From 6676c4405637256767465244a889737be749b75b Mon Sep 17 00:00:00 2001
From: jsing <jsing@openbsd.org>
Date: Sat, 3 Jul 2021 15:54:41 +0000
Subject: [PATCH] Add test that ensures ssl3_ciphers[] is sorted by cipher id.

---
 regress/lib/libssl/ciphers/cipherstest.c | 37 ++++++++++++++++++++++++
 1 file changed, 37 insertions(+)

diff --git a/regress/lib/libssl/ciphers/cipherstest.c b/regress/lib/libssl/ciphers/cipherstest.c
index f3bd841130f..c43939d4d54 100644
--- a/regress/lib/libssl/ciphers/cipherstest.c
+++ b/regress/lib/libssl/ciphers/cipherstest.c
@@ -20,6 +20,9 @@
 #include <stdio.h>
 #include <string.h>
 
+int ssl3_num_ciphers(void);
+const SSL_CIPHER *ssl3_get_cipher(unsigned int u);
+
 int ssl_parse_ciphersuites(STACK_OF(SSL_CIPHER) **out_ciphers, const char *str);
 
 static inline int
@@ -32,6 +35,38 @@ ssl_aes_is_accelerated(void)
 #endif
 }
 
+static int
+check_cipher_order(void)
+{
+	unsigned long id, prev_id = 0;
+	const SSL_CIPHER *cipher;
+	int num_ciphers;
+	int i;
+
+	num_ciphers = ssl3_num_ciphers();
+
+	for (i = 1; i <= num_ciphers; i++) {
+		/*
+		 * For some reason, ssl3_get_cipher() returns ciphers in
+		 * reverse order.
+		 */
+		if ((cipher = ssl3_get_cipher(num_ciphers - i)) == NULL) {
+			fprintf(stderr, "FAIL: ssl3_get_cipher(%d) returned "
+			    "NULL\n", i);
+			return 1;
+		}
+		if ((id = SSL_CIPHER_get_id(cipher)) <= prev_id) {
+			fprintf(stderr, "FAIL: ssl3_ciphers is not sorted by "
+			    "id - cipher %d (%lx) <= cipher %d (%lx)\n",
+			    i, id, i - 1, prev_id);
+			return 1;
+		}
+		prev_id = id;
+	}
+
+	return 0;
+}
+
 static int
 cipher_find_test(void)
 {
@@ -484,6 +519,8 @@ main(int argc, char **argv)
 {
 	int failed = 0;
 
+	failed |= check_cipher_order();
+
 	failed |= cipher_find_test();
 	failed |= cipher_get_by_value_tests();
 
-- 
2.20.1