From 54b7f2a5ca463072dde5590e4dd3112bd47bba28 Mon Sep 17 00:00:00 2001
From: "Dr. Stephen Henson" <steve@openssl.org>
Date: Fri, 27 Jan 2017 15:06:16 +0000
Subject: [PATCH] Add test support for TLS signature types.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2301)
---
 test/README.ssltest.md  |  5 ++++-
 test/handshake_helper.c |  3 +++
 test/handshake_helper.h |  4 ++++
 test/ssl_test.c         | 16 ++++++++++++++++
 test/ssl_test_ctx.c     | 22 +++++++++++++++++++---
 test/ssl_test_ctx.h     |  4 ++++
 6 files changed, 50 insertions(+), 4 deletions(-)

diff --git a/test/README.ssltest.md b/test/README.ssltest.md
index 5e2b2d76fc..3d0fe91f55 100644
--- a/test/README.ssltest.md
+++ b/test/README.ssltest.md
@@ -92,9 +92,12 @@ handshake.
 * ExpectedServerCertType, ExpectedClientCertType - the expected algorithm or
   curve of server or client certificate
 
-* ExpectedServerSignatureHash, ExpectedClientSignatureHash - the expected
+* ExpectedServerSignHash, ExpectedClientSignHash - the expected
   signing hash used by server or client certificate
 
+* ExpectedServerSignType, ExpectedClientSignType - the expected
+  signature type used by server or client when signing messages
+
 ## Configuring the client and server
 
 The client and server configurations can be any valid `SSL_CTX`
diff --git a/test/handshake_helper.c b/test/handshake_helper.c
index fd79565bef..a7898991e0 100644
--- a/test/handshake_helper.c
+++ b/test/handshake_helper.c
@@ -1073,6 +1073,9 @@ static HANDSHAKE_RESULT *do_handshake_internal(
     SSL_get_peer_signature_nid(client.ssl, &ret->server_sign_hash);
     SSL_get_peer_signature_nid(server.ssl, &ret->client_sign_hash);
 
+    SSL_get_peer_signature_type_nid(client.ssl, &ret->server_sign_type);
+    SSL_get_peer_signature_type_nid(server.ssl, &ret->client_sign_type);
+
     ret->server_cert_type = peer_pkey_type(client.ssl);
     ret->client_cert_type = peer_pkey_type(server.ssl);
 
diff --git a/test/handshake_helper.h b/test/handshake_helper.h
index 604eed9bba..bdbeabb6fe 100644
--- a/test/handshake_helper.h
+++ b/test/handshake_helper.h
@@ -49,10 +49,14 @@ typedef struct handshake_result {
     int server_cert_type;
     /* server signing hash */
     int server_sign_hash;
+    /* server signature type */
+    int server_sign_type;
     /* client certificate key type */
     int client_cert_type;
     /* client signing hash */
     int client_sign_hash;
+    /* client signature type */
+    int client_sign_type;
 } HANDSHAKE_RESULT;
 
 HANDSHAKE_RESULT *HANDSHAKE_RESULT_new(void);
diff --git a/test/ssl_test.c b/test/ssl_test.c
index 58ddca4ec0..752de6396b 100644
--- a/test/ssl_test.c
+++ b/test/ssl_test.c
@@ -217,6 +217,13 @@ static int check_server_sign_hash(HANDSHAKE_RESULT *result,
                      result->server_sign_hash);
 }
 
+static int check_server_sign_type(HANDSHAKE_RESULT *result,
+                                  SSL_TEST_CTX *test_ctx)
+{
+    return check_nid("Server signing", test_ctx->expected_server_sign_type,
+                     result->server_sign_type);
+}
+
 static int check_client_cert_type(HANDSHAKE_RESULT *result,
                                   SSL_TEST_CTX *test_ctx)
 {
@@ -231,6 +238,13 @@ static int check_client_sign_hash(HANDSHAKE_RESULT *result,
                      result->client_sign_hash);
 }
 
+static int check_client_sign_type(HANDSHAKE_RESULT *result,
+                                  SSL_TEST_CTX *test_ctx)
+{
+    return check_nid("Client signing", test_ctx->expected_client_sign_type,
+                     result->client_sign_type);
+}
+
 /*
  * This could be further simplified by constructing an expected
  * HANDSHAKE_RESULT, and implementing comparison methods for
@@ -254,8 +268,10 @@ static int check_test(HANDSHAKE_RESULT *result, SSL_TEST_CTX *test_ctx)
         ret &= check_tmp_key(result, test_ctx);
         ret &= check_server_cert_type(result, test_ctx);
         ret &= check_server_sign_hash(result, test_ctx);
+        ret &= check_server_sign_type(result, test_ctx);
         ret &= check_client_cert_type(result, test_ctx);
         ret &= check_client_sign_hash(result, test_ctx);
+        ret &= check_client_sign_type(result, test_ctx);
     }
     return ret;
 }
diff --git a/test/ssl_test_ctx.c b/test/ssl_test_ctx.c
index 3a937b3880..e88e577eab 100644
--- a/test/ssl_test_ctx.c
+++ b/test/ssl_test_ctx.c
@@ -432,9 +432,9 @@ IMPLEMENT_SSL_TEST_INT_OPTION(SSL_TEST_CTX, test, app_data_size)
 
 IMPLEMENT_SSL_TEST_INT_OPTION(SSL_TEST_CTX, test, max_fragment_size)
 
-/***********************/
-/* Expected key types  */
-/***********************/
+/*************************************/
+/* Expected key and signature types  */
+/*************************************/
 
 __owur static int parse_expected_key_type(int *ptype, const char *value)
 {
@@ -473,6 +473,13 @@ __owur static int parse_expected_server_cert_type(SSL_TEST_CTX *test_ctx,
                                    value);
 }
 
+__owur static int parse_expected_server_sign_type(SSL_TEST_CTX *test_ctx,
+                                                 const char *value)
+{
+    return parse_expected_key_type(&test_ctx->expected_server_sign_type,
+                                   value);
+}
+
 __owur static int parse_expected_client_cert_type(SSL_TEST_CTX *test_ctx,
                                                   const char *value)
 {
@@ -480,6 +487,13 @@ __owur static int parse_expected_client_cert_type(SSL_TEST_CTX *test_ctx,
                                    value);
 }
 
+__owur static int parse_expected_client_sign_type(SSL_TEST_CTX *test_ctx,
+                                                 const char *value)
+{
+    return parse_expected_key_type(&test_ctx->expected_client_sign_type,
+                                   value);
+}
+
 /*************************/
 /* Expected signing hash */
 /*************************/
@@ -540,8 +554,10 @@ static const ssl_test_ctx_option ssl_test_ctx_options[] = {
     { "ExpectedTmpKeyType", &parse_expected_tmp_key_type },
     { "ExpectedServerCertType", &parse_expected_server_cert_type },
     { "ExpectedServerSignHash", &parse_expected_server_sign_hash },
+    { "ExpectedServerSignType", &parse_expected_server_sign_type },
     { "ExpectedClientCertType", &parse_expected_client_cert_type },
     { "ExpectedClientSignHash", &parse_expected_client_sign_hash },
+    { "ExpectedClientSignType", &parse_expected_client_sign_type },
 };
 
 /* Nested client options. */
diff --git a/test/ssl_test_ctx.h b/test/ssl_test_ctx.h
index b34efe327c..13652b0528 100644
--- a/test/ssl_test_ctx.h
+++ b/test/ssl_test_ctx.h
@@ -165,10 +165,14 @@ typedef struct {
     int expected_server_cert_type;
     /* Expected server signing hash */
     int expected_server_sign_hash;
+    /* Expected server signature type */
+    int expected_server_sign_type;
     /* Expected client certificate key type */
     int expected_client_cert_type;
     /* Expected client signing hash */
     int expected_client_sign_hash;
+    /* Expected client signature type */
+    int expected_client_sign_type;
 } SSL_TEST_CTX;
 
 const char *ssl_test_result_name(ssl_test_result_t result);
-- 
2.34.1