Add SCTP testing to 18-dtls-renegotiate.conf

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3286)

diff --git a/test/ssl-tests/18-dtls-renegotiate.conf.in b/test/ssl-tests/18-dtls-renegotiate.conf.in
index 7a65a85618b5a3e82c1df442e8eebf6145d97c58..82935ccad8345792bf944b357d8f332f694faef6 100644 (file)
--- a/test/ssl-tests/18-dtls-renegotiate.conf.in
+++ b/test/ssl-tests/18-dtls-renegotiate.conf.in
@@ -15,160 +15,178 @@ use warnings;
 package ssltests;
 use OpenSSL::Test::Utils;
 
 package ssltests;
 use OpenSSL::Test::Utils;
 

-our @tests = (
-    {
-        name => "renegotiate-client-no-resume",
-        server => {
-            "Options" => "NoResumptionOnRenegotiation"
-        },
-        client => {},
-        test => {
-            "Method" => "DTLS",
-            "HandshakeMode" => "RenegotiateClient",
-            "ResumptionExpected" => "No",
-            "ExpectedResult" => "Success"
-        }
-    },
-    {
-        name => "renegotiate-client-resume",
-        server => {},
-        client => {},
-        test => {
-            "Method" => "DTLS",
-            "HandshakeMode" => "RenegotiateClient",
-            "ResumptionExpected" => "Yes",
-            "ExpectedResult" => "Success"
-        }
-    },
-# Note: Unlike the TLS tests, we will never do resumption with server
-# initiated reneg. This is because an OpenSSL DTLS client will always do a full
-# handshake (i.e. it doesn't supply a session id) when it receives a
-# HelloRequest. This is different to the OpenSSL TLS implementation where an
-# OpenSSL client will always try an abbreviated handshake (i.e. it will supply
-# the session id). This goes all the way to commit 48ae85b6f when abbreviated
-# handshake support was first added. Neither behaviour is wrong, but the
-# discrepancy is strange. TODO: Should we harmonise the TLS and DTLS behaviour,
-# and if so, what to?
-    {
-        name => "renegotiate-server-resume",
-        server => {},
-        client => {},
-        test => {
-            "Method" => "DTLS",
-            "HandshakeMode" => "RenegotiateServer",
-            "ResumptionExpected" => "No",
-            "ExpectedResult" => "Success"
-        }
-    },
-    {
-        name => "renegotiate-client-auth-require",
-        server => {
-            "VerifyCAFile" => test_pem("root-cert.pem"),
-            "VerifyMode" => "Require",
-        },
-        client => {
-            "Certificate" => test_pem("ee-client-chain.pem"),
-            "PrivateKey"  => test_pem("ee-key.pem"),
-        },
-        test => {
-            "Method" => "DTLS",
-            "HandshakeMode" => "RenegotiateServer",
-            "ResumptionExpected" => "No",
-            "ExpectedResult" => "Success"
-        }
-    },
-    {
-        name => "renegotiate-client-auth-once",
-        server => {
-            "VerifyCAFile" => test_pem("root-cert.pem"),
-            "VerifyMode" => "Once",
-        },
-        client => {
-            "Certificate" => test_pem("ee-client-chain.pem"),
-            "PrivateKey"  => test_pem("ee-key.pem"),
-        },
-        test => {
-            "Method" => "DTLS",
-            "HandshakeMode" => "RenegotiateServer",
-            "ResumptionExpected" => "No",
-            "ExpectedResult" => "Success"
-        }
-    }
-);
-our @tests_dtls1_2 = (
-    {
-        name => "renegotiate-aead-to-non-aead",
-        server => {
-            "Options" => "NoResumptionOnRenegotiation"
+our @tests = ();
+
+foreach my $sctp ("No", "Yes")
+{
+    next if disabled("sctp");
+
+    my $suffix = ($sctp eq "No") ? "" : "-sctp";
+    our @tests_basic = (
+        {
+            name => "renegotiate-client-no-resume".$suffix,
+            server => {
+                "Options" => "NoResumptionOnRenegotiation"
+            },
+            client => {},
+            test => {
+                "Method" => "DTLS",
+                "UseSCTP" => $sctp,
+                "HandshakeMode" => "RenegotiateClient",
+                "ResumptionExpected" => "No",
+                "ExpectedResult" => "Success"
+            }

         },
         },

-        client => {
-            "CipherString" => "AES128-GCM-SHA256",
-            extra => {
-                "RenegotiateCiphers" => "AES128-SHA"
+        {
+            name => "renegotiate-client-resume".$suffix,
+            server => {},
+            client => {},
+            test => {
+                "Method" => "DTLS",
+                "UseSCTP" => $sctp,
+                "HandshakeMode" => "RenegotiateClient",
+                "ResumptionExpected" => "Yes",
+                "ExpectedResult" => "Success"

             }
         },
             }
         },

-        test => {
-            "Method" => "DTLS",
-            "HandshakeMode" => "RenegotiateClient",
-            "ResumptionExpected" => "No",
-            "ExpectedResult" => "Success"
-        }
-    },
-    {
-        name => "renegotiate-non-aead-to-aead",
-        server => {
-            "Options" => "NoResumptionOnRenegotiation"
+        # Note: Unlike the TLS tests, we will never do resumption with server
+        # initiated reneg. This is because an OpenSSL DTLS client will always do a full
+        # handshake (i.e. it doesn't supply a session id) when it receives a
+        # HelloRequest. This is different to the OpenSSL TLS implementation where an
+        # OpenSSL client will always try an abbreviated handshake (i.e. it will supply
+        # the session id). This goes all the way to commit 48ae85b6f when abbreviated
+        # handshake support was first added. Neither behaviour is wrong, but the
+        # discrepancy is strange. TODO: Should we harmonise the TLS and DTLS behaviour,
+        # and if so, what to?
+        {
+            name => "renegotiate-server-resume".$suffix,
+            server => {},
+            client => {},
+            test => {
+                "Method" => "DTLS",
+                "UseSCTP" => $sctp,
+                "HandshakeMode" => "RenegotiateServer",
+                "ResumptionExpected" => "No",
+                "ExpectedResult" => "Success"
+            }

         },
         },

-        client => {
-            "CipherString" => "AES128-SHA",
-            extra => {
-                "RenegotiateCiphers" => "AES128-GCM-SHA256"
+        {
+            name => "renegotiate-client-auth-require".$suffix,
+            server => {
+                "VerifyCAFile" => test_pem("root-cert.pem"),
+                "VerifyMode" => "Require",
+            },
+            client => {
+                "Certificate" => test_pem("ee-client-chain.pem"),
+                "PrivateKey"  => test_pem("ee-key.pem"),
+            },
+            test => {
+                "Method" => "DTLS",
+                "UseSCTP" => $sctp,
+                "HandshakeMode" => "RenegotiateServer",
+                "ResumptionExpected" => "No",
+                "ExpectedResult" => "Success"

             }
         },
             }
         },

-        test => {
-            "Method" => "DTLS",
-            "HandshakeMode" => "RenegotiateClient",
-            "ResumptionExpected" => "No",
-            "ExpectedResult" => "Success"
+        {
+            name => "renegotiate-client-auth-once".$suffix,
+            server => {
+                "VerifyCAFile" => test_pem("root-cert.pem"),
+                "VerifyMode" => "Once",
+            },
+            client => {
+                "Certificate" => test_pem("ee-client-chain.pem"),
+                "PrivateKey"  => test_pem("ee-key.pem"),
+            },
+            test => {
+                "Method" => "DTLS",
+                "UseSCTP" => $sctp,
+                "HandshakeMode" => "RenegotiateServer",
+                "ResumptionExpected" => "No",
+                "ExpectedResult" => "Success"
+            }

         }
         }

-    },
-    {
-        name => "renegotiate-non-aead-to-non-aead",
-        server => {
-            "Options" => "NoResumptionOnRenegotiation"
+    );
+    push @tests, @tests_basic;
+
+    next if disabled("dtls1_2");
+    our @tests_dtls1_2 = (
+        {
+            name => "renegotiate-aead-to-non-aead".$suffix,
+            server => {
+                "Options" => "NoResumptionOnRenegotiation"
+            },
+            client => {
+                "CipherString" => "AES128-GCM-SHA256",
+                extra => {
+                    "RenegotiateCiphers" => "AES128-SHA"
+                }
+            },
+            test => {
+                "Method" => "DTLS",
+                "UseSCTP" => $sctp,
+                "HandshakeMode" => "RenegotiateClient",
+                "ResumptionExpected" => "No",
+                "ExpectedResult" => "Success"
+            }

         },
         },

-        client => {
-            "CipherString" => "AES128-SHA",
-            extra => {
-                "RenegotiateCiphers" => "AES256-SHA"
+        {
+            name => "renegotiate-non-aead-to-aead".$suffix,
+            server => {
+                "Options" => "NoResumptionOnRenegotiation"
+            },
+            client => {
+                "CipherString" => "AES128-SHA",
+                extra => {
+                    "RenegotiateCiphers" => "AES128-GCM-SHA256"
+                }
+            },
+            test => {
+                "Method" => "DTLS",
+                "UseSCTP" => $sctp,
+                "HandshakeMode" => "RenegotiateClient",
+                "ResumptionExpected" => "No",
+                "ExpectedResult" => "Success"

             }
         },
             }
         },

-        test => {
-            "Method" => "DTLS",
-            "HandshakeMode" => "RenegotiateClient",
-            "ResumptionExpected" => "No",
-            "ExpectedResult" => "Success"
-        }
-    },
-    {
-        name => "renegotiate-aead-to-aead",
-        server => {
-            "Options" => "NoResumptionOnRenegotiation"
+        {
+            name => "renegotiate-non-aead-to-non-aead".$suffix,
+            server => {
+                "Options" => "NoResumptionOnRenegotiation"
+            },
+            client => {
+                "CipherString" => "AES128-SHA",
+                extra => {
+                    "RenegotiateCiphers" => "AES256-SHA"
+                }
+            },
+            test => {
+                "Method" => "DTLS",
+                "UseSCTP" => $sctp,
+                "HandshakeMode" => "RenegotiateClient",
+                "ResumptionExpected" => "No",
+                "ExpectedResult" => "Success"
+            }

         },
         },

-        client => {
-            "CipherString" => "AES128-GCM-SHA256",
-            extra => {
-                "RenegotiateCiphers" => "AES256-GCM-SHA384"
+        {
+            name => "renegotiate-aead-to-aead".$suffix,
+            server => {
+                "Options" => "NoResumptionOnRenegotiation"
+            },
+            client => {
+                "CipherString" => "AES128-GCM-SHA256",
+                extra => {
+                    "RenegotiateCiphers" => "AES256-GCM-SHA384"
+                }
+            },
+            test => {
+                "Method" => "DTLS",
+                "UseSCTP" => $sctp,
+                "HandshakeMode" => "RenegotiateClient",
+                "ResumptionExpected" => "No",
+                "ExpectedResult" => "Success"

             }
         },
             }
         },

-        test => {
-            "Method" => "DTLS",
-            "HandshakeMode" => "RenegotiateClient",
-            "ResumptionExpected" => "No",
-            "ExpectedResult" => "Success"
-        }
-    },
-);
-
-
-push @tests, @tests_dtls1_2 unless disabled("dtls1_2");
+    );
+    push @tests, @tests_dtls1_2;
+}