New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
TLS check temp key type #2191
TLS check temp key type #2191
Conversation
Add option ExpectedTmpKeyType to test the temporary key the server sends is of the correct type.
@@ -1038,6 +1039,19 @@ static HANDSHAKE_RESULT *do_handshake_internal( | |||
if (session_out != NULL) | |||
*session_out = SSL_get1_session(client.ssl); | |||
|
|||
if (SSL_get_server_tmp_key(client.ssl, &tmp_key)) { | |||
int nid; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Some people seem to want a blank line here, but our style document doesn't seem to say anything about it.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We should add it to the style document as it has become a defacto standard style in recent reviews.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Approved subject to the couple of minor style issues being corrected.
__owur static int parse_expected_tmp_key_type(SSL_TEST_CTX *test_ctx, | ||
const char *value) | ||
{ | ||
int nid; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Blank line here
c2025f9
to
ca4d8db
Compare
Add option ExpectedTmpKeyType to test the temporary key the server sends is of the correct type. Reviewed-by: Kurt Roeckx <kurt@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from openssl/openssl#2191)
Reviewed-by: Kurt Roeckx <kurt@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from openssl/openssl#2191)
Reviewed-by: Kurt Roeckx <kurt@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from openssl/openssl#2191) (cherry picked from commit 9c4319b)
Add option ExpectedTmpKeyType to test the temporary key the server sends is of the correct type. Reviewed-by: Kurt Roeckx <kurt@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from openssl/openssl#2191) (cherry picked from commit b93ad05)
Checklist
Description of change
This adds a new test option so we can check the server temp key is of the expected type. It also extends the existing curve selection test to check the curve the server uses.