X-Git-Url: https://git.saurik.com/apple/security.git/blobdiff_plain/fa7225c82381bac4432a6edf16f53b5370238d85..dd5fb164cf5b32c462296bc65e289e100f74b59a:/OSX/libsecurity_ssl/regressions/ssl-46-SSLGetSupportedCiphers.c diff --git a/OSX/libsecurity_ssl/regressions/ssl-46-SSLGetSupportedCiphers.c b/OSX/libsecurity_ssl/regressions/ssl-46-SSLGetSupportedCiphers.c index 2ed75a8b..ef0ef929 100644 --- a/OSX/libsecurity_ssl/regressions/ssl-46-SSLGetSupportedCiphers.c +++ b/OSX/libsecurity_ssl/regressions/ssl-46-SSLGetSupportedCiphers.c @@ -141,6 +141,27 @@ const SSLCipherSuite legacy_DHE_ciphersuites[] = { const SSLCipherSuite standard_ciphersuites[] = { + TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, + TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, + TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, + TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, + TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, + TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, + TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, + TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, + TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, + TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, + TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, + TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, + TLS_RSA_WITH_AES_256_GCM_SHA384, + TLS_RSA_WITH_AES_128_GCM_SHA256, + TLS_RSA_WITH_AES_256_CBC_SHA256, + TLS_RSA_WITH_AES_128_CBC_SHA256, + TLS_RSA_WITH_AES_256_CBC_SHA, + TLS_RSA_WITH_AES_128_CBC_SHA, +}; + +const SSLCipherSuite default_ciphersuites[] = { TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, @@ -257,7 +278,6 @@ static int test_GetEnabledCiphers(SSLContextRef ssl, unsigned expected_num_ciphe size_t size; int fail=1; SSLCipherSuite *ciphers = NULL; - OSStatus err; require_noerr(SSLSetIOFuncs(ssl, &SocketRead, &SocketWrite), out); require_noerr(SSLSetConnection(ssl, NULL), out); @@ -276,8 +296,7 @@ static int test_GetEnabledCiphers(SSLContextRef ssl, unsigned expected_num_ciphe free(ciphers); ciphers = NULL; - err = SSLHandshake(ssl); - require(err == errSSLWouldBlock, out); + require(SSLHandshake(ssl) == errSSLWouldBlock, out); require_noerr(SSLGetNumberEnabledCiphers(ssl, &num_ciphers), out); require_string(num_ciphers==expected_num_ciphers, out, "wrong ciphersuites number"); @@ -393,7 +412,7 @@ test_default(SSLProtocolSide side) /* The order of this tests does matter, be careful when adding tests */ ok(!test_GetSupportedCiphers(ssl, server), "test_default: GetSupportedCiphers test failed (%s)", server?"server":"client"); - ok(!test_GetEnabledCiphers(ssl, sizeof(standard_ciphersuites)/sizeof(SSLCipherSuite), standard_ciphersuites), "test_default: GetEnabledCiphers test failed (%s)", server?"server":"client"); + ok(!test_GetEnabledCiphers(ssl, sizeof(default_ciphersuites)/sizeof(SSLCipherSuite), default_ciphersuites), "test_default: GetEnabledCiphers test failed (%s)", server?"server":"client"); CFRelease(ssl); ssl=NULL; @@ -412,7 +431,7 @@ out: int ssl_46_SSLGetSupportedCiphers(int argc, char *const *argv) { - plan_tests(154); + plan_tests(178); test_dhe(kSSLClientSide, true); test_dhe(kSSLServerSide, true); @@ -433,10 +452,12 @@ int ssl_46_SSLGetSupportedCiphers(int argc, char *const *argv) TEST_CONFIG(kSSLSessionConfig_legacy_DHE, legacy_DHE_ciphersuites); TEST_CONFIG(kSSLSessionConfig_standard, standard_ciphersuites); TEST_CONFIG(kSSLSessionConfig_RC4_fallback, legacy_ciphersuites); - TEST_CONFIG(kSSLSessionConfig_TLSv1_fallback, standard_ciphersuites); + TEST_CONFIG(kSSLSessionConfig_TLSv1_fallback, default_ciphersuites); TEST_CONFIG(kSSLSessionConfig_TLSv1_RC4_fallback, legacy_ciphersuites); - TEST_CONFIG(kSSLSessionConfig_default, standard_ciphersuites); + TEST_CONFIG(kSSLSessionConfig_default, default_ciphersuites); TEST_CONFIG(kSSLSessionConfig_anonymous, anonymous_ciphersuites); + TEST_CONFIG(kSSLSessionConfig_3DES_fallback, default_ciphersuites); + TEST_CONFIG(kSSLSessionConfig_TLSv1_3DES_fallback, default_ciphersuites); return 0; }