(Assert (member 'AES-192-CFB (ossl-available-ciphers)))
(Assert (member 'AES-192-OFB (ossl-available-ciphers)))
+ ;; blacklisted ciphers should give us an error
+ (mapc-internal
+ #'(lambda (cipher)
+ (Check-Error-Message error "use of blacklisted cipher prohibited"
+ (ossl-cipher-mode cipher)))
+ ossl-cipher-blacklist)
+
;; first we check the key generator
(let ((encstrs
(list "foo string test bar"
"\n"))
(salts
(list nil "salt" "" "toomuchsalt"))
- ;; Ciphers
- (ciphers
- ;; We seem to have issues with the following ciphers. Not
- ;; sure yet if it is SXEmacs bug, or OpenSSL bug. But perhaps
- ;; we should prevent them from being used at all with our ssl
- ;; code instead of just conveniently ignoring them in the
- ;; testsuite? --SY.
- (let ((bad-ciphers '(id-smime-alg-CMS3DESwrap
- id-aes128-wrap id-aes192-wrap id-aes256-wrap
- id-aes128-GCM id-aes128-CCM id-aes192-GCM
- id-aes192-CCM id-aes256-GCM id-aes256-CCM
- AES-128-XTS AES-256-XTS))
- ciphers)
- (mapc-internal
- #'(lambda (cipher)
- (let ((ciphmode (substring (symbol-name cipher) -2)))
- ;; Never use CFB1 and CFB8 modes.
- ;; Both modes tend to mangle the result strings which
- ;; yields an assertion error.
- ;; Bug in openssl?
- ;; -hroptatyr
- ;; Shouldn't we prevent their use outside the testsuite
- ;; as well? --SY.
- (unless (or ;(< (ossl-cipher-bits cipher) 128)
- (string= "B1" ciphmode)
- (string= "B8" ciphmode)
- (member cipher bad-ciphers))
- (setq ciphers
- (cons cipher ciphers)))))
- (ossl-available-ciphers))
- ciphers))
- ;; Digests
- ;; Sebastian had initially only used digests that didn't have
- ;; a dash in their name, I'm not sure what his reasoning was,
- ;; perhaps just to speed up running the testsuite, I dunno.
- ;; But I say we should test them ALL. :-) --SY.
+ (ciphers (ossl-available-ciphers))
(digests (ossl-available-digests))
- ;; (digests
- ;; (let (digests)
- ;; (mapc-internal
- ;; #'(lambda (digest)
- ;; (let ((digestname (symbol-name digest)))
- ;; ;; only use digests without a dash in their names
- ;; (unless (string-match "-" digestname)
- ;; (setq digests
- ;; (cons digest digests)))))
- ;; (ossl-available-digests))
- ;; digests))
key iv
enc dec)