Add new ssl_test option. (b93ad05d) · Commits · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

test/README.ssltest.md

+2 −0

Original line number	Diff line number	Diff line
		@@ -87,6 +87,8 @@ handshake.

		* ExpectedNPNProtocol, ExpectedALPNProtocol - NPN and ALPN expectations.

		* ExpectedTmpKeyType - the expected algorithm or curve of server temp key

		## Configuring the client and server

		The client and server configurations can be any valid `SSL_CTX`

+14 −0

Original line number	Diff line number	Diff line
		@@ -879,6 +879,7 @@ static HANDSHAKE_RESULT *do_handshake_internal(
		const unsigned char *proto = NULL;
		/* API dictates unsigned int rather than size_t. */
		unsigned int proto_len = 0;
		EVP_PKEY *tmp_key;

		memset(&server_ctx_data, 0, sizeof(server_ctx_data));
		memset(&server2_ctx_data, 0, sizeof(server2_ctx_data));
		@@ -1038,6 +1039,19 @@ static HANDSHAKE_RESULT *do_handshake_internal(
		if (session_out != NULL)
		*session_out = SSL_get1_session(client.ssl);

		if (SSL_get_server_tmp_key(client.ssl, &tmp_key)) {
		int nid = EVP_PKEY_id(tmp_key);

		#ifndef OPENSSL_NO_EC
		if (nid == EVP_PKEY_EC) {
		EC_KEY *ec = EVP_PKEY_get0_EC_KEY(tmp_key);
		nid = EC_GROUP_get_curve_name(EC_KEY_get0_group(ec));
		}
		#endif
		EVP_PKEY_free(tmp_key);
		ret->tmp_key_type = nid;
		}

		ctx_data_free_data(&server_ctx_data);
		ctx_data_free_data(&server2_ctx_data);
		ctx_data_free_data(&client_ctx_data);

+2 −0

Original line number	Diff line number	Diff line
		@@ -43,6 +43,8 @@ typedef struct handshake_result {
		/* Was the handshake resumed? */
		int client_resumed;
		int server_resumed;
		/* Temporary key type */
		int tmp_key_type;
		} HANDSHAKE_RESULT;

		HANDSHAKE_RESULT *HANDSHAKE_RESULT_new(void);

+12 −0

Original line number	Diff line number	Diff line
		@@ -187,6 +187,17 @@ static int check_resumption(HANDSHAKE_RESULT result, SSL_TEST_CTX test_ctx)
		return 1;
		}

		static int check_tmp_key(HANDSHAKE_RESULT result, SSL_TEST_CTX test_ctx)
		{
		if (test_ctx->expected_tmp_key_type == 0
		\|\| test_ctx->expected_tmp_key_type == result->tmp_key_type)
		return 1;
		fprintf(stderr, "Tmp key type mismatch, %s vs %s\n",
		OBJ_nid2ln(test_ctx->expected_tmp_key_type),
		OBJ_nid2ln(result->tmp_key_type));
		return 0;
		}

		/*
		* This could be further simplified by constructing an expected
		* HANDSHAKE_RESULT, and implementing comparison methods for
		@@ -207,6 +218,7 @@ static int check_test(HANDSHAKE_RESULT result, SSL_TEST_CTX test_ctx)
		#endif
		ret &= check_alpn(result, test_ctx);
		ret &= check_resumption(result, test_ctx);
		ret &= check_tmp_key(result, test_ctx);
		}
		return ret;
		}

+25 −0

Original line number	Diff line number	Diff line
		@@ -432,6 +432,30 @@ IMPLEMENT_SSL_TEST_INT_OPTION(SSL_TEST_CTX, test, app_data_size)

		IMPLEMENT_SSL_TEST_INT_OPTION(SSL_TEST_CTX, test, max_fragment_size)

		/***********************/
		/* ExpectedTmpKeyType */
		/***********************/

		__owur static int parse_expected_tmp_key_type(SSL_TEST_CTX *test_ctx,
		const char *value)
		{
		int nid;

		if (value == NULL)
		return 0;
		nid = OBJ_sn2nid(value);
		if (nid == NID_undef)
		nid = OBJ_ln2nid(value);
		#ifndef OPENSSL_NO_EC
		if (nid == NID_undef)
		nid = EC_curve_nist2nid(value);
		#endif
		if (nid == NID_undef)
		return 0;
		test_ctx->expected_tmp_key_type = nid;
		return 1;
		}

		/*************************************************************/
		/* Known test options and their corresponding parse methods. */
		/*************************************************************/
		@@ -456,6 +480,7 @@ static const ssl_test_ctx_option ssl_test_ctx_options[] = {
		{ "ResumptionExpected", &parse_test_resumption_expected },
		{ "ApplicationData", &parse_test_app_data_size },
		{ "MaxFragmentSize", &parse_test_max_fragment_size },
		{ "ExpectedTmpKeyType", &parse_expected_tmp_key_type },
		};

		/* Nested client options. */