From: Matt Caswell Date: Fri, 15 Aug 2025 16:12:11 +0000 (+0100) Subject: Test setting a client to send a key share not allowed in TLSv1.3 X-Git-Tag: openssl-3.6.0-alpha1~89 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=9226b3e8f4cb4dfb8a43fd2790ef506f75a11e76;p=thirdparty%2Fopenssl.git Test setting a client to send a key share not allowed in TLSv1.3 Reviewed-by: Neil Horman Reviewed-by: Hugo Landau Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/28283) --- diff --git a/test/tls13groupselection_test.c b/test/tls13groupselection_test.c index 4f971b600cc..8310c4b2d63 100644 --- a/test/tls13groupselection_test.c +++ b/test/tls13groupselection_test.c @@ -311,17 +311,17 @@ static const struct tls13groupselection_test_st tls13groupselection_tests[] = { "X25519:secp256r1:X448:secp521r1:-X448:-secp256r1:-X25519:-secp521r1", "", CLIENT_PREFERENCE, - NEGOTIATION_FAILURE + NEGOTIATION_FAILURE, INIT }, { "secp384r1:secp521r1:X25519", /* test 39 */ "prime256v1:X448", CLIENT_PREFERENCE, - NEGOTIATION_FAILURE + NEGOTIATION_FAILURE, INIT }, { "secp521r1:secp384r1:X25519", /* test 40 */ "prime256v1:X448", SERVER_PREFERENCE, - NEGOTIATION_FAILURE + NEGOTIATION_FAILURE, INIT }, /* * These are allowed @@ -340,6 +340,15 @@ static const struct tls13groupselection_test_st tls13groupselection_tests[] = SERVER_PREFERENCE, "secp521r1", SH }, + /* + * Not a syntax error, but invalid because brainpoolP256r1 is the only + * key share and is not valid in TLSv1.3 + */ + { "*brainpoolP256r1:X25519", /* test 43 */ + "X25519", + SERVER_PREFERENCE, + NEGOTIATION_FAILURE, INIT + } }; static void server_response_check_cb(int write_p, int version, @@ -489,6 +498,10 @@ static int test_groupnegotiation(const struct tls13groupselection_test_st *curre ok = 1; } else { TEST_false_or_end(create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE)); + if (test_type == TEST_NEGOTIATION_FAILURE && + !TEST_int_eq((int)current_test_vector->expected_server_response, + (int)server_response)) + goto end; ok = 1; }