tests: make crypto_policy_ciphers more flexible.

wolfSSL · Dec 17, 2024 · be1e48a · be1e48a
1 parent 0f32e56
commit be1e48a
Showing 1 changed file with 27 additions and 14 deletions.
diff --git a/tests/api.c b/tests/api.c
@@ -92463,7 +92463,7 @@ static int test_wolfSSL_crypto_policy_tls_methods(void)
  * */
 static int crypto_policy_cipher_found(const WOLFSSL * ssl,
                                       const char *    cipher,
-                                      int             full_match)
+                                      int             match)
 {
     WOLF_STACK_OF(WOLFSSL_CIPHER) * sk = NULL;
     WOLFSSL_CIPHER *                current = NULL;
@@ -92486,21 +92486,24 @@ static int crypto_policy_cipher_found(const WOLFSSL * ssl,
         if (current) {
             suite = wolfSSL_CIPHER_get_name(current);
             if (suite) {
-                if (full_match == 2) {
-                    /* literal match */
-                    if (XSTRLEN(suite) == XSTRLEN(cipher) &&
-                        XMEMCMP(suite, cipher, XSTRLEN(cipher)) == 0) {
-                        found = 1;
-                        break;
-                    }
-                }
-                else if (full_match == 1) {
+                if (match == 1) {
                     /* prefix match */
                     if (XSTRNCMP(suite, cipher, XSTRLEN(cipher)) == 0) {
                         found = 1;
                         break;
                     }
                 }
+                else if (match == -1) {
+                    /* postfix match */
+                    if (XSTRLEN(suite) > XSTRLEN(cipher)) {
+                        const char * postfix = suite + XSTRLEN(suite)
+                                               - XSTRLEN(cipher);
+                        if (XSTRNCMP(postfix, cipher, XSTRLEN(cipher)) == 0) {
+                            found = 1;
+                            break;
+                        }
+                    }
+                }
                 else {
                     /* needle in haystack match */
                     if (XSTRSTR(suite, cipher)) {
@@ -92565,17 +92568,27 @@ static int test_wolfSSL_crypto_policy_ciphers(void)
         found = crypto_policy_cipher_found(ssl, "RC4", 0);
         ExpectIntEQ(found, is_legacy);
 
-        found = crypto_policy_cipher_found(ssl, "AES128", 0);
+        /* We return a different cipher string depending on build settings. */
+        #if !defined(WOLFSSL_CIPHER_INTERNALNAME) && \
+        !defined(NO_ERROR_STRINGS) && !defined(WOLFSSL_QT)
+        found = crypto_policy_cipher_found(ssl, "AES_128", 0);
         ExpectIntEQ(found, !is_future);
 
-        found = crypto_policy_cipher_found(ssl, "DHE-RSA-AES", 1);
+        found = crypto_policy_cipher_found(ssl, "TLS_DHE_RSA_WITH_AES", 1);
+        ExpectIntEQ(found, !is_future);
+
+        found = crypto_policy_cipher_found(ssl, "_SHA", -1);
+        ExpectIntEQ(found, !is_future);
+        #else
+        found = crypto_policy_cipher_found(ssl, "AES128", 0);
         ExpectIntEQ(found, !is_future);
 
-        found = crypto_policy_cipher_found(ssl, "ECDHE-ECDSA-AES256-SHA", 2);
+        found = crypto_policy_cipher_found(ssl, "DHE-RSA-AES", 1);
         ExpectIntEQ(found, !is_future);
 
-        found = crypto_policy_cipher_found(ssl, "ECDHE-RSA-AES256-SHA", 2);
+        found = crypto_policy_cipher_found(ssl, "-SHA", -1);
         ExpectIntEQ(found, !is_future);
+        #endif
 
         if (ssl != NULL) {
             SSL_free(ssl);