Run 70-test_tls13certcomp.t with dtls

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24525)

5 files changed, 130 insertions, 92 deletions

diff --git a/test/recipes/70-test_tls13alerts.t b/test/recipes/70-test_tls13alerts.t
index 130ca70e18..4aefe6b2c2 100644
--- a/test/recipes/70-test_tls13alerts.t
+++ b/test/recipes/70-test_tls13alerts.t
@@ -23,7 +23,7 @@ plan skip_all => "$test_name needs the dynamic engine feature enabled"
 plan skip_all => "$test_name needs the sock feature enabled"
     if disabled("sock");
 
-plan skip_all => "$test_name needs elliptic curves and diffie-hellman enabled"
+plan skip_all => "$test_name needs elliptic curves or diffie-hellman enabled"
     if disabled("ec") && disabled("dh");
 
 my $testcount = 1;
diff --git a/test/recipes/70-test_tls13certcomp.t b/test/recipes/70-test_tls13certcomp.t
index e2d65bd87c..3b59ed3474 100644
--- a/test/recipes/70-test_tls13certcomp.t
+++ b/test/recipes/70-test_tls13certcomp.t
@@ -206,93 +206,131 @@ plan skip_all => "$test_name needs compression and algorithms enabled"
     [0,0,0,0]
 );
 
-my $proxy = TLSProxy::Proxy->new(
-    undef,
-    cmdstr(app(["openssl"]), display => 1),
-    srctop_file("apps", "server.pem"),
-    (!$ENV{HARNESS_ACTIVE} || $ENV{HARNESS_VERBOSE})
-);
+my $testcount = 8;
+
+plan tests => 2 * $testcount;
+
+SKIP: {
+    skip "TLS 1.3 is disabled", $testcount if disabled("tls1_3");
+    # Run tests with TLS
+    run_tests(0);
+}
+
+SKIP: {
+    skip "DTLS 1.3 is disabled", $testcount if disabled("dtls1_3");
+    skip "DTLSProxy does not work on Windows", $testcount if $^O =~ /^(MSWin32)$/;
+    run_tests(1);
+}
+
+sub run_tests
+{
+    my $run_test_as_dtls = shift;
+    my $proxy_start_success = 0;
+
+    my $proxy;
+    if ($run_test_as_dtls == 1) {
+        $proxy = TLSProxy::Proxy->new_dtls(
+            undef,
+            cmdstr(app([ "openssl" ]), display => 1),
+            srctop_file("apps", "server.pem"),
+            (!$ENV{HARNESS_ACTIVE} || $ENV{HARNESS_VERBOSE})
+        );
+    }
+    else {
+        $proxy = TLSProxy::Proxy->new(
+            undef,
+            cmdstr(app([ "openssl" ]), display => 1),
+            srctop_file("apps", "server.pem"),
+            (!$ENV{HARNESS_ACTIVE} || $ENV{HARNESS_VERBOSE})
+        );
+    }
+
+    $proxy->clear();
+
+    #Test 1: Client sends cert comp, but no client auth
+    $proxy->serverconnects(2);
+    $proxy->clear();
+    $proxy->serverflags("-no_tx_cert_comp -no_rx_cert_comp");
+    # One final skip check
+    $proxy_start_success = $proxy->start();
+    skip "TLSProxy did not start correctly", $testcount if $proxy_start_success == 0;
+    checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE,
+        checkhandshake::DEFAULT_EXTENSIONS
+            | checkhandshake::CERT_COMP_CLI_EXTENSION,
+        "Client supports certificate compression");
+
+    #Test 2: Server sends cert comp, no client auth
+    $proxy->clear();
+    $proxy->clientflags("-no_tx_cert_comp -no_rx_cert_comp");
+    $proxy->serverflags("-cert_comp");
+    $proxy->start();
+    checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE,
+        checkhandshake::DEFAULT_EXTENSIONS
+            | checkhandshake::CERT_COMP_SRV_EXTENSION,
+        "Server supports certificate compression, but no client auth");
+
+    #Test 3: Both send cert comp, no client auth
+    $proxy->clear();
+    $proxy->serverflags("-cert_comp");
+    $proxy->start();
+    checkhandshake($proxy, checkhandshake::CERT_COMP_SRV_HANDSHAKE,
+        checkhandshake::DEFAULT_EXTENSIONS
+            | checkhandshake::CERT_COMP_CLI_EXTENSION
+            | checkhandshake::CERT_COMP_SRV_EXTENSION,
+        "Both support certificate compression, but no client auth");
+
+    SKIP: {
+        skip "TLSProxy does not support partial messages for dtls", 2
+            if $run_test_as_dtls == 1;
+        #Test 4: Both send cert comp, with client auth
+        $proxy->clear();
+        $proxy->clientflags("-cert " . srctop_file("apps", "server.pem"));
+        $proxy->serverflags("-Verify 5 -cert_comp");
+        $proxy->start();
+        checkhandshake($proxy, checkhandshake::CERT_COMP_BOTH_HANDSHAKE,
+            checkhandshake::DEFAULT_EXTENSIONS
+                | checkhandshake::CERT_COMP_CLI_EXTENSION
+                | checkhandshake::CERT_COMP_SRV_EXTENSION,
+            "Both support certificate compression, with client auth");
+
+        #Test 5: Client-to-server-only certificate compression, with client auth
+        $proxy->clear();
+        $proxy->clientflags("-no_rx_cert_comp -cert " . srctop_file("apps", "server.pem"));
+        $proxy->serverflags("-no_tx_cert_comp -Verify 5 -cert_comp");
+        $proxy->start();
+        checkhandshake($proxy, checkhandshake::CERT_COMP_CLI_HANDSHAKE,
+            checkhandshake::DEFAULT_EXTENSIONS
+                | checkhandshake::CERT_COMP_SRV_EXTENSION,
+            "Client-to-server-only certificate compression, with client auth");
+    }
+
+    #Test 6: Server-to-client-only certificate compression
+    $proxy->clear();
+    $proxy->clientflags("-no_tx_cert_comp");
+    $proxy->serverflags("-no_rx_cert_comp -cert_comp");
+    $proxy->start();
+    checkhandshake($proxy, checkhandshake::CERT_COMP_SRV_HANDSHAKE,
+        checkhandshake::DEFAULT_EXTENSIONS
+            | checkhandshake::CERT_COMP_CLI_EXTENSION,
+        "Server-to-client-only certificate compression");
 
+    #Test 7: Neither side wants to send a compressed cert, but will accept one
+    $proxy->clear();
+    $proxy->clientflags("-no_tx_cert_comp");
+    $proxy->serverflags("-no_tx_cert_comp -cert_comp");
+    $proxy->start();
+    checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE,
+        checkhandshake::DEFAULT_EXTENSIONS
+            | checkhandshake::CERT_COMP_CLI_EXTENSION
+            | checkhandshake::CERT_COMP_SRV_EXTENSION,
+        "Accept but not send compressed certificates");
 
-#Test 1: Client sends cert comp, but no client auth
-$proxy->serverconnects(2);
-$proxy->clear();
-$proxy->serverflags("-no_tx_cert_comp -no_rx_cert_comp");
-# One final skip check
-$proxy->start() or plan skip_all => "Unable to start up Proxy for tests";
-plan tests => 8;
-checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE,
-               checkhandshake::DEFAULT_EXTENSIONS
-               | checkhandshake::CERT_COMP_CLI_EXTENSION,
-               "Client supports certificate compression");
-
-#Test 2: Server sends cert comp, no client auth
-$proxy->clear();
-$proxy->clientflags("-no_tx_cert_comp -no_rx_cert_comp");
-$proxy->serverflags("-cert_comp");
-$proxy->start();
-checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE,
-               checkhandshake::DEFAULT_EXTENSIONS
-               | checkhandshake::CERT_COMP_SRV_EXTENSION,
-               "Server supports certificate compression, but no client auth");
-
-#Test 3: Both send cert comp, no client auth
-$proxy->clear();
-$proxy->serverflags("-cert_comp");
-$proxy->start();
-checkhandshake($proxy, checkhandshake::CERT_COMP_SRV_HANDSHAKE,
-               checkhandshake::DEFAULT_EXTENSIONS
-               | checkhandshake::CERT_COMP_CLI_EXTENSION
-               | checkhandshake::CERT_COMP_SRV_EXTENSION,
-               "Both support certificate compression, but no client auth");
-
-#Test 4: Both send cert comp, with client auth
-$proxy->clear();
-$proxy->clientflags("-cert ".srctop_file("apps", "server.pem"));
-$proxy->serverflags("-Verify 5 -cert_comp");
-$proxy->start();
-checkhandshake($proxy, checkhandshake::CERT_COMP_BOTH_HANDSHAKE,
-               checkhandshake::DEFAULT_EXTENSIONS
-               | checkhandshake::CERT_COMP_CLI_EXTENSION
-               | checkhandshake::CERT_COMP_SRV_EXTENSION,
-               "Both support certificate compression, with client auth");
-
-#Test 5: Client-to-server-only certificate compression, with client auth
-$proxy->clear();
-$proxy->clientflags("-no_rx_cert_comp -cert ".srctop_file("apps", "server.pem"));
-$proxy->serverflags("-no_tx_cert_comp -Verify 5 -cert_comp");
-$proxy->start();
-checkhandshake($proxy, checkhandshake::CERT_COMP_CLI_HANDSHAKE,
-               checkhandshake::DEFAULT_EXTENSIONS
-               | checkhandshake::CERT_COMP_SRV_EXTENSION,
-               "Client-to-server-only certificate compression, with client auth");
-
-#Test 6: Server-to-client-only certificate compression
-$proxy->clear();
-$proxy->clientflags("-no_tx_cert_comp");
-$proxy->serverflags("-no_rx_cert_comp -cert_comp");
-$proxy->start();
-checkhandshake($proxy, checkhandshake::CERT_COMP_SRV_HANDSHAKE,
-               checkhandshake::DEFAULT_EXTENSIONS
-               | checkhandshake::CERT_COMP_CLI_EXTENSION,
-               "Server-to-client-only certificate compression");
-
-#Test 7: Neither side wants to send a compressed cert, but will accept one
-$proxy->clear();
-$proxy->clientflags("-no_tx_cert_comp");
-$proxy->serverflags("-no_tx_cert_comp -cert_comp");
-$proxy->start();
-checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE,
-               checkhandshake::DEFAULT_EXTENSIONS
-               | checkhandshake::CERT_COMP_CLI_EXTENSION
-               | checkhandshake::CERT_COMP_SRV_EXTENSION,
-               "Accept but not send compressed certificates");
-
-#Test 8: Neither side wants to receive a compressed cert, but will send one
-$proxy->clear();
-$proxy->clientflags("-no_rx_cert_comp");
-$proxy->serverflags("-no_rx_cert_comp -cert_comp");
-$proxy->start();
-checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE,
-               checkhandshake::DEFAULT_EXTENSIONS,
-               "Send but not accept compressed certificates");
+    #Test 8: Neither side wants to receive a compressed cert, but will send one
+    $proxy->clear();
+    $proxy->clientflags("-no_rx_cert_comp");
+    $proxy->serverflags("-no_rx_cert_comp -cert_comp");
+    $proxy->start();
+    checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE,
+        checkhandshake::DEFAULT_EXTENSIONS,
+        "Send but not accept compressed certificates");
+}
diff --git a/test/recipes/70-test_tls13cookie.t b/test/recipes/70-test_tls13cookie.t
index 6c1f0e86bf..1afd58c92c 100644
--- a/test/recipes/70-test_tls13cookie.t
+++ b/test/recipes/70-test_tls13cookie.t
@@ -23,7 +23,7 @@ plan skip_all => "$test_name needs the dynamic engine feature enabled"
 plan skip_all => "$test_name needs the sock feature enabled"
     if disabled("sock");
 
-plan skip_all => "$test_name needs EC and DH enabled"
+plan skip_all => "$test_name needs EC or DH enabled"
     if disabled("ec") && disabled("dh");
 
 my $testcount = 2;
diff --git a/test/recipes/70-test_tls13hrr.t b/test/recipes/70-test_tls13hrr.t
index 0c3bf39660..130f944669 100644
--- a/test/recipes/70-test_tls13hrr.t
+++ b/test/recipes/70-test_tls13hrr.t
@@ -24,7 +24,7 @@ plan skip_all => "$test_name needs the dynamic engine feature enabled"
 plan skip_all => "$test_name needs the sock feature enabled"
     if disabled("sock");
 
-plan skip_all => "$test_name needs elliptic curves and diffie-hellman enabled"
+plan skip_all => "$test_name needs elliptic curves or diffie-hellman enabled"
     if disabled("ec") && disabled("dh");
 
 my $testcount = 4;
diff --git a/test/recipes/70-test_tls13psk.t b/test/recipes/70-test_tls13psk.t
index e40cf3c678..b7f9a49847 100644
--- a/test/recipes/70-test_tls13psk.t
+++ b/test/recipes/70-test_tls13psk.t
@@ -24,7 +24,7 @@ plan skip_all => "$test_name needs the dynamic engine feature enabled"
 plan skip_all => "$test_name needs the sock feature enabled"
     if disabled("sock");
 
-plan skip_all => "$test_name needs elliptic curves and diffie-hellman enabled"
+plan skip_all => "$test_name needs elliptic curves or diffie-hellman enabled"
     if disabled("ec") && disabled("dh");
 
 my $testcount = 5;