1 /* 2 * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved. 3 * 4 * Licensed under the Apache License 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * https://www.openssl.org/source/license.html 8 * or in the file LICENSE in the source distribution. 9 */ 10 11 #include <stdio.h> 12 #include <string.h> 13 14 #include <openssl/opensslconf.h> 15 #include <openssl/err.h> 16 #include <openssl/e_os2.h> 17 #include <openssl/ssl.h> 18 #include <openssl/ssl3.h> 19 #include <openssl/tls1.h> 20 21 #include "internal/nelem.h" 22 #include "testutil.h" 23 24 typedef struct cipherlist_test_fixture { 25 const char *test_case_name; 26 SSL_CTX *server; 27 SSL_CTX *client; 28 } CIPHERLIST_TEST_FIXTURE; 29 30 static void tear_down(CIPHERLIST_TEST_FIXTURE *fixture) 31 { 32 if (fixture != NULL) { 33 SSL_CTX_free(fixture->server); 34 SSL_CTX_free(fixture->client); 35 fixture->server = fixture->client = NULL; 36 OPENSSL_free(fixture); 37 } 38 } 39 40 static CIPHERLIST_TEST_FIXTURE *set_up(const char *const test_case_name) 41 { 42 CIPHERLIST_TEST_FIXTURE *fixture; 43 44 if (!TEST_ptr(fixture = OPENSSL_zalloc(sizeof(*fixture)))) 45 return NULL; 46 fixture->test_case_name = test_case_name; 47 if (!TEST_ptr(fixture->server = SSL_CTX_new(TLS_server_method())) 48 || !TEST_ptr(fixture->client = SSL_CTX_new(TLS_client_method()))) { 49 tear_down(fixture); 50 return NULL; 51 } 52 return fixture; 53 } 54 55 /* 56 * All ciphers in the DEFAULT cipherlist meet the default security level. 57 * However, default supported ciphers exclude SRP and PSK ciphersuites 58 * for which no callbacks have been set up. 59 * 60 * Supported ciphers also exclude TLSv1.2 ciphers if TLSv1.2 is disabled, 61 * and individual disabled algorithms. However, NO_RSA, NO_AES and NO_SHA 62 * are currently broken and should be considered mission impossible in libssl. 63 */ 64 static const uint32_t default_ciphers_in_order[] = { 65 #ifndef OPENSSL_NO_TLS1_3 66 TLS1_3_CK_AES_256_GCM_SHA384, 67 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) 68 TLS1_3_CK_CHACHA20_POLY1305_SHA256, 69 #endif 70 TLS1_3_CK_AES_128_GCM_SHA256, 71 #endif 72 #ifndef OPENSSL_NO_TLS1_2 73 #ifndef OPENSSL_NO_EC 74 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, 75 TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384, 76 #endif 77 #ifndef OPENSSL_NO_DH 78 TLS1_CK_DHE_RSA_WITH_AES_256_GCM_SHA384, 79 #endif 80 81 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) 82 #ifndef OPENSSL_NO_EC 83 TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305, 84 TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305, 85 #endif 86 #ifndef OPENSSL_NO_DH 87 TLS1_CK_DHE_RSA_WITH_CHACHA20_POLY1305, 88 #endif 89 #endif /* !OPENSSL_NO_CHACHA && !OPENSSL_NO_POLY1305 */ 90 91 #ifndef OPENSSL_NO_EC 92 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 93 TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 94 #endif 95 #ifndef OPENSSL_NO_DH 96 TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256, 97 #endif 98 #ifndef OPENSSL_NO_EC 99 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384, 100 TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384, 101 #endif 102 #ifndef OPENSSL_NO_DH 103 TLS1_CK_DHE_RSA_WITH_AES_256_SHA256, 104 #endif 105 #ifndef OPENSSL_NO_EC 106 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256, 107 TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256, 108 #endif 109 #ifndef OPENSSL_NO_DH 110 TLS1_CK_DHE_RSA_WITH_AES_128_SHA256, 111 #endif 112 #endif /* !OPENSSL_NO_TLS1_2 */ 113 114 #if !defined(OPENSSL_NO_TLS1_2) || defined(OPENSSL_NO_TLS1_3) 115 /* These won't be usable if TLSv1.3 is available but TLSv1.2 isn't */ 116 #ifndef OPENSSL_NO_EC 117 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, 118 TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA, 119 #endif 120 #ifndef OPENSSL_NO_DH 121 TLS1_CK_DHE_RSA_WITH_AES_256_SHA, 122 #endif 123 #ifndef OPENSSL_NO_EC 124 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, 125 TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA, 126 #endif 127 #ifndef OPENSSL_NO_DH 128 TLS1_CK_DHE_RSA_WITH_AES_128_SHA, 129 #endif 130 #endif /* !defined(OPENSSL_NO_TLS1_2) || defined(OPENSSL_NO_TLS1_3) */ 131 132 #ifndef OPENSSL_NO_TLS1_2 133 TLS1_CK_RSA_WITH_AES_256_GCM_SHA384, 134 TLS1_CK_RSA_WITH_AES_128_GCM_SHA256, 135 #endif 136 #ifndef OPENSSL_NO_TLS1_2 137 TLS1_CK_RSA_WITH_AES_256_SHA256, 138 TLS1_CK_RSA_WITH_AES_128_SHA256, 139 #endif 140 #if !defined(OPENSSL_NO_TLS1_2) || defined(OPENSSL_NO_TLS1_3) 141 /* These won't be usable if TLSv1.3 is available but TLSv1.2 isn't */ 142 TLS1_CK_RSA_WITH_AES_256_SHA, 143 TLS1_CK_RSA_WITH_AES_128_SHA, 144 #endif 145 }; 146 147 static int test_default_cipherlist(SSL_CTX *ctx) 148 { 149 STACK_OF(SSL_CIPHER) *ciphers = NULL; 150 SSL *ssl = NULL; 151 int i, ret = 0, num_expected_ciphers, num_ciphers; 152 uint32_t expected_cipher_id, cipher_id; 153 154 if (ctx == NULL) 155 return 0; 156 157 if (!TEST_ptr(ssl = SSL_new(ctx)) 158 || !TEST_ptr(ciphers = SSL_get1_supported_ciphers(ssl))) 159 goto err; 160 161 num_expected_ciphers = OSSL_NELEM(default_ciphers_in_order); 162 num_ciphers = sk_SSL_CIPHER_num(ciphers); 163 if (!TEST_int_eq(num_ciphers, num_expected_ciphers)) 164 goto err; 165 166 for (i = 0; i < num_ciphers; i++) { 167 expected_cipher_id = default_ciphers_in_order[i]; 168 cipher_id = SSL_CIPHER_get_id(sk_SSL_CIPHER_value(ciphers, i)); 169 if (!TEST_int_eq(cipher_id, expected_cipher_id)) { 170 TEST_info("Wrong cipher at position %d", i); 171 goto err; 172 } 173 } 174 175 ret = 1; 176 177 err: 178 sk_SSL_CIPHER_free(ciphers); 179 SSL_free(ssl); 180 return ret; 181 } 182 183 static int execute_test(CIPHERLIST_TEST_FIXTURE *fixture) 184 { 185 return fixture != NULL 186 && test_default_cipherlist(fixture->server) 187 && test_default_cipherlist(fixture->client); 188 } 189 190 #define SETUP_CIPHERLIST_TEST_FIXTURE() \ 191 SETUP_TEST_FIXTURE(CIPHERLIST_TEST_FIXTURE, set_up) 192 193 #define EXECUTE_CIPHERLIST_TEST() \ 194 EXECUTE_TEST(execute_test, tear_down) 195 196 static int test_default_cipherlist_implicit(void) 197 { 198 SETUP_CIPHERLIST_TEST_FIXTURE(); 199 EXECUTE_CIPHERLIST_TEST(); 200 return result; 201 } 202 203 static int test_default_cipherlist_explicit(void) 204 { 205 SETUP_CIPHERLIST_TEST_FIXTURE(); 206 if (!TEST_true(SSL_CTX_set_cipher_list(fixture->server, "DEFAULT")) 207 || !TEST_true(SSL_CTX_set_cipher_list(fixture->client, "DEFAULT"))) { 208 tear_down(fixture); 209 fixture = NULL; 210 } 211 EXECUTE_CIPHERLIST_TEST(); 212 return result; 213 } 214 215 /* SSL_CTX_set_cipher_list() should fail if it clears all TLSv1.2 ciphers. */ 216 static int test_default_cipherlist_clear(void) 217 { 218 SSL *s = NULL; 219 SETUP_CIPHERLIST_TEST_FIXTURE(); 220 221 if (!TEST_int_eq(SSL_CTX_set_cipher_list(fixture->server, "no-such"), 0)) 222 goto end; 223 224 if (!TEST_int_eq(ERR_GET_REASON(ERR_get_error()), SSL_R_NO_CIPHER_MATCH)) 225 goto end; 226 227 s = SSL_new(fixture->client); 228 229 if (!TEST_ptr(s)) 230 goto end; 231 232 if (!TEST_int_eq(SSL_set_cipher_list(s, "no-such"), 0)) 233 goto end; 234 235 if (!TEST_int_eq(ERR_GET_REASON(ERR_get_error()), 236 SSL_R_NO_CIPHER_MATCH)) 237 goto end; 238 239 result = 1; 240 end: 241 SSL_free(s); 242 tear_down(fixture); 243 return result; 244 } 245 246 /* SSL_CTX_set_cipher_list matching with cipher standard name */ 247 static int test_stdname_cipherlist(void) 248 { 249 SETUP_CIPHERLIST_TEST_FIXTURE(); 250 if (!TEST_true(SSL_CTX_set_cipher_list(fixture->server, TLS1_RFC_RSA_WITH_AES_128_SHA)) 251 || !TEST_true(SSL_CTX_set_cipher_list(fixture->client, TLS1_RFC_RSA_WITH_AES_128_SHA))) { 252 goto end; 253 } 254 result = 1; 255 end: 256 tear_down(fixture); 257 fixture = NULL; 258 return result; 259 } 260 261 int setup_tests(void) 262 { 263 ADD_TEST(test_default_cipherlist_implicit); 264 ADD_TEST(test_default_cipherlist_explicit); 265 ADD_TEST(test_default_cipherlist_clear); 266 ADD_TEST(test_stdname_cipherlist); 267 return 1; 268 } 269