Add SSL_get_server_key_exchange_hash.
This exposes the ServerKeyExchange signature hash type used in the most recent
handshake, for histogramming on the client.
BUG=549662
Change-Id: I8a4e00ac735b1ecd2c2df824112c3a0bc62332a7
Reviewed-on: https://boringssl-review.googlesource.com/6413
Reviewed-by: Adam Langley <agl@google.com>
diff --git a/ssl/test/bssl_shim.cc b/ssl/test/bssl_shim.cc
index fe3dd6f..07ba9f5 100644
--- a/ssl/test/bssl_shim.cc
+++ b/ssl/test/bssl_shim.cc
@@ -1061,6 +1061,15 @@
}
}
+ if (config->expect_server_key_exchange_hash != 0 &&
+ config->expect_server_key_exchange_hash !=
+ SSL_get_server_key_exchange_hash(ssl)) {
+ fprintf(stderr, "ServerKeyExchange hash was %d, wanted %d.\n",
+ SSL_get_server_key_exchange_hash(ssl),
+ config->expect_server_key_exchange_hash);
+ return false;
+ }
+
if (!config->is_server) {
/* Clients should expect a peer certificate chain iff this was not a PSK
* cipher suite. */
diff --git a/ssl/test/runner/runner.go b/ssl/test/runner/runner.go
index 158f082..6ab71cf 100644
--- a/ssl/test/runner/runner.go
+++ b/ssl/test/runner/runner.go
@@ -4026,6 +4026,19 @@
},
},
})
+
+ testCases = append(testCases, testCase{
+ name: "SigningHash-ServerKeyExchange-Verify-" + hash.name,
+ config: Config{
+ CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
+ SignatureAndHashes: []signatureAndHash{
+ {signatureRSA, 42},
+ {signatureRSA, hash.id},
+ {signatureRSA, 255},
+ },
+ },
+ flags: []string{"-expect-server-key-exchange-hash", strconv.Itoa(int(hash.id))},
+ })
}
// Test that hash resolution takes the signature type into account.
diff --git a/ssl/test/test_config.cc b/ssl/test/test_config.cc
index 8b540c3..50e6b23 100644
--- a/ssl/test/test_config.cc
+++ b/ssl/test/test_config.cc
@@ -141,6 +141,8 @@
{ "-mtu", &TestConfig::mtu },
{ "-export-keying-material", &TestConfig::export_keying_material },
{ "-expect-total-renegotiations", &TestConfig::expect_total_renegotiations },
+ { "-expect-server-key-exchange-hash",
+ &TestConfig::expect_server_key_exchange_hash },
};
} // namespace
diff --git a/ssl/test/test_config.h b/ssl/test/test_config.h
index a72d66b..9f295ae 100644
--- a/ssl/test/test_config.h
+++ b/ssl/test/test_config.h
@@ -100,6 +100,7 @@
bool renegotiate_freely = false;
bool renegotiate_ignore = false;
bool disable_npn = false;
+ int expect_server_key_exchange_hash = 0;
};
bool ParseConfig(int argc, char **argv, TestConfig *out_config);