From d2ebec121b258e1cf622d5ea5052465d8cec1205 Mon Sep 17 00:00:00 2001 From: WillChilds-Klein Date: Fri, 29 Sep 2023 21:10:41 +0000 Subject: [PATCH] Fix s2n_security_policies_test --- ..._extensions_server_key_share_select_test.c | 2 +- tests/unit/s2n_security_policies_test.c | 21 ++++++++++++------- 2 files changed, 14 insertions(+), 9 deletions(-) diff --git a/tests/unit/s2n_extensions_server_key_share_select_test.c b/tests/unit/s2n_extensions_server_key_share_select_test.c index 661b805e48a..ee595ecfefd 100644 --- a/tests/unit/s2n_extensions_server_key_share_select_test.c +++ b/tests/unit/s2n_extensions_server_key_share_select_test.c @@ -28,7 +28,7 @@ int main() /* Need at least two KEM's available to test fallback */ if (s2n_kem_groups_available_count(&kem_preferences_all) < 2) { END_TEST(); - return; + return 0; } EXPECT_SUCCESS(s2n_enable_tls13_in_test()); diff --git a/tests/unit/s2n_security_policies_test.c b/tests/unit/s2n_security_policies_test.c index c7a51b8fb1f..d26c7f655c7 100644 --- a/tests/unit/s2n_security_policies_test.c +++ b/tests/unit/s2n_security_policies_test.c @@ -285,15 +285,18 @@ int main(int argc, char **argv) EXPECT_NOT_NULL(security_policy->kem_preferences->kems); EXPECT_EQUAL(&s2n_kyber_512_r3, security_policy->kem_preferences->kems[0]); EXPECT_EQUAL(security_policy->kem_preferences->tls13_kem_groups, pq_kem_groups_r3_2023_06); + /* All supported kem groups should be in the preference list, but not all of them may be supported. */ + EXPECT_EQUAL(6, security_policy->kem_preferences->tls13_kem_group_count); if (s2n_libcrypto_supports_kyber() && s2n_is_evp_apis_supported()) { - EXPECT_EQUAL(6, security_policy->kem_preferences->tls13_kem_group_count); + EXPECT_EQUAL(6, s2n_kem_groups_available_count(security_policy->kem_preferences)); } else if (s2n_libcrypto_supports_kyber() && !s2n_is_evp_apis_supported()) { - EXPECT_EQUAL(4, security_policy->kem_preferences->tls13_kem_group_count); + EXPECT_EQUAL(4, s2n_kem_groups_available_count(security_policy->kem_preferences)); } else if (!s2n_libcrypto_supports_kyber() && s2n_is_evp_apis_supported()) { - EXPECT_EQUAL(2, security_policy->kem_preferences->tls13_kem_group_count); + EXPECT_EQUAL(2, s2n_kem_groups_available_count(security_policy->kem_preferences)); } else { - EXPECT_EQUAL(1, security_policy->kem_preferences->tls13_kem_group_count); + EXPECT_EQUAL(1, s2n_kem_groups_available_count(security_policy->kem_preferences)); } + security_policy = NULL; EXPECT_SUCCESS(s2n_find_security_policy_from_version("KMS-TLS-1-0-2018-10", &security_policy)); EXPECT_TRUE(s2n_ecc_is_extension_required(security_policy)); @@ -489,14 +492,16 @@ int main(int argc, char **argv) EXPECT_NULL(security_policy->kem_preferences->kems); EXPECT_NOT_NULL(security_policy->kem_preferences->tls13_kem_groups); EXPECT_EQUAL(security_policy->kem_preferences->tls13_kem_groups, pq_kem_groups_r3_2023_06); + /* All supported kem groups should be in the preference list, but not all of them may be supported. */ + EXPECT_EQUAL(6, security_policy->kem_preferences->tls13_kem_group_count); if (s2n_libcrypto_supports_kyber() && s2n_is_evp_apis_supported()) { - EXPECT_EQUAL(6, security_policy->kem_preferences->tls13_kem_group_count); + EXPECT_EQUAL(6, s2n_kem_groups_available_count(security_policy->kem_preferences)); } else if (s2n_libcrypto_supports_kyber() && !s2n_is_evp_apis_supported()) { - EXPECT_EQUAL(4, security_policy->kem_preferences->tls13_kem_group_count); + EXPECT_EQUAL(4, s2n_kem_groups_available_count(security_policy->kem_preferences)); } else if (!s2n_libcrypto_supports_kyber() && s2n_is_evp_apis_supported()) { - EXPECT_EQUAL(2, security_policy->kem_preferences->tls13_kem_group_count); + EXPECT_EQUAL(2, s2n_kem_groups_available_count(security_policy->kem_preferences)); } else { - EXPECT_EQUAL(1, security_policy->kem_preferences->tls13_kem_group_count); + EXPECT_EQUAL(1, s2n_kem_groups_available_count(security_policy->kem_preferences)); } security_policy = NULL;