cleanup test

goatgoose · Sep 20, 2023 · 1339702 · 1339702
1 parent 08c552d
commit 1339702
Showing 1 changed file with 11 additions and 9 deletions.
diff --git a/tests/unit/s2n_client_hello_get_supported_groups_test.c b/tests/unit/s2n_client_hello_get_supported_groups_test.c
@@ -30,6 +30,7 @@
 #define TEST_SUPPORTED_GROUPS_EXTENSION_SIZE (2 + TEST_SUPPORTED_GROUPS_LIST_SIZE)
 
 struct s2n_client_hello_context {
+    const struct s2n_security_policy *client_security_policy;
     unsigned client_supports_pq : 1;
     int invoked_count;
 };
@@ -55,9 +56,8 @@ int s2n_check_received_supported_groups_cb(struct s2n_connection *conn, void *ct
     uint16_t supported_groups_count = 0;
     EXPECT_SUCCESS(s2n_client_hello_get_supported_groups(client_hello, supported_groups,
             &supported_groups_count, s2n_array_len(supported_groups)));
-    EXPECT_TRUE(supported_groups_count > 0);
 
-    const struct s2n_security_policy *security_policy = conn->config->security_policy;
+    const struct s2n_security_policy *security_policy = context->client_security_policy;
     uint16_t expected_groups_count = security_policy->ecc_preferences->count;
     if (context->client_supports_pq) {
         expected_groups_count += security_policy->kem_preferences->tls13_kem_group_count;
@@ -350,28 +350,27 @@ int main(int argc, char **argv)
      * client hello callback.
      */
     for (size_t policy_index = 0; security_policy_selection[policy_index].version != NULL; policy_index++) {
-        const struct s2n_security_policy *security_policy = security_policy_selection[policy_index].security_policy;
-        if (security_policy->cipher_preferences == &cipher_preferences_null) {
+        /* Skip the null policy */
+        if (security_policy_selection[policy_index].security_policy->cipher_preferences == &cipher_preferences_null) {
             continue;
         }
 
         const char* version = security_policy_selection[policy_index].version;
-        printf("%s\n", version);
 
         DEFER_CLEANUP(struct s2n_config *client_config = s2n_config_new(), s2n_config_ptr_free);
+        EXPECT_NOT_NULL(client_config);
         EXPECT_SUCCESS(s2n_config_set_unsafe_for_testing(client_config));
         EXPECT_SUCCESS(s2n_config_set_cipher_preferences(client_config, version));
-        EXPECT_SUCCESS(s2n_config_set_verification_ca_location(client_config, S2N_DEFAULT_TEST_CERT_CHAIN, NULL));
-        EXPECT_SUCCESS(s2n_config_set_verification_ca_location(client_config, S2N_DEFAULT_ECDSA_TEST_CERT_CHAIN, NULL));
 
         DEFER_CLEANUP(struct s2n_config *server_config = s2n_config_new(), s2n_config_ptr_free);
         EXPECT_NOT_NULL(server_config);
+        EXPECT_SUCCESS(s2n_config_set_unsafe_for_testing(server_config));
+        EXPECT_SUCCESS(s2n_config_set_cipher_preferences(server_config, version));
         EXPECT_SUCCESS(s2n_config_add_cert_chain_and_key_to_store(server_config, chain_and_key));
         EXPECT_SUCCESS(s2n_config_add_cert_chain_and_key_to_store(server_config, ecdsa_chain_and_key));
-        EXPECT_SUCCESS(s2n_config_set_cipher_preferences(server_config, version));
-        EXPECT_SUCCESS(s2n_config_set_unsafe_for_testing(server_config));
 
         struct s2n_client_hello_context context = {
+            .client_security_policy = client_config->security_policy,
             .client_supports_pq = false,
             .invoked_count = 0,
         };
@@ -394,6 +393,9 @@ int main(int argc, char **argv)
         s2n_blocked_status blocked = S2N_NOT_BLOCKED;
         EXPECT_OK(s2n_negotiate_until_message(client_conn, &blocked, SERVER_HELLO));
 
+        /* PQ kem groups are only sent in the supported groups extension if the client supports
+         * TLS 1.3 and PQ is enabled.
+         */
         if (s2n_connection_get_protocol_version(client_conn) >= S2N_TLS13 && s2n_pq_is_enabled()) {
             context.client_supports_pq = true;
         }