summaryrefslogtreecommitdiff
path: root/src/lib/libssl/src/ssl/ssltest.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libssl/src/ssl/ssltest.c')
-rw-r--r--src/lib/libssl/src/ssl/ssltest.c256
1 files changed, 209 insertions, 47 deletions
diff --git a/src/lib/libssl/src/ssl/ssltest.c b/src/lib/libssl/src/ssl/ssltest.c
index 9381c435d5..e786b428cd 100644
--- a/src/lib/libssl/src/ssl/ssltest.c
+++ b/src/lib/libssl/src/ssl/ssltest.c
@@ -108,6 +108,11 @@
108 * Hudson (tjh@cryptsoft.com). 108 * Hudson (tjh@cryptsoft.com).
109 * 109 *
110 */ 110 */
111/* ====================================================================
112 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
113 * ECC cipher suite support in OpenSSL originally developed by
114 * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
115 */
111 116
112#define _BSD_SOURCE 1 /* Or gethostname won't be declared properly 117#define _BSD_SOURCE 1 /* Or gethostname won't be declared properly
113 on Linux and GNU platforms. */ 118 on Linux and GNU platforms. */
@@ -140,7 +145,16 @@
140#endif 145#endif
141#include <openssl/err.h> 146#include <openssl/err.h>
142#include <openssl/rand.h> 147#include <openssl/rand.h>
143#include <openssl/fips.h> 148#ifndef OPENSSL_NO_RSA
149#include <openssl/rsa.h>
150#endif
151#ifndef OPENSSL_NO_DSA
152#include <openssl/dsa.h>
153#endif
154#ifndef OPENSSL_NO_DH
155#include <openssl/dh.h>
156#endif
157#include <openssl/bn.h>
144 158
145#define _XOPEN_SOURCE_EXTENDED 1 /* Or gethostname won't be declared properly 159#define _XOPEN_SOURCE_EXTENDED 1 /* Or gethostname won't be declared properly
146 on Compaq platforms (at least with DEC C). 160 on Compaq platforms (at least with DEC C).
@@ -160,6 +174,9 @@
160#elif defined(OPENSSL_SYS_WINCE) 174#elif defined(OPENSSL_SYS_WINCE)
161# define TEST_SERVER_CERT "\\OpenSSL\\server.pem" 175# define TEST_SERVER_CERT "\\OpenSSL\\server.pem"
162# define TEST_CLIENT_CERT "\\OpenSSL\\client.pem" 176# define TEST_CLIENT_CERT "\\OpenSSL\\client.pem"
177#elif defined(OPENSSL_SYS_NETWARE)
178# define TEST_SERVER_CERT "\\openssl\\apps\\server.pem"
179# define TEST_CLIENT_CERT "\\openssl\\apps\\client.pem"
163#else 180#else
164# define TEST_SERVER_CERT "../apps/server.pem" 181# define TEST_SERVER_CERT "../apps/server.pem"
165# define TEST_CLIENT_CERT "../apps/client.pem" 182# define TEST_CLIENT_CERT "../apps/client.pem"
@@ -167,8 +184,8 @@
167 184
168/* There is really no standard for this, so let's assign some tentative 185/* There is really no standard for this, so let's assign some tentative
169 numbers. In any case, these numbers are only for this test */ 186 numbers. In any case, these numbers are only for this test */
170#define COMP_RLE 1 187#define COMP_RLE 255
171#define COMP_ZLIB 2 188#define COMP_ZLIB 1
172 189
173static int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx); 190static int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx);
174#ifndef OPENSSL_NO_RSA 191#ifndef OPENSSL_NO_RSA
@@ -209,13 +226,11 @@ static const char rnd_seed[] = "string to make the random number generator think
209 226
210int doit_biopair(SSL *s_ssl,SSL *c_ssl,long bytes,clock_t *s_time,clock_t *c_time); 227int doit_biopair(SSL *s_ssl,SSL *c_ssl,long bytes,clock_t *s_time,clock_t *c_time);
211int doit(SSL *s_ssl,SSL *c_ssl,long bytes); 228int doit(SSL *s_ssl,SSL *c_ssl,long bytes);
229static int do_test_cipherlist(void);
212static void sv_usage(void) 230static void sv_usage(void)
213 { 231 {
214 fprintf(stderr,"usage: ssltest [args ...]\n"); 232 fprintf(stderr,"usage: ssltest [args ...]\n");
215 fprintf(stderr,"\n"); 233 fprintf(stderr,"\n");
216#ifdef OPENSSL_FIPS
217 fprintf(stderr,"-F - run test in FIPS mode\n");
218#endif
219 fprintf(stderr," -server_auth - check server certificate\n"); 234 fprintf(stderr," -server_auth - check server certificate\n");
220 fprintf(stderr," -client_auth - do client authentication\n"); 235 fprintf(stderr," -client_auth - do client authentication\n");
221 fprintf(stderr," -proxy - allow proxy certificates\n"); 236 fprintf(stderr," -proxy - allow proxy certificates\n");
@@ -231,6 +246,9 @@ static void sv_usage(void)
231 fprintf(stderr," -dhe1024dsa - use 1024 bit key (with 160-bit subprime) for DHE\n"); 246 fprintf(stderr," -dhe1024dsa - use 1024 bit key (with 160-bit subprime) for DHE\n");
232 fprintf(stderr," -no_dhe - disable DHE\n"); 247 fprintf(stderr," -no_dhe - disable DHE\n");
233#endif 248#endif
249#ifndef OPENSSL_NO_ECDH
250 fprintf(stderr," -no_ecdhe - disable ECDHE\n");
251#endif
234#ifndef OPENSSL_NO_SSL2 252#ifndef OPENSSL_NO_SSL2
235 fprintf(stderr," -ssl2 - use SSLv2\n"); 253 fprintf(stderr," -ssl2 - use SSLv2\n");
236#endif 254#endif
@@ -251,7 +269,13 @@ static void sv_usage(void)
251 fprintf(stderr," -f - Test even cases that can't work\n"); 269 fprintf(stderr," -f - Test even cases that can't work\n");
252 fprintf(stderr," -time - measure processor time used by client and server\n"); 270 fprintf(stderr," -time - measure processor time used by client and server\n");
253 fprintf(stderr," -zlib - use zlib compression\n"); 271 fprintf(stderr," -zlib - use zlib compression\n");
254 fprintf(stderr," -time - use rle compression\n"); 272 fprintf(stderr," -rle - use rle compression\n");
273#ifndef OPENSSL_NO_ECDH
274 fprintf(stderr," -named_curve arg - Elliptic curve name to use for ephemeral ECDH keys.\n" \
275 " Use \"openssl ecparam -list_curves\" for all names\n" \
276 " (default is sect163r2).\n");
277#endif
278 fprintf(stderr," -test_cipherlist - verifies the order of the ssl cipher lists\n");
255 } 279 }
256 280
257static void print_details(SSL *c_ssl, const char *prefix) 281static void print_details(SSL *c_ssl, const char *prefix)
@@ -361,6 +385,7 @@ static void lock_dbg_cb(int mode, int type, const char *file, int line)
361 } 385 }
362 } 386 }
363 387
388
364int main(int argc, char *argv[]) 389int main(int argc, char *argv[])
365 { 390 {
366 char *CApath=NULL,*CAfile=NULL; 391 char *CApath=NULL,*CAfile=NULL;
@@ -376,24 +401,32 @@ int main(int argc, char *argv[])
376 char *server_key=NULL; 401 char *server_key=NULL;
377 char *client_cert=TEST_CLIENT_CERT; 402 char *client_cert=TEST_CLIENT_CERT;
378 char *client_key=NULL; 403 char *client_key=NULL;
404#ifndef OPENSSL_NO_ECDH
405 char *named_curve = NULL;
406#endif
379 SSL_CTX *s_ctx=NULL; 407 SSL_CTX *s_ctx=NULL;
380 SSL_CTX *c_ctx=NULL; 408 SSL_CTX *c_ctx=NULL;
381 SSL_METHOD *meth=NULL; 409 SSL_METHOD *meth=NULL;
382 SSL *c_ssl,*s_ssl; 410 SSL *c_ssl,*s_ssl;
383 int number=1,reuse=0; 411 int number=1,reuse=0;
384 long bytes=1L; 412 long bytes=256L;
385#ifndef OPENSSL_NO_DH 413#ifndef OPENSSL_NO_DH
386 DH *dh; 414 DH *dh;
387 int dhe1024 = 0, dhe1024dsa = 0; 415 int dhe1024 = 0, dhe1024dsa = 0;
388#endif 416#endif
417#ifndef OPENSSL_NO_ECDH
418 EC_KEY *ecdh = NULL;
419#endif
389 int no_dhe = 0; 420 int no_dhe = 0;
421 int no_ecdhe = 0;
390 int print_time = 0; 422 int print_time = 0;
391 clock_t s_time = 0, c_time = 0; 423 clock_t s_time = 0, c_time = 0;
392 int comp = 0; 424 int comp = 0;
425#ifndef OPENSSL_NO_COMP
393 COMP_METHOD *cm = NULL; 426 COMP_METHOD *cm = NULL;
394#ifdef OPENSSL_FIPS
395 int fips_mode=0;
396#endif 427#endif
428 STACK_OF(SSL_COMP) *ssl_comp_methods = NULL;
429 int test_cipherlist = 0;
397 430
398 verbose = 0; 431 verbose = 0;
399 debug = 0; 432 debug = 0;
@@ -425,16 +458,7 @@ int main(int argc, char *argv[])
425 458
426 while (argc >= 1) 459 while (argc >= 1)
427 { 460 {
428 if(!strcmp(*argv,"-F")) 461 if (strcmp(*argv,"-server_auth") == 0)
429 {
430#ifdef OPENSSL_FIPS
431 fips_mode=1;
432#else
433 fprintf(stderr,"not compiled with FIPS support, so exitting without running.\n");
434 EXIT(0);
435#endif
436 }
437 else if (strcmp(*argv,"-server_auth") == 0)
438 server_auth=1; 462 server_auth=1;
439 else if (strcmp(*argv,"-client_auth") == 0) 463 else if (strcmp(*argv,"-client_auth") == 0)
440 client_auth=1; 464 client_auth=1;
@@ -472,6 +496,8 @@ int main(int argc, char *argv[])
472 } 496 }
473 else if (strcmp(*argv,"-no_dhe") == 0) 497 else if (strcmp(*argv,"-no_dhe") == 0)
474 no_dhe=1; 498 no_dhe=1;
499 else if (strcmp(*argv,"-no_ecdhe") == 0)
500 no_ecdhe=1;
475 else if (strcmp(*argv,"-ssl2") == 0) 501 else if (strcmp(*argv,"-ssl2") == 0)
476 ssl2=1; 502 ssl2=1;
477 else if (strcmp(*argv,"-tls1") == 0) 503 else if (strcmp(*argv,"-tls1") == 0)
@@ -558,6 +584,16 @@ int main(int argc, char *argv[])
558 { 584 {
559 comp = COMP_RLE; 585 comp = COMP_RLE;
560 } 586 }
587 else if (strcmp(*argv,"-named_curve") == 0)
588 {
589 if (--argc < 1) goto bad;
590#ifndef OPENSSL_NO_ECDH
591 named_curve = *(++argv);
592#else
593 fprintf(stderr,"ignoring -named_curve, since I'm compiled without ECDH\n");
594 ++argv;
595#endif
596 }
561 else if (strcmp(*argv,"-app_verify") == 0) 597 else if (strcmp(*argv,"-app_verify") == 0)
562 { 598 {
563 app_verify_arg.app_verify = 1; 599 app_verify_arg.app_verify = 1;
@@ -566,6 +602,10 @@ int main(int argc, char *argv[])
566 { 602 {
567 app_verify_arg.allow_proxy_certs = 1; 603 app_verify_arg.allow_proxy_certs = 1;
568 } 604 }
605 else if (strcmp(*argv,"-test_cipherlist") == 0)
606 {
607 test_cipherlist = 1;
608 }
569 else 609 else
570 { 610 {
571 fprintf(stderr,"unknown option %s\n",*argv); 611 fprintf(stderr,"unknown option %s\n",*argv);
@@ -582,6 +622,14 @@ bad:
582 goto end; 622 goto end;
583 } 623 }
584 624
625 if (test_cipherlist == 1)
626 {
627 /* ensure that the cipher list are correctly sorted and exit */
628 if (do_test_cipherlist() == 0)
629 EXIT(1);
630 ret = 0;
631 goto end;
632 }
585 633
586 if (!ssl2 && !ssl3 && !tls1 && number > 1 && !reuse && !force) 634 if (!ssl2 && !ssl3 && !tls1 && number > 1 && !reuse && !force)
587 { 635 {
@@ -592,20 +640,6 @@ bad:
592 EXIT(1); 640 EXIT(1);
593 } 641 }
594 642
595#ifdef OPENSSL_FIPS
596 if(fips_mode)
597 {
598 if(!FIPS_mode_set(1))
599 {
600 ERR_load_crypto_strings();
601 ERR_print_errors(BIO_new_fp(stderr,BIO_NOCLOSE));
602 EXIT(1);
603 }
604 else
605 fprintf(stderr,"*** IN FIPS MODE ***\n");
606 }
607#endif
608
609 if (print_time) 643 if (print_time)
610 { 644 {
611 if (!bio_pair) 645 if (!bio_pair)
@@ -622,6 +656,7 @@ bad:
622 SSL_library_init(); 656 SSL_library_init();
623 SSL_load_error_strings(); 657 SSL_load_error_strings();
624 658
659#ifndef OPENSSL_NO_COMP
625 if (comp == COMP_ZLIB) cm = COMP_zlib(); 660 if (comp == COMP_ZLIB) cm = COMP_zlib();
626 if (comp == COMP_RLE) cm = COMP_rle(); 661 if (comp == COMP_RLE) cm = COMP_rle();
627 if (cm != NULL) 662 if (cm != NULL)
@@ -645,6 +680,20 @@ bad:
645 ERR_print_errors_fp(stderr); 680 ERR_print_errors_fp(stderr);
646 } 681 }
647 } 682 }
683 ssl_comp_methods = SSL_COMP_get_compression_methods();
684 fprintf(stderr, "Available compression methods:\n");
685 {
686 int j, n = sk_SSL_COMP_num(ssl_comp_methods);
687 if (n == 0)
688 fprintf(stderr, " NONE\n");
689 else
690 for (j = 0; j < n; j++)
691 {
692 SSL_COMP *c = sk_SSL_COMP_value(ssl_comp_methods, j);
693 fprintf(stderr, " %d: %s\n", c->id, c->name);
694 }
695 }
696#endif
648 697
649#if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3) 698#if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3)
650 if (ssl2) 699 if (ssl2)
@@ -699,6 +748,38 @@ bad:
699 (void)no_dhe; 748 (void)no_dhe;
700#endif 749#endif
701 750
751#ifndef OPENSSL_NO_ECDH
752 if (!no_ecdhe)
753 {
754 int nid;
755
756 if (named_curve != NULL)
757 {
758 nid = OBJ_sn2nid(named_curve);
759 if (nid == 0)
760 {
761 BIO_printf(bio_err, "unknown curve name (%s)\n", named_curve);
762 goto end;
763 }
764 }
765 else
766 nid = NID_sect163r2;
767
768 ecdh = EC_KEY_new_by_curve_name(nid);
769 if (ecdh == NULL)
770 {
771 BIO_printf(bio_err, "unable to create curve\n");
772 goto end;
773 }
774
775 SSL_CTX_set_tmp_ecdh(s_ctx, ecdh);
776 SSL_CTX_set_options(s_ctx, SSL_OP_SINGLE_ECDH_USE);
777 EC_KEY_free(ecdh);
778 }
779#else
780 (void)no_ecdhe;
781#endif
782
702#ifndef OPENSSL_NO_RSA 783#ifndef OPENSSL_NO_RSA
703 SSL_CTX_set_tmp_rsa_callback(s_ctx,tmp_rsa_cb); 784 SSL_CTX_set_tmp_rsa_callback(s_ctx,tmp_rsa_cb);
704#endif 785#endif
@@ -835,6 +916,7 @@ end:
835 CRYPTO_mem_leaks(bio_err); 916 CRYPTO_mem_leaks(bio_err);
836 if (bio_err != NULL) BIO_free(bio_err); 917 if (bio_err != NULL) BIO_free(bio_err);
837 EXIT(ret); 918 EXIT(ret);
919 return ret;
838 } 920 }
839 921
840int doit_biopair(SSL *s_ssl, SSL *c_ssl, long count, 922int doit_biopair(SSL *s_ssl, SSL *c_ssl, long count,
@@ -1325,8 +1407,8 @@ int doit(SSL *s_ssl, SSL *c_ssl, long count)
1325 { 1407 {
1326 if (c_write) 1408 if (c_write)
1327 { 1409 {
1328 j=(cw_num > (long)sizeof(cbuf)) 1410 j = (cw_num > (long)sizeof(cbuf)) ?
1329 ?sizeof(cbuf):(int)cw_num; 1411 (int)sizeof(cbuf) : (int)cw_num;
1330 i=BIO_write(c_bio,cbuf,j); 1412 i=BIO_write(c_bio,cbuf,j);
1331 if (i < 0) 1413 if (i < 0)
1332 { 1414 {
@@ -1456,8 +1538,8 @@ int doit(SSL *s_ssl, SSL *c_ssl, long count)
1456 } 1538 }
1457 else 1539 else
1458 { 1540 {
1459 j=(sw_num > (long)sizeof(sbuf))? 1541 j = (sw_num > (long)sizeof(sbuf)) ?
1460 sizeof(sbuf):(int)sw_num; 1542 (int)sizeof(sbuf) : (int)sw_num;
1461 i=BIO_write(s_bio,sbuf,j); 1543 i=BIO_write(s_bio,sbuf,j);
1462 if (i < 0) 1544 if (i < 0)
1463 { 1545 {
@@ -1644,7 +1726,7 @@ static int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx)
1644 fprintf(stderr, " Certificate proxy rights = %*.*s", i, i, s); 1726 fprintf(stderr, " Certificate proxy rights = %*.*s", i, i, s);
1645 while(i-- > 0) 1727 while(i-- > 0)
1646 { 1728 {
1647 char c = *s++; 1729 int c = *s++;
1648 if (isascii(c) && isalpha(c)) 1730 if (isascii(c) && isalpha(c))
1649 { 1731 {
1650 if (islower(c)) 1732 if (islower(c))
@@ -1705,11 +1787,11 @@ static int process_proxy_cond_adders(unsigned int letters[26],
1705static int process_proxy_cond_val(unsigned int letters[26], 1787static int process_proxy_cond_val(unsigned int letters[26],
1706 const char *cond, const char **cond_end, int *pos, int indent) 1788 const char *cond, const char **cond_end, int *pos, int indent)
1707 { 1789 {
1708 char c; 1790 int c;
1709 int ok = 1; 1791 int ok = 1;
1710 int negate = 0; 1792 int negate = 0;
1711 1793
1712 while(isspace(*cond)) 1794 while(isspace((int)*cond))
1713 { 1795 {
1714 cond++; (*pos)++; 1796 cond++; (*pos)++;
1715 } 1797 }
@@ -1724,7 +1806,7 @@ static int process_proxy_cond_val(unsigned int letters[26],
1724 { 1806 {
1725 negate = !negate; 1807 negate = !negate;
1726 cond++; (*pos)++; 1808 cond++; (*pos)++;
1727 while(isspace(*cond)) 1809 while(isspace((int)*cond))
1728 { 1810 {
1729 cond++; (*pos)++; 1811 cond++; (*pos)++;
1730 } 1812 }
@@ -1739,7 +1821,7 @@ static int process_proxy_cond_val(unsigned int letters[26],
1739 cond = *cond_end; 1821 cond = *cond_end;
1740 if (ok < 0) 1822 if (ok < 0)
1741 goto end; 1823 goto end;
1742 while(isspace(*cond)) 1824 while(isspace((int)*cond))
1743 { 1825 {
1744 cond++; (*pos)++; 1826 cond++; (*pos)++;
1745 } 1827 }
@@ -1799,7 +1881,7 @@ static int process_proxy_cond_multipliers(unsigned int letters[26],
1799 1881
1800 while(ok >= 0) 1882 while(ok >= 0)
1801 { 1883 {
1802 while(isspace(*cond)) 1884 while(isspace((int)*cond))
1803 { 1885 {
1804 cond++; (*pos)++; 1886 cond++; (*pos)++;
1805 } 1887 }
@@ -1866,7 +1948,7 @@ static int process_proxy_cond_adders(unsigned int letters[26],
1866 1948
1867 while(ok >= 0) 1949 while(ok >= 0)
1868 { 1950 {
1869 while(isspace(*cond)) 1951 while(isspace((int)*cond))
1870 { 1952 {
1871 cond++; (*pos)++; 1953 cond++; (*pos)++;
1872 } 1954 }
@@ -1949,7 +2031,7 @@ static int MS_CALLBACK app_verify_callback(X509_STORE_CTX *ctx, void *arg)
1949 letters[i] = 0; 2031 letters[i] = 0;
1950 for(sp = cb_arg->proxy_auth; *sp; sp++) 2032 for(sp = cb_arg->proxy_auth; *sp; sp++)
1951 { 2033 {
1952 char c = *sp; 2034 int c = *sp;
1953 if (isascii(c) && isalpha(c)) 2035 if (isascii(c) && isalpha(c))
1954 { 2036 {
1955 if (islower(c)) 2037 if (islower(c))
@@ -1979,7 +2061,15 @@ static int MS_CALLBACK app_verify_callback(X509_STORE_CTX *ctx, void *arg)
1979 } 2061 }
1980 2062
1981#ifndef OPENSSL_NO_X509_VERIFY 2063#ifndef OPENSSL_NO_X509_VERIFY
2064# ifdef OPENSSL_FIPS
2065 if(s->version == TLS1_VERSION)
2066 FIPS_allow_md5(1);
2067# endif
1982 ok = X509_verify_cert(ctx); 2068 ok = X509_verify_cert(ctx);
2069# ifdef OPENSSL_FIPS
2070 if(s->version == TLS1_VERSION)
2071 FIPS_allow_md5(0);
2072# endif
1983#endif 2073#endif
1984 2074
1985 if (cb_arg->proxy_auth) 2075 if (cb_arg->proxy_auth)
@@ -2014,14 +2104,29 @@ static RSA *rsa_tmp=NULL;
2014 2104
2015static RSA MS_CALLBACK *tmp_rsa_cb(SSL *s, int is_export, int keylength) 2105static RSA MS_CALLBACK *tmp_rsa_cb(SSL *s, int is_export, int keylength)
2016 { 2106 {
2107 BIGNUM *bn = NULL;
2017 if (rsa_tmp == NULL) 2108 if (rsa_tmp == NULL)
2018 { 2109 {
2110 bn = BN_new();
2111 rsa_tmp = RSA_new();
2112 if(!bn || !rsa_tmp || !BN_set_word(bn, RSA_F4))
2113 {
2114 BIO_printf(bio_err, "Memory error...");
2115 goto end;
2116 }
2019 BIO_printf(bio_err,"Generating temp (%d bit) RSA key...",keylength); 2117 BIO_printf(bio_err,"Generating temp (%d bit) RSA key...",keylength);
2020 (void)BIO_flush(bio_err); 2118 (void)BIO_flush(bio_err);
2021 rsa_tmp=RSA_generate_key(keylength,RSA_F4,NULL,NULL); 2119 if(!RSA_generate_key_ex(rsa_tmp,keylength,bn,NULL))
2120 {
2121 BIO_printf(bio_err, "Error generating key.");
2122 RSA_free(rsa_tmp);
2123 rsa_tmp = NULL;
2124 }
2125end:
2022 BIO_printf(bio_err,"\n"); 2126 BIO_printf(bio_err,"\n");
2023 (void)BIO_flush(bio_err); 2127 (void)BIO_flush(bio_err);
2024 } 2128 }
2129 if(bn) BN_free(bn);
2025 return(rsa_tmp); 2130 return(rsa_tmp);
2026 } 2131 }
2027 2132
@@ -2132,3 +2237,60 @@ static DH *get_dh1024dsa()
2132 return(dh); 2237 return(dh);
2133 } 2238 }
2134#endif 2239#endif
2240
2241static int do_test_cipherlist(void)
2242 {
2243 int i = 0;
2244 const SSL_METHOD *meth;
2245 SSL_CIPHER *ci, *tci = NULL;
2246
2247#ifndef OPENSSL_NO_SSL2
2248 fprintf(stderr, "testing SSLv2 cipher list order: ");
2249 meth = SSLv2_method();
2250 while ((ci = meth->get_cipher(i++)) != NULL)
2251 {
2252 if (tci != NULL)
2253 if (ci->id >= tci->id)
2254 {
2255 fprintf(stderr, "failed %lx vs. %lx\n", ci->id, tci->id);
2256 return 0;
2257 }
2258 tci = ci;
2259 }
2260 fprintf(stderr, "ok\n");
2261#endif
2262#ifndef OPENSSL_NO_SSL3
2263 fprintf(stderr, "testing SSLv3 cipher list order: ");
2264 meth = SSLv3_method();
2265 tci = NULL;
2266 while ((ci = meth->get_cipher(i++)) != NULL)
2267 {
2268 if (tci != NULL)
2269 if (ci->id >= tci->id)
2270 {
2271 fprintf(stderr, "failed %lx vs. %lx\n", ci->id, tci->id);
2272 return 0;
2273 }
2274 tci = ci;
2275 }
2276 fprintf(stderr, "ok\n");
2277#endif
2278#ifndef OPENSSL_NO_TLS1
2279 fprintf(stderr, "testing TLSv1 cipher list order: ");
2280 meth = TLSv1_method();
2281 tci = NULL;
2282 while ((ci = meth->get_cipher(i++)) != NULL)
2283 {
2284 if (tci != NULL)
2285 if (ci->id >= tci->id)
2286 {
2287 fprintf(stderr, "failed %lx vs. %lx\n", ci->id, tci->id);
2288 return 0;
2289 }
2290 tci = ci;
2291 }
2292 fprintf(stderr, "ok\n");
2293#endif
2294
2295 return 1;
2296 }
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-10-24 00:37:27 +0000