1 /* $OpenBSD: cipherstest.c,v 1.15 2024/07/17 15:22:56 tb Exp $ */ 2 /* 3 * Copyright (c) 2015, 2020 Joel Sing <jsing@openbsd.org> 4 * 5 * Permission to use, copy, modify, and distribute this software for any 6 * purpose with or without fee is hereby granted, provided that the above 7 * copyright notice and this permission notice appear in all copies. 8 * 9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 12 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 15 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 16 */ 17 18 #include <openssl/evp.h> 19 #include <openssl/objects.h> 20 #include <openssl/ssl.h> 21 22 #include <err.h> 23 #include <stdio.h> 24 #include <string.h> 25 26 int ssl3_num_ciphers(void); 27 const SSL_CIPHER *ssl3_get_cipher(unsigned int u); 28 29 int ssl_parse_ciphersuites(STACK_OF(SSL_CIPHER) **out_ciphers, const char *str); 30 31 static inline int 32 ssl_aes_is_accelerated(void) 33 { 34 #if defined(__i386__) || defined(__x86_64__) 35 return ((OPENSSL_cpu_caps() & (1ULL << 57)) != 0); 36 #else 37 return (0); 38 #endif 39 } 40 41 static int 42 check_cipher_order(void) 43 { 44 unsigned long id, prev_id = 0; 45 const SSL_CIPHER *cipher; 46 int num_ciphers; 47 int i; 48 49 num_ciphers = ssl3_num_ciphers(); 50 51 for (i = 1; i <= num_ciphers; i++) { 52 /* 53 * For some reason, ssl3_get_cipher() returns ciphers in 54 * reverse order. 55 */ 56 if ((cipher = ssl3_get_cipher(num_ciphers - i)) == NULL) { 57 fprintf(stderr, "FAIL: ssl3_get_cipher(%d) returned " 58 "NULL\n", i); 59 return 1; 60 } 61 if ((id = SSL_CIPHER_get_id(cipher)) <= prev_id) { 62 fprintf(stderr, "FAIL: ssl3_ciphers is not sorted by " 63 "id - cipher %d (%lx) <= cipher %d (%lx)\n", 64 i, id, i - 1, prev_id); 65 return 1; 66 } 67 prev_id = id; 68 } 69 70 return 0; 71 } 72 73 struct ssl_cipher_test { 74 uint16_t value; 75 int auth_nid; 76 int cipher_nid; 77 int digest_nid; 78 int handshake_digest_nid; 79 int kx_nid; 80 int strength_bits; 81 int symmetric_bits; 82 int is_aead; 83 }; 84 85 static const struct ssl_cipher_test ssl_cipher_tests[] = { 86 { 87 .value = 0x0004, 88 .auth_nid = NID_auth_rsa, 89 .cipher_nid = NID_rc4, 90 .digest_nid = NID_md5, 91 .handshake_digest_nid = NID_sha256, 92 .kx_nid = NID_kx_rsa, 93 .strength_bits = 128, 94 .symmetric_bits = 128, 95 }, 96 { 97 .value = 0x0005, 98 .auth_nid = NID_auth_rsa, 99 .cipher_nid = NID_rc4, 100 .digest_nid = NID_sha1, 101 .handshake_digest_nid = NID_sha256, 102 .kx_nid = NID_kx_rsa, 103 .strength_bits = 128, 104 .symmetric_bits = 128, 105 }, 106 { 107 .value = 0x000a, 108 .auth_nid = NID_auth_rsa, 109 .cipher_nid = NID_des_ede3_cbc, 110 .digest_nid = NID_sha1, 111 .handshake_digest_nid = NID_sha256, 112 .kx_nid = NID_kx_rsa, 113 .strength_bits = 112, 114 .symmetric_bits = 168, 115 }, 116 { 117 .value = 0x0016, 118 .auth_nid = NID_auth_rsa, 119 .cipher_nid = NID_des_ede3_cbc, 120 .digest_nid = NID_sha1, 121 .handshake_digest_nid = NID_sha256, 122 .kx_nid = NID_kx_dhe, 123 .strength_bits = 112, 124 .symmetric_bits = 168, 125 }, 126 { 127 .value = 0x0018, 128 .auth_nid = NID_auth_null, 129 .cipher_nid = NID_rc4, 130 .digest_nid = NID_md5, 131 .handshake_digest_nid = NID_sha256, 132 .kx_nid = NID_kx_dhe, 133 .strength_bits = 128, 134 .symmetric_bits = 128, 135 }, 136 { 137 .value = 0x001b, 138 .auth_nid = NID_auth_null, 139 .cipher_nid = NID_des_ede3_cbc, 140 .digest_nid = NID_sha1, 141 .handshake_digest_nid = NID_sha256, 142 .kx_nid = NID_kx_dhe, 143 .strength_bits = 112, 144 .symmetric_bits = 168, 145 }, 146 { 147 .value = 0x002f, 148 .auth_nid = NID_auth_rsa, 149 .cipher_nid = NID_aes_128_cbc, 150 .digest_nid = NID_sha1, 151 .handshake_digest_nid = NID_sha256, 152 .kx_nid = NID_kx_rsa, 153 .strength_bits = 128, 154 .symmetric_bits = 128, 155 }, 156 { 157 .value = 0x0033, 158 .auth_nid = NID_auth_rsa, 159 .cipher_nid = NID_aes_128_cbc, 160 .digest_nid = NID_sha1, 161 .handshake_digest_nid = NID_sha256, 162 .kx_nid = NID_kx_dhe, 163 .strength_bits = 128, 164 .symmetric_bits = 128, 165 }, 166 { 167 .value = 0x0034, 168 .auth_nid = NID_auth_null, 169 .cipher_nid = NID_aes_128_cbc, 170 .digest_nid = NID_sha1, 171 .handshake_digest_nid = NID_sha256, 172 .kx_nid = NID_kx_dhe, 173 .strength_bits = 128, 174 .symmetric_bits = 128, 175 }, 176 { 177 .value = 0x0035, 178 .auth_nid = NID_auth_rsa, 179 .cipher_nid = NID_aes_256_cbc, 180 .digest_nid = NID_sha1, 181 .handshake_digest_nid = NID_sha256, 182 .kx_nid = NID_kx_rsa, 183 .strength_bits = 256, 184 .symmetric_bits = 256, 185 }, 186 { 187 .value = 0x0039, 188 .auth_nid = NID_auth_rsa, 189 .cipher_nid = NID_aes_256_cbc, 190 .digest_nid = NID_sha1, 191 .handshake_digest_nid = NID_sha256, 192 .kx_nid = NID_kx_dhe, 193 .strength_bits = 256, 194 .symmetric_bits = 256, 195 }, 196 { 197 .value = 0x003a, 198 .auth_nid = NID_auth_null, 199 .cipher_nid = NID_aes_256_cbc, 200 .digest_nid = NID_sha1, 201 .handshake_digest_nid = NID_sha256, 202 .kx_nid = NID_kx_dhe, 203 .strength_bits = 256, 204 .symmetric_bits = 256, 205 }, 206 { 207 .value = 0x003c, 208 .auth_nid = NID_auth_rsa, 209 .cipher_nid = NID_aes_128_cbc, 210 .digest_nid = NID_sha256, 211 .handshake_digest_nid = NID_sha256, 212 .kx_nid = NID_kx_rsa, 213 .strength_bits = 128, 214 .symmetric_bits = 128, 215 }, 216 { 217 .value = 0x003d, 218 .auth_nid = NID_auth_rsa, 219 .cipher_nid = NID_aes_256_cbc, 220 .digest_nid = NID_sha256, 221 .handshake_digest_nid = NID_sha256, 222 .kx_nid = NID_kx_rsa, 223 .strength_bits = 256, 224 .symmetric_bits = 256, 225 }, 226 { 227 .value = 0x0041, 228 .auth_nid = NID_auth_rsa, 229 .cipher_nid = NID_camellia_128_cbc, 230 .digest_nid = NID_sha1, 231 .handshake_digest_nid = NID_sha256, 232 .kx_nid = NID_kx_rsa, 233 .strength_bits = 128, 234 .symmetric_bits = 128, 235 }, 236 { 237 .value = 0x0045, 238 .auth_nid = NID_auth_rsa, 239 .cipher_nid = NID_camellia_128_cbc, 240 .digest_nid = NID_sha1, 241 .handshake_digest_nid = NID_sha256, 242 .kx_nid = NID_kx_dhe, 243 .strength_bits = 128, 244 .symmetric_bits = 128, 245 }, 246 { 247 .value = 0x0046, 248 .auth_nid = NID_auth_null, 249 .cipher_nid = NID_camellia_128_cbc, 250 .digest_nid = NID_sha1, 251 .handshake_digest_nid = NID_sha256, 252 .kx_nid = NID_kx_dhe, 253 .strength_bits = 128, 254 .symmetric_bits = 128, 255 }, 256 { 257 .value = 0x0067, 258 .auth_nid = NID_auth_rsa, 259 .cipher_nid = NID_aes_128_cbc, 260 .digest_nid = NID_sha256, 261 .handshake_digest_nid = NID_sha256, 262 .kx_nid = NID_kx_dhe, 263 .strength_bits = 128, 264 .symmetric_bits = 128, 265 }, 266 { 267 .value = 0x006b, 268 .auth_nid = NID_auth_rsa, 269 .cipher_nid = NID_aes_256_cbc, 270 .digest_nid = NID_sha256, 271 .handshake_digest_nid = NID_sha256, 272 .kx_nid = NID_kx_dhe, 273 .strength_bits = 256, 274 .symmetric_bits = 256, 275 }, 276 { 277 .value = 0x006c, 278 .auth_nid = NID_auth_null, 279 .cipher_nid = NID_aes_128_cbc, 280 .digest_nid = NID_sha256, 281 .handshake_digest_nid = NID_sha256, 282 .kx_nid = NID_kx_dhe, 283 .strength_bits = 128, 284 .symmetric_bits = 128, 285 }, 286 { 287 .value = 0x006d, 288 .auth_nid = NID_auth_null, 289 .cipher_nid = NID_aes_256_cbc, 290 .digest_nid = NID_sha256, 291 .handshake_digest_nid = NID_sha256, 292 .kx_nid = NID_kx_dhe, 293 .strength_bits = 256, 294 .symmetric_bits = 256, 295 }, 296 { 297 .value = 0x0084, 298 .auth_nid = NID_auth_rsa, 299 .cipher_nid = NID_camellia_256_cbc, 300 .digest_nid = NID_sha1, 301 .handshake_digest_nid = NID_sha256, 302 .kx_nid = NID_kx_rsa, 303 .strength_bits = 256, 304 .symmetric_bits = 256, 305 }, 306 { 307 .value = 0x0088, 308 .auth_nid = NID_auth_rsa, 309 .cipher_nid = NID_camellia_256_cbc, 310 .digest_nid = NID_sha1, 311 .handshake_digest_nid = NID_sha256, 312 .kx_nid = NID_kx_dhe, 313 .strength_bits = 256, 314 .symmetric_bits = 256, 315 }, 316 { 317 .value = 0x0089, 318 .auth_nid = NID_auth_null, 319 .cipher_nid = NID_camellia_256_cbc, 320 .digest_nid = NID_sha1, 321 .handshake_digest_nid = NID_sha256, 322 .kx_nid = NID_kx_dhe, 323 .strength_bits = 256, 324 .symmetric_bits = 256, 325 }, 326 { 327 .value = 0x009c, 328 .auth_nid = NID_auth_rsa, 329 .cipher_nid = NID_aes_128_gcm, 330 .digest_nid = NID_undef, 331 .handshake_digest_nid = NID_sha256, 332 .kx_nid = NID_kx_rsa, 333 .strength_bits = 128, 334 .symmetric_bits = 128, 335 .is_aead = 1, 336 }, 337 { 338 .value = 0x009d, 339 .auth_nid = NID_auth_rsa, 340 .cipher_nid = NID_aes_256_gcm, 341 .digest_nid = NID_undef, 342 .handshake_digest_nid = NID_sha384, 343 .kx_nid = NID_kx_rsa, 344 .strength_bits = 256, 345 .symmetric_bits = 256, 346 .is_aead = 1, 347 }, 348 { 349 .value = 0x009e, 350 .auth_nid = NID_auth_rsa, 351 .cipher_nid = NID_aes_128_gcm, 352 .digest_nid = NID_undef, 353 .handshake_digest_nid = NID_sha256, 354 .kx_nid = NID_kx_dhe, 355 .strength_bits = 128, 356 .symmetric_bits = 128, 357 .is_aead = 1, 358 }, 359 { 360 .value = 0x009f, 361 .auth_nid = NID_auth_rsa, 362 .cipher_nid = NID_aes_256_gcm, 363 .digest_nid = NID_undef, 364 .handshake_digest_nid = NID_sha384, 365 .kx_nid = NID_kx_dhe, 366 .strength_bits = 256, 367 .symmetric_bits = 256, 368 .is_aead = 1, 369 }, 370 { 371 .value = 0x00a6, 372 .auth_nid = NID_auth_null, 373 .cipher_nid = NID_aes_128_gcm, 374 .digest_nid = NID_undef, 375 .handshake_digest_nid = NID_sha256, 376 .kx_nid = NID_kx_dhe, 377 .strength_bits = 128, 378 .symmetric_bits = 128, 379 .is_aead = 1, 380 }, 381 { 382 .value = 0x00a7, 383 .auth_nid = NID_auth_null, 384 .cipher_nid = NID_aes_256_gcm, 385 .digest_nid = NID_undef, 386 .handshake_digest_nid = NID_sha384, 387 .kx_nid = NID_kx_dhe, 388 .strength_bits = 256, 389 .symmetric_bits = 256, 390 .is_aead = 1, 391 }, 392 { 393 .value = 0x00ba, 394 .auth_nid = NID_auth_rsa, 395 .cipher_nid = NID_camellia_128_cbc, 396 .digest_nid = NID_sha256, 397 .handshake_digest_nid = NID_sha256, 398 .kx_nid = NID_kx_rsa, 399 .strength_bits = 128, 400 .symmetric_bits = 128, 401 }, 402 { 403 .value = 0x00be, 404 .auth_nid = NID_auth_rsa, 405 .cipher_nid = NID_camellia_128_cbc, 406 .digest_nid = NID_sha256, 407 .handshake_digest_nid = NID_sha256, 408 .kx_nid = NID_kx_dhe, 409 .strength_bits = 128, 410 .symmetric_bits = 128, 411 }, 412 { 413 .value = 0x00bf, 414 .auth_nid = NID_auth_null, 415 .cipher_nid = NID_camellia_128_cbc, 416 .digest_nid = NID_sha256, 417 .handshake_digest_nid = NID_sha256, 418 .kx_nid = NID_kx_dhe, 419 .strength_bits = 128, 420 .symmetric_bits = 128, 421 }, 422 { 423 .value = 0x00c0, 424 .auth_nid = NID_auth_rsa, 425 .cipher_nid = NID_camellia_256_cbc, 426 .digest_nid = NID_sha256, 427 .handshake_digest_nid = NID_sha256, 428 .kx_nid = NID_kx_rsa, 429 .strength_bits = 256, 430 .symmetric_bits = 256, 431 }, 432 { 433 .value = 0x00c4, 434 .auth_nid = NID_auth_rsa, 435 .cipher_nid = NID_camellia_256_cbc, 436 .digest_nid = NID_sha256, 437 .handshake_digest_nid = NID_sha256, 438 .kx_nid = NID_kx_dhe, 439 .strength_bits = 256, 440 .symmetric_bits = 256, 441 }, 442 { 443 .value = 0x00c5, 444 .auth_nid = NID_auth_null, 445 .cipher_nid = NID_camellia_256_cbc, 446 .digest_nid = NID_sha256, 447 .handshake_digest_nid = NID_sha256, 448 .kx_nid = NID_kx_dhe, 449 .strength_bits = 256, 450 .symmetric_bits = 256, 451 }, 452 { 453 .value = 0x1301, 454 .auth_nid = NID_undef, 455 .cipher_nid = NID_aes_128_gcm, 456 .digest_nid = NID_undef, 457 .handshake_digest_nid = NID_sha256, 458 .kx_nid = NID_undef, 459 .strength_bits = 128, 460 .symmetric_bits = 128, 461 .is_aead = 1, 462 }, 463 { 464 .value = 0x1302, 465 .auth_nid = NID_undef, 466 .cipher_nid = NID_aes_256_gcm, 467 .digest_nid = NID_undef, 468 .handshake_digest_nid = NID_sha384, 469 .kx_nid = NID_undef, 470 .strength_bits = 256, 471 .symmetric_bits = 256, 472 .is_aead = 1, 473 }, 474 { 475 .value = 0x1303, 476 .auth_nid = NID_undef, 477 .cipher_nid = NID_chacha20_poly1305, 478 .digest_nid = NID_undef, 479 .handshake_digest_nid = NID_sha256, 480 .kx_nid = NID_undef, 481 .strength_bits = 256, 482 .symmetric_bits = 256, 483 .is_aead = 1, 484 }, 485 { 486 .value = 0xc007, 487 .auth_nid = NID_auth_ecdsa, 488 .cipher_nid = NID_rc4, 489 .digest_nid = NID_sha1, 490 .handshake_digest_nid = NID_sha256, 491 .kx_nid = NID_kx_ecdhe, 492 .strength_bits = 128, 493 .symmetric_bits = 128, 494 }, 495 { 496 .value = 0xc008, 497 .auth_nid = NID_auth_ecdsa, 498 .cipher_nid = NID_des_ede3_cbc, 499 .digest_nid = NID_sha1, 500 .handshake_digest_nid = NID_sha256, 501 .kx_nid = NID_kx_ecdhe, 502 .strength_bits = 112, 503 .symmetric_bits = 168, 504 }, 505 { 506 .value = 0xc009, 507 .auth_nid = NID_auth_ecdsa, 508 .cipher_nid = NID_aes_128_cbc, 509 .digest_nid = NID_sha1, 510 .handshake_digest_nid = NID_sha256, 511 .kx_nid = NID_kx_ecdhe, 512 .strength_bits = 128, 513 .symmetric_bits = 128, 514 }, 515 { 516 .value = 0xc00a, 517 .auth_nid = NID_auth_ecdsa, 518 .cipher_nid = NID_aes_256_cbc, 519 .digest_nid = NID_sha1, 520 .handshake_digest_nid = NID_sha256, 521 .kx_nid = NID_kx_ecdhe, 522 .strength_bits = 256, 523 .symmetric_bits = 256, 524 }, 525 { 526 .value = 0xc011, 527 .auth_nid = NID_auth_rsa, 528 .cipher_nid = NID_rc4, 529 .digest_nid = NID_sha1, 530 .handshake_digest_nid = NID_sha256, 531 .kx_nid = NID_kx_ecdhe, 532 .strength_bits = 128, 533 .symmetric_bits = 128, 534 }, 535 { 536 .value = 0xc012, 537 .auth_nid = NID_auth_rsa, 538 .cipher_nid = NID_des_ede3_cbc, 539 .digest_nid = NID_sha1, 540 .handshake_digest_nid = NID_sha256, 541 .kx_nid = NID_kx_ecdhe, 542 .strength_bits = 112, 543 .symmetric_bits = 168, 544 }, 545 { 546 .value = 0xc013, 547 .auth_nid = NID_auth_rsa, 548 .cipher_nid = NID_aes_128_cbc, 549 .digest_nid = NID_sha1, 550 .handshake_digest_nid = NID_sha256, 551 .kx_nid = NID_kx_ecdhe, 552 .strength_bits = 128, 553 .symmetric_bits = 128, 554 }, 555 { 556 .value = 0xc014, 557 .auth_nid = NID_auth_rsa, 558 .cipher_nid = NID_aes_256_cbc, 559 .digest_nid = NID_sha1, 560 .handshake_digest_nid = NID_sha256, 561 .kx_nid = NID_kx_ecdhe, 562 .strength_bits = 256, 563 .symmetric_bits = 256, 564 }, 565 { 566 .value = 0xc016, 567 .auth_nid = NID_auth_null, 568 .cipher_nid = NID_rc4, 569 .digest_nid = NID_sha1, 570 .handshake_digest_nid = NID_sha256, 571 .kx_nid = NID_kx_ecdhe, 572 .strength_bits = 128, 573 .symmetric_bits = 128, 574 }, 575 { 576 .value = 0xc017, 577 .auth_nid = NID_auth_null, 578 .cipher_nid = NID_des_ede3_cbc, 579 .digest_nid = NID_sha1, 580 .handshake_digest_nid = NID_sha256, 581 .kx_nid = NID_kx_ecdhe, 582 .strength_bits = 112, 583 .symmetric_bits = 168, 584 }, 585 { 586 .value = 0xc018, 587 .auth_nid = NID_auth_null, 588 .cipher_nid = NID_aes_128_cbc, 589 .digest_nid = NID_sha1, 590 .handshake_digest_nid = NID_sha256, 591 .kx_nid = NID_kx_ecdhe, 592 .strength_bits = 128, 593 .symmetric_bits = 128, 594 }, 595 { 596 .value = 0xc019, 597 .auth_nid = NID_auth_null, 598 .cipher_nid = NID_aes_256_cbc, 599 .digest_nid = NID_sha1, 600 .handshake_digest_nid = NID_sha256, 601 .kx_nid = NID_kx_ecdhe, 602 .strength_bits = 256, 603 .symmetric_bits = 256, 604 }, 605 { 606 .value = 0xc023, 607 .auth_nid = NID_auth_ecdsa, 608 .cipher_nid = NID_aes_128_cbc, 609 .digest_nid = NID_sha256, 610 .handshake_digest_nid = NID_sha256, 611 .kx_nid = NID_kx_ecdhe, 612 .strength_bits = 128, 613 .symmetric_bits = 128, 614 }, 615 { 616 .value = 0xc024, 617 .auth_nid = NID_auth_ecdsa, 618 .cipher_nid = NID_aes_256_cbc, 619 .digest_nid = NID_sha384, 620 .handshake_digest_nid = NID_sha384, 621 .kx_nid = NID_kx_ecdhe, 622 .strength_bits = 256, 623 .symmetric_bits = 256, 624 }, 625 { 626 .value = 0xc027, 627 .auth_nid = NID_auth_rsa, 628 .cipher_nid = NID_aes_128_cbc, 629 .digest_nid = NID_sha256, 630 .handshake_digest_nid = NID_sha256, 631 .kx_nid = NID_kx_ecdhe, 632 .strength_bits = 128, 633 .symmetric_bits = 128, 634 }, 635 { 636 .value = 0xc028, 637 .auth_nid = NID_auth_rsa, 638 .cipher_nid = NID_aes_256_cbc, 639 .digest_nid = NID_sha384, 640 .handshake_digest_nid = NID_sha384, 641 .kx_nid = NID_kx_ecdhe, 642 .strength_bits = 256, 643 .symmetric_bits = 256, 644 }, 645 { 646 .value = 0xc02b, 647 .auth_nid = NID_auth_ecdsa, 648 .cipher_nid = NID_aes_128_gcm, 649 .digest_nid = NID_undef, 650 .handshake_digest_nid = NID_sha256, 651 .kx_nid = NID_kx_ecdhe, 652 .strength_bits = 128, 653 .symmetric_bits = 128, 654 .is_aead = 1, 655 }, 656 { 657 .value = 0xc02c, 658 .auth_nid = NID_auth_ecdsa, 659 .cipher_nid = NID_aes_256_gcm, 660 .digest_nid = NID_undef, 661 .handshake_digest_nid = NID_sha384, 662 .kx_nid = NID_kx_ecdhe, 663 .strength_bits = 256, 664 .symmetric_bits = 256, 665 .is_aead = 1, 666 }, 667 { 668 .value = 0xc02f, 669 .auth_nid = NID_auth_rsa, 670 .cipher_nid = NID_aes_128_gcm, 671 .digest_nid = NID_undef, 672 .handshake_digest_nid = NID_sha256, 673 .kx_nid = NID_kx_ecdhe, 674 .strength_bits = 128, 675 .symmetric_bits = 128, 676 .is_aead = 1, 677 }, 678 { 679 .value = 0xc030, 680 .auth_nid = NID_auth_rsa, 681 .cipher_nid = NID_aes_256_gcm, 682 .digest_nid = NID_undef, 683 .handshake_digest_nid = NID_sha384, 684 .kx_nid = NID_kx_ecdhe, 685 .strength_bits = 256, 686 .symmetric_bits = 256, 687 .is_aead = 1, 688 }, 689 { 690 .value = 0xcca8, 691 .auth_nid = NID_auth_rsa, 692 .cipher_nid = NID_chacha20_poly1305, 693 .digest_nid = NID_undef, 694 .handshake_digest_nid = NID_sha256, 695 .kx_nid = NID_kx_ecdhe, 696 .strength_bits = 256, 697 .symmetric_bits = 256, 698 .is_aead = 1, 699 }, 700 { 701 .value = 0xcca9, 702 .auth_nid = NID_auth_ecdsa, 703 .cipher_nid = NID_chacha20_poly1305, 704 .digest_nid = NID_undef, 705 .handshake_digest_nid = NID_sha256, 706 .kx_nid = NID_kx_ecdhe, 707 .strength_bits = 256, 708 .symmetric_bits = 256, 709 .is_aead = 1, 710 }, 711 { 712 .value = 0xccaa, 713 .auth_nid = NID_auth_rsa, 714 .cipher_nid = NID_chacha20_poly1305, 715 .digest_nid = NID_undef, 716 .handshake_digest_nid = NID_sha256, 717 .kx_nid = NID_kx_dhe, 718 .strength_bits = 256, 719 .symmetric_bits = 256, 720 .is_aead = 1, 721 }, 722 }; 723 724 #define N_SSL_CIPHER_TESTS (sizeof(ssl_cipher_tests) / sizeof(ssl_cipher_tests[0])) 725 726 static int 727 test_ssl_ciphers(void) 728 { 729 int i, strength_bits, symmetric_bits; 730 const struct ssl_cipher_test *sct; 731 STACK_OF(SSL_CIPHER) *ciphers; 732 const SSL_CIPHER *cipher; 733 const EVP_MD *digest; 734 unsigned char buf[2]; 735 const char *description; 736 char desc_buf[256]; 737 SSL_CTX *ssl_ctx = NULL; 738 SSL *ssl = NULL; 739 size_t j; 740 int ret = 1; 741 742 if ((ssl_ctx = SSL_CTX_new(TLS_method())) == NULL) { 743 fprintf(stderr, "SSL_CTX_new() returned NULL\n"); 744 goto failure; 745 } 746 if ((ssl = SSL_new(ssl_ctx)) == NULL) { 747 fprintf(stderr, "SSL_new() returned NULL\n"); 748 goto failure; 749 } 750 if (!SSL_set_cipher_list(ssl, "ALL")) { 751 fprintf(stderr, "SSL_set_cipher_list failed\n"); 752 goto failure; 753 } 754 755 if ((ciphers = SSL_get_ciphers(ssl)) == NULL) { 756 fprintf(stderr, "no ciphers\n"); 757 goto failure; 758 } 759 760 if (sk_SSL_CIPHER_num(ciphers) != N_SSL_CIPHER_TESTS) { 761 fprintf(stderr, "number of ciphers mismatch (%d != %zu)\n", 762 sk_SSL_CIPHER_num(ciphers), N_SSL_CIPHER_TESTS); 763 goto failure; 764 } 765 766 for (i = 0; i < sk_SSL_CIPHER_num(ciphers); i++) { 767 uint16_t cipher_value; 768 769 cipher = sk_SSL_CIPHER_value(ciphers, i); 770 cipher_value = SSL_CIPHER_get_value(cipher); 771 772 buf[0] = cipher_value >> 8; 773 buf[1] = cipher_value & 0xff; 774 775 if ((cipher = SSL_CIPHER_find(ssl, buf)) == NULL) { 776 fprintf(stderr, "SSL_CIPHER_find() returned NULL for %s\n", 777 SSL_CIPHER_get_name(cipher)); 778 goto failure; 779 } 780 if (SSL_CIPHER_get_value(cipher) != cipher_value) { 781 fprintf(stderr, "got cipher with value 0x%04x, want 0x%04x\n", 782 SSL_CIPHER_get_value(cipher), cipher_value); 783 goto failure; 784 } 785 if (SSL_CIPHER_get_id(cipher) != (0x03000000UL | cipher_value)) { 786 fprintf(stderr, "got cipher id 0x%08lx, want 0x%08lx\n", 787 SSL_CIPHER_get_id(cipher), (0x03000000UL | cipher_value)); 788 goto failure; 789 } 790 791 sct = NULL; 792 for (j = 0; j < N_SSL_CIPHER_TESTS; j++) { 793 if (ssl_cipher_tests[j].value == cipher_value) { 794 sct = &ssl_cipher_tests[j]; 795 break; 796 } 797 } 798 if (sct == NULL) { 799 fprintf(stderr, "cipher '%s' (0x%04x) not found in test " 800 "table\n", SSL_CIPHER_get_name(cipher), cipher_value); 801 goto failure; 802 } 803 804 if (SSL_CIPHER_get_auth_nid(cipher) != sct->auth_nid) { 805 fprintf(stderr, "cipher '%s' (0x%04x) - got auth nid %d, " 806 "want %d\n", SSL_CIPHER_get_name(cipher), cipher_value, 807 SSL_CIPHER_get_auth_nid(cipher), sct->auth_nid); 808 goto failure; 809 } 810 if (SSL_CIPHER_get_cipher_nid(cipher) != sct->cipher_nid) { 811 fprintf(stderr, "cipher '%s' (0x%04x) - got cipher nid %d, " 812 "want %d\n", SSL_CIPHER_get_name(cipher), cipher_value, 813 SSL_CIPHER_get_cipher_nid(cipher), sct->cipher_nid); 814 goto failure; 815 } 816 if (SSL_CIPHER_get_digest_nid(cipher) != sct->digest_nid) { 817 fprintf(stderr, "cipher '%s' (0x%04x) - got digest nid %d, " 818 "want %d\n", SSL_CIPHER_get_name(cipher), cipher_value, 819 SSL_CIPHER_get_digest_nid(cipher), sct->digest_nid); 820 goto failure; 821 } 822 if (SSL_CIPHER_get_kx_nid(cipher) != sct->kx_nid) { 823 fprintf(stderr, "cipher '%s' (0x%04x) - got kx nid %d, " 824 "want %d\n", SSL_CIPHER_get_name(cipher), cipher_value, 825 SSL_CIPHER_get_kx_nid(cipher), sct->kx_nid); 826 goto failure; 827 } 828 829 /* Having API consistency is a wonderful thing... */ 830 digest = SSL_CIPHER_get_handshake_digest(cipher); 831 if (EVP_MD_nid(digest) != sct->handshake_digest_nid) { 832 fprintf(stderr, "cipher '%s' (0x%04x) - got handshake " 833 "digest nid %d, want %d\n", SSL_CIPHER_get_name(cipher), 834 cipher_value, EVP_MD_nid(digest), sct->handshake_digest_nid); 835 goto failure; 836 } 837 838 strength_bits = SSL_CIPHER_get_bits(cipher, &symmetric_bits); 839 if (strength_bits != sct->strength_bits) { 840 fprintf(stderr, "cipher '%s' (0x%04x) - got strength bits " 841 "%d, want %d\n", SSL_CIPHER_get_name(cipher), 842 cipher_value, strength_bits, sct->strength_bits); 843 goto failure; 844 } 845 if (symmetric_bits != sct->symmetric_bits) { 846 fprintf(stderr, "cipher '%s' (0x%04x) - got symmetric bits " 847 "%d, want %d\n", SSL_CIPHER_get_name(cipher), 848 cipher_value, symmetric_bits, sct->symmetric_bits); 849 goto failure; 850 } 851 if (SSL_CIPHER_is_aead(cipher) != sct->is_aead) { 852 fprintf(stderr, "cipher '%s' (0x%04x) - got is aead %d, " 853 "want %d\n", SSL_CIPHER_get_name(cipher), cipher_value, 854 SSL_CIPHER_is_aead(cipher), sct->is_aead); 855 goto failure; 856 } 857 858 if ((description = SSL_CIPHER_description(cipher, desc_buf, 859 sizeof(desc_buf))) != desc_buf) { 860 fprintf(stderr, "cipher '%s' (0x%04x) - failed to get " 861 "description\n", SSL_CIPHER_get_name(cipher), cipher_value); 862 goto failure; 863 } 864 } 865 866 ret = 0; 867 868 failure: 869 SSL_CTX_free(ssl_ctx); 870 SSL_free(ssl); 871 872 return (ret); 873 } 874 875 struct parse_ciphersuites_test { 876 const char *str; 877 const int want; 878 const unsigned long cids[32]; 879 }; 880 881 struct parse_ciphersuites_test parse_ciphersuites_tests[] = { 882 { 883 /* LibreSSL names. */ 884 .str = "AEAD-AES256-GCM-SHA384:AEAD-CHACHA20-POLY1305-SHA256:AEAD-AES128-GCM-SHA256", 885 .want = 1, 886 .cids = { 887 TLS1_3_CK_AES_256_GCM_SHA384, 888 TLS1_3_CK_CHACHA20_POLY1305_SHA256, 889 TLS1_3_CK_AES_128_GCM_SHA256, 890 }, 891 }, 892 { 893 /* OpenSSL names. */ 894 .str = "TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256", 895 .want = 1, 896 .cids = { 897 TLS1_3_CK_AES_256_GCM_SHA384, 898 TLS1_3_CK_CHACHA20_POLY1305_SHA256, 899 TLS1_3_CK_AES_128_GCM_SHA256, 900 }, 901 }, 902 { 903 /* Different priority order. */ 904 .str = "AEAD-AES128-GCM-SHA256:AEAD-AES256-GCM-SHA384:AEAD-CHACHA20-POLY1305-SHA256", 905 .want = 1, 906 .cids = { 907 TLS1_3_CK_AES_128_GCM_SHA256, 908 TLS1_3_CK_AES_256_GCM_SHA384, 909 TLS1_3_CK_CHACHA20_POLY1305_SHA256, 910 }, 911 }, 912 { 913 /* Known but unsupported names. */ 914 .str = "AEAD-AES256-GCM-SHA384:AEAD-AES128-CCM-SHA256:AEAD-AES128-CCM-8-SHA256", 915 .want = 1, 916 .cids = { 917 TLS1_3_CK_AES_256_GCM_SHA384, 918 }, 919 }, 920 { 921 /* Empty string means no TLSv1.3 ciphersuites. */ 922 .str = "", 923 .want = 1, 924 .cids = { 0 }, 925 }, 926 { 927 .str = "TLS_CHACHA20_POLY1305_SHA256:TLS_NOT_A_CIPHERSUITE", 928 .want = 0, 929 }, 930 { 931 .str = "TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256,TLS_AES_128_GCM_SHA256", 932 .want = 0, 933 }, 934 }; 935 936 #define N_PARSE_CIPHERSUITES_TESTS \ 937 (sizeof(parse_ciphersuites_tests) / sizeof(*parse_ciphersuites_tests)) 938 939 static int 940 parse_ciphersuites_test(void) 941 { 942 struct parse_ciphersuites_test *pct; 943 STACK_OF(SSL_CIPHER) *ciphers = NULL; 944 SSL_CIPHER *cipher; 945 int failed = 1; 946 int j, ret; 947 size_t i; 948 949 for (i = 0; i < N_PARSE_CIPHERSUITES_TESTS; i++) { 950 pct = &parse_ciphersuites_tests[i]; 951 952 ret = ssl_parse_ciphersuites(&ciphers, pct->str); 953 if (ret != pct->want) { 954 fprintf(stderr, "FAIL: test %zu - " 955 "ssl_parse_ciphersuites returned %d, want %d\n", 956 i, ret, pct->want); 957 goto failed; 958 } 959 if (ret == 0) 960 continue; 961 962 for (j = 0; j < sk_SSL_CIPHER_num(ciphers); j++) { 963 cipher = sk_SSL_CIPHER_value(ciphers, j); 964 if (SSL_CIPHER_get_id(cipher) == pct->cids[j]) 965 continue; 966 fprintf(stderr, "FAIL: test %zu - got cipher %d with " 967 "id %lx, want %lx\n", i, j, 968 SSL_CIPHER_get_id(cipher), pct->cids[j]); 969 goto failed; 970 } 971 if (pct->cids[j] != 0) { 972 fprintf(stderr, "FAIL: test %zu - got %d ciphers, " 973 "expected more", i, sk_SSL_CIPHER_num(ciphers)); 974 goto failed; 975 } 976 } 977 978 failed = 0; 979 980 failed: 981 sk_SSL_CIPHER_free(ciphers); 982 983 return failed; 984 } 985 986 struct cipher_set_test { 987 int ctx_ciphersuites_first; 988 const char *ctx_ciphersuites; 989 const char *ctx_rulestr; 990 int ssl_ciphersuites_first; 991 const char *ssl_ciphersuites; 992 const char *ssl_rulestr; 993 int cids_aes_accel_fixup; 994 unsigned long cids[32]; 995 }; 996 997 struct cipher_set_test cipher_set_tests[] = { 998 { 999 .ctx_rulestr = "TLSv1.2+ECDHE+AEAD+AES", 1000 .cids_aes_accel_fixup = 1, 1001 .cids = { 1002 TLS1_3_CK_AES_256_GCM_SHA384, 1003 TLS1_3_CK_CHACHA20_POLY1305_SHA256, 1004 TLS1_3_CK_AES_128_GCM_SHA256, 1005 TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384, 1006 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, 1007 TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 1008 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 1009 }, 1010 }, 1011 { 1012 .ssl_rulestr = "TLSv1.2+ECDHE+AEAD+AES", 1013 .cids_aes_accel_fixup = 1, 1014 .cids = { 1015 TLS1_3_CK_AES_256_GCM_SHA384, 1016 TLS1_3_CK_CHACHA20_POLY1305_SHA256, 1017 TLS1_3_CK_AES_128_GCM_SHA256, 1018 TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384, 1019 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, 1020 TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 1021 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 1022 }, 1023 }, 1024 { 1025 .ctx_ciphersuites_first = 1, 1026 .ctx_ciphersuites = "AEAD-AES256-GCM-SHA384:AEAD-CHACHA20-POLY1305-SHA256", 1027 .ctx_rulestr = "TLSv1.2+ECDHE+AEAD+AES", 1028 .cids = { 1029 TLS1_3_CK_AES_256_GCM_SHA384, 1030 TLS1_3_CK_CHACHA20_POLY1305_SHA256, 1031 TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384, 1032 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, 1033 TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 1034 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 1035 }, 1036 }, 1037 { 1038 .ssl_ciphersuites_first = 1, 1039 .ssl_ciphersuites = "AEAD-AES256-GCM-SHA384:AEAD-CHACHA20-POLY1305-SHA256", 1040 .ssl_rulestr = "TLSv1.2+ECDHE+AEAD+AES", 1041 .cids = { 1042 TLS1_3_CK_AES_256_GCM_SHA384, 1043 TLS1_3_CK_CHACHA20_POLY1305_SHA256, 1044 TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384, 1045 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, 1046 TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 1047 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 1048 }, 1049 }, 1050 { 1051 .ctx_ciphersuites_first = 0, 1052 .ctx_ciphersuites = "AEAD-AES256-GCM-SHA384:AEAD-CHACHA20-POLY1305-SHA256", 1053 .ctx_rulestr = "TLSv1.2+ECDHE+AEAD+AES", 1054 .cids = { 1055 TLS1_3_CK_AES_256_GCM_SHA384, 1056 TLS1_3_CK_CHACHA20_POLY1305_SHA256, 1057 TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384, 1058 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, 1059 TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 1060 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 1061 }, 1062 }, 1063 { 1064 .ssl_ciphersuites_first = 0, 1065 .ssl_ciphersuites = "AEAD-AES256-GCM-SHA384:AEAD-CHACHA20-POLY1305-SHA256", 1066 .ssl_rulestr = "TLSv1.2+ECDHE+AEAD+AES", 1067 .cids = { 1068 TLS1_3_CK_AES_256_GCM_SHA384, 1069 TLS1_3_CK_CHACHA20_POLY1305_SHA256, 1070 TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384, 1071 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, 1072 TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 1073 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 1074 }, 1075 }, 1076 { 1077 .ssl_ciphersuites_first = 1, 1078 .ssl_ciphersuites = "", 1079 .ssl_rulestr = "TLSv1.2+ECDHE+AEAD+AES", 1080 .cids = { 1081 TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384, 1082 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, 1083 TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 1084 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 1085 }, 1086 }, 1087 { 1088 .ssl_ciphersuites_first = 0, 1089 .ssl_ciphersuites = "", 1090 .ssl_rulestr = "TLSv1.2+ECDHE+AEAD+AES", 1091 .cids = { 1092 TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384, 1093 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, 1094 TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 1095 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 1096 }, 1097 }, 1098 { 1099 .ctx_ciphersuites = "AEAD-AES256-GCM-SHA384:AEAD-CHACHA20-POLY1305-SHA256", 1100 .ssl_rulestr = "TLSv1.2+ECDHE+AEAD+AES", 1101 .cids = { 1102 TLS1_3_CK_AES_256_GCM_SHA384, 1103 TLS1_3_CK_CHACHA20_POLY1305_SHA256, 1104 TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384, 1105 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, 1106 TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 1107 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 1108 }, 1109 }, 1110 { 1111 .ctx_rulestr = "TLSv1.2+ECDHE+AEAD+AES", 1112 .ssl_ciphersuites = "AEAD-AES256-GCM-SHA384:AEAD-CHACHA20-POLY1305-SHA256", 1113 .cids = { 1114 TLS1_3_CK_AES_256_GCM_SHA384, 1115 TLS1_3_CK_CHACHA20_POLY1305_SHA256, 1116 TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384, 1117 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, 1118 TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 1119 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 1120 }, 1121 }, 1122 }; 1123 1124 #define N_CIPHER_SET_TESTS \ 1125 (sizeof(cipher_set_tests) / sizeof(*cipher_set_tests)) 1126 1127 static int 1128 cipher_set_test(void) 1129 { 1130 struct cipher_set_test *cst; 1131 STACK_OF(SSL_CIPHER) *ciphers = NULL; 1132 SSL_CIPHER *cipher; 1133 SSL_CTX *ctx = NULL; 1134 SSL *ssl = NULL; 1135 int failed = 0; 1136 size_t i; 1137 int j; 1138 1139 for (i = 0; i < N_CIPHER_SET_TESTS; i++) { 1140 cst = &cipher_set_tests[i]; 1141 1142 if (!ssl_aes_is_accelerated() && cst->cids_aes_accel_fixup) { 1143 cst->cids[0] = TLS1_3_CK_CHACHA20_POLY1305_SHA256; 1144 cst->cids[1] = TLS1_3_CK_AES_256_GCM_SHA384; 1145 } 1146 1147 if ((ctx = SSL_CTX_new(TLS_method())) == NULL) 1148 errx(1, "SSL_CTX_new"); 1149 1150 if (cst->ctx_ciphersuites_first && cst->ctx_ciphersuites != NULL) { 1151 if (!SSL_CTX_set_ciphersuites(ctx, cst->ctx_ciphersuites)) 1152 errx(1, "SSL_CTX_set_ciphersuites"); 1153 } 1154 if (cst->ctx_rulestr != NULL) { 1155 if (!SSL_CTX_set_cipher_list(ctx, cst->ctx_rulestr)) 1156 errx(1, "SSL_CTX_set_cipher_list"); 1157 } 1158 if (!cst->ctx_ciphersuites_first && cst->ctx_ciphersuites != NULL) { 1159 if (!SSL_CTX_set_ciphersuites(ctx, cst->ctx_ciphersuites)) 1160 errx(1, "SSL_CTX_set_ciphersuites"); 1161 } 1162 1163 /* XXX - check SSL_CTX_get_ciphers(ctx) */ 1164 1165 if ((ssl = SSL_new(ctx)) == NULL) 1166 errx(1, "SSL_new"); 1167 1168 if (cst->ssl_ciphersuites_first && cst->ssl_ciphersuites != NULL) { 1169 if (!SSL_set_ciphersuites(ssl, cst->ssl_ciphersuites)) 1170 errx(1, "SSL_set_ciphersuites"); 1171 } 1172 if (cst->ssl_rulestr != NULL) { 1173 if (!SSL_set_cipher_list(ssl, cst->ssl_rulestr)) 1174 errx(1, "SSL_set_cipher_list"); 1175 } 1176 if (!cst->ssl_ciphersuites_first && cst->ssl_ciphersuites != NULL) { 1177 if (!SSL_set_ciphersuites(ssl, cst->ssl_ciphersuites)) 1178 errx(1, "SSL_set_ciphersuites"); 1179 } 1180 1181 ciphers = SSL_get_ciphers(ssl); 1182 1183 for (j = 0; j < sk_SSL_CIPHER_num(ciphers); j++) { 1184 cipher = sk_SSL_CIPHER_value(ciphers, j); 1185 if (SSL_CIPHER_get_id(cipher) == cst->cids[j]) 1186 continue; 1187 fprintf(stderr, "FAIL: test %zu - got cipher %d with " 1188 "id %lx, want %lx\n", i, j, 1189 SSL_CIPHER_get_id(cipher), cst->cids[j]); 1190 failed |= 1; 1191 } 1192 if (cst->cids[j] != 0) { 1193 fprintf(stderr, "FAIL: test %zu - got %d ciphers, " 1194 "expected more", i, sk_SSL_CIPHER_num(ciphers)); 1195 failed |= 1; 1196 } 1197 1198 SSL_CTX_free(ctx); 1199 SSL_free(ssl); 1200 } 1201 1202 return failed; 1203 } 1204 1205 int 1206 main(int argc, char **argv) 1207 { 1208 int failed = 0; 1209 1210 failed |= check_cipher_order(); 1211 1212 failed |= test_ssl_ciphers(); 1213 1214 failed |= parse_ciphersuites_test(); 1215 failed |= cipher_set_test(); 1216 1217 return (failed); 1218 } 1219