Adjust dtlstest for SHA1 security level

SHA1 is now in security level 0. SHA1 is required for DTLSv1.1. Therefore
dtlstest needed some adjustments in the event that DTLSv1.2 is disabled.

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15047)

diff --git a/test/dtlstest.c b/test/dtlstest.c
index 4f0f9d549dae5e5c323320b1d3ae3a7aa72aaa15..05b8ded9cc33e98d6b3fc22ce7492b08bc5fbd2e 100644 (file)
--- a/test/dtlstest.c
+++ b/test/dtlstest.c
@@ -67,8 +67,16 @@ static int test_dtls_unprocessed(int testidx)
                                        &sctx, &cctx, cert, privkey)))
         return 0;
 
+#ifndef OPENSSL_NO_DTLS1_2
     if (!TEST_true(SSL_CTX_set_cipher_list(cctx, "AES128-SHA")))
         goto end;
+#else
+    /* Default sigalgs are SHA1 based in <DTLS1.2 which is in security level 0 */
+    if (!TEST_true(SSL_CTX_set_cipher_list(sctx, "AES128-SHA:@SECLEVEL=0"))
+            || !TEST_true(SSL_CTX_set_cipher_list(cctx,
+                                                  "AES128-SHA:@SECLEVEL=0")))
+        goto end;
+#endif
 
     c_to_s_fbio = BIO_new(bio_f_tls_dump_filter());
     if (!TEST_ptr(c_to_s_fbio))
@@ -167,6 +175,14 @@ static int test_dtls_drop_records(int idx)
                                        &sctx, &cctx, cert, privkey)))
         return 0;
 
+#ifdef OPENSSL_NO_DTLS1_2
+    /* Default sigalgs are SHA1 based in <DTLS1.2 which is in security level 0 */
+    if (!TEST_true(SSL_CTX_set_cipher_list(sctx, "DEFAULT:@SECLEVEL=0"))
+            || !TEST_true(SSL_CTX_set_cipher_list(cctx,
+                                                  "DEFAULT:@SECLEVEL=0")))
+        goto end;
+#endif
+
     if (!TEST_true(SSL_CTX_set_dh_auto(sctx, 1)))
         goto end;
 
@@ -286,6 +302,14 @@ static int test_cookie(void)
     SSL_CTX_set_cookie_generate_cb(sctx, generate_cookie_cb);
     SSL_CTX_set_cookie_verify_cb(sctx, verify_cookie_cb);
 
+#ifdef OPENSSL_NO_DTLS1_2
+    /* Default sigalgs are SHA1 based in <DTLS1.2 which is in security level 0 */
+    if (!TEST_true(SSL_CTX_set_cipher_list(sctx, "DEFAULT:@SECLEVEL=0"))
+            || !TEST_true(SSL_CTX_set_cipher_list(cctx,
+                                                  "DEFAULT:@SECLEVEL=0")))
+        goto end;
+#endif
+
     if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
                                       NULL, NULL))
             || !TEST_true(create_ssl_connection(serverssl, clientssl,
@@ -314,6 +338,14 @@ static int test_dtls_duplicate_records(void)
                                        &sctx, &cctx, cert, privkey)))
         return 0;
 
+#ifdef OPENSSL_NO_DTLS1_2
+    /* Default sigalgs are SHA1 based in <DTLS1.2 which is in security level 0 */
+    if (!TEST_true(SSL_CTX_set_cipher_list(sctx, "DEFAULT:@SECLEVEL=0"))
+            || !TEST_true(SSL_CTX_set_cipher_list(cctx,
+                                                  "DEFAULT:@SECLEVEL=0")))
+        goto end;
+#endif
+
     if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
                                       NULL, NULL)))
         goto end;