cfi build fixes in x86-64 ghash assembly
[openssl.git] / test / cipherlist_test.c
index 40596bc..8ee4910 100644 (file)
@@ -1,5 +1,5 @@
 /*
- * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL licenses, (the "License");
  * you may not use this file except in compliance with the License.
@@ -9,6 +9,7 @@
  */
 
 #include <stdio.h>
+#include <string.h>
 
 #include <openssl/opensslconf.h>
 #include <openssl/err.h>
@@ -17,8 +18,7 @@
 #include <openssl/ssl3.h>
 #include <openssl/tls1.h>
 
-#include "e_os.h"
-#include "test_main.h"
+#include "internal/nelem.h"
 #include "testutil.h"
 
 typedef struct cipherlist_test_fixture {
@@ -28,13 +28,28 @@ typedef struct cipherlist_test_fixture {
 } CIPHERLIST_TEST_FIXTURE;
 
 
-static CIPHERLIST_TEST_FIXTURE set_up(const char *const test_case_name)
+static void tear_down(CIPHERLIST_TEST_FIXTURE *fixture)
 {
-    CIPHERLIST_TEST_FIXTURE fixture;
-    fixture.test_case_name = test_case_name;
-    fixture.server = SSL_CTX_new(TLS_server_method());
-    fixture.client = SSL_CTX_new(TLS_client_method());
-    OPENSSL_assert(fixture.client != NULL && fixture.server != NULL);
+    if (fixture != NULL) {
+        SSL_CTX_free(fixture->server);
+        SSL_CTX_free(fixture->client);
+        fixture->server = fixture->client = NULL;
+        OPENSSL_free(fixture);
+    }
+}
+
+static CIPHERLIST_TEST_FIXTURE *set_up(const char *const test_case_name)
+{
+    CIPHERLIST_TEST_FIXTURE *fixture;
+
+    if (!TEST_ptr(fixture = OPENSSL_zalloc(sizeof(*fixture))))
+        return NULL;
+    fixture->test_case_name = test_case_name;
+    if (!TEST_ptr(fixture->server = SSL_CTX_new(TLS_server_method()))
+            || !TEST_ptr(fixture->client = SSL_CTX_new(TLS_client_method()))) {
+        tear_down(fixture);
+        return NULL;
+    }
     return fixture;
 }
 
@@ -48,6 +63,13 @@ static CIPHERLIST_TEST_FIXTURE set_up(const char *const test_case_name)
  * are currently broken and should be considered mission impossible in libssl.
  */
 static const uint32_t default_ciphers_in_order[] = {
+#ifndef OPENSSL_NO_TLS1_3
+    TLS1_3_CK_AES_256_GCM_SHA384,
+# if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
+    TLS1_3_CK_CHACHA20_POLY1305_SHA256,
+# endif
+    TLS1_3_CK_AES_128_GCM_SHA256,
+#endif
 #ifndef OPENSSL_NO_TLS1_2
 # ifndef OPENSSL_NO_EC
     TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
@@ -57,7 +79,7 @@ static const uint32_t default_ciphers_in_order[] = {
     TLS1_CK_DHE_RSA_WITH_AES_256_GCM_SHA384,
 # endif
 
-# if !defined OPENSSL_NO_CHACHA && !defined OPENSSL_NO_POLY1305
+# if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
 #  ifndef OPENSSL_NO_EC
     TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
     TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305,
@@ -90,62 +112,63 @@ static const uint32_t default_ciphers_in_order[] = {
 # endif
 #endif  /* !OPENSSL_NO_TLS1_2 */
 
-#ifndef OPENSSL_NO_EC
+#if !defined(OPENSSL_NO_TLS1_2) || defined(OPENSSL_NO_TLS1_3)
+    /* These won't be usable if TLSv1.3 is available but TLSv1.2 isn't */
+# ifndef OPENSSL_NO_EC
     TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
     TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA,
-#endif
-#ifndef OPENSSL_NO_DH
+# endif
+ #ifndef OPENSSL_NO_DH
     TLS1_CK_DHE_RSA_WITH_AES_256_SHA,
-#endif
-#ifndef OPENSSL_NO_EC
+# endif
+# ifndef OPENSSL_NO_EC
     TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
     TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA,
-#endif
-#ifndef OPENSSL_NO_DH
+# endif
+# ifndef OPENSSL_NO_DH
     TLS1_CK_DHE_RSA_WITH_AES_128_SHA,
-#endif
+# endif
+#endif /* !defined(OPENSSL_NO_TLS1_2) || defined(OPENSSL_NO_TLS1_3) */
 
 #ifndef OPENSSL_NO_TLS1_2
     TLS1_CK_RSA_WITH_AES_256_GCM_SHA384,
     TLS1_CK_RSA_WITH_AES_128_GCM_SHA256,
 #endif
-#ifndef OPENSSL_NO_TLS1_3
-    TLS1_3_CK_AES_128_GCM_SHA256,
-#endif
 #ifndef OPENSSL_NO_TLS1_2
     TLS1_CK_RSA_WITH_AES_256_SHA256,
     TLS1_CK_RSA_WITH_AES_128_SHA256,
 #endif
+#if !defined(OPENSSL_NO_TLS1_2) || defined(OPENSSL_NO_TLS1_3)
+    /* These won't be usable if TLSv1.3 is available but TLSv1.2 isn't */
     TLS1_CK_RSA_WITH_AES_256_SHA,
     TLS1_CK_RSA_WITH_AES_128_SHA,
+#endif
 };
 
 static int test_default_cipherlist(SSL_CTX *ctx)
 {
-    STACK_OF(SSL_CIPHER) *ciphers;
-    SSL *ssl;
+    STACK_OF(SSL_CIPHER) *ciphers = NULL;
+    SSL *ssl = NULL;
     int i, ret = 0, num_expected_ciphers, num_ciphers;
     uint32_t expected_cipher_id, cipher_id;
 
-    ssl = SSL_new(ctx);
-    OPENSSL_assert(ssl != NULL);
+    if (ctx == NULL)
+        return 0;
+
+    if (!TEST_ptr(ssl = SSL_new(ctx))
+            || !TEST_ptr(ciphers = SSL_get1_supported_ciphers(ssl)))
+        goto err;
 
-    ciphers = SSL_get1_supported_ciphers(ssl);
-    OPENSSL_assert(ciphers != NULL);
     num_expected_ciphers = OSSL_NELEM(default_ciphers_in_order);
     num_ciphers = sk_SSL_CIPHER_num(ciphers);
-    if (num_ciphers != num_expected_ciphers) {
-        fprintf(stderr, "Expected %d supported ciphers, got %d.\n",
-                num_expected_ciphers, num_ciphers);
+    if (!TEST_int_eq(num_ciphers, num_expected_ciphers))
         goto err;
-    }
 
     for (i = 0; i < num_ciphers; i++) {
         expected_cipher_id = default_ciphers_in_order[i];
         cipher_id = SSL_CIPHER_get_id(sk_SSL_CIPHER_value(ciphers, i));
-        if (cipher_id != expected_cipher_id) {
-            fprintf(stderr, "Wrong cipher at position %d: expected %x, "
-                    "got %x\n", i, expected_cipher_id, cipher_id);
+        if (!TEST_int_eq(cipher_id, expected_cipher_id)) {
+            TEST_info("Wrong cipher at position %d", i);
             goto err;
         }
     }
@@ -158,16 +181,11 @@ static int test_default_cipherlist(SSL_CTX *ctx)
     return ret;
 }
 
-static int execute_test(CIPHERLIST_TEST_FIXTURE fixture)
+static int execute_test(CIPHERLIST_TEST_FIXTURE *fixture)
 {
-    return test_default_cipherlist(fixture.server)
-        && test_default_cipherlist(fixture.client);
-}
-
-static void tear_down(CIPHERLIST_TEST_FIXTURE fixture)
-{
-    SSL_CTX_free(fixture.server);
-    SSL_CTX_free(fixture.client);
+    return fixture != NULL
+        && test_default_cipherlist(fixture->server)
+        && test_default_cipherlist(fixture->client);
 }
 
 #define SETUP_CIPHERLIST_TEST_FIXTURE() \
@@ -176,22 +194,65 @@ static void tear_down(CIPHERLIST_TEST_FIXTURE fixture)
 #define EXECUTE_CIPHERLIST_TEST() \
     EXECUTE_TEST(execute_test, tear_down)
 
-static int test_default_cipherlist_implicit()
+static int test_default_cipherlist_implicit(void)
 {
     SETUP_CIPHERLIST_TEST_FIXTURE();
+    if (fixture == NULL)
+        return 0;
     EXECUTE_CIPHERLIST_TEST();
+    return result;
 }
 
-static int test_default_cipherlist_explicit()
+static int test_default_cipherlist_explicit(void)
 {
     SETUP_CIPHERLIST_TEST_FIXTURE();
-    OPENSSL_assert(SSL_CTX_set_cipher_list(fixture.server, "DEFAULT"));
-    OPENSSL_assert(SSL_CTX_set_cipher_list(fixture.client, "DEFAULT"));
+    if (fixture == NULL)
+        return 0;
+    if (!TEST_true(SSL_CTX_set_cipher_list(fixture->server, "DEFAULT"))
+            || !TEST_true(SSL_CTX_set_cipher_list(fixture->client, "DEFAULT")))
+        tear_down(fixture);
     EXECUTE_CIPHERLIST_TEST();
+    return result;
+}
+
+/* SSL_CTX_set_cipher_list() should fail if it clears all TLSv1.2 ciphers. */
+static int test_default_cipherlist_clear(void)
+{
+    SETUP_CIPHERLIST_TEST_FIXTURE();
+    SSL *s = NULL;
+
+    if (fixture == NULL)
+        return 0;
+
+    if (!TEST_int_eq(SSL_CTX_set_cipher_list(fixture->server, "no-such"), 0))
+        goto end;
+
+    if (!TEST_int_eq(ERR_GET_REASON(ERR_get_error()), SSL_R_NO_CIPHER_MATCH))
+        goto end;
+
+    s = SSL_new(fixture->client);
+
+    if (!TEST_ptr(s))
+      goto end;
+
+    if (!TEST_int_eq(SSL_set_cipher_list(s, "no-such"), 0))
+        goto end;
+
+    if (!TEST_int_eq(ERR_GET_REASON(ERR_get_error()),
+                SSL_R_NO_CIPHER_MATCH))
+        goto end;
+
+    result = 1;
+end:
+    SSL_free(s);
+    tear_down(fixture);
+    return result;
 }
 
-void register_tests()
+int setup_tests(void)
 {
     ADD_TEST(test_default_cipherlist_implicit);
     ADD_TEST(test_default_cipherlist_explicit);
+    ADD_TEST(test_default_cipherlist_clear);
+    return 1;
 }