From 4f9215734c544108f1c86c7b87a2c27a893718a0 Mon Sep 17 00:00:00 2001 From: David Benjamin Date: Sun, 17 Jul 2016 14:20:10 +0200 Subject: [PATCH] Add a TLS 1.3 version of UnsupportedCurve. This is basically the same as BadECDHECurve-TLS13. That the client picks a share first but the server picks the curve type means there's less redundancy to deal with. Change-Id: Icd9a4ecefe8e0dfaeb8fd0b062ca28561b05df98 Reviewed-on: https://boringssl-review.googlesource.com/8817 Reviewed-by: David Benjamin Commit-Queue: David Benjamin CQ-Verified: CQ bot account: commit-bot@chromium.org --- ssl/test/runner/runner.go | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) diff --git a/ssl/test/runner/runner.go b/ssl/test/runner/runner.go index 34498ac7..8241f8b6 100644 --- a/ssl/test/runner/runner.go +++ b/ssl/test/runner/runner.go @@ -6377,7 +6377,6 @@ func addCurveTests() { testCases = append(testCases, testCase{ name: "UnsupportedCurve", config: Config{ - // TODO(davidben): Add a TLS 1.3 version of this test. MaxVersion: VersionTLS12, CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256}, CurvePreferences: []CurveID{CurveP256}, @@ -6390,6 +6389,23 @@ func addCurveTests() { expectedError: ":WRONG_CURVE:", }) + testCases = append(testCases, testCase{ + // TODO(davidben): Add a TLS 1.3 version where + // HelloRetryRequest requests an unsupported curve. + name: "UnsupportedCurve-ServerHello-TLS13", + config: Config{ + MaxVersion: VersionTLS12, + CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256}, + CurvePreferences: []CurveID{CurveP384}, + Bugs: ProtocolBugs{ + SendCurve: CurveP256, + }, + }, + flags: []string{"-p384-only"}, + shouldFail: true, + expectedError: ":WRONG_CURVE:", + }) + // Test invalid curve points. testCases = append(testCases, testCase{ name: "InvalidECDHPoint-Client",