From: Frederik Wedel-Heinen <frederik.wedel-heinen@dencrypt.dk>
Date: Thu, 16 May 2024 18:04:51 +0000 (+0200)
Subject: Run test_cookie() test with DTLS 1.3
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=25ab23242f787b958e613658326020296ef980c4;p=thirdparty%2Fopenssl.git

Run test_cookie() test with DTLS 1.3

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24425)
---

diff --git a/test/dtlstest.c b/test/dtlstest.c
index 15aae92df9f..19bd8aab8c4 100644
--- a/test/dtlstest.c
+++ b/test/dtlstest.c
@@ -323,14 +323,9 @@ static int test_cookie(void)
     SSL *serverssl = NULL, *clientssl = NULL;
     int testresult = 0;
 
-    /**
-     * TODO(DTLSv1.3): Tests fails with
-     *  ssl/statem/extensions_clnt.c:624: OpenSSL internal error:
-     *      Assertion failed: s->hello_retry_request == SSL_HRR_PENDING
-     */
-     if (!TEST_true(create_ssl_ctx_pair(NULL, DTLS_server_method(),
+    if (!TEST_true(create_ssl_ctx_pair(NULL, DTLS_server_method(),
                                        DTLS_client_method(),
-                                       DTLS1_VERSION, DTLS1_2_VERSION,
+                                       DTLS1_VERSION, 0,
                                        &sctx, &cctx, cert, privkey)))
         return 0;
 
@@ -338,7 +333,7 @@ static int test_cookie(void)
     SSL_CTX_set_cookie_generate_cb(sctx, generate_cookie_cb);
     SSL_CTX_set_cookie_verify_cb(sctx, verify_cookie_cb);
 
-#ifdef OPENSSL_NO_DTLS1_2
+#if defined(OPENSSL_NO_DTLS1_2) && defined(OPENSSL_NO_DTLS1_3)
     /* Default sigalgs are SHA1 based in <DTLS1.2 which is in security level 0 */
     if (!TEST_true(SSL_CTX_set_cipher_list(sctx, "DEFAULT:@SECLEVEL=0"))
             || !TEST_true(SSL_CTX_set_cipher_list(cctx,
@@ -445,7 +440,7 @@ static int test_just_finished(void)
                                        &sctx, NULL, cert, privkey)))
         return 0;
 
-#ifdef OPENSSL_NO_DTLS1_2
+#if defined(OPENSSL_NO_DTLS1_2) && defined(OPENSSL_NO_DTLS1_3)
     /* DTLSv1 is not allowed at the default security level */
     if (!TEST_true(SSL_CTX_set_cipher_list(sctx, "DEFAULT:@SECLEVEL=0")))
         goto end;
diff --git a/test/sslapitest.c b/test/sslapitest.c
index a6b979bceb5..fccdea2d297 100644
--- a/test/sslapitest.c
+++ b/test/sslapitest.c
@@ -969,7 +969,7 @@ static int execute_test_large_message(const SSL_METHOD *smeth,
                                        privkey)))
         goto end;
 
-#ifdef OPENSSL_NO_DTLS1_2
+#if defined(OPENSSL_NO_DTLS1_2) && defined(OPENSSL_NO_DTLS1_3)
     if (smeth == DTLS_server_method()) {
         /*
          * Default sigalgs are SHA1 based in <DTLS1.2 which is in security