summaryrefslogtreecommitdiff
path: root/src/regress/lib/libssl/ciphers
diff options
context:
space:
mode:
authorcvs2svn <admin@example.com>2025-04-14 17:32:06 +0000
committercvs2svn <admin@example.com>2025-04-14 17:32:06 +0000
commitb1ddde874c215cc8891531ed92876f091b7eb83e (patch)
treeedb6da6af7e865d488dc1a29309f1e1ec226e603 /src/regress/lib/libssl/ciphers
parentf0a36529837a161734c802ae4c42e84e42347be2 (diff)
downloadopenbsd-tb_20250414.tar.gz
openbsd-tb_20250414.tar.bz2
openbsd-tb_20250414.zip
This commit was manufactured by cvs2git to create tag 'tb_20250414'.tb_20250414
Diffstat (limited to 'src/regress/lib/libssl/ciphers')
-rw-r--r--src/regress/lib/libssl/ciphers/Makefile9
-rw-r--r--src/regress/lib/libssl/ciphers/cipherstest.c1209
2 files changed, 0 insertions, 1218 deletions
diff --git a/src/regress/lib/libssl/ciphers/Makefile b/src/regress/lib/libssl/ciphers/Makefile
deleted file mode 100644
index 2575db4df4..0000000000
--- a/src/regress/lib/libssl/ciphers/Makefile
+++ /dev/null
@@ -1,9 +0,0 @@
1# $OpenBSD: Makefile,v 1.2 2020/09/13 16:51:30 jsing Exp $
2
3PROG= cipherstest
4LDADD= ${SSL_INT} -lcrypto
5DPADD= ${LIBSSL} ${LIBCRYPTO}
6WARNINGS= Yes
7CFLAGS+= -DLIBRESSL_INTERNAL -Werror
8
9.include <bsd.regress.mk>
diff --git a/src/regress/lib/libssl/ciphers/cipherstest.c b/src/regress/lib/libssl/ciphers/cipherstest.c
deleted file mode 100644
index 1df335f9f2..0000000000
--- a/src/regress/lib/libssl/ciphers/cipherstest.c
+++ /dev/null
@@ -1,1209 +0,0 @@
1/*
2 * Copyright (c) 2015, 2020 Joel Sing <jsing@openbsd.org>
3 *
4 * Permission to use, copy, modify, and distribute this software for any
5 * purpose with or without fee is hereby granted, provided that the above
6 * copyright notice and this permission notice appear in all copies.
7 *
8 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
9 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
10 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
11 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
12 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
13 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
14 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
15 */
16
17#include <openssl/evp.h>
18#include <openssl/objects.h>
19#include <openssl/ssl.h>
20
21#include <err.h>
22#include <stdio.h>
23#include <string.h>
24
25int ssl3_num_ciphers(void);
26const SSL_CIPHER *ssl3_get_cipher_by_index(int idx);
27
28int ssl_parse_ciphersuites(STACK_OF(SSL_CIPHER) **out_ciphers, const char *str);
29
30static inline int
31ssl_aes_is_accelerated(void)
32{
33 return (OPENSSL_cpu_caps() & CRYPTO_CPU_CAPS_ACCELERATED_AES) != 0;
34}
35
36static int
37check_cipher_order(void)
38{
39 unsigned long id, prev_id = 0;
40 const SSL_CIPHER *cipher;
41 int num_ciphers;
42 int i;
43
44 num_ciphers = ssl3_num_ciphers();
45
46 for (i = 0; i < num_ciphers; i++) {
47 if ((cipher = ssl3_get_cipher_by_index(i)) == NULL) {
48 fprintf(stderr, "FAIL: ssl3_get_cipher(%d) returned "
49 "NULL\n", i);
50 return 1;
51 }
52 if ((id = SSL_CIPHER_get_id(cipher)) <= prev_id) {
53 fprintf(stderr, "FAIL: ssl3_ciphers is not sorted by "
54 "id - cipher %d (%lx) <= cipher %d (%lx)\n",
55 i, id, i - 1, prev_id);
56 return 1;
57 }
58 prev_id = id;
59 }
60
61 return 0;
62}
63
64struct ssl_cipher_test {
65 uint16_t value;
66 int auth_nid;
67 int cipher_nid;
68 int digest_nid;
69 int handshake_digest_nid;
70 int kx_nid;
71 int strength_bits;
72 int symmetric_bits;
73 int is_aead;
74};
75
76static const struct ssl_cipher_test ssl_cipher_tests[] = {
77 {
78 .value = 0x0004,
79 .auth_nid = NID_auth_rsa,
80 .cipher_nid = NID_rc4,
81 .digest_nid = NID_md5,
82 .handshake_digest_nid = NID_sha256,
83 .kx_nid = NID_kx_rsa,
84 .strength_bits = 128,
85 .symmetric_bits = 128,
86 },
87 {
88 .value = 0x0005,
89 .auth_nid = NID_auth_rsa,
90 .cipher_nid = NID_rc4,
91 .digest_nid = NID_sha1,
92 .handshake_digest_nid = NID_sha256,
93 .kx_nid = NID_kx_rsa,
94 .strength_bits = 128,
95 .symmetric_bits = 128,
96 },
97 {
98 .value = 0x000a,
99 .auth_nid = NID_auth_rsa,
100 .cipher_nid = NID_des_ede3_cbc,
101 .digest_nid = NID_sha1,
102 .handshake_digest_nid = NID_sha256,
103 .kx_nid = NID_kx_rsa,
104 .strength_bits = 112,
105 .symmetric_bits = 168,
106 },
107 {
108 .value = 0x0016,
109 .auth_nid = NID_auth_rsa,
110 .cipher_nid = NID_des_ede3_cbc,
111 .digest_nid = NID_sha1,
112 .handshake_digest_nid = NID_sha256,
113 .kx_nid = NID_kx_dhe,
114 .strength_bits = 112,
115 .symmetric_bits = 168,
116 },
117 {
118 .value = 0x0018,
119 .auth_nid = NID_auth_null,
120 .cipher_nid = NID_rc4,
121 .digest_nid = NID_md5,
122 .handshake_digest_nid = NID_sha256,
123 .kx_nid = NID_kx_dhe,
124 .strength_bits = 128,
125 .symmetric_bits = 128,
126 },
127 {
128 .value = 0x001b,
129 .auth_nid = NID_auth_null,
130 .cipher_nid = NID_des_ede3_cbc,
131 .digest_nid = NID_sha1,
132 .handshake_digest_nid = NID_sha256,
133 .kx_nid = NID_kx_dhe,
134 .strength_bits = 112,
135 .symmetric_bits = 168,
136 },
137 {
138 .value = 0x002f,
139 .auth_nid = NID_auth_rsa,
140 .cipher_nid = NID_aes_128_cbc,
141 .digest_nid = NID_sha1,
142 .handshake_digest_nid = NID_sha256,
143 .kx_nid = NID_kx_rsa,
144 .strength_bits = 128,
145 .symmetric_bits = 128,
146 },
147 {
148 .value = 0x0033,
149 .auth_nid = NID_auth_rsa,
150 .cipher_nid = NID_aes_128_cbc,
151 .digest_nid = NID_sha1,
152 .handshake_digest_nid = NID_sha256,
153 .kx_nid = NID_kx_dhe,
154 .strength_bits = 128,
155 .symmetric_bits = 128,
156 },
157 {
158 .value = 0x0034,
159 .auth_nid = NID_auth_null,
160 .cipher_nid = NID_aes_128_cbc,
161 .digest_nid = NID_sha1,
162 .handshake_digest_nid = NID_sha256,
163 .kx_nid = NID_kx_dhe,
164 .strength_bits = 128,
165 .symmetric_bits = 128,
166 },
167 {
168 .value = 0x0035,
169 .auth_nid = NID_auth_rsa,
170 .cipher_nid = NID_aes_256_cbc,
171 .digest_nid = NID_sha1,
172 .handshake_digest_nid = NID_sha256,
173 .kx_nid = NID_kx_rsa,
174 .strength_bits = 256,
175 .symmetric_bits = 256,
176 },
177 {
178 .value = 0x0039,
179 .auth_nid = NID_auth_rsa,
180 .cipher_nid = NID_aes_256_cbc,
181 .digest_nid = NID_sha1,
182 .handshake_digest_nid = NID_sha256,
183 .kx_nid = NID_kx_dhe,
184 .strength_bits = 256,
185 .symmetric_bits = 256,
186 },
187 {
188 .value = 0x003a,
189 .auth_nid = NID_auth_null,
190 .cipher_nid = NID_aes_256_cbc,
191 .digest_nid = NID_sha1,
192 .handshake_digest_nid = NID_sha256,
193 .kx_nid = NID_kx_dhe,
194 .strength_bits = 256,
195 .symmetric_bits = 256,
196 },
197 {
198 .value = 0x003c,
199 .auth_nid = NID_auth_rsa,
200 .cipher_nid = NID_aes_128_cbc,
201 .digest_nid = NID_sha256,
202 .handshake_digest_nid = NID_sha256,
203 .kx_nid = NID_kx_rsa,
204 .strength_bits = 128,
205 .symmetric_bits = 128,
206 },
207 {
208 .value = 0x003d,
209 .auth_nid = NID_auth_rsa,
210 .cipher_nid = NID_aes_256_cbc,
211 .digest_nid = NID_sha256,
212 .handshake_digest_nid = NID_sha256,
213 .kx_nid = NID_kx_rsa,
214 .strength_bits = 256,
215 .symmetric_bits = 256,
216 },
217 {
218 .value = 0x0041,
219 .auth_nid = NID_auth_rsa,
220 .cipher_nid = NID_camellia_128_cbc,
221 .digest_nid = NID_sha1,
222 .handshake_digest_nid = NID_sha256,
223 .kx_nid = NID_kx_rsa,
224 .strength_bits = 128,
225 .symmetric_bits = 128,
226 },
227 {
228 .value = 0x0045,
229 .auth_nid = NID_auth_rsa,
230 .cipher_nid = NID_camellia_128_cbc,
231 .digest_nid = NID_sha1,
232 .handshake_digest_nid = NID_sha256,
233 .kx_nid = NID_kx_dhe,
234 .strength_bits = 128,
235 .symmetric_bits = 128,
236 },
237 {
238 .value = 0x0046,
239 .auth_nid = NID_auth_null,
240 .cipher_nid = NID_camellia_128_cbc,
241 .digest_nid = NID_sha1,
242 .handshake_digest_nid = NID_sha256,
243 .kx_nid = NID_kx_dhe,
244 .strength_bits = 128,
245 .symmetric_bits = 128,
246 },
247 {
248 .value = 0x0067,
249 .auth_nid = NID_auth_rsa,
250 .cipher_nid = NID_aes_128_cbc,
251 .digest_nid = NID_sha256,
252 .handshake_digest_nid = NID_sha256,
253 .kx_nid = NID_kx_dhe,
254 .strength_bits = 128,
255 .symmetric_bits = 128,
256 },
257 {
258 .value = 0x006b,
259 .auth_nid = NID_auth_rsa,
260 .cipher_nid = NID_aes_256_cbc,
261 .digest_nid = NID_sha256,
262 .handshake_digest_nid = NID_sha256,
263 .kx_nid = NID_kx_dhe,
264 .strength_bits = 256,
265 .symmetric_bits = 256,
266 },
267 {
268 .value = 0x006c,
269 .auth_nid = NID_auth_null,
270 .cipher_nid = NID_aes_128_cbc,
271 .digest_nid = NID_sha256,
272 .handshake_digest_nid = NID_sha256,
273 .kx_nid = NID_kx_dhe,
274 .strength_bits = 128,
275 .symmetric_bits = 128,
276 },
277 {
278 .value = 0x006d,
279 .auth_nid = NID_auth_null,
280 .cipher_nid = NID_aes_256_cbc,
281 .digest_nid = NID_sha256,
282 .handshake_digest_nid = NID_sha256,
283 .kx_nid = NID_kx_dhe,
284 .strength_bits = 256,
285 .symmetric_bits = 256,
286 },
287 {
288 .value = 0x0084,
289 .auth_nid = NID_auth_rsa,
290 .cipher_nid = NID_camellia_256_cbc,
291 .digest_nid = NID_sha1,
292 .handshake_digest_nid = NID_sha256,
293 .kx_nid = NID_kx_rsa,
294 .strength_bits = 256,
295 .symmetric_bits = 256,
296 },
297 {
298 .value = 0x0088,
299 .auth_nid = NID_auth_rsa,
300 .cipher_nid = NID_camellia_256_cbc,
301 .digest_nid = NID_sha1,
302 .handshake_digest_nid = NID_sha256,
303 .kx_nid = NID_kx_dhe,
304 .strength_bits = 256,
305 .symmetric_bits = 256,
306 },
307 {
308 .value = 0x0089,
309 .auth_nid = NID_auth_null,
310 .cipher_nid = NID_camellia_256_cbc,
311 .digest_nid = NID_sha1,
312 .handshake_digest_nid = NID_sha256,
313 .kx_nid = NID_kx_dhe,
314 .strength_bits = 256,
315 .symmetric_bits = 256,
316 },
317 {
318 .value = 0x009c,
319 .auth_nid = NID_auth_rsa,
320 .cipher_nid = NID_aes_128_gcm,
321 .digest_nid = NID_undef,
322 .handshake_digest_nid = NID_sha256,
323 .kx_nid = NID_kx_rsa,
324 .strength_bits = 128,
325 .symmetric_bits = 128,
326 .is_aead = 1,
327 },
328 {
329 .value = 0x009d,
330 .auth_nid = NID_auth_rsa,
331 .cipher_nid = NID_aes_256_gcm,
332 .digest_nid = NID_undef,
333 .handshake_digest_nid = NID_sha384,
334 .kx_nid = NID_kx_rsa,
335 .strength_bits = 256,
336 .symmetric_bits = 256,
337 .is_aead = 1,
338 },
339 {
340 .value = 0x009e,
341 .auth_nid = NID_auth_rsa,
342 .cipher_nid = NID_aes_128_gcm,
343 .digest_nid = NID_undef,
344 .handshake_digest_nid = NID_sha256,
345 .kx_nid = NID_kx_dhe,
346 .strength_bits = 128,
347 .symmetric_bits = 128,
348 .is_aead = 1,
349 },
350 {
351 .value = 0x009f,
352 .auth_nid = NID_auth_rsa,
353 .cipher_nid = NID_aes_256_gcm,
354 .digest_nid = NID_undef,
355 .handshake_digest_nid = NID_sha384,
356 .kx_nid = NID_kx_dhe,
357 .strength_bits = 256,
358 .symmetric_bits = 256,
359 .is_aead = 1,
360 },
361 {
362 .value = 0x00a6,
363 .auth_nid = NID_auth_null,
364 .cipher_nid = NID_aes_128_gcm,
365 .digest_nid = NID_undef,
366 .handshake_digest_nid = NID_sha256,
367 .kx_nid = NID_kx_dhe,
368 .strength_bits = 128,
369 .symmetric_bits = 128,
370 .is_aead = 1,
371 },
372 {
373 .value = 0x00a7,
374 .auth_nid = NID_auth_null,
375 .cipher_nid = NID_aes_256_gcm,
376 .digest_nid = NID_undef,
377 .handshake_digest_nid = NID_sha384,
378 .kx_nid = NID_kx_dhe,
379 .strength_bits = 256,
380 .symmetric_bits = 256,
381 .is_aead = 1,
382 },
383 {
384 .value = 0x00ba,
385 .auth_nid = NID_auth_rsa,
386 .cipher_nid = NID_camellia_128_cbc,
387 .digest_nid = NID_sha256,
388 .handshake_digest_nid = NID_sha256,
389 .kx_nid = NID_kx_rsa,
390 .strength_bits = 128,
391 .symmetric_bits = 128,
392 },
393 {
394 .value = 0x00be,
395 .auth_nid = NID_auth_rsa,
396 .cipher_nid = NID_camellia_128_cbc,
397 .digest_nid = NID_sha256,
398 .handshake_digest_nid = NID_sha256,
399 .kx_nid = NID_kx_dhe,
400 .strength_bits = 128,
401 .symmetric_bits = 128,
402 },
403 {
404 .value = 0x00bf,
405 .auth_nid = NID_auth_null,
406 .cipher_nid = NID_camellia_128_cbc,
407 .digest_nid = NID_sha256,
408 .handshake_digest_nid = NID_sha256,
409 .kx_nid = NID_kx_dhe,
410 .strength_bits = 128,
411 .symmetric_bits = 128,
412 },
413 {
414 .value = 0x00c0,
415 .auth_nid = NID_auth_rsa,
416 .cipher_nid = NID_camellia_256_cbc,
417 .digest_nid = NID_sha256,
418 .handshake_digest_nid = NID_sha256,
419 .kx_nid = NID_kx_rsa,
420 .strength_bits = 256,
421 .symmetric_bits = 256,
422 },
423 {
424 .value = 0x00c4,
425 .auth_nid = NID_auth_rsa,
426 .cipher_nid = NID_camellia_256_cbc,
427 .digest_nid = NID_sha256,
428 .handshake_digest_nid = NID_sha256,
429 .kx_nid = NID_kx_dhe,
430 .strength_bits = 256,
431 .symmetric_bits = 256,
432 },
433 {
434 .value = 0x00c5,
435 .auth_nid = NID_auth_null,
436 .cipher_nid = NID_camellia_256_cbc,
437 .digest_nid = NID_sha256,
438 .handshake_digest_nid = NID_sha256,
439 .kx_nid = NID_kx_dhe,
440 .strength_bits = 256,
441 .symmetric_bits = 256,
442 },
443 {
444 .value = 0x1301,
445 .auth_nid = NID_undef,
446 .cipher_nid = NID_aes_128_gcm,
447 .digest_nid = NID_undef,
448 .handshake_digest_nid = NID_sha256,
449 .kx_nid = NID_undef,
450 .strength_bits = 128,
451 .symmetric_bits = 128,
452 .is_aead = 1,
453 },
454 {
455 .value = 0x1302,
456 .auth_nid = NID_undef,
457 .cipher_nid = NID_aes_256_gcm,
458 .digest_nid = NID_undef,
459 .handshake_digest_nid = NID_sha384,
460 .kx_nid = NID_undef,
461 .strength_bits = 256,
462 .symmetric_bits = 256,
463 .is_aead = 1,
464 },
465 {
466 .value = 0x1303,
467 .auth_nid = NID_undef,
468 .cipher_nid = NID_chacha20_poly1305,
469 .digest_nid = NID_undef,
470 .handshake_digest_nid = NID_sha256,
471 .kx_nid = NID_undef,
472 .strength_bits = 256,
473 .symmetric_bits = 256,
474 .is_aead = 1,
475 },
476 {
477 .value = 0xc007,
478 .auth_nid = NID_auth_ecdsa,
479 .cipher_nid = NID_rc4,
480 .digest_nid = NID_sha1,
481 .handshake_digest_nid = NID_sha256,
482 .kx_nid = NID_kx_ecdhe,
483 .strength_bits = 128,
484 .symmetric_bits = 128,
485 },
486 {
487 .value = 0xc008,
488 .auth_nid = NID_auth_ecdsa,
489 .cipher_nid = NID_des_ede3_cbc,
490 .digest_nid = NID_sha1,
491 .handshake_digest_nid = NID_sha256,
492 .kx_nid = NID_kx_ecdhe,
493 .strength_bits = 112,
494 .symmetric_bits = 168,
495 },
496 {
497 .value = 0xc009,
498 .auth_nid = NID_auth_ecdsa,
499 .cipher_nid = NID_aes_128_cbc,
500 .digest_nid = NID_sha1,
501 .handshake_digest_nid = NID_sha256,
502 .kx_nid = NID_kx_ecdhe,
503 .strength_bits = 128,
504 .symmetric_bits = 128,
505 },
506 {
507 .value = 0xc00a,
508 .auth_nid = NID_auth_ecdsa,
509 .cipher_nid = NID_aes_256_cbc,
510 .digest_nid = NID_sha1,
511 .handshake_digest_nid = NID_sha256,
512 .kx_nid = NID_kx_ecdhe,
513 .strength_bits = 256,
514 .symmetric_bits = 256,
515 },
516 {
517 .value = 0xc011,
518 .auth_nid = NID_auth_rsa,
519 .cipher_nid = NID_rc4,
520 .digest_nid = NID_sha1,
521 .handshake_digest_nid = NID_sha256,
522 .kx_nid = NID_kx_ecdhe,
523 .strength_bits = 128,
524 .symmetric_bits = 128,
525 },
526 {
527 .value = 0xc012,
528 .auth_nid = NID_auth_rsa,
529 .cipher_nid = NID_des_ede3_cbc,
530 .digest_nid = NID_sha1,
531 .handshake_digest_nid = NID_sha256,
532 .kx_nid = NID_kx_ecdhe,
533 .strength_bits = 112,
534 .symmetric_bits = 168,
535 },
536 {
537 .value = 0xc013,
538 .auth_nid = NID_auth_rsa,
539 .cipher_nid = NID_aes_128_cbc,
540 .digest_nid = NID_sha1,
541 .handshake_digest_nid = NID_sha256,
542 .kx_nid = NID_kx_ecdhe,
543 .strength_bits = 128,
544 .symmetric_bits = 128,
545 },
546 {
547 .value = 0xc014,
548 .auth_nid = NID_auth_rsa,
549 .cipher_nid = NID_aes_256_cbc,
550 .digest_nid = NID_sha1,
551 .handshake_digest_nid = NID_sha256,
552 .kx_nid = NID_kx_ecdhe,
553 .strength_bits = 256,
554 .symmetric_bits = 256,
555 },
556 {
557 .value = 0xc016,
558 .auth_nid = NID_auth_null,
559 .cipher_nid = NID_rc4,
560 .digest_nid = NID_sha1,
561 .handshake_digest_nid = NID_sha256,
562 .kx_nid = NID_kx_ecdhe,
563 .strength_bits = 128,
564 .symmetric_bits = 128,
565 },
566 {
567 .value = 0xc017,
568 .auth_nid = NID_auth_null,
569 .cipher_nid = NID_des_ede3_cbc,
570 .digest_nid = NID_sha1,
571 .handshake_digest_nid = NID_sha256,
572 .kx_nid = NID_kx_ecdhe,
573 .strength_bits = 112,
574 .symmetric_bits = 168,
575 },
576 {
577 .value = 0xc018,
578 .auth_nid = NID_auth_null,
579 .cipher_nid = NID_aes_128_cbc,
580 .digest_nid = NID_sha1,
581 .handshake_digest_nid = NID_sha256,
582 .kx_nid = NID_kx_ecdhe,
583 .strength_bits = 128,
584 .symmetric_bits = 128,
585 },
586 {
587 .value = 0xc019,
588 .auth_nid = NID_auth_null,
589 .cipher_nid = NID_aes_256_cbc,
590 .digest_nid = NID_sha1,
591 .handshake_digest_nid = NID_sha256,
592 .kx_nid = NID_kx_ecdhe,
593 .strength_bits = 256,
594 .symmetric_bits = 256,
595 },
596 {
597 .value = 0xc023,
598 .auth_nid = NID_auth_ecdsa,
599 .cipher_nid = NID_aes_128_cbc,
600 .digest_nid = NID_sha256,
601 .handshake_digest_nid = NID_sha256,
602 .kx_nid = NID_kx_ecdhe,
603 .strength_bits = 128,
604 .symmetric_bits = 128,
605 },
606 {
607 .value = 0xc024,
608 .auth_nid = NID_auth_ecdsa,
609 .cipher_nid = NID_aes_256_cbc,
610 .digest_nid = NID_sha384,
611 .handshake_digest_nid = NID_sha384,
612 .kx_nid = NID_kx_ecdhe,
613 .strength_bits = 256,
614 .symmetric_bits = 256,
615 },
616 {
617 .value = 0xc027,
618 .auth_nid = NID_auth_rsa,
619 .cipher_nid = NID_aes_128_cbc,
620 .digest_nid = NID_sha256,
621 .handshake_digest_nid = NID_sha256,
622 .kx_nid = NID_kx_ecdhe,
623 .strength_bits = 128,
624 .symmetric_bits = 128,
625 },
626 {
627 .value = 0xc028,
628 .auth_nid = NID_auth_rsa,
629 .cipher_nid = NID_aes_256_cbc,
630 .digest_nid = NID_sha384,
631 .handshake_digest_nid = NID_sha384,
632 .kx_nid = NID_kx_ecdhe,
633 .strength_bits = 256,
634 .symmetric_bits = 256,
635 },
636 {
637 .value = 0xc02b,
638 .auth_nid = NID_auth_ecdsa,
639 .cipher_nid = NID_aes_128_gcm,
640 .digest_nid = NID_undef,
641 .handshake_digest_nid = NID_sha256,
642 .kx_nid = NID_kx_ecdhe,
643 .strength_bits = 128,
644 .symmetric_bits = 128,
645 .is_aead = 1,
646 },
647 {
648 .value = 0xc02c,
649 .auth_nid = NID_auth_ecdsa,
650 .cipher_nid = NID_aes_256_gcm,
651 .digest_nid = NID_undef,
652 .handshake_digest_nid = NID_sha384,
653 .kx_nid = NID_kx_ecdhe,
654 .strength_bits = 256,
655 .symmetric_bits = 256,
656 .is_aead = 1,
657 },
658 {
659 .value = 0xc02f,
660 .auth_nid = NID_auth_rsa,
661 .cipher_nid = NID_aes_128_gcm,
662 .digest_nid = NID_undef,
663 .handshake_digest_nid = NID_sha256,
664 .kx_nid = NID_kx_ecdhe,
665 .strength_bits = 128,
666 .symmetric_bits = 128,
667 .is_aead = 1,
668 },
669 {
670 .value = 0xc030,
671 .auth_nid = NID_auth_rsa,
672 .cipher_nid = NID_aes_256_gcm,
673 .digest_nid = NID_undef,
674 .handshake_digest_nid = NID_sha384,
675 .kx_nid = NID_kx_ecdhe,
676 .strength_bits = 256,
677 .symmetric_bits = 256,
678 .is_aead = 1,
679 },
680 {
681 .value = 0xcca8,
682 .auth_nid = NID_auth_rsa,
683 .cipher_nid = NID_chacha20_poly1305,
684 .digest_nid = NID_undef,
685 .handshake_digest_nid = NID_sha256,
686 .kx_nid = NID_kx_ecdhe,
687 .strength_bits = 256,
688 .symmetric_bits = 256,
689 .is_aead = 1,
690 },
691 {
692 .value = 0xcca9,
693 .auth_nid = NID_auth_ecdsa,
694 .cipher_nid = NID_chacha20_poly1305,
695 .digest_nid = NID_undef,
696 .handshake_digest_nid = NID_sha256,
697 .kx_nid = NID_kx_ecdhe,
698 .strength_bits = 256,
699 .symmetric_bits = 256,
700 .is_aead = 1,
701 },
702 {
703 .value = 0xccaa,
704 .auth_nid = NID_auth_rsa,
705 .cipher_nid = NID_chacha20_poly1305,
706 .digest_nid = NID_undef,
707 .handshake_digest_nid = NID_sha256,
708 .kx_nid = NID_kx_dhe,
709 .strength_bits = 256,
710 .symmetric_bits = 256,
711 .is_aead = 1,
712 },
713};
714
715#define N_SSL_CIPHER_TESTS (sizeof(ssl_cipher_tests) / sizeof(ssl_cipher_tests[0]))
716
717static int
718test_ssl_ciphers(void)
719{
720 int i, strength_bits, symmetric_bits;
721 const struct ssl_cipher_test *sct;
722 STACK_OF(SSL_CIPHER) *ciphers;
723 const SSL_CIPHER *cipher;
724 const EVP_MD *digest;
725 unsigned char buf[2];
726 const char *description;
727 char desc_buf[256];
728 SSL_CTX *ssl_ctx = NULL;
729 SSL *ssl = NULL;
730 size_t j;
731 int ret = 1;
732
733 if ((ssl_ctx = SSL_CTX_new(TLS_method())) == NULL) {
734 fprintf(stderr, "SSL_CTX_new() returned NULL\n");
735 goto failure;
736 }
737 if ((ssl = SSL_new(ssl_ctx)) == NULL) {
738 fprintf(stderr, "SSL_new() returned NULL\n");
739 goto failure;
740 }
741 if (!SSL_set_cipher_list(ssl, "ALL")) {
742 fprintf(stderr, "SSL_set_cipher_list failed\n");
743 goto failure;
744 }
745
746 if ((ciphers = SSL_get_ciphers(ssl)) == NULL) {
747 fprintf(stderr, "no ciphers\n");
748 goto failure;
749 }
750
751 if (sk_SSL_CIPHER_num(ciphers) != N_SSL_CIPHER_TESTS) {
752 fprintf(stderr, "number of ciphers mismatch (%d != %zu)\n",
753 sk_SSL_CIPHER_num(ciphers), N_SSL_CIPHER_TESTS);
754 goto failure;
755 }
756
757 for (i = 0; i < sk_SSL_CIPHER_num(ciphers); i++) {
758 uint16_t cipher_value;
759
760 cipher = sk_SSL_CIPHER_value(ciphers, i);
761 cipher_value = SSL_CIPHER_get_value(cipher);
762
763 buf[0] = cipher_value >> 8;
764 buf[1] = cipher_value & 0xff;
765
766 if ((cipher = SSL_CIPHER_find(ssl, buf)) == NULL) {
767 fprintf(stderr, "SSL_CIPHER_find() returned NULL for %s\n",
768 SSL_CIPHER_get_name(cipher));
769 goto failure;
770 }
771 if (SSL_CIPHER_get_value(cipher) != cipher_value) {
772 fprintf(stderr, "got cipher with value 0x%04x, want 0x%04x\n",
773 SSL_CIPHER_get_value(cipher), cipher_value);
774 goto failure;
775 }
776 if (SSL_CIPHER_get_id(cipher) != (0x03000000UL | cipher_value)) {
777 fprintf(stderr, "got cipher id 0x%08lx, want 0x%08lx\n",
778 SSL_CIPHER_get_id(cipher), (0x03000000UL | cipher_value));
779 goto failure;
780 }
781
782 sct = NULL;
783 for (j = 0; j < N_SSL_CIPHER_TESTS; j++) {
784 if (ssl_cipher_tests[j].value == cipher_value) {
785 sct = &ssl_cipher_tests[j];
786 break;
787 }
788 }
789 if (sct == NULL) {
790 fprintf(stderr, "cipher '%s' (0x%04x) not found in test "
791 "table\n", SSL_CIPHER_get_name(cipher), cipher_value);
792 goto failure;
793 }
794
795 if (SSL_CIPHER_get_auth_nid(cipher) != sct->auth_nid) {
796 fprintf(stderr, "cipher '%s' (0x%04x) - got auth nid %d, "
797 "want %d\n", SSL_CIPHER_get_name(cipher), cipher_value,
798 SSL_CIPHER_get_auth_nid(cipher), sct->auth_nid);
799 goto failure;
800 }
801 if (SSL_CIPHER_get_cipher_nid(cipher) != sct->cipher_nid) {
802 fprintf(stderr, "cipher '%s' (0x%04x) - got cipher nid %d, "
803 "want %d\n", SSL_CIPHER_get_name(cipher), cipher_value,
804 SSL_CIPHER_get_cipher_nid(cipher), sct->cipher_nid);
805 goto failure;
806 }
807 if (SSL_CIPHER_get_digest_nid(cipher) != sct->digest_nid) {
808 fprintf(stderr, "cipher '%s' (0x%04x) - got digest nid %d, "
809 "want %d\n", SSL_CIPHER_get_name(cipher), cipher_value,
810 SSL_CIPHER_get_digest_nid(cipher), sct->digest_nid);
811 goto failure;
812 }
813 if (SSL_CIPHER_get_kx_nid(cipher) != sct->kx_nid) {
814 fprintf(stderr, "cipher '%s' (0x%04x) - got kx nid %d, "
815 "want %d\n", SSL_CIPHER_get_name(cipher), cipher_value,
816 SSL_CIPHER_get_kx_nid(cipher), sct->kx_nid);
817 goto failure;
818 }
819
820 /* Having API consistency is a wonderful thing... */
821 digest = SSL_CIPHER_get_handshake_digest(cipher);
822 if (EVP_MD_nid(digest) != sct->handshake_digest_nid) {
823 fprintf(stderr, "cipher '%s' (0x%04x) - got handshake "
824 "digest nid %d, want %d\n", SSL_CIPHER_get_name(cipher),
825 cipher_value, EVP_MD_nid(digest), sct->handshake_digest_nid);
826 goto failure;
827 }
828
829 strength_bits = SSL_CIPHER_get_bits(cipher, &symmetric_bits);
830 if (strength_bits != sct->strength_bits) {
831 fprintf(stderr, "cipher '%s' (0x%04x) - got strength bits "
832 "%d, want %d\n", SSL_CIPHER_get_name(cipher),
833 cipher_value, strength_bits, sct->strength_bits);
834 goto failure;
835 }
836 if (symmetric_bits != sct->symmetric_bits) {
837 fprintf(stderr, "cipher '%s' (0x%04x) - got symmetric bits "
838 "%d, want %d\n", SSL_CIPHER_get_name(cipher),
839 cipher_value, symmetric_bits, sct->symmetric_bits);
840 goto failure;
841 }
842 if (SSL_CIPHER_is_aead(cipher) != sct->is_aead) {
843 fprintf(stderr, "cipher '%s' (0x%04x) - got is aead %d, "
844 "want %d\n", SSL_CIPHER_get_name(cipher), cipher_value,
845 SSL_CIPHER_is_aead(cipher), sct->is_aead);
846 goto failure;
847 }
848
849 if ((description = SSL_CIPHER_description(cipher, desc_buf,
850 sizeof(desc_buf))) != desc_buf) {
851 fprintf(stderr, "cipher '%s' (0x%04x) - failed to get "
852 "description\n", SSL_CIPHER_get_name(cipher), cipher_value);
853 goto failure;
854 }
855 }
856
857 ret = 0;
858
859 failure:
860 SSL_CTX_free(ssl_ctx);
861 SSL_free(ssl);
862
863 return (ret);
864}
865
866struct parse_ciphersuites_test {
867 const char *str;
868 const int want;
869 const unsigned long cids[32];
870};
871
872struct parse_ciphersuites_test parse_ciphersuites_tests[] = {
873 {
874 /* LibreSSL names. */
875 .str = "AEAD-AES256-GCM-SHA384:AEAD-CHACHA20-POLY1305-SHA256:AEAD-AES128-GCM-SHA256",
876 .want = 1,
877 .cids = {
878 TLS1_3_CK_AES_256_GCM_SHA384,
879 TLS1_3_CK_CHACHA20_POLY1305_SHA256,
880 TLS1_3_CK_AES_128_GCM_SHA256,
881 },
882 },
883 {
884 /* OpenSSL names. */
885 .str = "TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256",
886 .want = 1,
887 .cids = {
888 TLS1_3_CK_AES_256_GCM_SHA384,
889 TLS1_3_CK_CHACHA20_POLY1305_SHA256,
890 TLS1_3_CK_AES_128_GCM_SHA256,
891 },
892 },
893 {
894 /* Different priority order. */
895 .str = "AEAD-AES128-GCM-SHA256:AEAD-AES256-GCM-SHA384:AEAD-CHACHA20-POLY1305-SHA256",
896 .want = 1,
897 .cids = {
898 TLS1_3_CK_AES_128_GCM_SHA256,
899 TLS1_3_CK_AES_256_GCM_SHA384,
900 TLS1_3_CK_CHACHA20_POLY1305_SHA256,
901 },
902 },
903 {
904 /* Known but unsupported names. */
905 .str = "AEAD-AES256-GCM-SHA384:AEAD-AES128-CCM-SHA256:AEAD-AES128-CCM-8-SHA256",
906 .want = 1,
907 .cids = {
908 TLS1_3_CK_AES_256_GCM_SHA384,
909 },
910 },
911 {
912 /* Empty string means no TLSv1.3 ciphersuites. */
913 .str = "",
914 .want = 1,
915 .cids = { 0 },
916 },
917 {
918 .str = "TLS_CHACHA20_POLY1305_SHA256:TLS_NOT_A_CIPHERSUITE",
919 .want = 0,
920 },
921 {
922 .str = "TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256,TLS_AES_128_GCM_SHA256",
923 .want = 0,
924 },
925};
926
927#define N_PARSE_CIPHERSUITES_TESTS \
928 (sizeof(parse_ciphersuites_tests) / sizeof(*parse_ciphersuites_tests))
929
930static int
931parse_ciphersuites_test(void)
932{
933 struct parse_ciphersuites_test *pct;
934 STACK_OF(SSL_CIPHER) *ciphers = NULL;
935 SSL_CIPHER *cipher;
936 int failed = 1;
937 int j, ret;
938 size_t i;
939
940 for (i = 0; i < N_PARSE_CIPHERSUITES_TESTS; i++) {
941 pct = &parse_ciphersuites_tests[i];
942
943 ret = ssl_parse_ciphersuites(&ciphers, pct->str);
944 if (ret != pct->want) {
945 fprintf(stderr, "FAIL: test %zu - "
946 "ssl_parse_ciphersuites returned %d, want %d\n",
947 i, ret, pct->want);
948 goto failed;
949 }
950 if (ret == 0)
951 continue;
952
953 for (j = 0; j < sk_SSL_CIPHER_num(ciphers); j++) {
954 cipher = sk_SSL_CIPHER_value(ciphers, j);
955 if (SSL_CIPHER_get_id(cipher) == pct->cids[j])
956 continue;
957 fprintf(stderr, "FAIL: test %zu - got cipher %d with "
958 "id %lx, want %lx\n", i, j,
959 SSL_CIPHER_get_id(cipher), pct->cids[j]);
960 goto failed;
961 }
962 if (pct->cids[j] != 0) {
963 fprintf(stderr, "FAIL: test %zu - got %d ciphers, "
964 "expected more", i, sk_SSL_CIPHER_num(ciphers));
965 goto failed;
966 }
967 }
968
969 failed = 0;
970
971 failed:
972 sk_SSL_CIPHER_free(ciphers);
973
974 return failed;
975}
976
977struct cipher_set_test {
978 int ctx_ciphersuites_first;
979 const char *ctx_ciphersuites;
980 const char *ctx_rulestr;
981 int ssl_ciphersuites_first;
982 const char *ssl_ciphersuites;
983 const char *ssl_rulestr;
984 int cids_aes_accel_fixup;
985 unsigned long cids[32];
986};
987
988struct cipher_set_test cipher_set_tests[] = {
989 {
990 .ctx_rulestr = "TLSv1.2+ECDHE+AEAD+AES",
991 .cids_aes_accel_fixup = 1,
992 .cids = {
993 TLS1_3_CK_AES_256_GCM_SHA384,
994 TLS1_3_CK_CHACHA20_POLY1305_SHA256,
995 TLS1_3_CK_AES_128_GCM_SHA256,
996 TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
997 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
998 TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
999 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
1000 },
1001 },
1002 {
1003 .ssl_rulestr = "TLSv1.2+ECDHE+AEAD+AES",
1004 .cids_aes_accel_fixup = 1,
1005 .cids = {
1006 TLS1_3_CK_AES_256_GCM_SHA384,
1007 TLS1_3_CK_CHACHA20_POLY1305_SHA256,
1008 TLS1_3_CK_AES_128_GCM_SHA256,
1009 TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
1010 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
1011 TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
1012 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
1013 },
1014 },
1015 {
1016 .ctx_ciphersuites_first = 1,
1017 .ctx_ciphersuites = "AEAD-AES256-GCM-SHA384:AEAD-CHACHA20-POLY1305-SHA256",
1018 .ctx_rulestr = "TLSv1.2+ECDHE+AEAD+AES",
1019 .cids = {
1020 TLS1_3_CK_AES_256_GCM_SHA384,
1021 TLS1_3_CK_CHACHA20_POLY1305_SHA256,
1022 TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
1023 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
1024 TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
1025 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
1026 },
1027 },
1028 {
1029 .ssl_ciphersuites_first = 1,
1030 .ssl_ciphersuites = "AEAD-AES256-GCM-SHA384:AEAD-CHACHA20-POLY1305-SHA256",
1031 .ssl_rulestr = "TLSv1.2+ECDHE+AEAD+AES",
1032 .cids = {
1033 TLS1_3_CK_AES_256_GCM_SHA384,
1034 TLS1_3_CK_CHACHA20_POLY1305_SHA256,
1035 TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
1036 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
1037 TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
1038 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
1039 },
1040 },
1041 {
1042 .ctx_ciphersuites_first = 0,
1043 .ctx_ciphersuites = "AEAD-AES256-GCM-SHA384:AEAD-CHACHA20-POLY1305-SHA256",
1044 .ctx_rulestr = "TLSv1.2+ECDHE+AEAD+AES",
1045 .cids = {
1046 TLS1_3_CK_AES_256_GCM_SHA384,
1047 TLS1_3_CK_CHACHA20_POLY1305_SHA256,
1048 TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
1049 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
1050 TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
1051 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
1052 },
1053 },
1054 {
1055 .ssl_ciphersuites_first = 0,
1056 .ssl_ciphersuites = "AEAD-AES256-GCM-SHA384:AEAD-CHACHA20-POLY1305-SHA256",
1057 .ssl_rulestr = "TLSv1.2+ECDHE+AEAD+AES",
1058 .cids = {
1059 TLS1_3_CK_AES_256_GCM_SHA384,
1060 TLS1_3_CK_CHACHA20_POLY1305_SHA256,
1061 TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
1062 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
1063 TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
1064 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
1065 },
1066 },
1067 {
1068 .ssl_ciphersuites_first = 1,
1069 .ssl_ciphersuites = "",
1070 .ssl_rulestr = "TLSv1.2+ECDHE+AEAD+AES",
1071 .cids = {
1072 TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
1073 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
1074 TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
1075 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
1076 },
1077 },
1078 {
1079 .ssl_ciphersuites_first = 0,
1080 .ssl_ciphersuites = "",
1081 .ssl_rulestr = "TLSv1.2+ECDHE+AEAD+AES",
1082 .cids = {
1083 TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
1084 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
1085 TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
1086 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
1087 },
1088 },
1089 {
1090 .ctx_ciphersuites = "AEAD-AES256-GCM-SHA384:AEAD-CHACHA20-POLY1305-SHA256",
1091 .ssl_rulestr = "TLSv1.2+ECDHE+AEAD+AES",
1092 .cids = {
1093 TLS1_3_CK_AES_256_GCM_SHA384,
1094 TLS1_3_CK_CHACHA20_POLY1305_SHA256,
1095 TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
1096 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
1097 TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
1098 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
1099 },
1100 },
1101 {
1102 .ctx_rulestr = "TLSv1.2+ECDHE+AEAD+AES",
1103 .ssl_ciphersuites = "AEAD-AES256-GCM-SHA384:AEAD-CHACHA20-POLY1305-SHA256",
1104 .cids = {
1105 TLS1_3_CK_AES_256_GCM_SHA384,
1106 TLS1_3_CK_CHACHA20_POLY1305_SHA256,
1107 TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
1108 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
1109 TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
1110 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
1111 },
1112 },
1113};
1114
1115#define N_CIPHER_SET_TESTS \
1116 (sizeof(cipher_set_tests) / sizeof(*cipher_set_tests))
1117
1118static int
1119cipher_set_test(void)
1120{
1121 struct cipher_set_test *cst;
1122 STACK_OF(SSL_CIPHER) *ciphers = NULL;
1123 SSL_CIPHER *cipher;
1124 SSL_CTX *ctx = NULL;
1125 SSL *ssl = NULL;
1126 int failed = 0;
1127 size_t i;
1128 int j;
1129
1130 for (i = 0; i < N_CIPHER_SET_TESTS; i++) {
1131 cst = &cipher_set_tests[i];
1132
1133 if (!ssl_aes_is_accelerated() && cst->cids_aes_accel_fixup) {
1134 cst->cids[0] = TLS1_3_CK_CHACHA20_POLY1305_SHA256;
1135 cst->cids[1] = TLS1_3_CK_AES_256_GCM_SHA384;
1136 }
1137
1138 if ((ctx = SSL_CTX_new(TLS_method())) == NULL)
1139 errx(1, "SSL_CTX_new");
1140
1141 if (cst->ctx_ciphersuites_first && cst->ctx_ciphersuites != NULL) {
1142 if (!SSL_CTX_set_ciphersuites(ctx, cst->ctx_ciphersuites))
1143 errx(1, "SSL_CTX_set_ciphersuites");
1144 }
1145 if (cst->ctx_rulestr != NULL) {
1146 if (!SSL_CTX_set_cipher_list(ctx, cst->ctx_rulestr))
1147 errx(1, "SSL_CTX_set_cipher_list");
1148 }
1149 if (!cst->ctx_ciphersuites_first && cst->ctx_ciphersuites != NULL) {
1150 if (!SSL_CTX_set_ciphersuites(ctx, cst->ctx_ciphersuites))
1151 errx(1, "SSL_CTX_set_ciphersuites");
1152 }
1153
1154 /* XXX - check SSL_CTX_get_ciphers(ctx) */
1155
1156 if ((ssl = SSL_new(ctx)) == NULL)
1157 errx(1, "SSL_new");
1158
1159 if (cst->ssl_ciphersuites_first && cst->ssl_ciphersuites != NULL) {
1160 if (!SSL_set_ciphersuites(ssl, cst->ssl_ciphersuites))
1161 errx(1, "SSL_set_ciphersuites");
1162 }
1163 if (cst->ssl_rulestr != NULL) {
1164 if (!SSL_set_cipher_list(ssl, cst->ssl_rulestr))
1165 errx(1, "SSL_set_cipher_list");
1166 }
1167 if (!cst->ssl_ciphersuites_first && cst->ssl_ciphersuites != NULL) {
1168 if (!SSL_set_ciphersuites(ssl, cst->ssl_ciphersuites))
1169 errx(1, "SSL_set_ciphersuites");
1170 }
1171
1172 ciphers = SSL_get_ciphers(ssl);
1173
1174 for (j = 0; j < sk_SSL_CIPHER_num(ciphers); j++) {
1175 cipher = sk_SSL_CIPHER_value(ciphers, j);
1176 if (SSL_CIPHER_get_id(cipher) == cst->cids[j])
1177 continue;
1178 fprintf(stderr, "FAIL: test %zu - got cipher %d with "
1179 "id %lx, want %lx\n", i, j,
1180 SSL_CIPHER_get_id(cipher), cst->cids[j]);
1181 failed |= 1;
1182 }
1183 if (cst->cids[j] != 0) {
1184 fprintf(stderr, "FAIL: test %zu - got %d ciphers, "
1185 "expected more", i, sk_SSL_CIPHER_num(ciphers));
1186 failed |= 1;
1187 }
1188
1189 SSL_CTX_free(ctx);
1190 SSL_free(ssl);
1191 }
1192
1193 return failed;
1194}
1195
1196int
1197main(int argc, char **argv)
1198{
1199 int failed = 0;
1200
1201 failed |= check_cipher_order();
1202
1203 failed |= test_ssl_ciphers();
1204
1205 failed |= parse_ciphersuites_test();
1206 failed |= cipher_set_test();
1207
1208 return (failed);
1209}
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2026-01-12 02:26:59 +0000