Add signing hash tests

Reviewed-by: N Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2235)

Add signing hash tests
Reviewed-by: N Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2235)
062540cb · Dr. Stephen Henson · ee5b6a42 · 062540cb · 062540cb · 062540cb
4 changed file
--- a/test/ssl-tests/04-client_auth.conf
+++ b/test/ssl-tests/04-client_auth.conf
@@ -543,6 +543,7 @@ client = 18-client-auth-TLSv1.2-require-client
 [18-client-auth-TLSv1.2-require-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
+ClientSignatureAlgorithms = SHA256+RSA
 MaxProtocol = TLSv1.2
 MinProtocol = TLSv1.2
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
@@ -560,6 +561,7 @@ VerifyMode = Peer
 [test-18]
 ExpectedClientCertType = RSA
+ExpectedClientSignHash = SHA256
 ExpectedResult = Success

--- a/test/ssl-tests/04-client_auth.conf.in
+++ b/test/ssl-tests/04-client_auth.conf.in
@@ -33,6 +33,13 @@ sub generate_tests() {
            } else {
                $caalert = "UnknownCA";
            }
+            my $clihash;
+            my $clisigalgs;
+            # TODO add TLSv1.3 versions
+            if ($protocol_name eq "TLSv1.2") {
+                $clihash = "SHA256";
+                $clisigalgs = "SHA256+RSA";
+            }
            # Sanity-check simple handshake.
            push @tests, {
                name => "server-auth-${protocol_name}",
@@ -87,6 +94,7 @@ sub generate_tests() {
                server => {
                    "MinProtocol" => $protocol,
                    "MaxProtocol" => $protocol,
+                    "ClientSignatureAlgorithms" => $clisigalgs,
                    "VerifyCAFile" => "\${ENV::TEST_CERTS_DIR}${dir_sep}root-cert.pem",
                    "VerifyMode" => "Request",
                },
@@ -98,6 +106,7 @@ sub generate_tests() {
                },
                test   => { "ExpectedResult" => "Success",
                            "ExpectedClientCertType" => "RSA",
+                            "ExpectedClientSignHash" => $clihash,
                },
            };

--- a/test/ssl-tests/20-cert-select.conf
+++ b/test/ssl-tests/20-cert-select.conf
@@ -111,6 +111,7 @@ VerifyMode = Peer
 [test-3]
 ExpectedResult = Success
 ExpectedServerCertType = P-256
+ExpectedServerSignHash = SHA256
 # ===========================================================
@@ -163,5 +164,6 @@ VerifyMode = Peer
 [test-5]
 ExpectedResult = Success
 ExpectedServerCertType = RSA
+ExpectedServerSignHash = SHA256
--- a/test/ssl-tests/20-cert-select.conf.in
+++ b/test/ssl-tests/20-cert-select.conf.in
@@ -59,7 +59,8 @@ our @tests = (
            "SignatureAlgorithms" => "ECDSA+SHA256",
        },
        test   => {
-            "ExpectedServerCertType" =>, "P-256",
+            "ExpectedServerCertType" => "P-256",
+            "ExpectedServerSignHash" => "SHA256",
            "ExpectedResult" => "Success"
        },
    },
@@ -80,7 +81,8 @@ our @tests = (
            "SignatureAlgorithms" => "RSA+SHA256",
        },
        test   => {
-            "ExpectedServerCertType" =>, "RSA",
+            "ExpectedServerCertType" => "RSA",
+            "ExpectedServerSignHash" => "SHA256",
            "ExpectedResult" => "Success"
        },
    }