1*4724848cSchristos /*
2*4724848cSchristos * Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved.
3*4724848cSchristos *
4*4724848cSchristos * Licensed under the OpenSSL licenses, (the "License");
5*4724848cSchristos * you may not use this file except in compliance with the License.
6*4724848cSchristos * You may obtain a copy of the License at
7*4724848cSchristos * https://www.openssl.org/source/license.html
8*4724848cSchristos * or in the file LICENSE in the source distribution.
9*4724848cSchristos */
10*4724848cSchristos
11*4724848cSchristos #include <stdio.h>
12*4724848cSchristos #include <string.h>
13*4724848cSchristos
14*4724848cSchristos #include <openssl/opensslconf.h>
15*4724848cSchristos #include <openssl/err.h>
16*4724848cSchristos #include <openssl/e_os2.h>
17*4724848cSchristos #include <openssl/ssl.h>
18*4724848cSchristos #include <openssl/ssl3.h>
19*4724848cSchristos #include <openssl/tls1.h>
20*4724848cSchristos
21*4724848cSchristos #include "internal/nelem.h"
22*4724848cSchristos #include "testutil.h"
23*4724848cSchristos
24*4724848cSchristos typedef struct cipherlist_test_fixture {
25*4724848cSchristos const char *test_case_name;
26*4724848cSchristos SSL_CTX *server;
27*4724848cSchristos SSL_CTX *client;
28*4724848cSchristos } CIPHERLIST_TEST_FIXTURE;
29*4724848cSchristos
30*4724848cSchristos
tear_down(CIPHERLIST_TEST_FIXTURE * fixture)31*4724848cSchristos static void tear_down(CIPHERLIST_TEST_FIXTURE *fixture)
32*4724848cSchristos {
33*4724848cSchristos if (fixture != NULL) {
34*4724848cSchristos SSL_CTX_free(fixture->server);
35*4724848cSchristos SSL_CTX_free(fixture->client);
36*4724848cSchristos fixture->server = fixture->client = NULL;
37*4724848cSchristos OPENSSL_free(fixture);
38*4724848cSchristos }
39*4724848cSchristos }
40*4724848cSchristos
set_up(const char * const test_case_name)41*4724848cSchristos static CIPHERLIST_TEST_FIXTURE *set_up(const char *const test_case_name)
42*4724848cSchristos {
43*4724848cSchristos CIPHERLIST_TEST_FIXTURE *fixture;
44*4724848cSchristos
45*4724848cSchristos if (!TEST_ptr(fixture = OPENSSL_zalloc(sizeof(*fixture))))
46*4724848cSchristos return NULL;
47*4724848cSchristos fixture->test_case_name = test_case_name;
48*4724848cSchristos if (!TEST_ptr(fixture->server = SSL_CTX_new(TLS_server_method()))
49*4724848cSchristos || !TEST_ptr(fixture->client = SSL_CTX_new(TLS_client_method()))) {
50*4724848cSchristos tear_down(fixture);
51*4724848cSchristos return NULL;
52*4724848cSchristos }
53*4724848cSchristos return fixture;
54*4724848cSchristos }
55*4724848cSchristos
56*4724848cSchristos /*
57*4724848cSchristos * All ciphers in the DEFAULT cipherlist meet the default security level.
58*4724848cSchristos * However, default supported ciphers exclude SRP and PSK ciphersuites
59*4724848cSchristos * for which no callbacks have been set up.
60*4724848cSchristos *
61*4724848cSchristos * Supported ciphers also exclude TLSv1.2 ciphers if TLSv1.2 is disabled,
62*4724848cSchristos * and individual disabled algorithms. However, NO_RSA, NO_AES and NO_SHA
63*4724848cSchristos * are currently broken and should be considered mission impossible in libssl.
64*4724848cSchristos */
65*4724848cSchristos static const uint32_t default_ciphers_in_order[] = {
66*4724848cSchristos #ifndef OPENSSL_NO_TLS1_3
67*4724848cSchristos TLS1_3_CK_AES_256_GCM_SHA384,
68*4724848cSchristos # if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
69*4724848cSchristos TLS1_3_CK_CHACHA20_POLY1305_SHA256,
70*4724848cSchristos # endif
71*4724848cSchristos TLS1_3_CK_AES_128_GCM_SHA256,
72*4724848cSchristos #endif
73*4724848cSchristos #ifndef OPENSSL_NO_TLS1_2
74*4724848cSchristos # ifndef OPENSSL_NO_EC
75*4724848cSchristos TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
76*4724848cSchristos TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
77*4724848cSchristos # endif
78*4724848cSchristos # ifndef OPENSSL_NO_DH
79*4724848cSchristos TLS1_CK_DHE_RSA_WITH_AES_256_GCM_SHA384,
80*4724848cSchristos # endif
81*4724848cSchristos
82*4724848cSchristos # if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
83*4724848cSchristos # ifndef OPENSSL_NO_EC
84*4724848cSchristos TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
85*4724848cSchristos TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305,
86*4724848cSchristos # endif
87*4724848cSchristos # ifndef OPENSSL_NO_DH
88*4724848cSchristos TLS1_CK_DHE_RSA_WITH_CHACHA20_POLY1305,
89*4724848cSchristos # endif
90*4724848cSchristos # endif /* !OPENSSL_NO_CHACHA && !OPENSSL_NO_POLY1305 */
91*4724848cSchristos
92*4724848cSchristos # ifndef OPENSSL_NO_EC
93*4724848cSchristos TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
94*4724848cSchristos TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
95*4724848cSchristos # endif
96*4724848cSchristos # ifndef OPENSSL_NO_DH
97*4724848cSchristos TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256,
98*4724848cSchristos # endif
99*4724848cSchristos # ifndef OPENSSL_NO_EC
100*4724848cSchristos TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384,
101*4724848cSchristos TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384,
102*4724848cSchristos # endif
103*4724848cSchristos # ifndef OPENSSL_NO_DH
104*4724848cSchristos TLS1_CK_DHE_RSA_WITH_AES_256_SHA256,
105*4724848cSchristos # endif
106*4724848cSchristos # ifndef OPENSSL_NO_EC
107*4724848cSchristos TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256,
108*4724848cSchristos TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256,
109*4724848cSchristos # endif
110*4724848cSchristos # ifndef OPENSSL_NO_DH
111*4724848cSchristos TLS1_CK_DHE_RSA_WITH_AES_128_SHA256,
112*4724848cSchristos # endif
113*4724848cSchristos #endif /* !OPENSSL_NO_TLS1_2 */
114*4724848cSchristos
115*4724848cSchristos #if !defined(OPENSSL_NO_TLS1_2) || defined(OPENSSL_NO_TLS1_3)
116*4724848cSchristos /* These won't be usable if TLSv1.3 is available but TLSv1.2 isn't */
117*4724848cSchristos # ifndef OPENSSL_NO_EC
118*4724848cSchristos TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
119*4724848cSchristos TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA,
120*4724848cSchristos # endif
121*4724848cSchristos #ifndef OPENSSL_NO_DH
122*4724848cSchristos TLS1_CK_DHE_RSA_WITH_AES_256_SHA,
123*4724848cSchristos # endif
124*4724848cSchristos # ifndef OPENSSL_NO_EC
125*4724848cSchristos TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
126*4724848cSchristos TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA,
127*4724848cSchristos # endif
128*4724848cSchristos # ifndef OPENSSL_NO_DH
129*4724848cSchristos TLS1_CK_DHE_RSA_WITH_AES_128_SHA,
130*4724848cSchristos # endif
131*4724848cSchristos #endif /* !defined(OPENSSL_NO_TLS1_2) || defined(OPENSSL_NO_TLS1_3) */
132*4724848cSchristos
133*4724848cSchristos #ifndef OPENSSL_NO_TLS1_2
134*4724848cSchristos TLS1_CK_RSA_WITH_AES_256_GCM_SHA384,
135*4724848cSchristos TLS1_CK_RSA_WITH_AES_128_GCM_SHA256,
136*4724848cSchristos #endif
137*4724848cSchristos #ifndef OPENSSL_NO_TLS1_2
138*4724848cSchristos TLS1_CK_RSA_WITH_AES_256_SHA256,
139*4724848cSchristos TLS1_CK_RSA_WITH_AES_128_SHA256,
140*4724848cSchristos #endif
141*4724848cSchristos #if !defined(OPENSSL_NO_TLS1_2) || defined(OPENSSL_NO_TLS1_3)
142*4724848cSchristos /* These won't be usable if TLSv1.3 is available but TLSv1.2 isn't */
143*4724848cSchristos TLS1_CK_RSA_WITH_AES_256_SHA,
144*4724848cSchristos TLS1_CK_RSA_WITH_AES_128_SHA,
145*4724848cSchristos #endif
146*4724848cSchristos };
147*4724848cSchristos
test_default_cipherlist(SSL_CTX * ctx)148*4724848cSchristos static int test_default_cipherlist(SSL_CTX *ctx)
149*4724848cSchristos {
150*4724848cSchristos STACK_OF(SSL_CIPHER) *ciphers = NULL;
151*4724848cSchristos SSL *ssl = NULL;
152*4724848cSchristos int i, ret = 0, num_expected_ciphers, num_ciphers;
153*4724848cSchristos uint32_t expected_cipher_id, cipher_id;
154*4724848cSchristos
155*4724848cSchristos if (ctx == NULL)
156*4724848cSchristos return 0;
157*4724848cSchristos
158*4724848cSchristos if (!TEST_ptr(ssl = SSL_new(ctx))
159*4724848cSchristos || !TEST_ptr(ciphers = SSL_get1_supported_ciphers(ssl)))
160*4724848cSchristos goto err;
161*4724848cSchristos
162*4724848cSchristos num_expected_ciphers = OSSL_NELEM(default_ciphers_in_order);
163*4724848cSchristos num_ciphers = sk_SSL_CIPHER_num(ciphers);
164*4724848cSchristos if (!TEST_int_eq(num_ciphers, num_expected_ciphers))
165*4724848cSchristos goto err;
166*4724848cSchristos
167*4724848cSchristos for (i = 0; i < num_ciphers; i++) {
168*4724848cSchristos expected_cipher_id = default_ciphers_in_order[i];
169*4724848cSchristos cipher_id = SSL_CIPHER_get_id(sk_SSL_CIPHER_value(ciphers, i));
170*4724848cSchristos if (!TEST_int_eq(cipher_id, expected_cipher_id)) {
171*4724848cSchristos TEST_info("Wrong cipher at position %d", i);
172*4724848cSchristos goto err;
173*4724848cSchristos }
174*4724848cSchristos }
175*4724848cSchristos
176*4724848cSchristos ret = 1;
177*4724848cSchristos
178*4724848cSchristos err:
179*4724848cSchristos sk_SSL_CIPHER_free(ciphers);
180*4724848cSchristos SSL_free(ssl);
181*4724848cSchristos return ret;
182*4724848cSchristos }
183*4724848cSchristos
execute_test(CIPHERLIST_TEST_FIXTURE * fixture)184*4724848cSchristos static int execute_test(CIPHERLIST_TEST_FIXTURE *fixture)
185*4724848cSchristos {
186*4724848cSchristos return fixture != NULL
187*4724848cSchristos && test_default_cipherlist(fixture->server)
188*4724848cSchristos && test_default_cipherlist(fixture->client);
189*4724848cSchristos }
190*4724848cSchristos
191*4724848cSchristos #define SETUP_CIPHERLIST_TEST_FIXTURE() \
192*4724848cSchristos SETUP_TEST_FIXTURE(CIPHERLIST_TEST_FIXTURE, set_up)
193*4724848cSchristos
194*4724848cSchristos #define EXECUTE_CIPHERLIST_TEST() \
195*4724848cSchristos EXECUTE_TEST(execute_test, tear_down)
196*4724848cSchristos
test_default_cipherlist_implicit(void)197*4724848cSchristos static int test_default_cipherlist_implicit(void)
198*4724848cSchristos {
199*4724848cSchristos SETUP_CIPHERLIST_TEST_FIXTURE();
200*4724848cSchristos if (fixture == NULL)
201*4724848cSchristos return 0;
202*4724848cSchristos EXECUTE_CIPHERLIST_TEST();
203*4724848cSchristos return result;
204*4724848cSchristos }
205*4724848cSchristos
test_default_cipherlist_explicit(void)206*4724848cSchristos static int test_default_cipherlist_explicit(void)
207*4724848cSchristos {
208*4724848cSchristos SETUP_CIPHERLIST_TEST_FIXTURE();
209*4724848cSchristos if (fixture == NULL)
210*4724848cSchristos return 0;
211*4724848cSchristos if (!TEST_true(SSL_CTX_set_cipher_list(fixture->server, "DEFAULT"))
212*4724848cSchristos || !TEST_true(SSL_CTX_set_cipher_list(fixture->client, "DEFAULT")))
213*4724848cSchristos tear_down(fixture);
214*4724848cSchristos EXECUTE_CIPHERLIST_TEST();
215*4724848cSchristos return result;
216*4724848cSchristos }
217*4724848cSchristos
218*4724848cSchristos /* SSL_CTX_set_cipher_list() should fail if it clears all TLSv1.2 ciphers. */
test_default_cipherlist_clear(void)219*4724848cSchristos static int test_default_cipherlist_clear(void)
220*4724848cSchristos {
221*4724848cSchristos SETUP_CIPHERLIST_TEST_FIXTURE();
222*4724848cSchristos SSL *s = NULL;
223*4724848cSchristos
224*4724848cSchristos if (fixture == NULL)
225*4724848cSchristos return 0;
226*4724848cSchristos
227*4724848cSchristos if (!TEST_int_eq(SSL_CTX_set_cipher_list(fixture->server, "no-such"), 0))
228*4724848cSchristos goto end;
229*4724848cSchristos
230*4724848cSchristos if (!TEST_int_eq(ERR_GET_REASON(ERR_get_error()), SSL_R_NO_CIPHER_MATCH))
231*4724848cSchristos goto end;
232*4724848cSchristos
233*4724848cSchristos s = SSL_new(fixture->client);
234*4724848cSchristos
235*4724848cSchristos if (!TEST_ptr(s))
236*4724848cSchristos goto end;
237*4724848cSchristos
238*4724848cSchristos if (!TEST_int_eq(SSL_set_cipher_list(s, "no-such"), 0))
239*4724848cSchristos goto end;
240*4724848cSchristos
241*4724848cSchristos if (!TEST_int_eq(ERR_GET_REASON(ERR_get_error()),
242*4724848cSchristos SSL_R_NO_CIPHER_MATCH))
243*4724848cSchristos goto end;
244*4724848cSchristos
245*4724848cSchristos result = 1;
246*4724848cSchristos end:
247*4724848cSchristos SSL_free(s);
248*4724848cSchristos tear_down(fixture);
249*4724848cSchristos return result;
250*4724848cSchristos }
251*4724848cSchristos
setup_tests(void)252*4724848cSchristos int setup_tests(void)
253*4724848cSchristos {
254*4724848cSchristos ADD_TEST(test_default_cipherlist_implicit);
255*4724848cSchristos ADD_TEST(test_default_cipherlist_explicit);
256*4724848cSchristos ADD_TEST(test_default_cipherlist_clear);
257*4724848cSchristos return 1;
258*4724848cSchristos }
259