Add options to check TLS signing hashes

[openssl.git] / test / handshake_helper.c

diff --git a/test/handshake_helper.c b/test/handshake_helper.c
index 24ea26f2c9afe99f8c4907003bb8ab9e72365065..c8fd47430a1840e17c6abe26afd7f0a5494effa7 100644 (file)
--- a/test/handshake_helper.c
+++ b/test/handshake_helper.c
@@ -378,16 +378,16 @@ static void configure_handshake_ctx(SSL_CTX *server_ctx, SSL_CTX *server2_ctx,
         parse_protos(extra->server.npn_protocols,
                      &server_ctx_data->npn_protocols,
                      &server_ctx_data->npn_protocols_len);
-        SSL_CTX_set_next_protos_advertised_cb(server_ctx, server_npn_cb,
-                                              server_ctx_data);
+        SSL_CTX_set_npn_advertised_cb(server_ctx, server_npn_cb,
+                                      server_ctx_data);
     }
     if (extra->server2.npn_protocols != NULL) {
         parse_protos(extra->server2.npn_protocols,
                      &server2_ctx_data->npn_protocols,
                      &server2_ctx_data->npn_protocols_len);
         TEST_check(server2_ctx != NULL);
-        SSL_CTX_set_next_protos_advertised_cb(server2_ctx, server_npn_cb,
-                                              server2_ctx_data);
+        SSL_CTX_set_npn_advertised_cb(server2_ctx, server_npn_cb,
+                                      server2_ctx_data);
     }
     if (extra->client.npn_protocols != NULL) {
         parse_protos(extra->client.npn_protocols,
@@ -847,6 +847,32 @@ static char *dup_str(const unsigned char *in, size_t len)
     return ret;
 }
 
+static int pkey_type(EVP_PKEY *pkey)
+{
+    int nid = EVP_PKEY_id(pkey);
+
+#ifndef OPENSSL_NO_EC
+    if (nid == EVP_PKEY_EC) {
+        const EC_KEY *ec = EVP_PKEY_get0_EC_KEY(pkey);
+        return EC_GROUP_get_curve_name(EC_KEY_get0_group(ec));
+    }
+#endif
+    return nid;
+}
+
+static int peer_pkey_type(SSL *s)
+{
+    X509 *x = SSL_get_peer_certificate(s);
+
+    if (x != NULL) {
+        int nid = pkey_type(X509_get0_pubkey(x));
+
+        X509_free(x);
+        return nid;
+    }
+    return NID_undef;
+}
+
 /*
  * Note that |extra| points to the correct client/server configuration
  * within |test_ctx|. When configuring the handshake, general mode settings
@@ -879,6 +905,7 @@ static HANDSHAKE_RESULT *do_handshake_internal(
     const unsigned char *proto = NULL;
     /* API dictates unsigned int rather than size_t. */
     unsigned int proto_len = 0;
+    EVP_PKEY *tmp_key;
 
     memset(&server_ctx_data, 0, sizeof(server_ctx_data));
     memset(&server2_ctx_data, 0, sizeof(server2_ctx_data));
@@ -1038,6 +1065,17 @@ static HANDSHAKE_RESULT *do_handshake_internal(
     if (session_out != NULL)
         *session_out = SSL_get1_session(client.ssl);
 
+    if (SSL_get_server_tmp_key(client.ssl, &tmp_key)) {
+        ret->tmp_key_type = pkey_type(tmp_key);
+        EVP_PKEY_free(tmp_key);
+    }
+
+    SSL_get_peer_signature_nid(client.ssl, &ret->server_sign_hash);
+    SSL_get_peer_signature_nid(server.ssl, &ret->client_sign_hash);
+
+    ret->server_cert_type = peer_pkey_type(client.ssl);
+    ret->client_cert_type = peer_pkey_type(server.ssl);
+
     ctx_data_free_data(&server_ctx_data);
     ctx_data_free_data(&server2_ctx_data);
     ctx_data_free_data(&client_ctx_data);