summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorjsing <>2024-07-17 14:51:54 +0000
committerjsing <>2024-07-17 14:51:54 +0000
commit7c9ff0880d54e2d06bcd4edfe89f798ee6213e2f (patch)
tree29ee1c2e6c7b0d6a4f88b4eea8c1e08b63614ab6 /src
parent97cdf5a1c8e337cb0c9a315941ec59c180393ad6 (diff)
downloadopenbsd-7c9ff0880d54e2d06bcd4edfe89f798ee6213e2f.tar.gz
openbsd-7c9ff0880d54e2d06bcd4edfe89f798ee6213e2f.tar.bz2
openbsd-7c9ff0880d54e2d06bcd4edfe89f798ee6213e2f.zip
Rework cipher find test to also provide coverage for SSL_CIPHER_*()
Diffstat (limited to 'src')
-rw-r--r--src/regress/lib/libssl/ciphers/cipherstest.c762
1 files changed, 754 insertions, 8 deletions
diff --git a/src/regress/lib/libssl/ciphers/cipherstest.c b/src/regress/lib/libssl/ciphers/cipherstest.c
index e1411d6825..79f1325aef 100644
--- a/src/regress/lib/libssl/ciphers/cipherstest.c
+++ b/src/regress/lib/libssl/ciphers/cipherstest.c
@@ -14,6 +14,8 @@
14 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 14 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
15 */ 15 */
16 16
17#include <openssl/evp.h>
18#include <openssl/objects.h>
17#include <openssl/ssl.h> 19#include <openssl/ssl.h>
18 20
19#include <err.h> 21#include <err.h>
@@ -67,16 +69,676 @@ check_cipher_order(void)
67 return 0; 69 return 0;
68} 70}
69 71
72struct ssl_cipher_test {
73 uint16_t value;
74 int auth_nid;
75 int cipher_nid;
76 int digest_nid;
77 int handshake_digest_nid;
78 int kx_nid;
79 int strength_bits;
80 int symmetric_bits;
81 int is_aead;
82};
83
84static const struct ssl_cipher_test ssl_cipher_tests[] = {
85 {
86 .value = 0x0004,
87 .auth_nid = NID_auth_rsa,
88 .cipher_nid = NID_rc4,
89 .digest_nid = NID_md5,
90 .handshake_digest_nid = NID_sha256,
91 .kx_nid = NID_kx_rsa,
92 .strength_bits = 128,
93 .symmetric_bits = 128,
94 },
95 {
96 .value = 0x0005,
97 .auth_nid = NID_auth_rsa,
98 .cipher_nid = NID_rc4,
99 .digest_nid = NID_sha1,
100 .handshake_digest_nid = NID_sha256,
101 .kx_nid = NID_kx_rsa,
102 .strength_bits = 128,
103 .symmetric_bits = 128,
104 },
105 {
106 .value = 0x000a,
107 .auth_nid = NID_auth_rsa,
108 .cipher_nid = NID_des_ede3_cbc,
109 .digest_nid = NID_sha1,
110 .handshake_digest_nid = NID_sha256,
111 .kx_nid = NID_kx_rsa,
112 .strength_bits = 112,
113 .symmetric_bits = 168,
114 },
115 {
116 .value = 0x0016,
117 .auth_nid = NID_auth_rsa,
118 .cipher_nid = NID_des_ede3_cbc,
119 .digest_nid = NID_sha1,
120 .handshake_digest_nid = NID_sha256,
121 .kx_nid = NID_kx_dhe,
122 .strength_bits = 112,
123 .symmetric_bits = 168,
124 },
125 {
126 .value = 0x0018,
127 .auth_nid = NID_auth_null,
128 .cipher_nid = NID_rc4,
129 .digest_nid = NID_md5,
130 .handshake_digest_nid = NID_sha256,
131 .kx_nid = NID_kx_dhe,
132 .strength_bits = 128,
133 .symmetric_bits = 128,
134 },
135 {
136 .value = 0x001b,
137 .auth_nid = NID_auth_null,
138 .cipher_nid = NID_des_ede3_cbc,
139 .digest_nid = NID_sha1,
140 .handshake_digest_nid = NID_sha256,
141 .kx_nid = NID_kx_dhe,
142 .strength_bits = 112,
143 .symmetric_bits = 168,
144 },
145 {
146 .value = 0x002f,
147 .auth_nid = NID_auth_rsa,
148 .cipher_nid = NID_aes_128_cbc,
149 .digest_nid = NID_sha1,
150 .handshake_digest_nid = NID_sha256,
151 .kx_nid = NID_kx_rsa,
152 .strength_bits = 128,
153 .symmetric_bits = 128,
154 },
155 {
156 .value = 0x0033,
157 .auth_nid = NID_auth_rsa,
158 .cipher_nid = NID_aes_128_cbc,
159 .digest_nid = NID_sha1,
160 .handshake_digest_nid = NID_sha256,
161 .kx_nid = NID_kx_dhe,
162 .strength_bits = 128,
163 .symmetric_bits = 128,
164 },
165 {
166 .value = 0x0034,
167 .auth_nid = NID_auth_null,
168 .cipher_nid = NID_aes_128_cbc,
169 .digest_nid = NID_sha1,
170 .handshake_digest_nid = NID_sha256,
171 .kx_nid = NID_kx_dhe,
172 .strength_bits = 128,
173 .symmetric_bits = 128,
174 },
175 {
176 .value = 0x0035,
177 .auth_nid = NID_auth_rsa,
178 .cipher_nid = NID_aes_256_cbc,
179 .digest_nid = NID_sha1,
180 .handshake_digest_nid = NID_sha256,
181 .kx_nid = NID_kx_rsa,
182 .strength_bits = 256,
183 .symmetric_bits = 256,
184 },
185 {
186 .value = 0x0039,
187 .auth_nid = NID_auth_rsa,
188 .cipher_nid = NID_aes_256_cbc,
189 .digest_nid = NID_sha1,
190 .handshake_digest_nid = NID_sha256,
191 .kx_nid = NID_kx_dhe,
192 .strength_bits = 256,
193 .symmetric_bits = 256,
194 },
195 {
196 .value = 0x003a,
197 .auth_nid = NID_auth_null,
198 .cipher_nid = NID_aes_256_cbc,
199 .digest_nid = NID_sha1,
200 .handshake_digest_nid = NID_sha256,
201 .kx_nid = NID_kx_dhe,
202 .strength_bits = 256,
203 .symmetric_bits = 256,
204 },
205 {
206 .value = 0x003c,
207 .auth_nid = NID_auth_rsa,
208 .cipher_nid = NID_aes_128_cbc,
209 .digest_nid = NID_sha256,
210 .handshake_digest_nid = NID_sha256,
211 .kx_nid = NID_kx_rsa,
212 .strength_bits = 128,
213 .symmetric_bits = 128,
214 },
215 {
216 .value = 0x003d,
217 .auth_nid = NID_auth_rsa,
218 .cipher_nid = NID_aes_256_cbc,
219 .digest_nid = NID_sha256,
220 .handshake_digest_nid = NID_sha256,
221 .kx_nid = NID_kx_rsa,
222 .strength_bits = 256,
223 .symmetric_bits = 256,
224 },
225 {
226 .value = 0x0041,
227 .auth_nid = NID_auth_rsa,
228 .cipher_nid = NID_camellia_128_cbc,
229 .digest_nid = NID_sha1,
230 .handshake_digest_nid = NID_sha256,
231 .kx_nid = NID_kx_rsa,
232 .strength_bits = 128,
233 .symmetric_bits = 128,
234 },
235 {
236 .value = 0x0045,
237 .auth_nid = NID_auth_rsa,
238 .cipher_nid = NID_camellia_128_cbc,
239 .digest_nid = NID_sha1,
240 .handshake_digest_nid = NID_sha256,
241 .kx_nid = NID_kx_dhe,
242 .strength_bits = 128,
243 .symmetric_bits = 128,
244 },
245 {
246 .value = 0x0046,
247 .auth_nid = NID_auth_null,
248 .cipher_nid = NID_camellia_128_cbc,
249 .digest_nid = NID_sha1,
250 .handshake_digest_nid = NID_sha256,
251 .kx_nid = NID_kx_dhe,
252 .strength_bits = 128,
253 .symmetric_bits = 128,
254 },
255 {
256 .value = 0x0067,
257 .auth_nid = NID_auth_rsa,
258 .cipher_nid = NID_aes_128_cbc,
259 .digest_nid = NID_sha256,
260 .handshake_digest_nid = NID_sha256,
261 .kx_nid = NID_kx_dhe,
262 .strength_bits = 128,
263 .symmetric_bits = 128,
264 },
265 {
266 .value = 0x006b,
267 .auth_nid = NID_auth_rsa,
268 .cipher_nid = NID_aes_256_cbc,
269 .digest_nid = NID_sha256,
270 .handshake_digest_nid = NID_sha256,
271 .kx_nid = NID_kx_dhe,
272 .strength_bits = 256,
273 .symmetric_bits = 256,
274 },
275 {
276 .value = 0x006c,
277 .auth_nid = NID_auth_null,
278 .cipher_nid = NID_aes_128_cbc,
279 .digest_nid = NID_sha256,
280 .handshake_digest_nid = NID_sha256,
281 .kx_nid = NID_kx_dhe,
282 .strength_bits = 128,
283 .symmetric_bits = 128,
284 },
285 {
286 .value = 0x006d,
287 .auth_nid = NID_auth_null,
288 .cipher_nid = NID_aes_256_cbc,
289 .digest_nid = NID_sha256,
290 .handshake_digest_nid = NID_sha256,
291 .kx_nid = NID_kx_dhe,
292 .strength_bits = 256,
293 .symmetric_bits = 256,
294 },
295 {
296 .value = 0x0084,
297 .auth_nid = NID_auth_rsa,
298 .cipher_nid = NID_camellia_256_cbc,
299 .digest_nid = NID_sha1,
300 .handshake_digest_nid = NID_sha256,
301 .kx_nid = NID_kx_rsa,
302 .strength_bits = 256,
303 .symmetric_bits = 256,
304 },
305 {
306 .value = 0x0088,
307 .auth_nid = NID_auth_rsa,
308 .cipher_nid = NID_camellia_256_cbc,
309 .digest_nid = NID_sha1,
310 .handshake_digest_nid = NID_sha256,
311 .kx_nid = NID_kx_dhe,
312 .strength_bits = 256,
313 .symmetric_bits = 256,
314 },
315 {
316 .value = 0x0089,
317 .auth_nid = NID_auth_null,
318 .cipher_nid = NID_camellia_256_cbc,
319 .digest_nid = NID_sha1,
320 .handshake_digest_nid = NID_sha256,
321 .kx_nid = NID_kx_dhe,
322 .strength_bits = 256,
323 .symmetric_bits = 256,
324 },
325 {
326 .value = 0x009c,
327 .auth_nid = NID_auth_rsa,
328 .cipher_nid = NID_aes_128_gcm,
329 .digest_nid = NID_undef,
330 .handshake_digest_nid = NID_sha256,
331 .kx_nid = NID_kx_rsa,
332 .strength_bits = 128,
333 .symmetric_bits = 128,
334 .is_aead = 1,
335 },
336 {
337 .value = 0x009d,
338 .auth_nid = NID_auth_rsa,
339 .cipher_nid = NID_aes_256_gcm,
340 .digest_nid = NID_undef,
341 .handshake_digest_nid = NID_sha384,
342 .kx_nid = NID_kx_rsa,
343 .strength_bits = 256,
344 .symmetric_bits = 256,
345 .is_aead = 1,
346 },
347 {
348 .value = 0x009e,
349 .auth_nid = NID_auth_rsa,
350 .cipher_nid = NID_aes_128_gcm,
351 .digest_nid = NID_undef,
352 .handshake_digest_nid = NID_sha256,
353 .kx_nid = NID_kx_dhe,
354 .strength_bits = 128,
355 .symmetric_bits = 128,
356 .is_aead = 1,
357 },
358 {
359 .value = 0x009f,
360 .auth_nid = NID_auth_rsa,
361 .cipher_nid = NID_aes_256_gcm,
362 .digest_nid = NID_undef,
363 .handshake_digest_nid = NID_sha384,
364 .kx_nid = NID_kx_dhe,
365 .strength_bits = 256,
366 .symmetric_bits = 256,
367 .is_aead = 1,
368 },
369 {
370 .value = 0x00a6,
371 .auth_nid = NID_auth_null,
372 .cipher_nid = NID_aes_128_gcm,
373 .digest_nid = NID_undef,
374 .handshake_digest_nid = NID_sha256,
375 .kx_nid = NID_kx_dhe,
376 .strength_bits = 128,
377 .symmetric_bits = 128,
378 .is_aead = 1,
379 },
380 {
381 .value = 0x00a7,
382 .auth_nid = NID_auth_null,
383 .cipher_nid = NID_aes_256_gcm,
384 .digest_nid = NID_undef,
385 .handshake_digest_nid = NID_sha384,
386 .kx_nid = NID_kx_dhe,
387 .strength_bits = 256,
388 .symmetric_bits = 256,
389 .is_aead = 1,
390 },
391 {
392 .value = 0x00ba,
393 .auth_nid = NID_auth_rsa,
394 .cipher_nid = NID_camellia_128_cbc,
395 .digest_nid = NID_sha256,
396 .handshake_digest_nid = NID_sha256,
397 .kx_nid = NID_kx_rsa,
398 .strength_bits = 128,
399 .symmetric_bits = 128,
400 },
401 {
402 .value = 0x00be,
403 .auth_nid = NID_auth_rsa,
404 .cipher_nid = NID_camellia_128_cbc,
405 .digest_nid = NID_sha256,
406 .handshake_digest_nid = NID_sha256,
407 .kx_nid = NID_kx_dhe,
408 .strength_bits = 128,
409 .symmetric_bits = 128,
410 },
411 {
412 .value = 0x00bf,
413 .auth_nid = NID_auth_null,
414 .cipher_nid = NID_camellia_128_cbc,
415 .digest_nid = NID_sha256,
416 .handshake_digest_nid = NID_sha256,
417 .kx_nid = NID_kx_dhe,
418 .strength_bits = 128,
419 .symmetric_bits = 128,
420 },
421 {
422 .value = 0x00c0,
423 .auth_nid = NID_auth_rsa,
424 .cipher_nid = NID_camellia_256_cbc,
425 .digest_nid = NID_sha256,
426 .handshake_digest_nid = NID_sha256,
427 .kx_nid = NID_kx_rsa,
428 .strength_bits = 256,
429 .symmetric_bits = 256,
430 },
431 {
432 .value = 0x00c4,
433 .auth_nid = NID_auth_rsa,
434 .cipher_nid = NID_camellia_256_cbc,
435 .digest_nid = NID_sha256,
436 .handshake_digest_nid = NID_sha256,
437 .kx_nid = NID_kx_dhe,
438 .strength_bits = 256,
439 .symmetric_bits = 256,
440 },
441 {
442 .value = 0x00c5,
443 .auth_nid = NID_auth_null,
444 .cipher_nid = NID_camellia_256_cbc,
445 .digest_nid = NID_sha256,
446 .handshake_digest_nid = NID_sha256,
447 .kx_nid = NID_kx_dhe,
448 .strength_bits = 256,
449 .symmetric_bits = 256,
450 },
451 {
452 .value = 0x1301,
453 .auth_nid = NID_undef,
454 .cipher_nid = NID_aes_128_gcm,
455 .digest_nid = NID_undef,
456 .handshake_digest_nid = NID_sha256,
457 .kx_nid = NID_undef,
458 .strength_bits = 128,
459 .symmetric_bits = 128,
460 .is_aead = 1,
461 },
462 {
463 .value = 0x1302,
464 .auth_nid = NID_undef,
465 .cipher_nid = NID_aes_256_gcm,
466 .digest_nid = NID_undef,
467 .handshake_digest_nid = NID_sha384,
468 .kx_nid = NID_undef,
469 .strength_bits = 256,
470 .symmetric_bits = 256,
471 .is_aead = 1,
472 },
473 {
474 .value = 0x1303,
475 .auth_nid = NID_undef,
476 .cipher_nid = NID_chacha20_poly1305,
477 .digest_nid = NID_undef,
478 .handshake_digest_nid = NID_sha256,
479 .kx_nid = NID_undef,
480 .strength_bits = 256,
481 .symmetric_bits = 256,
482 .is_aead = 1,
483 },
484 {
485 .value = 0xc007,
486 .auth_nid = NID_auth_ecdsa,
487 .cipher_nid = NID_rc4,
488 .digest_nid = NID_sha1,
489 .handshake_digest_nid = NID_sha256,
490 .kx_nid = NID_kx_ecdhe,
491 .strength_bits = 128,
492 .symmetric_bits = 128,
493 },
494 {
495 .value = 0xc008,
496 .auth_nid = NID_auth_ecdsa,
497 .cipher_nid = NID_des_ede3_cbc,
498 .digest_nid = NID_sha1,
499 .handshake_digest_nid = NID_sha256,
500 .kx_nid = NID_kx_ecdhe,
501 .strength_bits = 112,
502 .symmetric_bits = 168,
503 },
504 {
505 .value = 0xc009,
506 .auth_nid = NID_auth_ecdsa,
507 .cipher_nid = NID_aes_128_cbc,
508 .digest_nid = NID_sha1,
509 .handshake_digest_nid = NID_sha256,
510 .kx_nid = NID_kx_ecdhe,
511 .strength_bits = 128,
512 .symmetric_bits = 128,
513 },
514 {
515 .value = 0xc00a,
516 .auth_nid = NID_auth_ecdsa,
517 .cipher_nid = NID_aes_256_cbc,
518 .digest_nid = NID_sha1,
519 .handshake_digest_nid = NID_sha256,
520 .kx_nid = NID_kx_ecdhe,
521 .strength_bits = 256,
522 .symmetric_bits = 256,
523 },
524 {
525 .value = 0xc011,
526 .auth_nid = NID_auth_rsa,
527 .cipher_nid = NID_rc4,
528 .digest_nid = NID_sha1,
529 .handshake_digest_nid = NID_sha256,
530 .kx_nid = NID_kx_ecdhe,
531 .strength_bits = 128,
532 .symmetric_bits = 128,
533 },
534 {
535 .value = 0xc012,
536 .auth_nid = NID_auth_rsa,
537 .cipher_nid = NID_des_ede3_cbc,
538 .digest_nid = NID_sha1,
539 .handshake_digest_nid = NID_sha256,
540 .kx_nid = NID_kx_ecdhe,
541 .strength_bits = 112,
542 .symmetric_bits = 168,
543 },
544 {
545 .value = 0xc013,
546 .auth_nid = NID_auth_rsa,
547 .cipher_nid = NID_aes_128_cbc,
548 .digest_nid = NID_sha1,
549 .handshake_digest_nid = NID_sha256,
550 .kx_nid = NID_kx_ecdhe,
551 .strength_bits = 128,
552 .symmetric_bits = 128,
553 },
554 {
555 .value = 0xc014,
556 .auth_nid = NID_auth_rsa,
557 .cipher_nid = NID_aes_256_cbc,
558 .digest_nid = NID_sha1,
559 .handshake_digest_nid = NID_sha256,
560 .kx_nid = NID_kx_ecdhe,
561 .strength_bits = 256,
562 .symmetric_bits = 256,
563 },
564 {
565 .value = 0xc016,
566 .auth_nid = NID_auth_null,
567 .cipher_nid = NID_rc4,
568 .digest_nid = NID_sha1,
569 .handshake_digest_nid = NID_sha256,
570 .kx_nid = NID_kx_ecdhe,
571 .strength_bits = 128,
572 .symmetric_bits = 128,
573 },
574 {
575 .value = 0xc017,
576 .auth_nid = NID_auth_null,
577 .cipher_nid = NID_des_ede3_cbc,
578 .digest_nid = NID_sha1,
579 .handshake_digest_nid = NID_sha256,
580 .kx_nid = NID_kx_ecdhe,
581 .strength_bits = 112,
582 .symmetric_bits = 168,
583 },
584 {
585 .value = 0xc018,
586 .auth_nid = NID_auth_null,
587 .cipher_nid = NID_aes_128_cbc,
588 .digest_nid = NID_sha1,
589 .handshake_digest_nid = NID_sha256,
590 .kx_nid = NID_kx_ecdhe,
591 .strength_bits = 128,
592 .symmetric_bits = 128,
593 },
594 {
595 .value = 0xc019,
596 .auth_nid = NID_auth_null,
597 .cipher_nid = NID_aes_256_cbc,
598 .digest_nid = NID_sha1,
599 .handshake_digest_nid = NID_sha256,
600 .kx_nid = NID_kx_ecdhe,
601 .strength_bits = 256,
602 .symmetric_bits = 256,
603 },
604 {
605 .value = 0xc023,
606 .auth_nid = NID_auth_ecdsa,
607 .cipher_nid = NID_aes_128_cbc,
608 .digest_nid = NID_sha256,
609 .handshake_digest_nid = NID_sha256,
610 .kx_nid = NID_kx_ecdhe,
611 .strength_bits = 128,
612 .symmetric_bits = 128,
613 },
614 {
615 .value = 0xc024,
616 .auth_nid = NID_auth_ecdsa,
617 .cipher_nid = NID_aes_256_cbc,
618 .digest_nid = NID_sha384,
619 .handshake_digest_nid = NID_sha384,
620 .kx_nid = NID_kx_ecdhe,
621 .strength_bits = 256,
622 .symmetric_bits = 256,
623 },
624 {
625 .value = 0xc027,
626 .auth_nid = NID_auth_rsa,
627 .cipher_nid = NID_aes_128_cbc,
628 .digest_nid = NID_sha256,
629 .handshake_digest_nid = NID_sha256,
630 .kx_nid = NID_kx_ecdhe,
631 .strength_bits = 128,
632 .symmetric_bits = 128,
633 },
634 {
635 .value = 0xc028,
636 .auth_nid = NID_auth_rsa,
637 .cipher_nid = NID_aes_256_cbc,
638 .digest_nid = NID_sha384,
639 .handshake_digest_nid = NID_sha384,
640 .kx_nid = NID_kx_ecdhe,
641 .strength_bits = 256,
642 .symmetric_bits = 256,
643 },
644 {
645 .value = 0xc02b,
646 .auth_nid = NID_auth_ecdsa,
647 .cipher_nid = NID_aes_128_gcm,
648 .digest_nid = NID_undef,
649 .handshake_digest_nid = NID_sha256,
650 .kx_nid = NID_kx_ecdhe,
651 .strength_bits = 128,
652 .symmetric_bits = 128,
653 .is_aead = 1,
654 },
655 {
656 .value = 0xc02c,
657 .auth_nid = NID_auth_ecdsa,
658 .cipher_nid = NID_aes_256_gcm,
659 .digest_nid = NID_undef,
660 .handshake_digest_nid = NID_sha384,
661 .kx_nid = NID_kx_ecdhe,
662 .strength_bits = 256,
663 .symmetric_bits = 256,
664 .is_aead = 1,
665 },
666 {
667 .value = 0xc02f,
668 .auth_nid = NID_auth_rsa,
669 .cipher_nid = NID_aes_128_gcm,
670 .digest_nid = NID_undef,
671 .handshake_digest_nid = NID_sha256,
672 .kx_nid = NID_kx_ecdhe,
673 .strength_bits = 128,
674 .symmetric_bits = 128,
675 .is_aead = 1,
676 },
677 {
678 .value = 0xc030,
679 .auth_nid = NID_auth_rsa,
680 .cipher_nid = NID_aes_256_gcm,
681 .digest_nid = NID_undef,
682 .handshake_digest_nid = NID_sha384,
683 .kx_nid = NID_kx_ecdhe,
684 .strength_bits = 256,
685 .symmetric_bits = 256,
686 .is_aead = 1,
687 },
688 {
689 .value = 0xcca8,
690 .auth_nid = NID_auth_rsa,
691 .cipher_nid = NID_chacha20_poly1305,
692 .digest_nid = NID_undef,
693 .handshake_digest_nid = NID_sha256,
694 .kx_nid = NID_kx_ecdhe,
695 .strength_bits = 256,
696 .symmetric_bits = 256,
697 .is_aead = 1,
698 },
699 {
700 .value = 0xcca9,
701 .auth_nid = NID_auth_ecdsa,
702 .cipher_nid = NID_chacha20_poly1305,
703 .digest_nid = NID_undef,
704 .handshake_digest_nid = NID_sha256,
705 .kx_nid = NID_kx_ecdhe,
706 .strength_bits = 256,
707 .symmetric_bits = 256,
708 .is_aead = 1,
709 },
710 {
711 .value = 0xccaa,
712 .auth_nid = NID_auth_rsa,
713 .cipher_nid = NID_chacha20_poly1305,
714 .digest_nid = NID_undef,
715 .handshake_digest_nid = NID_sha256,
716 .kx_nid = NID_kx_dhe,
717 .strength_bits = 256,
718 .symmetric_bits = 256,
719 .is_aead = 1,
720 },
721};
722
723#define N_SSL_CIPHER_TESTS (sizeof(ssl_cipher_tests) / sizeof(ssl_cipher_tests[0]))
724
70static int 725static int
71cipher_find_test(void) 726test_ssl_ciphers(void)
72{ 727{
728 int i, strength_bits, symmetric_bits;
729 const struct ssl_cipher_test *sct;
73 STACK_OF(SSL_CIPHER) *ciphers; 730 STACK_OF(SSL_CIPHER) *ciphers;
74 const SSL_CIPHER *cipher; 731 const SSL_CIPHER *cipher;
732#if 0
733 const EVP_MD *digest;
734#endif
75 unsigned char buf[2]; 735 unsigned char buf[2];
736 const char *description;
737 char desc_buf[256];
76 SSL_CTX *ssl_ctx = NULL; 738 SSL_CTX *ssl_ctx = NULL;
77 SSL *ssl = NULL; 739 SSL *ssl = NULL;
740 size_t j;
78 int ret = 1; 741 int ret = 1;
79 int i;
80 742
81 if ((ssl_ctx = SSL_CTX_new(TLS_method())) == NULL) { 743 if ((ssl_ctx = SSL_CTX_new(TLS_method())) == NULL) {
82 fprintf(stderr, "SSL_CTX_new() returned NULL\n"); 744 fprintf(stderr, "SSL_CTX_new() returned NULL\n");
@@ -96,6 +758,12 @@ cipher_find_test(void)
96 goto failure; 758 goto failure;
97 } 759 }
98 760
761 if (sk_SSL_CIPHER_num(ciphers) != N_SSL_CIPHER_TESTS) {
762 fprintf(stderr, "number of ciphers mismatch (%d != %zu)\n",
763 sk_SSL_CIPHER_num(ciphers), N_SSL_CIPHER_TESTS);
764 goto failure;
765 }
766
99 for (i = 0; i < sk_SSL_CIPHER_num(ciphers); i++) { 767 for (i = 0; i < sk_SSL_CIPHER_num(ciphers); i++) {
100 uint16_t cipher_value; 768 uint16_t cipher_value;
101 769
@@ -106,18 +774,96 @@ cipher_find_test(void)
106 buf[1] = cipher_value & 0xff; 774 buf[1] = cipher_value & 0xff;
107 775
108 if ((cipher = SSL_CIPHER_find(ssl, buf)) == NULL) { 776 if ((cipher = SSL_CIPHER_find(ssl, buf)) == NULL) {
109 fprintf(stderr, 777 fprintf(stderr, "SSL_CIPHER_find() returned NULL for %s\n",
110 "SSL_CIPHER_find() returned NULL for %s\n",
111 SSL_CIPHER_get_name(cipher)); 778 SSL_CIPHER_get_name(cipher));
112 goto failure; 779 goto failure;
113 } 780 }
114
115 if (SSL_CIPHER_get_value(cipher) != cipher_value) { 781 if (SSL_CIPHER_get_value(cipher) != cipher_value) {
116 fprintf(stderr, 782 fprintf(stderr, "got cipher with value 0x%04x, want 0x%04x\n",
117 "got cipher with value 0x%x, want 0x%x\n",
118 SSL_CIPHER_get_value(cipher), cipher_value); 783 SSL_CIPHER_get_value(cipher), cipher_value);
119 goto failure; 784 goto failure;
120 } 785 }
786 if (SSL_CIPHER_get_id(cipher) != (0x03000000UL | cipher_value)) {
787 fprintf(stderr, "got cipher id 0x%08lx, want 0x%08lx\n",
788 SSL_CIPHER_get_id(cipher), (0x03000000UL | cipher_value));
789 goto failure;
790 }
791
792 sct = NULL;
793 for (j = 0; j < N_SSL_CIPHER_TESTS; j++) {
794 if (ssl_cipher_tests[j].value == cipher_value) {
795 sct = &ssl_cipher_tests[j];
796 break;
797 }
798 }
799 if (sct == NULL) {
800 fprintf(stderr, "cipher '%s' (0x%04x) not found in test "
801 "table\n", SSL_CIPHER_get_name(cipher), cipher_value);
802 goto failure;
803 }
804
805 if (SSL_CIPHER_get_auth_nid(cipher) != sct->auth_nid) {
806 fprintf(stderr, "cipher '%s' (0x%04x) - got auth nid %d, "
807 "want %d\n", SSL_CIPHER_get_name(cipher), cipher_value,
808 SSL_CIPHER_get_auth_nid(cipher), sct->auth_nid);
809 goto failure;
810 }
811 if (SSL_CIPHER_get_cipher_nid(cipher) != sct->cipher_nid) {
812 fprintf(stderr, "cipher '%s' (0x%04x) - got cipher nid %d, "
813 "want %d\n", SSL_CIPHER_get_name(cipher), cipher_value,
814 SSL_CIPHER_get_cipher_nid(cipher), sct->cipher_nid);
815 goto failure;
816 }
817 if (SSL_CIPHER_get_digest_nid(cipher) != sct->digest_nid) {
818 fprintf(stderr, "cipher '%s' (0x%04x) - got digest nid %d, "
819 "want %d\n", SSL_CIPHER_get_name(cipher), cipher_value,
820 SSL_CIPHER_get_digest_nid(cipher), sct->digest_nid);
821 goto failure;
822 }
823 if (SSL_CIPHER_get_kx_nid(cipher) != sct->kx_nid) {
824 fprintf(stderr, "cipher '%s' (0x%04x) - got kx nid %d, "
825 "want %d\n", SSL_CIPHER_get_name(cipher), cipher_value,
826 SSL_CIPHER_get_kx_nid(cipher), sct->kx_nid);
827 goto failure;
828 }
829
830#if 0
831 /* Having API consistency is a wonderful thing... */
832 digest = SSL_CIPHER_get_handshake_digest(cipher);
833 if (EVP_MD_nid(digest) != sct->handshake_digest_nid) {
834 fprintf(stderr, "cipher '%s' (0x%04x) - got handshake "
835 "digest nid %d, want %d\n", SSL_CIPHER_get_name(cipher),
836 cipher_value, EVP_MD_nid(digest), sct->handshake_digest_nid);
837 goto failure;
838 }
839#endif
840
841 strength_bits = SSL_CIPHER_get_bits(cipher, &symmetric_bits);
842 if (strength_bits != sct->strength_bits) {
843 fprintf(stderr, "cipher '%s' (0x%04x) - got strength bits "
844 "%d, want %d\n", SSL_CIPHER_get_name(cipher),
845 cipher_value, strength_bits, sct->strength_bits);
846 goto failure;
847 }
848 if (symmetric_bits != sct->symmetric_bits) {
849 fprintf(stderr, "cipher '%s' (0x%04x) - got symmetric bits "
850 "%d, want %d\n", SSL_CIPHER_get_name(cipher),
851 cipher_value, symmetric_bits, sct->symmetric_bits);
852 goto failure;
853 }
854 if (SSL_CIPHER_is_aead(cipher) != sct->is_aead) {
855 fprintf(stderr, "cipher '%s' (0x%04x) - got is aead %d, "
856 "want %d\n", SSL_CIPHER_get_name(cipher), cipher_value,
857 SSL_CIPHER_is_aead(cipher), sct->is_aead);
858 goto failure;
859 }
860
861 if ((description = SSL_CIPHER_description(cipher, desc_buf,
862 sizeof(desc_buf))) != desc_buf) {
863 fprintf(stderr, "cipher '%s' (0x%04x) - failed to get "
864 "description\n", SSL_CIPHER_get_name(cipher), cipher_value);
865 goto failure;
866 }
121 } 867 }
122 868
123 ret = 0; 869 ret = 0;
@@ -466,7 +1212,7 @@ main(int argc, char **argv)
466 1212
467 failed |= check_cipher_order(); 1213 failed |= check_cipher_order();
468 1214
469 failed |= cipher_find_test(); 1215 failed |= test_ssl_ciphers();
470 1216
471 failed |= parse_ciphersuites_test(); 1217 failed |= parse_ciphersuites_test();
472 failed |= cipher_set_test(); 1218 failed |= cipher_set_test();
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-21 00:33:30 +0000