Test setting a client to send a key share not allowed in TLSv1.3

author Matt Caswell <matt@openssl.org>

Fri, 15 Aug 2025 16:12:11 +0000 (17:12 +0100)

committer Matt Caswell <matt@openssl.org>

Wed, 20 Aug 2025 08:49:57 +0000 (09:49 +0100)
author Matt Caswell <matt@openssl.org>
Fri, 15 Aug 2025 16:12:11 +0000 (17:12 +0100)
committer Matt Caswell <matt@openssl.org>
Wed, 20 Aug 2025 08:49:57 +0000 (09:49 +0100)
diff --git a/test/tls13groupselection_test.c b/test/tls13groupselection_test.c

index 01d1eded5f87ca85f6b9f036a9caa540bb10232b..351b3102c70bc8360238c711949f4fe8f96405ac 100644 (file)
--- a/test/tls13groupselection_test.c
+++ b/test/tls13groupselection_test.c
@@ -311,17 +311,17 @@ static const struct tls13groupselection_test_st tls13groupselection_tests[] =
          { "X25519:secp256r1:X448:secp521r1:-X448:-secp256r1:-X25519:-secp521r1",
            "",
            CLIENT_PREFERENCE,
-          NEGOTIATION_FAILURE
+          NEGOTIATION_FAILURE, INIT
          },
          { "secp384r1:secp521r1:X25519", /* test 39 */
            "prime256v1:X448",
            CLIENT_PREFERENCE,
-          NEGOTIATION_FAILURE
+          NEGOTIATION_FAILURE, INIT
          },
          { "secp521r1:secp384r1:X25519", /* test 40 */
            "prime256v1:X448",
            SERVER_PREFERENCE,
-          NEGOTIATION_FAILURE
+          NEGOTIATION_FAILURE, INIT
          },
          /*
           * These are allowed
@@ -340,6 +340,15 @@ static const struct tls13groupselection_test_st tls13groupselection_tests[] =
            SERVER_PREFERENCE,
            "secp521r1", SH
          },
+        /*
+         * Not a syntax error, but invalid because brainpoolP256r1 is the only
+         * key share and is not valid in TLSv1.3
+         */
+        { "*brainpoolP256r1:X25519", /* test 43 */
+          "X25519",
+          SERVER_PREFERENCE,
+          NEGOTIATION_FAILURE, INIT
+        }
      };
  
  static void server_response_check_cb(int write_p, int version,
@@ -489,6 +498,10 @@ static int test_groupnegotiation(const struct tls13groupselection_test_st *curre
              ok = 1;
      } else {
          TEST_false_or_end(create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE));
+        if (test_type == TEST_NEGOTIATION_FAILURE &&
+                !TEST_int_eq((int)current_test_vector->expected_server_response,
+                             (int)server_response))
+            goto end;
          ok = 1;
      }
author	Matt Caswell <matt@openssl.org>
	Fri, 15 Aug 2025 16:12:11 +0000 (17:12 +0100)
committer	Matt Caswell <matt@openssl.org>
	Wed, 20 Aug 2025 08:49:57 +0000 (09:49 +0100)