diff --git a/tests/unit/s2n_client_hello_get_supported_groups_test.c b/tests/unit/s2n_client_hello_get_supported_groups_test.c index 60718319c2d..79324e75d29 100644 --- a/tests/unit/s2n_client_hello_get_supported_groups_test.c +++ b/tests/unit/s2n_client_hello_get_supported_groups_test.c @@ -48,7 +48,9 @@ int s2n_client_hello_check_received_supported_groups(struct s2n_connection *conn EXPECT_SUCCESS(s2n_client_hello_get_supported_groups(client_hello, supported_groups, &supported_groups_count, s2n_array_len(supported_groups))); + EXPECT_TRUE(supported_groups_count > 0); EXPECT_EQUAL(supported_groups_count, context->ecc_preferences->count); + for (size_t i = 0; i < supported_groups_count; i++) { const struct s2n_ecc_named_curve *curve = context->ecc_preferences->ecc_curves[i]; EXPECT_EQUAL(supported_groups[i], curve->iana_id); @@ -64,7 +66,6 @@ int main(int argc, char **argv) DEFER_CLEANUP(struct s2n_cert_chain_and_key *chain_and_key = NULL, s2n_cert_chain_and_key_ptr_free); EXPECT_SUCCESS(s2n_test_cert_chain_and_key_new(&chain_and_key, S2N_DEFAULT_TEST_CERT_CHAIN, S2N_DEFAULT_TEST_PRIVATE_KEY)); - /* Safety */ { struct s2n_client_hello client_hello = { 0 }; @@ -319,8 +320,30 @@ int main(int argc, char **argv) * This test also ensures that s2n_client_hello_get_supported_groups is usable from within the * client hello callback. */ - { + char *security_policies[] = {"20170210", "20190801", "20210816", "test_all"}; + for (size_t i = 0; i < s2n_array_len(security_policies); i++) { + DEFER_CLEANUP(struct s2n_config *config = s2n_config_new(), s2n_config_ptr_free); + EXPECT_NOT_NULL(config); + EXPECT_SUCCESS(s2n_config_add_cert_chain_and_key_to_store(config, chain_and_key)); + EXPECT_SUCCESS(s2n_config_set_verification_ca_location(config, S2N_DEFAULT_TEST_CERT_CHAIN, NULL)); + EXPECT_SUCCESS(s2n_config_set_cipher_preferences(config, security_policies[i])); + + DEFER_CLEANUP(struct s2n_connection *server_conn = s2n_connection_new(S2N_SERVER), s2n_connection_ptr_free); + EXPECT_NOT_NULL(server_conn); + EXPECT_SUCCESS(s2n_connection_set_config(server_conn, config)); + + DEFER_CLEANUP(struct s2n_connection *client_conn = s2n_connection_new(S2N_CLIENT), s2n_connection_ptr_free); + EXPECT_NOT_NULL(client_conn); + EXPECT_SUCCESS(s2n_connection_set_config(client_conn, config)); + EXPECT_SUCCESS(s2n_connection_set_blinding(client_conn, S2N_SELF_SERVICE_BLINDING)); + EXPECT_SUCCESS(s2n_set_server_name(client_conn, "s2nTestServer")); + + DEFER_CLEANUP(struct s2n_test_io_pair io_pair = { 0 }, s2n_io_pair_close); + EXPECT_SUCCESS(s2n_io_pair_init_non_blocking(&io_pair)); + EXPECT_SUCCESS(s2n_connection_set_io_pair(client_conn, &io_pair)); + EXPECT_SUCCESS(s2n_connection_set_io_pair(server_conn, &io_pair)); + EXPECT_SUCCESS(s2n_negotiate_test_server_and_client(server_conn, client_conn)); } END_TEST();