Test SSL_get_curve_id behavior on resume.
Also test that TLS 1.3 can be resumed at a different curve.
Change-Id: Ic58e03ad858c861958b7c934813c3e448fb2829c
Reviewed-on: https://boringssl-review.googlesource.com/12692
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
diff --git a/ssl/test/bssl_shim.cc b/ssl/test/bssl_shim.cc
index fa74150..a3903e2 100644
--- a/ssl/test/bssl_shim.cc
+++ b/ssl/test/bssl_shim.cc
@@ -1359,11 +1359,15 @@
return false;
}
- if (config->expect_curve_id != 0) {
+ int expect_curve_id = config->expect_curve_id;
+ if (is_resume && config->expect_resume_curve_id != 0) {
+ expect_curve_id = config->expect_resume_curve_id;
+ }
+ if (expect_curve_id != 0) {
uint16_t curve_id = SSL_get_curve_id(ssl);
- if (static_cast<uint16_t>(config->expect_curve_id) != curve_id) {
+ if (static_cast<uint16_t>(expect_curve_id) != curve_id) {
fprintf(stderr, "curve_id was %04x, wanted %04x\n", curve_id,
- static_cast<uint16_t>(config->expect_curve_id));
+ static_cast<uint16_t>(expect_curve_id));
return false;
}
}
diff --git a/ssl/test/runner/runner.go b/ssl/test/runner/runner.go
index b4c21b1..87a79a3 100644
--- a/ssl/test/runner/runner.go
+++ b/ssl/test/runner/runner.go
@@ -8104,6 +8104,65 @@
shouldFail: true,
expectedError: ":INVALID_ENCODING:",
})
+
+ // The previous curve ID should be reported on TLS 1.2 resumption.
+ testCases = append(testCases, testCase{
+ name: "CurveID-Resume-Client",
+ config: Config{
+ MaxVersion: VersionTLS12,
+ CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
+ CurvePreferences: []CurveID{CurveX25519},
+ },
+ flags: []string{"-expect-curve-id", strconv.Itoa(int(CurveX25519))},
+ resumeSession: true,
+ })
+ testCases = append(testCases, testCase{
+ testType: serverTest,
+ name: "CurveID-Resume-Server",
+ config: Config{
+ MaxVersion: VersionTLS12,
+ CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
+ CurvePreferences: []CurveID{CurveX25519},
+ },
+ flags: []string{"-expect-curve-id", strconv.Itoa(int(CurveX25519))},
+ resumeSession: true,
+ })
+
+ // TLS 1.3 allows resuming at a differet curve. If this happens, the new
+ // one should be reported.
+ testCases = append(testCases, testCase{
+ name: "CurveID-Resume-Client-TLS13",
+ config: Config{
+ MaxVersion: VersionTLS13,
+ CurvePreferences: []CurveID{CurveX25519},
+ },
+ resumeConfig: &Config{
+ MaxVersion: VersionTLS13,
+ CurvePreferences: []CurveID{CurveP256},
+ },
+ flags: []string{
+ "-expect-curve-id", strconv.Itoa(int(CurveX25519)),
+ "-expect-resume-curve-id", strconv.Itoa(int(CurveP256)),
+ },
+ resumeSession: true,
+ })
+ testCases = append(testCases, testCase{
+ testType: serverTest,
+ name: "CurveID-Resume-Server-TLS13",
+ config: Config{
+ MaxVersion: VersionTLS13,
+ CurvePreferences: []CurveID{CurveX25519},
+ },
+ resumeConfig: &Config{
+ MaxVersion: VersionTLS13,
+ CurvePreferences: []CurveID{CurveP256},
+ },
+ flags: []string{
+ "-expect-curve-id", strconv.Itoa(int(CurveX25519)),
+ "-expect-resume-curve-id", strconv.Itoa(int(CurveP256)),
+ },
+ resumeSession: true,
+ })
}
func addTLS13RecordTests() {
diff --git a/ssl/test/test_config.cc b/ssl/test/test_config.cc
index a35b223..492dd73 100644
--- a/ssl/test/test_config.cc
+++ b/ssl/test/test_config.cc
@@ -164,6 +164,7 @@
{ "-expect-peer-signature-algorithm",
&TestConfig::expect_peer_signature_algorithm },
{ "-expect-curve-id", &TestConfig::expect_curve_id },
+ { "-expect-resume-curve-id", &TestConfig::expect_resume_curve_id },
{ "-initial-timeout-duration-ms", &TestConfig::initial_timeout_duration_ms },
{ "-max-cert-list", &TestConfig::max_cert_list },
{ "-expect-cipher-aes", &TestConfig::expect_cipher_aes },
diff --git a/ssl/test/test_config.h b/ssl/test/test_config.h
index 9d84786..4d6a336 100644
--- a/ssl/test/test_config.h
+++ b/ssl/test/test_config.h
@@ -107,6 +107,7 @@
bool enable_all_curves = false;
bool use_sparse_dh_prime = false;
int expect_curve_id = 0;
+ int expect_resume_curve_id = 0;
bool use_old_client_cert_callback = false;
int initial_timeout_duration_ms = 0;
bool use_null_client_ca_list = false;
