1/* 2 * Copyright 2017-2020 The OpenSSL Project Authors. All Rights Reserved. 3 * 4 * Licensed under the Apache License 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * https://www.openssl.org/source/license.html 8 * or in the file LICENSE in the source distribution. 9 */ 10 11#include <string.h> 12#include <stdio.h> 13 14#include <openssl/opensslconf.h> 15#include <openssl/err.h> 16#include <openssl/e_os2.h> 17#include <openssl/ssl.h> 18#include <openssl/ssl3.h> 19#include <openssl/tls1.h> 20 21#include "internal/nelem.h" 22#include "testutil.h" 23 24static SSL_CTX *ctx; 25static SSL *s; 26 27static int test_empty(void) 28{ 29 STACK_OF(SSL_CIPHER) *sk = NULL, *scsv = NULL; 30 const unsigned char bytes[] = {0x00}; 31 int ret = 0; 32 33 if (!TEST_int_eq(SSL_bytes_to_cipher_list(s, bytes, 0, 0, &sk, &scsv), 0) 34 || !TEST_ptr_null(sk) 35 || !TEST_ptr_null(scsv)) 36 goto err; 37 ret = 1; 38 39err: 40 sk_SSL_CIPHER_free(sk); 41 sk_SSL_CIPHER_free(scsv); 42 return ret; 43} 44 45static int test_unsupported(void) 46{ 47 STACK_OF(SSL_CIPHER) *sk, *scsv; 48 /* ECDH-RSA-AES256 (unsupported), ECDHE-ECDSA-AES128, <unassigned> */ 49 const unsigned char bytes[] = {0xc0, 0x0f, 0x00, 0x2f, 0x01, 0x00}; 50 int ret = 0; 51 52 if (!TEST_true(SSL_bytes_to_cipher_list(s, bytes, sizeof(bytes), 53 0, &sk, &scsv)) 54 || !TEST_ptr(sk) 55 || !TEST_int_eq(sk_SSL_CIPHER_num(sk), 1) 56 || !TEST_ptr(scsv) 57 || !TEST_int_eq(sk_SSL_CIPHER_num(scsv), 0) 58 || !TEST_str_eq(SSL_CIPHER_get_name(sk_SSL_CIPHER_value(sk, 0)), 59 "AES128-SHA")) 60 goto err; 61 62 ret = 1; 63err: 64 sk_SSL_CIPHER_free(sk); 65 sk_SSL_CIPHER_free(scsv); 66 return ret; 67} 68 69static int test_v2(void) 70{ 71 STACK_OF(SSL_CIPHER) *sk, *scsv; 72 /* ECDHE-ECDSA-AES256GCM, SSL2_RC4_1238_WITH_MD5, 73 * ECDHE-ECDSA-CHACHA20-POLY1305 */ 74 const unsigned char bytes[] = {0x00, 0x00, 0x35, 0x01, 0x00, 0x80, 75 0x00, 0x00, 0x33}; 76 int ret = 0; 77 78 if (!TEST_true(SSL_bytes_to_cipher_list(s, bytes, sizeof(bytes), 1, 79 &sk, &scsv)) 80 || !TEST_ptr(sk) 81 || !TEST_int_eq(sk_SSL_CIPHER_num(sk), 2) 82 || !TEST_ptr(scsv) 83 || !TEST_int_eq(sk_SSL_CIPHER_num(scsv), 0)) 84 goto err; 85 if (strcmp(SSL_CIPHER_get_name(sk_SSL_CIPHER_value(sk, 0)), 86 "AES256-SHA") != 0 || 87 strcmp(SSL_CIPHER_get_name(sk_SSL_CIPHER_value(sk, 1)), 88 "DHE-RSA-AES128-SHA") != 0) 89 goto err; 90 91 ret = 1; 92 93err: 94 sk_SSL_CIPHER_free(sk); 95 sk_SSL_CIPHER_free(scsv); 96 return ret; 97} 98 99static int test_v3(void) 100{ 101 STACK_OF(SSL_CIPHER) *sk = NULL, *scsv = NULL; 102 /* ECDHE-ECDSA-AES256GCM, ECDHE-ECDSA-CHACHAPOLY, DHE-RSA-AES256GCM, 103 * EMPTY-RENEGOTIATION-INFO-SCSV, FALLBACK-SCSV */ 104 const unsigned char bytes[] = {0x00, 0x2f, 0x00, 0x33, 0x00, 0x9f, 0x00, 0xff, 105 0x56, 0x00}; 106 int ret = 0; 107 108 if (!SSL_bytes_to_cipher_list(s, bytes, sizeof(bytes), 0, &sk, &scsv) 109 || !TEST_ptr(sk) 110 || !TEST_int_eq(sk_SSL_CIPHER_num(sk), 3) 111 || !TEST_ptr(scsv) 112 || !TEST_int_eq(sk_SSL_CIPHER_num(scsv), 2) 113 || !TEST_str_eq(SSL_CIPHER_get_name(sk_SSL_CIPHER_value(sk, 0)), 114 "AES128-SHA") 115 || !TEST_str_eq(SSL_CIPHER_get_name(sk_SSL_CIPHER_value(sk, 1)), 116 "DHE-RSA-AES128-SHA") 117 || !TEST_str_eq(SSL_CIPHER_get_name(sk_SSL_CIPHER_value(sk, 2)), 118 "DHE-RSA-AES256-GCM-SHA384") 119 || !TEST_str_eq(SSL_CIPHER_get_name(sk_SSL_CIPHER_value(scsv, 0)), 120 "TLS_EMPTY_RENEGOTIATION_INFO_SCSV") 121 || !TEST_str_eq(SSL_CIPHER_get_name(sk_SSL_CIPHER_value(scsv, 1)), 122 "TLS_FALLBACK_SCSV")) 123 goto err; 124 125 ret = 1; 126err: 127 sk_SSL_CIPHER_free(sk); 128 sk_SSL_CIPHER_free(scsv); 129 return ret; 130} 131 132int setup_tests(void) 133{ 134 if (!TEST_ptr(ctx = SSL_CTX_new(TLS_server_method())) 135 || !TEST_ptr(s = SSL_new(ctx))) 136 return 0; 137 138 ADD_TEST(test_empty); 139 ADD_TEST(test_unsupported); 140 ADD_TEST(test_v2); 141 ADD_TEST(test_v3); 142 return 1; 143} 144 145void cleanup_tests(void) 146{ 147 SSL_free(s); 148 SSL_CTX_free(ctx); 149} 150