From: Matt Caswell <matt@openssl.foundation>
Date: Tue, 21 Apr 2026 16:36:32 +0000 (+0100)
Subject: Add a test for bad PSK in a PSK only server
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=17bd94fbd6cbefb2de2cf88aacd66b3b1abdf6d8;p=thirdparty%2Fopenssl.git

Add a test for bad PSK in a PSK only server

Check that we fail with a decrypt_alert in the same way as a binder
validation failure

Reviewed-by: Tomas Mraz <tomas@openssl.foundation>
Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org>
MergeDate: Wed May 13 07:38:33 2026
(Merged from https://github.com/openssl/openssl/pull/31026)
---

diff --git a/test/recipes/70-test_tls13psk.t b/test/recipes/70-test_tls13psk.t
index dcac269d1bd..d15f838e9d3 100644
--- a/test/recipes/70-test_tls13psk.t
+++ b/test/recipes/70-test_tls13psk.t
@@ -53,7 +53,7 @@ $proxy->clientflags("-sess_out ".$session);
 $proxy->serverflags("-servername localhost");
 $proxy->sessionfile($session);
 $proxy->start() or plan skip_all => "Unable to start up Proxy for tests";
-plan tests => 6;
+plan tests => 7;
 ok(TLSProxy::Message->success(), "Initial connection");
 
 #Test 2: Attempt a resume with PSK not in last place. Should fail
@@ -122,8 +122,36 @@ $testtype = TOO_MANY_PSKS;
 $proxy->start();
 ok(TLSProxy::Message->success(), "Too many PSKs");
 
+my $proxy2 = TLSProxy::Proxy->new(
+    undef,
+    cmdstr(app(["openssl"]), display => 1),
+    undef, # Deliberately set to no_cert to force a PSK-only server
+    (!$ENV{HARNESS_ACTIVE} || $ENV{HARNESS_VERBOSE}),
+    have_IPv6()
+);
+
+#Test 7: Attempt an invalid resume, with a server that can only do PSK.
+#        Should be treated the same as an invalid binder (decrypt_error)
+#        as per RFC8446 Appendix E.6
+$proxy2->clear();
+$proxy2->clientflags("-sess_in ".$session);
+$proxy2->serverflags("-psk ffeeddccbbaa99887766554433221100 -no_ticket");
+$proxy2->start() or die "Failed to start proxy2";
+ok(is_decode_error_server_alert(), "Bad PSK with no handshake fallback");
+
 unlink $session;
 
+sub is_decode_error_server_alert
+{
+    return 0 unless TLSProxy::Message->fail();
+
+    my $alert = TLSProxy::Message->alert();
+    return 1 if $alert->server()
+                && $alert->description()
+                   == TLSProxy::Message::AL_DESC_DECRYPT_ERROR;
+    return 0;
+}
+
 sub modify_psk_filter
 {
     my $proxy = shift;
diff --git a/util/perl/TLSProxy/Message.pm b/util/perl/TLSProxy/Message.pm
index 57197ebba07..4c1ba50de48 100644
--- a/util/perl/TLSProxy/Message.pm
+++ b/util/perl/TLSProxy/Message.pm
@@ -48,6 +48,7 @@ use constant {
 	AL_DESC_BAD_CERTIFICATE => 42,
     AL_DESC_ILLEGAL_PARAMETER => 47,
     AL_DESC_DECODE_ERROR => 50,
+    AL_DESC_DECRYPT_ERROR => 51,
     AL_DESC_PROTOCOL_VERSION => 70,
     AL_DESC_NO_RENEGOTIATION => 100,
     AL_DESC_MISSING_EXTENSION => 109
diff --git a/util/perl/TLSProxy/Proxy.pm b/util/perl/TLSProxy/Proxy.pm
index eccdc98cf69..5ba6579ed3d 100644
--- a/util/perl/TLSProxy/Proxy.pm
+++ b/util/perl/TLSProxy/Proxy.pm
@@ -340,8 +340,13 @@ sub start
         #different one that doesn't get confused.
         ." -ext_cache"
         ." -accept $self->{server_addr}:0"
-        ." -cert ".$self->cert." -cert2 ".$self->cert
         ." -naccept ".$self->serverconnects;
+    if (defined $self->cert) {
+        $execcmd .= " -cert ".$self->cert." -cert2 ".$self->cert;
+    } else {
+        $execcmd .= " -nocert";
+    }
+
     if ($self->{isdtls}) {
         $execcmd .= " -dtls -max_protocol DTLSv1.2"
                     # TLSProxy does not support message fragmentation. So