Add a test for using CCM ciphersuites with QUIC TLS API

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27091)

diff --git a/test/sslapitest.c b/test/sslapitest.c
index caff458985e746e515aa0f297c7892b5d8aba49a..413e3181ba4369c2fa65a9e030d8f7e6b9a6a0e9 100644 (file)
--- a/test/sslapitest.c
+++ b/test/sslapitest.c
@@ -12755,6 +12755,7 @@ static int alert_cb(SSL *s, unsigned char alert_code, void *arg)
  * Test the QUIC TLS API
  * Test 0: Normal run
  * Test 1: Force a failure
+ * Test 3: Use a CCM based ciphersuite
  */
 static int test_quic_tls(int idx)
 {
@@ -12803,6 +12804,12 @@ static int test_quic_tls(int idx)
     SSL_set_bio(serverssl, NULL, NULL);
     SSL_set_bio(clientssl, NULL, NULL);
 
+    if (idx == 2) {
+        if (!TEST_true(SSL_set_ciphersuites(serverssl, "TLS_AES_128_CCM_SHA256"))
+                || !TEST_true(SSL_set_ciphersuites(clientssl, "TLS_AES_128_CCM_SHA256")))
+            goto end;
+    }
+
     if (!TEST_true(SSL_set_app_data(clientssl, &clientquicdata))
             || !TEST_true(SSL_set_app_data(serverssl, &serverquicdata)))
         goto end;
@@ -12815,7 +12822,7 @@ static int test_quic_tls(int idx)
                                                             sizeof(sparams))))
         goto end;
 
-    if (idx == 0) {
+    if (idx != 1) {
         if (!TEST_true(create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE)))
             goto end;
     } else {
@@ -13352,7 +13359,7 @@ int setup_tests(void)
 #endif
     ADD_ALL_TESTS(test_alpn, 4);
 #if !defined(OSSL_NO_USABLE_TLS1_3)
-    ADD_ALL_TESTS(test_quic_tls, 2);
+    ADD_ALL_TESTS(test_quic_tls, 3);
     ADD_TEST(test_quic_tls_early_data);
 #endif
     return 1;