commit 6e119bb02e8f324874d9dff779133377b1d41a3c
author Nils Larsch <nils@openssl.org> Thu Aug 25 07:29:54 2005 +0000
committer Nils Larsch <nils@openssl.org> Thu Aug 25 07:29:54 2005 +0000
tree 3efc62ceb3699c12a9fb3331be88a3b6bb68cb48
parent 2c2e46dbf5a3919bcb47a67fc79704201df04843

Keep cipher lists sorted in the source instead of sorting them at
runtime, thus removing the need for a lock. Add a test to ssltest
to verify that the cipher lists are sorted.

ssl/ssltest.c

diff --git a/ssl/ssltest.c b/ssl/ssltest.c
index ee4e99a..3818bf3 100644
--- a/ssl/ssltest.c
+++ b/ssl/ssltest.c
@@ -224,6 +224,7 @@
 
 int doit_biopair(SSL *s_ssl,SSL *c_ssl,long bytes,clock_t *s_time,clock_t *c_time);
 int doit(SSL *s_ssl,SSL *c_ssl,long bytes);
+static int do_test_cipherlist(void);
 static void sv_usage(void)
 	{
 	fprintf(stderr,"usage: ssltest [args ...]\n");
@@ -272,6 +273,7 @@
 	               "                 Use \"openssl ecparam -list_curves\" for all names\n"  \
 	               "                 (default is sect163r2).\n");
 #endif
+	fprintf(stderr," -test_cipherlist - verifies the order of the ssl cipher lists\n");
 	}
 
 static void print_details(SSL *c_ssl, const char *prefix)
@@ -381,6 +383,7 @@
 		}
 	}
 
+
 int main(int argc, char *argv[])
 	{
 	char *CApath=NULL,*CAfile=NULL;
@@ -419,6 +422,7 @@
 	int comp = 0;
 	COMP_METHOD *cm = NULL;
 	STACK_OF(SSL_COMP) *ssl_comp_methods = NULL;
+	int test_cipherlist = 0;
 
 	verbose = 0;
 	debug = 0;
@@ -594,6 +598,10 @@
 			{
 			app_verify_arg.allow_proxy_certs = 1;
 			}
+		else if (strcmp(*argv,"-test_cipherlist") == 0)
+			{
+			test_cipherlist = 1;
+			}
 		else
 			{
 			fprintf(stderr,"unknown option %s\n",*argv);
@@ -610,6 +618,15 @@
 		goto end;
 		}
 
+	if (test_cipherlist == 1)
+		{
+		/* ensure that the cipher list are correctly sorted and exit */
+		if (do_test_cipherlist() == 0)
+			EXIT(1);
+		ret = 0;
+		goto end;
+		}
+
 	if (!ssl2 && !ssl3 && !tls1 && number > 1 && !reuse && !force)
 		{
 		fprintf(stderr, "This case cannot work.  Use -f to perform "
@@ -2213,4 +2230,57 @@
 	dh->length = 160;
 	return(dh);
 	}
+
+static int do_test_cipherlist(void)
+	{
+	int i = 0;
+	const SSL_METHOD *meth;
+	SSL_CIPHER *ci, *tci = NULL;
+
+	fprintf(stderr, "testing SSLv2 cipher list order: ");
+	meth = SSLv2_method();
+	while ((ci = meth->get_cipher(i++)) != NULL)
+		{
+		if (tci != NULL)
+			if (ci->id >= tci->id)
+				{
+				fprintf(stderr, "failed %lx vs. %lx\n", ci->id, tci->id);
+				return 0;
+				}
+		tci = ci;
+		}
+	fprintf(stderr, "ok\n");
+
+	fprintf(stderr, "testing SSLv3 cipher list order: ");
+	meth = SSLv3_method();
+	tci = NULL;
+	while ((ci = meth->get_cipher(i++)) != NULL)
+		{
+		if (tci != NULL)
+			if (ci->id >= tci->id)
+				{
+				fprintf(stderr, "failed %lx vs. %lx\n", ci->id, tci->id);
+				return 0;
+				}
+		tci = ci;
+		}
+	fprintf(stderr, "ok\n");
+
+	fprintf(stderr, "testing TLSv1 cipher list order: ");
+	meth = TLSv1_method();
+	tci = NULL;
+	while ((ci = meth->get_cipher(i++)) != NULL)
+		{
+		if (tci != NULL)
+			if (ci->id >= tci->id)
+				{
+				fprintf(stderr, "failed %lx vs. %lx\n", ci->id, tci->id);
+				return 0;
+				}
+		tci = ci;
+		}
+	fprintf(stderr, "ok\n");
+
+	return 1;
+	}
 #endif