]> git.saurik.com Git - apple/security.git/blob - OSX/libsecurity_ssl/regressions/ssl-46-SSLGetSupportedCiphers.c
Security-57740.51.3.tar.gz
[apple/security.git] / OSX / libsecurity_ssl / regressions / ssl-46-SSLGetSupportedCiphers.c
1 /*
2 * Copyright (c) 2012,2014 Apple Inc. All Rights Reserved.
3 *
4 * @APPLE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
11 * file.
12 *
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
20 *
21 * @APPLE_LICENSE_HEADER_END@
22 */
23
24
25 #include <stdio.h>
26 #include <stdlib.h>
27 #include <Security/SecureTransportPriv.h>
28 #include <AssertMacros.h>
29
30 #include "ssl_regressions.h"
31 #include "ssl-utils.h"
32
33
34 #include "cipherSpecs.h"
35
36 static int test_GetSupportedCiphers(SSLContextRef ssl, bool server)
37 {
38 size_t max_ciphers = 0;
39 int fail=1;
40 SSLCipherSuite *ciphers = NULL;
41
42 require_noerr(SSLGetNumberSupportedCiphers(ssl, &max_ciphers), out);
43
44 size_t size = max_ciphers * sizeof (SSLCipherSuite);
45 ciphers = (SSLCipherSuite *) malloc(size);
46
47 require_string(ciphers, out, "out of memory");
48 memset(ciphers, 0xff, size);
49
50 size_t num_ciphers = max_ciphers;
51 require_noerr(SSLGetSupportedCiphers(ssl, ciphers, &num_ciphers), out);
52
53 for (size_t i = 0; i < num_ciphers; i++) {
54 require(ciphers[i]!=(SSLCipherSuite)(-1), out);
55 }
56
57 /* Success! */
58 fail=0;
59
60 out:
61 if(ciphers) free(ciphers);
62 return fail;
63 }
64
65
66 static OSStatus SocketWrite(SSLConnectionRef conn, const void *data, size_t *length)
67 {
68 return errSSLWouldBlock;
69 }
70
71 static OSStatus SocketRead(SSLConnectionRef conn, void *data, size_t *length)
72 {
73 return errSSLWouldBlock;
74 }
75
76
77
78 static const SSLCipherSuite legacy_ciphersuites[] = {
79 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
80 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
81 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
82 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
83 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
84 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
85 TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,
86 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
87 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
88 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
89 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
90 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
91 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
92 TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
93 TLS_RSA_WITH_AES_256_GCM_SHA384,
94 TLS_RSA_WITH_AES_128_GCM_SHA256,
95 TLS_RSA_WITH_AES_256_CBC_SHA256,
96 TLS_RSA_WITH_AES_128_CBC_SHA256,
97 TLS_RSA_WITH_AES_256_CBC_SHA,
98 TLS_RSA_WITH_AES_128_CBC_SHA,
99 SSL_RSA_WITH_3DES_EDE_CBC_SHA,
100 TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,
101 TLS_ECDHE_RSA_WITH_RC4_128_SHA,
102 SSL_RSA_WITH_RC4_128_SHA,
103 SSL_RSA_WITH_RC4_128_MD5,
104 };
105
106 const SSLCipherSuite legacy_DHE_ciphersuites[] = {
107 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
108 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
109 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
110 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
111 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
112 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
113 TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,
114 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
115 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
116 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
117 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
118 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
119 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
120 TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
121 TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,
122 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
123 TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,
124 TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,
125 TLS_DHE_RSA_WITH_AES_256_CBC_SHA,
126 TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
127 SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
128 TLS_RSA_WITH_AES_256_GCM_SHA384,
129 TLS_RSA_WITH_AES_128_GCM_SHA256,
130 TLS_RSA_WITH_AES_256_CBC_SHA256,
131 TLS_RSA_WITH_AES_128_CBC_SHA256,
132 TLS_RSA_WITH_AES_256_CBC_SHA,
133 TLS_RSA_WITH_AES_128_CBC_SHA,
134 SSL_RSA_WITH_3DES_EDE_CBC_SHA,
135 TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,
136 TLS_ECDHE_RSA_WITH_RC4_128_SHA,
137 SSL_RSA_WITH_RC4_128_SHA,
138 SSL_RSA_WITH_RC4_128_MD5,
139 };
140
141
142
143 const SSLCipherSuite standard_ciphersuites[] = {
144 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
145 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
146 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
147 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
148 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
149 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
150 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
151 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
152 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
153 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
154 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
155 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
156 TLS_RSA_WITH_AES_256_GCM_SHA384,
157 TLS_RSA_WITH_AES_128_GCM_SHA256,
158 TLS_RSA_WITH_AES_256_CBC_SHA256,
159 TLS_RSA_WITH_AES_128_CBC_SHA256,
160 TLS_RSA_WITH_AES_256_CBC_SHA,
161 TLS_RSA_WITH_AES_128_CBC_SHA,
162 };
163
164 const SSLCipherSuite default_ciphersuites[] = {
165 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
166 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
167 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
168 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
169 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
170 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
171 TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,
172 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
173 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
174 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
175 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
176 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
177 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
178 TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
179 TLS_RSA_WITH_AES_256_GCM_SHA384,
180 TLS_RSA_WITH_AES_128_GCM_SHA256,
181 TLS_RSA_WITH_AES_256_CBC_SHA256,
182 TLS_RSA_WITH_AES_128_CBC_SHA256,
183 TLS_RSA_WITH_AES_256_CBC_SHA,
184 TLS_RSA_WITH_AES_128_CBC_SHA,
185 SSL_RSA_WITH_3DES_EDE_CBC_SHA,
186 };
187
188 const SSLCipherSuite ATSv1_ciphersuites[] = {
189 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
190 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
191 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
192 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
193 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
194 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
195 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
196 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
197 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
198 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
199 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
200 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
201 };
202
203 const SSLCipherSuite ATSv1_noPFS_ciphersuites[] = {
204 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
205 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
206 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
207 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
208 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
209 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
210 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
211 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
212 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
213 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
214 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
215 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
216
217 TLS_RSA_WITH_AES_256_GCM_SHA384,
218 TLS_RSA_WITH_AES_128_GCM_SHA256,
219 TLS_RSA_WITH_AES_256_CBC_SHA256,
220 TLS_RSA_WITH_AES_128_CBC_SHA256,
221 TLS_RSA_WITH_AES_256_CBC_SHA,
222 TLS_RSA_WITH_AES_128_CBC_SHA,
223 };
224
225 const SSLCipherSuite TLSv1_RC4_fallback_ciphersuites[] = {
226 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
227 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
228 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
229 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
230 TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,
231 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
232 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
233 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
234 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
235 TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
236 TLS_RSA_WITH_AES_256_CBC_SHA256,
237 TLS_RSA_WITH_AES_128_CBC_SHA256,
238 TLS_RSA_WITH_AES_256_CBC_SHA,
239 TLS_RSA_WITH_AES_128_CBC_SHA,
240 SSL_RSA_WITH_3DES_EDE_CBC_SHA,
241 TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,
242 TLS_ECDHE_RSA_WITH_RC4_128_SHA,
243 SSL_RSA_WITH_RC4_128_SHA,
244 SSL_RSA_WITH_RC4_128_MD5,
245 };
246
247 const SSLCipherSuite TLSv1_fallback_ciphersuites[] = {
248 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
249 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
250 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
251 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
252 TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,
253 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
254 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
255 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
256 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
257 TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
258 TLS_RSA_WITH_AES_256_CBC_SHA256,
259 TLS_RSA_WITH_AES_128_CBC_SHA256,
260 TLS_RSA_WITH_AES_256_CBC_SHA,
261 TLS_RSA_WITH_AES_128_CBC_SHA,
262 SSL_RSA_WITH_3DES_EDE_CBC_SHA,
263 };
264
265 const SSLCipherSuite anonymous_ciphersuites[] = {
266 TLS_ECDH_anon_WITH_AES_256_CBC_SHA,
267 TLS_ECDH_anon_WITH_AES_128_CBC_SHA,
268 TLS_DH_anon_WITH_AES_256_CBC_SHA256,
269 TLS_DH_anon_WITH_AES_256_CBC_SHA,
270 TLS_DH_anon_WITH_AES_128_CBC_SHA256,
271 TLS_DH_anon_WITH_AES_128_CBC_SHA
272 };
273
274
275 static int test_GetEnabledCiphers(SSLContextRef ssl, unsigned expected_num_ciphers, const SSLCipherSuite *expected_ciphers)
276 {
277 size_t num_ciphers;
278 size_t size;
279 int fail=1;
280 SSLCipherSuite *ciphers = NULL;
281 OSStatus err;
282
283 require_noerr(SSLSetIOFuncs(ssl, &SocketRead, &SocketWrite), out);
284 require_noerr(SSLSetConnection(ssl, NULL), out);
285
286 require_noerr(SSLGetNumberEnabledCiphers(ssl, &num_ciphers), out);
287 require_string(num_ciphers==expected_num_ciphers, out, "wrong ciphersuites number");
288
289 size = num_ciphers * sizeof (SSLCipherSuite);
290 ciphers = (SSLCipherSuite *) malloc(size);
291 require_string(ciphers, out, "out of memory");
292 memset(ciphers, 0xff, size);
293
294 require_noerr(SSLGetEnabledCiphers(ssl, ciphers, &num_ciphers), out);
295 require_string(memcmp(ciphers, expected_ciphers, size)==0, out, "wrong ciphersuites");
296
297 free(ciphers);
298 ciphers = NULL;
299
300 err = SSLHandshake(ssl);
301 require(err == errSSLWouldBlock, out);
302
303 require_noerr(SSLGetNumberEnabledCiphers(ssl, &num_ciphers), out);
304 require_string(num_ciphers==expected_num_ciphers, out, "wrong ciphersuites number");
305
306 size = num_ciphers * sizeof (SSLCipherSuite);
307 ciphers = (SSLCipherSuite *) malloc(size);
308 require_string(ciphers, out, "out of memory");
309 memset(ciphers, 0xff, size);
310
311 require_noerr(SSLGetEnabledCiphers(ssl, ciphers, &num_ciphers), out);
312 require_string(memcmp(ciphers, expected_ciphers, size)==0, out, "wrong ciphersuites");
313
314 /* Success! */
315 fail=0;
316
317 out:
318 free(ciphers);
319 return fail;
320 }
321
322 static int test_SetEnabledCiphers(SSLContextRef ssl)
323 {
324 int fail=1;
325 size_t num_enabled;
326
327 /* This should not fail as long as we have one valid cipher in this table */
328 SSLCipherSuite ciphers[] = {
329 SSL_RSA_WITH_RC2_CBC_MD5, /* unsupported */
330 TLS_RSA_WITH_NULL_SHA, /* supported by not enabled by default */
331 TLS_RSA_WITH_AES_128_CBC_SHA, /* Supported and enabled by default */
332 };
333
334 require_noerr(SSLSetEnabledCiphers(ssl, ciphers, sizeof(ciphers)/sizeof(SSLCipherSuite)), out);
335 require_noerr(SSLGetNumberEnabledCiphers(ssl, &num_enabled), out);
336
337 require(num_enabled==2, out); /* 2 ciphers in the above table are supported */
338
339 /* Success! */
340 fail=0;
341
342 out:
343 return fail;
344 }
345
346
347 static void
348 test_dhe(SSLProtocolSide side, bool dhe_enabled)
349 {
350 SSLContextRef ssl = NULL;
351 bool server = (side == kSSLServerSide);
352
353 ssl=SSLCreateContext(kCFAllocatorDefault, side, kSSLStreamType);
354 ok(ssl, "test_dhe: SSLCreateContext(1) failed (%s, %s)", server?"server":"client", dhe_enabled?"enabled":"disabled");
355 require(ssl, out);
356
357 ok_status(SSLSetDHEEnabled(ssl, dhe_enabled),"test_dhe: SSLSetDHEEnabled failed (%s, %s)", server?"server":"client", dhe_enabled?"enabled":"disabled");
358
359 unsigned num = (dhe_enabled?sizeof(legacy_DHE_ciphersuites):sizeof(legacy_ciphersuites))/sizeof(SSLCipherSuite);
360 const SSLCipherSuite *ciphers = dhe_enabled?legacy_DHE_ciphersuites:legacy_ciphersuites;
361 /* The order of this tests does matter, be careful when adding tests */
362 ok(!test_GetSupportedCiphers(ssl, server), "test_dhe: GetSupportedCiphers test failed (%s, %s)", server?"server":"client", dhe_enabled?"enabled":"disabled");
363 ok(!test_GetEnabledCiphers(ssl, num, ciphers), "test_dhe: GetEnabledCiphers test failed (%s, %s)", server?"server":"client", dhe_enabled?"enabled":"disabled");
364
365 CFRelease(ssl); ssl=NULL;
366
367 ssl=SSLCreateContext(kCFAllocatorDefault, side, kSSLStreamType);
368 ok(ssl, "test_dhe: SSLCreateContext(2) failed (%s, %s)", server?"server":"client", dhe_enabled?"enabled":"disabled");
369 require(ssl, out);
370
371 ok(!test_SetEnabledCiphers(ssl), "test_dhe: SetEnabledCiphers test failed (%s, %s)", server?"server":"client", dhe_enabled?"enabled":"disabled");
372
373 out:
374 if(ssl) CFRelease(ssl);
375 }
376
377 static void
378 test_config(SSLProtocolSide side, CFStringRef config, unsigned num, const SSLCipherSuite *ciphers)
379 {
380 SSLContextRef ssl = NULL;
381 bool server = (side == kSSLServerSide);
382
383 ssl=SSLCreateContext(kCFAllocatorDefault, side, kSSLStreamType);
384 ok(ssl, "test_config: SSLCreateContext(1) failed (%s,%@)", server?"server":"client", config);
385 require(ssl, out);
386
387 ok_status(SSLSetSessionConfig(ssl, config), "test_config: SSLSetSessionConfig failed (%s,%@)", server?"server":"client", config);
388
389 /* The order of this tests does matter, be careful when adding tests */
390 ok(!test_GetSupportedCiphers(ssl, server), "test_config: GetSupportedCiphers test failed (%s,%@)", server?"server":"client", config);
391 ok(!test_GetEnabledCiphers(ssl, num, ciphers), "test_config: GetEnabledCiphers test failed (%s,%@)", server?"server":"client", config);
392
393 CFRelease(ssl); ssl=NULL;
394
395 ssl=SSLCreateContext(kCFAllocatorDefault, side, kSSLStreamType);
396 ok(ssl, "test_config: SSLCreateContext(2) failed (%s,%@)", server?"server":"client", config);
397 require(ssl, out);
398
399 ok(!test_SetEnabledCiphers(ssl), "test_config: SetEnabledCiphers test failed (%s,%@)", server?"server":"client", config);
400
401 out:
402 if(ssl) CFRelease(ssl);
403 }
404
405 static void
406 test_default(SSLProtocolSide side)
407 {
408 SSLContextRef ssl = NULL;
409 bool server = (side == kSSLServerSide);
410
411 ssl=SSLCreateContext(kCFAllocatorDefault, side, kSSLStreamType);
412 ok(ssl, "test_config: SSLCreateContext(1) failed (%s)", server?"server":"client");
413 require(ssl, out);
414
415 /* The order of this tests does matter, be careful when adding tests */
416 ok(!test_GetSupportedCiphers(ssl, server), "test_default: GetSupportedCiphers test failed (%s)", server?"server":"client");
417 ok(!test_GetEnabledCiphers(ssl, sizeof(default_ciphersuites)/sizeof(SSLCipherSuite), default_ciphersuites), "test_default: GetEnabledCiphers test failed (%s)", server?"server":"client");
418
419 CFRelease(ssl); ssl=NULL;
420
421 ssl=SSLCreateContext(kCFAllocatorDefault, side, kSSLStreamType);
422 ok(ssl, "test_default: SSLCreateContext(2) failed (%s)", server?"server":"client");
423 require(ssl, out);
424
425 ok(!test_SetEnabledCiphers(ssl), "test_config: SetEnabledCiphers test failed (%s)", server?"server":"client");
426
427 out:
428 if(ssl) CFRelease(ssl);
429 }
430
431
432
433
434 int ssl_46_SSLGetSupportedCiphers(int argc, char *const *argv)
435 {
436 plan_tests(178);
437
438 test_dhe(kSSLClientSide, true);
439 test_dhe(kSSLServerSide, true);
440 test_dhe(kSSLClientSide, false);
441 test_dhe(kSSLServerSide, false);
442
443 test_default(kSSLClientSide);
444 test_default(kSSLServerSide);
445
446 #define TEST_CONFIG(x, y) do { \
447 test_config(kSSLClientSide, x, sizeof(y)/sizeof(SSLCipherSuite), y); \
448 test_config(kSSLServerSide, x, sizeof(y)/sizeof(SSLCipherSuite), y); \
449 } while(0)
450
451 TEST_CONFIG(kSSLSessionConfig_ATSv1, ATSv1_ciphersuites);
452 TEST_CONFIG(kSSLSessionConfig_ATSv1_noPFS, ATSv1_noPFS_ciphersuites);
453 TEST_CONFIG(kSSLSessionConfig_legacy, legacy_ciphersuites);
454 TEST_CONFIG(kSSLSessionConfig_legacy_DHE, legacy_DHE_ciphersuites);
455 TEST_CONFIG(kSSLSessionConfig_standard, standard_ciphersuites);
456 TEST_CONFIG(kSSLSessionConfig_RC4_fallback, legacy_ciphersuites);
457 TEST_CONFIG(kSSLSessionConfig_TLSv1_fallback, default_ciphersuites);
458 TEST_CONFIG(kSSLSessionConfig_TLSv1_RC4_fallback, legacy_ciphersuites);
459 TEST_CONFIG(kSSLSessionConfig_default, default_ciphersuites);
460 TEST_CONFIG(kSSLSessionConfig_anonymous, anonymous_ciphersuites);
461 TEST_CONFIG(kSSLSessionConfig_3DES_fallback, default_ciphersuites);
462 TEST_CONFIG(kSSLSessionConfig_TLSv1_3DES_fallback, default_ciphersuites);
463
464 return 0;
465 }
466