提交 54b7f2a5 编写于 作者: D Dr. Stephen Henson

Add test support for TLS signature types.

Reviewed-by: NRichard Levitte <levitte@openssl.org>
Reviewed-by: NMatt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2301)
上级 a593cffe
......@@ -92,9 +92,12 @@ handshake.
* ExpectedServerCertType, ExpectedClientCertType - the expected algorithm or
curve of server or client certificate
* ExpectedServerSignatureHash, ExpectedClientSignatureHash - the expected
* ExpectedServerSignHash, ExpectedClientSignHash - the expected
signing hash used by server or client certificate
* ExpectedServerSignType, ExpectedClientSignType - the expected
signature type used by server or client when signing messages
## Configuring the client and server
The client and server configurations can be any valid `SSL_CTX`
......
......@@ -1073,6 +1073,9 @@ static HANDSHAKE_RESULT *do_handshake_internal(
SSL_get_peer_signature_nid(client.ssl, &ret->server_sign_hash);
SSL_get_peer_signature_nid(server.ssl, &ret->client_sign_hash);
SSL_get_peer_signature_type_nid(client.ssl, &ret->server_sign_type);
SSL_get_peer_signature_type_nid(server.ssl, &ret->client_sign_type);
ret->server_cert_type = peer_pkey_type(client.ssl);
ret->client_cert_type = peer_pkey_type(server.ssl);
......
......@@ -49,10 +49,14 @@ typedef struct handshake_result {
int server_cert_type;
/* server signing hash */
int server_sign_hash;
/* server signature type */
int server_sign_type;
/* client certificate key type */
int client_cert_type;
/* client signing hash */
int client_sign_hash;
/* client signature type */
int client_sign_type;
} HANDSHAKE_RESULT;
HANDSHAKE_RESULT *HANDSHAKE_RESULT_new(void);
......
......@@ -217,6 +217,13 @@ static int check_server_sign_hash(HANDSHAKE_RESULT *result,
result->server_sign_hash);
}
static int check_server_sign_type(HANDSHAKE_RESULT *result,
SSL_TEST_CTX *test_ctx)
{
return check_nid("Server signing", test_ctx->expected_server_sign_type,
result->server_sign_type);
}
static int check_client_cert_type(HANDSHAKE_RESULT *result,
SSL_TEST_CTX *test_ctx)
{
......@@ -231,6 +238,13 @@ static int check_client_sign_hash(HANDSHAKE_RESULT *result,
result->client_sign_hash);
}
static int check_client_sign_type(HANDSHAKE_RESULT *result,
SSL_TEST_CTX *test_ctx)
{
return check_nid("Client signing", test_ctx->expected_client_sign_type,
result->client_sign_type);
}
/*
* This could be further simplified by constructing an expected
* HANDSHAKE_RESULT, and implementing comparison methods for
......@@ -254,8 +268,10 @@ static int check_test(HANDSHAKE_RESULT *result, SSL_TEST_CTX *test_ctx)
ret &= check_tmp_key(result, test_ctx);
ret &= check_server_cert_type(result, test_ctx);
ret &= check_server_sign_hash(result, test_ctx);
ret &= check_server_sign_type(result, test_ctx);
ret &= check_client_cert_type(result, test_ctx);
ret &= check_client_sign_hash(result, test_ctx);
ret &= check_client_sign_type(result, test_ctx);
}
return ret;
}
......
......@@ -432,9 +432,9 @@ IMPLEMENT_SSL_TEST_INT_OPTION(SSL_TEST_CTX, test, app_data_size)
IMPLEMENT_SSL_TEST_INT_OPTION(SSL_TEST_CTX, test, max_fragment_size)
/***********************/
/* Expected key types */
/***********************/
/*************************************/
/* Expected key and signature types */
/*************************************/
__owur static int parse_expected_key_type(int *ptype, const char *value)
{
......@@ -473,6 +473,13 @@ __owur static int parse_expected_server_cert_type(SSL_TEST_CTX *test_ctx,
value);
}
__owur static int parse_expected_server_sign_type(SSL_TEST_CTX *test_ctx,
const char *value)
{
return parse_expected_key_type(&test_ctx->expected_server_sign_type,
value);
}
__owur static int parse_expected_client_cert_type(SSL_TEST_CTX *test_ctx,
const char *value)
{
......@@ -480,6 +487,13 @@ __owur static int parse_expected_client_cert_type(SSL_TEST_CTX *test_ctx,
value);
}
__owur static int parse_expected_client_sign_type(SSL_TEST_CTX *test_ctx,
const char *value)
{
return parse_expected_key_type(&test_ctx->expected_client_sign_type,
value);
}
/*************************/
/* Expected signing hash */
/*************************/
......@@ -540,8 +554,10 @@ static const ssl_test_ctx_option ssl_test_ctx_options[] = {
{ "ExpectedTmpKeyType", &parse_expected_tmp_key_type },
{ "ExpectedServerCertType", &parse_expected_server_cert_type },
{ "ExpectedServerSignHash", &parse_expected_server_sign_hash },
{ "ExpectedServerSignType", &parse_expected_server_sign_type },
{ "ExpectedClientCertType", &parse_expected_client_cert_type },
{ "ExpectedClientSignHash", &parse_expected_client_sign_hash },
{ "ExpectedClientSignType", &parse_expected_client_sign_type },
};
/* Nested client options. */
......
......@@ -165,10 +165,14 @@ typedef struct {
int expected_server_cert_type;
/* Expected server signing hash */
int expected_server_sign_hash;
/* Expected server signature type */
int expected_server_sign_type;
/* Expected client certificate key type */
int expected_client_cert_type;
/* Expected client signing hash */
int expected_client_sign_hash;
/* Expected client signature type */
int expected_client_sign_type;
} SSL_TEST_CTX;
const char *ssl_test_result_name(ssl_test_result_t result);
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册