Add a DTLSv1_listen() test

Add a test to ensure that a connection started via DTLSv1_listen() can
be completed through to handshake success. Previous DTLSv1_listen()
testing only tested the function itself and did not confirm that a
connection can actually be achieved using it.

This is important to test some codepaths being affected by the record layer
refactor.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18132)

1 files changed, 52 insertions, 1 deletions

diff --git a/test/dtlstest.c b/test/dtlstest.c
index f84f2c1299..8016a112e9 100644
--- a/test/dtlstest.c
+++ b/test/dtlstest.c
@@ -109,7 +109,7 @@ static int test_dtls_unprocessed(int testidx)
      * they will fail to decrypt.
      */
     if (!TEST_true(create_bare_ssl_connection(serverssl1, clientssl1,
-                                              SSL_ERROR_NONE, 0)))
+                                              SSL_ERROR_NONE, 0, 0)))
         goto end;
 
     if (timer_cb_count == 0) {
@@ -606,6 +606,56 @@ static int test_swap_app_data(void)
     SSL_free(sssl);
     SSL_CTX_free(cctx);
     SSL_CTX_free(sctx);
+
+    return testresult;
+}
+
+/* Confirm that we can create a connections using DTLSv1_listen() */
+static int test_listen(void)
+{
+    SSL_CTX *sctx = NULL, *cctx = NULL;
+    SSL *serverssl = NULL, *clientssl = NULL;
+    int testresult = 0;
+
+    if (!TEST_true(create_ssl_ctx_pair(NULL, DTLS_server_method(),
+                                       DTLS_client_method(),
+                                       DTLS1_VERSION, 0,
+                                       &sctx, &cctx, cert, privkey)))
+        return 0;
+
+#ifdef OPENSSL_NO_DTLS1_2
+    /* Default sigalgs are SHA1 based in <DTLS1.2 which is in security level 0 */
+    if (!TEST_true(SSL_CTX_set_cipher_list(sctx, "DEFAULT:@SECLEVEL=0"))
+            || !TEST_true(SSL_CTX_set_cipher_list(cctx,
+                                                  "DEFAULT:@SECLEVEL=0")))
+        goto end;
+#endif
+
+    SSL_CTX_set_cookie_generate_cb(sctx, generate_cookie_cb);
+    SSL_CTX_set_cookie_verify_cb(sctx, verify_cookie_cb);
+
+    if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
+                                      NULL, NULL)))
+        goto end;
+
+    DTLS_set_timer_cb(clientssl, timer_cb);
+    DTLS_set_timer_cb(serverssl, timer_cb);
+
+    /*
+     * The last parameter to create_bare_ssl_connection() requests that
+     * DLTSv1_listen() is used.
+     */
+    if (!TEST_true(create_bare_ssl_connection(serverssl, clientssl,
+                                              SSL_ERROR_NONE, 1, 1)))
+        goto end;
+
+    testresult = 1;
+ end:
+    SSL_free(serverssl);
+    SSL_free(clientssl);
+    SSL_CTX_free(sctx);
+    SSL_CTX_free(cctx);
+
     return testresult;
 }
 
@@ -631,6 +681,7 @@ int setup_tests(void)
     ADD_TEST(test_just_finished);
     ADD_TEST(test_swap_epoch);
     ADD_TEST(test_swap_app_data);
+    ADD_TEST(test_listen);
 
     return 1;
 }