Add a test to check the EC point formats extension appears when we expect

The previous commit fixed a bug where the EC point formats extensions did not appear in the ServerHello. This should have been caught by 70-test_sslmessages but that test never tries an EC ciphersuite. This updates the test to do that. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2153)
author: Matt Caswell <matt@openssl.org> 2016-12-28 15:01:57 +0000
committer: Matt Caswell <matt@openssl.org> 2016-12-29 13:32:54 +0000
commit: 397f4f78760480f982adaeed98ccb10bda4d3fbb (patch)
tree: e585c2b778e89cf433a41633e04a825e5130c5e4 /test
parent: 3b58c54f26b826abd55a513494ef892e7ad069ad (diff)
2 files changed, 31 insertions, 6 deletions
diff --git a/test/recipes/70-test_sslmessages.t b/test/recipes/70-test_sslmessages.t
index fb4ec61b49..de8b0bcf2d 100755
--- a/test/recipes/70-test_sslmessages.t
+++ b/test/recipes/70-test_sslmessages.t
@@ -46,6 +46,9 @@ my $proxy = TLSProxy::Proxy->new(
     [TLSProxy::Message::MT_CERTIFICATE,
         checkhandshake::ALL_HANDSHAKES
         & ~checkhandshake::RESUME_HANDSHAKE],
+    (disabled("ec") ? () :
+                      [TLSProxy::Message::MT_SERVER_KEY_EXCHANGE,
+                          checkhandshake::EC_HANDSHAKE]),
     [TLSProxy::Message::MT_CERTIFICATE_STATUS,
         checkhandshake::OCSP_HANDSHAKE],
     #ServerKeyExchange handshakes not currently supported by TLSProxy
@@ -94,10 +97,14 @@ my $proxy = TLSProxy::Proxy->new(
         checkhandshake::SERVER_NAME_CLI_EXTENSION],
     [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_STATUS_REQUEST,
         checkhandshake::STATUS_REQUEST_CLI_EXTENSION],
-    [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SUPPORTED_GROUPS,
-        checkhandshake::DEFAULT_EXTENSIONS],
-    [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_EC_POINT_FORMATS,
-        checkhandshake::DEFAULT_EXTENSIONS],
+    (disabled("ec") ? () :
+                      [TLSProxy::Message::MT_CLIENT_HELLO,
+                       TLSProxy::Message::EXT_SUPPORTED_GROUPS,
+                       checkhandshake::DEFAULT_EXTENSIONS]),
+    (disabled("ec") ? () :
+                      [TLSProxy::Message::MT_CLIENT_HELLO,
+                       TLSProxy::Message::EXT_EC_POINT_FORMATS,
+                       checkhandshake::DEFAULT_EXTENSIONS]),
     [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SIG_ALGS,
         checkhandshake::DEFAULT_EXTENSIONS],
     [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_ALPN,
@@ -135,6 +142,8 @@ my $proxy = TLSProxy::Proxy->new(
         checkhandshake::SCT_SRV_EXTENSION],
     [TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_NPN,
         checkhandshake::NPN_SRV_EXTENSION],
+    [TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_EC_POINT_FORMATS,
+        checkhandshake::EC_POINT_FORMAT_SRV_EXTENSION],
     [0,0,0]
 );
 
@@ -143,7 +152,7 @@ my $proxy = TLSProxy::Proxy->new(
 $proxy->serverconnects(2);
 $proxy->clientflags("-no_tls1_3 -sess_out ".$session);
 $proxy->start() or plan skip_all => "Unable to start up Proxy for tests";
-plan tests => 20;
+plan tests => 21;
 checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE,
                checkhandshake::DEFAULT_EXTENSIONS,
                "Default handshake test");
@@ -358,3 +367,16 @@ checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE,
                checkhandshake::DEFAULT_EXTENSIONS
                | checkhandshake::SRP_CLI_EXTENSION,
                "SRP extension test");
+
+#Test 21: EC handshake
+SKIP: {
+    skip "No EC support in this OpenSSL build", 1 if disabled("ec");
+    $proxy->clear();
+    $proxy->clientflags("-no_tls1_3");
+    $proxy->ciphers("ECDHE-RSA-AES128-SHA");
+    $proxy->start();
+    checkhandshake($proxy, checkhandshake::EC_HANDSHAKE,
+                   checkhandshake::DEFAULT_EXTENSIONS
+                   | checkhandshake::EC_POINT_FORMAT_SRV_EXTENSION,
+                   "EC handshake test");
+}
diff --git a/test/testlib/checkhandshake.pm b/test/testlib/checkhandshake.pm
index eb34fff622..9529b949bd 100644
--- a/test/testlib/checkhandshake.pm
+++ b/test/testlib/checkhandshake.pm
@@ -23,8 +23,9 @@ use constant {
     CLIENT_AUTH_HANDSHAKE => 8,
     RENEG_HANDSHAKE => 16,
     NPN_HANDSHAKE => 32,
+    EC_HANDSHAKE => 64,
 
-    ALL_HANDSHAKES => 63
+    ALL_HANDSHAKES => 127
 };
 
 use constant {
@@ -43,6 +44,8 @@ use constant {
     NPN_CLI_EXTENSION => 0x00000800,
     NPN_SRV_EXTENSION => 0x00001000,
     SRP_CLI_EXTENSION => 0x00002000,
+    #Client side for ec point formats is a default extension
+    EC_POINT_FORMAT_SRV_EXTENSION => 0x00004000,
 };
 
 our @handmessages = ();
author	Matt Caswell <matt@openssl.org>	2016-12-28 15:01:57 +0000
committer	Matt Caswell <matt@openssl.org>	2016-12-29 13:32:54 +0000
commit	397f4f78760480f982adaeed98ccb10bda4d3fbb (patch)
tree	e585c2b778e89cf433a41633e04a825e5130c5e4 /test
parent	3b58c54f26b826abd55a513494ef892e7ad069ad (diff)