Addressing last commented out SSLAPITests for DTLS1.3

The Authentication and Integrity only ciphers and when DTLS1.3
payload padding have been enabled with this change.

The tls13_add_record_padding function was updated to make sure
there is always 16 bytes of encrypted data.

If authentication and integrity only cipher is used the code
was updated to not call Sequence Number encrypt.

Fixes: openssl/project#1700
Fixes: openssl/project#1702

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Frederik Wedel-Heinen <fwh.openssl@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
MergeDate: Thu Jan  8 10:01:39 2026
(Merged from https://github.com/openssl/openssl/pull/29448)

ssl/record/methods/dtls_meth.c

@@ -662,13 +662,14 @@ again:
      */
     if (DTLS13_UNI_HDR_FIX_BITS_IS_SET(rr->type)
         && rl->version == DTLS1_3_VERSION
-        && rl->sn_enc_ctx != NULL
         && ((rl->packet_length < rechdrlen + DTLS13_CIPHERTEXT_MINSIZE)
-            || !dtls_crypt_sequence_number(rl->sn_enc_ctx,
-                recseqnum + recseqnumoffs,
-                recseqnumlen,
-                rl->packet + rechdrlen,
-                rl->sn_enc_offs))) {
+            || (rl->sn_enc_ctx == NULL && rl->mac_ctx == NULL)
+            || (rl->sn_enc_ctx != NULL
+                && !dtls_crypt_sequence_number(rl->sn_enc_ctx,
+                    recseqnum + recseqnumoffs,
+                    recseqnumlen,
+                    rl->packet + rechdrlen,
+                    rl->sn_enc_offs)))) {
         /* sequence number encryption failed dump record */
         rr->length = 0;
         rl->packet_length = 0;

ssl/record/methods/tls13_meth.c

@@ -391,6 +391,9 @@ static int tls13_add_record_padding(OSSL_RECORD_LAYER *rl,
 {
     size_t rlen;
     size_t max_frag_len = rl->max_frag_len;
+    int isdtls = rl->isdtls;
+    size_t mac_size = 0;
+    size_t taglen = rl->taglen;
 
     /* Nothing to be done in the case of a plaintext alert */
     if (rl->allow_plain_alerts && thistempl->type != SSL3_RT_ALERT)
@@ -457,6 +460,19 @@ static int tls13_add_record_padding(OSSL_RECORD_LAYER *rl,
                     padding = bp - remainder;
             }
         }
+
+        /*
+         * DTLS1.3 RFC 9147 Section 4.2.3 says records should be padded
+         * if the ciphertext is less than 16 bytes.
+         */
+        if (isdtls) {
+            if (rl->mac_ctx != NULL)
+                mac_size = EVP_MAC_CTX_get_mac_size(rl->mac_ctx);
+
+            if (padding + rlen + taglen + mac_size < DTLS13_CIPHERTEXT_MINSIZE)
+                padding += DTLS13_CIPHERTEXT_MINSIZE - (padding + rlen + taglen + mac_size);
+        }
+
         if (padding > 0) {
             /* do not allow the record to exceed max plaintext length */
             if (padding > max_padding)

ssl/record/methods/tls_common.c

@@ -1746,9 +1746,10 @@ int tls_post_encryption_processing_default(OSSL_RECORD_LAYER *rl,
         size_t seqnumlen = DTLS13_UNI_HDR_SEQ_BIT_IS_SET(*recordstart) ? 2 : 1;
 
         if (!ossl_assert(DTLS13_UNI_HDR_SEQ_OFF + seqnumlen <= rechdrlen)
-            || !dtls_crypt_sequence_number(rl->sn_enc_ctx, recordstart + DTLS13_UNI_HDR_SEQ_OFF,
-                seqnumlen, recordstart + rechdrlen,
-                rl->sn_enc_offs)) {
+            || (rl->sn_enc_ctx != NULL
+                && !dtls_crypt_sequence_number(rl->sn_enc_ctx, recordstart + DTLS13_UNI_HDR_SEQ_OFF,
+                    seqnumlen, recordstart + rechdrlen,
+                    rl->sn_enc_offs))) {
             RLAYERfatal(rl, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
             return 0;
         }

ssl/ssl_ciph.c

@@ -490,6 +490,7 @@ int ssl_cipher_get_evp_cipher_sn(SSL_CTX *ctx, const SSL_CIPHER *sslc,
 
     if (i == -1) {
         *enc = NULL;
+        *inputoffs = 0;
     } else {
         if (i == SSL_ENC_NULL_IDX) {
             /*

ssl/tls13_enc.c

@@ -373,7 +373,7 @@ int tls13_setup_key_block(SSL_CONNECTION *s)
 {
     const EVP_CIPHER *c;
     const EVP_CIPHER *snc = NULL, **p_snc = SSL_CONNECTION_IS_DTLS(s) ? &snc : NULL;
-    size_t snoffs;
+    size_t snoffs = 0;
     const EVP_MD *hash;
     int mac_type = NID_undef;
     size_t mac_secret_size = 0;

test/sslapitest.c

@@ -4851,17 +4851,6 @@ static int test_early_data_skip(int idx)
 
     if (testdtls) {
         idx -= OSSL_NELEM(ciphersuites) * 3;
-        if (idx % OSSL_NELEM(ciphersuites) == 0 || idx % OSSL_NELEM(ciphersuites) == 5
-            || idx % OSSL_NELEM(ciphersuites) == 6) {
-            /*
-             * TODO(DTLSv1.3): testing with DTLS fails for DTLS1.3 Padding
-             * needs to be implemented https://github.com/openssl/project/issues/1700
-             *
-             * TODO(DTLSv1.3): Testing DTLS1.3 with Integrity only ciphersuits fails
-             * https://github.com/openssl/project/issues/1702
-             */
-            return TEST_skip("Tests fails with DTLS1.3 for ciphers are not supported");
-        }
 #if defined(OSSL_NO_USABLE_DTLS1_3)
         return TEST_skip("No usable DTLSv1.3");
 #endif
@@ -4886,17 +4875,6 @@ static int test_early_data_skip_hrr(int idx)
 
     if (testdtls) {
         idx -= OSSL_NELEM(ciphersuites) * 3;
-        if (idx % OSSL_NELEM(ciphersuites) == 0 || idx % OSSL_NELEM(ciphersuites) == 5
-            || idx % OSSL_NELEM(ciphersuites) == 6) {
-            /*
-             * TODO(DTLSv1.3): testing with DTLS fails for DTLS1.3 Padding
-             * needs to be implemented https://github.com/openssl/project/issues/1700
-             *
-             * TODO(DTLSv1.3): Testing DTLS1.3 with Integrity only ciphersuits fails
-             * https://github.com/openssl/project/issues/1702
-             */
-            return TEST_skip("Tests fails with DTLS1.3 for ciphers are not supported");
-        }
 #if defined(OSSL_NO_USABLE_DTLS1_3)
         return TEST_skip("No usable DTLSv1.3");
 #endif
@@ -4922,17 +4900,6 @@ static int test_early_data_skip_hrr_fail(int idx)
 
     if (testdtls) {
         idx -= OSSL_NELEM(ciphersuites) * 3;
-        if (idx % OSSL_NELEM(ciphersuites) == 0 || idx % OSSL_NELEM(ciphersuites) == 5
-            || idx % OSSL_NELEM(ciphersuites) == 6) {
-            /*
-             * TODO(DTLSv1.3): testing with DTLS fails for DTLS1.3 Padding
-             * needs to be implemented https://github.com/openssl/project/issues/1700
-             *
-             * TODO(DTLSv1.3): Testing DTLS1.3 with Integrity only ciphersuits fails
-             * https://github.com/openssl/project/issues/1702
-             */
-            return TEST_skip("Tests fails with DTLS1.3 for ciphers are not supported");
-        }
 #if defined(OSSL_NO_USABLE_DTLS1_3)
         return TEST_skip("No usable DTLSv1.3");
 #endif
@@ -4957,17 +4924,6 @@ static int test_early_data_skip_abort(int idx)
 
     if (testdtls) {
         idx -= OSSL_NELEM(ciphersuites) * 3;
-        if (idx % OSSL_NELEM(ciphersuites) == 0 || idx % OSSL_NELEM(ciphersuites) == 5
-            || idx % OSSL_NELEM(ciphersuites) == 6) {
-            /*
-             * TODO(DTLSv1.3): testing with DTLS fails for DTLS1.3 Padding
-             * needs to be implemented https://github.com/openssl/project/issues/1700
-             *
-             * TODO(DTLSv1.3): Testing DTLS1.3 with Integrity only ciphersuits fails
-             * https://github.com/openssl/project/issues/1702
-             */
-            return TEST_skip("Tests fails with DTLS1.3 for ciphers are not supported");
-        }
 #if defined(OSSL_NO_USABLE_DTLS1_3)
         return TEST_skip("No usable DTLSv1.3");
 #endif
@@ -5370,15 +5326,6 @@ static int test_early_data_psk_with_all_ciphers(int idx)
 
     if (testdtls) {
         idx -= 7;
-        /*
-         * TODO(DTLSv1.3): testing with DTLS fails for DTLS1.3 Padding
-         * needs to be implemented https://github.com/openssl/project/issues/1700
-         *
-         * TODO(DTLSv1.3): Testing DTLS1.3 with Integrity only ciphersuits fails
-         * https://github.com/openssl/project/issues/1702
-         */
-        if (idx >= 3)
-            return TEST_skip("Tests fails with DTLS1.3 for ciphers are not supported");
 #if defined(OSSL_NO_USABLE_DTLS1_3)
         testresult = TEST_skip("No usable DTLSv1.3");
         goto end;
@@ -8470,7 +8417,7 @@ static int test_key_update_local_in_write(int idx)
     tmp = NULL;
 
     /*
-     * For DTLS1.3 the key udpate will succeed for it would
+     * For DTLS1.3 the key update will succeed for it would
      * have just dropped the packet above
      */
     if (!testdtls)
@@ -8548,7 +8495,9 @@ end:
 
     return testresult;
 }
+#endif /* OSSL_NO_USABLE_TLS1_3 | OSSL_NO_USABLE_DTLS1_3 */
 
+#if !defined(OSSL_NO_USABLE_TLS1_3)
 /*
  * Test we can handle a KeyUpdate (update requested) message while
  * local read data is pending(the msg header had been read 5 bytes).
@@ -13005,7 +12954,7 @@ end:
 #endif
 }
 
-#if !defined(OSSL_NO_USABLE_TLS1_3) || !defined(OSSL_NO_USABLE_DTLS1_3)
+#if !defined(OSSL_NO_USABLE_TLS1_3)
 /*
  * Test that read_ahead works across a key change
  * Test 0: Test with TLS
@@ -13073,7 +13022,9 @@ end:
     SSL_CTX_free(cctx);
     return testresult;
 }
+#endif
 
+#if !defined(OSSL_NO_USABLE_TLS1_3) || !defined(OSSL_NO_USABLE_DTLS1_3)
 static size_t record_pad_cb(SSL *s, int type, size_t len, void *arg)
 {
     int *called = arg;
@@ -15207,6 +15158,8 @@ int setup_tests(void)
     ADD_ALL_TESTS(test_key_update_peer_in_write, 4);
     ADD_ALL_TESTS(test_key_update_peer_in_read, 4);
     ADD_ALL_TESTS(test_key_update_local_in_write, 4);
+#endif
+#if !defined(OSSL_NO_USABLE_TLS1_3)
     ADD_ALL_TESTS(test_key_update_local_in_read, 2);
 #endif
     ADD_ALL_TESTS(test_ssl_clear, 8);
@@ -15272,9 +15225,11 @@ int setup_tests(void)
 #endif
     ADD_TEST(test_load_dhfile);
 #if !defined(OSSL_NO_USABLE_TLS1_3) || !defined(OSSL_NO_USABLE_DTLS1_3)
-    ADD_TEST(test_read_ahead_key_change);
     ADD_ALL_TESTS(test_tls13_record_padding, 12);
 #endif
+#if !defined(OSSL_NO_USABLE_TLS1_3)
+    ADD_TEST(test_read_ahead_key_change);
+#endif
 #if (!defined(OPENSSL_NO_TLS1_2) && !defined(OSSL_NO_USABLE_TLS1_3)) \
     || (!defined(OPENSSL_NO_DTLS1_2) && !defined(OSSL_NO_USABLE_DTLS1_3))
     ADD_ALL_TESTS(test_serverinfo_custom, 8);