Commit 54b7f2a5 authored by Dr. Stephen Henson's avatar Dr. Stephen Henson
Browse files

Add test support for TLS signature types. 



Reviewed-by: default avatarRichard Levitte <levitte@openssl.org>
Reviewed-by: default avatarMatt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2301)
parent a593cffe

test/README.ssltest.md

+4 −1
Original line number Diff line number Diff line
@@ -92,9 +92,12 @@ handshake. 
* ExpectedServerCertType, ExpectedClientCertType - the expected algorithm or

  curve of server or client certificate



* ExpectedServerSignatureHash, ExpectedClientSignatureHash - the expected

* ExpectedServerSignHash, ExpectedClientSignHash - the expected

  signing hash used by server or client certificate



* ExpectedServerSignType, ExpectedClientSignType - the expected

  signature type used by server or client when signing messages



## Configuring the client and server



The client and server configurations can be any valid `SSL_CTX`

test/handshake_helper.c

+3 −0
Original line number Diff line number Diff line
@@ -1073,6 +1073,9 @@ static HANDSHAKE_RESULT *do_handshake_internal( 
    SSL_get_peer_signature_nid(client.ssl, &ret->server_sign_hash);

    SSL_get_peer_signature_nid(server.ssl, &ret->client_sign_hash);



    SSL_get_peer_signature_type_nid(client.ssl, &ret->server_sign_type);

    SSL_get_peer_signature_type_nid(server.ssl, &ret->client_sign_type);



    ret->server_cert_type = peer_pkey_type(client.ssl);

    ret->client_cert_type = peer_pkey_type(server.ssl);

test/handshake_helper.h

+4 −0
Original line number Diff line number Diff line
@@ -49,10 +49,14 @@ typedef struct handshake_result { 
    int server_cert_type;

    /* server signing hash */

    int server_sign_hash;

    /* server signature type */

    int server_sign_type;

    /* client certificate key type */

    int client_cert_type;

    /* client signing hash */

    int client_sign_hash;

    /* client signature type */

    int client_sign_type;

} HANDSHAKE_RESULT;



HANDSHAKE_RESULT *HANDSHAKE_RESULT_new(void);

test/ssl_test.c

+16 −0
Original line number Diff line number Diff line
@@ -217,6 +217,13 @@ static int check_server_sign_hash(HANDSHAKE_RESULT *result, 
                     result->server_sign_hash);

}



static int check_server_sign_type(HANDSHAKE_RESULT *result,

                                  SSL_TEST_CTX *test_ctx)

{

    return check_nid("Server signing", test_ctx->expected_server_sign_type,

                     result->server_sign_type);

}



static int check_client_cert_type(HANDSHAKE_RESULT *result,

                                  SSL_TEST_CTX *test_ctx)

{
@@ -231,6 +238,13 @@ static int check_client_sign_hash(HANDSHAKE_RESULT *result, 
                     result->client_sign_hash);

}



static int check_client_sign_type(HANDSHAKE_RESULT *result,

                                  SSL_TEST_CTX *test_ctx)

{

    return check_nid("Client signing", test_ctx->expected_client_sign_type,

                     result->client_sign_type);

}



/*

 * This could be further simplified by constructing an expected

 * HANDSHAKE_RESULT, and implementing comparison methods for
@@ -254,8 +268,10 @@ static int check_test(HANDSHAKE_RESULT *result, SSL_TEST_CTX *test_ctx) 
        ret &= check_tmp_key(result, test_ctx);

        ret &= check_server_cert_type(result, test_ctx);

        ret &= check_server_sign_hash(result, test_ctx);

        ret &= check_server_sign_type(result, test_ctx);

        ret &= check_client_cert_type(result, test_ctx);

        ret &= check_client_sign_hash(result, test_ctx);

        ret &= check_client_sign_type(result, test_ctx);

    }

    return ret;

}

test/ssl_test_ctx.c

+19 −3
Original line number Diff line number Diff line
@@ -432,9 +432,9 @@ IMPLEMENT_SSL_TEST_INT_OPTION(SSL_TEST_CTX, test, app_data_size) 


IMPLEMENT_SSL_TEST_INT_OPTION(SSL_TEST_CTX, test, max_fragment_size)



/***********************/

/* Expected key types  */

/***********************/

/*************************************/

/* Expected key and signature types  */

/*************************************/



__owur static int parse_expected_key_type(int *ptype, const char *value)

{
@@ -473,6 +473,13 @@ __owur static int parse_expected_server_cert_type(SSL_TEST_CTX *test_ctx, 
                                   value);

}



__owur static int parse_expected_server_sign_type(SSL_TEST_CTX *test_ctx,

                                                 const char *value)

{

    return parse_expected_key_type(&test_ctx->expected_server_sign_type,

                                   value);

}



__owur static int parse_expected_client_cert_type(SSL_TEST_CTX *test_ctx,

                                                  const char *value)

{
@@ -480,6 +487,13 @@ __owur static int parse_expected_client_cert_type(SSL_TEST_CTX *test_ctx, 
                                   value);

}



__owur static int parse_expected_client_sign_type(SSL_TEST_CTX *test_ctx,

                                                 const char *value)

{

    return parse_expected_key_type(&test_ctx->expected_client_sign_type,

                                   value);

}



/*************************/

/* Expected signing hash */

/*************************/
@@ -540,8 +554,10 @@ static const ssl_test_ctx_option ssl_test_ctx_options[] = { 
    { "ExpectedTmpKeyType", &parse_expected_tmp_key_type },

    { "ExpectedServerCertType", &parse_expected_server_cert_type },

    { "ExpectedServerSignHash", &parse_expected_server_sign_hash },

    { "ExpectedServerSignType", &parse_expected_server_sign_type },

    { "ExpectedClientCertType", &parse_expected_client_cert_type },

    { "ExpectedClientSignHash", &parse_expected_client_sign_hash },

    { "ExpectedClientSignType", &parse_expected_client_sign_type },

};



/* Nested client options. */