root
/
openssl
mirror of https://github.com/openssl/openssl.git
1
0
Fork 0
Code Issues Actions 7 Packages Projects Releases Wiki Activity

Test setting a client to send a key share not allowed in TLSv1.3 

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Hugo Landau <hlandau@devever.net>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/28283)
This commit is contained in:
Matt Caswell 2025-08-15 17:12:11 +01:00
parent 47b0f172aa
commit 9226b3e8f4
1 changed files with 16 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
test/tls13groupselection_test.c
View File

@ -311,17 +311,17 @@ static const struct tls13groupselection_test_st tls13groupselection_tests[] =
{ "X25519:secp256r1:X448:secp521r1:-X448:-secp256r1:-X25519:-secp521r1",
"",
CLIENT_PREFERENCE,
NEGOTIATION_FAILURE
NEGOTIATION_FAILURE, INIT
},
{ "secp384r1:secp521r1:X25519", /* test 39 */
"prime256v1:X448",
CLIENT_PREFERENCE,
NEGOTIATION_FAILURE
NEGOTIATION_FAILURE, INIT
},
{ "secp521r1:secp384r1:X25519", /* test 40 */
"prime256v1:X448",
SERVER_PREFERENCE,
NEGOTIATION_FAILURE
NEGOTIATION_FAILURE, INIT
},
/*
* These are allowed
@ -340,6 +340,15 @@ static const struct tls13groupselection_test_st tls13groupselection_tests[] =
SERVER_PREFERENCE,
"secp521r1", SH
},
/*
* Not a syntax error, but invalid because brainpoolP256r1 is the only
* key share and is not valid in TLSv1.3
*/
{ "*brainpoolP256r1:X25519", /* test 43 */
"X25519",
SERVER_PREFERENCE,
NEGOTIATION_FAILURE, INIT
}
};
static void server_response_check_cb(int write_p, int version,
@ -489,6 +498,10 @@ static int test_groupnegotiation(const struct tls13groupselection_test_st *curre
ok = 1;
} else {
TEST_false_or_end(create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE));
if (test_type == TEST_NEGOTIATION_FAILURE &&
!TEST_int_eq((int)current_test_vector->expected_server_response,
(int)server_response))
goto end;
ok = 1;
}