Add some more brainpool tests for TLSv1.3

Reviewed-by: N Tomas Mraz <tomas@openssl.org> Reviewed-by: N Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/19315)

Add some more brainpool tests for TLSv1.3
Reviewed-by: N Tomas Mraz <tomas@openssl.org> Reviewed-by: N Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/19315)
3f76339a · Matt Caswell · c9ee6e36 · 3f76339a · 3f76339a · 3f76339a
Showing with 666 addition and 451 deletion

test/helpers/ssl_test_ctx.c test/helpers/ssl_test_ctx.c +11 -0

test/ssl-tests/14-curves.cnf test/ssl-tests/14-curves.cnf +625 -451

test/ssl-tests/14-curves.cnf.in test/ssl-tests/14-curves.cnf.in +30 -0

未找到文件。
--- a/test/helpers/ssl_test_ctx.c
+++ b/test/helpers/ssl_test_ctx.c
@@ -533,6 +533,17 @@ __owur static int parse_expected_key_type(int *ptype, const char *value)
    if (nid == NID_undef)
        nid = EC_curve_nist2nid(value);
 #endif
+    switch (nid) {
+    case NID_brainpoolP256r1tls13:
+        nid = NID_brainpoolP256r1;
+        break;
+    case NID_brainpoolP384r1tls13:
+        nid = NID_brainpoolP384r1;
+        break;
+    case NID_brainpoolP512r1tls13:
+        nid = NID_brainpoolP512r1;
+        break;
+    }
    if (nid == NID_undef)
        return 0;
    *ptype = nid;

--- a/test/ssl-tests/14-curves.cnf
+++ b/test/ssl-tests/14-curves.cnf
--- a/test/ssl-tests/14-curves.cnf.in
+++ b/test/ssl-tests/14-curves.cnf.in
@@ -14,6 +14,12 @@ our $fips_mode;

 my @curves = ("prime256v1", "secp384r1", "secp521r1", "X25519",
              "X448");
+#Curves *only* suitable for use in TLSv1.3
+my @curves_tls_1_3 = ("brainpoolP256r1tls13", "brainpoolP384r1tls13",
+                      "brainpoolP512r1tls13");
+
+#It so happens that all the curves in @curves_tls_1_3 are non-fips curves
+push @curves, @curves_tls_1_3 if !$fips_mode;

 my @curves_tls_1_2 = ("sect233k1", "sect233r1",
              "sect283k1", "sect283r1", "sect409k1", "sect409r1",
@@ -91,6 +97,30 @@ sub generate_tests() {
            },
        };
    }
+    if (!$fips_mode) {
+        foreach (0..$#curves_tls_1_3) {
+            my $curve = $curves_tls_1_3[$_];
+            push @tests, {
+                name => "curve-${curve}-tls13-in-tls12",
+                server => {
+                    "Curves" => $curve,
+                    "CipherString" => 'DEFAULT@SECLEVEL=1',
+                    "MaxProtocol" => "TLSv1.3"
+                },
+                client => {
+                    "CipherString" => 'ECDHE@SECLEVEL=1',
+                    "MaxProtocol" => "TLSv1.2",
+                    "Curves" => $curve
+                },
+                test   => {
+                    #These curves are only suitable for TLSv1.3 so we expect the
+                    #server to fail because it has no shared groups for TLSv1.2
+                    #ECDHE key exchange
+                    "ExpectedResult" => "ServerFail"
+                },
+            };
+        }
+    }
 }

 generate_tests();