summaryrefslogtreecommitdiff
path: root/src/ssl/test/runner/handshake_server.go
diff options
context:
space:
mode:
Diffstat (limited to 'src/ssl/test/runner/handshake_server.go')
-rw-r--r--src/ssl/test/runner/handshake_server.go24
1 files changed, 10 insertions, 14 deletions
diff --git a/src/ssl/test/runner/handshake_server.go b/src/ssl/test/runner/handshake_server.go
index d2ef9b42..3a6c8107 100644
--- a/src/ssl/test/runner/handshake_server.go
+++ b/src/ssl/test/runner/handshake_server.go
@@ -210,8 +210,8 @@ func (hs *serverHandshakeState) readClientHello() error {
if config.Bugs.FailIfCECPQ2Offered {
for _, offeredCurve := range hs.clientHello.supportedCurves {
- if offeredCurve == CurveCECPQ2 {
- return errors.New("tls: CECPQ2 was offered")
+ if isPqGroup(offeredCurve) {
+ return errors.New("tls: CECPQ2 or CECPQ2b was offered")
}
}
}
@@ -228,6 +228,10 @@ func (hs *serverHandshakeState) readClientHello() error {
}
}
+ if c.config.Bugs.ExpectPQExperimentSignal != hs.clientHello.pqExperimentSignal {
+ return fmt.Errorf("tls: PQ experiment signal presence (%t) was not what was expected", hs.clientHello.pqExperimentSignal)
+ }
+
c.clientVersion = hs.clientHello.vers
// Use the versions extension if supplied, otherwise use the legacy ClientHello version.
@@ -722,16 +726,7 @@ ResendHelloRetryRequest:
}
c.earlyCipherSuite = hs.suite
- expectEarlyData := config.Bugs.ExpectEarlyData
- if n := config.Bugs.ExpectEarlyKeyingMaterial; n > 0 {
- exporter, err := c.ExportEarlyKeyingMaterial(n, []byte(config.Bugs.ExpectEarlyKeyingLabel), []byte(config.Bugs.ExpectEarlyKeyingContext))
- if err != nil {
- return err
- }
- expectEarlyData = append([][]byte{exporter}, expectEarlyData...)
- }
-
- for _, expectedMsg := range expectEarlyData {
+ for _, expectedMsg := range config.Bugs.ExpectEarlyData {
if err := c.readRecord(recordTypeApplicationData); err != nil {
return err
}
@@ -1232,8 +1227,8 @@ func (hs *serverHandshakeState) processClientHello() (isResume bool, err error)
preferredCurves := config.curvePreferences()
Curves:
for _, curve := range hs.clientHello.supportedCurves {
- if curve == CurveCECPQ2 && c.vers < VersionTLS13 {
- // CECPQ2 is TLS 1.3-only.
+ if isPqGroup(curve) && c.vers < VersionTLS13 {
+ // CECPQ2 and CECPQ2b is TLS 1.3-only.
continue
}
@@ -1456,6 +1451,7 @@ func (hs *serverHandshakeState) processClientExtensions(serverExtensions *server
}
serverExtensions.serverNameAck = c.config.Bugs.SendServerNameAck
+ serverExtensions.pqExperimentSignal = hs.clientHello.pqExperimentSignal
return nil
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-26 08:24:04 +0000