From: Matt Caswell <matt@openssl.org>
Date: Fri, 20 Jan 2023 14:08:42 +0000 (+0000)
Subject: Add DTLS support to the large app data test
X-Git-Tag: openssl-3.2.0-alpha1~1412
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=2fda45d5eb85e5d939fbbba0dd6562ebf01abd2a;p=thirdparty%2Fopenssl.git

Add DTLS support to the large app data test

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20085)
---

diff --git a/test/sslapitest.c b/test/sslapitest.c
index d0bce3122c4..17f3d072805 100644
--- a/test/sslapitest.c
+++ b/test/sslapitest.c
@@ -1547,6 +1547,8 @@ static int test_large_app_data(int tst)
     int testresult = 0, prot;
     unsigned char *msg, *buf = NULL;
     size_t written, readbytes;
+    const SSL_METHOD *smeth = TLS_server_method();
+    const SSL_METHOD *cmeth = TLS_client_method();
 
     switch (tst >> 2) {
     case 0:
@@ -1589,12 +1591,32 @@ static int test_large_app_data(int tst)
         return 1;
 #endif
 
+    case 5:
+#ifndef OPENSSL_NO_DTLS1_2
+        prot = DTLS1_2_VERSION;
+        smeth = DTLS_server_method();
+        cmeth = DTLS_client_method();
+        break;
+#else
+        return 1;
+#endif
+
+    case 6:
+#ifndef OPENSSL_NO_DTLS1
+        prot = DTLS1_VERSION;
+        smeth = DTLS_server_method();
+        cmeth = DTLS_client_method();
+        break;
+#else
+        return 1;
+#endif
+
     default:
         /* Shouldn't happen */
         return 0;
     }
 
-    if (prot < TLS1_2_VERSION && is_fips)
+    if ((prot < TLS1_2_VERSION || prot == DTLS1_VERSION) && is_fips)
         return 1;
 
     /* Maximal sized message of zeros */
@@ -1608,12 +1630,11 @@ static int test_large_app_data(int tst)
     /* Set whole buffer to all bits set */
     memset(buf, 0xff, SSL3_RT_MAX_PLAIN_LENGTH + 1);
 
-    if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(),
-                                       TLS_client_method(), prot, prot,
+    if (!TEST_true(create_ssl_ctx_pair(libctx, smeth, cmeth, prot, prot,
                                        &sctx, &cctx, cert, privkey)))
         goto end;
 
-    if ((prot < TLS1_2_VERSION)) {
+    if (prot < TLS1_2_VERSION || prot == DTLS1_VERSION) {
         /* Older protocol versions need SECLEVEL=0 due to SHA1 usage */
         if (!TEST_true(SSL_CTX_set_cipher_list(cctx, "DEFAULT:@SECLEVEL=0"))
                 || !TEST_true(SSL_CTX_set_cipher_list(sctx,
@@ -10703,7 +10724,7 @@ int setup_tests(void)
 #ifndef OPENSSL_NO_DTLS
     ADD_TEST(test_large_message_dtls);
 #endif
-    ADD_ALL_TESTS(test_large_app_data, 20);
+    ADD_ALL_TESTS(test_large_app_data, 28);
     ADD_TEST(test_cleanse_plaintext);
 #ifndef OPENSSL_NO_OCSP
     ADD_TEST(test_tlsext_status_type);