1/*
2 * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 * https://www.openssl.org/source/license.html
8 * or in the file LICENSE in the source distribution.
9 */
10
11#include <stdio.h>
12#include <string.h>
13
14#include <openssl/opensslconf.h>
15#include <openssl/err.h>
16#include <openssl/e_os2.h>
17#include <openssl/ssl.h>
18#include <openssl/ssl3.h>
19#include <openssl/tls1.h>
20
21#include "internal/nelem.h"
22#include "testutil.h"
23
24typedef struct cipherlist_test_fixture {
25    const char *test_case_name;
26    SSL_CTX *server;
27    SSL_CTX *client;
28} CIPHERLIST_TEST_FIXTURE;
29
30
31static void tear_down(CIPHERLIST_TEST_FIXTURE *fixture)
32{
33    if (fixture != NULL) {
34        SSL_CTX_free(fixture->server);
35        SSL_CTX_free(fixture->client);
36        fixture->server = fixture->client = NULL;
37        OPENSSL_free(fixture);
38    }
39}
40
41static CIPHERLIST_TEST_FIXTURE *set_up(const char *const test_case_name)
42{
43    CIPHERLIST_TEST_FIXTURE *fixture;
44
45    if (!TEST_ptr(fixture = OPENSSL_zalloc(sizeof(*fixture))))
46        return NULL;
47    fixture->test_case_name = test_case_name;
48    if (!TEST_ptr(fixture->server = SSL_CTX_new(TLS_server_method()))
49            || !TEST_ptr(fixture->client = SSL_CTX_new(TLS_client_method()))) {
50        tear_down(fixture);
51        return NULL;
52    }
53    return fixture;
54}
55
56/*
57 * All ciphers in the DEFAULT cipherlist meet the default security level.
58 * However, default supported ciphers exclude SRP and PSK ciphersuites
59 * for which no callbacks have been set up.
60 *
61 * Supported ciphers also exclude TLSv1.2 ciphers if TLSv1.2 is disabled,
62 * and individual disabled algorithms. However, NO_RSA, NO_AES and NO_SHA
63 * are currently broken and should be considered mission impossible in libssl.
64 */
65static const uint32_t default_ciphers_in_order[] = {
66#ifndef OPENSSL_NO_TLS1_3
67    TLS1_3_CK_AES_256_GCM_SHA384,
68# if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
69    TLS1_3_CK_CHACHA20_POLY1305_SHA256,
70# endif
71    TLS1_3_CK_AES_128_GCM_SHA256,
72#endif
73#ifndef OPENSSL_NO_TLS1_2
74# ifndef OPENSSL_NO_EC
75    TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
76    TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
77# endif
78# ifndef OPENSSL_NO_DH
79    TLS1_CK_DHE_RSA_WITH_AES_256_GCM_SHA384,
80# endif
81
82# if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
83#  ifndef OPENSSL_NO_EC
84    TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
85    TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305,
86#  endif
87#  ifndef OPENSSL_NO_DH
88    TLS1_CK_DHE_RSA_WITH_CHACHA20_POLY1305,
89#  endif
90# endif  /* !OPENSSL_NO_CHACHA && !OPENSSL_NO_POLY1305 */
91
92# ifndef OPENSSL_NO_EC
93    TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
94    TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
95# endif
96# ifndef OPENSSL_NO_DH
97    TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256,
98# endif
99# ifndef OPENSSL_NO_EC
100    TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384,
101    TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384,
102# endif
103# ifndef OPENSSL_NO_DH
104    TLS1_CK_DHE_RSA_WITH_AES_256_SHA256,
105# endif
106# ifndef OPENSSL_NO_EC
107    TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256,
108    TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256,
109# endif
110# ifndef OPENSSL_NO_DH
111    TLS1_CK_DHE_RSA_WITH_AES_128_SHA256,
112# endif
113#endif  /* !OPENSSL_NO_TLS1_2 */
114
115#if !defined(OPENSSL_NO_TLS1_2) || defined(OPENSSL_NO_TLS1_3)
116    /* These won't be usable if TLSv1.3 is available but TLSv1.2 isn't */
117# ifndef OPENSSL_NO_EC
118    TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
119    TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA,
120# endif
121 #ifndef OPENSSL_NO_DH
122    TLS1_CK_DHE_RSA_WITH_AES_256_SHA,
123# endif
124# ifndef OPENSSL_NO_EC
125    TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
126    TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA,
127# endif
128# ifndef OPENSSL_NO_DH
129    TLS1_CK_DHE_RSA_WITH_AES_128_SHA,
130# endif
131#endif /* !defined(OPENSSL_NO_TLS1_2) || defined(OPENSSL_NO_TLS1_3) */
132
133#ifndef OPENSSL_NO_TLS1_2
134    TLS1_CK_RSA_WITH_AES_256_GCM_SHA384,
135    TLS1_CK_RSA_WITH_AES_128_GCM_SHA256,
136#endif
137#ifndef OPENSSL_NO_TLS1_2
138    TLS1_CK_RSA_WITH_AES_256_SHA256,
139    TLS1_CK_RSA_WITH_AES_128_SHA256,
140#endif
141#if !defined(OPENSSL_NO_TLS1_2) || defined(OPENSSL_NO_TLS1_3)
142    /* These won't be usable if TLSv1.3 is available but TLSv1.2 isn't */
143    TLS1_CK_RSA_WITH_AES_256_SHA,
144    TLS1_CK_RSA_WITH_AES_128_SHA,
145#endif
146};
147
148static int test_default_cipherlist(SSL_CTX *ctx)
149{
150    STACK_OF(SSL_CIPHER) *ciphers = NULL;
151    SSL *ssl = NULL;
152    int i, ret = 0, num_expected_ciphers, num_ciphers;
153    uint32_t expected_cipher_id, cipher_id;
154
155    if (ctx == NULL)
156        return 0;
157
158    if (!TEST_ptr(ssl = SSL_new(ctx))
159            || !TEST_ptr(ciphers = SSL_get1_supported_ciphers(ssl)))
160        goto err;
161
162    num_expected_ciphers = OSSL_NELEM(default_ciphers_in_order);
163    num_ciphers = sk_SSL_CIPHER_num(ciphers);
164    if (!TEST_int_eq(num_ciphers, num_expected_ciphers))
165        goto err;
166
167    for (i = 0; i < num_ciphers; i++) {
168        expected_cipher_id = default_ciphers_in_order[i];
169        cipher_id = SSL_CIPHER_get_id(sk_SSL_CIPHER_value(ciphers, i));
170        if (!TEST_int_eq(cipher_id, expected_cipher_id)) {
171            TEST_info("Wrong cipher at position %d", i);
172            goto err;
173        }
174    }
175
176    ret = 1;
177
178 err:
179    sk_SSL_CIPHER_free(ciphers);
180    SSL_free(ssl);
181    return ret;
182}
183
184static int execute_test(CIPHERLIST_TEST_FIXTURE *fixture)
185{
186    return fixture != NULL
187        && test_default_cipherlist(fixture->server)
188        && test_default_cipherlist(fixture->client);
189}
190
191#define SETUP_CIPHERLIST_TEST_FIXTURE() \
192    SETUP_TEST_FIXTURE(CIPHERLIST_TEST_FIXTURE, set_up)
193
194#define EXECUTE_CIPHERLIST_TEST() \
195    EXECUTE_TEST(execute_test, tear_down)
196
197static int test_default_cipherlist_implicit(void)
198{
199    SETUP_CIPHERLIST_TEST_FIXTURE();
200    EXECUTE_CIPHERLIST_TEST();
201    return result;
202}
203
204static int test_default_cipherlist_explicit(void)
205{
206    SETUP_CIPHERLIST_TEST_FIXTURE();
207    if (!TEST_true(SSL_CTX_set_cipher_list(fixture->server, "DEFAULT"))
208            || !TEST_true(SSL_CTX_set_cipher_list(fixture->client, "DEFAULT"))) {
209        tear_down(fixture);
210        fixture = NULL;
211    }
212    EXECUTE_CIPHERLIST_TEST();
213    return result;
214}
215
216/* SSL_CTX_set_cipher_list() should fail if it clears all TLSv1.2 ciphers. */
217static int test_default_cipherlist_clear(void)
218{
219    SSL *s = NULL;
220    SETUP_CIPHERLIST_TEST_FIXTURE();
221
222    if (!TEST_int_eq(SSL_CTX_set_cipher_list(fixture->server, "no-such"), 0))
223        goto end;
224
225    if (!TEST_int_eq(ERR_GET_REASON(ERR_get_error()), SSL_R_NO_CIPHER_MATCH))
226        goto end;
227
228    s = SSL_new(fixture->client);
229
230    if (!TEST_ptr(s))
231      goto end;
232
233    if (!TEST_int_eq(SSL_set_cipher_list(s, "no-such"), 0))
234        goto end;
235
236    if (!TEST_int_eq(ERR_GET_REASON(ERR_get_error()),
237                SSL_R_NO_CIPHER_MATCH))
238        goto end;
239
240    result = 1;
241end:
242    SSL_free(s);
243    tear_down(fixture);
244    return result;
245}
246
247int setup_tests(void)
248{
249    ADD_TEST(test_default_cipherlist_implicit);
250    ADD_TEST(test_default_cipherlist_explicit);
251    ADD_TEST(test_default_cipherlist_clear);
252    return 1;
253}
254