Merge pull request #5630 from ronald-cron-arm/restore-full-compat-testing
Restore full TLS compatibility testing
diff --git a/library/ssl_cli.c b/library/ssl_cli.c
index 30f5035..88427ef 100644
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c
@@ -608,7 +608,7 @@
*/
#if defined(MBEDTLS_SSL_PROTO_DTLS)
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
- ssl->handshake->verify_cookie != NULL )
+ ssl->handshake->cookie != NULL )
{
return( 0 );
}
@@ -846,7 +846,7 @@
{
MBEDTLS_SSL_CHK_BUF_PTR( p, end, 1 );
- if( ssl->handshake->verify_cookie == NULL )
+ if( ssl->handshake->cookie == NULL )
{
MBEDTLS_SSL_DEBUG_MSG( 3, ( "no verify cookie to send" ) );
*p++ = 0;
@@ -854,15 +854,15 @@
else
{
MBEDTLS_SSL_DEBUG_BUF( 3, "client hello, cookie",
- ssl->handshake->verify_cookie,
- ssl->handshake->verify_cookie_len );
+ ssl->handshake->cookie,
+ ssl->handshake->verify_cookie_len );
*p++ = ssl->handshake->verify_cookie_len;
MBEDTLS_SSL_CHK_BUF_PTR( p, end,
ssl->handshake->verify_cookie_len );
- memcpy( p, ssl->handshake->verify_cookie,
- ssl->handshake->verify_cookie_len );
+ memcpy( p, ssl->handshake->cookie,
+ ssl->handshake->verify_cookie_len );
p += ssl->handshake->verify_cookie_len;
}
}
@@ -1645,16 +1645,16 @@
}
MBEDTLS_SSL_DEBUG_BUF( 3, "cookie", p, cookie_len );
- mbedtls_free( ssl->handshake->verify_cookie );
+ mbedtls_free( ssl->handshake->cookie );
- ssl->handshake->verify_cookie = mbedtls_calloc( 1, cookie_len );
- if( ssl->handshake->verify_cookie == NULL )
+ ssl->handshake->cookie = mbedtls_calloc( 1, cookie_len );
+ if( ssl->handshake->cookie == NULL )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc failed (%d bytes)", cookie_len ) );
return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
}
- memcpy( ssl->handshake->verify_cookie, p, cookie_len );
+ memcpy( ssl->handshake->cookie, p, cookie_len );
ssl->handshake->verify_cookie_len = cookie_len;
/* Start over at ClientHello */
@@ -1736,8 +1736,8 @@
else
{
/* We made it through the verification process */
- mbedtls_free( ssl->handshake->verify_cookie );
- ssl->handshake->verify_cookie = NULL;
+ mbedtls_free( ssl->handshake->cookie );
+ ssl->handshake->cookie = NULL;
ssl->handshake->verify_cookie_len = 0;
}
}
diff --git a/library/ssl_misc.h b/library/ssl_misc.h
index a02b712..c4621e7 100644
--- a/library/ssl_misc.h
+++ b/library/ssl_misc.h
@@ -704,14 +704,20 @@
} buffering;
-#if defined(MBEDTLS_SSL_PROTO_DTLS) || defined(MBEDTLS_SSL_PROTO_TLS1_3)
- unsigned char *verify_cookie; /*!< Cli: HelloVerifyRequest cookie
- * for dtls / tls 1.3
- * Srv: unused */
- unsigned char verify_cookie_len; /*!< Cli: cookie length for
- * dtls / tls 1.3
+#if defined(MBEDTLS_SSL_CLI_C) && \
+ ( defined(MBEDTLS_SSL_PROTO_DTLS) || defined(MBEDTLS_SSL_PROTO_TLS1_3) )
+ unsigned char *cookie; /*!< HelloVerifyRequest cookie for DTLS
+ * HelloRetryRequest cookie for TLS 1.3 */
+#endif /* MBEDTLS_SSL_CLI_C &&
+ ( MBEDTLS_SSL_PROTO_DTLS || MBEDTLS_SSL_PROTO_TLS1_3 ) */
+#if defined(MBEDTLS_SSL_PROTO_DTLS)
+ unsigned char verify_cookie_len; /*!< Cli: HelloVerifyRequest cookie
+ * length
* Srv: flag for sending a cookie */
-#endif /* MBEDTLS_SSL_PROTO_DTLS || MBEDTLS_SSL_PROTO_TLS1_3 */
+#endif /* MBEDTLS_SSL_PROTO_DTLS */
+#if defined(MBEDTLS_SSL_CLI_C) && defined(MBEDTLS_SSL_PROTO_TLS1_3)
+ uint16_t hrr_cookie_len; /*!< HelloRetryRequest cookie length */
+#endif /* MBEDTLS_SSL_CLI_C && MBEDTLS_SSL_PROTO_TLS1_3 */
#if defined(MBEDTLS_SSL_PROTO_DTLS)
unsigned int out_msg_seq; /*!< Outgoing handshake sequence number */
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 2ff3249..5c65cc5 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -3100,9 +3100,11 @@
mbedtls_pk_free( &handshake->peer_pubkey );
#endif /* MBEDTLS_X509_CRT_PARSE_C && !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
-#if defined(MBEDTLS_SSL_PROTO_DTLS) || defined(MBEDTLS_SSL_PROTO_TLS1_3)
- mbedtls_free( handshake->verify_cookie );
-#endif /* MBEDTLS_SSL_PROTO_DTLS || MBEDTLS_SSL_PROTO_TLS1_3 */
+#if defined(MBEDTLS_SSL_CLI_C) && \
+ ( defined(MBEDTLS_SSL_PROTO_DTLS) || defined(MBEDTLS_SSL_PROTO_TLS1_3) )
+ mbedtls_free( handshake->cookie );
+#endif /* MBEDTLS_SSL_CLI_C &&
+ ( MBEDTLS_SSL_PROTO_DTLS || MBEDTLS_SSL_PROTO_TLS1_3 ) */
#if defined(MBEDTLS_SSL_PROTO_DTLS)
mbedtls_ssl_flight_free( handshake->flight );
diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c
index 05b7941..165aa9d 100644
--- a/library/ssl_tls13_client.c
+++ b/library/ssl_tls13_client.c
@@ -659,7 +659,7 @@
const unsigned char *buf,
const unsigned char *end )
{
- size_t cookie_len;
+ uint16_t cookie_len;
const unsigned char *p = buf;
mbedtls_ssl_handshake_params *handshake = ssl->handshake;
@@ -671,19 +671,55 @@
MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, cookie_len );
MBEDTLS_SSL_DEBUG_BUF( 3, "cookie extension", p, cookie_len );
- mbedtls_free( handshake->verify_cookie );
- handshake->verify_cookie_len = 0;
- handshake->verify_cookie = mbedtls_calloc( 1, cookie_len );
- if( handshake->verify_cookie == NULL )
+ mbedtls_free( handshake->cookie );
+ handshake->hrr_cookie_len = 0;
+ handshake->cookie = mbedtls_calloc( 1, cookie_len );
+ if( handshake->cookie == NULL )
{
MBEDTLS_SSL_DEBUG_MSG( 1,
- ( "alloc failed ( %" MBEDTLS_PRINTF_SIZET " bytes )",
+ ( "alloc failed ( %ud bytes )",
cookie_len ) );
return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
}
- memcpy( handshake->verify_cookie, p, cookie_len );
- handshake->verify_cookie_len = (unsigned char) cookie_len;
+ memcpy( handshake->cookie, p, cookie_len );
+ handshake->hrr_cookie_len = cookie_len;
+
+ return( 0 );
+}
+
+static int ssl_tls13_write_cookie_ext( mbedtls_ssl_context *ssl,
+ unsigned char *buf,
+ unsigned char *end,
+ size_t *out_len )
+{
+ unsigned char *p = buf;
+ *out_len = 0;
+ mbedtls_ssl_handshake_params *handshake = ssl->handshake;
+
+ if( handshake->cookie == NULL )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 3, ( "no cookie to send; skip extension" ) );
+ return( 0 );
+ }
+
+ MBEDTLS_SSL_DEBUG_BUF( 3, "client hello, cookie",
+ handshake->cookie,
+ handshake->hrr_cookie_len );
+
+ MBEDTLS_SSL_CHK_BUF_PTR( p, end, handshake->hrr_cookie_len + 6 );
+
+ MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding cookie extension" ) );
+
+ MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_COOKIE, p, 0 );
+ MBEDTLS_PUT_UINT16_BE( handshake->hrr_cookie_len + 2, p, 2 );
+ MBEDTLS_PUT_UINT16_BE( handshake->hrr_cookie_len, p, 4 );
+ p += 6;
+
+ /* Cookie */
+ memcpy( p, handshake->cookie, handshake->hrr_cookie_len );
+
+ *out_len = handshake->hrr_cookie_len + 6;
return( 0 );
}
@@ -873,6 +909,14 @@
p += output_len;
#endif /* MBEDTLS_SSL_ALPN */
+ /* Echo the cookie if the server provided one in its preceding
+ * HelloRetryRequest message.
+ */
+ ret = ssl_tls13_write_cookie_ext( ssl, p, end, &output_len );
+ if( ret != 0 )
+ return( ret );
+ p += output_len;
+
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
/*
diff --git a/tests/opt-testcases/tls13-compat.sh b/tests/opt-testcases/tls13-compat.sh
index fa7663b..291fe1c 100755
--- a/tests/opt-testcases/tls13-compat.sh
+++ b/tests/opt-testcases/tls13-compat.sh
@@ -3474,3 +3474,683 @@
-c "NamedGroup: x448 ( 1e )" \
-c "Verifying peer X.509 certificate... ok" \
-C "received HelloRetryRequest message"
+
+requires_openssl_tls1_3
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->O: HRR secp256r1 -> secp384r1" \
+ "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1,secp384r1" \
+ 0 \
+ -c "HTTP/1.0 200 ok" \
+ -c "NamedGroup: secp256r1 ( 17 )" \
+ -c "NamedGroup: secp384r1 ( 18 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -c "received HelloRetryRequest message" \
+ -c "selected_group ( 24 )"
+
+requires_openssl_tls1_3
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->O: HRR secp256r1 -> secp521r1" \
+ "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1,secp521r1" \
+ 0 \
+ -c "HTTP/1.0 200 ok" \
+ -c "NamedGroup: secp256r1 ( 17 )" \
+ -c "NamedGroup: secp521r1 ( 19 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -c "received HelloRetryRequest message" \
+ -c "selected_group ( 25 )"
+
+requires_openssl_tls1_3
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->O: HRR secp256r1 -> x25519" \
+ "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1,x25519" \
+ 0 \
+ -c "HTTP/1.0 200 ok" \
+ -c "NamedGroup: secp256r1 ( 17 )" \
+ -c "NamedGroup: x25519 ( 1d )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -c "received HelloRetryRequest message" \
+ -c "selected_group ( 29 )"
+
+requires_openssl_tls1_3
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->O: HRR secp256r1 -> x448" \
+ "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1,x448" \
+ 0 \
+ -c "HTTP/1.0 200 ok" \
+ -c "NamedGroup: secp256r1 ( 17 )" \
+ -c "NamedGroup: x448 ( 1e )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -c "received HelloRetryRequest message" \
+ -c "selected_group ( 30 )"
+
+requires_openssl_tls1_3
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->O: HRR secp384r1 -> secp256r1" \
+ "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,secp256r1" \
+ 0 \
+ -c "HTTP/1.0 200 ok" \
+ -c "NamedGroup: secp384r1 ( 18 )" \
+ -c "NamedGroup: secp256r1 ( 17 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -c "received HelloRetryRequest message" \
+ -c "selected_group ( 23 )"
+
+requires_openssl_tls1_3
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->O: HRR secp384r1 -> secp521r1" \
+ "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,secp521r1" \
+ 0 \
+ -c "HTTP/1.0 200 ok" \
+ -c "NamedGroup: secp384r1 ( 18 )" \
+ -c "NamedGroup: secp521r1 ( 19 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -c "received HelloRetryRequest message" \
+ -c "selected_group ( 25 )"
+
+requires_openssl_tls1_3
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->O: HRR secp384r1 -> x25519" \
+ "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,x25519" \
+ 0 \
+ -c "HTTP/1.0 200 ok" \
+ -c "NamedGroup: secp384r1 ( 18 )" \
+ -c "NamedGroup: x25519 ( 1d )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -c "received HelloRetryRequest message" \
+ -c "selected_group ( 29 )"
+
+requires_openssl_tls1_3
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->O: HRR secp384r1 -> x448" \
+ "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,x448" \
+ 0 \
+ -c "HTTP/1.0 200 ok" \
+ -c "NamedGroup: secp384r1 ( 18 )" \
+ -c "NamedGroup: x448 ( 1e )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -c "received HelloRetryRequest message" \
+ -c "selected_group ( 30 )"
+
+requires_openssl_tls1_3
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->O: HRR secp521r1 -> secp256r1" \
+ "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,secp256r1" \
+ 0 \
+ -c "HTTP/1.0 200 ok" \
+ -c "NamedGroup: secp521r1 ( 19 )" \
+ -c "NamedGroup: secp256r1 ( 17 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -c "received HelloRetryRequest message" \
+ -c "selected_group ( 23 )"
+
+requires_openssl_tls1_3
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->O: HRR secp521r1 -> secp384r1" \
+ "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,secp384r1" \
+ 0 \
+ -c "HTTP/1.0 200 ok" \
+ -c "NamedGroup: secp521r1 ( 19 )" \
+ -c "NamedGroup: secp384r1 ( 18 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -c "received HelloRetryRequest message" \
+ -c "selected_group ( 24 )"
+
+requires_openssl_tls1_3
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->O: HRR secp521r1 -> x25519" \
+ "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,x25519" \
+ 0 \
+ -c "HTTP/1.0 200 ok" \
+ -c "NamedGroup: secp521r1 ( 19 )" \
+ -c "NamedGroup: x25519 ( 1d )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -c "received HelloRetryRequest message" \
+ -c "selected_group ( 29 )"
+
+requires_openssl_tls1_3
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->O: HRR secp521r1 -> x448" \
+ "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,x448" \
+ 0 \
+ -c "HTTP/1.0 200 ok" \
+ -c "NamedGroup: secp521r1 ( 19 )" \
+ -c "NamedGroup: x448 ( 1e )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -c "received HelloRetryRequest message" \
+ -c "selected_group ( 30 )"
+
+requires_openssl_tls1_3
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->O: HRR x25519 -> secp256r1" \
+ "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x25519,secp256r1" \
+ 0 \
+ -c "HTTP/1.0 200 ok" \
+ -c "NamedGroup: x25519 ( 1d )" \
+ -c "NamedGroup: secp256r1 ( 17 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -c "received HelloRetryRequest message" \
+ -c "selected_group ( 23 )"
+
+requires_openssl_tls1_3
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->O: HRR x25519 -> secp384r1" \
+ "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x25519,secp384r1" \
+ 0 \
+ -c "HTTP/1.0 200 ok" \
+ -c "NamedGroup: x25519 ( 1d )" \
+ -c "NamedGroup: secp384r1 ( 18 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -c "received HelloRetryRequest message" \
+ -c "selected_group ( 24 )"
+
+requires_openssl_tls1_3
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->O: HRR x25519 -> secp521r1" \
+ "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x25519,secp521r1" \
+ 0 \
+ -c "HTTP/1.0 200 ok" \
+ -c "NamedGroup: x25519 ( 1d )" \
+ -c "NamedGroup: secp521r1 ( 19 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -c "received HelloRetryRequest message" \
+ -c "selected_group ( 25 )"
+
+requires_openssl_tls1_3
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->O: HRR x25519 -> x448" \
+ "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x25519,x448" \
+ 0 \
+ -c "HTTP/1.0 200 ok" \
+ -c "NamedGroup: x25519 ( 1d )" \
+ -c "NamedGroup: x448 ( 1e )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -c "received HelloRetryRequest message" \
+ -c "selected_group ( 30 )"
+
+requires_openssl_tls1_3
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->O: HRR x448 -> secp256r1" \
+ "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x448,secp256r1" \
+ 0 \
+ -c "HTTP/1.0 200 ok" \
+ -c "NamedGroup: x448 ( 1e )" \
+ -c "NamedGroup: secp256r1 ( 17 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -c "received HelloRetryRequest message" \
+ -c "selected_group ( 23 )"
+
+requires_openssl_tls1_3
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->O: HRR x448 -> secp384r1" \
+ "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x448,secp384r1" \
+ 0 \
+ -c "HTTP/1.0 200 ok" \
+ -c "NamedGroup: x448 ( 1e )" \
+ -c "NamedGroup: secp384r1 ( 18 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -c "received HelloRetryRequest message" \
+ -c "selected_group ( 24 )"
+
+requires_openssl_tls1_3
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->O: HRR x448 -> secp521r1" \
+ "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x448,secp521r1" \
+ 0 \
+ -c "HTTP/1.0 200 ok" \
+ -c "NamedGroup: x448 ( 1e )" \
+ -c "NamedGroup: secp521r1 ( 19 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -c "received HelloRetryRequest message" \
+ -c "selected_group ( 25 )"
+
+requires_openssl_tls1_3
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->O: HRR x448 -> x25519" \
+ "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x448,x25519" \
+ 0 \
+ -c "HTTP/1.0 200 ok" \
+ -c "NamedGroup: x448 ( 1e )" \
+ -c "NamedGroup: x25519 ( 1d )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -c "received HelloRetryRequest message" \
+ -c "selected_group ( 29 )"
+
+requires_gnutls_tls1_3
+requires_gnutls_next_no_ticket
+requires_gnutls_next_disable_tls13_compat
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->G: HRR secp256r1 -> secp384r1" \
+ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+GROUP-SECP384R1:+MAC-ALL:+SIGN-ALL:+VERS-TLS1.3:%NO_TICKETS" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1,secp384r1" \
+ 0 \
+ -c "HTTP/1.0 200 OK" \
+ -c "NamedGroup: secp256r1 ( 17 )" \
+ -c "NamedGroup: secp384r1 ( 18 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -c "received HelloRetryRequest message" \
+ -c "selected_group ( 24 )"
+
+requires_gnutls_tls1_3
+requires_gnutls_next_no_ticket
+requires_gnutls_next_disable_tls13_compat
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->G: HRR secp256r1 -> secp521r1" \
+ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+GROUP-SECP521R1:+MAC-ALL:+SIGN-ALL:+VERS-TLS1.3:%NO_TICKETS" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1,secp521r1" \
+ 0 \
+ -c "HTTP/1.0 200 OK" \
+ -c "NamedGroup: secp256r1 ( 17 )" \
+ -c "NamedGroup: secp521r1 ( 19 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -c "received HelloRetryRequest message" \
+ -c "selected_group ( 25 )"
+
+requires_gnutls_tls1_3
+requires_gnutls_next_no_ticket
+requires_gnutls_next_disable_tls13_compat
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->G: HRR secp256r1 -> x25519" \
+ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+GROUP-X25519:+MAC-ALL:+SIGN-ALL:+VERS-TLS1.3:%NO_TICKETS" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1,x25519" \
+ 0 \
+ -c "HTTP/1.0 200 OK" \
+ -c "NamedGroup: secp256r1 ( 17 )" \
+ -c "NamedGroup: x25519 ( 1d )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -c "received HelloRetryRequest message" \
+ -c "selected_group ( 29 )"
+
+requires_gnutls_tls1_3
+requires_gnutls_next_no_ticket
+requires_gnutls_next_disable_tls13_compat
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->G: HRR secp256r1 -> x448" \
+ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+GROUP-X448:+MAC-ALL:+SIGN-ALL:+VERS-TLS1.3:%NO_TICKETS" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1,x448" \
+ 0 \
+ -c "HTTP/1.0 200 OK" \
+ -c "NamedGroup: secp256r1 ( 17 )" \
+ -c "NamedGroup: x448 ( 1e )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -c "received HelloRetryRequest message" \
+ -c "selected_group ( 30 )"
+
+requires_gnutls_tls1_3
+requires_gnutls_next_no_ticket
+requires_gnutls_next_disable_tls13_compat
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->G: HRR secp384r1 -> secp256r1" \
+ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+GROUP-SECP256R1:+MAC-ALL:+SIGN-ALL:+VERS-TLS1.3:%NO_TICKETS" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,secp256r1" \
+ 0 \
+ -c "HTTP/1.0 200 OK" \
+ -c "NamedGroup: secp384r1 ( 18 )" \
+ -c "NamedGroup: secp256r1 ( 17 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -c "received HelloRetryRequest message" \
+ -c "selected_group ( 23 )"
+
+requires_gnutls_tls1_3
+requires_gnutls_next_no_ticket
+requires_gnutls_next_disable_tls13_compat
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->G: HRR secp384r1 -> secp521r1" \
+ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+GROUP-SECP521R1:+MAC-ALL:+SIGN-ALL:+VERS-TLS1.3:%NO_TICKETS" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,secp521r1" \
+ 0 \
+ -c "HTTP/1.0 200 OK" \
+ -c "NamedGroup: secp384r1 ( 18 )" \
+ -c "NamedGroup: secp521r1 ( 19 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -c "received HelloRetryRequest message" \
+ -c "selected_group ( 25 )"
+
+requires_gnutls_tls1_3
+requires_gnutls_next_no_ticket
+requires_gnutls_next_disable_tls13_compat
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->G: HRR secp384r1 -> x25519" \
+ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+GROUP-X25519:+MAC-ALL:+SIGN-ALL:+VERS-TLS1.3:%NO_TICKETS" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,x25519" \
+ 0 \
+ -c "HTTP/1.0 200 OK" \
+ -c "NamedGroup: secp384r1 ( 18 )" \
+ -c "NamedGroup: x25519 ( 1d )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -c "received HelloRetryRequest message" \
+ -c "selected_group ( 29 )"
+
+requires_gnutls_tls1_3
+requires_gnutls_next_no_ticket
+requires_gnutls_next_disable_tls13_compat
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->G: HRR secp384r1 -> x448" \
+ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+GROUP-X448:+MAC-ALL:+SIGN-ALL:+VERS-TLS1.3:%NO_TICKETS" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,x448" \
+ 0 \
+ -c "HTTP/1.0 200 OK" \
+ -c "NamedGroup: secp384r1 ( 18 )" \
+ -c "NamedGroup: x448 ( 1e )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -c "received HelloRetryRequest message" \
+ -c "selected_group ( 30 )"
+
+requires_gnutls_tls1_3
+requires_gnutls_next_no_ticket
+requires_gnutls_next_disable_tls13_compat
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->G: HRR secp521r1 -> secp256r1" \
+ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+GROUP-SECP256R1:+MAC-ALL:+SIGN-ALL:+VERS-TLS1.3:%NO_TICKETS" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,secp256r1" \
+ 0 \
+ -c "HTTP/1.0 200 OK" \
+ -c "NamedGroup: secp521r1 ( 19 )" \
+ -c "NamedGroup: secp256r1 ( 17 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -c "received HelloRetryRequest message" \
+ -c "selected_group ( 23 )"
+
+requires_gnutls_tls1_3
+requires_gnutls_next_no_ticket
+requires_gnutls_next_disable_tls13_compat
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->G: HRR secp521r1 -> secp384r1" \
+ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+GROUP-SECP384R1:+MAC-ALL:+SIGN-ALL:+VERS-TLS1.3:%NO_TICKETS" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,secp384r1" \
+ 0 \
+ -c "HTTP/1.0 200 OK" \
+ -c "NamedGroup: secp521r1 ( 19 )" \
+ -c "NamedGroup: secp384r1 ( 18 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -c "received HelloRetryRequest message" \
+ -c "selected_group ( 24 )"
+
+requires_gnutls_tls1_3
+requires_gnutls_next_no_ticket
+requires_gnutls_next_disable_tls13_compat
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->G: HRR secp521r1 -> x25519" \
+ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+GROUP-X25519:+MAC-ALL:+SIGN-ALL:+VERS-TLS1.3:%NO_TICKETS" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,x25519" \
+ 0 \
+ -c "HTTP/1.0 200 OK" \
+ -c "NamedGroup: secp521r1 ( 19 )" \
+ -c "NamedGroup: x25519 ( 1d )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -c "received HelloRetryRequest message" \
+ -c "selected_group ( 29 )"
+
+requires_gnutls_tls1_3
+requires_gnutls_next_no_ticket
+requires_gnutls_next_disable_tls13_compat
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->G: HRR secp521r1 -> x448" \
+ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+GROUP-X448:+MAC-ALL:+SIGN-ALL:+VERS-TLS1.3:%NO_TICKETS" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,x448" \
+ 0 \
+ -c "HTTP/1.0 200 OK" \
+ -c "NamedGroup: secp521r1 ( 19 )" \
+ -c "NamedGroup: x448 ( 1e )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -c "received HelloRetryRequest message" \
+ -c "selected_group ( 30 )"
+
+requires_gnutls_tls1_3
+requires_gnutls_next_no_ticket
+requires_gnutls_next_disable_tls13_compat
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->G: HRR x25519 -> secp256r1" \
+ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+GROUP-SECP256R1:+MAC-ALL:+SIGN-ALL:+VERS-TLS1.3:%NO_TICKETS" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x25519,secp256r1" \
+ 0 \
+ -c "HTTP/1.0 200 OK" \
+ -c "NamedGroup: x25519 ( 1d )" \
+ -c "NamedGroup: secp256r1 ( 17 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -c "received HelloRetryRequest message" \
+ -c "selected_group ( 23 )"
+
+requires_gnutls_tls1_3
+requires_gnutls_next_no_ticket
+requires_gnutls_next_disable_tls13_compat
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->G: HRR x25519 -> secp384r1" \
+ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+GROUP-SECP384R1:+MAC-ALL:+SIGN-ALL:+VERS-TLS1.3:%NO_TICKETS" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x25519,secp384r1" \
+ 0 \
+ -c "HTTP/1.0 200 OK" \
+ -c "NamedGroup: x25519 ( 1d )" \
+ -c "NamedGroup: secp384r1 ( 18 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -c "received HelloRetryRequest message" \
+ -c "selected_group ( 24 )"
+
+requires_gnutls_tls1_3
+requires_gnutls_next_no_ticket
+requires_gnutls_next_disable_tls13_compat
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->G: HRR x25519 -> secp521r1" \
+ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+GROUP-SECP521R1:+MAC-ALL:+SIGN-ALL:+VERS-TLS1.3:%NO_TICKETS" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x25519,secp521r1" \
+ 0 \
+ -c "HTTP/1.0 200 OK" \
+ -c "NamedGroup: x25519 ( 1d )" \
+ -c "NamedGroup: secp521r1 ( 19 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -c "received HelloRetryRequest message" \
+ -c "selected_group ( 25 )"
+
+requires_gnutls_tls1_3
+requires_gnutls_next_no_ticket
+requires_gnutls_next_disable_tls13_compat
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->G: HRR x25519 -> x448" \
+ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+GROUP-X448:+MAC-ALL:+SIGN-ALL:+VERS-TLS1.3:%NO_TICKETS" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x25519,x448" \
+ 0 \
+ -c "HTTP/1.0 200 OK" \
+ -c "NamedGroup: x25519 ( 1d )" \
+ -c "NamedGroup: x448 ( 1e )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -c "received HelloRetryRequest message" \
+ -c "selected_group ( 30 )"
+
+requires_gnutls_tls1_3
+requires_gnutls_next_no_ticket
+requires_gnutls_next_disable_tls13_compat
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->G: HRR x448 -> secp256r1" \
+ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+GROUP-SECP256R1:+MAC-ALL:+SIGN-ALL:+VERS-TLS1.3:%NO_TICKETS" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x448,secp256r1" \
+ 0 \
+ -c "HTTP/1.0 200 OK" \
+ -c "NamedGroup: x448 ( 1e )" \
+ -c "NamedGroup: secp256r1 ( 17 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -c "received HelloRetryRequest message" \
+ -c "selected_group ( 23 )"
+
+requires_gnutls_tls1_3
+requires_gnutls_next_no_ticket
+requires_gnutls_next_disable_tls13_compat
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->G: HRR x448 -> secp384r1" \
+ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+GROUP-SECP384R1:+MAC-ALL:+SIGN-ALL:+VERS-TLS1.3:%NO_TICKETS" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x448,secp384r1" \
+ 0 \
+ -c "HTTP/1.0 200 OK" \
+ -c "NamedGroup: x448 ( 1e )" \
+ -c "NamedGroup: secp384r1 ( 18 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -c "received HelloRetryRequest message" \
+ -c "selected_group ( 24 )"
+
+requires_gnutls_tls1_3
+requires_gnutls_next_no_ticket
+requires_gnutls_next_disable_tls13_compat
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->G: HRR x448 -> secp521r1" \
+ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+GROUP-SECP521R1:+MAC-ALL:+SIGN-ALL:+VERS-TLS1.3:%NO_TICKETS" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x448,secp521r1" \
+ 0 \
+ -c "HTTP/1.0 200 OK" \
+ -c "NamedGroup: x448 ( 1e )" \
+ -c "NamedGroup: secp521r1 ( 19 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -c "received HelloRetryRequest message" \
+ -c "selected_group ( 25 )"
+
+requires_gnutls_tls1_3
+requires_gnutls_next_no_ticket
+requires_gnutls_next_disable_tls13_compat
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->G: HRR x448 -> x25519" \
+ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+GROUP-X25519:+MAC-ALL:+SIGN-ALL:+VERS-TLS1.3:%NO_TICKETS" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x448,x25519" \
+ 0 \
+ -c "HTTP/1.0 200 OK" \
+ -c "NamedGroup: x448 ( 1e )" \
+ -c "NamedGroup: x25519 ( 1d )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -c "received HelloRetryRequest message" \
+ -c "selected_group ( 29 )"
diff --git a/tests/scripts/generate_tls13_compat_tests.py b/tests/scripts/generate_tls13_compat_tests.py
index 5c429db..7ff07e7 100755
--- a/tests/scripts/generate_tls13_compat_tests.py
+++ b/tests/scripts/generate_tls13_compat_tests.py
@@ -244,7 +244,7 @@
priority_string_list.extend(update_priority_string_list(
self._ciphers, self.CIPHER_SUITE))
else:
- priority_string_list.append('CIPHER-ALL')
+ priority_string_list.extend(['CIPHER-ALL', 'MAC-ALL'])
if self._sig_algs:
signature_algorithms = set(self._sig_algs + self._cert_sig_algs)
@@ -375,6 +375,35 @@
return '\n'.join(server_object.pre_checks() + client_object.pre_checks() + [cmd])
+def generate_hrr_compat_test(client=None, server=None, cert_sig_alg=None,
+ client_named_group=None, server_named_group=None):
+ """
+ Generate Hello Retry Request test case with `ssl-opt.sh` format.
+ """
+ name = 'TLS 1.3 {client[0]}->{server[0]}: HRR {c_named_group} -> {s_named_group}'.format(
+ client=client, server=server, c_named_group=client_named_group,
+ s_named_group=server_named_group)
+ server_object = SERVER_CLASSES[server](named_group=server_named_group,
+ cert_sig_alg=cert_sig_alg)
+
+ client_object = CLIENT_CLASSES[client](named_group=client_named_group,
+ cert_sig_alg=cert_sig_alg)
+ client_object.add_named_groups(server_named_group)
+
+ cmd = ['run_test "{}"'.format(name), '"{}"'.format(
+ server_object.cmd()), '"{}"'.format(client_object.cmd()), '0']
+ cmd += server_object.post_checks()
+ cmd += client_object.post_checks()
+ cmd += ['-c "received HelloRetryRequest message"']
+ cmd += ['-c "selected_group ( {:d} )"'.format(
+ NAMED_GROUP_IANA_VALUE[server_named_group])]
+ prefix = ' \\\n' + (' '*9)
+ cmd = prefix.join(cmd)
+ return '\n'.join(server_object.pre_checks() +
+ client_object.pre_checks() +
+ [cmd])
+
+
SSL_OUTPUT_HEADER = '''#!/bin/sh
# {filename}
@@ -404,7 +433,6 @@
#
'''
-
def main():
"""
Main function of this program
@@ -461,6 +489,17 @@
yield generate_compat_test(cipher=cipher, sig_alg=sig_alg, named_group=named_group,
server=server, client=client)
+ # Generate Hello Retry Request compat test cases
+ for client, server, client_named_group, server_named_group in \
+ itertools.product(CLIENT_CLASSES.keys(),
+ SERVER_CLASSES.keys(),
+ NAMED_GROUP_IANA_VALUE.keys(),
+ NAMED_GROUP_IANA_VALUE.keys()):
+ if client_named_group != server_named_group:
+ yield generate_hrr_compat_test(client=client, server=server,
+ cert_sig_alg="ecdsa_secp256r1_sha256",
+ client_named_group=client_named_group,
+ server_named_group=server_named_group)
if args.generate_all_tls13_compat_tests:
if args.output: