From be1e48a7e563efc767118e60d1744afd5b10df0e Mon Sep 17 00:00:00 2001
From: jordan <jordan@wolfssl.com>
Date: Tue, 17 Dec 2024 16:38:19 -0600
Subject: [PATCH] tests: make crypto_policy_ciphers more flexible.

---
 tests/api.c | 41 +++++++++++++++++++++++++++--------------
 1 file changed, 27 insertions(+), 14 deletions(-)

diff --git a/tests/api.c b/tests/api.c
index 64946b92fc..a11ab6416d 100644
--- a/tests/api.c
+++ b/tests/api.c
@@ -92463,7 +92463,7 @@ static int test_wolfSSL_crypto_policy_tls_methods(void)
  * */
 static int crypto_policy_cipher_found(const WOLFSSL * ssl,
                                       const char *    cipher,
-                                      int             full_match)
+                                      int             match)
 {
     WOLF_STACK_OF(WOLFSSL_CIPHER) * sk = NULL;
     WOLFSSL_CIPHER *                current = NULL;
@@ -92486,21 +92486,24 @@ static int crypto_policy_cipher_found(const WOLFSSL * ssl,
         if (current) {
             suite = wolfSSL_CIPHER_get_name(current);
             if (suite) {
-                if (full_match == 2) {
-                    /* literal match */
-                    if (XSTRLEN(suite) == XSTRLEN(cipher) &&
-                        XMEMCMP(suite, cipher, XSTRLEN(cipher)) == 0) {
-                        found = 1;
-                        break;
-                    }
-                }
-                else if (full_match == 1) {
+                if (match == 1) {
                     /* prefix match */
                     if (XSTRNCMP(suite, cipher, XSTRLEN(cipher)) == 0) {
                         found = 1;
                         break;
                     }
                 }
+                else if (match == -1) {
+                    /* postfix match */
+                    if (XSTRLEN(suite) > XSTRLEN(cipher)) {
+                        const char * postfix = suite + XSTRLEN(suite)
+                                               - XSTRLEN(cipher);
+                        if (XSTRNCMP(postfix, cipher, XSTRLEN(cipher)) == 0) {
+                            found = 1;
+                            break;
+                        }
+                    }
+                }
                 else {
                     /* needle in haystack match */
                     if (XSTRSTR(suite, cipher)) {
@@ -92565,17 +92568,27 @@ static int test_wolfSSL_crypto_policy_ciphers(void)
         found = crypto_policy_cipher_found(ssl, "RC4", 0);
         ExpectIntEQ(found, is_legacy);
 
-        found = crypto_policy_cipher_found(ssl, "AES128", 0);
+        /* We return a different cipher string depending on build settings. */
+        #if !defined(WOLFSSL_CIPHER_INTERNALNAME) && \
+        !defined(NO_ERROR_STRINGS) && !defined(WOLFSSL_QT)
+        found = crypto_policy_cipher_found(ssl, "AES_128", 0);
         ExpectIntEQ(found, !is_future);
 
-        found = crypto_policy_cipher_found(ssl, "DHE-RSA-AES", 1);
+        found = crypto_policy_cipher_found(ssl, "TLS_DHE_RSA_WITH_AES", 1);
+        ExpectIntEQ(found, !is_future);
+
+        found = crypto_policy_cipher_found(ssl, "_SHA", -1);
+        ExpectIntEQ(found, !is_future);
+        #else
+        found = crypto_policy_cipher_found(ssl, "AES128", 0);
         ExpectIntEQ(found, !is_future);
 
-        found = crypto_policy_cipher_found(ssl, "ECDHE-ECDSA-AES256-SHA", 2);
+        found = crypto_policy_cipher_found(ssl, "DHE-RSA-AES", 1);
         ExpectIntEQ(found, !is_future);
 
-        found = crypto_policy_cipher_found(ssl, "ECDHE-RSA-AES256-SHA", 2);
+        found = crypto_policy_cipher_found(ssl, "-SHA", -1);
         ExpectIntEQ(found, !is_future);
+        #endif
 
         if (ssl != NULL) {
             SSL_free(ssl);