1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
|
-
+
-
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
|
# Auto generated test cases for ciphers.csv
# Load Tcl Test package
if {[lsearch [namespace children] ::tcltest] == -1} {
package require tcltest
namespace import ::tcltest::*
}
set auto_path [concat [list [file dirname [file dirname [info script]]]] $auto_path]
package require tls
# Make sure path includes location of OpenSSL executable
if {[info exists ::env(OPENSSL)]} {set ::env(path) [string cat [file join $::env(OPENSSL) bin] ";" $::env(path)}
if {[info exists ::env(OPENSSL)]} {set ::env(path) [string cat [file join $::env(OPENSSL) bin ";"] $::env(path)]}
# Constraints
set protocols [list ssl2 ssl3 tls1 tls1.1 tls1.2 tls1.3]
foreach protocol $protocols {::tcltest::testConstraint $protocol 0}
foreach protocol [::tls::protocols] {::tcltest::testConstraint $protocol 1}
::tcltest::testConstraint OpenSSL [string match "OpenSSL*" [::tls::version]]
# Helper functions
proc lcompare {list1 list2} {set m "";set u "";foreach i $list1 {if {$i ni $list2} {lappend m $i}};foreach i $list2 {if {$i ni $list1} {lappend u $i}};return [list "missing" $m "unexpected" $u]}
proc lcompare {list1 list2} {
set m ""
set u ""
foreach i $list1 {
if {$i ni $list2} {
lappend m $i
}
}
foreach i $list2 {
if {$i ni $list1} {
lappend u $i
}
}
return [list "missing" $m "unexpected" $u]
}
proc exec_get {delim args} {return [split [exec openssl {*}$args] $delim]}
# Test protocols
test Protocols-1.1 {All} -body {
lcompare $protocols [::tls::protocols]
} -result {missing {ssl2 ssl3} unexpected {}}
# Test ciphers
test CiphersAll-2.1 {SSL2} -constraints {ssl2} -body {
test Ciphers_By_Protocol-2.1 {SSL2} -constraints {ssl2} -body {
lcompare [exec_get ":" ciphers -ssl2] [::tls::ciphers ssl2]
} -result {missing {} unexpected {}}
test CiphersAll-2.2 {SSL3} -constraints {ssl3} -body {
test Ciphers_By_Protocol-2.2 {SSL3} -constraints {ssl3} -body {
lcompare [exec_get ":" ciphers -ssl3] [::tls::ciphers ssl3]
} -result {missing {} unexpected {}}
test CiphersAll-2.3 {TLS1} -constraints {tls1} -body {
test Ciphers_By_Protocol-2.3 {TLS1.0} -constraints {tls1} -body {
lcompare [exec_get ":" ciphers -tls1] [::tls::ciphers tls1]
} -result {missing {} unexpected {}}
test CiphersAll-2.4 {TLS1.1} -constraints {tls1.1} -body {
test Ciphers_By_Protocol-2.4 {TLS1.1} -constraints {tls1.1} -body {
lcompare [exec_get ":" ciphers -tls1_1] [::tls::ciphers tls1.1]
} -result {missing {} unexpected {}}
test CiphersAll-2.5 {TLS1.2} -constraints {tls1.2} -body {
test Ciphers_By_Protocol-2.5 {TLS1.2} -constraints {tls1.2} -body {
lcompare [exec_get ":" ciphers -tls1_2] [::tls::ciphers tls1.2]
} -result {missing {} unexpected {}}
test CiphersAll-2.6 {TLS1.3} -constraints {tls1.3} -body {
test Ciphers_By_Protocol-2.6 {TLS1.3} -constraints {tls1.3} -body {
lcompare [exec_get ":" ciphers -tls1_3] [::tls::ciphers tls1.3]
} -result {missing {} unexpected {}}
# Test cipher descriptions
test CiphersDesc-3.1 {SSL2} -constraints {ssl2} -body {
test Ciphers_With_Descriptions-3.1 {SSL2} -constraints {ssl2} -body {
lcompare [exec_get "\r\n" ciphers -ssl2 -v] [split [string trim [::tls::ciphers ssl2 1]] \n]
} -result {missing {} unexpected {}}
test CiphersDesc-3.2 {SSL3} -constraints {ssl3} -body {
test Ciphers_With_Descriptions-3.2 {SSL3} -constraints {ssl3} -body {
lcompare [exec_get "\r\n" ciphers -ssl3 -v] [split [string trim [::tls::ciphers ssl3 1]] \n]
} -result {missing {} unexpected {}}
test CiphersDesc-3.3 {TLS1} -constraints {tls1} -body {
test Ciphers_With_Descriptions-3.3 {TLS1.0} -constraints {tls1} -body {
lcompare [exec_get "\r\n" ciphers -tls1 -v] [split [string trim [::tls::ciphers tls1 1]] \n]
} -result {missing {} unexpected {}}
test CiphersDesc-3.4 {TLS1.1} -constraints {tls1.1} -body {
test Ciphers_With_Descriptions-3.4 {TLS1.1} -constraints {tls1.1} -body {
lcompare [exec_get "\r\n" ciphers -tls1_1 -v] [split [string trim [::tls::ciphers tls1.1 1]] \n]
} -result {missing {} unexpected {}}
test CiphersDesc-3.5 {TLS1.2} -constraints {tls1.2} -body {
test Ciphers_With_Descriptions-3.5 {TLS1.2} -constraints {tls1.2} -body {
lcompare [exec_get "\r\n" ciphers -tls1_2 -v] [split [string trim [::tls::ciphers tls1.2 1]] \n]
} -result {missing {} unexpected {}}
test CiphersDesc-3.6 {TLS1.3} -constraints {tls1.3} -body {
test Ciphers_With_Descriptions-3.6 {TLS1.3} -constraints {tls1.3} -body {
lcompare [exec_get "\r\n" ciphers -tls1_3 -v] [split [string trim [::tls::ciphers tls1.3 1]] \n]
} -result {missing {} unexpected {}}
# Test protocol specific ciphers
test CiphersSpecific-4.1 {SSL2} -constraints {ssl2} -body {
test Ciphers_Protocol_Specific-4.1 {SSL2} -constraints {ssl2} -body {
lcompare [exec_get ":" ciphers -ssl2 -s] [::tls::ciphers ssl2 0 1]
} -result {missing {} unexpected {}}
test CiphersSpecific-4.2 {SSL3} -constraints {ssl3} -body {
test Ciphers_Protocol_Specific-4.2 {SSL3} -constraints {ssl3} -body {
lcompare [exec_get ":" ciphers -ssl3 -s] [::tls::ciphers ssl3 0 1]
} -result {missing {} unexpected {}}
test CiphersSpecific-4.3 {TLS1} -constraints {tls1} -body {
test Ciphers_Protocol_Specific-4.3 {TLS1.0} -constraints {tls1} -body {
lcompare [exec_get ":" ciphers -tls1 -s] [::tls::ciphers tls1 0 1]
} -result {missing {} unexpected {}}
test CiphersSpecific-4.4 {TLS1.1} -constraints {tls1.1} -body {
test Ciphers_Protocol_Specific-4.4 {TLS1.1} -constraints {tls1.1} -body {
lcompare [exec_get ":" ciphers -tls1_1 -s] [::tls::ciphers tls1.1 0 1]
} -result {missing {} unexpected {}}
test CiphersSpecific-4.5 {TLS1.2} -constraints {tls1.2} -body {
test Ciphers_Protocol_Specific-4.5 {TLS1.2} -constraints {tls1.2} -body {
lcompare [exec_get ":" ciphers -tls1_2 -s] [::tls::ciphers tls1.2 0 1]
} -result {missing {} unexpected {}}
test CiphersSpecific-4.6 {TLS1.3} -constraints {tls1.3} -body {
test Ciphers_Protocol_Specific-4.6 {TLS1.3} -constraints {tls1.3} -body {
lcompare [exec_get ":" ciphers -tls1_3 -s] [::tls::ciphers tls1.3 0 1]
} -result {missing {} unexpected {}}
# Test version
test Version-5.1 {All} -body {
|