QuasarApp/openssl
4
0
Fork 0
mirror of https://github.com/QuasarApp/openssl.git synced 2025-04-29 19:24:37 +00:00
Code Issues Projects Releases Wiki Activity

Add new ssl_test option.

Browse Source 
Add option ExpectedTmpKeyType to test the temporary key the server
sends is of the correct type.

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2191)
This commit is contained in:
Dr. Stephen Henson 2017-01-08 00:09:08 +00:00
parent c82bafc52e
commit b93ad05dba
6 changed files with 57 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
test/README.ssltest.md
View File

@ -87,6 +87,8 @@ handshake.
* ExpectedNPNProtocol, ExpectedALPNProtocol - NPN and ALPN expectations. * ExpectedNPNProtocol, ExpectedALPNProtocol - NPN and ALPN expectations.
* ExpectedTmpKeyType - the expected algorithm or curve of server temp key
## Configuring the client and server ## Configuring the client and server
The client and server configurations can be any valid `SSL_CTX` The client and server configurations can be any valid `SSL_CTX`

14
test/handshake_helper.c
View File

@ -879,6 +879,7 @@ static HANDSHAKE_RESULT *do_handshake_internal(
const unsigned char *proto = NULL; const unsigned char *proto = NULL;
/* API dictates unsigned int rather than size_t. */ /* API dictates unsigned int rather than size_t. */
unsigned int proto_len = 0; unsigned int proto_len = 0;
EVP_PKEY *tmp_key;
memset(&server_ctx_data, 0, sizeof(server_ctx_data)); memset(&server_ctx_data, 0, sizeof(server_ctx_data));
memset(&server2_ctx_data, 0, sizeof(server2_ctx_data)); memset(&server2_ctx_data, 0, sizeof(server2_ctx_data));
@ -1038,6 +1039,19 @@ static HANDSHAKE_RESULT *do_handshake_internal(
if (session_out != NULL) if (session_out != NULL)
*session_out = SSL_get1_session(client.ssl); *session_out = SSL_get1_session(client.ssl);
if (SSL_get_server_tmp_key(client.ssl, &tmp_key)) {
int nid = EVP_PKEY_id(tmp_key);
#ifndef OPENSSL_NO_EC
if (nid == EVP_PKEY_EC) {
EC_KEY *ec = EVP_PKEY_get0_EC_KEY(tmp_key);
nid = EC_GROUP_get_curve_name(EC_KEY_get0_group(ec));
}
#endif
EVP_PKEY_free(tmp_key);
ret->tmp_key_type = nid;
}
ctx_data_free_data(&server_ctx_data); ctx_data_free_data(&server_ctx_data);
ctx_data_free_data(&server2_ctx_data); ctx_data_free_data(&server2_ctx_data);
ctx_data_free_data(&client_ctx_data); ctx_data_free_data(&client_ctx_data);

2
test/handshake_helper.h
View File

@ -43,6 +43,8 @@ typedef struct handshake_result {
/* Was the handshake resumed? */ /* Was the handshake resumed? */
int client_resumed; int client_resumed;
int server_resumed; int server_resumed;
/* Temporary key type */
int tmp_key_type;
} HANDSHAKE_RESULT; } HANDSHAKE_RESULT;
HANDSHAKE_RESULT *HANDSHAKE_RESULT_new(void); HANDSHAKE_RESULT *HANDSHAKE_RESULT_new(void);

12
test/ssl_test.c
View File

@ -187,6 +187,17 @@ static int check_resumption(HANDSHAKE_RESULT *result, SSL_TEST_CTX *test_ctx)
return 1; return 1;
} }
static int check_tmp_key(HANDSHAKE_RESULT *result, SSL_TEST_CTX *test_ctx)
{
if (test_ctx->expected_tmp_key_type == 0
|| test_ctx->expected_tmp_key_type == result->tmp_key_type)
return 1;
fprintf(stderr, "Tmp key type mismatch, %s vs %s\n",
OBJ_nid2ln(test_ctx->expected_tmp_key_type),
OBJ_nid2ln(result->tmp_key_type));
return 0;
}
/* /*
* This could be further simplified by constructing an expected * This could be further simplified by constructing an expected
* HANDSHAKE_RESULT, and implementing comparison methods for * HANDSHAKE_RESULT, and implementing comparison methods for
@ -207,6 +218,7 @@ static int check_test(HANDSHAKE_RESULT *result, SSL_TEST_CTX *test_ctx)
#endif #endif
ret &= check_alpn(result, test_ctx); ret &= check_alpn(result, test_ctx);
ret &= check_resumption(result, test_ctx); ret &= check_resumption(result, test_ctx);
ret &= check_tmp_key(result, test_ctx);
} }
return ret; return ret;
} }

25
test/ssl_test_ctx.c
View File

@ -432,6 +432,30 @@ IMPLEMENT_SSL_TEST_INT_OPTION(SSL_TEST_CTX, test, app_data_size)
IMPLEMENT_SSL_TEST_INT_OPTION(SSL_TEST_CTX, test, max_fragment_size) IMPLEMENT_SSL_TEST_INT_OPTION(SSL_TEST_CTX, test, max_fragment_size)
/***********************/
/* ExpectedTmpKeyType */
/***********************/
__owur static int parse_expected_tmp_key_type(SSL_TEST_CTX *test_ctx,
const char *value)
{
int nid;
if (value == NULL)
return 0;
nid = OBJ_sn2nid(value);
if (nid == NID_undef)
nid = OBJ_ln2nid(value);
#ifndef OPENSSL_NO_EC
if (nid == NID_undef)
nid = EC_curve_nist2nid(value);
#endif
if (nid == NID_undef)
return 0;
test_ctx->expected_tmp_key_type = nid;
return 1;
}
/*************************************************************/ /*************************************************************/
/* Known test options and their corresponding parse methods. */ /* Known test options and their corresponding parse methods. */
/*************************************************************/ /*************************************************************/
@ -456,6 +480,7 @@ static const ssl_test_ctx_option ssl_test_ctx_options[] = {
{ "ResumptionExpected", &parse_test_resumption_expected }, { "ResumptionExpected", &parse_test_resumption_expected },
{ "ApplicationData", &parse_test_app_data_size }, { "ApplicationData", &parse_test_app_data_size },
{ "MaxFragmentSize", &parse_test_max_fragment_size }, { "MaxFragmentSize", &parse_test_max_fragment_size },
{ "ExpectedTmpKeyType", &parse_expected_tmp_key_type },
}; };
/* Nested client options. */ /* Nested client options. */

2
test/ssl_test_ctx.h
View File

@ -159,6 +159,8 @@ typedef struct {
char *expected_alpn_protocol; char *expected_alpn_protocol;
/* Whether the second handshake is resumed or a full handshake (boolean). */ /* Whether the second handshake is resumed or a full handshake (boolean). */
int resumption_expected; int resumption_expected;
/* Expected temporary key type */
int expected_tmp_key_type;
} SSL_TEST_CTX; } SSL_TEST_CTX;
const char *ssl_test_result_name(ssl_test_result_t result); const char *ssl_test_result_name(ssl_test_result_t result);