diff options
Diffstat (limited to 'src/ssl/test/runner/handshake_server.go')
-rw-r--r-- | src/ssl/test/runner/handshake_server.go | 24 |
1 files changed, 10 insertions, 14 deletions
diff --git a/src/ssl/test/runner/handshake_server.go b/src/ssl/test/runner/handshake_server.go index d2ef9b42..3a6c8107 100644 --- a/src/ssl/test/runner/handshake_server.go +++ b/src/ssl/test/runner/handshake_server.go @@ -210,8 +210,8 @@ func (hs *serverHandshakeState) readClientHello() error { if config.Bugs.FailIfCECPQ2Offered { for _, offeredCurve := range hs.clientHello.supportedCurves { - if offeredCurve == CurveCECPQ2 { - return errors.New("tls: CECPQ2 was offered") + if isPqGroup(offeredCurve) { + return errors.New("tls: CECPQ2 or CECPQ2b was offered") } } } @@ -228,6 +228,10 @@ func (hs *serverHandshakeState) readClientHello() error { } } + if c.config.Bugs.ExpectPQExperimentSignal != hs.clientHello.pqExperimentSignal { + return fmt.Errorf("tls: PQ experiment signal presence (%t) was not what was expected", hs.clientHello.pqExperimentSignal) + } + c.clientVersion = hs.clientHello.vers // Use the versions extension if supplied, otherwise use the legacy ClientHello version. @@ -722,16 +726,7 @@ ResendHelloRetryRequest: } c.earlyCipherSuite = hs.suite - expectEarlyData := config.Bugs.ExpectEarlyData - if n := config.Bugs.ExpectEarlyKeyingMaterial; n > 0 { - exporter, err := c.ExportEarlyKeyingMaterial(n, []byte(config.Bugs.ExpectEarlyKeyingLabel), []byte(config.Bugs.ExpectEarlyKeyingContext)) - if err != nil { - return err - } - expectEarlyData = append([][]byte{exporter}, expectEarlyData...) - } - - for _, expectedMsg := range expectEarlyData { + for _, expectedMsg := range config.Bugs.ExpectEarlyData { if err := c.readRecord(recordTypeApplicationData); err != nil { return err } @@ -1232,8 +1227,8 @@ func (hs *serverHandshakeState) processClientHello() (isResume bool, err error) preferredCurves := config.curvePreferences() Curves: for _, curve := range hs.clientHello.supportedCurves { - if curve == CurveCECPQ2 && c.vers < VersionTLS13 { - // CECPQ2 is TLS 1.3-only. + if isPqGroup(curve) && c.vers < VersionTLS13 { + // CECPQ2 and CECPQ2b is TLS 1.3-only. continue } @@ -1456,6 +1451,7 @@ func (hs *serverHandshakeState) processClientExtensions(serverExtensions *server } serverExtensions.serverNameAck = c.config.Bugs.SendServerNameAck + serverExtensions.pqExperimentSignal = hs.clientHello.pqExperimentSignal return nil } |