Add a test for TLSv1.3 only client sending a correct key_share

Make sure that a TLSv1.3 only client does not send a TLSv1.3 key_share. Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19404)
author: Matt Caswell <matt@openssl.org> 2022-09-30 16:59:05 +0100
committer: Tomas Mraz <tomas@openssl.org> 2022-10-19 10:22:11 +0200
commit: c861c3ee142ac00d5facd112fd8891e87c50bc7b (patch)
tree: 9eb1920012a53cb4c363ae529e53a5b6bdd9b3e5 /test
parent: 78d00e05a537495287b979bcad79365d5d9607d4 (diff)
2 files changed, 1025 insertions, 226 deletions
diff --git a/test/ssl-tests/14-curves.cnf b/test/ssl-tests/14-curves.cnf
index 824a9f9a0e..bafa4a65cd 100644
--- a/test/ssl-tests/14-curves.cnf
+++ b/test/ssl-tests/14-curves.cnf
@@ -1,6 +1,6 @@
 # Generated with generate_ssl_tests.pl
 
-num_tests = 55
+num_tests = 80
 
 test-0 = 0-curve-prime256v1
 test-1 = 1-curve-secp384r1
@@ -32,31 +32,56 @@ test-26 = 26-curve-secp256k1
 test-27 = 27-curve-brainpoolP256r1
 test-28 = 28-curve-brainpoolP384r1
 test-29 = 29-curve-brainpoolP512r1
-test-30 = 30-curve-sect233k1-tls13
-test-31 = 31-curve-sect233r1-tls13
-test-32 = 32-curve-sect283k1-tls13
-test-33 = 33-curve-sect283r1-tls13
-test-34 = 34-curve-sect409k1-tls13
-test-35 = 35-curve-sect409r1-tls13
-test-36 = 36-curve-sect571k1-tls13
-test-37 = 37-curve-sect571r1-tls13
-test-38 = 38-curve-secp224r1-tls13
-test-39 = 39-curve-sect163k1-tls13
-test-40 = 40-curve-sect163r2-tls13
-test-41 = 41-curve-prime192v1-tls13
-test-42 = 42-curve-sect163r1-tls13
-test-43 = 43-curve-sect193r1-tls13
-test-44 = 44-curve-sect193r2-tls13
-test-45 = 45-curve-sect239k1-tls13
-test-46 = 46-curve-secp160k1-tls13
-test-47 = 47-curve-secp160r1-tls13
-test-48 = 48-curve-secp160r2-tls13
-test-49 = 49-curve-secp192k1-tls13
-test-50 = 50-curve-secp224k1-tls13
-test-51 = 51-curve-secp256k1-tls13
-test-52 = 52-curve-brainpoolP256r1-tls13
-test-53 = 53-curve-brainpoolP384r1-tls13
-test-54 = 54-curve-brainpoolP512r1-tls13
+test-30 = 30-curve-sect233k1-tls12-in-tls13
+test-31 = 31-curve-sect233r1-tls12-in-tls13
+test-32 = 32-curve-sect283k1-tls12-in-tls13
+test-33 = 33-curve-sect283r1-tls12-in-tls13
+test-34 = 34-curve-sect409k1-tls12-in-tls13
+test-35 = 35-curve-sect409r1-tls12-in-tls13
+test-36 = 36-curve-sect571k1-tls12-in-tls13
+test-37 = 37-curve-sect571r1-tls12-in-tls13
+test-38 = 38-curve-secp224r1-tls12-in-tls13
+test-39 = 39-curve-sect163k1-tls12-in-tls13
+test-40 = 40-curve-sect163r2-tls12-in-tls13
+test-41 = 41-curve-prime192v1-tls12-in-tls13
+test-42 = 42-curve-sect163r1-tls12-in-tls13
+test-43 = 43-curve-sect193r1-tls12-in-tls13
+test-44 = 44-curve-sect193r2-tls12-in-tls13
+test-45 = 45-curve-sect239k1-tls12-in-tls13
+test-46 = 46-curve-secp160k1-tls12-in-tls13
+test-47 = 47-curve-secp160r1-tls12-in-tls13
+test-48 = 48-curve-secp160r2-tls12-in-tls13
+test-49 = 49-curve-secp192k1-tls12-in-tls13
+test-50 = 50-curve-secp224k1-tls12-in-tls13
+test-51 = 51-curve-secp256k1-tls12-in-tls13
+test-52 = 52-curve-brainpoolP256r1-tls12-in-tls13
+test-53 = 53-curve-brainpoolP384r1-tls12-in-tls13
+test-54 = 54-curve-brainpoolP512r1-tls12-in-tls13
+test-55 = 55-curve-sect233k1-tls13
+test-56 = 56-curve-sect233r1-tls13
+test-57 = 57-curve-sect283k1-tls13
+test-58 = 58-curve-sect283r1-tls13
+test-59 = 59-curve-sect409k1-tls13
+test-60 = 60-curve-sect409r1-tls13
+test-61 = 61-curve-sect571k1-tls13
+test-62 = 62-curve-sect571r1-tls13
+test-63 = 63-curve-secp224r1-tls13
+test-64 = 64-curve-sect163k1-tls13
+test-65 = 65-curve-sect163r2-tls13
+test-66 = 66-curve-prime192v1-tls13
+test-67 = 67-curve-sect163r1-tls13
+test-68 = 68-curve-sect193r1-tls13
+test-69 = 69-curve-sect193r2-tls13
+test-70 = 70-curve-sect239k1-tls13
+test-71 = 71-curve-secp160k1-tls13
+test-72 = 72-curve-secp160r1-tls13
+test-73 = 73-curve-secp160r2-tls13
+test-74 = 74-curve-secp192k1-tls13
+test-75 = 75-curve-secp224k1-tls13
+test-76 = 76-curve-secp256k1-tls13
+test-77 = 77-curve-brainpoolP256r1-tls13
+test-78 = 78-curve-brainpoolP384r1-tls13
+test-79 = 79-curve-brainpoolP512r1-tls13
 # ===========================================================
 
 [0-curve-prime256v1]
@@ -929,676 +954,1426 @@ ExpectedTmpKeyType = brainpoolP512r1
 
 # ===========================================================
 
-[30-curve-sect233k1-tls13]
-ssl_conf = 30-curve-sect233k1-tls13-ssl
+[30-curve-sect233k1-tls12-in-tls13]
+ssl_conf = 30-curve-sect233k1-tls12-in-tls13-ssl
 
-[30-curve-sect233k1-tls13-ssl]
-server = 30-curve-sect233k1-tls13-server
-client = 30-curve-sect233k1-tls13-client
+[30-curve-sect233k1-tls12-in-tls13-ssl]
+server = 30-curve-sect233k1-tls12-in-tls13-server
+client = 30-curve-sect233k1-tls12-in-tls13-client
 
-[30-curve-sect233k1-tls13-server]
+[30-curve-sect233k1-tls12-in-tls13-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT@SECLEVEL=1
+Curves = sect233k1:P-256
+MaxProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[30-curve-sect233k1-tls12-in-tls13-client]
+CipherString = ECDHE@SECLEVEL=1
+Curves = sect233k1:P-256
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-30]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+ExpectedTmpKeyType = P-256
+
+
+# ===========================================================
+
+[31-curve-sect233r1-tls12-in-tls13]
+ssl_conf = 31-curve-sect233r1-tls12-in-tls13-ssl
+
+[31-curve-sect233r1-tls12-in-tls13-ssl]
+server = 31-curve-sect233r1-tls12-in-tls13-server
+client = 31-curve-sect233r1-tls12-in-tls13-client
+
+[31-curve-sect233r1-tls12-in-tls13-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT@SECLEVEL=1
+Curves = sect233r1:P-256
+MaxProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[31-curve-sect233r1-tls12-in-tls13-client]
+CipherString = ECDHE@SECLEVEL=1
+Curves = sect233r1:P-256
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-31]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+ExpectedTmpKeyType = P-256
+
+
+# ===========================================================
+
+[32-curve-sect283k1-tls12-in-tls13]
+ssl_conf = 32-curve-sect283k1-tls12-in-tls13-ssl
+
+[32-curve-sect283k1-tls12-in-tls13-ssl]
+server = 32-curve-sect283k1-tls12-in-tls13-server
+client = 32-curve-sect283k1-tls12-in-tls13-client
+
+[32-curve-sect283k1-tls12-in-tls13-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT@SECLEVEL=1
+Curves = sect283k1:P-256
+MaxProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[32-curve-sect283k1-tls12-in-tls13-client]
+CipherString = ECDHE@SECLEVEL=1
+Curves = sect283k1:P-256
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-32]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+ExpectedTmpKeyType = P-256
+
+
+# ===========================================================
+
+[33-curve-sect283r1-tls12-in-tls13]
+ssl_conf = 33-curve-sect283r1-tls12-in-tls13-ssl
+
+[33-curve-sect283r1-tls12-in-tls13-ssl]
+server = 33-curve-sect283r1-tls12-in-tls13-server
+client = 33-curve-sect283r1-tls12-in-tls13-client
+
+[33-curve-sect283r1-tls12-in-tls13-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT@SECLEVEL=1
+Curves = sect283r1:P-256
+MaxProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[33-curve-sect283r1-tls12-in-tls13-client]
+CipherString = ECDHE@SECLEVEL=1
+Curves = sect283r1:P-256
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-33]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+ExpectedTmpKeyType = P-256
+
+
+# ===========================================================
+
+[34-curve-sect409k1-tls12-in-tls13]
+ssl_conf = 34-curve-sect409k1-tls12-in-tls13-ssl
+
+[34-curve-sect409k1-tls12-in-tls13-ssl]
+server = 34-curve-sect409k1-tls12-in-tls13-server
+client = 34-curve-sect409k1-tls12-in-tls13-client
+
+[34-curve-sect409k1-tls12-in-tls13-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT@SECLEVEL=1
+Curves = sect409k1:P-256
+MaxProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[34-curve-sect409k1-tls12-in-tls13-client]
+CipherString = ECDHE@SECLEVEL=1
+Curves = sect409k1:P-256
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-34]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+ExpectedTmpKeyType = P-256
+
+
+# ===========================================================
+
+[35-curve-sect409r1-tls12-in-tls13]
+ssl_conf = 35-curve-sect409r1-tls12-in-tls13-ssl
+
+[35-curve-sect409r1-tls12-in-tls13-ssl]
+server = 35-curve-sect409r1-tls12-in-tls13-server
+client = 35-curve-sect409r1-tls12-in-tls13-client
+
+[35-curve-sect409r1-tls12-in-tls13-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT@SECLEVEL=1
+Curves = sect409r1:P-256
+MaxProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[35-curve-sect409r1-tls12-in-tls13-client]
+CipherString = ECDHE@SECLEVEL=1
+Curves = sect409r1:P-256
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-35]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+ExpectedTmpKeyType = P-256
+
+
+# ===========================================================
+
+[36-curve-sect571k1-tls12-in-tls13]
+ssl_conf = 36-curve-sect571k1-tls12-in-tls13-ssl
+
+[36-curve-sect571k1-tls12-in-tls13-ssl]
+server = 36-curve-sect571k1-tls12-in-tls13-server
+client = 36-curve-sect571k1-tls12-in-tls13-client
+
+[36-curve-sect571k1-tls12-in-tls13-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT@SECLEVEL=1
+Curves = sect571k1:P-256
+MaxProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[36-curve-sect571k1-tls12-in-tls13-client]
+CipherString = ECDHE@SECLEVEL=1
+Curves = sect571k1:P-256
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-36]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+ExpectedTmpKeyType = P-256
+
+
+# ===========================================================
+
+[37-curve-sect571r1-tls12-in-tls13]
+ssl_conf = 37-curve-sect571r1-tls12-in-tls13-ssl
+
+[37-curve-sect571r1-tls12-in-tls13-ssl]
+server = 37-curve-sect571r1-tls12-in-tls13-server
+client = 37-curve-sect571r1-tls12-in-tls13-client
+
+[37-curve-sect571r1-tls12-in-tls13-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT@SECLEVEL=1
+Curves = sect571r1:P-256
+MaxProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[37-curve-sect571r1-tls12-in-tls13-client]
+CipherString = ECDHE@SECLEVEL=1
+Curves = sect571r1:P-256
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-37]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+ExpectedTmpKeyType = P-256
+
+
+# ===========================================================
+
+[38-curve-secp224r1-tls12-in-tls13]
+ssl_conf = 38-curve-secp224r1-tls12-in-tls13-ssl
+
+[38-curve-secp224r1-tls12-in-tls13-ssl]
+server = 38-curve-secp224r1-tls12-in-tls13-server
+client = 38-curve-secp224r1-tls12-in-tls13-client
+
+[38-curve-secp224r1-tls12-in-tls13-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT@SECLEVEL=1
+Curves = secp224r1:P-256
+MaxProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[38-curve-secp224r1-tls12-in-tls13-client]
+CipherString = ECDHE@SECLEVEL=1
+Curves = secp224r1:P-256
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-38]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+ExpectedTmpKeyType = P-256
+
+
+# ===========================================================
+
+[39-curve-sect163k1-tls12-in-tls13]
+ssl_conf = 39-curve-sect163k1-tls12-in-tls13-ssl
+
+[39-curve-sect163k1-tls12-in-tls13-ssl]
+server = 39-curve-sect163k1-tls12-in-tls13-server
+client = 39-curve-sect163k1-tls12-in-tls13-client
+
+[39-curve-sect163k1-tls12-in-tls13-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT@SECLEVEL=1
+Curves = sect163k1:P-256
+MaxProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[39-curve-sect163k1-tls12-in-tls13-client]
+CipherString = ECDHE@SECLEVEL=1
+Curves = sect163k1:P-256
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-39]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+ExpectedTmpKeyType = P-256
+
+
+# ===========================================================
+
+[40-curve-sect163r2-tls12-in-tls13]
+ssl_conf = 40-curve-sect163r2-tls12-in-tls13-ssl
+
+[40-curve-sect163r2-tls12-in-tls13-ssl]
+server = 40-curve-sect163r2-tls12-in-tls13-server
+client = 40-curve-sect163r2-tls12-in-tls13-client
+
+[40-curve-sect163r2-tls12-in-tls13-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT@SECLEVEL=1
+Curves = sect163r2:P-256
+MaxProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[40-curve-sect163r2-tls12-in-tls13-client]
+CipherString = ECDHE@SECLEVEL=1
+Curves = sect163r2:P-256
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-40]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+ExpectedTmpKeyType = P-256
+
+
+# ===========================================================
+
+[41-curve-prime192v1-tls12-in-tls13]
+ssl_conf = 41-curve-prime192v1-tls12-in-tls13-ssl
+
+[41-curve-prime192v1-tls12-in-tls13-ssl]
+server = 41-curve-prime192v1-tls12-in-tls13-server
+client = 41-curve-prime192v1-tls12-in-tls13-client
+
+[41-curve-prime192v1-tls12-in-tls13-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT@SECLEVEL=1
+Curves = prime192v1:P-256
+MaxProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[41-curve-prime192v1-tls12-in-tls13-client]
+CipherString = ECDHE@SECLEVEL=1
+Curves = prime192v1:P-256
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-41]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+ExpectedTmpKeyType = P-256
+
+
+# ===========================================================
+
+[42-curve-sect163r1-tls12-in-tls13]
+ssl_conf = 42-curve-sect163r1-tls12-in-tls13-ssl
+
+[42-curve-sect163r1-tls12-in-tls13-ssl]
+server = 42-curve-sect163r1-tls12-in-tls13-server
+client = 42-curve-sect163r1-tls12-in-tls13-client
+
+[42-curve-sect163r1-tls12-in-tls13-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT@SECLEVEL=1
+Curves = sect163r1:P-256
+MaxProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[42-curve-sect163r1-tls12-in-tls13-client]
+CipherString = ECDHE@SECLEVEL=1
+Curves = sect163r1:P-256
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-42]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+ExpectedTmpKeyType = P-256
+
+
+# ===========================================================
+
+[43-curve-sect193r1-tls12-in-tls13]
+ssl_conf = 43-curve-sect193r1-tls12-in-tls13-ssl
+
+[43-curve-sect193r1-tls12-in-tls13-ssl]
+server = 43-curve-sect193r1-tls12-in-tls13-server
+client = 43-curve-sect193r1-tls12-in-tls13-client
+
+[43-curve-sect193r1-tls12-in-tls13-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT@SECLEVEL=1
+Curves = sect193r1:P-256
+MaxProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[43-curve-sect193r1-tls12-in-tls13-client]
+CipherString = ECDHE@SECLEVEL=1
+Curves = sect193r1:P-256
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-43]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+ExpectedTmpKeyType = P-256
+
+
+# ===========================================================
+
+[44-curve-sect193r2-tls12-in-tls13]
+ssl_conf = 44-curve-sect193r2-tls12-in-tls13-ssl
+
+[44-curve-sect193r2-tls12-in-tls13-ssl]
+server = 44-curve-sect193r2-tls12-in-tls13-server
+client = 44-curve-sect193r2-tls12-in-tls13-client
+
+[44-curve-sect193r2-tls12-in-tls13-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT@SECLEVEL=1
+Curves = sect193r2:P-256
+MaxProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[44-curve-sect193r2-tls12-in-tls13-client]
+CipherString = ECDHE@SECLEVEL=1
+Curves = sect193r2:P-256
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-44]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+ExpectedTmpKeyType = P-256
+
+
+# ===========================================================
+
+[45-curve-sect239k1-tls12-in-tls13]
+ssl_conf = 45-curve-sect239k1-tls12-in-tls13-ssl
+
+[45-curve-sect239k1-tls12-in-tls13-ssl]
+server = 45-curve-sect239k1-tls12-in-tls13-server
+client = 45-curve-sect239k1-tls12-in-tls13-client
+
+[45-curve-sect239k1-tls12-in-tls13-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT@SECLEVEL=1
+Curves = sect239k1:P-256
+MaxProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[45-curve-sect239k1-tls12-in-tls13-client]
+CipherString = ECDHE@SECLEVEL=1
+Curves = sect239k1:P-256
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-45]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+ExpectedTmpKeyType = P-256
+
+
+# ===========================================================
+
+[46-curve-secp160k1-tls12-in-tls13]
+ssl_conf = 46-curve-secp160k1-tls12-in-tls13-ssl
+
+[46-curve-secp160k1-tls12-in-tls13-ssl]
+server = 46-curve-secp160k1-tls12-in-tls13-server
+client = 46-curve-secp160k1-tls12-in-tls13-client
+
+[46-curve-secp160k1-tls12-in-tls13-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT@SECLEVEL=1
+Curves = secp160k1:P-256
+MaxProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[46-curve-secp160k1-tls12-in-tls13-client]
+CipherString = ECDHE@SECLEVEL=1
+Curves = secp160k1:P-256
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-46]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+ExpectedTmpKeyType = P-256
+
+
+# ===========================================================
+
+[47-curve-secp160r1-tls12-in-tls13]
+ssl_conf = 47-curve-secp160r1-tls12-in-tls13-ssl
+
+[47-curve-secp160r1-tls12-in-tls13-ssl]
+server = 47-curve-secp160r1-tls12-in-tls13-server
+client = 47-curve-secp160r1-tls12-in-tls13-client
+
+[47-curve-secp160r1-tls12-in-tls13-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT@SECLEVEL=1
+Curves = secp160r1:P-256
+MaxProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[47-curve-secp160r1-tls12-in-tls13-client]
+CipherString = ECDHE@SECLEVEL=1
+Curves = secp160r1:P-256
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-47]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+ExpectedTmpKeyType = P-256
+
+
+# ===========================================================
+
+[48-curve-secp160r2-tls12-in-tls13]
+ssl_conf = 48-curve-secp160r2-tls12-in-tls13-ssl
+
+[48-curve-secp160r2-tls12-in-tls13-ssl]
+server = 48-curve-secp160r2-tls12-in-tls13-server
+client = 48-curve-secp160r2-tls12-in-tls13-client
+
+[48-curve-secp160r2-tls12-in-tls13-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT@SECLEVEL=1
+Curves = secp160r2:P-256
+MaxProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[48-curve-secp160r2-tls12-in-tls13-client]
+CipherString = ECDHE@SECLEVEL=1
+Curves = secp160r2:P-256
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-48]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+ExpectedTmpKeyType = P-256
+
+
+# ===========================================================
+
+[49-curve-secp192k1-tls12-in-tls13]
+ssl_conf = 49-curve-secp192k1-tls12-in-tls13-ssl
+
+[49-curve-secp192k1-tls12-in-tls13-ssl]
+server = 49-curve-secp192k1-tls12-in-tls13-server
+client = 49-curve-secp192k1-tls12-in-tls13-client
+
+[49-curve-secp192k1-tls12-in-tls13-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT@SECLEVEL=1
+Curves = secp192k1:P-256
+MaxProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[49-curve-secp192k1-tls12-in-tls13-client]
+CipherString = ECDHE@SECLEVEL=1
+Curves = secp192k1:P-256
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-49]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+ExpectedTmpKeyType = P-256
+
+
+# ===========================================================
+
+[50-curve-secp224k1-tls12-in-tls13]
+ssl_conf = 50-curve-secp224k1-tls12-in-tls13-ssl
+
+[50-curve-secp224k1-tls12-in-tls13-ssl]
+server = 50-curve-secp224k1-tls12-in-tls13-server
+client = 50-curve-secp224k1-tls12-in-tls13-client
+
+[50-curve-secp224k1-tls12-in-tls13-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT@SECLEVEL=1
+Curves = secp224k1:P-256
+MaxProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[50-curve-secp224k1-tls12-in-tls13-client]
+CipherString = ECDHE@SECLEVEL=1
+Curves = secp224k1:P-256
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-50]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+ExpectedTmpKeyType = P-256
+
+
+# ===========================================================
+
+[51-curve-secp256k1-tls12-in-tls13]
+ssl_conf = 51-curve-secp256k1-tls12-in-tls13-ssl
+
+[51-curve-secp256k1-tls12-in-tls13-ssl]
+server = 51-curve-secp256k1-tls12-in-tls13-server
+client = 51-curve-secp256k1-tls12-in-tls13-client
+
+[51-curve-secp256k1-tls12-in-tls13-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT@SECLEVEL=1
+Curves = secp256k1:P-256
+MaxProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[51-curve-secp256k1-tls12-in-tls13-client]
+CipherString = ECDHE@SECLEVEL=1
+Curves = secp256k1:P-256
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-51]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+ExpectedTmpKeyType = P-256
+
+
+# ===========================================================
+
+[52-curve-brainpoolP256r1-tls12-in-tls13]
+ssl_conf = 52-curve-brainpoolP256r1-tls12-in-tls13-ssl
+
+[52-curve-brainpoolP256r1-tls12-in-tls13-ssl]
+server = 52-curve-brainpoolP256r1-tls12-in-tls13-server
+client = 52-curve-brainpoolP256r1-tls12-in-tls13-client
+
+[52-curve-brainpoolP256r1-tls12-in-tls13-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT@SECLEVEL=1
+Curves = brainpoolP256r1:P-256
+MaxProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[52-curve-brainpoolP256r1-tls12-in-tls13-client]
+CipherString = ECDHE@SECLEVEL=1
+Curves = brainpoolP256r1:P-256
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-52]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+ExpectedTmpKeyType = P-256
+
+
+# ===========================================================
+
+[53-curve-brainpoolP384r1-tls12-in-tls13]
+ssl_conf = 53-curve-brainpoolP384r1-tls12-in-tls13-ssl
+
+[53-curve-brainpoolP384r1-tls12-in-tls13-ssl]
+server = 53-curve-brainpoolP384r1-tls12-in-tls13-server
+client = 53-curve-brainpoolP384r1-tls12-in-tls13-client
+
+[53-curve-brainpoolP384r1-tls12-in-tls13-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT@SECLEVEL=1
+Curves = brainpoolP384r1:P-256
+MaxProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[53-curve-brainpoolP384r1-tls12-in-tls13-client]
+CipherString = ECDHE@SECLEVEL=1
+Curves = brainpoolP384r1:P-256
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-53]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+ExpectedTmpKeyType = P-256
+
+
+# ===========================================================
+
+[54-curve-brainpoolP512r1-tls12-in-tls13]
+ssl_conf = 54-curve-brainpoolP512r1-tls12-in-tls13-ssl
+
+[54-curve-brainpoolP512r1-tls12-in-tls13-ssl]
+server = 54-curve-brainpoolP512r1-tls12-in-tls13-server
+client = 54-curve-brainpoolP512r1-tls12-in-tls13-client
+
+[54-curve-brainpoolP512r1-tls12-in-tls13-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT@SECLEVEL=1
+Curves = brainpoolP512r1:P-256
+MaxProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[54-curve-brainpoolP512r1-tls12-in-tls13-client]
+CipherString = ECDHE@SECLEVEL=1
+Curves = brainpoolP512r1:P-256
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-54]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+ExpectedTmpKeyType = P-256
+
+
+# ===========================================================
+
+[55-curve-sect233k1-tls13]
+ssl_conf = 55-curve-sect233k1-tls13-ssl
+
+[55-curve-sect233k1-tls13-ssl]
+server = 55-curve-sect233k1-tls13-server
+client = 55-curve-sect233k1-tls13-client
+
+[55-curve-sect233k1-tls13-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
 Curves = sect233k1
 MaxProtocol = TLSv1.3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
-[30-curve-sect233k1-tls13-client]
+[55-curve-sect233k1-tls13-client]
 CipherString = ECDHE
 Curves = sect233k1
 MinProtocol = TLSv1.3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
-[test-30]
+[test-55]
 ExpectedResult = ClientFail
 
 
 # ===========================================================
 
-[31-curve-sect233r1-tls13]
-ssl_conf = 31-curve-sect233r1-tls13-ssl
+[56-curve-sect233r1-tls13]
+ssl_conf = 56-curve-sect233r1-tls13-ssl
 
-[31-curve-sect233r1-tls13-ssl]
-server = 31-curve-sect233r1-tls13-server
-client = 31-curve-sect233r1-tls13-client
+[56-curve-sect233r1-tls13-ssl]
+server = 56-curve-sect233r1-tls13-server
+client = 56-curve-sect233r1-tls13-client
 
-[31-curve-sect233r1-tls13-server]
+[56-curve-sect233r1-tls13-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
 Curves = sect233r1
 MaxProtocol = TLSv1.3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
-[31-curve-sect233r1-tls13-client]
+[56-curve-sect233r1-tls13-client]
 CipherString = ECDHE
 Curves = sect233r1
 MinProtocol = TLSv1.3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
-[test-31]
+[test-56]
 ExpectedResult = ClientFail
 
 
 # ===========================================================
 
-[32-curve-sect283k1-tls13]
-ssl_conf = 32-curve-sect283k1-tls13-ssl
+[57-curve-sect283k1-tls13]
+ssl_conf = 57-curve-sect283k1-tls13-ssl
 
-[32-curve-sect283k1-tls13-ssl]
-server = 32-curve-sect283k1-tls13-server
-client = 32-curve-sect283k1-tls13-client
+[57-curve-sect283k1-tls13-ssl]
+server = 57-curve-sect283k1-tls13-server
+client = 57-curve-sect283k1-tls13-client
 
-[32-curve-sect283k1-tls13-server]
+[57-curve-sect283k1-tls13-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
 Curves = sect283k1
 MaxProtocol = TLSv1.3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
-[32-curve-sect283k1-tls13-client]
+[57-curve-sect283k1-tls13-client]
 CipherString = ECDHE
 Curves = sect283k1
 MinProtocol = TLSv1.3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
-[test-32]
+[test-57]
 ExpectedResult = ClientFail
 
 
 # ===========================================================
 
-[33-curve-sect283r1-tls13]
-ssl_conf = 33-curve-sect283r1-tls13-ssl
+[58-curve-sect283r1-tls13]
+ssl_conf = 58-curve-sect283r1-tls13-ssl
 
-[33-curve-sect283r1-tls13-ssl]
-server = 33-curve-sect283r1-tls13-server
-client = 33-curve-sect283r1-tls13-client
+[58-curve-sect283r1-tls13-ssl]
+server = 58-curve-sect283r1-tls13-server
+client = 58-curve-sect283r1-tls13-client
 
-[33-curve-sect283r1-tls13-server]
+[58-curve-sect283r1-tls13-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
 Curves = sect283r1
 MaxProtocol = TLSv1.3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
-[33-curve-sect283r1-tls13-client]
+[58-curve-sect283r1-tls13-client]
 CipherString = ECDHE
 Curves = sect283r1
 MinProtocol = TLSv1.3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
-[test-33]
+[test-58]
 ExpectedResult = ClientFail
 
 
 # ===========================================================
 
-[34-curve-sect409k1-tls13]
-ssl_conf = 34-curve-sect409k1-tls13-ssl
+[59-curve-sect409k1-tls13]
+ssl_conf = 59-curve-sect409k1-tls13-ssl
 
-[34-curve-sect409k1-tls13-ssl]
-server = 34-curve-sect409k1-tls13-server
-client = 34-curve-sect409k1-tls13-client
+[59-curve-sect409k1-tls13-ssl]
+server = 59-curve-sect409k1-tls13-server
+client = 59-curve-sect409k1-tls13-client
 
-[34-curve-sect409k1-tls13-server]
+[59-curve-sect409k1-tls13-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
 Curves = sect409k1
 MaxProtocol = TLSv1.3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
-[34-curve-sect409k1-tls13-client]
+[59-curve-sect409k1-tls13-client]
 CipherString = ECDHE
 Curves = sect409k1
 MinProtocol = TLSv1.3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
-[test-34]
+[test-59]
 ExpectedResult = ClientFail
 
 
 # ===========================================================
 
-[35-curve-sect409r1-tls13]
-ssl_conf = 35-curve-sect409r1-tls13-ssl
+[60-curve-sect409r1-tls13]
+ssl_conf = 60-curve-sect409r1-tls13-ssl
 
-[35-curve-sect409r1-tls13-ssl]
-server = 35-curve-sect409r1-tls13-server
-client = 35-curve-sect409r1-tls13-client
+[60-curve-sect409r1-tls13-ssl]
+server = 60-curve-sect409r1-tls13-server
+client = 60-curve-sect409r1-tls13-client
 
-[35-curve-sect409r1-tls13-server]
+[60-curve-sect409r1-tls13-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
 Curves = sect409r1
 MaxProtocol = TLSv1.3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
-[35-curve-sect409r1-tls13-client]
+[60-curve-sect409r1-tls13-client]
 CipherString = ECDHE
 Curves = sect409r1
 MinProtocol = TLSv1.3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
-[test-35]
+[test-60]
 ExpectedResult = ClientFail
 
 
 # ===========================================================
 
-[36-curve-sect571k1-tls13]
-ssl_conf = 36-curve-sect571k1-tls13-ssl
+[61-curve-sect571k1-tls13]
+ssl_conf = 61-curve-sect571k1-tls13-ssl
 
-[36-curve-sect571k1-tls13-ssl]
-server = 36-curve-sect571k1-tls13-server
-client = 36-curve-sect571k1-tls13-client
+[61-curve-sect571k1-tls13-ssl]
+server = 61-curve-sect571k1-tls13-server
+client = 61-curve-sect571k1-tls13-client
 
-[36-curve-sect571k1-tls13-server]
+[61-curve-sect571k1-tls13-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
 Curves = sect571k1
 MaxProtocol = TLSv1.3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
-[36-curve-sect571k1-tls13-client]
+[61-curve-sect571k1-tls13-client]
 CipherString = ECDHE
 Curves = sect571k1
 MinProtocol = TLSv1.3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
-[test-36]
+[test-61]
 ExpectedResult = ClientFail
 
 
 # ===========================================================
 
-[37-curve-sect571r1-tls13]
-ssl_conf = 37-curve-sect571r1-tls13-ssl
+[62-curve-sect571r1-tls13]
+ssl_conf = 62-curve-sect571r1-tls13-ssl
 
-[37-curve-sect571r1-tls13-ssl]
-server = 37-curve-sect571r1-tls13-server
-client = 37-curve-sect571r1-tls13-client
+[62-curve-sect571r1-tls13-ssl]
+server = 62-curve-sect571r1-tls13-server
+client = 62-curve-sect571r1-tls13-client
 
-[37-curve-sect571r1-tls13-server]
+[62-curve-sect571r1-tls13-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
 Curves = sect571r1
 MaxProtocol = TLSv1.3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 <
author	Matt Caswell <matt@openssl.org>	2022-09-30 16:59:05 +0100
committer	Tomas Mraz <tomas@openssl.org>	2022-10-19 10:22:11 +0200
commit	c861c3ee142ac00d5facd112fd8891e87c50bc7b (patch)
tree	9eb1920012a53cb4c363ae529e53a5b6bdd9b3e5 /test
parent	78d00e05a537495287b979bcad79365d5d9607d4 (diff)