From 54b7f2a5ca463072dde5590e4dd3112bd47bba28 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Fri, 27 Jan 2017 15:06:16 +0000 Subject: [PATCH] Add test support for TLS signature types. Reviewed-by: Richard Levitte Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/2301) --- test/README.ssltest.md | 5 ++++- test/handshake_helper.c | 3 +++ test/handshake_helper.h | 4 ++++ test/ssl_test.c | 16 ++++++++++++++++ test/ssl_test_ctx.c | 22 +++++++++++++++++++--- test/ssl_test_ctx.h | 4 ++++ 6 files changed, 50 insertions(+), 4 deletions(-) diff --git a/test/README.ssltest.md b/test/README.ssltest.md index 5e2b2d76fc..3d0fe91f55 100644 --- a/test/README.ssltest.md +++ b/test/README.ssltest.md @@ -92,9 +92,12 @@ handshake. * ExpectedServerCertType, ExpectedClientCertType - the expected algorithm or curve of server or client certificate -* ExpectedServerSignatureHash, ExpectedClientSignatureHash - the expected +* ExpectedServerSignHash, ExpectedClientSignHash - the expected signing hash used by server or client certificate +* ExpectedServerSignType, ExpectedClientSignType - the expected + signature type used by server or client when signing messages + ## Configuring the client and server The client and server configurations can be any valid `SSL_CTX` diff --git a/test/handshake_helper.c b/test/handshake_helper.c index fd79565bef..a7898991e0 100644 --- a/test/handshake_helper.c +++ b/test/handshake_helper.c @@ -1073,6 +1073,9 @@ static HANDSHAKE_RESULT *do_handshake_internal( SSL_get_peer_signature_nid(client.ssl, &ret->server_sign_hash); SSL_get_peer_signature_nid(server.ssl, &ret->client_sign_hash); + SSL_get_peer_signature_type_nid(client.ssl, &ret->server_sign_type); + SSL_get_peer_signature_type_nid(server.ssl, &ret->client_sign_type); + ret->server_cert_type = peer_pkey_type(client.ssl); ret->client_cert_type = peer_pkey_type(server.ssl); diff --git a/test/handshake_helper.h b/test/handshake_helper.h index 604eed9bba..bdbeabb6fe 100644 --- a/test/handshake_helper.h +++ b/test/handshake_helper.h @@ -49,10 +49,14 @@ typedef struct handshake_result { int server_cert_type; /* server signing hash */ int server_sign_hash; + /* server signature type */ + int server_sign_type; /* client certificate key type */ int client_cert_type; /* client signing hash */ int client_sign_hash; + /* client signature type */ + int client_sign_type; } HANDSHAKE_RESULT; HANDSHAKE_RESULT *HANDSHAKE_RESULT_new(void); diff --git a/test/ssl_test.c b/test/ssl_test.c index 58ddca4ec0..752de6396b 100644 --- a/test/ssl_test.c +++ b/test/ssl_test.c @@ -217,6 +217,13 @@ static int check_server_sign_hash(HANDSHAKE_RESULT *result, result->server_sign_hash); } +static int check_server_sign_type(HANDSHAKE_RESULT *result, + SSL_TEST_CTX *test_ctx) +{ + return check_nid("Server signing", test_ctx->expected_server_sign_type, + result->server_sign_type); +} + static int check_client_cert_type(HANDSHAKE_RESULT *result, SSL_TEST_CTX *test_ctx) { @@ -231,6 +238,13 @@ static int check_client_sign_hash(HANDSHAKE_RESULT *result, result->client_sign_hash); } +static int check_client_sign_type(HANDSHAKE_RESULT *result, + SSL_TEST_CTX *test_ctx) +{ + return check_nid("Client signing", test_ctx->expected_client_sign_type, + result->client_sign_type); +} + /* * This could be further simplified by constructing an expected * HANDSHAKE_RESULT, and implementing comparison methods for @@ -254,8 +268,10 @@ static int check_test(HANDSHAKE_RESULT *result, SSL_TEST_CTX *test_ctx) ret &= check_tmp_key(result, test_ctx); ret &= check_server_cert_type(result, test_ctx); ret &= check_server_sign_hash(result, test_ctx); + ret &= check_server_sign_type(result, test_ctx); ret &= check_client_cert_type(result, test_ctx); ret &= check_client_sign_hash(result, test_ctx); + ret &= check_client_sign_type(result, test_ctx); } return ret; } diff --git a/test/ssl_test_ctx.c b/test/ssl_test_ctx.c index 3a937b3880..e88e577eab 100644 --- a/test/ssl_test_ctx.c +++ b/test/ssl_test_ctx.c @@ -432,9 +432,9 @@ IMPLEMENT_SSL_TEST_INT_OPTION(SSL_TEST_CTX, test, app_data_size) IMPLEMENT_SSL_TEST_INT_OPTION(SSL_TEST_CTX, test, max_fragment_size) -/***********************/ -/* Expected key types */ -/***********************/ +/*************************************/ +/* Expected key and signature types */ +/*************************************/ __owur static int parse_expected_key_type(int *ptype, const char *value) { @@ -473,6 +473,13 @@ __owur static int parse_expected_server_cert_type(SSL_TEST_CTX *test_ctx, value); } +__owur static int parse_expected_server_sign_type(SSL_TEST_CTX *test_ctx, + const char *value) +{ + return parse_expected_key_type(&test_ctx->expected_server_sign_type, + value); +} + __owur static int parse_expected_client_cert_type(SSL_TEST_CTX *test_ctx, const char *value) { @@ -480,6 +487,13 @@ __owur static int parse_expected_client_cert_type(SSL_TEST_CTX *test_ctx, value); } +__owur static int parse_expected_client_sign_type(SSL_TEST_CTX *test_ctx, + const char *value) +{ + return parse_expected_key_type(&test_ctx->expected_client_sign_type, + value); +} + /*************************/ /* Expected signing hash */ /*************************/ @@ -540,8 +554,10 @@ static const ssl_test_ctx_option ssl_test_ctx_options[] = { { "ExpectedTmpKeyType", &parse_expected_tmp_key_type }, { "ExpectedServerCertType", &parse_expected_server_cert_type }, { "ExpectedServerSignHash", &parse_expected_server_sign_hash }, + { "ExpectedServerSignType", &parse_expected_server_sign_type }, { "ExpectedClientCertType", &parse_expected_client_cert_type }, { "ExpectedClientSignHash", &parse_expected_client_sign_hash }, + { "ExpectedClientSignType", &parse_expected_client_sign_type }, }; /* Nested client options. */ diff --git a/test/ssl_test_ctx.h b/test/ssl_test_ctx.h index b34efe327c..13652b0528 100644 --- a/test/ssl_test_ctx.h +++ b/test/ssl_test_ctx.h @@ -165,10 +165,14 @@ typedef struct { int expected_server_cert_type; /* Expected server signing hash */ int expected_server_sign_hash; + /* Expected server signature type */ + int expected_server_sign_type; /* Expected client certificate key type */ int expected_client_cert_type; /* Expected client signing hash */ int expected_client_sign_hash; + /* Expected client signature type */ + int expected_client_sign_type; } SSL_TEST_CTX; const char *ssl_test_result_name(ssl_test_result_t result); -- GitLab