From: Matt Caswell <matt@openssl.org>
Date: Thu, 26 Jan 2023 18:23:32 +0000 (+0000)
Subject: Test that QUIC has the ciphersuites that we expect
X-Git-Tag: openssl-3.2.0-alpha1~1238
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=0c9646ec373e7f3f9b07f218a348ecb82219eaa7;p=thirdparty%2Fopenssl.git

Test that QUIC has the ciphersuites that we expect

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20148)
---

diff --git a/test/quicapitest.c b/test/quicapitest.c
index ce1ee1490c2..a550f636f1f 100644
--- a/test/quicapitest.c
+++ b/test/quicapitest.c
@@ -76,6 +76,55 @@ static int test_quic_write_read(void)
 }
 #endif
 
+/* Test that a vanilla QUIC SSL object has the expected ciphersuites available */
+static int test_ciphersuites(void)
+{
+    SSL_CTX *ctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method());
+    SSL *ssl;
+    int testresult = 0;
+    const STACK_OF(SSL_CIPHER) *ciphers = NULL;
+    const SSL_CIPHER *cipher;
+    /* We expect this exact list of ciphersuites by default */
+    int cipherids[] = {
+        TLS1_3_CK_AES_256_GCM_SHA384,
+#if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
+        TLS1_3_CK_CHACHA20_POLY1305_SHA256,
+#endif
+        TLS1_3_CK_AES_128_GCM_SHA256
+    };
+    size_t i, j;
+
+    if (!TEST_ptr(ctx))
+        return 0;
+
+    ssl = SSL_new(ctx);
+    if (!TEST_ptr(ssl))
+        goto err;
+
+    ciphers = SSL_get_ciphers(ssl);
+
+    for (i = 0, j = 0; i < OSSL_NELEM(cipherids); i++) {
+        if (cipherids[i] == TLS1_3_CK_CHACHA20_POLY1305_SHA256 && is_fips)
+            continue;
+        cipher = sk_SSL_CIPHER_value(ciphers, j++);
+        if (!TEST_ptr(cipher))
+            goto err;
+        if (!TEST_uint_eq(SSL_CIPHER_get_id(cipher), cipherids[i]))
+            goto err;
+    }
+
+    /* We should have checked all the ciphers in the stack */
+    if (!TEST_int_eq(sk_SSL_CIPHER_num(ciphers), j))
+        goto err;
+
+    testresult = 1;
+ err:
+    SSL_free(ssl);
+    SSL_CTX_free(ctx);
+
+    return testresult;
+}
+
 OPT_TEST_DECLARE_USAGE("provider config\n")
 
 int setup_tests(void)
@@ -125,6 +174,8 @@ int setup_tests(void)
 #if 0
     ADD_TEST(test_quic_write_read);
 #endif
+    ADD_TEST(test_ciphersuites);
+
     return 1;
 }