Keep cipher lists sorted in the source instead of sorting them at (6e119bb0) · Commits · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

CHANGES

+4 −0

Original line number	Diff line number	Diff line
		@@ -27,6 +27,10 @@

		Changes between 0.9.8 and 0.9.8a [XX xxx XXXX]

		*) Keep cipherlists sorted in the source instead of sorting them at
		runtime, thus removing the need for a lock.
		[Nils Larsch]

		*) Avoid some small subgroup attacks in Diffie-Hellman.
		[Nick Mathewson and Ben Laurie]

ssl/s2_lib.c

+26 −46

Original line number	Diff line number	Diff line
		@@ -67,6 +67,7 @@ const char *ssl2_version_str="SSLv2" OPENSSL_VERSION_PTEXT;

		#define SSL2_NUM_CIPHERS (sizeof(ssl2_ciphers)/sizeof(SSL_CIPHER))

		/* list of available SSLv2 ciphers (sorted by id) */
		OPENSSL_GLOBAL SSL_CIPHER ssl2_ciphers[]={
		/* NULL_WITH_MD5 v3 */
		#if 0
		@@ -83,19 +84,6 @@ OPENSSL_GLOBAL SSL_CIPHER ssl2_ciphers[]={
		SSL_ALL_STRENGTHS,
		},
		#endif
		/* RC4_128_EXPORT40_WITH_MD5 */
		{
		1,
		SSL2_TXT_RC4_128_EXPORT40_WITH_MD5,
		SSL2_CK_RC4_128_EXPORT40_WITH_MD5,
		SSL_kRSA\|SSL_aRSA\|SSL_RC4\|SSL_MD5\|SSL_SSLV2,
		SSL_EXPORT\|SSL_EXP40,
		SSL2_CF_5_BYTE_ENC,
		40,
		128,
		SSL_ALL_CIPHERS,
		SSL_ALL_STRENGTHS,
		},
		/* RC4_128_WITH_MD5 */
		{
		1,
		@@ -109,12 +97,12 @@ OPENSSL_GLOBAL SSL_CIPHER ssl2_ciphers[]={
		SSL_ALL_CIPHERS,
		SSL_ALL_STRENGTHS,
		},
		/* RC2_128_CBC_EXPORT40_WITH_MD5 */
		/* RC4_128_EXPORT40_WITH_MD5 */
		{
		1,
		SSL2_TXT_RC2_128_CBC_EXPORT40_WITH_MD5,
		SSL2_CK_RC2_128_CBC_EXPORT40_WITH_MD5,
		SSL_kRSA\|SSL_aRSA\|SSL_RC2\|SSL_MD5\|SSL_SSLV2,
		SSL2_TXT_RC4_128_EXPORT40_WITH_MD5,
		SSL2_CK_RC4_128_EXPORT40_WITH_MD5,
		SSL_kRSA\|SSL_aRSA\|SSL_RC4\|SSL_MD5\|SSL_SSLV2,
		SSL_EXPORT\|SSL_EXP40,
		SSL2_CF_5_BYTE_ENC,
		40,
		@@ -135,6 +123,19 @@ OPENSSL_GLOBAL SSL_CIPHER ssl2_ciphers[]={
		SSL_ALL_CIPHERS,
		SSL_ALL_STRENGTHS,
		},
		/* RC2_128_CBC_EXPORT40_WITH_MD5 */
		{
		1,
		SSL2_TXT_RC2_128_CBC_EXPORT40_WITH_MD5,
		SSL2_CK_RC2_128_CBC_EXPORT40_WITH_MD5,
		SSL_kRSA\|SSL_aRSA\|SSL_RC2\|SSL_MD5\|SSL_SSLV2,
		SSL_EXPORT\|SSL_EXP40,
		SSL2_CF_5_BYTE_ENC,
		40,
		128,
		SSL_ALL_CIPHERS,
		SSL_ALL_STRENGTHS,
		},
		/* IDEA_128_CBC_WITH_MD5 */
		#ifndef OPENSSL_NO_IDEA
		{
		@@ -333,42 +334,21 @@ long ssl2_ctx_callback_ctrl(SSL_CTX ctx, int cmd, void (fp)(void))
		* available */
		SSL_CIPHER ssl2_get_cipher_by_char(const unsigned char p)
		{
		static int init=1;
		static SSL_CIPHER *sorted[SSL2_NUM_CIPHERS];
		SSL_CIPHER c,cp= &c,*cpp;
		SSL_CIPHER c,*cp;
		unsigned long id;
		unsigned int i;

		if (init)
		{
		CRYPTO_w_lock(CRYPTO_LOCK_SSL);

		if (init)
		{
		for (i=0; i<SSL2_NUM_CIPHERS; i++)
		sorted[i]= &(ssl2_ciphers[i]);

		qsort((char *)sorted,
		SSL2_NUM_CIPHERS,sizeof(SSL_CIPHER *),
		FP_ICC ssl_cipher_ptr_id_cmp);

		init=0;
		}

		CRYPTO_w_unlock(CRYPTO_LOCK_SSL);
		}

		id=0x02000000L\|((unsigned long)p[0]<<16L)\|
		((unsigned long)p[1]<<8L)\|(unsigned long)p[2];
		c.id=id;
		cpp=(SSL_CIPHER *)OBJ_bsearch((char )&cp,
		(char *)sorted,
		SSL2_NUM_CIPHERS,sizeof(SSL_CIPHER *),
		FP_ICC ssl_cipher_ptr_id_cmp);
		if ((cpp == NULL) \|\| !(*cpp)->valid)
		return(NULL);
		cp = (SSL_CIPHER )OBJ_bsearch((char )&c,
		(char *)ssl2_ciphers,
		SSL2_NUM_CIPHERS,sizeof(SSL_CIPHER),
		FP_ICC ssl_cipher_id_cmp);
		if ((cp == NULL) \|\| (cp->valid == 0))
		return NULL;
		else
		return(*cpp);
		return cp;
		}

		int ssl2_put_cipher_by_char(const SSL_CIPHER c, unsigned char p)

ssl/s3_lib.c

+358 −384

Original line number	Diff line number	Diff line
		@@ -135,6 +135,7 @@ const char *ssl3_version_str="SSLv3" OPENSSL_VERSION_PTEXT;

		#define SSL3_NUM_CIPHERS (sizeof(ssl3_ciphers)/sizeof(SSL_CIPHER))

		/* list of available SSLv3 ciphers (sorted by id) */
		OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
		/* The RSA ciphers */
		/* Cipher 01 */
		@@ -163,75 +164,6 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
		SSL_ALL_CIPHERS,
		SSL_ALL_STRENGTHS,
		},

		/* anon DH */
		/* Cipher 17 */
		{
		1,
		SSL3_TXT_ADH_RC4_40_MD5,
		SSL3_CK_ADH_RC4_40_MD5,
		SSL_kEDH \|SSL_aNULL\|SSL_RC4 \|SSL_MD5 \|SSL_SSLV3,
		SSL_EXPORT\|SSL_EXP40,
		0,
		40,
		128,
		SSL_ALL_CIPHERS,
		SSL_ALL_STRENGTHS,
		},
		/* Cipher 18 */
		{
		1,
		SSL3_TXT_ADH_RC4_128_MD5,
		SSL3_CK_ADH_RC4_128_MD5,
		SSL_kEDH \|SSL_aNULL\|SSL_RC4 \|SSL_MD5 \|SSL_SSLV3,
		SSL_NOT_EXP\|SSL_MEDIUM,
		0,
		128,
		128,
		SSL_ALL_CIPHERS,
		SSL_ALL_STRENGTHS,
		},
		/* Cipher 19 */
		{
		1,
		SSL3_TXT_ADH_DES_40_CBC_SHA,
		SSL3_CK_ADH_DES_40_CBC_SHA,
		SSL_kEDH \|SSL_aNULL\|SSL_DES\|SSL_SHA1\|SSL_SSLV3,
		SSL_EXPORT\|SSL_EXP40,
		0,
		40,
		128,
		SSL_ALL_CIPHERS,
		SSL_ALL_STRENGTHS,
		},
		/* Cipher 1A */
		{
		1,
		SSL3_TXT_ADH_DES_64_CBC_SHA,
		SSL3_CK_ADH_DES_64_CBC_SHA,
		SSL_kEDH \|SSL_aNULL\|SSL_DES \|SSL_SHA1\|SSL_SSLV3,
		SSL_NOT_EXP\|SSL_LOW,
		0,
		56,
		56,
		SSL_ALL_CIPHERS,
		SSL_ALL_STRENGTHS,
		},
		/* Cipher 1B */
		{
		1,
		SSL3_TXT_ADH_DES_192_CBC_SHA,
		SSL3_CK_ADH_DES_192_CBC_SHA,
		SSL_kEDH \|SSL_aNULL\|SSL_3DES \|SSL_SHA1\|SSL_SSLV3,
		SSL_NOT_EXP\|SSL_HIGH,
		0,
		168,
		168,
		SSL_ALL_CIPHERS,
		SSL_ALL_STRENGTHS,
		},

		/* RSA again */
		/* Cipher 03 */
		{
		1,
		@@ -338,7 +270,6 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
		SSL_ALL_CIPHERS,
		SSL_ALL_STRENGTHS,
		},

		/* The DH ciphers */
		/* Cipher 0B */
		{
		@@ -498,6 +429,71 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
		SSL_ALL_CIPHERS,
		SSL_ALL_STRENGTHS,
		},
		/* Cipher 17 */
		{
		1,
		SSL3_TXT_ADH_RC4_40_MD5,
		SSL3_CK_ADH_RC4_40_MD5,
		SSL_kEDH \|SSL_aNULL\|SSL_RC4 \|SSL_MD5 \|SSL_SSLV3,
		SSL_EXPORT\|SSL_EXP40,
		0,
		40,
		128,
		SSL_ALL_CIPHERS,
		SSL_ALL_STRENGTHS,
		},
		/* Cipher 18 */
		{
		1,
		SSL3_TXT_ADH_RC4_128_MD5,
		SSL3_CK_ADH_RC4_128_MD5,
		SSL_kEDH \|SSL_aNULL\|SSL_RC4 \|SSL_MD5 \|SSL_SSLV3,
		SSL_NOT_EXP\|SSL_MEDIUM,
		0,
		128,
		128,
		SSL_ALL_CIPHERS,
		SSL_ALL_STRENGTHS,
		},
		/* Cipher 19 */
		{
		1,
		SSL3_TXT_ADH_DES_40_CBC_SHA,
		SSL3_CK_ADH_DES_40_CBC_SHA,
		SSL_kEDH \|SSL_aNULL\|SSL_DES\|SSL_SHA1\|SSL_SSLV3,
		SSL_EXPORT\|SSL_EXP40,
		0,
		40,
		128,
		SSL_ALL_CIPHERS,
		SSL_ALL_STRENGTHS,
		},
		/* Cipher 1A */
		{
		1,
		SSL3_TXT_ADH_DES_64_CBC_SHA,
		SSL3_CK_ADH_DES_64_CBC_SHA,
		SSL_kEDH \|SSL_aNULL\|SSL_DES \|SSL_SHA1\|SSL_SSLV3,
		SSL_NOT_EXP\|SSL_LOW,
		0,
		56,
		56,
		SSL_ALL_CIPHERS,
		SSL_ALL_STRENGTHS,
		},
		/* Cipher 1B */
		{
		1,
		SSL3_TXT_ADH_DES_192_CBC_SHA,
		SSL3_CK_ADH_DES_192_CBC_SHA,
		SSL_kEDH \|SSL_aNULL\|SSL_3DES \|SSL_SHA1\|SSL_SSLV3,
		SSL_NOT_EXP\|SSL_HIGH,
		0,
		168,
		168,
		SSL_ALL_CIPHERS,
		SSL_ALL_STRENGTHS,
		},

		/* Fortezza */
		/* Cipher 1C */
		@@ -745,102 +741,6 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
		SSL_ALL_STRENGTHS,
		},
		#endif /* OPENSSL_NO_KRB5 */


		#if TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES
		/* New TLS Export CipherSuites */
		/* Cipher 60 */
		{
		1,
		TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_MD5,
		TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_MD5,
		SSL_kRSA\|SSL_aRSA\|SSL_RC4\|SSL_MD5\|SSL_TLSV1,
		SSL_EXPORT\|SSL_EXP56,
		0,
		56,
		128,
		SSL_ALL_CIPHERS,
		SSL_ALL_STRENGTHS,
		},
		/* Cipher 61 */
		{
		1,
		TLS1_TXT_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5,
		TLS1_CK_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5,
		SSL_kRSA\|SSL_aRSA\|SSL_RC2\|SSL_MD5\|SSL_TLSV1,
		SSL_EXPORT\|SSL_EXP56,
		0,
		56,
		128,
		SSL_ALL_CIPHERS,
		SSL_ALL_STRENGTHS,
		},
		/* Cipher 62 */
		{
		1,
		TLS1_TXT_RSA_EXPORT1024_WITH_DES_CBC_SHA,
		TLS1_CK_RSA_EXPORT1024_WITH_DES_CBC_SHA,
		SSL_kRSA\|SSL_aRSA\|SSL_DES\|SSL_SHA\|SSL_TLSV1,
		SSL_EXPORT\|SSL_EXP56,
		0,
		56,
		56,
		SSL_ALL_CIPHERS,
		SSL_ALL_STRENGTHS,
		},
		/* Cipher 63 */
		{
		1,
		TLS1_TXT_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA,
		TLS1_CK_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA,
		SSL_kEDH\|SSL_aDSS\|SSL_DES\|SSL_SHA\|SSL_TLSV1,
		SSL_EXPORT\|SSL_EXP56,
		0,
		56,
		56,
		SSL_ALL_CIPHERS,
		SSL_ALL_STRENGTHS,
		},
		/* Cipher 64 */
		{
		1,
		TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_SHA,
		TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_SHA,
		SSL_kRSA\|SSL_aRSA\|SSL_RC4\|SSL_SHA\|SSL_TLSV1,
		SSL_EXPORT\|SSL_EXP56,
		0,
		56,
		128,
		SSL_ALL_CIPHERS,
		SSL_ALL_STRENGTHS,
		},
		/* Cipher 65 */
		{
		1,
		TLS1_TXT_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA,
		TLS1_CK_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA,
		SSL_kEDH\|SSL_aDSS\|SSL_RC4\|SSL_SHA\|SSL_TLSV1,
		SSL_EXPORT\|SSL_EXP56,
		0,
		56,
		128,
		SSL_ALL_CIPHERS,
		SSL_ALL_STRENGTHS,
		},
		/* Cipher 66 */
		{
		1,
		TLS1_TXT_DHE_DSS_WITH_RC4_128_SHA,
		TLS1_CK_DHE_DSS_WITH_RC4_128_SHA,
		SSL_kEDH\|SSL_aDSS\|SSL_RC4\|SSL_SHA\|SSL_TLSV1,
		SSL_NOT_EXP\|SSL_MEDIUM,
		0,
		128,
		128,
		SSL_ALL_CIPHERS,
		SSL_ALL_STRENGTHS
		},
		#endif
		/* New AES ciphersuites */

		/* Cipher 2F */
		@@ -1000,7 +900,6 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
		SSL_ALL_CIPHERS,
		SSL_ALL_STRENGTHS,
		},

		#ifndef OPENSSL_NO_ECDH
		/* Cipher 47 */
		{
		@@ -1086,36 +985,6 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
		SSL_ALL_STRENGTHS,
		},

		/* Cipher 5B */
		/* XXX NOTE: The ECC/TLS draft has a bug and reuses 4B for this */
		{
		1,
		TLS1_TXT_ECDH_ECDSA_EXPORT_WITH_RC4_40_SHA,
		TLS1_CK_ECDH_ECDSA_EXPORT_WITH_RC4_40_SHA,
		SSL_kECDH\|SSL_aECDSA\|SSL_RC4\|SSL_SHA\|SSL_TLSV1,
		SSL_EXPORT\|SSL_EXP40,
		0,
		40,
		128,
		SSL_ALL_CIPHERS,
		SSL_ALL_STRENGTHS,
		},

		/* Cipher 5C */
		/* XXX NOTE: The ECC/TLS draft has a bug and reuses 4C for this */
		{
		1,
		TLS1_TXT_ECDH_ECDSA_EXPORT_WITH_RC4_56_SHA,
		TLS1_CK_ECDH_ECDSA_EXPORT_WITH_RC4_56_SHA,
		SSL_kECDH\|SSL_aECDSA\|SSL_RC4\|SSL_SHA\|SSL_TLSV1,
		SSL_EXPORT\|SSL_EXP56,
		0,
		56,
		128,
		SSL_ALL_CIPHERS,
		SSL_ALL_STRENGTHS,
		},

		/* Cipher 4D */
		{
		1,
		@@ -1311,7 +1180,134 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
		SSL_ALL_CIPHERS,
		SSL_ALL_STRENGTHS,
		},
		/* Cipher 5B */
		/* XXX NOTE: The ECC/TLS draft has a bug and reuses 4B for this */
		{
		1,
		TLS1_TXT_ECDH_ECDSA_EXPORT_WITH_RC4_40_SHA,
		TLS1_CK_ECDH_ECDSA_EXPORT_WITH_RC4_40_SHA,
		SSL_kECDH\|SSL_aECDSA\|SSL_RC4\|SSL_SHA\|SSL_TLSV1,
		SSL_EXPORT\|SSL_EXP40,
		0,
		40,
		128,
		SSL_ALL_CIPHERS,
		SSL_ALL_STRENGTHS,
		},

		/* Cipher 5C */
		/* XXX NOTE: The ECC/TLS draft has a bug and reuses 4C for this */
		{
		1,
		TLS1_TXT_ECDH_ECDSA_EXPORT_WITH_RC4_56_SHA,
		TLS1_CK_ECDH_ECDSA_EXPORT_WITH_RC4_56_SHA,
		SSL_kECDH\|SSL_aECDSA\|SSL_RC4\|SSL_SHA\|SSL_TLSV1,
		SSL_EXPORT\|SSL_EXP56,
		0,
		56,
		128,
		SSL_ALL_CIPHERS,
		SSL_ALL_STRENGTHS,
		},

		#endif /* OPENSSL_NO_ECDH */

		#if TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES
		/* New TLS Export CipherSuites */
		/* Cipher 60 */
		{
		1,
		TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_MD5,
		TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_MD5,
		SSL_kRSA\|SSL_aRSA\|SSL_RC4\|SSL_MD5\|SSL_TLSV1,
		SSL_EXPORT\|SSL_EXP56,
		0,
		56,
		128,
		SSL_ALL_CIPHERS,
		SSL_ALL_STRENGTHS,
		},
		/* Cipher 61 */
		{
		1,
		TLS1_TXT_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5,
		TLS1_CK_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5,
		SSL_kRSA\|SSL_aRSA\|SSL_RC2\|SSL_MD5\|SSL_TLSV1,
		SSL_EXPORT\|SSL_EXP56,
		0,
		56,
		128,
		SSL_ALL_CIPHERS,
		SSL_ALL_STRENGTHS,
		},
		/* Cipher 62 */
		{
		1,
		TLS1_TXT_RSA_EXPORT1024_WITH_DES_CBC_SHA,
		TLS1_CK_RSA_EXPORT1024_WITH_DES_CBC_SHA,
		SSL_kRSA\|SSL_aRSA\|SSL_DES\|SSL_SHA\|SSL_TLSV1,
		SSL_EXPORT\|SSL_EXP56,
		0,
		56,
		56,
		SSL_ALL_CIPHERS,
		SSL_ALL_STRENGTHS,
		},
		/* Cipher 63 */
		{
		1,
		TLS1_TXT_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA,
		TLS1_CK_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA,
		SSL_kEDH\|SSL_aDSS\|SSL_DES\|SSL_SHA\|SSL_TLSV1,
		SSL_EXPORT\|SSL_EXP56,
		0,
		56,
		56,
		SSL_ALL_CIPHERS,
		SSL_ALL_STRENGTHS,
		},
		/* Cipher 64 */
		{
		1,
		TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_SHA,
		TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_SHA,
		SSL_kRSA\|SSL_aRSA\|SSL_RC4\|SSL_SHA\|SSL_TLSV1,
		SSL_EXPORT\|SSL_EXP56,
		0,
		56,
		128,
		SSL_ALL_CIPHERS,
		SSL_ALL_STRENGTHS,
		},
		/* Cipher 65 */
		{
		1,
		TLS1_TXT_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA,
		TLS1_CK_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA,
		SSL_kEDH\|SSL_aDSS\|SSL_RC4\|SSL_SHA\|SSL_TLSV1,
		SSL_EXPORT\|SSL_EXP56,
		0,
		56,
		128,
		SSL_ALL_CIPHERS,
		SSL_ALL_STRENGTHS,
		},
		/* Cipher 66 */
		{
		1,
		TLS1_TXT_DHE_DSS_WITH_RC4_128_SHA,
		TLS1_CK_DHE_DSS_WITH_RC4_128_SHA,
		SSL_kEDH\|SSL_aDSS\|SSL_RC4\|SSL_SHA\|SSL_TLSV1,
		SSL_NOT_EXP\|SSL_MEDIUM,
		0,
		128,
		128,
		SSL_ALL_CIPHERS,
		SSL_ALL_STRENGTHS
		},
		#endif

		#ifndef OPENSSL_NO_ECDH
		/* Cipher 77 XXX: ECC ciphersuites offering forward secrecy
		* are not yet specified in the ECC/TLS draft but our code
		* allows them to be implemented very easily. To add such
		@@ -1348,7 +1344,6 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
		SSL_ALL_CIPHERS,
		SSL_ALL_STRENGTHS,
		},

		#endif /* !OPENSSL_NO_ECDH */

		/* end of list */
		@@ -1883,41 +1878,20 @@ long ssl3_ctx_callback_ctrl(SSL_CTX ctx, int cmd, void (fp)(void))
		* available */
		SSL_CIPHER ssl3_get_cipher_by_char(const unsigned char p)
		{
		static int init=1;
		static SSL_CIPHER *sorted[SSL3_NUM_CIPHERS];
		SSL_CIPHER c,cp= &c,*cpp;
		SSL_CIPHER c,*cp;
		unsigned long id;
		unsigned int i;

		if (init)
		{
		CRYPTO_w_lock(CRYPTO_LOCK_SSL);

		if (init)
		{
		for (i=0; i<SSL3_NUM_CIPHERS; i++)
		sorted[i]= &(ssl3_ciphers[i]);

		qsort(sorted,
		SSL3_NUM_CIPHERS,sizeof(SSL_CIPHER *),
		FP_ICC ssl_cipher_ptr_id_cmp);

		init=0;
		}

		CRYPTO_w_unlock(CRYPTO_LOCK_SSL);
		}

		id=0x03000000L\|((unsigned long)p[0]<<8L)\|(unsigned long)p[1];
		c.id=id;
		cpp=(SSL_CIPHER *)OBJ_bsearch((char )&cp,
		(char *)sorted,
		SSL3_NUM_CIPHERS,sizeof(SSL_CIPHER *),
		FP_ICC ssl_cipher_ptr_id_cmp);
		if ((cpp == NULL) \|\| !(*cpp)->valid)
		return(NULL);
		cp = (SSL_CIPHER )OBJ_bsearch((char )&c,
		(char *)ssl3_ciphers,
		SSL3_NUM_CIPHERS,sizeof(SSL_CIPHER),
		FP_ICC ssl_cipher_id_cmp);
		if (cp == NULL \|\| cp->valid == 0)
		return NULL;
		else
		return(*cpp);
		return cp;
		}

		int ssl3_put_cipher_by_char(const SSL_CIPHER c, unsigned char p)

ssl/ssltest.c

+70 −0

Original line number	Diff line number	Diff line
		@@ -224,6 +224,7 @@ static const char rnd_seed[] = "string to make the random number generator think

		int doit_biopair(SSL s_ssl,SSL c_ssl,long bytes,clock_t s_time,clock_t c_time);
		int doit(SSL s_ssl,SSL c_ssl,long bytes);
		static int do_test_cipherlist(void);
		static void sv_usage(void)
		{
		fprintf(stderr,"usage: ssltest [args ...]\n");
		@@ -272,6 +273,7 @@ static void sv_usage(void)
		" Use \"openssl ecparam -list_curves\" for all names\n" \
		" (default is sect163r2).\n");
		#endif
		fprintf(stderr," -test_cipherlist - verifies the order of the ssl cipher lists\n");
		}

		static void print_details(SSL c_ssl, const char prefix)
		@@ -381,6 +383,7 @@ static void lock_dbg_cb(int mode, int type, const char *file, int line)
		}
		}


		int main(int argc, char *argv[])
		{
		char CApath=NULL,CAfile=NULL;
		@@ -419,6 +422,7 @@ int main(int argc, char *argv[])
		int comp = 0;
		COMP_METHOD *cm = NULL;
		STACK_OF(SSL_COMP) *ssl_comp_methods = NULL;
		int test_cipherlist = 0;

		verbose = 0;
		debug = 0;
		@@ -594,6 +598,10 @@ int main(int argc, char *argv[])
		{
		app_verify_arg.allow_proxy_certs = 1;
		}
		else if (strcmp(*argv,"-test_cipherlist") == 0)
		{
		test_cipherlist = 1;
		}
		else
		{
		fprintf(stderr,"unknown option %s\n",*argv);
		@@ -610,6 +618,15 @@ bad:
		goto end;
		}

		if (test_cipherlist == 1)
		{
		/* ensure that the cipher list are correctly sorted and exit */
		if (do_test_cipherlist() == 0)
		EXIT(1);
		ret = 0;
		goto end;
		}

		if (!ssl2 && !ssl3 && !tls1 && number > 1 && !reuse && !force)
		{
		fprintf(stderr, "This case cannot work. Use -f to perform "
		@@ -2213,4 +2230,57 @@ static DH *get_dh1024dsa()
		dh->length = 160;
		return(dh);
		}

		static int do_test_cipherlist(void)
		{
		int i = 0;
		const SSL_METHOD *meth;
		SSL_CIPHER ci, tci = NULL;

		fprintf(stderr, "testing SSLv2 cipher list order: ");
		meth = SSLv2_method();
		while ((ci = meth->get_cipher(i++)) != NULL)
		{
		if (tci != NULL)
		if (ci->id >= tci->id)
		{
		fprintf(stderr, "failed %lx vs. %lx\n", ci->id, tci->id);
		return 0;
		}
		tci = ci;
		}
		fprintf(stderr, "ok\n");

		fprintf(stderr, "testing SSLv3 cipher list order: ");
		meth = SSLv3_method();
		tci = NULL;
		while ((ci = meth->get_cipher(i++)) != NULL)
		{
		if (tci != NULL)
		if (ci->id >= tci->id)
		{
		fprintf(stderr, "failed %lx vs. %lx\n", ci->id, tci->id);
		return 0;
		}
		tci = ci;
		}
		fprintf(stderr, "ok\n");

		fprintf(stderr, "testing TLSv1 cipher list order: ");
		meth = TLSv1_method();
		tci = NULL;
		while ((ci = meth->get_cipher(i++)) != NULL)
		{
		if (tci != NULL)
		if (ci->id >= tci->id)
		{
		fprintf(stderr, "failed %lx vs. %lx\n", ci->id, tci->id);
		return 0;
		}
		tci = ci;
		}
		fprintf(stderr, "ok\n");

		return 1;
		}
		#endif

test/Makefile

+1 −0

Original line number	Diff line number	Diff line
		@@ -265,6 +265,7 @@ test_engine:
		test_ssl: keyU.ss certU.ss certCA.ss certP1.ss keyP1.ss certP2.ss keyP2.ss \
		intP1.ss intP2.ss
		@echo "test SSL protocol"
		../util/shlib_wrap.sh ./$(SSLTEST) -test_cipherlist
		@sh ./testssl keyU.ss certU.ss certCA.ss
		@sh ./testsslproxy keyP1.ss certP1.ss intP1.ss
		@sh ./testsslproxy keyP2.ss certP2.ss intP2.ss