1 /* 2 * Copyright (c) 2015, 2020 Joel Sing <jsing@openbsd.org> 3 * 4 * Permission to use, copy, modify, and distribute this software for any 5 * purpose with or without fee is hereby granted, provided that the above 6 * copyright notice and this permission notice appear in all copies. 7 * 8 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 9 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 10 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 11 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 12 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 13 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 14 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 15 */ 16 17 #include <openssl/evp.h> 18 #include <openssl/objects.h> 19 #include <openssl/ssl.h> 20 21 #include <err.h> 22 #include <stdio.h> 23 #include <string.h> 24 25 int ssl3_num_ciphers(void); 26 const SSL_CIPHER *ssl3_get_cipher_by_index(int idx); 27 28 int ssl_parse_ciphersuites(STACK_OF(SSL_CIPHER) **out_ciphers, const char *str); 29 30 static inline int 31 ssl_aes_is_accelerated(void) 32 { 33 #if defined(__i386__) || defined(__x86_64__) 34 return ((OPENSSL_cpu_caps() & (1ULL << 57)) != 0); 35 #else 36 return (0); 37 #endif 38 } 39 40 static int 41 check_cipher_order(void) 42 { 43 unsigned long id, prev_id = 0; 44 const SSL_CIPHER *cipher; 45 int num_ciphers; 46 int i; 47 48 num_ciphers = ssl3_num_ciphers(); 49 50 for (i = 0; i < num_ciphers; i++) { 51 if ((cipher = ssl3_get_cipher_by_index(i)) == NULL) { 52 fprintf(stderr, "FAIL: ssl3_get_cipher(%d) returned " 53 "NULL\n", i); 54 return 1; 55 } 56 if ((id = SSL_CIPHER_get_id(cipher)) <= prev_id) { 57 fprintf(stderr, "FAIL: ssl3_ciphers is not sorted by " 58 "id - cipher %d (%lx) <= cipher %d (%lx)\n", 59 i, id, i - 1, prev_id); 60 return 1; 61 } 62 prev_id = id; 63 } 64 65 return 0; 66 } 67 68 struct ssl_cipher_test { 69 uint16_t value; 70 int auth_nid; 71 int cipher_nid; 72 int digest_nid; 73 int handshake_digest_nid; 74 int kx_nid; 75 int strength_bits; 76 int symmetric_bits; 77 int is_aead; 78 }; 79 80 static const struct ssl_cipher_test ssl_cipher_tests[] = { 81 { 82 .value = 0x0004, 83 .auth_nid = NID_auth_rsa, 84 .cipher_nid = NID_rc4, 85 .digest_nid = NID_md5, 86 .handshake_digest_nid = NID_sha256, 87 .kx_nid = NID_kx_rsa, 88 .strength_bits = 128, 89 .symmetric_bits = 128, 90 }, 91 { 92 .value = 0x0005, 93 .auth_nid = NID_auth_rsa, 94 .cipher_nid = NID_rc4, 95 .digest_nid = NID_sha1, 96 .handshake_digest_nid = NID_sha256, 97 .kx_nid = NID_kx_rsa, 98 .strength_bits = 128, 99 .symmetric_bits = 128, 100 }, 101 { 102 .value = 0x000a, 103 .auth_nid = NID_auth_rsa, 104 .cipher_nid = NID_des_ede3_cbc, 105 .digest_nid = NID_sha1, 106 .handshake_digest_nid = NID_sha256, 107 .kx_nid = NID_kx_rsa, 108 .strength_bits = 112, 109 .symmetric_bits = 168, 110 }, 111 { 112 .value = 0x0016, 113 .auth_nid = NID_auth_rsa, 114 .cipher_nid = NID_des_ede3_cbc, 115 .digest_nid = NID_sha1, 116 .handshake_digest_nid = NID_sha256, 117 .kx_nid = NID_kx_dhe, 118 .strength_bits = 112, 119 .symmetric_bits = 168, 120 }, 121 { 122 .value = 0x0018, 123 .auth_nid = NID_auth_null, 124 .cipher_nid = NID_rc4, 125 .digest_nid = NID_md5, 126 .handshake_digest_nid = NID_sha256, 127 .kx_nid = NID_kx_dhe, 128 .strength_bits = 128, 129 .symmetric_bits = 128, 130 }, 131 { 132 .value = 0x001b, 133 .auth_nid = NID_auth_null, 134 .cipher_nid = NID_des_ede3_cbc, 135 .digest_nid = NID_sha1, 136 .handshake_digest_nid = NID_sha256, 137 .kx_nid = NID_kx_dhe, 138 .strength_bits = 112, 139 .symmetric_bits = 168, 140 }, 141 { 142 .value = 0x002f, 143 .auth_nid = NID_auth_rsa, 144 .cipher_nid = NID_aes_128_cbc, 145 .digest_nid = NID_sha1, 146 .handshake_digest_nid = NID_sha256, 147 .kx_nid = NID_kx_rsa, 148 .strength_bits = 128, 149 .symmetric_bits = 128, 150 }, 151 { 152 .value = 0x0033, 153 .auth_nid = NID_auth_rsa, 154 .cipher_nid = NID_aes_128_cbc, 155 .digest_nid = NID_sha1, 156 .handshake_digest_nid = NID_sha256, 157 .kx_nid = NID_kx_dhe, 158 .strength_bits = 128, 159 .symmetric_bits = 128, 160 }, 161 { 162 .value = 0x0034, 163 .auth_nid = NID_auth_null, 164 .cipher_nid = NID_aes_128_cbc, 165 .digest_nid = NID_sha1, 166 .handshake_digest_nid = NID_sha256, 167 .kx_nid = NID_kx_dhe, 168 .strength_bits = 128, 169 .symmetric_bits = 128, 170 }, 171 { 172 .value = 0x0035, 173 .auth_nid = NID_auth_rsa, 174 .cipher_nid = NID_aes_256_cbc, 175 .digest_nid = NID_sha1, 176 .handshake_digest_nid = NID_sha256, 177 .kx_nid = NID_kx_rsa, 178 .strength_bits = 256, 179 .symmetric_bits = 256, 180 }, 181 { 182 .value = 0x0039, 183 .auth_nid = NID_auth_rsa, 184 .cipher_nid = NID_aes_256_cbc, 185 .digest_nid = NID_sha1, 186 .handshake_digest_nid = NID_sha256, 187 .kx_nid = NID_kx_dhe, 188 .strength_bits = 256, 189 .symmetric_bits = 256, 190 }, 191 { 192 .value = 0x003a, 193 .auth_nid = NID_auth_null, 194 .cipher_nid = NID_aes_256_cbc, 195 .digest_nid = NID_sha1, 196 .handshake_digest_nid = NID_sha256, 197 .kx_nid = NID_kx_dhe, 198 .strength_bits = 256, 199 .symmetric_bits = 256, 200 }, 201 { 202 .value = 0x003c, 203 .auth_nid = NID_auth_rsa, 204 .cipher_nid = NID_aes_128_cbc, 205 .digest_nid = NID_sha256, 206 .handshake_digest_nid = NID_sha256, 207 .kx_nid = NID_kx_rsa, 208 .strength_bits = 128, 209 .symmetric_bits = 128, 210 }, 211 { 212 .value = 0x003d, 213 .auth_nid = NID_auth_rsa, 214 .cipher_nid = NID_aes_256_cbc, 215 .digest_nid = NID_sha256, 216 .handshake_digest_nid = NID_sha256, 217 .kx_nid = NID_kx_rsa, 218 .strength_bits = 256, 219 .symmetric_bits = 256, 220 }, 221 { 222 .value = 0x0041, 223 .auth_nid = NID_auth_rsa, 224 .cipher_nid = NID_camellia_128_cbc, 225 .digest_nid = NID_sha1, 226 .handshake_digest_nid = NID_sha256, 227 .kx_nid = NID_kx_rsa, 228 .strength_bits = 128, 229 .symmetric_bits = 128, 230 }, 231 { 232 .value = 0x0045, 233 .auth_nid = NID_auth_rsa, 234 .cipher_nid = NID_camellia_128_cbc, 235 .digest_nid = NID_sha1, 236 .handshake_digest_nid = NID_sha256, 237 .kx_nid = NID_kx_dhe, 238 .strength_bits = 128, 239 .symmetric_bits = 128, 240 }, 241 { 242 .value = 0x0046, 243 .auth_nid = NID_auth_null, 244 .cipher_nid = NID_camellia_128_cbc, 245 .digest_nid = NID_sha1, 246 .handshake_digest_nid = NID_sha256, 247 .kx_nid = NID_kx_dhe, 248 .strength_bits = 128, 249 .symmetric_bits = 128, 250 }, 251 { 252 .value = 0x0067, 253 .auth_nid = NID_auth_rsa, 254 .cipher_nid = NID_aes_128_cbc, 255 .digest_nid = NID_sha256, 256 .handshake_digest_nid = NID_sha256, 257 .kx_nid = NID_kx_dhe, 258 .strength_bits = 128, 259 .symmetric_bits = 128, 260 }, 261 { 262 .value = 0x006b, 263 .auth_nid = NID_auth_rsa, 264 .cipher_nid = NID_aes_256_cbc, 265 .digest_nid = NID_sha256, 266 .handshake_digest_nid = NID_sha256, 267 .kx_nid = NID_kx_dhe, 268 .strength_bits = 256, 269 .symmetric_bits = 256, 270 }, 271 { 272 .value = 0x006c, 273 .auth_nid = NID_auth_null, 274 .cipher_nid = NID_aes_128_cbc, 275 .digest_nid = NID_sha256, 276 .handshake_digest_nid = NID_sha256, 277 .kx_nid = NID_kx_dhe, 278 .strength_bits = 128, 279 .symmetric_bits = 128, 280 }, 281 { 282 .value = 0x006d, 283 .auth_nid = NID_auth_null, 284 .cipher_nid = NID_aes_256_cbc, 285 .digest_nid = NID_sha256, 286 .handshake_digest_nid = NID_sha256, 287 .kx_nid = NID_kx_dhe, 288 .strength_bits = 256, 289 .symmetric_bits = 256, 290 }, 291 { 292 .value = 0x0084, 293 .auth_nid = NID_auth_rsa, 294 .cipher_nid = NID_camellia_256_cbc, 295 .digest_nid = NID_sha1, 296 .handshake_digest_nid = NID_sha256, 297 .kx_nid = NID_kx_rsa, 298 .strength_bits = 256, 299 .symmetric_bits = 256, 300 }, 301 { 302 .value = 0x0088, 303 .auth_nid = NID_auth_rsa, 304 .cipher_nid = NID_camellia_256_cbc, 305 .digest_nid = NID_sha1, 306 .handshake_digest_nid = NID_sha256, 307 .kx_nid = NID_kx_dhe, 308 .strength_bits = 256, 309 .symmetric_bits = 256, 310 }, 311 { 312 .value = 0x0089, 313 .auth_nid = NID_auth_null, 314 .cipher_nid = NID_camellia_256_cbc, 315 .digest_nid = NID_sha1, 316 .handshake_digest_nid = NID_sha256, 317 .kx_nid = NID_kx_dhe, 318 .strength_bits = 256, 319 .symmetric_bits = 256, 320 }, 321 { 322 .value = 0x009c, 323 .auth_nid = NID_auth_rsa, 324 .cipher_nid = NID_aes_128_gcm, 325 .digest_nid = NID_undef, 326 .handshake_digest_nid = NID_sha256, 327 .kx_nid = NID_kx_rsa, 328 .strength_bits = 128, 329 .symmetric_bits = 128, 330 .is_aead = 1, 331 }, 332 { 333 .value = 0x009d, 334 .auth_nid = NID_auth_rsa, 335 .cipher_nid = NID_aes_256_gcm, 336 .digest_nid = NID_undef, 337 .handshake_digest_nid = NID_sha384, 338 .kx_nid = NID_kx_rsa, 339 .strength_bits = 256, 340 .symmetric_bits = 256, 341 .is_aead = 1, 342 }, 343 { 344 .value = 0x009e, 345 .auth_nid = NID_auth_rsa, 346 .cipher_nid = NID_aes_128_gcm, 347 .digest_nid = NID_undef, 348 .handshake_digest_nid = NID_sha256, 349 .kx_nid = NID_kx_dhe, 350 .strength_bits = 128, 351 .symmetric_bits = 128, 352 .is_aead = 1, 353 }, 354 { 355 .value = 0x009f, 356 .auth_nid = NID_auth_rsa, 357 .cipher_nid = NID_aes_256_gcm, 358 .digest_nid = NID_undef, 359 .handshake_digest_nid = NID_sha384, 360 .kx_nid = NID_kx_dhe, 361 .strength_bits = 256, 362 .symmetric_bits = 256, 363 .is_aead = 1, 364 }, 365 { 366 .value = 0x00a6, 367 .auth_nid = NID_auth_null, 368 .cipher_nid = NID_aes_128_gcm, 369 .digest_nid = NID_undef, 370 .handshake_digest_nid = NID_sha256, 371 .kx_nid = NID_kx_dhe, 372 .strength_bits = 128, 373 .symmetric_bits = 128, 374 .is_aead = 1, 375 }, 376 { 377 .value = 0x00a7, 378 .auth_nid = NID_auth_null, 379 .cipher_nid = NID_aes_256_gcm, 380 .digest_nid = NID_undef, 381 .handshake_digest_nid = NID_sha384, 382 .kx_nid = NID_kx_dhe, 383 .strength_bits = 256, 384 .symmetric_bits = 256, 385 .is_aead = 1, 386 }, 387 { 388 .value = 0x00ba, 389 .auth_nid = NID_auth_rsa, 390 .cipher_nid = NID_camellia_128_cbc, 391 .digest_nid = NID_sha256, 392 .handshake_digest_nid = NID_sha256, 393 .kx_nid = NID_kx_rsa, 394 .strength_bits = 128, 395 .symmetric_bits = 128, 396 }, 397 { 398 .value = 0x00be, 399 .auth_nid = NID_auth_rsa, 400 .cipher_nid = NID_camellia_128_cbc, 401 .digest_nid = NID_sha256, 402 .handshake_digest_nid = NID_sha256, 403 .kx_nid = NID_kx_dhe, 404 .strength_bits = 128, 405 .symmetric_bits = 128, 406 }, 407 { 408 .value = 0x00bf, 409 .auth_nid = NID_auth_null, 410 .cipher_nid = NID_camellia_128_cbc, 411 .digest_nid = NID_sha256, 412 .handshake_digest_nid = NID_sha256, 413 .kx_nid = NID_kx_dhe, 414 .strength_bits = 128, 415 .symmetric_bits = 128, 416 }, 417 { 418 .value = 0x00c0, 419 .auth_nid = NID_auth_rsa, 420 .cipher_nid = NID_camellia_256_cbc, 421 .digest_nid = NID_sha256, 422 .handshake_digest_nid = NID_sha256, 423 .kx_nid = NID_kx_rsa, 424 .strength_bits = 256, 425 .symmetric_bits = 256, 426 }, 427 { 428 .value = 0x00c4, 429 .auth_nid = NID_auth_rsa, 430 .cipher_nid = NID_camellia_256_cbc, 431 .digest_nid = NID_sha256, 432 .handshake_digest_nid = NID_sha256, 433 .kx_nid = NID_kx_dhe, 434 .strength_bits = 256, 435 .symmetric_bits = 256, 436 }, 437 { 438 .value = 0x00c5, 439 .auth_nid = NID_auth_null, 440 .cipher_nid = NID_camellia_256_cbc, 441 .digest_nid = NID_sha256, 442 .handshake_digest_nid = NID_sha256, 443 .kx_nid = NID_kx_dhe, 444 .strength_bits = 256, 445 .symmetric_bits = 256, 446 }, 447 { 448 .value = 0x1301, 449 .auth_nid = NID_undef, 450 .cipher_nid = NID_aes_128_gcm, 451 .digest_nid = NID_undef, 452 .handshake_digest_nid = NID_sha256, 453 .kx_nid = NID_undef, 454 .strength_bits = 128, 455 .symmetric_bits = 128, 456 .is_aead = 1, 457 }, 458 { 459 .value = 0x1302, 460 .auth_nid = NID_undef, 461 .cipher_nid = NID_aes_256_gcm, 462 .digest_nid = NID_undef, 463 .handshake_digest_nid = NID_sha384, 464 .kx_nid = NID_undef, 465 .strength_bits = 256, 466 .symmetric_bits = 256, 467 .is_aead = 1, 468 }, 469 { 470 .value = 0x1303, 471 .auth_nid = NID_undef, 472 .cipher_nid = NID_chacha20_poly1305, 473 .digest_nid = NID_undef, 474 .handshake_digest_nid = NID_sha256, 475 .kx_nid = NID_undef, 476 .strength_bits = 256, 477 .symmetric_bits = 256, 478 .is_aead = 1, 479 }, 480 { 481 .value = 0xc007, 482 .auth_nid = NID_auth_ecdsa, 483 .cipher_nid = NID_rc4, 484 .digest_nid = NID_sha1, 485 .handshake_digest_nid = NID_sha256, 486 .kx_nid = NID_kx_ecdhe, 487 .strength_bits = 128, 488 .symmetric_bits = 128, 489 }, 490 { 491 .value = 0xc008, 492 .auth_nid = NID_auth_ecdsa, 493 .cipher_nid = NID_des_ede3_cbc, 494 .digest_nid = NID_sha1, 495 .handshake_digest_nid = NID_sha256, 496 .kx_nid = NID_kx_ecdhe, 497 .strength_bits = 112, 498 .symmetric_bits = 168, 499 }, 500 { 501 .value = 0xc009, 502 .auth_nid = NID_auth_ecdsa, 503 .cipher_nid = NID_aes_128_cbc, 504 .digest_nid = NID_sha1, 505 .handshake_digest_nid = NID_sha256, 506 .kx_nid = NID_kx_ecdhe, 507 .strength_bits = 128, 508 .symmetric_bits = 128, 509 }, 510 { 511 .value = 0xc00a, 512 .auth_nid = NID_auth_ecdsa, 513 .cipher_nid = NID_aes_256_cbc, 514 .digest_nid = NID_sha1, 515 .handshake_digest_nid = NID_sha256, 516 .kx_nid = NID_kx_ecdhe, 517 .strength_bits = 256, 518 .symmetric_bits = 256, 519 }, 520 { 521 .value = 0xc011, 522 .auth_nid = NID_auth_rsa, 523 .cipher_nid = NID_rc4, 524 .digest_nid = NID_sha1, 525 .handshake_digest_nid = NID_sha256, 526 .kx_nid = NID_kx_ecdhe, 527 .strength_bits = 128, 528 .symmetric_bits = 128, 529 }, 530 { 531 .value = 0xc012, 532 .auth_nid = NID_auth_rsa, 533 .cipher_nid = NID_des_ede3_cbc, 534 .digest_nid = NID_sha1, 535 .handshake_digest_nid = NID_sha256, 536 .kx_nid = NID_kx_ecdhe, 537 .strength_bits = 112, 538 .symmetric_bits = 168, 539 }, 540 { 541 .value = 0xc013, 542 .auth_nid = NID_auth_rsa, 543 .cipher_nid = NID_aes_128_cbc, 544 .digest_nid = NID_sha1, 545 .handshake_digest_nid = NID_sha256, 546 .kx_nid = NID_kx_ecdhe, 547 .strength_bits = 128, 548 .symmetric_bits = 128, 549 }, 550 { 551 .value = 0xc014, 552 .auth_nid = NID_auth_rsa, 553 .cipher_nid = NID_aes_256_cbc, 554 .digest_nid = NID_sha1, 555 .handshake_digest_nid = NID_sha256, 556 .kx_nid = NID_kx_ecdhe, 557 .strength_bits = 256, 558 .symmetric_bits = 256, 559 }, 560 { 561 .value = 0xc016, 562 .auth_nid = NID_auth_null, 563 .cipher_nid = NID_rc4, 564 .digest_nid = NID_sha1, 565 .handshake_digest_nid = NID_sha256, 566 .kx_nid = NID_kx_ecdhe, 567 .strength_bits = 128, 568 .symmetric_bits = 128, 569 }, 570 { 571 .value = 0xc017, 572 .auth_nid = NID_auth_null, 573 .cipher_nid = NID_des_ede3_cbc, 574 .digest_nid = NID_sha1, 575 .handshake_digest_nid = NID_sha256, 576 .kx_nid = NID_kx_ecdhe, 577 .strength_bits = 112, 578 .symmetric_bits = 168, 579 }, 580 { 581 .value = 0xc018, 582 .auth_nid = NID_auth_null, 583 .cipher_nid = NID_aes_128_cbc, 584 .digest_nid = NID_sha1, 585 .handshake_digest_nid = NID_sha256, 586 .kx_nid = NID_kx_ecdhe, 587 .strength_bits = 128, 588 .symmetric_bits = 128, 589 }, 590 { 591 .value = 0xc019, 592 .auth_nid = NID_auth_null, 593 .cipher_nid = NID_aes_256_cbc, 594 .digest_nid = NID_sha1, 595 .handshake_digest_nid = NID_sha256, 596 .kx_nid = NID_kx_ecdhe, 597 .strength_bits = 256, 598 .symmetric_bits = 256, 599 }, 600 { 601 .value = 0xc023, 602 .auth_nid = NID_auth_ecdsa, 603 .cipher_nid = NID_aes_128_cbc, 604 .digest_nid = NID_sha256, 605 .handshake_digest_nid = NID_sha256, 606 .kx_nid = NID_kx_ecdhe, 607 .strength_bits = 128, 608 .symmetric_bits = 128, 609 }, 610 { 611 .value = 0xc024, 612 .auth_nid = NID_auth_ecdsa, 613 .cipher_nid = NID_aes_256_cbc, 614 .digest_nid = NID_sha384, 615 .handshake_digest_nid = NID_sha384, 616 .kx_nid = NID_kx_ecdhe, 617 .strength_bits = 256, 618 .symmetric_bits = 256, 619 }, 620 { 621 .value = 0xc027, 622 .auth_nid = NID_auth_rsa, 623 .cipher_nid = NID_aes_128_cbc, 624 .digest_nid = NID_sha256, 625 .handshake_digest_nid = NID_sha256, 626 .kx_nid = NID_kx_ecdhe, 627 .strength_bits = 128, 628 .symmetric_bits = 128, 629 }, 630 { 631 .value = 0xc028, 632 .auth_nid = NID_auth_rsa, 633 .cipher_nid = NID_aes_256_cbc, 634 .digest_nid = NID_sha384, 635 .handshake_digest_nid = NID_sha384, 636 .kx_nid = NID_kx_ecdhe, 637 .strength_bits = 256, 638 .symmetric_bits = 256, 639 }, 640 { 641 .value = 0xc02b, 642 .auth_nid = NID_auth_ecdsa, 643 .cipher_nid = NID_aes_128_gcm, 644 .digest_nid = NID_undef, 645 .handshake_digest_nid = NID_sha256, 646 .kx_nid = NID_kx_ecdhe, 647 .strength_bits = 128, 648 .symmetric_bits = 128, 649 .is_aead = 1, 650 }, 651 { 652 .value = 0xc02c, 653 .auth_nid = NID_auth_ecdsa, 654 .cipher_nid = NID_aes_256_gcm, 655 .digest_nid = NID_undef, 656 .handshake_digest_nid = NID_sha384, 657 .kx_nid = NID_kx_ecdhe, 658 .strength_bits = 256, 659 .symmetric_bits = 256, 660 .is_aead = 1, 661 }, 662 { 663 .value = 0xc02f, 664 .auth_nid = NID_auth_rsa, 665 .cipher_nid = NID_aes_128_gcm, 666 .digest_nid = NID_undef, 667 .handshake_digest_nid = NID_sha256, 668 .kx_nid = NID_kx_ecdhe, 669 .strength_bits = 128, 670 .symmetric_bits = 128, 671 .is_aead = 1, 672 }, 673 { 674 .value = 0xc030, 675 .auth_nid = NID_auth_rsa, 676 .cipher_nid = NID_aes_256_gcm, 677 .digest_nid = NID_undef, 678 .handshake_digest_nid = NID_sha384, 679 .kx_nid = NID_kx_ecdhe, 680 .strength_bits = 256, 681 .symmetric_bits = 256, 682 .is_aead = 1, 683 }, 684 { 685 .value = 0xcca8, 686 .auth_nid = NID_auth_rsa, 687 .cipher_nid = NID_chacha20_poly1305, 688 .digest_nid = NID_undef, 689 .handshake_digest_nid = NID_sha256, 690 .kx_nid = NID_kx_ecdhe, 691 .strength_bits = 256, 692 .symmetric_bits = 256, 693 .is_aead = 1, 694 }, 695 { 696 .value = 0xcca9, 697 .auth_nid = NID_auth_ecdsa, 698 .cipher_nid = NID_chacha20_poly1305, 699 .digest_nid = NID_undef, 700 .handshake_digest_nid = NID_sha256, 701 .kx_nid = NID_kx_ecdhe, 702 .strength_bits = 256, 703 .symmetric_bits = 256, 704 .is_aead = 1, 705 }, 706 { 707 .value = 0xccaa, 708 .auth_nid = NID_auth_rsa, 709 .cipher_nid = NID_chacha20_poly1305, 710 .digest_nid = NID_undef, 711 .handshake_digest_nid = NID_sha256, 712 .kx_nid = NID_kx_dhe, 713 .strength_bits = 256, 714 .symmetric_bits = 256, 715 .is_aead = 1, 716 }, 717 }; 718 719 #define N_SSL_CIPHER_TESTS (sizeof(ssl_cipher_tests) / sizeof(ssl_cipher_tests[0])) 720 721 static int 722 test_ssl_ciphers(void) 723 { 724 int i, strength_bits, symmetric_bits; 725 const struct ssl_cipher_test *sct; 726 STACK_OF(SSL_CIPHER) *ciphers; 727 const SSL_CIPHER *cipher; 728 const EVP_MD *digest; 729 unsigned char buf[2]; 730 const char *description; 731 char desc_buf[256]; 732 SSL_CTX *ssl_ctx = NULL; 733 SSL *ssl = NULL; 734 size_t j; 735 int ret = 1; 736 737 if ((ssl_ctx = SSL_CTX_new(TLS_method())) == NULL) { 738 fprintf(stderr, "SSL_CTX_new() returned NULL\n"); 739 goto failure; 740 } 741 if ((ssl = SSL_new(ssl_ctx)) == NULL) { 742 fprintf(stderr, "SSL_new() returned NULL\n"); 743 goto failure; 744 } 745 if (!SSL_set_cipher_list(ssl, "ALL")) { 746 fprintf(stderr, "SSL_set_cipher_list failed\n"); 747 goto failure; 748 } 749 750 if ((ciphers = SSL_get_ciphers(ssl)) == NULL) { 751 fprintf(stderr, "no ciphers\n"); 752 goto failure; 753 } 754 755 if (sk_SSL_CIPHER_num(ciphers) != N_SSL_CIPHER_TESTS) { 756 fprintf(stderr, "number of ciphers mismatch (%d != %zu)\n", 757 sk_SSL_CIPHER_num(ciphers), N_SSL_CIPHER_TESTS); 758 goto failure; 759 } 760 761 for (i = 0; i < sk_SSL_CIPHER_num(ciphers); i++) { 762 uint16_t cipher_value; 763 764 cipher = sk_SSL_CIPHER_value(ciphers, i); 765 cipher_value = SSL_CIPHER_get_value(cipher); 766 767 buf[0] = cipher_value >> 8; 768 buf[1] = cipher_value & 0xff; 769 770 if ((cipher = SSL_CIPHER_find(ssl, buf)) == NULL) { 771 fprintf(stderr, "SSL_CIPHER_find() returned NULL for %s\n", 772 SSL_CIPHER_get_name(cipher)); 773 goto failure; 774 } 775 if (SSL_CIPHER_get_value(cipher) != cipher_value) { 776 fprintf(stderr, "got cipher with value 0x%04x, want 0x%04x\n", 777 SSL_CIPHER_get_value(cipher), cipher_value); 778 goto failure; 779 } 780 if (SSL_CIPHER_get_id(cipher) != (0x03000000UL | cipher_value)) { 781 fprintf(stderr, "got cipher id 0x%08lx, want 0x%08lx\n", 782 SSL_CIPHER_get_id(cipher), (0x03000000UL | cipher_value)); 783 goto failure; 784 } 785 786 sct = NULL; 787 for (j = 0; j < N_SSL_CIPHER_TESTS; j++) { 788 if (ssl_cipher_tests[j].value == cipher_value) { 789 sct = &ssl_cipher_tests[j]; 790 break; 791 } 792 } 793 if (sct == NULL) { 794 fprintf(stderr, "cipher '%s' (0x%04x) not found in test " 795 "table\n", SSL_CIPHER_get_name(cipher), cipher_value); 796 goto failure; 797 } 798 799 if (SSL_CIPHER_get_auth_nid(cipher) != sct->auth_nid) { 800 fprintf(stderr, "cipher '%s' (0x%04x) - got auth nid %d, " 801 "want %d\n", SSL_CIPHER_get_name(cipher), cipher_value, 802 SSL_CIPHER_get_auth_nid(cipher), sct->auth_nid); 803 goto failure; 804 } 805 if (SSL_CIPHER_get_cipher_nid(cipher) != sct->cipher_nid) { 806 fprintf(stderr, "cipher '%s' (0x%04x) - got cipher nid %d, " 807 "want %d\n", SSL_CIPHER_get_name(cipher), cipher_value, 808 SSL_CIPHER_get_cipher_nid(cipher), sct->cipher_nid); 809 goto failure; 810 } 811 if (SSL_CIPHER_get_digest_nid(cipher) != sct->digest_nid) { 812 fprintf(stderr, "cipher '%s' (0x%04x) - got digest nid %d, " 813 "want %d\n", SSL_CIPHER_get_name(cipher), cipher_value, 814 SSL_CIPHER_get_digest_nid(cipher), sct->digest_nid); 815 goto failure; 816 } 817 if (SSL_CIPHER_get_kx_nid(cipher) != sct->kx_nid) { 818 fprintf(stderr, "cipher '%s' (0x%04x) - got kx nid %d, " 819 "want %d\n", SSL_CIPHER_get_name(cipher), cipher_value, 820 SSL_CIPHER_get_kx_nid(cipher), sct->kx_nid); 821 goto failure; 822 } 823 824 /* Having API consistency is a wonderful thing... */ 825 digest = SSL_CIPHER_get_handshake_digest(cipher); 826 if (EVP_MD_nid(digest) != sct->handshake_digest_nid) { 827 fprintf(stderr, "cipher '%s' (0x%04x) - got handshake " 828 "digest nid %d, want %d\n", SSL_CIPHER_get_name(cipher), 829 cipher_value, EVP_MD_nid(digest), sct->handshake_digest_nid); 830 goto failure; 831 } 832 833 strength_bits = SSL_CIPHER_get_bits(cipher, &symmetric_bits); 834 if (strength_bits != sct->strength_bits) { 835 fprintf(stderr, "cipher '%s' (0x%04x) - got strength bits " 836 "%d, want %d\n", SSL_CIPHER_get_name(cipher), 837 cipher_value, strength_bits, sct->strength_bits); 838 goto failure; 839 } 840 if (symmetric_bits != sct->symmetric_bits) { 841 fprintf(stderr, "cipher '%s' (0x%04x) - got symmetric bits " 842 "%d, want %d\n", SSL_CIPHER_get_name(cipher), 843 cipher_value, symmetric_bits, sct->symmetric_bits); 844 goto failure; 845 } 846 if (SSL_CIPHER_is_aead(cipher) != sct->is_aead) { 847 fprintf(stderr, "cipher '%s' (0x%04x) - got is aead %d, " 848 "want %d\n", SSL_CIPHER_get_name(cipher), cipher_value, 849 SSL_CIPHER_is_aead(cipher), sct->is_aead); 850 goto failure; 851 } 852 853 if ((description = SSL_CIPHER_description(cipher, desc_buf, 854 sizeof(desc_buf))) != desc_buf) { 855 fprintf(stderr, "cipher '%s' (0x%04x) - failed to get " 856 "description\n", SSL_CIPHER_get_name(cipher), cipher_value); 857 goto failure; 858 } 859 } 860 861 ret = 0; 862 863 failure: 864 SSL_CTX_free(ssl_ctx); 865 SSL_free(ssl); 866 867 return (ret); 868 } 869 870 struct parse_ciphersuites_test { 871 const char *str; 872 const int want; 873 const unsigned long cids[32]; 874 }; 875 876 struct parse_ciphersuites_test parse_ciphersuites_tests[] = { 877 { 878 /* LibreSSL names. */ 879 .str = "AEAD-AES256-GCM-SHA384:AEAD-CHACHA20-POLY1305-SHA256:AEAD-AES128-GCM-SHA256", 880 .want = 1, 881 .cids = { 882 TLS1_3_CK_AES_256_GCM_SHA384, 883 TLS1_3_CK_CHACHA20_POLY1305_SHA256, 884 TLS1_3_CK_AES_128_GCM_SHA256, 885 }, 886 }, 887 { 888 /* OpenSSL names. */ 889 .str = "TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256", 890 .want = 1, 891 .cids = { 892 TLS1_3_CK_AES_256_GCM_SHA384, 893 TLS1_3_CK_CHACHA20_POLY1305_SHA256, 894 TLS1_3_CK_AES_128_GCM_SHA256, 895 }, 896 }, 897 { 898 /* Different priority order. */ 899 .str = "AEAD-AES128-GCM-SHA256:AEAD-AES256-GCM-SHA384:AEAD-CHACHA20-POLY1305-SHA256", 900 .want = 1, 901 .cids = { 902 TLS1_3_CK_AES_128_GCM_SHA256, 903 TLS1_3_CK_AES_256_GCM_SHA384, 904 TLS1_3_CK_CHACHA20_POLY1305_SHA256, 905 }, 906 }, 907 { 908 /* Known but unsupported names. */ 909 .str = "AEAD-AES256-GCM-SHA384:AEAD-AES128-CCM-SHA256:AEAD-AES128-CCM-8-SHA256", 910 .want = 1, 911 .cids = { 912 TLS1_3_CK_AES_256_GCM_SHA384, 913 }, 914 }, 915 { 916 /* Empty string means no TLSv1.3 ciphersuites. */ 917 .str = "", 918 .want = 1, 919 .cids = { 0 }, 920 }, 921 { 922 .str = "TLS_CHACHA20_POLY1305_SHA256:TLS_NOT_A_CIPHERSUITE", 923 .want = 0, 924 }, 925 { 926 .str = "TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256,TLS_AES_128_GCM_SHA256", 927 .want = 0, 928 }, 929 }; 930 931 #define N_PARSE_CIPHERSUITES_TESTS \ 932 (sizeof(parse_ciphersuites_tests) / sizeof(*parse_ciphersuites_tests)) 933 934 static int 935 parse_ciphersuites_test(void) 936 { 937 struct parse_ciphersuites_test *pct; 938 STACK_OF(SSL_CIPHER) *ciphers = NULL; 939 SSL_CIPHER *cipher; 940 int failed = 1; 941 int j, ret; 942 size_t i; 943 944 for (i = 0; i < N_PARSE_CIPHERSUITES_TESTS; i++) { 945 pct = &parse_ciphersuites_tests[i]; 946 947 ret = ssl_parse_ciphersuites(&ciphers, pct->str); 948 if (ret != pct->want) { 949 fprintf(stderr, "FAIL: test %zu - " 950 "ssl_parse_ciphersuites returned %d, want %d\n", 951 i, ret, pct->want); 952 goto failed; 953 } 954 if (ret == 0) 955 continue; 956 957 for (j = 0; j < sk_SSL_CIPHER_num(ciphers); j++) { 958 cipher = sk_SSL_CIPHER_value(ciphers, j); 959 if (SSL_CIPHER_get_id(cipher) == pct->cids[j]) 960 continue; 961 fprintf(stderr, "FAIL: test %zu - got cipher %d with " 962 "id %lx, want %lx\n", i, j, 963 SSL_CIPHER_get_id(cipher), pct->cids[j]); 964 goto failed; 965 } 966 if (pct->cids[j] != 0) { 967 fprintf(stderr, "FAIL: test %zu - got %d ciphers, " 968 "expected more", i, sk_SSL_CIPHER_num(ciphers)); 969 goto failed; 970 } 971 } 972 973 failed = 0; 974 975 failed: 976 sk_SSL_CIPHER_free(ciphers); 977 978 return failed; 979 } 980 981 struct cipher_set_test { 982 int ctx_ciphersuites_first; 983 const char *ctx_ciphersuites; 984 const char *ctx_rulestr; 985 int ssl_ciphersuites_first; 986 const char *ssl_ciphersuites; 987 const char *ssl_rulestr; 988 int cids_aes_accel_fixup; 989 unsigned long cids[32]; 990 }; 991 992 struct cipher_set_test cipher_set_tests[] = { 993 { 994 .ctx_rulestr = "TLSv1.2+ECDHE+AEAD+AES", 995 .cids_aes_accel_fixup = 1, 996 .cids = { 997 TLS1_3_CK_AES_256_GCM_SHA384, 998 TLS1_3_CK_CHACHA20_POLY1305_SHA256, 999 TLS1_3_CK_AES_128_GCM_SHA256, 1000 TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384, 1001 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, 1002 TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 1003 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 1004 }, 1005 }, 1006 { 1007 .ssl_rulestr = "TLSv1.2+ECDHE+AEAD+AES", 1008 .cids_aes_accel_fixup = 1, 1009 .cids = { 1010 TLS1_3_CK_AES_256_GCM_SHA384, 1011 TLS1_3_CK_CHACHA20_POLY1305_SHA256, 1012 TLS1_3_CK_AES_128_GCM_SHA256, 1013 TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384, 1014 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, 1015 TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 1016 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 1017 }, 1018 }, 1019 { 1020 .ctx_ciphersuites_first = 1, 1021 .ctx_ciphersuites = "AEAD-AES256-GCM-SHA384:AEAD-CHACHA20-POLY1305-SHA256", 1022 .ctx_rulestr = "TLSv1.2+ECDHE+AEAD+AES", 1023 .cids = { 1024 TLS1_3_CK_AES_256_GCM_SHA384, 1025 TLS1_3_CK_CHACHA20_POLY1305_SHA256, 1026 TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384, 1027 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, 1028 TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 1029 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 1030 }, 1031 }, 1032 { 1033 .ssl_ciphersuites_first = 1, 1034 .ssl_ciphersuites = "AEAD-AES256-GCM-SHA384:AEAD-CHACHA20-POLY1305-SHA256", 1035 .ssl_rulestr = "TLSv1.2+ECDHE+AEAD+AES", 1036 .cids = { 1037 TLS1_3_CK_AES_256_GCM_SHA384, 1038 TLS1_3_CK_CHACHA20_POLY1305_SHA256, 1039 TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384, 1040 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, 1041 TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 1042 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 1043 }, 1044 }, 1045 { 1046 .ctx_ciphersuites_first = 0, 1047 .ctx_ciphersuites = "AEAD-AES256-GCM-SHA384:AEAD-CHACHA20-POLY1305-SHA256", 1048 .ctx_rulestr = "TLSv1.2+ECDHE+AEAD+AES", 1049 .cids = { 1050 TLS1_3_CK_AES_256_GCM_SHA384, 1051 TLS1_3_CK_CHACHA20_POLY1305_SHA256, 1052 TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384, 1053 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, 1054 TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 1055 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 1056 }, 1057 }, 1058 { 1059 .ssl_ciphersuites_first = 0, 1060 .ssl_ciphersuites = "AEAD-AES256-GCM-SHA384:AEAD-CHACHA20-POLY1305-SHA256", 1061 .ssl_rulestr = "TLSv1.2+ECDHE+AEAD+AES", 1062 .cids = { 1063 TLS1_3_CK_AES_256_GCM_SHA384, 1064 TLS1_3_CK_CHACHA20_POLY1305_SHA256, 1065 TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384, 1066 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, 1067 TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 1068 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 1069 }, 1070 }, 1071 { 1072 .ssl_ciphersuites_first = 1, 1073 .ssl_ciphersuites = "", 1074 .ssl_rulestr = "TLSv1.2+ECDHE+AEAD+AES", 1075 .cids = { 1076 TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384, 1077 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, 1078 TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 1079 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 1080 }, 1081 }, 1082 { 1083 .ssl_ciphersuites_first = 0, 1084 .ssl_ciphersuites = "", 1085 .ssl_rulestr = "TLSv1.2+ECDHE+AEAD+AES", 1086 .cids = { 1087 TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384, 1088 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, 1089 TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 1090 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 1091 }, 1092 }, 1093 { 1094 .ctx_ciphersuites = "AEAD-AES256-GCM-SHA384:AEAD-CHACHA20-POLY1305-SHA256", 1095 .ssl_rulestr = "TLSv1.2+ECDHE+AEAD+AES", 1096 .cids = { 1097 TLS1_3_CK_AES_256_GCM_SHA384, 1098 TLS1_3_CK_CHACHA20_POLY1305_SHA256, 1099 TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384, 1100 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, 1101 TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 1102 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 1103 }, 1104 }, 1105 { 1106 .ctx_rulestr = "TLSv1.2+ECDHE+AEAD+AES", 1107 .ssl_ciphersuites = "AEAD-AES256-GCM-SHA384:AEAD-CHACHA20-POLY1305-SHA256", 1108 .cids = { 1109 TLS1_3_CK_AES_256_GCM_SHA384, 1110 TLS1_3_CK_CHACHA20_POLY1305_SHA256, 1111 TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384, 1112 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, 1113 TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 1114 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 1115 }, 1116 }, 1117 }; 1118 1119 #define N_CIPHER_SET_TESTS \ 1120 (sizeof(cipher_set_tests) / sizeof(*cipher_set_tests)) 1121 1122 static int 1123 cipher_set_test(void) 1124 { 1125 struct cipher_set_test *cst; 1126 STACK_OF(SSL_CIPHER) *ciphers = NULL; 1127 SSL_CIPHER *cipher; 1128 SSL_CTX *ctx = NULL; 1129 SSL *ssl = NULL; 1130 int failed = 0; 1131 size_t i; 1132 int j; 1133 1134 for (i = 0; i < N_CIPHER_SET_TESTS; i++) { 1135 cst = &cipher_set_tests[i]; 1136 1137 if (!ssl_aes_is_accelerated() && cst->cids_aes_accel_fixup) { 1138 cst->cids[0] = TLS1_3_CK_CHACHA20_POLY1305_SHA256; 1139 cst->cids[1] = TLS1_3_CK_AES_256_GCM_SHA384; 1140 } 1141 1142 if ((ctx = SSL_CTX_new(TLS_method())) == NULL) 1143 errx(1, "SSL_CTX_new"); 1144 1145 if (cst->ctx_ciphersuites_first && cst->ctx_ciphersuites != NULL) { 1146 if (!SSL_CTX_set_ciphersuites(ctx, cst->ctx_ciphersuites)) 1147 errx(1, "SSL_CTX_set_ciphersuites"); 1148 } 1149 if (cst->ctx_rulestr != NULL) { 1150 if (!SSL_CTX_set_cipher_list(ctx, cst->ctx_rulestr)) 1151 errx(1, "SSL_CTX_set_cipher_list"); 1152 } 1153 if (!cst->ctx_ciphersuites_first && cst->ctx_ciphersuites != NULL) { 1154 if (!SSL_CTX_set_ciphersuites(ctx, cst->ctx_ciphersuites)) 1155 errx(1, "SSL_CTX_set_ciphersuites"); 1156 } 1157 1158 /* XXX - check SSL_CTX_get_ciphers(ctx) */ 1159 1160 if ((ssl = SSL_new(ctx)) == NULL) 1161 errx(1, "SSL_new"); 1162 1163 if (cst->ssl_ciphersuites_first && cst->ssl_ciphersuites != NULL) { 1164 if (!SSL_set_ciphersuites(ssl, cst->ssl_ciphersuites)) 1165 errx(1, "SSL_set_ciphersuites"); 1166 } 1167 if (cst->ssl_rulestr != NULL) { 1168 if (!SSL_set_cipher_list(ssl, cst->ssl_rulestr)) 1169 errx(1, "SSL_set_cipher_list"); 1170 } 1171 if (!cst->ssl_ciphersuites_first && cst->ssl_ciphersuites != NULL) { 1172 if (!SSL_set_ciphersuites(ssl, cst->ssl_ciphersuites)) 1173 errx(1, "SSL_set_ciphersuites"); 1174 } 1175 1176 ciphers = SSL_get_ciphers(ssl); 1177 1178 for (j = 0; j < sk_SSL_CIPHER_num(ciphers); j++) { 1179 cipher = sk_SSL_CIPHER_value(ciphers, j); 1180 if (SSL_CIPHER_get_id(cipher) == cst->cids[j]) 1181 continue; 1182 fprintf(stderr, "FAIL: test %zu - got cipher %d with " 1183 "id %lx, want %lx\n", i, j, 1184 SSL_CIPHER_get_id(cipher), cst->cids[j]); 1185 failed |= 1; 1186 } 1187 if (cst->cids[j] != 0) { 1188 fprintf(stderr, "FAIL: test %zu - got %d ciphers, " 1189 "expected more", i, sk_SSL_CIPHER_num(ciphers)); 1190 failed |= 1; 1191 } 1192 1193 SSL_CTX_free(ctx); 1194 SSL_free(ssl); 1195 } 1196 1197 return failed; 1198 } 1199 1200 int 1201 main(int argc, char **argv) 1202 { 1203 int failed = 0; 1204 1205 failed |= check_cipher_order(); 1206 1207 failed |= test_ssl_ciphers(); 1208 1209 failed |= parse_ciphersuites_test(); 1210 failed |= cipher_set_test(); 1211 1212 return (failed); 1213 } 1214