cd8a8c9Sjsing .symmetric_bits = 128, 2466cd8a8c9Sjsing }, 2476cd8a8c9Sjsing { 2486cd8a8c9Sjsing .value = 0x0067, 2496cd8a8c9Sjsing .auth_nid = NID_auth_rsa, 2506cd8a8c9Sjsing .cipher_nid = NID_aes_128_cbc, 2516cd8a8c9Sjsing .digest_nid = NID_sha256, 2526cd8a8c9Sjsing .handshake_digest_nid = NID_sha256, 2536cd8a8c9Sjsing .kx_nid = NID_kx_dhe, 2546cd8a8c9Sjsing .strength_bits = 128, 2556cd8a8c9Sjsing .symmetric_bits = 128, 2566cd8a8c9Sjsing }, 2576cd8a8c9Sjsing { 2586cd8a8c9Sjsing .value = 0x006b, 2596cd8a8c9Sjsing .auth_nid = NID_auth_rsa, 2606cd8a8c9Sjsing .cipher_nid = NID_aes_256_cbc, 2616cd8a8c9Sjsing .digest_nid = NID_sha256, 2626cd8a8c9Sjsing .handshake_digest_nid = NID_sha256, 2636cd8a8c9Sjsing .kx_nid = NID_kx_dhe, 2646cd8a8c9Sjsing .strength_bits = 256, 2656cd8a8c9Sjsing .symmetric_bits = 256, 2666cd8a8c9Sjsing }, 2676cd8a8c9Sjsing { 2686cd8a8c9Sjsing .value = 0x006c, 2696cd8a8c9Sjsing .auth_nid = NID_auth_null, 2706cd8a8c9Sjsing .cipher_nid = NID_aes_128_cbc, 2716cd8a8c9Sjsing .digest_nid = NID_sha256, 2726cd8a8c9Sjsing .handshake_digest_nid = NID_sha256, 2736cd8a8c9Sjsing .kx_nid = NID_kx_dhe, 2746cd8a8c9Sjsing .strength_bits = 128, 2756cd8a8c9Sjsing .symmetric_bits = 128, 2766cd8a8c9Sjsing }, 2776cd8a8c9Sjsing { 2786cd8a8c9Sjsing .value = 0x006d, 2796cd8a8c9Sjsing .auth_nid = NID_auth_null, 2806cd8a8c9Sjsing .cipher_nid = NID_aes_256_cbc, 2816cd8a8c9Sjsing .digest_nid = NID_sha256, 2826cd8a8c9Sjsing .handshake_digest_nid = NID_sha256, 2836cd8a8c9Sjsing .kx_nid = NID_kx_dhe, 2846cd8a8c9Sjsing .strength_bits = 256, 2856cd8a8c9Sjsing .symmetric_bits = 256, 2866cd8a8c9Sjsing }, 2876cd8a8c9Sjsing { 2886cd8a8c9Sjsing .value = 0x0084, 2896cd8a8c9Sjsing .auth_nid = NID_auth_rsa, 2906cd8a8c9Sjsing .cipher_nid = NID_camellia_256_cbc, 2916cd8a8c9Sjsing .digest_nid = NID_sha1, 2926cd8a8c9Sjsing .handshake_digest_nid = NID_sha256, 2936cd8a8c9Sjsing .kx_nid = NID_kx_rsa, 2946cd8a8c9Sjsing .strength_bits = 256, 2956cd8a8c9Sjsing .symmetric_bits = 256, 2966cd8a8c9Sjsing }, 2976cd8a8c9Sjsing { 2986cd8a8c9Sjsing .value = 0x0088, 2996cd8a8c9Sjsing .auth_nid = NID_auth_rsa, 3006cd8a8c9Sjsing .cipher_nid = NID_camellia_256_cbc, 3016cd8a8c9Sjsing .digest_nid = NID_sha1, 3026cd8a8c9Sjsing .handshake_digest_nid = NID_sha256, 3036cd8a8c9Sjsing .kx_nid = NID_kx_dhe, 3046cd8a8c9Sjsing .strength_bits = 256, 3056cd8a8c9Sjsing .symmetric_bits = 256, 3066cd8a8c9Sjsing }, 3076cd8a8c9Sjsing { 3086cd8a8c9Sjsing .value = 0x0089, 3096cd8a8c9Sjsing .auth_nid = NID_auth_null, 3106cd8a8c9Sjsing .cipher_nid = NID_camellia_256_cbc, 3116cd8a8c9Sjsing .digest_nid = NID_sha1, 3126cd8a8c9Sjsing .handshake_digest_nid = NID_sha256, 3136cd8a8c9Sjsing .kx_nid = NID_kx_dhe, 3146cd8a8c9Sjsing .strength_bits = 256, 3156cd8a8c9Sjsing .symmetric_bits = 256, 3166cd8a8c9Sjsing }, 3176cd8a8c9Sjsing { 3186cd8a8c9Sjsing .value = 0x009c, 3196cd8a8c9Sjsing .auth_nid = NID_auth_rsa, 3206cd8a8c9Sjsing .cipher_nid = NID_aes_128_gcm, 3216cd8a8c9Sjsing .digest_nid = NID_undef, 3226cd8a8c9Sjsing .handshake_digest_nid = NID_sha256, 3236cd8a8c9Sjsing .kx_nid = NID_kx_rsa, 3246cd8a8c9Sjsing .strength_bits = 128, 3256cd8a8c9Sjsing .symmetric_bits = 128, 3266cd8a8c9Sjsing .is_aead = 1, 3276cd8a8c9Sjsing }, 3286cd8a8c9Sjsing { 3296cd8a8c9Sjsing .value = 0x009d, 3306cd8a8c9Sjsing .auth_nid = NID_auth_rsa, 3316cd8a8c9Sjsing .cipher_nid = NID_aes_256_gcm, 3326cd8a8c9Sjsing .digest_nid = NID_undef, 3336cd8a8c9Sjsing .handshake_digest_nid = NID_sha384, 3346cd8a8c9Sjsing .kx_nid = NID_kx_rsa, 3356cd8a8c9Sjsing .strength_bits = 256, 3366cd8a8c9Sjsing .symmetric_bits = 256, 3376cd8a8c9Sjsing .is_aead = 1, 3386cd8a8c9Sjsing }, 3396cd8a8c9Sjsing { 3406cd8a8c9Sjsing .value = 0x009e, 3416cd8a8c9Sjsing .auth_nid = NID_auth_rsa, 3426cd8a8c9Sjsing .cipher_nid = NID_aes_128_gcm, 3436cd8a8c9Sjsing .digest_nid = NID_undef, 3446cd8a8c9Sjsing .handshake_digest_nid = NID_sha256, 3456cd8a8c9Sjsing .kx_nid = NID_kx_dhe, 3466cd8a8c9Sjsing .strength_bits = 128, 3476cd8a8c9Sjsing .symmetric_bits = 128, 3486cd8a8c9Sjsing .is_aead = 1, 3496cd8a8c9Sjsing }, 3506cd8a8c9Sjsing { 3516cd8a8c9Sjsing .value = 0x009f, 3526cd8a8c9Sjsing .auth_nid = NID_auth_rsa, 3536cd8a8c9Sjsing .cipher_nid = NID_aes_256_gcm, 3546cd8a8c9Sjsing .digest_nid = NID_undef, 3556cd8a8c9Sjsing .handshake_digest_nid = NID_sha384, 3566cd8a8c9Sjsing .kx_nid = NID_kx_dhe, 3576cd8a8c9Sjsing .strength_bits = 256, 3586cd8a8c9Sjsing .symmetric_bits = 256, 3596cd8a8c9Sjsing .is_aead = 1, 3606cd8a8c9Sjsing }, 3616cd8a8c9Sjsing { 3626cd8a8c9Sjsing .value = 0x00a6, 3636cd8a8c9Sjsing .auth_nid = NID_auth_null, 3646cd8a8c9Sjsing .cipher_nid = NID_aes_128_gcm, 3656cd8a8c9Sjsing .digest_nid = NID_undef, 3666cd8a8c9Sjsing .handshake_digest_nid = NID_sha256, 3676cd8a8c9Sjsing .kx_nid = NID_kx_dhe, 3686cd8a8c9Sjsing .strength_bits = 128, 3696cd8a8c9Sjsing .symmetric_bits = 128, 3706cd8a8c9Sjsing .is_aead = 1, 3716cd8a8c9Sjsing }, 3726cd8a8c9Sjsing { 3736cd8a8c9Sjsing .value = 0x00a7, 3746cd8a8c9Sjsing .auth_nid = NID_auth_null, 3756cd8a8c9Sjsing .cipher_nid = NID_aes_256_gcm, 3766cd8a8c9Sjsing .digest_nid = NID_undef, 3776cd8a8c9Sjsing .handshake_digest_nid = NID_sha384, 3786cd8a8c9Sjsing .kx_nid = NID_kx_dhe, 3796cd8a8c9Sjsing .strength_bits = 256, 3806cd8a8c9Sjsing .symmetric_bits = 256, 3816cd8a8c9Sjsing .is_aead = 1, 3826cd8a8c9Sjsing }, 3836cd8a8c9Sjsing { 3846cd8a8c9Sjsing .value = 0x00ba, 3856cd8a8c9Sjsing .auth_nid = NID_auth_rsa, 3866cd8a8c9Sjsing .cipher_nid = NID_camellia_128_cbc, 3876cd8a8c9Sjsing .digest_nid = NID_sha256, 3886cd8a8c9Sjsing .handshake_digest_nid = NID_sha256, 3896cd8a8c9Sjsing .kx_nid = NID_kx_rsa, 3906cd8a8c9Sjsing .strength_bits = 128, 3916cd8a8c9Sjsing .symmetric_bits = 128, 3926cd8a8c9Sjsing }, 3936cd8a8c9Sjsing { 3946cd8a8c9Sjsing .value = 0x00be, 3956cd8a8c9Sjsing .auth_nid = NID_auth_rsa, 3966cd8a8c9Sjsing .cipher_nid = NID_camellia_128_cbc, 3976cd8a8c9Sjsing .digest_nid = NID_sha256, 3986cd8a8c9Sjsing .handshake_digest_nid = NID_sha256, 3996cd8a8c9Sjsing .kx_nid = NID_kx_dhe, 4006cd8a8c9Sjsing .strength_bits = 128, 4016cd8a8c9Sjsing .symmetric_bits = 128, 4026cd8a8c9Sjsing }, 4036cd8a8c9Sjsing { 4046cd8a8c9Sjsing .value = 0x00bf, 4056cd8a8c9Sjsing .auth_nid = NID_auth_null, 4066cd8a8c9Sjsing .cipher_nid = NID_camellia_128_cbc, 4076cd8a8c9Sjsing .digest_nid = NID_sha256, 4086cd8a8c9Sjsing .handshake_digest_nid = NID_sha256, 4096cd8a8c9Sjsing .kx_nid = NID_kx_dhe, 4106cd8a8c9Sjsing .strength_bits = 128, 4116cd8a8c9Sjsing .symmetric_bits = 128, 4126cd8a8c9Sjsing }, 4136cd8a8c9Sjsing { 4146cd8a8c9Sjsing .value = 0x00c0, 4156cd8a8c9Sjsing .auth_nid = NID_auth_rsa, 4166cd8a8c9Sjsing .cipher_nid = NID_camellia_256_cbc, 4176cd8a8c9Sjsing .digest_nid = NID_sha256, 4186cd8a8c9Sjsing .handshake_digest_nid = NID_sha256, 4196cd8a8c9Sjsing .kx_nid = NID_kx_rsa, 4206cd8a8c9Sjsing .strength_bits = 256, 4216cd8a8c9Sjsing .symmetric_bits = 256, 4226cd8a8c9Sjsing }, 4236cd8a8c9Sjsing { 4246cd8a8c9Sjsing .value = 0x00c4, 4256cd8a8c9Sjsing .auth_nid = NID_auth_rsa, 4266cd8a8c9Sjsing .cipher_nid = NID_camellia_256_cbc, 4276cd8a8c9Sjsing .digest_nid = NID_sha256, 4286cd8a8c9Sjsing .handshake_digest_nid = NID_sha256, 4296cd8a8c9Sjsing .kx_nid = NID_kx_dhe, 4306cd8a8c9Sjsing .strength_bits = 256, 4316cd8a8c9Sjsing .symmetric_bits = 256, 4326cd8a8c9Sjsing }, 4336cd8a8c9Sjsing { 4346cd8a8c9Sjsing .value = 0x00c5, 4356cd8a8c9Sjsing .auth_nid = NID_auth_null, 4366cd8a8c9Sjsing .cipher_nid = NID_camellia_256_cbc, 4376cd8a8c9Sjsing .digest_nid = NID_sha256, 4386cd8a8c9Sjsing .handshake_digest_nid = NID_sha256, 4396cd8a8c9Sjsing .kx_nid = NID_kx_dhe, 4406cd8a8c9Sjsing .strength_bits = 256, 4416cd8a8c9Sjsing .symmetric_bits = 256, 4426cd8a8c9Sjsing }, 4436cd8a8c9Sjsing { 4446cd8a8c9Sjsing .value = 0x1301, 4456cd8a8c9Sjsing .auth_nid = NID_undef, 4466cd8a8c9Sjsing .cipher_nid = NID_aes_128_gcm, 4476cd8a8c9Sjsing .digest_nid = NID_undef, 4486cd8a8c9Sjsing .handshake_digest_nid = NID_sha256, 4496cd8a8c9Sjsing .kx_nid = NID_undef, 4506cd8a8c9Sjsing .strength_bits = 128, 4516cd8a8c9Sjsing .symmetric_bits = 128, 4526cd8a8c9Sjsing .is_aead = 1, 4536cd8a8c9Sjsing }, 4546cd8a8c9Sjsing { 4556cd8a8c9Sjsing .value = 0x1302, 4566cd8a8c9Sjsing .auth_nid = NID_undef, 4576cd8a8c9Sjsing .cipher_nid = NID_aes_256_gcm, 4586cd8a8c9Sjsing .digest_nid = NID_undef, 4596cd8a8c9Sjsing .handshake_digest_nid = NID_sha384, 4606cd8a8c9Sjsing .kx_nid = NID_undef, 4616cd8a8c9Sjsing .strength_bits = 256, 4626cd8a8c9Sjsing .symmetric_bits = 256, 4636cd8a8c9Sjsing .is_aead = 1, 4646cd8a8c9Sjsing }, 4656cd8a8c9Sjsing { 4666cd8a8c9Sjsing .value = 0x1303, 4676cd8a8c9Sjsing .auth_nid = NID_undef, 4686cd8a8c9Sjsing .cipher_nid = NID_chacha20_poly1305, 4696cd8a8c9Sjsing .digest_nid = NID_undef, 4706cd8a8c9Sjsing .handshake_digest_nid = NID_sha256, 4716cd8a8c9Sjsing .kx_nid = NID_undef, 4726cd8a8c9Sjsing .strength_bits = 256, 4736cd8a8c9Sjsing .symmetric_bits = 256, 4746cd8a8c9Sjsing .is_aead = 1, 4756cd8a8c9Sjsing }, 4766cd8a8c9Sjsing { 4776cd8a8c9Sjsing .value = 0xc007, 4786cd8a8c9Sjsing .auth_nid = NID_auth_ecdsa, 4796cd8a8c9Sjsing .cipher_nid = NID_rc4, 4806cd8a8c9Sjsing .digest_nid = NID_sha1, 4816cd8a8c9Sjsing .handshake_digest_nid = NID_sha256, 4826cd8a8c9Sjsing .kx_nid = NID_kx_ecdhe, 4836cd8a8c9Sjsing .strength_bits = 128, 4846cd8a8c9Sjsing .symmetric_bits = 128, 4856cd8a8c9Sjsing }, 4866cd8a8c9Sjsing { 4876cd8a8c9Sjsing .value = 0xc008, 4886cd8a8c9Sjsing .auth_nid = NID_auth_ecdsa, 4896cd8a8c9Sjsing .cipher_nid = NID_des_ede3_cbc, 4906cd8a8c9Sjsing .digest_nid = NID_sha1, 4916cd8a8c9Sjsing .handshake_digest_nid = NID_sha256, 4926cd8a8c9Sjsing .kx_nid = NID_kx_ecdhe, 4936cd8a8c9Sjsing .strength_bits = 112, 4946cd8a8c9Sjsing .symmetric_bits = 168, 4956cd8a8c9Sjsing }, 4966cd8a8c9Sjsing { 4976cd8a8c9Sjsing .value = 0xc009, 4986cd8a8c9Sjsing .auth_nid = NID_auth_ecdsa, 4996cd8a8c9Sjsing .cipher_nid = NID_aes_128_cbc, 5006cd8a8c9Sjsing .digest_nid = NID_sha1, 5016cd8a8c9Sjsing .handshake_digest_nid = NID_sha256, 5026cd8a8c9Sjsing .kx_nid = NID_kx_ecdhe, 5036cd8a8c9Sjsing .strength_bits = 128, 5046cd8a8c9Sjsing .symmetric_bits = 128, 5056cd8a8c9Sjsing }, 5066cd8a8c9Sjsing { 5076cd8a8c9Sjsing .value = 0xc00a, 5086cd8a8c9Sjsing .auth_nid = NID_auth_ecdsa, 5096cd8a8c9Sjsing .cipher_nid = NID_aes_256_cbc, 5106cd8a8c9Sjsing .digest_nid = NID_sha1, 5116cd8a8c9Sjsing .handshake_digest_nid = NID_sha256, 5126cd8a8c9Sjsing .kx_nid = NID_kx_ecdhe, 5136cd8a8c9Sjsing .strength_bits = 256, 5146cd8a8c9Sjsing .symmetric_bits = 256, 5156cd8a8c9Sjsing }, 5166cd8a8c9Sjsing { 5176cd8a8c9Sjsing .value = 0xc011, 5186cd8a8c9Sjsing .auth_nid = NID_auth_rsa, 5196cd8a8c9Sjsing .cipher_nid = NID_rc4, 5206cd8a8c9Sjsing .digest_nid = NID_sha1, 5216cd8a8c9Sjsing .handshake_digest_nid = NID_sha256, 5226cd8a8c9Sjsing .kx_nid = NID_kx_ecdhe, 5236cd8a8c9Sjsing .strength_bits = 128, 5246cd8a8c9Sjsing .symmetric_bits = 128, 5256cd8a8c9Sjsing }, 5266cd8a8c9Sjsing { 5276cd8a8c9Sjsing .value = 0xc012, 5286cd8a8c9Sjsing .auth_nid = NID_auth_rsa, 5296cd8a8c9Sjsing .cipher_nid = NID_des_ede3_cbc, 5306cd8a8c9Sjsing .digest_nid = NID_sha1, 5316cd8a8c9Sjsing .handshake_digest_nid = NID_sha256, 5326cd8a8c9Sjsing .kx_nid = NID_kx_ecdhe, 5336cd8a8c9Sjsing .strength_bits = 112, 5346cd8a8c9Sjsing .symmetric_bits = 168, 5356cd8a8c9Sjsing }, 5366cd8a8c9Sjsing { 5376cd8a8c9Sjsing .value = 0xc013, 5386cd8a8c9Sjsing .auth_nid = NID_auth_rsa, 5396cd8a8c9Sjsing .cipher_nid = NID_aes_128_cbc, 5406cd8a8c9Sjsing .digest_nid = NID_sha1, 5416cd8a8c9Sjsing .handshake_digest_nid = NID_sha256, 5426cd8a8c9Sjsing .kx_nid = NID_kx_ecdhe, 5436cd8a8c9Sjsing .strength_bits = 128, 5446cd8a8c9Sjsing .symmetric_bits = 128, 5456cd8a8c9Sjsing }, 5466cd8a8c9Sjsing { 5476cd8a8c9Sjsing .value = 0xc014, 5486cd8a8c9Sjsing .auth_nid = NID_auth_rsa, 5496cd8a8c9Sjsing .cipher_nid = NID_aes_256_cbc, 5506cd8a8c9Sjsing .digest_nid = NID_sha1, 5516cd8a8c9Sjsing .handshake_digest_nid = NID_sha256, 5526cd8a8c9Sjsing .kx_nid = NID_kx_ecdhe, 5536cd8a8c9Sjsing .strength_bits = 256, 5546cd8a8c9Sjsing .symmetric_bits = 256, 5556cd8a8c9Sjsing }, 5566cd8a8c9Sjsing { 5576cd8a8c9Sjsing .value = 0xc016, 5586cd8a8c9Sjsing .auth_nid = NID_auth_null, 5596cd8a8c9Sjsing .cipher_nid = NID_rc4, 5606cd8a8c9Sjsing .digest_nid = NID_sha1, 5616cd8a8c9Sjsing .handshake_digest_nid = NID_sha256, 5626cd8a8c9Sjsing .kx_nid = NID_kx_ecdhe, 5636cd8a8c9Sjsing .strength_bits = 128, 5646cd8a8c9Sjsing .symmetric_bits = 128, 5656cd8a8c9Sjsing }, 5666cd8a8c9Sjsing { 5676cd8a8c9Sjsing .value = 0xc017, 5686cd8a8c9Sjsing .auth_nid = NID_auth_null, 5696cd8a8c9Sjsing .cipher_nid = NID_des_ede3_cbc, 5706cd8a8c9Sjsing .digest_nid = NID_sha1, 5716cd8a8c9Sjsing .handshake_digest_nid = NID_sha256, 5726cd8a8c9Sjsing .kx_nid = NID_kx_ecdhe, 5736cd8a8c9Sjsing .strength_bits = 112, 5746cd8a8c9Sjsing .symmetric_bits = 168, 5756cd8a8c9Sjsing }, 5766cd8a8c9Sjsing { 5776cd8a8c9Sjsing .value = 0xc018, 5786cd8a8c9Sjsing .auth_nid = NID_auth_null, 5796cd8a8c9Sjsing .cipher_nid = NID_aes_128_cbc, 5806cd8a8c9Sjsing .digest_nid = NID_sha1, 5816cd8a8c9Sjsing .handshake_digest_nid = NID_sha256, 5826cd8a8c9Sjsing .kx_nid = NID_kx_ecdhe, 5836cd8a8c9Sjsing .strength_bits = 128, 5846cd8a8c9Sjsing .symmetric_bits = 128, 5856cd8a8c9Sjsing }, 5866cd8a8c9Sjsing { 5876cd8a8c9Sjsing .value = 0xc019, 5886cd8a8c9Sjsing .auth_nid = NID_auth_null, 5896cd8a8c9Sjsing .cipher_nid = NID_aes_256_cbc, 5906cd8a8c9Sjsing .digest_nid = NID_sha1, 5916cd8a8c9Sjsing .handshake_digest_nid = NID_sha256, 5926cd8a8c9Sjsing .kx_nid = NID_kx_ecdhe, 5936cd8a8c9Sjsing .strength_bits = 256, 5946cd8a8c9Sjsing .symmetric_bits = 256, 5956cd8a8c9Sjsing }, 5966cd8a8c9Sjsing { 5976cd8a8c9Sjsing .value = 0xc023, 5986cd8a8c9Sjsing .auth_nid = NID_auth_ecdsa, 5996cd8a8c9Sjsing .cipher_nid = NID_aes_128_cbc, 6006cd8a8c9Sjsing .digest_nid = NID_sha256, 6016cd8a8c9Sjsing .handshake_digest_nid = NID_sha256, 6026cd8a8c9Sjsing .kx_nid = NID_kx_ecdhe, 6036cd8a8c9Sjsing .strength_bits = 128, 6046cd8a8c9Sjsing .symmetric_bits = 128, 6056cd8a8c9Sjsing }, 6066cd8a8c9Sjsing { 6076cd8a8c9Sjsing .value = 0xc024, 6086cd8a8c9Sjsing .auth_nid = NID_auth_ecdsa, 6096cd8a8c9Sjsing .cipher_nid = NID_aes_256_cbc, 6106cd8a8c9Sjsing .digest_nid = NID_sha384, 6116cd8a8c9Sjsing .handshake_digest_nid = NID_sha384, 6126cd8a8c9Sjsing .kx_nid = NID_kx_ecdhe, 6136cd8a8c9Sjsing .strength_bits = 256, 6146cd8a8c9Sjsing .symmetric_bits = 256, 6156cd8a8c9Sjsing }, 6166cd8a8c9Sjsing { 6176cd8a8c9Sjsing .value = 0xc027, 6186cd8a8c9Sjsing .auth_nid = NID_auth_rsa, 6196cd8a8c9Sjsing .cipher_nid = NID_aes_128_cbc, 6206cd8a8c9Sjsing .digest_nid = NID_sha256, 6216cd8a8c9Sjsing .handshake_digest_nid = NID_sha256, 6226cd8a8c9Sjsing .kx_nid = NID_kx_ecdhe, 6236cd8a8c9Sjsing .strength_bits = 128, 6246cd8a8c9Sjsing .symmetric_bits = 128, 6256cd8a8c9Sjsing }, 6266cd8a8c9Sjsing { 6276cd8a8c9Sjsing .value = 0xc028, 6286cd8a8c9Sjsing .auth_nid = NID_auth_rsa, 6296cd8a8c9Sjsing .cipher_nid = NID_aes_256_cbc, 6306cd8a8c9Sjsing .digest_nid = NID_sha384, 6316cd8a8c9Sjsing .handshake_digest_nid = NID_sha384, 6326cd8a8c9Sjsing .kx_nid = NID_kx_ecdhe, 6336cd8a8c9Sjsing .strength_bits = 256, 6346cd8a8c9Sjsing .symmetric_bits = 256, 6356cd8a8c9Sjsing }, 6366cd8a8c9Sjsing { 6376cd8a8c9Sjsing .value = 0xc02b, 6386cd8a8c9Sjsing .auth_nid = NID_auth_ecdsa, 6396cd8a8c9Sjsing .cipher_nid = NID_aes_128_gcm, 6406cd8a8c9Sjsing .digest_nid = NID_undef, 6416cd8a8c9Sjsing .handshake_digest_nid = NID_sha256, 6426cd8a8c9Sjsing .kx_nid = NID_kx_ecdhe, 6436cd8a8c9Sjsing .strength_bits = 128, 6446cd8a8c9Sjsing .symmetric_bits = 128, 6456cd8a8c9Sjsing .is_aead = 1, 6466cd8a8c9Sjsing }, 6476cd8a8c9Sjsing { 6486cd8a8c9Sjsing .value = 0xc02c, 6496cd8a8c9Sjsing .auth_nid = NID_auth_ecdsa, 6506cd8a8c9Sjsing .cipher_nid = NID_aes_256_gcm, 6516cd8a8c9Sjsing .digest_nid = NID_undef, 6526cd8a8c9Sjsing .handshake_digest_nid = NID_sha384, 6536cd8a8c9Sjsing .kx_nid = NID_kx_ecdhe, 6546cd8a8c9Sjsing .strength_bits = 256, 6556cd8a8c9Sjsing .symmetric_bits = 256, 6566cd8a8c9Sjsing .is_aead = 1, 6576cd8a8c9Sjsing }, 6586cd8a8c9Sjsing { 6596cd8a8c9Sjsing .value = 0xc02f, 6606cd8a8c9Sjsing .auth_nid = NID_auth_rsa, 6616cd8a8c9Sjsing .cipher_nid = NID_aes_128_gcm, 6626cd8a8c9Sjsing .digest_nid = NID_undef, 6636cd8a8c9Sjsing .handshake_digest_nid = NID_sha256, 6646cd8a8c9Sjsing .kx_nid = NID_kx_ecdhe, 6656cd8a8c9Sjsing .strength_bits = 128, 6666cd8a8c9Sjsing .symmetric_bits = 128, 6676cd8a8c9Sjsing .is_aead = 1, 6686cd8a8c9Sjsing }, 6696cd8a8c9Sjsing { 6706cd8a8c9Sjsing .value = 0xc030, 6716cd8a8c9Sjsing .auth_nid = NID_auth_rsa, 6726cd8a8c9Sjsing .cipher_nid = NID_aes_256_gcm, 6736cd8a8c9Sjsing .digest_nid = NID_undef, 6746cd8a8c9Sjsing .handshake_digest_nid = NID_sha384, 6756cd8a8c9Sjsing .kx_nid = NID_kx_ecdhe, 6766cd8a8c9Sjsing .strength_bits = 256, 6776cd8a8c9Sjsing .symmetric_bits = 256, 6786cd8a8c9Sjsing .is_aead = 1, 6796cd8a8c9Sjsing }, 6806cd8a8c9Sjsing { 6816cd8a8c9Sjsing .value = 0xcca8, 6826cd8a8c9Sjsing .auth_nid = NID_auth_rsa, 6836cd8a8c9Sjsing .cipher_nid = NID_chacha20_poly1305, 6846cd8a8c9Sjsing .digest_nid = NID_undef, 6856cd8a8c9Sjsing .handshake_digest_nid = NID_sha256, 6866cd8a8c9Sjsing .kx_nid = NID_kx_ecdhe, 6876cd8a8c9Sjsing .strength_bits = 256, 6886cd8a8c9Sjsing .symmetric_bits = 256, 6896cd8a8c9Sjsing .is_aead = 1, 6906cd8a8c9Sjsing }, 6916cd8a8c9Sjsing { 6926cd8a8c9Sjsing .value = 0xcca9, 6936cd8a8c9Sjsing .auth_nid = NID_auth_ecdsa, 6946cd8a8c9Sjsing .cipher_nid = NID_chacha20_poly1305, 6956cd8a8c9Sjsing .digest_nid = NID_undef, 6966cd8a8c9Sjsing .handshake_digest_nid = NID_sha256, 6976cd8a8c9Sjsing .kx_nid = NID_kx_ecdhe, 6986cd8a8c9Sjsing .strength_bits = 256, 6996cd8a8c9Sjsing .symmetric_bits = 256, 7006cd8a8c9Sjsing .is_aead = 1, 7016cd8a8c9Sjsing }, 7026cd8a8c9Sjsing { 7036cd8a8c9Sjsing .value = 0xccaa, 7046cd8a8c9Sjsing .auth_nid = NID_auth_rsa, 7056cd8a8c9Sjsing .cipher_nid = NID_chacha20_poly1305, 7066cd8a8c9Sjsing .digest_nid = NID_undef, 7076cd8a8c9Sjsing .handshake_digest_nid = NID_sha256, 7086cd8a8c9Sjsing .kx_nid = NID_kx_dhe, 7096cd8a8c9Sjsing .strength_bits = 256, 7106cd8a8c9Sjsing .symmetric_bits = 256, 7116cd8a8c9Sjsing .is_aead = 1, 7126cd8a8c9Sjsing }, 7136cd8a8c9Sjsing }; 7146cd8a8c9Sjsing 7156cd8a8c9Sjsing #define N_SSL_CIPHER_TESTS (sizeof(ssl_cipher_tests) / sizeof(ssl_cipher_tests[0])) 7166cd8a8c9Sjsing 7176cd8a8c9Sjsing static int 7186cd8a8c9Sjsing test_ssl_ciphers(void) 7196cd8a8c9Sjsing { 7206cd8a8c9Sjsing int i, strength_bits, symmetric_bits; 7216cd8a8c9Sjsing const struct ssl_cipher_test *sct; 722bd69bbf0Sjsing STACK_OF(SSL_CIPHER) *ciphers; 723bd69bbf0Sjsing const SSL_CIPHER *cipher; 7246cd8a8c9Sjsing const EVP_MD *digest; 725bd69bbf0Sjsing unsigned char buf[2]; 7266cd8a8c9Sjsing const char *description; 7276cd8a8c9Sjsing char desc_buf[256]; 728bd69bbf0Sjsing SSL_CTX *ssl_ctx = NULL; 729bd69bbf0Sjsing SSL *ssl = NULL; 7306cd8a8c9Sjsing size_t j; 731bd69bbf0Sjsing int ret = 1; 732bd69bbf0Sjsing 733f3e6074aSjsing if ((ssl_ctx = SSL_CTX_new(TLS_method())) == NULL) { 734f3e6074aSjsing fprintf(stderr, "SSL_CTX_new() returned NULL\n"); 735bd69bbf0Sjsing goto failure; 736bd69bbf0Sjsing } 737bd69bbf0Sjsing if ((ssl = SSL_new(ssl_ctx)) == NULL) { 738f3e6074aSjsing fprintf(stderr, "SSL_new() returned NULL\n"); 739f3e6074aSjsing goto failure; 740f3e6074aSjsing } 741f3e6074aSjsing if (!SSL_set_cipher_list(ssl, "ALL")) { 742f3e6074aSjsing fprintf(stderr, "SSL_set_cipher_list failed\n"); 743bd69bbf0Sjsing goto failure; 744bd69bbf0Sjsing } 745bd69bbf0Sjsing 746bd69bbf0Sjsing if ((ciphers = SSL_get_ciphers(ssl)) == NULL) { 747f3e6074aSjsing fprintf(stderr, "no ciphers\n"); 748bd69bbf0Sjsing goto failure; 749bd69bbf0Sjsing } 750bd69bbf0Sjsing 7516cd8a8c9Sjsing if (sk_SSL_CIPHER_num(ciphers) != N_SSL_CIPHER_TESTS) { 7526cd8a8c9Sjsing fprintf(stderr, "number of ciphers mismatch (%d != %zu)\n", 7536cd8a8c9Sjsing sk_SSL_CIPHER_num(ciphers), N_SSL_CIPHER_TESTS); 7546cd8a8c9Sjsing goto failure; 7556cd8a8c9Sjsing } 7566cd8a8c9Sjsing 757bd69bbf0Sjsing for (i = 0; i < sk_SSL_CIPHER_num(ciphers); i++) { 758f3e6074aSjsing uint16_t cipher_value; 759f3e6074aSjsing 760bd69bbf0Sjsing cipher = sk_SSL_CIPHER_value(ciphers, i); 761f3e6074aSjsing cipher_value = SSL_CIPHER_get_value(cipher); 762f3e6074aSjsing 763f3e6074aSjsing buf[0] = cipher_value >> 8; 764f3e6074aSjsing buf[1] = cipher_value & 0xff; 765f3e6074aSjsing 766f3e6074aSjsing if ((cipher = SSL_CIPHER_find(ssl, buf)) == NULL) { 7676cd8a8c9Sjsing fprintf(stderr, "SSL_CIPHER_find() returned NULL for %s\n", 768f3e6074aSjsing SSL_CIPHER_get_name(cipher)); 769bd69bbf0Sjsing goto failure; 770bd69bbf0Sjsing } 771f3e6074aSjsing if (SSL_CIPHER_get_value(cipher) != cipher_value) { 7726cd8a8c9Sjsing fprintf(stderr, "got cipher with value 0x%04x, want 0x%04x\n", 773f3e6074aSjsing SSL_CIPHER_get_value(cipher), cipher_value); 774bd69bbf0Sjsing goto failure; 775bd69bbf0Sjsing } 7766cd8a8c9Sjsing if (SSL_CIPHER_get_id(cipher) != (0x03000000UL | cipher_value)) { 7776cd8a8c9Sjsing fprintf(stderr, "got cipher id 0x%08lx, want 0x%08lx\n", 7786cd8a8c9Sjsing SSL_CIPHER_get_id(cipher), (0x03000000UL | cipher_value)); 7796cd8a8c9Sjsing goto failure; 7806cd8a8c9Sjsing } 7816cd8a8c9Sjsing 7826cd8a8c9Sjsing sct = NULL; 7836cd8a8c9Sjsing for (j = 0; j < N_SSL_CIPHER_TESTS; j++) { 7846cd8a8c9Sjsing if (ssl_cipher_tests[j].value == cipher_value) { 7856cd8a8c9Sjsing sct = &ssl_cipher_tests[j]; 7866cd8a8c9Sjsing break; 7876cd8a8c9Sjsing } 7886cd8a8c9Sjsing } 7896cd8a8c9Sjsing if (sct == NULL) { 7906cd8a8c9Sjsing fprintf(stderr, "cipher '%s' (0x%04x) not found in test " 7916cd8a8c9Sjsing "table\n", SSL_CIPHER_get_name(cipher), cipher_value); 7926cd8a8c9Sjsing goto failure; 7936cd8a8c9Sjsing } 7946cd8a8c9Sjsing 7956cd8a8c9Sjsing if (SSL_CIPHER_get_auth_nid(cipher) != sct->auth_nid) { 7966cd8a8c9Sjsing fprintf(stderr, "cipher '%s' (0x%04x) - got auth nid %d, " 7976cd8a8c9Sjsing "want %d\n", SSL_CIPHER_get_name(cipher), cipher_value, 7986cd8a8c9Sjsing SSL_CIPHER_get_auth_nid(cipher), sct->auth_nid); 7996cd8a8c9Sjsing goto failure; 8006cd8a8c9Sjsing } 8016cd8a8c9Sjsing if (SSL_CIPHER_get_cipher_nid(cipher) != sct->cipher_nid) { 8026cd8a8c9Sjsing fprintf(stderr, "cipher '%s' (0x%04x) - got cipher nid %d, " 8036cd8a8c9Sjsing "want %d\n", SSL_CIPHER_get_name(cipher), cipher_value, 8046cd8a8c9Sjsing SSL_CIPHER_get_cipher_nid(cipher), sct->cipher_nid); 8056cd8a8c9Sjsing goto failure; 8066cd8a8c9Sjsing } 8076cd8a8c9Sjsing if (SSL_CIPHER_get_digest_nid(cipher) != sct->digest_nid) { 8086cd8a8c9Sjsing fprintf(stderr, "cipher '%s' (0x%04x) - got digest nid %d, " 8096cd8a8c9Sjsing "want %d\n", SSL_CIPHER_get_name(cipher), cipher_value, 8106cd8a8c9Sjsing SSL_CIPHER_get_digest_nid(cipher), sct->digest_nid); 8116cd8a8c9Sjsing goto failure; 8126cd8a8c9Sjsing } 8136cd8a8c9Sjsing if (SSL_CIPHER_get_kx_nid(cipher) != sct->kx_nid) { 8146cd8a8c9Sjsing fprintf(stderr, "cipher '%s' (0x%04x) - got kx nid %d, " 8156cd8a8c9Sjsing "want %d\n", SSL_CIPHER_get_name(cipher), cipher_value, 8166cd8a8c9Sjsing SSL_CIPHER_get_kx_nid(cipher), sct->kx_nid); 8176cd8a8c9Sjsing goto failure; 8186cd8a8c9Sjsing } 8196cd8a8c9Sjsing 8206cd8a8c9Sjsing /* Having API consistency is a wonderful thing... */ 8216cd8a8c9Sjsing digest = SSL_CIPHER_get_handshake_digest(cipher); 8226cd8a8c9Sjsing if (EVP_MD_nid(digest) != sct->handshake_digest_nid) { 8236cd8a8c9Sjsing fprintf(stderr, "cipher '%s' (0x%04x) - got handshake " 8246cd8a8c9Sjsing "digest nid %d, want %d\n", SSL_CIPHER_get_name(cipher), 8256cd8a8c9Sjsing cipher_value, EVP_MD_nid(digest), sct->handshake_digest_nid); 8266cd8a8c9Sjsing goto failure; 8276cd8a8c9Sjsing } 8286cd8a8c9Sjsing 8296cd8a8c9Sjsing strength_bits = SSL_CIPHER_get_bits(cipher, &symmetric_bits); 8306cd8a8c9Sjsing if (strength_bits != sct->strength_bits) { 8316cd8a8c9Sjsing fprintf(stderr, "cipher '%s' (0x%04x) - got strength bits " 8326cd8a8c9Sjsing "%d, want %d\n", SSL_CIPHER_get_name(cipher), 8336cd8a8c9Sjsing cipher_value, strength_bits, sct->strength_bits); 8346cd8a8c9Sjsing goto failure; 8356cd8a8c9Sjsing } 8366cd8a8c9Sjsing if (symmetric_bits != sct->symmetric_bits) { 8376cd8a8c9Sjsing fprintf(stderr, "cipher '%s' (0x%04x) - got symmetric bits " 8386cd8a8c9Sjsing "%d, want %d\n", SSL_CIPHER_get_name(cipher), 8396cd8a8c9Sjsing cipher_value, symmetric_bits, sct->symmetric_bits); 8406cd8a8c9Sjsing goto failure; 8416cd8a8c9Sjsing } 8426cd8a8c9Sjsing if (SSL_CIPHER_is_aead(cipher) != sct->is_aead) { 8436cd8a8c9Sjsing fprintf(stderr, "cipher '%s' (0x%04x) - got is aead %d, " 8446cd8a8c9Sjsing "want %d\n", SSL_CIPHER_get_name(cipher), cipher_value, 8456cd8a8c9Sjsing SSL_CIPHER_is_aead(cipher), sct->is_aead); 8466cd8a8c9Sjsing goto failure; 8476cd8a8c9Sjsing } 8486cd8a8c9Sjsing 8496cd8a8c9Sjsing if ((description = SSL_CIPHER_description(cipher, desc_buf, 8506cd8a8c9Sjsing sizeof(desc_buf))) != desc_buf) { 8516cd8a8c9Sjsing fprintf(stderr, "cipher '%s' (0x%04x) - failed to get " 8526cd8a8c9Sjsing "description\n", SSL_CIPHER_get_name(cipher), cipher_value); 8536cd8a8c9Sjsing goto failure; 8546cd8a8c9Sjsing } 855bd69bbf0Sjsing } 856bd69bbf0Sjsing 857bd69bbf0Sjsing ret = 0; 858bd69bbf0Sjsing 859bd69bbf0Sjsing failure: 860bd69bbf0Sjsing SSL_CTX_free(ssl_ctx); 861bd69bbf0Sjsing SSL_free(ssl); 862bd69bbf0Sjsing 863bd69bbf0Sjsing return (ret); 864bd69bbf0Sjsing } 865bd69bbf0Sjsing 8666b911d76Sjsing struct parse_ciphersuites_test { 8676b911d76Sjsing const char *str; 8686b911d76Sjsing const int want; 8696b911d76Sjsing const unsigned long cids[32]; 8706b911d76Sjsing }; 8716b911d76Sjsing 8726b911d76Sjsing struct parse_ciphersuites_test parse_ciphersuites_tests[] = { 8736b911d76Sjsing { 8746b911d76Sjsing /* LibreSSL names. */ 8756b911d76Sjsing .str = "AEAD-AES256-GCM-SHA384:AEAD-CHACHA20-POLY1305-SHA256:AEAD-AES128-GCM-SHA256", 8766b911d76Sjsing .want = 1, 8776b911d76Sjsing .cids = { 8786b911d76Sjsing TLS1_3_CK_AES_256_GCM_SHA384, 8796b911d76Sjsing TLS1_3_CK_CHACHA20_POLY1305_SHA256, 8806b911d76Sjsing TLS1_3_CK_AES_128_GCM_SHA256, 8816b911d76Sjsing }, 8826b911d76Sjsing }, 8836b911d76Sjsing { 8846b911d76Sjsing /* OpenSSL names. */ 8856b911d76Sjsing .str = "TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256", 8866b911d76Sjsing .want = 1, 8876b911d76Sjsing .cids = { 8886b911d76Sjsing TLS1_3_CK_AES_256_GCM_SHA384, 8896b911d76Sjsing TLS1_3_CK_CHACHA20_POLY1305_SHA256, 8906b911d76Sjsing TLS1_3_CK_AES_128_GCM_SHA256, 8916b911d76Sjsing }, 8926b911d76Sjsing }, 8936b911d76Sjsing { 8946b911d76Sjsing /* Different priority order. */ 8956b911d76Sjsing .str = "AEAD-AES128-GCM-SHA256:AEAD-AES256-GCM-SHA384:AEAD-CHACHA20-POLY1305-SHA256", 8966b911d76Sjsing .want = 1, 8976b911d76Sjsing .cids = { 8986b911d76Sjsing TLS1_3_CK_AES_128_GCM_SHA256, 8996b911d76Sjsing TLS1_3_CK_AES_256_GCM_SHA384, 9006b911d76Sjsing TLS1_3_CK_CHACHA20_POLY1305_SHA256, 9016b911d76Sjsing }, 9026b911d76Sjsing }, 9036b911d76Sjsing { 9046b911d76Sjsing /* Known but unsupported names. */ 9056b911d76Sjsing .str = "AEAD-AES256-GCM-SHA384:AEAD-AES128-CCM-SHA256:AEAD-AES128-CCM-8-SHA256", 9066b911d76Sjsing .want = 1, 9076b911d76Sjsing .cids = { 9086b911d76Sjsing TLS1_3_CK_AES_256_GCM_SHA384, 9096b911d76Sjsing }, 9106b911d76Sjsing }, 9116b911d76Sjsing { 9126b911d76Sjsing /* Empty string means no TLSv1.3 ciphersuites. */ 9136b911d76Sjsing .str = "", 9146b911d76Sjsing .want = 1, 9156b911d76Sjsing .cids = { 0 }, 9166b911d76Sjsing }, 9176b911d76Sjsing { 9186b911d76Sjsing .str = "TLS_CHACHA20_POLY1305_SHA256:TLS_NOT_A_CIPHERSUITE", 9196b911d76Sjsing .want = 0, 9206b911d76Sjsing }, 9216b911d76Sjsing { 9226b911d76Sjsing .str = "TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256,TLS_AES_128_GCM_SHA256", 9236b911d76Sjsing .want = 0, 9246b911d76Sjsing }, 9256b911d76Sjsing }; 9266b911d76Sjsing 9276b911d76Sjsing #define N_PARSE_CIPHERSUITES_TESTS \ 9286b911d76Sjsing (sizeof(parse_ciphersuites_tests) / sizeof(*parse_ciphersuites_tests)) 9296b911d76Sjsing 9306b911d76Sjsing static int 9311eda1a0fStb parse_ciphersuites_test(void) 9326b911d76Sjsing { 9336b911d76Sjsing struct parse_ciphersuites_test *pct; 9346b911d76Sjsing STACK_OF(SSL_CIPHER) *ciphers = NULL; 9356b911d76Sjsing SSL_CIPHER *cipher; 9366b911d76Sjsing int failed = 1; 9376b911d76Sjsing int j, ret; 9386b911d76Sjsing size_t i; 9396b911d76Sjsing 9406b911d76Sjsing for (i = 0; i < N_PARSE_CIPHERSUITES_TESTS; i++) { 9416b911d76Sjsing pct = &parse_ciphersuites_tests[i]; 9426b911d76Sjsing 9436b911d76Sjsing ret = ssl_parse_ciphersuites(&ciphers, pct->str); 9446b911d76Sjsing if (ret != pct->want) { 9456b911d76Sjsing fprintf(stderr, "FAIL: test %zu - " 9466b911d76Sjsing "ssl_parse_ciphersuites returned %d, want %d\n", 9476b911d76Sjsing i, ret, pct->want); 9486b911d76Sjsing goto failed; 9496b911d76Sjsing } 9506b911d76Sjsing if (ret == 0) 9516b911d76Sjsing continue; 9526b911d76Sjsing 9536b911d76Sjsing for (j = 0; j < sk_SSL_CIPHER_num(ciphers); j++) { 9546b911d76Sjsing cipher = sk_SSL_CIPHER_value(ciphers, j); 9556b911d76Sjsing if (SSL_CIPHER_get_id(cipher) == pct->cids[j]) 9566b911d76Sjsing continue; 9576b911d76Sjsing fprintf(stderr, "FAIL: test %zu - got cipher %d with " 9586b911d76Sjsing "id %lx, want %lx\n", i, j, 9596b911d76Sjsing SSL_CIPHER_get_id(cipher), pct->cids[j]); 9606b911d76Sjsing goto failed; 9616b911d76Sjsing } 9626b911d76Sjsing if (pct->cids[j] != 0) { 9636b911d76Sjsing fprintf(stderr, "FAIL: test %zu - got %d ciphers, " 9646b911d76Sjsing "expected more", i, sk_SSL_CIPHER_num(ciphers)); 9656b911d76Sjsing goto failed; 9666b911d76Sjsing } 9676b911d76Sjsing } 9686b911d76Sjsing 9696b911d76Sjsing failed = 0; 9706b911d76Sjsing 9716b911d76Sjsing failed: 9726b911d76Sjsing sk_SSL_CIPHER_free(ciphers); 9736b911d76Sjsing 9746b911d76Sjsing return failed; 9756b911d76Sjsing } 9766b911d76Sjsing 9776b911d76Sjsing struct cipher_set_test { 9786b911d76Sjsing int ctx_ciphersuites_first; 9796b911d76Sjsing const char *ctx_ciphersuites; 9806b911d76Sjsing const char *ctx_rulestr; 9816b911d76Sjsing int ssl_ciphersuites_first; 9826b911d76Sjsing const char *ssl_ciphersuites; 9836b911d76Sjsing const char *ssl_rulestr; 984e5c1aa10Sjsing int cids_aes_accel_fixup; 985e5c1aa10Sjsing unsigned long cids[32]; 9866b911d76Sjsing }; 9876b911d76Sjsing 9886b911d76Sjsing struct cipher_set_test cipher_set_tests[] = { 9896b911d76Sjsing { 9906b911d76Sjsing .ctx_rulestr = "TLSv1.2+ECDHE+AEAD+AES", 991e5c1aa10Sjsing .cids_aes_accel_fixup = 1, 9926b911d76Sjsing .cids = { 9936b911d76Sjsing TLS1_3_CK_AES_256_GCM_SHA384, 9946b911d76Sjsing TLS1_3_CK_CHACHA20_POLY1305_SHA256, 9956b911d76Sjsing TLS1_3_CK_AES_128_GCM_SHA256, 9966b911d76Sjsing TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384, 9976b911d76Sjsing TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, 9986b911d76Sjsing TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 9996b911d76Sjsing TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 10006b911d76Sjsing }, 10016b911d76Sjsing }, 10026b911d76Sjsing { 10036b911d76Sjsing .ssl_rulestr = "TLSv1.2+ECDHE+AEAD+AES", 1004e5c1aa10Sjsing .cids_aes_accel_fixup = 1, 10056b911d76Sjsing .cids = { 10066b911d76Sjsing TLS1_3_CK_AES_256_GCM_SHA384, 10076b911d76Sjsing TLS1_3_CK_CHACHA20_POLY1305_SHA256, 10086b911d76Sjsing TLS1_3_CK_AES_128_GCM_SHA256, 10096b911d76Sjsing TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384, 10106b911d76Sjsing TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, 10116b911d76Sjsing TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 10126b911d76Sjsing TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 10136b911d76Sjsing }, 10146b911d76Sjsing }, 10156b911d76Sjsing { 10166b911d76Sjsing .ctx_ciphersuites_first = 1, 10176b911d76Sjsing .ctx_ciphersuites = "AEAD-AES256-GCM-SHA384:AEAD-CHACHA20-POLY1305-SHA256", 10186b911d76Sjsing .ctx_rulestr = "TLSv1.2+ECDHE+AEAD+AES", 10196b911d76Sjsing .cids = { 10206b911d76Sjsing TLS1_3_CK_AES_256_GCM_SHA384, 10216b911d76Sjsing TLS1_3_CK_CHACHA20_POLY1305_SHA256, 10226b911d76Sjsing TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384, 10236b911d76Sjsing TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, 10246b911d76Sjsing TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 10256b911d76Sjsing TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 10266b911d76Sjsing }, 10276b911d76Sjsing }, 10286b911d76Sjsing { 10296b911d76Sjsing .ssl_ciphersuites_first = 1, 10306b911d76Sjsing .ssl_ciphersuites = "AEAD-AES256-GCM-SHA384:AEAD-CHACHA20-POLY1305-SHA256", 10316b911d76Sjsing .ssl_rulestr = "TLSv1.2+ECDHE+AEAD+AES", 10326b911d76Sjsing .cids = { 10336b911d76Sjsing TLS1_3_CK_AES_256_GCM_SHA384, 10346b911d76Sjsing TLS1_3_CK_CHACHA20_POLY1305_SHA256, 10356b911d76Sjsing TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384, 10366b911d76Sjsing TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, 10376b911d76Sjsing TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 10386b911d76Sjsing TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 10396b911d76Sjsing }, 10406b911d76Sjsing }, 10416b911d76Sjsing { 10426b911d76Sjsing .ctx_ciphersuites_first = 0, 10436b911d76Sjsing .ctx_ciphersuites = "AEAD-AES256-GCM-SHA384:AEAD-CHACHA20-POLY1305-SHA256", 10446b911d76Sjsing .ctx_rulestr = "TLSv1.2+ECDHE+AEAD+AES", 10456b911d76Sjsing .cids = { 10466b911d76Sjsing TLS1_3_CK_AES_256_GCM_SHA384, 10476b911d76Sjsing TLS1_3_CK_CHACHA20_POLY1305_SHA256, 10486b911d76Sjsing TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384, 10496b911d76Sjsing TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, 10506b911d76Sjsing TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 10516b911d76Sjsing TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 10526b911d76Sjsing }, 10536b911d76Sjsing }, 10546b911d76Sjsing { 10556b911d76Sjsing .ssl_ciphersuites_first = 0, 10566b911d76Sjsing .ssl_ciphersuites = "AEAD-AES256-GCM-SHA384:AEAD-CHACHA20-POLY1305-SHA256", 10576b911d76Sjsing .ssl_rulestr = "TLSv1.2+ECDHE+AEAD+AES", 10586b911d76Sjsing .cids = { 10596b911d76Sjsing TLS1_3_CK_AES_256_GCM_SHA384, 10606b911d76Sjsing TLS1_3_CK_CHACHA20_POLY1305_SHA256, 10616b911d76Sjsing TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384, 10626b911d76Sjsing TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, 10636b911d76Sjsing TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 10646b911d76Sjsing TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 10656b911d76Sjsing }, 10666b911d76Sjsing }, 10676b911d76Sjsing { 1068243d6200Sjsing .ssl_ciphersuites_first = 1, 1069243d6200Sjsing .ssl_ciphersuites = "", 1070243d6200Sjsing .ssl_rulestr = "TLSv1.2+ECDHE+AEAD+AES", 1071243d6200Sjsing .cids = { 1072243d6200Sjsing TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384, 1073243d6200Sjsing TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, 1074243d6200Sjsing TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 1075243d6200Sjsing TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 1076243d6200Sjsing }, 1077243d6200Sjsing }, 1078243d6200Sjsing { 1079243d6200Sjsing .ssl_ciphersuites_first = 0, 1080243d6200Sjsing .ssl_ciphersuites = "", 1081243d6200Sjsing .ssl_rulestr = "TLSv1.2+ECDHE+AEAD+AES", 1082243d6200Sjsing .cids = { 1083243d6200Sjsing TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384, 1084243d6200Sjsing TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, 1085243d6200Sjsing TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 1086243d6200Sjsing TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 1087243d6200Sjsing }, 1088243d6200Sjsing }, 1089243d6200Sjsing { 10906b911d76Sjsing .ctx_ciphersuites = "AEAD-AES256-GCM-SHA384:AEAD-CHACHA20-POLY1305-SHA256", 10916b911d76Sjsing .ssl_rulestr = "TLSv1.2+ECDHE+AEAD+AES", 10926b911d76Sjsing .cids = { 10936b911d76Sjsing TLS1_3_CK_AES_256_GCM_SHA384, 10946b911d76Sjsing TLS1_3_CK_CHACHA20_POLY1305_SHA256, 10956b911d76Sjsing TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384, 10966b911d76Sjsing TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, 10976b911d76Sjsing TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 10986b911d76Sjsing TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 10996b911d76Sjsing }, 11006b911d76Sjsing }, 11016b911d76Sjsing { 11026b911d76Sjsing .ctx_rulestr = "TLSv1.2+ECDHE+AEAD+AES", 11036b911d76Sjsing .ssl_ciphersuites = "AEAD-AES256-GCM-SHA384:AEAD-CHACHA20-POLY1305-SHA256", 11046b911d76Sjsing .cids = { 11056b911d76Sjsing TLS1_3_CK_AES_256_GCM_SHA384, 11066b911d76Sjsing TLS1_3_CK_CHACHA20_POLY1305_SHA256, 11076b911d76Sjsing TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384, 11086b911d76Sjsing TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, 11096b911d76Sjsing TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 11106b911d76Sjsing TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 11116b911d76Sjsing }, 11126b911d76Sjsing }, 11136b911d76Sjsing }; 11146b911d76Sjsing 11156b911d76Sjsing #define N_CIPHER_SET_TESTS \ 11166b911d76Sjsing (sizeof(cipher_set_tests) / sizeof(*cipher_set_tests)) 11176b911d76Sjsing 11186b911d76Sjsing static int 11191eda1a0fStb cipher_set_test(void) 11206b911d76Sjsing { 11216b911d76Sjsing struct cipher_set_test *cst; 11226b911d76Sjsing STACK_OF(SSL_CIPHER) *ciphers = NULL; 11236b911d76Sjsing SSL_CIPHER *cipher; 11246b911d76Sjsing SSL_CTX *ctx = NULL; 11256b911d76Sjsing SSL *ssl = NULL; 11267d482723Sjsing int failed = 0; 11276b911d76Sjsing size_t i; 11286b911d76Sjsing int j; 11296b911d76Sjsing 11306b911d76Sjsing for (i = 0; i < N_CIPHER_SET_TESTS; i++) { 11316b911d76Sjsing cst = &cipher_set_tests[i]; 11326b911d76Sjsing 1133e5c1aa10Sjsing if (!ssl_aes_is_accelerated() && cst->cids_aes_accel_fixup) { 1134e5c1aa10Sjsing cst->cids[0] = TLS1_3_CK_CHACHA20_POLY1305_SHA256; 1135e5c1aa10Sjsing cst->cids[1] = TLS1_3_CK_AES_256_GCM_SHA384; 1136e5c1aa10Sjsing } 1137e5c1aa10Sjsing 11386b911d76Sjsing if ((ctx = SSL_CTX_new(TLS_method())) == NULL) 11396b911d76Sjsing errx(1, "SSL_CTX_new"); 11406b911d76Sjsing 11416b911d76Sjsing if (cst->ctx_ciphersuites_first && cst->ctx_ciphersuites != NULL) { 11426b911d76Sjsing if (!SSL_CTX_set_ciphersuites(ctx, cst->ctx_ciphersuites)) 11436b911d76Sjsing errx(1, "SSL_CTX_set_ciphersuites"); 11446b911d76Sjsing } 11456b911d76Sjsing if (cst->ctx_rulestr != NULL) { 11466b911d76Sjsing if (!SSL_CTX_set_cipher_list(ctx, cst->ctx_rulestr)) 11476b911d76Sjsing errx(1, "SSL_CTX_set_cipher_list"); 11486b911d76Sjsing } 11496b911d76Sjsing if (!cst->ctx_ciphersuites_first && cst->ctx_ciphersuites != NULL) { 11506b911d76Sjsing if (!SSL_CTX_set_ciphersuites(ctx, cst->ctx_ciphersuites)) 11516b911d76Sjsing errx(1, "SSL_CTX_set_ciphersuites"); 11526b911d76Sjsing } 11536b911d76Sjsing 11546b911d76Sjsing /* XXX - check SSL_CTX_get_ciphers(ctx) */ 11556b911d76Sjsing 11566b911d76Sjsing if ((ssl = SSL_new(ctx)) == NULL) 11576b911d76Sjsing errx(1, "SSL_new"); 11586b911d76Sjsing 11596b911d76Sjsing if (cst->ssl_ciphersuites_first && cst->ssl_ciphersuites != NULL) { 11606b911d76Sjsing if (!SSL_set_ciphersuites(ssl, cst->ssl_ciphersuites)) 11616b911d76Sjsing errx(1, "SSL_set_ciphersuites"); 11626b911d76Sjsing } 11636b911d76Sjsing if (cst->ssl_rulestr != NULL) { 11646b911d76Sjsing if (!SSL_set_cipher_list(ssl, cst->ssl_rulestr)) 11656b911d76Sjsing errx(1, "SSL_set_cipher_list"); 11666b911d76Sjsing } 11676b911d76Sjsing if (!cst->ssl_ciphersuites_first && cst->ssl_ciphersuites != NULL) { 11686b911d76Sjsing if (!SSL_set_ciphersuites(ssl, cst->ssl_ciphersuites)) 11696b911d76Sjsing errx(1, "SSL_set_ciphersuites"); 11706b911d76Sjsing } 11716b911d76Sjsing 11726b911d76Sjsing ciphers = SSL_get_ciphers(ssl); 11736b911d76Sjsing 11746b911d76Sjsing for (j = 0; j < sk_SSL_CIPHER_num(ciphers); j++) { 11756b911d76Sjsing cipher = sk_SSL_CIPHER_value(ciphers, j); 11766b911d76Sjsing if (SSL_CIPHER_get_id(cipher) == cst->cids[j]) 11776b911d76Sjsing continue; 11786b911d76Sjsing fprintf(stderr, "FAIL: test %zu - got cipher %d with " 11796b911d76Sjsing "id %lx, want %lx\n", i, j, 11806b911d76Sjsing SSL_CIPHER_get_id(cipher), cst->cids[j]); 11817d482723Sjsing failed |= 1; 11826b911d76Sjsing } 11836b911d76Sjsing if (cst->cids[j] != 0) { 11846b911d76Sjsing fprintf(stderr, "FAIL: test %zu - got %d ciphers, " 11856b911d76Sjsing "expected more", i, sk_SSL_CIPHER_num(ciphers)); 11867d482723Sjsing failed |= 1; 11876b911d76Sjsing } 11886b911d76Sjsing 11896b911d76Sjsing SSL_CTX_free(ctx); 11906b911d76Sjsing SSL_free(ssl); 11916b911d76Sjsing } 11926b911d76Sjsing 11936b911d76Sjsing return failed; 11946b911d76Sjsing } 11956b911d76Sjsing 1196bd69bbf0Sjsing int 1197bd69bbf0Sjsing main(int argc, char **argv) 1198bd69bbf0Sjsing { 11998a66d644Sjsing int failed = 0; 12008a66d644Sjsing 12016676c440Sjsing failed |= check_cipher_order(); 12026676c440Sjsing 12036cd8a8c9Sjsing failed |= test_ssl_ciphers(); 12048a66d644Sjsing 12056b911d76Sjsing failed |= parse_ciphersuites_test(); 12066b911d76Sjsing failed |= cipher_set_test(); 12076b911d76Sjsing 12088a66d644Sjsing return (failed); 1209bd69bbf0Sjsing } 1210