summaryrefslogtreecommitdiff
path: root/src/lib/libssl/src/ssl/ssltest.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libssl/src/ssl/ssltest.c')
-rw-r--r--src/lib/libssl/src/ssl/ssltest.c258
1 files changed, 49 insertions, 209 deletions
diff --git a/src/lib/libssl/src/ssl/ssltest.c b/src/lib/libssl/src/ssl/ssltest.c
index 517657c024..9381c435d5 100644
--- a/src/lib/libssl/src/ssl/ssltest.c
+++ b/src/lib/libssl/src/ssl/ssltest.c
@@ -108,11 +108,6 @@
108 * Hudson (tjh@cryptsoft.com). 108 * Hudson (tjh@cryptsoft.com).
109 * 109 *
110 */ 110 */
111/* ====================================================================
112 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
113 * ECC cipher suite support in OpenSSL originally developed by
114 * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
115 */
116 111
117#define _BSD_SOURCE 1 /* Or gethostname won't be declared properly 112#define _BSD_SOURCE 1 /* Or gethostname won't be declared properly
118 on Linux and GNU platforms. */ 113 on Linux and GNU platforms. */
@@ -124,6 +119,8 @@
124#include <stdlib.h> 119#include <stdlib.h>
125#include <string.h> 120#include <string.h>
126#include <time.h> 121#include <time.h>
122#include <inttypes.h>
123#include <ctype.h>
127 124
128#define USE_SOCKETS 125#define USE_SOCKETS
129#include "e_os.h" 126#include "e_os.h"
@@ -143,16 +140,7 @@
143#endif 140#endif
144#include <openssl/err.h> 141#include <openssl/err.h>
145#include <openssl/rand.h> 142#include <openssl/rand.h>
146#ifndef OPENSSL_NO_RSA 143#include <openssl/fips.h>
147#include <openssl/rsa.h>
148#endif
149#ifndef OPENSSL_NO_DSA
150#include <openssl/dsa.h>
151#endif
152#ifndef OPENSSL_NO_DH
153#include <openssl/dh.h>
154#endif
155#include <openssl/bn.h>
156 144
157#define _XOPEN_SOURCE_EXTENDED 1 /* Or gethostname won't be declared properly 145#define _XOPEN_SOURCE_EXTENDED 1 /* Or gethostname won't be declared properly
158 on Compaq platforms (at least with DEC C). 146 on Compaq platforms (at least with DEC C).
@@ -172,9 +160,6 @@
172#elif defined(OPENSSL_SYS_WINCE) 160#elif defined(OPENSSL_SYS_WINCE)
173# define TEST_SERVER_CERT "\\OpenSSL\\server.pem" 161# define TEST_SERVER_CERT "\\OpenSSL\\server.pem"
174# define TEST_CLIENT_CERT "\\OpenSSL\\client.pem" 162# define TEST_CLIENT_CERT "\\OpenSSL\\client.pem"
175#elif defined(OPENSSL_SYS_NETWARE)
176# define TEST_SERVER_CERT "\\openssl\\apps\\server.pem"
177# define TEST_CLIENT_CERT "\\openssl\\apps\\client.pem"
178#else 163#else
179# define TEST_SERVER_CERT "../apps/server.pem" 164# define TEST_SERVER_CERT "../apps/server.pem"
180# define TEST_CLIENT_CERT "../apps/client.pem" 165# define TEST_CLIENT_CERT "../apps/client.pem"
@@ -182,8 +167,8 @@
182 167
183/* There is really no standard for this, so let's assign some tentative 168/* There is really no standard for this, so let's assign some tentative
184 numbers. In any case, these numbers are only for this test */ 169 numbers. In any case, these numbers are only for this test */
185#define COMP_RLE 255 170#define COMP_RLE 1
186#define COMP_ZLIB 1 171#define COMP_ZLIB 2
187 172
188static int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx); 173static int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx);
189#ifndef OPENSSL_NO_RSA 174#ifndef OPENSSL_NO_RSA
@@ -224,11 +209,13 @@ static const char rnd_seed[] = "string to make the random number generator think
224 209
225int doit_biopair(SSL *s_ssl,SSL *c_ssl,long bytes,clock_t *s_time,clock_t *c_time); 210int doit_biopair(SSL *s_ssl,SSL *c_ssl,long bytes,clock_t *s_time,clock_t *c_time);
226int doit(SSL *s_ssl,SSL *c_ssl,long bytes); 211int doit(SSL *s_ssl,SSL *c_ssl,long bytes);
227static int do_test_cipherlist(void);
228static void sv_usage(void) 212static void sv_usage(void)
229 { 213 {
230 fprintf(stderr,"usage: ssltest [args ...]\n"); 214 fprintf(stderr,"usage: ssltest [args ...]\n");
231 fprintf(stderr,"\n"); 215 fprintf(stderr,"\n");
216#ifdef OPENSSL_FIPS
217 fprintf(stderr,"-F - run test in FIPS mode\n");
218#endif
232 fprintf(stderr," -server_auth - check server certificate\n"); 219 fprintf(stderr," -server_auth - check server certificate\n");
233 fprintf(stderr," -client_auth - do client authentication\n"); 220 fprintf(stderr," -client_auth - do client authentication\n");
234 fprintf(stderr," -proxy - allow proxy certificates\n"); 221 fprintf(stderr," -proxy - allow proxy certificates\n");
@@ -244,9 +231,6 @@ static void sv_usage(void)
244 fprintf(stderr," -dhe1024dsa - use 1024 bit key (with 160-bit subprime) for DHE\n"); 231 fprintf(stderr," -dhe1024dsa - use 1024 bit key (with 160-bit subprime) for DHE\n");
245 fprintf(stderr," -no_dhe - disable DHE\n"); 232 fprintf(stderr," -no_dhe - disable DHE\n");
246#endif 233#endif
247#ifndef OPENSSL_NO_ECDH
248 fprintf(stderr," -no_ecdhe - disable ECDHE\n");
249#endif
250#ifndef OPENSSL_NO_SSL2 234#ifndef OPENSSL_NO_SSL2
251 fprintf(stderr," -ssl2 - use SSLv2\n"); 235 fprintf(stderr," -ssl2 - use SSLv2\n");
252#endif 236#endif
@@ -267,13 +251,7 @@ static void sv_usage(void)
267 fprintf(stderr," -f - Test even cases that can't work\n"); 251 fprintf(stderr," -f - Test even cases that can't work\n");
268 fprintf(stderr," -time - measure processor time used by client and server\n"); 252 fprintf(stderr," -time - measure processor time used by client and server\n");
269 fprintf(stderr," -zlib - use zlib compression\n"); 253 fprintf(stderr," -zlib - use zlib compression\n");
270 fprintf(stderr," -rle - use rle compression\n"); 254 fprintf(stderr," -time - use rle compression\n");
271#ifndef OPENSSL_NO_ECDH
272 fprintf(stderr," -named_curve arg - Elliptic curve name to use for ephemeral ECDH keys.\n" \
273 " Use \"openssl ecparam -list_curves\" for all names\n" \
274 " (default is sect163r2).\n");
275#endif
276 fprintf(stderr," -test_cipherlist - verifies the order of the ssl cipher lists\n");
277 } 255 }
278 256
279static void print_details(SSL *c_ssl, const char *prefix) 257static void print_details(SSL *c_ssl, const char *prefix)
@@ -383,7 +361,6 @@ static void lock_dbg_cb(int mode, int type, const char *file, int line)
383 } 361 }
384 } 362 }
385 363
386
387int main(int argc, char *argv[]) 364int main(int argc, char *argv[])
388 { 365 {
389 char *CApath=NULL,*CAfile=NULL; 366 char *CApath=NULL,*CAfile=NULL;
@@ -399,32 +376,24 @@ int main(int argc, char *argv[])
399 char *server_key=NULL; 376 char *server_key=NULL;
400 char *client_cert=TEST_CLIENT_CERT; 377 char *client_cert=TEST_CLIENT_CERT;
401 char *client_key=NULL; 378 char *client_key=NULL;
402#ifndef OPENSSL_NO_ECDH
403 char *named_curve = NULL;
404#endif
405 SSL_CTX *s_ctx=NULL; 379 SSL_CTX *s_ctx=NULL;
406 SSL_CTX *c_ctx=NULL; 380 SSL_CTX *c_ctx=NULL;
407 SSL_METHOD *meth=NULL; 381 SSL_METHOD *meth=NULL;
408 SSL *c_ssl,*s_ssl; 382 SSL *c_ssl,*s_ssl;
409 int number=1,reuse=0; 383 int number=1,reuse=0;
410 long bytes=256L; 384 long bytes=1L;
411#ifndef OPENSSL_NO_DH 385#ifndef OPENSSL_NO_DH
412 DH *dh; 386 DH *dh;
413 int dhe1024 = 0, dhe1024dsa = 0; 387 int dhe1024 = 0, dhe1024dsa = 0;
414#endif 388#endif
415#ifndef OPENSSL_NO_ECDH
416 EC_KEY *ecdh = NULL;
417#endif
418 int no_dhe = 0; 389 int no_dhe = 0;
419 int no_ecdhe = 0;
420 int print_time = 0; 390 int print_time = 0;
421 clock_t s_time = 0, c_time = 0; 391 clock_t s_time = 0, c_time = 0;
422 int comp = 0; 392 int comp = 0;
423#ifndef OPENSSL_NO_COMP
424 COMP_METHOD *cm = NULL; 393 COMP_METHOD *cm = NULL;
394#ifdef OPENSSL_FIPS
395 int fips_mode=0;
425#endif 396#endif
426 STACK_OF(SSL_COMP) *ssl_comp_methods = NULL;
427 int test_cipherlist = 0;
428 397
429 verbose = 0; 398 verbose = 0;
430 debug = 0; 399 debug = 0;
@@ -456,7 +425,16 @@ int main(int argc, char *argv[])
456 425
457 while (argc >= 1) 426 while (argc >= 1)
458 { 427 {
459 if (strcmp(*argv,"-server_auth") == 0) 428 if(!strcmp(*argv,"-F"))
429 {
430#ifdef OPENSSL_FIPS
431 fips_mode=1;
432#else
433 fprintf(stderr,"not compiled with FIPS support, so exitting without running.\n");
434 EXIT(0);
435#endif
436 }
437 else if (strcmp(*argv,"-server_auth") == 0)
460 server_auth=1; 438 server_auth=1;
461 else if (strcmp(*argv,"-client_auth") == 0) 439 else if (strcmp(*argv,"-client_auth") == 0)
462 client_auth=1; 440 client_auth=1;
@@ -494,8 +472,6 @@ int main(int argc, char *argv[])
494 } 472 }
495 else if (strcmp(*argv,"-no_dhe") == 0) 473 else if (strcmp(*argv,"-no_dhe") == 0)
496 no_dhe=1; 474 no_dhe=1;
497 else if (strcmp(*argv,"-no_ecdhe") == 0)
498 no_ecdhe=1;
499 else if (strcmp(*argv,"-ssl2") == 0) 475 else if (strcmp(*argv,"-ssl2") == 0)
500 ssl2=1; 476 ssl2=1;
501 else if (strcmp(*argv,"-tls1") == 0) 477 else if (strcmp(*argv,"-tls1") == 0)
@@ -582,16 +558,6 @@ int main(int argc, char *argv[])
582 { 558 {
583 comp = COMP_RLE; 559 comp = COMP_RLE;
584 } 560 }
585 else if (strcmp(*argv,"-named_curve") == 0)
586 {
587 if (--argc < 1) goto bad;
588#ifndef OPENSSL_NO_ECDH
589 named_curve = *(++argv);
590#else
591 fprintf(stderr,"ignoring -named_curve, since I'm compiled without ECDH\n");
592 ++argv;
593#endif
594 }
595 else if (strcmp(*argv,"-app_verify") == 0) 561 else if (strcmp(*argv,"-app_verify") == 0)
596 { 562 {
597 app_verify_arg.app_verify = 1; 563 app_verify_arg.app_verify = 1;
@@ -600,10 +566,6 @@ int main(int argc, char *argv[])
600 { 566 {
601 app_verify_arg.allow_proxy_certs = 1; 567 app_verify_arg.allow_proxy_certs = 1;
602 } 568 }
603 else if (strcmp(*argv,"-test_cipherlist") == 0)
604 {
605 test_cipherlist = 1;
606 }
607 else 569 else
608 { 570 {
609 fprintf(stderr,"unknown option %s\n",*argv); 571 fprintf(stderr,"unknown option %s\n",*argv);
@@ -620,14 +582,6 @@ bad:
620 goto end; 582 goto end;
621 } 583 }
622 584
623 if (test_cipherlist == 1)
624 {
625 /* ensure that the cipher list are correctly sorted and exit */
626 if (do_test_cipherlist() == 0)
627 EXIT(1);
628 ret = 0;
629 goto end;
630 }
631 585
632 if (!ssl2 && !ssl3 && !tls1 && number > 1 && !reuse && !force) 586 if (!ssl2 && !ssl3 && !tls1 && number > 1 && !reuse && !force)
633 { 587 {
@@ -638,6 +592,20 @@ bad:
638 EXIT(1); 592 EXIT(1);
639 } 593 }
640 594
595#ifdef OPENSSL_FIPS
596 if(fips_mode)
597 {
598 if(!FIPS_mode_set(1))
599 {
600 ERR_load_crypto_strings();
601 ERR_print_errors(BIO_new_fp(stderr,BIO_NOCLOSE));
602 EXIT(1);
603 }
604 else
605 fprintf(stderr,"*** IN FIPS MODE ***\n");
606 }
607#endif
608
641 if (print_time) 609 if (print_time)
642 { 610 {
643 if (!bio_pair) 611 if (!bio_pair)
@@ -654,7 +622,6 @@ bad:
654 SSL_library_init(); 622 SSL_library_init();
655 SSL_load_error_strings(); 623 SSL_load_error_strings();
656 624
657#ifndef OPENSSL_NO_COMP
658 if (comp == COMP_ZLIB) cm = COMP_zlib(); 625 if (comp == COMP_ZLIB) cm = COMP_zlib();
659 if (comp == COMP_RLE) cm = COMP_rle(); 626 if (comp == COMP_RLE) cm = COMP_rle();
660 if (cm != NULL) 627 if (cm != NULL)
@@ -678,20 +645,6 @@ bad:
678 ERR_print_errors_fp(stderr); 645 ERR_print_errors_fp(stderr);
679 } 646 }
680 } 647 }
681 ssl_comp_methods = SSL_COMP_get_compression_methods();
682 fprintf(stderr, "Available compression methods:\n");
683 {
684 int j, n = sk_SSL_COMP_num(ssl_comp_methods);
685 if (n == 0)
686 fprintf(stderr, " NONE\n");
687 else
688 for (j = 0; j < n; j++)
689 {
690 SSL_COMP *c = sk_SSL_COMP_value(ssl_comp_methods, j);
691 fprintf(stderr, " %d: %s\n", c->id, c->name);
692 }
693 }
694#endif
695 648
696#if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3) 649#if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3)
697 if (ssl2) 650 if (ssl2)
@@ -746,38 +699,6 @@ bad:
746 (void)no_dhe; 699 (void)no_dhe;
747#endif 700#endif
748 701
749#ifndef OPENSSL_NO_ECDH
750 if (!no_ecdhe)
751 {
752 int nid;
753
754 if (named_curve != NULL)
755 {
756 nid = OBJ_sn2nid(named_curve);
757 if (nid == 0)
758 {
759 BIO_printf(bio_err, "unknown curve name (%s)\n", named_curve);
760 goto end;
761 }
762 }
763 else
764 nid = NID_sect163r2;
765
766 ecdh = EC_KEY_new_by_curve_name(nid);
767 if (ecdh == NULL)
768 {
769 BIO_printf(bio_err, "unable to create curve\n");
770 goto end;
771 }
772
773 SSL_CTX_set_tmp_ecdh(s_ctx, ecdh);
774 SSL_CTX_set_options(s_ctx, SSL_OP_SINGLE_ECDH_USE);
775 EC_KEY_free(ecdh);
776 }
777#else
778 (void)no_ecdhe;
779#endif
780
781#ifndef OPENSSL_NO_RSA 702#ifndef OPENSSL_NO_RSA
782 SSL_CTX_set_tmp_rsa_callback(s_ctx,tmp_rsa_cb); 703 SSL_CTX_set_tmp_rsa_callback(s_ctx,tmp_rsa_cb);
783#endif 704#endif
@@ -914,7 +835,6 @@ end:
914 CRYPTO_mem_leaks(bio_err); 835 CRYPTO_mem_leaks(bio_err);
915 if (bio_err != NULL) BIO_free(bio_err); 836 if (bio_err != NULL) BIO_free(bio_err);
916 EXIT(ret); 837 EXIT(ret);
917 return ret;
918 } 838 }
919 839
920int doit_biopair(SSL *s_ssl, SSL *c_ssl, long count, 840int doit_biopair(SSL *s_ssl, SSL *c_ssl, long count,
@@ -1405,8 +1325,8 @@ int doit(SSL *s_ssl, SSL *c_ssl, long count)
1405 { 1325 {
1406 if (c_write) 1326 if (c_write)
1407 { 1327 {
1408 j = (cw_num > (long)sizeof(cbuf)) ? 1328 j=(cw_num > (long)sizeof(cbuf))
1409 (int)sizeof(cbuf) : (int)cw_num; 1329 ?sizeof(cbuf):(int)cw_num;
1410 i=BIO_write(c_bio,cbuf,j); 1330 i=BIO_write(c_bio,cbuf,j);
1411 if (i < 0) 1331 if (i < 0)
1412 { 1332 {
@@ -1536,8 +1456,8 @@ int doit(SSL *s_ssl, SSL *c_ssl, long count)
1536 } 1456 }
1537 else 1457 else
1538 { 1458 {
1539 j = (sw_num > (long)sizeof(sbuf)) ? 1459 j=(sw_num > (long)sizeof(sbuf))?
1540 (int)sizeof(sbuf) : (int)sw_num; 1460 sizeof(sbuf):(int)sw_num;
1541 i=BIO_write(s_bio,sbuf,j); 1461 i=BIO_write(s_bio,sbuf,j);
1542 if (i < 0) 1462 if (i < 0)
1543 { 1463 {
@@ -1724,7 +1644,7 @@ static int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx)
1724 fprintf(stderr, " Certificate proxy rights = %*.*s", i, i, s); 1644 fprintf(stderr, " Certificate proxy rights = %*.*s", i, i, s);
1725 while(i-- > 0) 1645 while(i-- > 0)
1726 { 1646 {
1727 int c = *s++; 1647 char c = *s++;
1728 if (isascii(c) && isalpha(c)) 1648 if (isascii(c) && isalpha(c))
1729 { 1649 {
1730 if (islower(c)) 1650 if (islower(c))
@@ -1785,11 +1705,11 @@ static int process_proxy_cond_adders(unsigned int letters[26],
1785static int process_proxy_cond_val(unsigned int letters[26], 1705static int process_proxy_cond_val(unsigned int letters[26],
1786 const char *cond, const char **cond_end, int *pos, int indent) 1706 const char *cond, const char **cond_end, int *pos, int indent)
1787 { 1707 {
1788 int c; 1708 char c;
1789 int ok = 1; 1709 int ok = 1;
1790 int negate = 0; 1710 int negate = 0;
1791 1711
1792 while(isspace((int)*cond)) 1712 while(isspace(*cond))
1793 { 1713 {
1794 cond++; (*pos)++; 1714 cond++; (*pos)++;
1795 } 1715 }
@@ -1804,7 +1724,7 @@ static int process_proxy_cond_val(unsigned int letters[26],
1804 { 1724 {
1805 negate = !negate; 1725 negate = !negate;
1806 cond++; (*pos)++; 1726 cond++; (*pos)++;
1807 while(isspace((int)*cond)) 1727 while(isspace(*cond))
1808 { 1728 {
1809 cond++; (*pos)++; 1729 cond++; (*pos)++;
1810 } 1730 }
@@ -1819,7 +1739,7 @@ static int process_proxy_cond_val(unsigned int letters[26],
1819 cond = *cond_end; 1739 cond = *cond_end;
1820 if (ok < 0) 1740 if (ok < 0)
1821 goto end; 1741 goto end;
1822 while(isspace((int)*cond)) 1742 while(isspace(*cond))
1823 { 1743 {
1824 cond++; (*pos)++; 1744 cond++; (*pos)++;
1825 } 1745 }
@@ -1879,7 +1799,7 @@ static int process_proxy_cond_multipliers(unsigned int letters[26],
1879 1799
1880 while(ok >= 0) 1800 while(ok >= 0)
1881 { 1801 {
1882 while(isspace((int)*cond)) 1802 while(isspace(*cond))
1883 { 1803 {
1884 cond++; (*pos)++; 1804 cond++; (*pos)++;
1885 } 1805 }
@@ -1946,7 +1866,7 @@ static int process_proxy_cond_adders(unsigned int letters[26],
1946 1866
1947 while(ok >= 0) 1867 while(ok >= 0)
1948 { 1868 {
1949 while(isspace((int)*cond)) 1869 while(isspace(*cond))
1950 { 1870 {
1951 cond++; (*pos)++; 1871 cond++; (*pos)++;
1952 } 1872 }
@@ -2029,7 +1949,7 @@ static int MS_CALLBACK app_verify_callback(X509_STORE_CTX *ctx, void *arg)
2029 letters[i] = 0; 1949 letters[i] = 0;
2030 for(sp = cb_arg->proxy_auth; *sp; sp++) 1950 for(sp = cb_arg->proxy_auth; *sp; sp++)
2031 { 1951 {
2032 int c = *sp; 1952 char c = *sp;
2033 if (isascii(c) && isalpha(c)) 1953 if (isascii(c) && isalpha(c))
2034 { 1954 {
2035 if (islower(c)) 1955 if (islower(c))
@@ -2059,15 +1979,7 @@ static int MS_CALLBACK app_verify_callback(X509_STORE_CTX *ctx, void *arg)
2059 } 1979 }
2060 1980
2061#ifndef OPENSSL_NO_X509_VERIFY 1981#ifndef OPENSSL_NO_X509_VERIFY
2062# ifdef OPENSSL_FIPS
2063 if(s->version == TLS1_VERSION)
2064 FIPS_allow_md5(1);
2065# endif
2066 ok = X509_verify_cert(ctx); 1982 ok = X509_verify_cert(ctx);
2067# ifdef OPENSSL_FIPS
2068 if(s->version == TLS1_VERSION)
2069 FIPS_allow_md5(0);
2070# endif
2071#endif 1983#endif
2072 1984
2073 if (cb_arg->proxy_auth) 1985 if (cb_arg->proxy_auth)
@@ -2102,29 +2014,14 @@ static RSA *rsa_tmp=NULL;
2102 2014
2103static RSA MS_CALLBACK *tmp_rsa_cb(SSL *s, int is_export, int keylength) 2015static RSA MS_CALLBACK *tmp_rsa_cb(SSL *s, int is_export, int keylength)
2104 { 2016 {
2105 BIGNUM *bn = NULL;
2106 if (rsa_tmp == NULL) 2017 if (rsa_tmp == NULL)
2107 { 2018 {
2108 bn = BN_new();
2109 rsa_tmp = RSA_new();
2110 if(!bn || !rsa_tmp || !BN_set_word(bn, RSA_F4))
2111 {
2112 BIO_printf(bio_err, "Memory error...");
2113 goto end;
2114 }
2115 BIO_printf(bio_err,"Generating temp (%d bit) RSA key...",keylength); 2019 BIO_printf(bio_err,"Generating temp (%d bit) RSA key...",keylength);
2116 (void)BIO_flush(bio_err); 2020 (void)BIO_flush(bio_err);
2117 if(!RSA_generate_key_ex(rsa_tmp,keylength,bn,NULL)) 2021 rsa_tmp=RSA_generate_key(keylength,RSA_F4,NULL,NULL);
2118 {
2119 BIO_printf(bio_err, "Error generating key.");
2120 RSA_free(rsa_tmp);
2121 rsa_tmp = NULL;
2122 }
2123end:
2124 BIO_printf(bio_err,"\n"); 2022 BIO_printf(bio_err,"\n");
2125 (void)BIO_flush(bio_err); 2023 (void)BIO_flush(bio_err);
2126 } 2024 }
2127 if(bn) BN_free(bn);
2128 return(rsa_tmp); 2025 return(rsa_tmp);
2129 } 2026 }
2130 2027
@@ -2235,60 +2132,3 @@ static DH *get_dh1024dsa()
2235 return(dh); 2132 return(dh);
2236 } 2133 }
2237#endif 2134#endif
2238
2239static int do_test_cipherlist(void)
2240 {
2241 int i = 0;
2242 const SSL_METHOD *meth;
2243 SSL_CIPHER *ci, *tci = NULL;
2244
2245#ifndef OPENSSL_NO_SSL2
2246 fprintf(stderr, "testing SSLv2 cipher list order: ");
2247 meth = SSLv2_method();
2248 while ((ci = meth->get_cipher(i++)) != NULL)
2249 {
2250 if (tci != NULL)
2251 if (ci->id >= tci->id)
2252 {
2253 fprintf(stderr, "failed %lx vs. %lx\n", ci->id, tci->id);
2254 return 0;
2255 }
2256 tci = ci;
2257 }
2258 fprintf(stderr, "ok\n");
2259#endif
2260#ifndef OPENSSL_NO_SSL3
2261 fprintf(stderr, "testing SSLv3 cipher list order: ");
2262 meth = SSLv3_method();
2263 tci = NULL;
2264 while ((ci = meth->get_cipher(i++)) != NULL)
2265 {
2266 if (tci != NULL)
2267 if (ci->id >= tci->id)
2268 {
2269 fprintf(stderr, "failed %lx vs. %lx\n", ci->id, tci->id);
2270 return 0;
2271 }
2272 tci = ci;
2273 }
2274 fprintf(stderr, "ok\n");
2275#endif
2276#ifndef OPENSSL_NO_TLS1
2277 fprintf(stderr, "testing TLSv1 cipher list order: ");
2278 meth = TLSv1_method();
2279 tci = NULL;
2280 while ((ci = meth->get_cipher(i++)) != NULL)
2281 {
2282 if (tci != NULL)
2283 if (ci->id >= tci->id)
2284 {
2285 fprintf(stderr, "failed %lx vs. %lx\n", ci->id, tci->id);
2286 return 0;
2287 }
2288 tci = ci;
2289 }
2290 fprintf(stderr, "ok\n");
2291#endif
2292
2293 return 1;
2294 }
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-27 17:32:26 +0000