[openssl] master update
tomas at openssl.org
tomas at openssl.org
Fri Feb 12 18:06:30 UTC 2021
The branch master has been updated
via 9ff5bd612a415571b12cc9febe22c710d9d2d42a (commit)
via 89e14ca7c7003b3b5874a8dac3f21521a4f844b4 (commit)
from d8c1cafbbc5dfe2347a7157178db5b50fdf9d248 (commit)
- Log -----------------------------------------------------------------
commit 9ff5bd612a415571b12cc9febe22c710d9d2d42a
Author: Tomas Mraz <tomas at openssl.org>
Date: Thu Feb 11 18:18:49 2021 +0100
ssl_test: Add testcases for disallowing non-TLS1.3 curves with TLS1.3
Also correctly mark max protocol version for some curves.
Reviewed-by: Matt Caswell <matt at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14154)
commit 89e14ca7c7003b3b5874a8dac3f21521a4f844b4
Author: Tomas Mraz <tomas at openssl.org>
Date: Thu Feb 11 15:25:35 2021 +0100
tls_valid_group: Add missing dereference of okfortls13
Fixes #14153
Reviewed-by: Matt Caswell <matt at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14154)
-----------------------------------------------------------------------
Summary of changes:
providers/common/capabilities.c | 66 ++-
ssl/t1_lib.c | 2 +-
test/ssl-tests/14-curves.cnf | 1112 ++++++++++++++++++++++++++++++++-------
test/ssl-tests/14-curves.cnf.in | 53 +-
4 files changed, 1012 insertions(+), 221 deletions(-)
diff --git a/providers/common/capabilities.c b/providers/common/capabilities.c
index f708beb16d..da3cf50820 100644
--- a/providers/common/capabilities.c
+++ b/providers/common/capabilities.c
@@ -31,28 +31,50 @@ typedef struct tls_group_constants_st {
} TLS_GROUP_CONSTANTS;
static const TLS_GROUP_CONSTANTS group_list[35] = {
- { OSSL_TLS_GROUP_ID_sect163k1, 80, TLS1_VERSION, 0, DTLS1_VERSION, 0 },
- { OSSL_TLS_GROUP_ID_sect163r1, 80, TLS1_VERSION, 0, DTLS1_VERSION, 0 },
- { OSSL_TLS_GROUP_ID_sect163r2, 80, TLS1_VERSION, 0, DTLS1_VERSION, 0 },
- { OSSL_TLS_GROUP_ID_sect193r1, 80, TLS1_VERSION, 0, DTLS1_VERSION, 0 },
- { OSSL_TLS_GROUP_ID_sect193r2, 80, TLS1_VERSION, 0, DTLS1_VERSION, 0 },
- { OSSL_TLS_GROUP_ID_sect233k1, 112, TLS1_VERSION, 0, DTLS1_VERSION, 0 },
- { OSSL_TLS_GROUP_ID_sect233r1, 112, TLS1_VERSION, 0, DTLS1_VERSION, 0 },
- { OSSL_TLS_GROUP_ID_sect239k1, 112, TLS1_VERSION, 0, DTLS1_VERSION, 0 },
- { OSSL_TLS_GROUP_ID_sect283k1, 128, TLS1_VERSION, 0, DTLS1_VERSION, 0 },
- { OSSL_TLS_GROUP_ID_sect283r1, 128, TLS1_VERSION, 0, DTLS1_VERSION, 0 },
- { OSSL_TLS_GROUP_ID_sect409k1, 192, TLS1_VERSION, 0, DTLS1_VERSION, 0 },
- { OSSL_TLS_GROUP_ID_sect409r1, 192, TLS1_VERSION, 0, DTLS1_VERSION, 0 },
- { OSSL_TLS_GROUP_ID_sect571k1, 256, TLS1_VERSION, 0, DTLS1_VERSION, 0 },
- { OSSL_TLS_GROUP_ID_sect571r1, 256, TLS1_VERSION, 0, DTLS1_VERSION, 0 },
- { OSSL_TLS_GROUP_ID_secp160k1, 80, TLS1_VERSION, 0, DTLS1_VERSION, 0 },
- { OSSL_TLS_GROUP_ID_secp160r1, 80, TLS1_VERSION, 0, DTLS1_VERSION, 0 },
- { OSSL_TLS_GROUP_ID_secp160r2, 80, TLS1_VERSION, 0, DTLS1_VERSION, 0 },
- { OSSL_TLS_GROUP_ID_secp192k1, 80, TLS1_VERSION, 0, DTLS1_VERSION, 0 },
- { OSSL_TLS_GROUP_ID_secp192r1, 80, TLS1_VERSION, 0, DTLS1_VERSION, 0 },
- { OSSL_TLS_GROUP_ID_secp224k1, 112, TLS1_VERSION, 0, DTLS1_VERSION, 0 },
- { OSSL_TLS_GROUP_ID_secp224r1, 112, TLS1_VERSION, 0, DTLS1_VERSION, 0 },
- { OSSL_TLS_GROUP_ID_secp256k1, 128, TLS1_VERSION, 0, DTLS1_VERSION, 0 },
+ { OSSL_TLS_GROUP_ID_sect163k1, 80, TLS1_VERSION, TLS1_2_VERSION,
+ DTLS1_VERSION, DTLS1_2_VERSION },
+ { OSSL_TLS_GROUP_ID_sect163r1, 80, TLS1_VERSION, TLS1_2_VERSION,
+ DTLS1_VERSION, DTLS1_2_VERSION },
+ { OSSL_TLS_GROUP_ID_sect163r2, 80, TLS1_VERSION, TLS1_2_VERSION,
+ DTLS1_VERSION, DTLS1_2_VERSION },
+ { OSSL_TLS_GROUP_ID_sect193r1, 80, TLS1_VERSION, TLS1_2_VERSION,
+ DTLS1_VERSION, DTLS1_2_VERSION },
+ { OSSL_TLS_GROUP_ID_sect193r2, 80, TLS1_VERSION, TLS1_2_VERSION,
+ DTLS1_VERSION, DTLS1_2_VERSION },
+ { OSSL_TLS_GROUP_ID_sect233k1, 112, TLS1_VERSION, TLS1_2_VERSION,
+ DTLS1_VERSION, DTLS1_2_VERSION },
+ { OSSL_TLS_GROUP_ID_sect233r1, 112, TLS1_VERSION, TLS1_2_VERSION,
+ DTLS1_VERSION, DTLS1_2_VERSION },
+ { OSSL_TLS_GROUP_ID_sect239k1, 112, TLS1_VERSION, TLS1_2_VERSION,
+ DTLS1_VERSION, DTLS1_2_VERSION },
+ { OSSL_TLS_GROUP_ID_sect283k1, 128, TLS1_VERSION, TLS1_2_VERSION,
+ DTLS1_VERSION, DTLS1_2_VERSION },
+ { OSSL_TLS_GROUP_ID_sect283r1, 128, TLS1_VERSION, TLS1_2_VERSION,
+ DTLS1_VERSION, DTLS1_2_VERSION },
+ { OSSL_TLS_GROUP_ID_sect409k1, 192, TLS1_VERSION, TLS1_2_VERSION,
+ DTLS1_VERSION, DTLS1_2_VERSION },
+ { OSSL_TLS_GROUP_ID_sect409r1, 192, TLS1_VERSION, TLS1_2_VERSION,
+ DTLS1_VERSION, DTLS1_2_VERSION },
+ { OSSL_TLS_GROUP_ID_sect571k1, 256, TLS1_VERSION, TLS1_2_VERSION,
+ DTLS1_VERSION, DTLS1_2_VERSION },
+ { OSSL_TLS_GROUP_ID_sect571r1, 256, TLS1_VERSION, TLS1_2_VERSION,
+ DTLS1_VERSION, DTLS1_2_VERSION },
+ { OSSL_TLS_GROUP_ID_secp160k1, 80, TLS1_VERSION, TLS1_2_VERSION,
+ DTLS1_VERSION, DTLS1_2_VERSION },
+ { OSSL_TLS_GROUP_ID_secp160r1, 80, TLS1_VERSION, TLS1_2_VERSION,
+ DTLS1_VERSION, DTLS1_2_VERSION },
+ { OSSL_TLS_GROUP_ID_secp160r2, 80, TLS1_VERSION, TLS1_2_VERSION,
+ DTLS1_VERSION, DTLS1_2_VERSION },
+ { OSSL_TLS_GROUP_ID_secp192k1, 80, TLS1_VERSION, TLS1_2_VERSION,
+ DTLS1_VERSION, DTLS1_2_VERSION },
+ { OSSL_TLS_GROUP_ID_secp192r1, 80, TLS1_VERSION, TLS1_2_VERSION,
+ DTLS1_VERSION, DTLS1_2_VERSION },
+ { OSSL_TLS_GROUP_ID_secp224k1, 112, TLS1_VERSION, TLS1_2_VERSION,
+ DTLS1_VERSION, DTLS1_2_VERSION },
+ { OSSL_TLS_GROUP_ID_secp224r1, 112, TLS1_VERSION, TLS1_2_VERSION,
+ DTLS1_VERSION, DTLS1_2_VERSION },
+ { OSSL_TLS_GROUP_ID_secp256k1, 128, TLS1_VERSION, TLS1_2_VERSION,
+ DTLS1_VERSION, DTLS1_2_VERSION },
{ OSSL_TLS_GROUP_ID_secp256r1, 128, TLS1_VERSION, 0, DTLS1_VERSION, 0 },
{ OSSL_TLS_GROUP_ID_secp384r1, 192, TLS1_VERSION, 0, DTLS1_VERSION, 0 },
{ OSSL_TLS_GROUP_ID_secp521r1, 256, TLS1_VERSION, 0, DTLS1_VERSION, 0 },
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index 684e8494fc..ace890d915 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -526,7 +526,7 @@ int tls_valid_group(SSL *s, uint16_t group_id, int minversion, int maxversion,
int ret;
if (okfortls13 != NULL)
- okfortls13 = 0;
+ *okfortls13 = 0;
if (ginfo == NULL)
return 0;
diff --git a/test/ssl-tests/14-curves.cnf b/test/ssl-tests/14-curves.cnf
index 1982c99db7..824a9f9a0e 100644
--- a/test/ssl-tests/14-curves.cnf
+++ b/test/ssl-tests/14-curves.cnf
@@ -1,21 +1,21 @@
# Generated with generate_ssl_tests.pl
-num_tests = 30
-
-test-0 = 0-curve-sect233k1
-test-1 = 1-curve-sect233r1
-test-2 = 2-curve-sect283k1
-test-3 = 3-curve-sect283r1
-test-4 = 4-curve-sect409k1
-test-5 = 5-curve-sect409r1
-test-6 = 6-curve-sect571k1
-test-7 = 7-curve-sect571r1
-test-8 = 8-curve-secp224r1
-test-9 = 9-curve-prime256v1
-test-10 = 10-curve-secp384r1
-test-11 = 11-curve-secp521r1
-test-12 = 12-curve-X25519
-test-13 = 13-curve-X448
+num_tests = 55
+
+test-0 = 0-curve-prime256v1
+test-1 = 1-curve-secp384r1
+test-2 = 2-curve-secp521r1
+test-3 = 3-curve-X25519
+test-4 = 4-curve-X448
+test-5 = 5-curve-sect233k1
+test-6 = 6-curve-sect233r1
+test-7 = 7-curve-sect283k1
+test-8 = 8-curve-sect283r1
+test-9 = 9-curve-sect409k1
+test-10 = 10-curve-sect409r1
+test-11 = 11-curve-sect571k1
+test-12 = 12-curve-sect571r1
+test-13 = 13-curve-secp224r1
test-14 = 14-curve-sect163k1
test-15 = 15-curve-sect163r2
test-16 = 16-curve-prime192v1
@@ -32,396 +32,435 @@ test-26 = 26-curve-secp256k1
test-27 = 27-curve-brainpoolP256r1
test-28 = 28-curve-brainpoolP384r1
test-29 = 29-curve-brainpoolP512r1
+test-30 = 30-curve-sect233k1-tls13
+test-31 = 31-curve-sect233r1-tls13
+test-32 = 32-curve-sect283k1-tls13
+test-33 = 33-curve-sect283r1-tls13
+test-34 = 34-curve-sect409k1-tls13
+test-35 = 35-curve-sect409r1-tls13
+test-36 = 36-curve-sect571k1-tls13
+test-37 = 37-curve-sect571r1-tls13
+test-38 = 38-curve-secp224r1-tls13
+test-39 = 39-curve-sect163k1-tls13
+test-40 = 40-curve-sect163r2-tls13
+test-41 = 41-curve-prime192v1-tls13
+test-42 = 42-curve-sect163r1-tls13
+test-43 = 43-curve-sect193r1-tls13
+test-44 = 44-curve-sect193r2-tls13
+test-45 = 45-curve-sect239k1-tls13
+test-46 = 46-curve-secp160k1-tls13
+test-47 = 47-curve-secp160r1-tls13
+test-48 = 48-curve-secp160r2-tls13
+test-49 = 49-curve-secp192k1-tls13
+test-50 = 50-curve-secp224k1-tls13
+test-51 = 51-curve-secp256k1-tls13
+test-52 = 52-curve-brainpoolP256r1-tls13
+test-53 = 53-curve-brainpoolP384r1-tls13
+test-54 = 54-curve-brainpoolP512r1-tls13
# ===========================================================
-[0-curve-sect233k1]
-ssl_conf = 0-curve-sect233k1-ssl
+[0-curve-prime256v1]
+ssl_conf = 0-curve-prime256v1-ssl
-[0-curve-sect233k1-ssl]
-server = 0-curve-sect233k1-server
-client = 0-curve-sect233k1-client
+[0-curve-prime256v1-ssl]
+server = 0-curve-prime256v1-server
+client = 0-curve-prime256v1-client
-[0-curve-sect233k1-server]
+[0-curve-prime256v1-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
-Curves = sect233k1
-MaxProtocol = TLSv1.2
+Curves = prime256v1
+MaxProtocol = TLSv1.3
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-[0-curve-sect233k1-client]
+[0-curve-prime256v1-client]
CipherString = ECDHE
-Curves = sect233k1
-MaxProtocol = TLSv1.2
+Curves = prime256v1
+MaxProtocol = TLSv1.3
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-0]
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
-ExpectedTmpKeyType = sect233k1
+ExpectedTmpKeyType = prime256v1
# ===========================================================
-[1-curve-sect233r1]
-ssl_conf = 1-curve-sect233r1-ssl
+[1-curve-secp384r1]
+ssl_conf = 1-curve-secp384r1-ssl
-[1-curve-sect233r1-ssl]
-server = 1-curve-sect233r1-server
-client = 1-curve-sect233r1-client
+[1-curve-secp384r1-ssl]
+server = 1-curve-secp384r1-server
+client = 1-curve-secp384r1-client
-[1-curve-sect233r1-server]
+[1-curve-secp384r1-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
-Curves = sect233r1
-MaxProtocol = TLSv1.2
+Curves = secp384r1
+MaxProtocol = TLSv1.3
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-[1-curve-sect233r1-client]
+[1-curve-secp384r1-client]
CipherString = ECDHE
-Curves = sect233r1
-MaxProtocol = TLSv1.2
+Curves = secp384r1
+MaxProtocol = TLSv1.3
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-1]
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
-ExpectedTmpKeyType = sect233r1
+ExpectedTmpKeyType = secp384r1
# ===========================================================
-[2-curve-sect283k1]
-ssl_conf = 2-curve-sect283k1-ssl
+[2-curve-secp521r1]
+ssl_conf = 2-curve-secp521r1-ssl
-[2-curve-sect283k1-ssl]
-server = 2-curve-sect283k1-server
-client = 2-curve-sect283k1-client
+[2-curve-secp521r1-ssl]
+server = 2-curve-secp521r1-server
+client = 2-curve-secp521r1-client
-[2-curve-sect283k1-server]
+[2-curve-secp521r1-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
-Curves = sect283k1
-MaxProtocol = TLSv1.2
+Curves = secp521r1
+MaxProtocol = TLSv1.3
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-[2-curve-sect283k1-client]
+[2-curve-secp521r1-client]
CipherString = ECDHE
-Curves = sect283k1
-MaxProtocol = TLSv1.2
+Curves = secp521r1
+MaxProtocol = TLSv1.3
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-2]
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
-ExpectedTmpKeyType = sect283k1
+ExpectedTmpKeyType = secp521r1
# ===========================================================
-[3-curve-sect283r1]
-ssl_conf = 3-curve-sect283r1-ssl
+[3-curve-X25519]
+ssl_conf = 3-curve-X25519-ssl
-[3-curve-sect283r1-ssl]
-server = 3-curve-sect283r1-server
-client = 3-curve-sect283r1-client
+[3-curve-X25519-ssl]
+server = 3-curve-X25519-server
+client = 3-curve-X25519-client
-[3-curve-sect283r1-server]
+[3-curve-X25519-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
-Curves = sect283r1
-MaxProtocol = TLSv1.2
+Curves = X25519
+MaxProtocol = TLSv1.3
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-[3-curve-sect283r1-client]
+[3-curve-X25519-client]
CipherString = ECDHE
-Curves = sect283r1
-MaxProtocol = TLSv1.2
+Curves = X25519
+MaxProtocol = TLSv1.3
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-3]
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
-ExpectedTmpKeyType = sect283r1
+ExpectedTmpKeyType = X25519
# ===========================================================
-[4-curve-sect409k1]
-ssl_conf = 4-curve-sect409k1-ssl
+[4-curve-X448]
+ssl_conf = 4-curve-X448-ssl
-[4-curve-sect409k1-ssl]
-server = 4-curve-sect409k1-server
-client = 4-curve-sect409k1-client
+[4-curve-X448-ssl]
+server = 4-curve-X448-server
+client = 4-curve-X448-client
-[4-curve-sect409k1-server]
+[4-curve-X448-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
-Curves = sect409k1
-MaxProtocol = TLSv1.2
+Curves = X448
+MaxProtocol = TLSv1.3
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-[4-curve-sect409k1-client]
+[4-curve-X448-client]
CipherString = ECDHE
-Curves = sect409k1
-MaxProtocol = TLSv1.2
+Curves = X448
+MaxProtocol = TLSv1.3
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-4]
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
-ExpectedTmpKeyType = sect409k1
+ExpectedTmpKeyType = X448
# ===========================================================
-[5-curve-sect409r1]
-ssl_conf = 5-curve-sect409r1-ssl
+[5-curve-sect233k1]
+ssl_conf = 5-curve-sect233k1-ssl
-[5-curve-sect409r1-ssl]
-server = 5-curve-sect409r1-server
-client = 5-curve-sect409r1-client
+[5-curve-sect233k1-ssl]
+server = 5-curve-sect233k1-server
+client = 5-curve-sect233k1-client
-[5-curve-sect409r1-server]
+[5-curve-sect233k1-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
-Curves = sect409r1
-MaxProtocol = TLSv1.2
+Curves = sect233k1
+MaxProtocol = TLSv1.3
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-[5-curve-sect409r1-client]
+[5-curve-sect233k1-client]
CipherString = ECDHE
-Curves = sect409r1
+Curves = sect233k1
MaxProtocol = TLSv1.2
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-5]
+ExpectedProtocol = TLSv1.2
ExpectedResult = Success
-ExpectedTmpKeyType = sect409r1
+ExpectedTmpKeyType = sect233k1
# ===========================================================
-[6-curve-sect571k1]
-ssl_conf = 6-curve-sect571k1-ssl
+[6-curve-sect233r1]
+ssl_conf = 6-curve-sect233r1-ssl
-[6-curve-sect571k1-ssl]
-server = 6-curve-sect571k1-server
-client = 6-curve-sect571k1-client
+[6-curve-sect233r1-ssl]
+server = 6-curve-sect233r1-server
+client = 6-curve-sect233r1-client
-[6-curve-sect571k1-server]
+[6-curve-sect233r1-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
-Curves = sect571k1
-MaxProtocol = TLSv1.2
+Curves = sect233r1
+MaxProtocol = TLSv1.3
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-[6-curve-sect571k1-client]
+[6-curve-sect233r1-client]
CipherString = ECDHE
-Curves = sect571k1
+Curves = sect233r1
MaxProtocol = TLSv1.2
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-6]
+ExpectedProtocol = TLSv1.2
ExpectedResult = Success
-ExpectedTmpKeyType = sect571k1
+ExpectedTmpKeyType = sect233r1
# ===========================================================
-[7-curve-sect571r1]
-ssl_conf = 7-curve-sect571r1-ssl
+[7-curve-sect283k1]
+ssl_conf = 7-curve-sect283k1-ssl
-[7-curve-sect571r1-ssl]
-server = 7-curve-sect571r1-server
-client = 7-curve-sect571r1-client
+[7-curve-sect283k1-ssl]
+server = 7-curve-sect283k1-server
+client = 7-curve-sect283k1-client
-[7-curve-sect571r1-server]
+[7-curve-sect283k1-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
-Curves = sect571r1
-MaxProtocol = TLSv1.2
+Curves = sect283k1
+MaxProtocol = TLSv1.3
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-[7-curve-sect571r1-client]
+[7-curve-sect283k1-client]
CipherString = ECDHE
-Curves = sect571r1
+Curves = sect283k1
MaxProtocol = TLSv1.2
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-7]
+ExpectedProtocol = TLSv1.2
ExpectedResult = Success
-ExpectedTmpKeyType = sect571r1
+ExpectedTmpKeyType = sect283k1
# ===========================================================
-[8-curve-secp224r1]
-ssl_conf = 8-curve-secp224r1-ssl
+[8-curve-sect283r1]
+ssl_conf = 8-curve-sect283r1-ssl
-[8-curve-secp224r1-ssl]
-server = 8-curve-secp224r1-server
-client = 8-curve-secp224r1-client
+[8-curve-sect283r1-ssl]
+server = 8-curve-sect283r1-server
+client = 8-curve-sect283r1-client
-[8-curve-secp224r1-server]
+[8-curve-sect283r1-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
-Curves = secp224r1
-MaxProtocol = TLSv1.2
+Curves = sect283r1
+MaxProtocol = TLSv1.3
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-[8-curve-secp224r1-client]
+[8-curve-sect283r1-client]
CipherString = ECDHE
-Curves = secp224r1
+Curves = sect283r1
MaxProtocol = TLSv1.2
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-8]
+ExpectedProtocol = TLSv1.2
ExpectedResult = Success
-ExpectedTmpKeyType = secp224r1
+ExpectedTmpKeyType = sect283r1
# ===========================================================
-[9-curve-prime256v1]
-ssl_conf = 9-curve-prime256v1-ssl
+[9-curve-sect409k1]
+ssl_conf = 9-curve-sect409k1-ssl
-[9-curve-prime256v1-ssl]
-server = 9-curve-prime256v1-server
-client = 9-curve-prime256v1-client
+[9-curve-sect409k1-ssl]
+server = 9-curve-sect409k1-server
+client = 9-curve-sect409k1-client
-[9-curve-prime256v1-server]
+[9-curve-sect409k1-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
-Curves = prime256v1
-MaxProtocol = TLSv1.2
+Curves = sect409k1
+MaxProtocol = TLSv1.3
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-[9-curve-prime256v1-client]
+[9-curve-sect409k1-client]
CipherString = ECDHE
-Curves = prime256v1
+Curves = sect409k1
MaxProtocol = TLSv1.2
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-9]
+ExpectedProtocol = TLSv1.2
ExpectedResult = Success
-ExpectedTmpKeyType = prime256v1
+ExpectedTmpKeyType = sect409k1
# ===========================================================
-[10-curve-secp384r1]
-ssl_conf = 10-curve-secp384r1-ssl
+[10-curve-sect409r1]
+ssl_conf = 10-curve-sect409r1-ssl
-[10-curve-secp384r1-ssl]
-server = 10-curve-secp384r1-server
-client = 10-curve-secp384r1-client
+[10-curve-sect409r1-ssl]
+server = 10-curve-sect409r1-server
+client = 10-curve-sect409r1-client
-[10-curve-secp384r1-server]
+[10-curve-sect409r1-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
-Curves = secp384r1
-MaxProtocol = TLSv1.2
+Curves = sect409r1
+MaxProtocol = TLSv1.3
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-[10-curve-secp384r1-client]
+[10-curve-sect409r1-client]
CipherString = ECDHE
-Curves = secp384r1
+Curves = sect409r1
MaxProtocol = TLSv1.2
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-10]
+ExpectedProtocol = TLSv1.2
ExpectedResult = Success
-ExpectedTmpKeyType = secp384r1
+ExpectedTmpKeyType = sect409r1
# ===========================================================
-[11-curve-secp521r1]
-ssl_conf = 11-curve-secp521r1-ssl
+[11-curve-sect571k1]
+ssl_conf = 11-curve-sect571k1-ssl
-[11-curve-secp521r1-ssl]
-server = 11-curve-secp521r1-server
-client = 11-curve-secp521r1-client
+[11-curve-sect571k1-ssl]
+server = 11-curve-sect571k1-server
+client = 11-curve-sect571k1-client
-[11-curve-secp521r1-server]
+[11-curve-sect571k1-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
-Curves = secp521r1
-MaxProtocol = TLSv1.2
+Curves = sect571k1
+MaxProtocol = TLSv1.3
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-[11-curve-secp521r1-client]
+[11-curve-sect571k1-client]
CipherString = ECDHE
-Curves = secp521r1
+Curves = sect571k1
MaxProtocol = TLSv1.2
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-11]
+ExpectedProtocol = TLSv1.2
ExpectedResult = Success
-ExpectedTmpKeyType = secp521r1
+ExpectedTmpKeyType = sect571k1
# ===========================================================
-[12-curve-X25519]
-ssl_conf = 12-curve-X25519-ssl
+[12-curve-sect571r1]
+ssl_conf = 12-curve-sect571r1-ssl
-[12-curve-X25519-ssl]
-server = 12-curve-X25519-server
-client = 12-curve-X25519-client
+[12-curve-sect571r1-ssl]
+server = 12-curve-sect571r1-server
+client = 12-curve-sect571r1-client
-[12-curve-X25519-server]
+[12-curve-sect571r1-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
-Curves = X25519
-MaxProtocol = TLSv1.2
+Curves = sect571r1
+MaxProtocol = TLSv1.3
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-[12-curve-X25519-client]
+[12-curve-sect571r1-client]
CipherString = ECDHE
-Curves = X25519
+Curves = sect571r1
MaxProtocol = TLSv1.2
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-12]
+ExpectedProtocol = TLSv1.2
ExpectedResult = Success
-ExpectedTmpKeyType = X25519
+ExpectedTmpKeyType = sect571r1
# ===========================================================
-[13-curve-X448]
-ssl_conf = 13-curve-X448-ssl
+[13-curve-secp224r1]
+ssl_conf = 13-curve-secp224r1-ssl
-[13-curve-X448-ssl]
-server = 13-curve-X448-server
-client = 13-curve-X448-client
+[13-curve-secp224r1-ssl]
+server = 13-curve-secp224r1-server
+client = 13-curve-secp224r1-client
-[13-curve-X448-server]
+[13-curve-secp224r1-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
-Curves = X448
-MaxProtocol = TLSv1.2
+Curves = secp224r1
+MaxProtocol = TLSv1.3
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-[13-curve-X448-client]
+[13-curve-secp224r1-client]
CipherString = ECDHE
-Curves = X448
+Curves = secp224r1
MaxProtocol = TLSv1.2
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-13]
+ExpectedProtocol = TLSv1.2
ExpectedResult = Success
-ExpectedTmpKeyType = X448
+ExpectedTmpKeyType = secp224r1
# ===========================================================
@@ -437,7 +476,7 @@ client = 14-curve-sect163k1-client
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
Curves = sect163k1
-MaxProtocol = TLSv1.2
+MaxProtocol = TLSv1.3
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[14-curve-sect163k1-client]
@@ -448,6 +487,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-14]
+ExpectedProtocol = TLSv1.2
ExpectedResult = Success
ExpectedTmpKeyType = sect163k1
@@ -465,7 +505,7 @@ client = 15-curve-sect163r2-client
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
Curves = sect163r2
-MaxProtocol = TLSv1.2
+MaxProtocol = TLSv1.3
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[15-curve-sect163r2-client]
@@ -476,6 +516,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-15]
+ExpectedProtocol = TLSv1.2
ExpectedResult = Success
ExpectedTmpKeyType = sect163r2
@@ -493,7 +534,7 @@ client = 16-curve-prime192v1-client
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
Curves = prime192v1
-MaxProtocol = TLSv1.2
+MaxProtocol = TLSv1.3
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[16-curve-prime192v1-client]
@@ -504,6 +545,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-16]
+ExpectedProtocol = TLSv1.2
ExpectedResult = Success
ExpectedTmpKeyType = prime192v1
@@ -521,7 +563,7 @@ client = 17-curve-sect163r1-client
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
Curves = sect163r1
-MaxProtocol = TLSv1.2
+MaxProtocol = TLSv1.3
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[17-curve-sect163r1-client]
@@ -532,6 +574,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-17]
+ExpectedProtocol = TLSv1.2
ExpectedResult = Success
ExpectedTmpKeyType = sect163r1
@@ -549,7 +592,7 @@ client = 18-curve-sect193r1-client
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
Curves = sect193r1
-MaxProtocol = TLSv1.2
+MaxProtocol = TLSv1.3
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[18-curve-sect193r1-client]
@@ -560,6 +603,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-18]
+ExpectedProtocol = TLSv1.2
ExpectedResult = Success
ExpectedTmpKeyType = sect193r1
@@ -577,7 +621,7 @@ client = 19-curve-sect193r2-client
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
Curves = sect193r2
-MaxProtocol = TLSv1.2
+MaxProtocol = TLSv1.3
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[19-curve-sect193r2-client]
@@ -588,6 +632,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-19]
+ExpectedProtocol = TLSv1.2
ExpectedResult = Success
ExpectedTmpKeyType = sect193r2
@@ -605,7 +650,7 @@ client = 20-curve-sect239k1-client
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
Curves = sect239k1
-MaxProtocol = TLSv1.2
+MaxProtocol = TLSv1.3
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[20-curve-sect239k1-client]
@@ -616,6 +661,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-20]
+ExpectedProtocol = TLSv1.2
ExpectedResult = Success
ExpectedTmpKeyType = sect239k1
@@ -633,7 +679,7 @@ client = 21-curve-secp160k1-client
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
Curves = secp160k1
-MaxProtocol = TLSv1.2
+MaxProtocol = TLSv1.3
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[21-curve-secp160k1-client]
@@ -644,6 +690,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-21]
+ExpectedProtocol = TLSv1.2
ExpectedResult = Success
ExpectedTmpKeyType = secp160k1
@@ -661,7 +708,7 @@ client = 22-curve-secp160r1-client
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
Curves = secp160r1
-MaxProtocol = TLSv1.2
+MaxProtocol = TLSv1.3
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[22-curve-secp160r1-client]
@@ -672,6 +719,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-22]
+ExpectedProtocol = TLSv1.2
ExpectedResult = Success
ExpectedTmpKeyType = secp160r1
@@ -689,7 +737,7 @@ client = 23-curve-secp160r2-client
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
Curves = secp160r2
-MaxProtocol = TLSv1.2
+MaxProtocol = TLSv1.3
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[23-curve-secp160r2-client]
@@ -700,6 +748,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-23]
+ExpectedProtocol = TLSv1.2
ExpectedResult = Success
ExpectedTmpKeyType = secp160r2
@@ -717,7 +766,7 @@ client = 24-curve-secp192k1-client
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
Curves = secp192k1
-MaxProtocol = TLSv1.2
+MaxProtocol = TLSv1.3
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[24-curve-secp192k1-client]
@@ -728,6 +777,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-24]
+ExpectedProtocol = TLSv1.2
ExpectedResult = Success
ExpectedTmpKeyType = secp192k1
@@ -745,7 +795,7 @@ client = 25-curve-secp224k1-client
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
Curves = secp224k1
-MaxProtocol = TLSv1.2
+MaxProtocol = TLSv1.3
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[25-curve-secp224k1-client]
@@ -756,6 +806,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-25]
+ExpectedProtocol = TLSv1.2
ExpectedResult = Success
ExpectedTmpKeyType = secp224k1
@@ -773,7 +824,7 @@ client = 26-curve-secp256k1-client
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
Curves = secp256k1
-MaxProtocol = TLSv1.2
+MaxProtocol = TLSv1.3
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[26-curve-secp256k1-client]
@@ -784,6 +835,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-26]
+ExpectedProtocol = TLSv1.2
ExpectedResult = Success
ExpectedTmpKeyType = secp256k1
@@ -801,7 +853,7 @@ client = 27-curve-brainpoolP256r1-client
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
Curves = brainpoolP256r1
-MaxProtocol = TLSv1.2
+MaxProtocol = TLSv1.3
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[27-curve-brainpoolP256r1-client]
@@ -812,6 +864,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-27]
+ExpectedProtocol = TLSv1.2
ExpectedResult = Success
ExpectedTmpKeyType = brainpoolP256r1
@@ -829,7 +882,7 @@ client = 28-curve-brainpoolP384r1-client
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
Curves = brainpoolP384r1
-MaxProtocol = TLSv1.2
+MaxProtocol = TLSv1.3
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[28-curve-brainpoolP384r1-client]
@@ -840,6 +893,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-28]
+ExpectedProtocol = TLSv1.2
ExpectedResult = Success
ExpectedTmpKeyType = brainpoolP384r1
@@ -857,7 +911,7 @@ client = 29-curve-brainpoolP512r1-client
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
Curves = brainpoolP512r1
-MaxProtocol = TLSv1.2
+MaxProtocol = TLSv1.3
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[29-curve-brainpoolP512r1-client]
@@ -868,7 +922,683 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-29]
+ExpectedProtocol = TLSv1.2
ExpectedResult = Success
ExpectedTmpKeyType = brainpoolP512r1
+# ===========================================================
+
+[30-curve-sect233k1-tls13]
+ssl_conf = 30-curve-sect233k1-tls13-ssl
+
+[30-curve-sect233k1-tls13-ssl]
+server = 30-curve-sect233k1-tls13-server
+client = 30-curve-sect233k1-tls13-client
+
+[30-curve-sect233k1-tls13-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Curves = sect233k1
+MaxProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[30-curve-sect233k1-tls13-client]
+CipherString = ECDHE
+Curves = sect233k1
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-30]
+ExpectedResult = ClientFail
+
+
+# ===========================================================
+
+[31-curve-sect233r1-tls13]
+ssl_conf = 31-curve-sect233r1-tls13-ssl
+
+[31-curve-sect233r1-tls13-ssl]
+server = 31-curve-sect233r1-tls13-server
+client = 31-curve-sect233r1-tls13-client
+
+[31-curve-sect233r1-tls13-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Curves = sect233r1
+MaxProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[31-curve-sect233r1-tls13-client]
+CipherString = ECDHE
+Curves = sect233r1
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-31]
+ExpectedResult = ClientFail
+
+
+# ===========================================================
+
+[32-curve-sect283k1-tls13]
+ssl_conf = 32-curve-sect283k1-tls13-ssl
+
+[32-curve-sect283k1-tls13-ssl]
+server = 32-curve-sect283k1-tls13-server
+client = 32-curve-sect283k1-tls13-client
+
+[32-curve-sect283k1-tls13-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Curves = sect283k1
+MaxProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[32-curve-sect283k1-tls13-client]
+CipherString = ECDHE
+Curves = sect283k1
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-32]
+ExpectedResult = ClientFail
+
+
+# ===========================================================
+
+[33-curve-sect283r1-tls13]
+ssl_conf = 33-curve-sect283r1-tls13-ssl
+
+[33-curve-sect283r1-tls13-ssl]
+server = 33-curve-sect283r1-tls13-server
+client = 33-curve-sect283r1-tls13-client
+
+[33-curve-sect283r1-tls13-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Curves = sect283r1
+MaxProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[33-curve-sect283r1-tls13-client]
+CipherString = ECDHE
+Curves = sect283r1
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-33]
+ExpectedResult = ClientFail
+
+
+# ===========================================================
+
+[34-curve-sect409k1-tls13]
+ssl_conf = 34-curve-sect409k1-tls13-ssl
+
+[34-curve-sect409k1-tls13-ssl]
+server = 34-curve-sect409k1-tls13-server
+client = 34-curve-sect409k1-tls13-client
+
+[34-curve-sect409k1-tls13-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Curves = sect409k1
+MaxProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[34-curve-sect409k1-tls13-client]
+CipherString = ECDHE
+Curves = sect409k1
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-34]
+ExpectedResult = ClientFail
+
+
+# ===========================================================
+
+[35-curve-sect409r1-tls13]
+ssl_conf = 35-curve-sect409r1-tls13-ssl
+
+[35-curve-sect409r1-tls13-ssl]
+server = 35-curve-sect409r1-tls13-server
+client = 35-curve-sect409r1-tls13-client
+
+[35-curve-sect409r1-tls13-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Curves = sect409r1
+MaxProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[35-curve-sect409r1-tls13-client]
+CipherString = ECDHE
+Curves = sect409r1
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-35]
+ExpectedResult = ClientFail
+
+
+# ===========================================================
+
+[36-curve-sect571k1-tls13]
+ssl_conf = 36-curve-sect571k1-tls13-ssl
+
+[36-curve-sect571k1-tls13-ssl]
+server = 36-curve-sect571k1-tls13-server
+client = 36-curve-sect571k1-tls13-client
+
+[36-curve-sect571k1-tls13-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Curves = sect571k1
+MaxProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[36-curve-sect571k1-tls13-client]
+CipherString = ECDHE
+Curves = sect571k1
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-36]
+ExpectedResult = ClientFail
+
+
+# ===========================================================
+
+[37-curve-sect571r1-tls13]
+ssl_conf = 37-curve-sect571r1-tls13-ssl
+
+[37-curve-sect571r1-tls13-ssl]
+server = 37-curve-sect571r1-tls13-server
+client = 37-curve-sect571r1-tls13-client
+
+[37-curve-sect571r1-tls13-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Curves = sect571r1
+MaxProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[37-curve-sect571r1-tls13-client]
+CipherString = ECDHE
+Curves = sect571r1
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-37]
+ExpectedResult = ClientFail
+
+
+# ===========================================================
+
+[38-curve-secp224r1-tls13]
+ssl_conf = 38-curve-secp224r1-tls13-ssl
+
+[38-curve-secp224r1-tls13-ssl]
+server = 38-curve-secp224r1-tls13-server
+client = 38-curve-secp224r1-tls13-client
+
+[38-curve-secp224r1-tls13-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Curves = secp224r1
+MaxProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[38-curve-secp224r1-tls13-client]
+CipherString = ECDHE
+Curves = secp224r1
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-38]
+ExpectedResult = ClientFail
+
+
+# ===========================================================
+
+[39-curve-sect163k1-tls13]
+ssl_conf = 39-curve-sect163k1-tls13-ssl
+
+[39-curve-sect163k1-tls13-ssl]
+server = 39-curve-sect163k1-tls13-server
+client = 39-curve-sect163k1-tls13-client
+
+[39-curve-sect163k1-tls13-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Curves = sect163k1
+MaxProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[39-curve-sect163k1-tls13-client]
+CipherString = ECDHE
+Curves = sect163k1
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-39]
+ExpectedResult = ClientFail
+
+
+# ===========================================================
+
+[40-curve-sect163r2-tls13]
+ssl_conf = 40-curve-sect163r2-tls13-ssl
+
+[40-curve-sect163r2-tls13-ssl]
+server = 40-curve-sect163r2-tls13-server
+client = 40-curve-sect163r2-tls13-client
+
+[40-curve-sect163r2-tls13-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Curves = sect163r2
+MaxProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[40-curve-sect163r2-tls13-client]
+CipherString = ECDHE
+Curves = sect163r2
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-40]
+ExpectedResult = ClientFail
+
+
+# ===========================================================
+
+[41-curve-prime192v1-tls13]
+ssl_conf = 41-curve-prime192v1-tls13-ssl
+
+[41-curve-prime192v1-tls13-ssl]
+server = 41-curve-prime192v1-tls13-server
+client = 41-curve-prime192v1-tls13-client
+
+[41-curve-prime192v1-tls13-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Curves = prime192v1
+MaxProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[41-curve-prime192v1-tls13-client]
+CipherString = ECDHE
+Curves = prime192v1
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-41]
+ExpectedResult = ClientFail
+
+
+# ===========================================================
+
+[42-curve-sect163r1-tls13]
+ssl_conf = 42-curve-sect163r1-tls13-ssl
+
+[42-curve-sect163r1-tls13-ssl]
+server = 42-curve-sect163r1-tls13-server
+client = 42-curve-sect163r1-tls13-client
+
+[42-curve-sect163r1-tls13-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Curves = sect163r1
+MaxProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[42-curve-sect163r1-tls13-client]
+CipherString = ECDHE
+Curves = sect163r1
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-42]
+ExpectedResult = ClientFail
+
+
+# ===========================================================
+
+[43-curve-sect193r1-tls13]
+ssl_conf = 43-curve-sect193r1-tls13-ssl
+
+[43-curve-sect193r1-tls13-ssl]
+server = 43-curve-sect193r1-tls13-server
+client = 43-curve-sect193r1-tls13-client
+
+[43-curve-sect193r1-tls13-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Curves = sect193r1
+MaxProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[43-curve-sect193r1-tls13-client]
+CipherString = ECDHE
+Curves = sect193r1
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-43]
+ExpectedResult = ClientFail
+
+
+# ===========================================================
+
+[44-curve-sect193r2-tls13]
+ssl_conf = 44-curve-sect193r2-tls13-ssl
+
+[44-curve-sect193r2-tls13-ssl]
+server = 44-curve-sect193r2-tls13-server
+client = 44-curve-sect193r2-tls13-client
+
+[44-curve-sect193r2-tls13-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Curves = sect193r2
+MaxProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[44-curve-sect193r2-tls13-client]
+CipherString = ECDHE
+Curves = sect193r2
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-44]
+ExpectedResult = ClientFail
+
+
+# ===========================================================
+
+[45-curve-sect239k1-tls13]
+ssl_conf = 45-curve-sect239k1-tls13-ssl
+
+[45-curve-sect239k1-tls13-ssl]
+server = 45-curve-sect239k1-tls13-server
+client = 45-curve-sect239k1-tls13-client
+
+[45-curve-sect239k1-tls13-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Curves = sect239k1
+MaxProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[45-curve-sect239k1-tls13-client]
+CipherString = ECDHE
+Curves = sect239k1
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-45]
+ExpectedResult = ClientFail
+
+
+# ===========================================================
+
+[46-curve-secp160k1-tls13]
+ssl_conf = 46-curve-secp160k1-tls13-ssl
+
+[46-curve-secp160k1-tls13-ssl]
+server = 46-curve-secp160k1-tls13-server
+client = 46-curve-secp160k1-tls13-client
+
+[46-curve-secp160k1-tls13-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Curves = secp160k1
+MaxProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[46-curve-secp160k1-tls13-client]
+CipherString = ECDHE
+Curves = secp160k1
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-46]
+ExpectedResult = ClientFail
+
+
+# ===========================================================
+
+[47-curve-secp160r1-tls13]
+ssl_conf = 47-curve-secp160r1-tls13-ssl
+
+[47-curve-secp160r1-tls13-ssl]
+server = 47-curve-secp160r1-tls13-server
+client = 47-curve-secp160r1-tls13-client
+
+[47-curve-secp160r1-tls13-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Curves = secp160r1
+MaxProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[47-curve-secp160r1-tls13-client]
+CipherString = ECDHE
+Curves = secp160r1
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-47]
+ExpectedResult = ClientFail
+
+
+# ===========================================================
+
+[48-curve-secp160r2-tls13]
+ssl_conf = 48-curve-secp160r2-tls13-ssl
+
+[48-curve-secp160r2-tls13-ssl]
+server = 48-curve-secp160r2-tls13-server
+client = 48-curve-secp160r2-tls13-client
+
+[48-curve-secp160r2-tls13-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Curves = secp160r2
+MaxProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[48-curve-secp160r2-tls13-client]
+CipherString = ECDHE
+Curves = secp160r2
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-48]
+ExpectedResult = ClientFail
+
+
+# ===========================================================
+
+[49-curve-secp192k1-tls13]
+ssl_conf = 49-curve-secp192k1-tls13-ssl
+
+[49-curve-secp192k1-tls13-ssl]
+server = 49-curve-secp192k1-tls13-server
+client = 49-curve-secp192k1-tls13-client
+
+[49-curve-secp192k1-tls13-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Curves = secp192k1
+MaxProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[49-curve-secp192k1-tls13-client]
+CipherString = ECDHE
+Curves = secp192k1
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-49]
+ExpectedResult = ClientFail
+
+
+# ===========================================================
+
+[50-curve-secp224k1-tls13]
+ssl_conf = 50-curve-secp224k1-tls13-ssl
+
+[50-curve-secp224k1-tls13-ssl]
+server = 50-curve-secp224k1-tls13-server
+client = 50-curve-secp224k1-tls13-client
+
+[50-curve-secp224k1-tls13-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Curves = secp224k1
+MaxProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[50-curve-secp224k1-tls13-client]
+CipherString = ECDHE
+Curves = secp224k1
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-50]
+ExpectedResult = ClientFail
+
+
+# ===========================================================
+
+[51-curve-secp256k1-tls13]
+ssl_conf = 51-curve-secp256k1-tls13-ssl
+
+[51-curve-secp256k1-tls13-ssl]
+server = 51-curve-secp256k1-tls13-server
+client = 51-curve-secp256k1-tls13-client
+
+[51-curve-secp256k1-tls13-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Curves = secp256k1
+MaxProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[51-curve-secp256k1-tls13-client]
+CipherString = ECDHE
+Curves = secp256k1
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-51]
+ExpectedResult = ClientFail
+
+
+# ===========================================================
+
+[52-curve-brainpoolP256r1-tls13]
+ssl_conf = 52-curve-brainpoolP256r1-tls13-ssl
+
+[52-curve-brainpoolP256r1-tls13-ssl]
+server = 52-curve-brainpoolP256r1-tls13-server
+client = 52-curve-brainpoolP256r1-tls13-client
+
+[52-curve-brainpoolP256r1-tls13-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Curves = brainpoolP256r1
+MaxProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[52-curve-brainpoolP256r1-tls13-client]
+CipherString = ECDHE
+Curves = brainpoolP256r1
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-52]
+ExpectedResult = ClientFail
+
+
+# ===========================================================
+
+[53-curve-brainpoolP384r1-tls13]
+ssl_conf = 53-curve-brainpoolP384r1-tls13-ssl
+
+[53-curve-brainpoolP384r1-tls13-ssl]
+server = 53-curve-brainpoolP384r1-tls13-server
+client = 53-curve-brainpoolP384r1-tls13-client
+
+[53-curve-brainpoolP384r1-tls13-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Curves = brainpoolP384r1
+MaxProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[53-curve-brainpoolP384r1-tls13-client]
+CipherString = ECDHE
+Curves = brainpoolP384r1
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-53]
+ExpectedResult = ClientFail
+
+
+# ===========================================================
+
+[54-curve-brainpoolP512r1-tls13]
+ssl_conf = 54-curve-brainpoolP512r1-tls13-ssl
+
+[54-curve-brainpoolP512r1-tls13-ssl]
+server = 54-curve-brainpoolP512r1-tls13-server
+client = 54-curve-brainpoolP512r1-tls13-client
+
+[54-curve-brainpoolP512r1-tls13-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Curves = brainpoolP512r1
+MaxProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[54-curve-brainpoolP512r1-tls13-client]
+CipherString = ECDHE
+Curves = brainpoolP512r1
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-54]
+ExpectedResult = ClientFail
+
+
diff --git a/test/ssl-tests/14-curves.cnf.in b/test/ssl-tests/14-curves.cnf.in
index b5ee4d2827..4c905a8ea8 100644
--- a/test/ssl-tests/14-curves.cnf.in
+++ b/test/ssl-tests/14-curves.cnf.in
@@ -12,19 +12,20 @@ use OpenSSL::Test::Utils qw(anydisabled);
our $fips_mode;
-my @curves = ("sect233k1", "sect233r1",
- "sect283k1", "sect283r1", "sect409k1", "sect409r1",
- "sect571k1", "sect571r1", "secp224r1",
- "prime256v1", "secp384r1", "secp521r1", "X25519",
+my @curves = ("prime256v1", "secp384r1", "secp521r1", "X25519",
"X448");
+my @curves_tls_1_2 = ("sect233k1", "sect233r1",
+ "sect283k1", "sect283r1", "sect409k1", "sect409r1",
+ "sect571k1", "sect571r1", "secp224r1");
+
my @curves_non_fips = ("sect163k1", "sect163r2", "prime192v1",
"sect163r1", "sect193r1", "sect193r2", "sect239k1",
"secp160k1", "secp160r1", "secp160r2", "secp192k1",
"secp224k1", "secp256k1", "brainpoolP256r1",
"brainpoolP384r1", "brainpoolP512r1");
-push @curves, @curves_non_fips if !$fips_mode;
+push @curves_tls_1_2, @curves_non_fips if !$fips_mode;
our @tests = ();
@@ -35,8 +36,27 @@ sub generate_tests() {
name => "curve-${curve}",
server => {
"Curves" => $curve,
- # TODO(TLS1.3): Can we get this to work for TLSv1.3?
- "MaxProtocol" => "TLSv1.2"
+ "MaxProtocol" => "TLSv1.3"
+ },
+ client => {
+ "CipherString" => "ECDHE",
+ "MaxProtocol" => "TLSv1.3",
+ "Curves" => $curve
+ },
+ test => {
+ "ExpectedTmpKeyType" => $curve,
+ "ExpectedProtocol" => "TLSv1.3",
+ "ExpectedResult" => "Success"
+ },
+ };
+ }
+ foreach (0..$#curves_tls_1_2) {
+ my $curve = $curves_tls_1_2[$_];
+ push @tests, {
+ name => "curve-${curve}",
+ server => {
+ "Curves" => $curve,
+ "MaxProtocol" => "TLSv1.3"
},
client => {
"CipherString" => "ECDHE",
@@ -45,10 +65,29 @@ sub generate_tests() {
},
test => {
"ExpectedTmpKeyType" => $curve,
+ "ExpectedProtocol" => "TLSv1.2",
"ExpectedResult" => "Success"
},
};
}
+ foreach (0..$#curves_tls_1_2) {
+ my $curve = $curves_tls_1_2[$_];
+ push @tests, {
+ name => "curve-${curve}-tls13",
+ server => {
+ "Curves" => $curve,
+ "MaxProtocol" => "TLSv1.3"
+ },
+ client => {
+ "CipherString" => "ECDHE",
+ "MinProtocol" => "TLSv1.3",
+ "Curves" => $curve
+ },
+ test => {
+ "ExpectedResult" => "ClientFail"
+ },
+ };
+ }
}
generate_tests();
More information about the openssl-commits
mailing list