From 366b2643cb6f63c9e73b95c22b979c77e93625ec Mon Sep 17 00:00:00 2001
From: Matt Caswell <matt@openssl.org>
Date: Tue, 18 Mar 2025 14:36:14 +0000
Subject: [PATCH] Add a test for using CCM ciphersuites with QUIC TLS API

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27091)
---
 test/sslapitest.c | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/test/sslapitest.c b/test/sslapitest.c
index caff458985e..413e3181ba4 100644
--- a/test/sslapitest.c
+++ b/test/sslapitest.c
@@ -12755,6 +12755,7 @@ static int alert_cb(SSL *s, unsigned char alert_code, void *arg)
  * Test the QUIC TLS API
  * Test 0: Normal run
  * Test 1: Force a failure
+ * Test 3: Use a CCM based ciphersuite
  */
 static int test_quic_tls(int idx)
 {
@@ -12803,6 +12804,12 @@ static int test_quic_tls(int idx)
     SSL_set_bio(serverssl, NULL, NULL);
     SSL_set_bio(clientssl, NULL, NULL);
 
+    if (idx == 2) {
+        if (!TEST_true(SSL_set_ciphersuites(serverssl, "TLS_AES_128_CCM_SHA256"))
+                || !TEST_true(SSL_set_ciphersuites(clientssl, "TLS_AES_128_CCM_SHA256")))
+            goto end;
+    }
+
     if (!TEST_true(SSL_set_app_data(clientssl, &clientquicdata))
             || !TEST_true(SSL_set_app_data(serverssl, &serverquicdata)))
         goto end;
@@ -12815,7 +12822,7 @@ static int test_quic_tls(int idx)
                                                             sizeof(sparams))))
         goto end;
 
-    if (idx == 0) {
+    if (idx != 1) {
         if (!TEST_true(create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE)))
             goto end;
     } else {
@@ -13352,7 +13359,7 @@ int setup_tests(void)
 #endif
     ADD_ALL_TESTS(test_alpn, 4);
 #if !defined(OSSL_NO_USABLE_TLS1_3)
-    ADD_ALL_TESTS(test_quic_tls, 2);
+    ADD_ALL_TESTS(test_quic_tls, 3);
     ADD_TEST(test_quic_tls_early_data);
 #endif
     return 1;
-- 
2.47.2