fix tests

aws · Sep 18, 2024 · 88e358a · 88e358a
1 parent a88d834
commit 88e358a
Show file tree

Hide file tree

Showing 135 changed files with 656 additions and 0 deletions.
diff --git a/tests/unit/s2n_alerts_protocol_test.c b/tests/unit/s2n_alerts_protocol_test.c
@@ -102,12 +102,14 @@ int main(int argc, char **argv)
 
     DEFER_CLEANUP(struct s2n_config *config = s2n_config_new(),
             s2n_config_ptr_free);
+    EXPECT_SUCCESS(s2n_config_set_cipher_preferences(config, s2n_auto_gen_old_default_security_policy()));
     EXPECT_SUCCESS(s2n_config_set_unsafe_for_testing(config));
     EXPECT_SUCCESS(s2n_config_set_cipher_preferences(config, "default_tls13"));
     EXPECT_SUCCESS(s2n_config_add_cert_chain_and_key_to_store(config, chain_and_key));
 
     DEFER_CLEANUP(struct s2n_config *ecdsa_config = s2n_config_new(),
             s2n_config_ptr_free);
+    EXPECT_SUCCESS(s2n_config_set_cipher_preferences(ecdsa_config, s2n_auto_gen_old_default_security_policy()));
     EXPECT_SUCCESS(s2n_config_set_unsafe_for_testing(ecdsa_config));
     EXPECT_SUCCESS(s2n_config_add_cert_chain_and_key_to_store(ecdsa_config, ecdsa_chain_and_key));
 
@@ -206,10 +208,12 @@ int main(int argc, char **argv)
 
         DEFER_CLEANUP(struct s2n_config *bad_cb_config = s2n_config_new(),
                 s2n_config_ptr_free);
+        EXPECT_SUCCESS(s2n_config_set_cipher_preferences(bad_cb_config, s2n_auto_gen_old_default_security_policy()));
         EXPECT_SUCCESS(s2n_config_set_client_hello_cb(bad_cb_config, s2n_test_ch_cb, NULL));
 
         DEFER_CLEANUP(struct s2n_config *untrusted_config = s2n_config_new(),
                 s2n_config_ptr_free);
+        EXPECT_SUCCESS(s2n_config_set_cipher_preferences(untrusted_config, s2n_auto_gen_old_default_security_policy()));
 
         for (size_t i = 0; i < s2n_array_len(test_errors); i++) {
             DEFER_CLEANUP(struct s2n_connection *server = s2n_connection_new(S2N_SERVER),

diff --git a/tests/unit/s2n_alerts_test.c b/tests/unit/s2n_alerts_test.c
@@ -147,6 +147,7 @@ int main(int argc, char **argv)
         if (s2n_is_tls13_fully_supported()) {
             struct s2n_config *config = NULL;
             EXPECT_NOT_NULL(config = s2n_config_new());
+            EXPECT_SUCCESS(s2n_config_set_cipher_preferences(config, s2n_auto_gen_old_default_security_policy()));
 
             struct s2n_connection *conn = NULL;
             EXPECT_NOT_NULL(conn = s2n_connection_new(S2N_CLIENT));
@@ -214,6 +215,7 @@ int main(int argc, char **argv)
             {
                 struct s2n_config *config = NULL;
                 EXPECT_NOT_NULL(config = s2n_config_new());
+                EXPECT_SUCCESS(s2n_config_set_cipher_preferences(config, s2n_auto_gen_old_default_security_policy()));
                 EXPECT_SUCCESS(s2n_config_set_alert_behavior(config, S2N_ALERT_IGNORE_WARNINGS));
 
                 struct s2n_connection *conn = NULL;
@@ -234,6 +236,7 @@ int main(int argc, char **argv)
             {
                 struct s2n_config *config = NULL;
                 EXPECT_NOT_NULL(config = s2n_config_new());
+                EXPECT_SUCCESS(s2n_config_set_cipher_preferences(config, s2n_auto_gen_old_default_security_policy()));
                 EXPECT_SUCCESS(s2n_config_set_alert_behavior(config, S2N_ALERT_IGNORE_WARNINGS));
 
                 struct s2n_connection *conn = NULL;
@@ -254,6 +257,7 @@ int main(int argc, char **argv)
             {
                 struct s2n_config *config = NULL;
                 EXPECT_NOT_NULL(config = s2n_config_new());
+                EXPECT_SUCCESS(s2n_config_set_cipher_preferences(config, s2n_auto_gen_old_default_security_policy()));
 
                 struct s2n_connection *conn = NULL;
                 EXPECT_NOT_NULL(conn = s2n_connection_new(S2N_CLIENT));

diff --git a/tests/unit/s2n_async_pkey_test.c b/tests/unit/s2n_async_pkey_test.c
@@ -405,12 +405,14 @@ int main(int argc, char **argv)
         {
             struct s2n_config *server_config = NULL, *client_config = NULL;
             EXPECT_NOT_NULL(server_config = s2n_config_new());
+            EXPECT_SUCCESS(s2n_config_set_cipher_preferences(server_config, s2n_auto_gen_old_default_security_policy()));
             EXPECT_SUCCESS(s2n_config_add_cert_chain_and_key_to_store(server_config, chain_and_key));
             EXPECT_SUCCESS(s2n_config_add_dhparams(server_config, dhparams_pem));
             EXPECT_SUCCESS(s2n_config_set_async_pkey_callback(server_config, async_pkey_apply_in_callback));
             server_config->security_policy = &server_security_policy;
 
             EXPECT_NOT_NULL(client_config = s2n_config_new());
+            EXPECT_SUCCESS(s2n_config_set_cipher_preferences(client_config, s2n_auto_gen_old_default_security_policy()));
             EXPECT_SUCCESS(s2n_config_set_unsafe_for_testing(client_config));
             /* Security policy must support all cipher suites in test_cipher_suites above */
             EXPECT_SUCCESS(s2n_config_set_cipher_preferences(client_config, "test_all"));
@@ -446,12 +448,14 @@ int main(int argc, char **argv)
         {
             struct s2n_config *server_config = NULL, *client_config = NULL;
             EXPECT_NOT_NULL(server_config = s2n_config_new());
+            EXPECT_SUCCESS(s2n_config_set_cipher_preferences(server_config, s2n_auto_gen_old_default_security_policy()));
             EXPECT_SUCCESS(s2n_config_add_cert_chain_and_key_to_store(server_config, chain_and_key));
             EXPECT_SUCCESS(s2n_config_add_dhparams(server_config, dhparams_pem));
             EXPECT_SUCCESS(s2n_config_set_async_pkey_callback(server_config, async_pkey_store_callback));
             server_config->security_policy = &server_security_policy;
 
             EXPECT_NOT_NULL(client_config = s2n_config_new());
+            EXPECT_SUCCESS(s2n_config_set_cipher_preferences(client_config, s2n_auto_gen_old_default_security_policy()));
             EXPECT_SUCCESS(s2n_config_set_unsafe_for_testing(client_config));
             /* Security policy must support all cipher suites in test_cipher_suites above */
             EXPECT_SUCCESS(s2n_config_set_cipher_preferences(client_config, "test_all"));
@@ -487,12 +491,14 @@ int main(int argc, char **argv)
         {
             struct s2n_config *server_config = NULL, *client_config = NULL;
             EXPECT_NOT_NULL(server_config = s2n_config_new());
+            EXPECT_SUCCESS(s2n_config_set_cipher_preferences(server_config, s2n_auto_gen_old_default_security_policy()));
             EXPECT_SUCCESS(s2n_config_add_cert_chain_and_key_to_store(server_config, chain_and_key));
             EXPECT_SUCCESS(s2n_config_add_dhparams(server_config, dhparams_pem));
             EXPECT_SUCCESS(s2n_config_set_async_pkey_callback(server_config, async_pkey_store_callback));
             server_config->security_policy = &server_security_policy;
 
             EXPECT_NOT_NULL(client_config = s2n_config_new());
+            EXPECT_SUCCESS(s2n_config_set_cipher_preferences(client_config, s2n_auto_gen_old_default_security_policy()));
             EXPECT_SUCCESS(s2n_config_set_unsafe_for_testing(client_config));
             /* Security policy must support all cipher suites in test_cipher_suites above */
             EXPECT_SUCCESS(s2n_config_set_cipher_preferences(client_config, "test_all"));
@@ -529,6 +535,7 @@ int main(int argc, char **argv)
         {
             struct s2n_config *server_config = NULL, *client_config = NULL;
             EXPECT_NOT_NULL(server_config = s2n_config_new());
+            EXPECT_SUCCESS(s2n_config_set_cipher_preferences(server_config, s2n_auto_gen_old_default_security_policy()));
             EXPECT_SUCCESS(s2n_config_add_cert_chain_and_key_to_store(server_config, chain_and_key));
             EXPECT_SUCCESS(s2n_config_add_dhparams(server_config, dhparams_pem));
             EXPECT_SUCCESS(s2n_config_set_async_pkey_callback(server_config, async_pkey_store_callback));
@@ -537,6 +544,7 @@ int main(int argc, char **argv)
             EXPECT_SUCCESS(s2n_config_set_async_pkey_validation_mode(server_config, S2N_ASYNC_PKEY_VALIDATION_STRICT));
 
             EXPECT_NOT_NULL(client_config = s2n_config_new());
+            EXPECT_SUCCESS(s2n_config_set_cipher_preferences(client_config, s2n_auto_gen_old_default_security_policy()));
             EXPECT_SUCCESS(s2n_config_set_unsafe_for_testing(client_config));
             /* Security policy must support all cipher suites in test_cipher_suites above */
             EXPECT_SUCCESS(s2n_config_set_cipher_preferences(client_config, "test_all"));
@@ -571,13 +579,15 @@ int main(int argc, char **argv)
         /* Test: Apply invalid signature, when signature validation is enabled for all sync / async signatures */
         {
             DEFER_CLEANUP(struct s2n_config *server_config = s2n_config_new(), s2n_config_ptr_free);
+            EXPECT_SUCCESS(s2n_config_set_cipher_preferences(server_config, s2n_auto_gen_old_default_security_policy()));
             EXPECT_NOT_NULL(server_config);
             EXPECT_SUCCESS(s2n_config_add_cert_chain_and_key_to_store(server_config, chain_and_key));
             EXPECT_SUCCESS(s2n_config_add_dhparams(server_config, dhparams_pem));
             EXPECT_SUCCESS(s2n_config_set_async_pkey_callback(server_config, async_pkey_store_callback));
             server_config->security_policy = &server_security_policy;
 
             DEFER_CLEANUP(struct s2n_config *client_config = s2n_config_new(), s2n_config_ptr_free);
+            EXPECT_SUCCESS(s2n_config_set_cipher_preferences(client_config, s2n_auto_gen_old_default_security_policy()));
             EXPECT_NOT_NULL(client_config);
             EXPECT_SUCCESS(s2n_config_set_unsafe_for_testing(client_config));
             /* Security policy must support all cipher suites in test_cipher_suites above */
@@ -679,6 +689,7 @@ int main(int argc, char **argv)
     /* Test: Apply invalid signature to sync operation */
     {
         DEFER_CLEANUP(struct s2n_config *config = s2n_config_new(), s2n_config_ptr_free);
+        EXPECT_SUCCESS(s2n_config_set_cipher_preferences(config, s2n_auto_gen_old_default_security_policy()));
         EXPECT_NOT_NULL(config);
         EXPECT_SUCCESS(s2n_config_set_unsafe_for_testing(config));
         EXPECT_SUCCESS(s2n_config_set_cipher_preferences(config, "default_tls13"));

diff --git a/tests/unit/s2n_auth_selection_test.c b/tests/unit/s2n_auth_selection_test.c
@@ -74,19 +74,24 @@ int main(int argc, char **argv)
             S2N_ECDSA_P384_PKCS1_CERT_CHAIN, S2N_ECDSA_P384_PKCS1_KEY));
 
     struct s2n_config *no_certs_config = s2n_config_new();
+    EXPECT_SUCCESS(s2n_config_set_cipher_preferences(no_certs_config, s2n_auto_gen_old_default_security_policy()));
 
     struct s2n_config *rsa_cert_config = s2n_config_new();
+    EXPECT_SUCCESS(s2n_config_set_cipher_preferences(rsa_cert_config, s2n_auto_gen_old_default_security_policy()));
     EXPECT_SUCCESS(s2n_config_add_cert_chain_and_key_to_store(rsa_cert_config, rsa_cert_chain));
 
     struct s2n_config *ecdsa_cert_config = s2n_config_new();
+    EXPECT_SUCCESS(s2n_config_set_cipher_preferences(ecdsa_cert_config, s2n_auto_gen_old_default_security_policy()));
     EXPECT_SUCCESS(s2n_config_add_cert_chain_and_key_to_store(ecdsa_cert_config, ecdsa_cert_chain));
 
     struct s2n_config *all_certs_config = s2n_config_new();
+    EXPECT_SUCCESS(s2n_config_set_cipher_preferences(all_certs_config, s2n_auto_gen_old_default_security_policy()));
     EXPECT_SUCCESS(s2n_config_add_cert_chain_and_key_to_store(all_certs_config, rsa_cert_chain));
     EXPECT_SUCCESS(s2n_config_add_cert_chain_and_key_to_store(all_certs_config, ecdsa_cert_chain));
 
     struct s2n_cert_chain_and_key *rsa_pss_cert_chain = NULL;
     struct s2n_config *rsa_pss_cert_config = s2n_config_new();
+    EXPECT_SUCCESS(s2n_config_set_cipher_preferences(rsa_pss_cert_config, s2n_auto_gen_old_default_security_policy()));
 
 #if RSA_PSS_CERTS_SUPPORTED
     EXPECT_SUCCESS(s2n_test_cert_chain_and_key_new(&rsa_pss_cert_chain,
@@ -190,6 +195,7 @@ int main(int argc, char **argv)
                     S2N_ECDSA_P256_PKCS1_CERT_CHAIN, S2N_ECDSA_P256_PKCS1_KEY));
 
             struct s2n_config *ecdsa_cert_config_for_other_curve = s2n_config_new();
+            EXPECT_SUCCESS(s2n_config_set_cipher_preferences(ecdsa_cert_config_for_other_curve, s2n_auto_gen_old_default_security_policy()));
             EXPECT_SUCCESS(s2n_config_add_cert_chain_and_key_to_store(
                     ecdsa_cert_config_for_other_curve, ecdsa_cert_chain_for_other_curve));
 

diff --git a/tests/unit/s2n_cert_authorities_test.c b/tests/unit/s2n_cert_authorities_test.c
@@ -74,6 +74,7 @@ int main(int argc, char **argv)
         {
             /* s2n_config_new configures the default trust store */
             DEFER_CLEANUP(struct s2n_config *config = s2n_config_new(), s2n_config_ptr_free);
+            EXPECT_SUCCESS(s2n_config_set_cipher_preferences(config, s2n_auto_gen_old_default_security_policy()));
             EXPECT_NOT_NULL(config);
 
             /* Fails with default system trust store */

diff --git a/tests/unit/s2n_cert_chain_and_key_test.c b/tests/unit/s2n_cert_chain_and_key_test.c
@@ -72,6 +72,7 @@ int main(int argc, char **argv)
     EXPECT_SUCCESS(setenv("S2N_DONT_MLOCK", "1", 0));
 
     EXPECT_NOT_NULL(client_config = s2n_config_new());
+    EXPECT_SUCCESS(s2n_config_set_cipher_preferences(client_config, s2n_auto_gen_old_default_security_policy()));
     EXPECT_SUCCESS(s2n_config_disable_x509_verification(client_config));
     /* Create config with s2n_config_add_cert_chain_and_key_to_store API with multiple certs */
     {
@@ -81,6 +82,7 @@ int main(int argc, char **argv)
         /* Collection of certs with the same domain name that need to have ties resolved. */
         struct s2n_cert_chain_and_key *tied_certs[NUM_TIED_CERTS] = { NULL };
         EXPECT_NOT_NULL(server_config = s2n_config_new());
+        EXPECT_SUCCESS(s2n_config_set_cipher_preferences(server_config, s2n_auto_gen_old_default_security_policy()));
         EXPECT_SUCCESS(s2n_config_set_cert_tiebreak_callback(server_config, test_cert_tiebreak_cb));
 
         /* Need to add at least one cert with a different domain name to make cert lookup utilize hashmap */
@@ -123,6 +125,7 @@ int main(int argc, char **argv)
     /* Create config with deprecated s2n_config_add_cert_chain_and_key API */
     {
         EXPECT_NOT_NULL(server_config = s2n_config_new());
+        EXPECT_SUCCESS(s2n_config_set_cipher_preferences(server_config, s2n_auto_gen_old_default_security_policy()));
         EXPECT_SUCCESS(s2n_config_add_cert_chain_and_key(server_config, cert_chain, private_key));
 
         EXPECT_NOT_NULL(server_conn = create_conn(S2N_SERVER, server_config));
@@ -149,6 +152,7 @@ int main(int argc, char **argv)
         /* Config first uses s2n_config_add_cert_chain_and_key: library owns chain */
         {
             DEFER_CLEANUP(struct s2n_config *config = s2n_config_new(), s2n_config_ptr_free);
+            EXPECT_SUCCESS(s2n_config_set_cipher_preferences(config, s2n_auto_gen_old_default_security_policy()));
             EXPECT_NOT_NULL(config);
             EXPECT_EQUAL(config->cert_ownership, S2N_NOT_OWNED);
 
@@ -170,6 +174,7 @@ int main(int argc, char **argv)
         /* Config first uses s2n_config_add_cert_chain_and_key_to_store: application owns chain */
         {
             DEFER_CLEANUP(struct s2n_config *config = s2n_config_new(), s2n_config_ptr_free);
+            EXPECT_SUCCESS(s2n_config_set_cipher_preferences(config, s2n_auto_gen_old_default_security_policy()));
             EXPECT_NOT_NULL(config);
             EXPECT_EQUAL(config->cert_ownership, S2N_NOT_OWNED);
 

diff --git a/tests/unit/s2n_cert_status_extension_test.c b/tests/unit/s2n_cert_status_extension_test.c
@@ -40,6 +40,7 @@ int main(int argc, char **argv)
     {
         struct s2n_config *config = NULL;
         EXPECT_NOT_NULL(config = s2n_config_new());
+        EXPECT_SUCCESS(s2n_config_set_cipher_preferences(config, s2n_auto_gen_old_default_security_policy()));
 
         struct s2n_connection *conn = NULL;
         EXPECT_NOT_NULL(conn = s2n_connection_new(S2N_CLIENT));
@@ -188,12 +189,14 @@ int main(int argc, char **argv)
         /* Client requests OCSP staple, and server sends OCSP response */
         {
             DEFER_CLEANUP(struct s2n_config *client_config = s2n_config_new(), s2n_config_ptr_free);
+            EXPECT_SUCCESS(s2n_config_set_cipher_preferences(client_config, s2n_auto_gen_old_default_security_policy()));
             EXPECT_NOT_NULL(client_config);
             EXPECT_SUCCESS(s2n_config_set_verification_ca_location(client_config, S2N_OCSP_CA_CERT, NULL));
             EXPECT_SUCCESS(s2n_config_set_cipher_preferences(client_config, "default_tls13"));
             EXPECT_SUCCESS(s2n_config_set_status_request_type(client_config, S2N_STATUS_REQUEST_OCSP));
 
             DEFER_CLEANUP(struct s2n_config *server_config = s2n_config_new(), s2n_config_ptr_free);
+            EXPECT_SUCCESS(s2n_config_set_cipher_preferences(server_config, s2n_auto_gen_old_default_security_policy()));
             EXPECT_NOT_NULL(server_config);
             EXPECT_SUCCESS(s2n_config_add_cert_chain_and_key_to_store(server_config, ocsp_chain_and_key));
             EXPECT_SUCCESS(s2n_config_set_cipher_preferences(server_config, "default_tls13"));
@@ -236,6 +239,7 @@ int main(int argc, char **argv)
         /* Server requests OCSP staple, and client sends OCSP response */
         {
             DEFER_CLEANUP(struct s2n_config *client_config = s2n_config_new(), s2n_config_ptr_free);
+            EXPECT_SUCCESS(s2n_config_set_cipher_preferences(client_config, s2n_auto_gen_old_default_security_policy()));
             EXPECT_NOT_NULL(client_config);
             EXPECT_SUCCESS(s2n_config_set_verification_ca_location(client_config, S2N_OCSP_CA_CERT, NULL));
             EXPECT_SUCCESS(s2n_config_set_cipher_preferences(client_config, "default_tls13"));
@@ -245,6 +249,7 @@ int main(int argc, char **argv)
             EXPECT_SUCCESS(s2n_config_add_cert_chain_and_key_to_store(client_config, ocsp_chain_and_key));
 
             DEFER_CLEANUP(struct s2n_config *server_config = s2n_config_new(), s2n_config_ptr_free);
+            EXPECT_SUCCESS(s2n_config_set_cipher_preferences(server_config, s2n_auto_gen_old_default_security_policy()));
             EXPECT_NOT_NULL(server_config);
             EXPECT_SUCCESS(s2n_config_add_cert_chain_and_key_to_store(server_config, ocsp_chain_and_key));
             EXPECT_SUCCESS(s2n_config_set_cipher_preferences(server_config, "default_tls13"));
@@ -291,6 +296,7 @@ int main(int argc, char **argv)
         /* Client and server both request OCSP staples, and client and server both send responses */
         {
             DEFER_CLEANUP(struct s2n_config *client_config = s2n_config_new(), s2n_config_ptr_free);
+            EXPECT_SUCCESS(s2n_config_set_cipher_preferences(client_config, s2n_auto_gen_old_default_security_policy()));
             EXPECT_NOT_NULL(client_config);
             EXPECT_SUCCESS(s2n_config_set_verification_ca_location(client_config, S2N_OCSP_CA_CERT, NULL));
             EXPECT_SUCCESS(s2n_config_set_cipher_preferences(client_config, "default_tls13"));
@@ -300,6 +306,7 @@ int main(int argc, char **argv)
             EXPECT_SUCCESS(s2n_config_add_cert_chain_and_key_to_store(client_config, ocsp_chain_and_key));
 
             DEFER_CLEANUP(struct s2n_config *server_config = s2n_config_new(), s2n_config_ptr_free);
+            EXPECT_SUCCESS(s2n_config_set_cipher_preferences(server_config, s2n_auto_gen_old_default_security_policy()));
             EXPECT_NOT_NULL(server_config);
             EXPECT_SUCCESS(s2n_config_add_cert_chain_and_key_to_store(server_config, ocsp_chain_and_key));
             EXPECT_SUCCESS(s2n_config_set_cipher_preferences(server_config, "default_tls13"));
@@ -345,12 +352,14 @@ int main(int argc, char **argv)
         /* Server sets an OCSP response but client does not request OCSP stapling */
         {
             DEFER_CLEANUP(struct s2n_config *client_config = s2n_config_new(), s2n_config_ptr_free);
+            EXPECT_SUCCESS(s2n_config_set_cipher_preferences(client_config, s2n_auto_gen_old_default_security_policy()));
             EXPECT_NOT_NULL(client_config);
             EXPECT_SUCCESS(s2n_config_set_verification_ca_location(client_config, S2N_OCSP_CA_CERT, NULL));
             EXPECT_SUCCESS(s2n_config_set_cipher_preferences(client_config, "default_tls13"));
             EXPECT_SUCCESS(s2n_config_set_status_request_type(client_config, S2N_STATUS_REQUEST_NONE));
 
             DEFER_CLEANUP(struct s2n_config *server_config = s2n_config_new(), s2n_config_ptr_free);
+            EXPECT_SUCCESS(s2n_config_set_cipher_preferences(server_config, s2n_auto_gen_old_default_security_policy()));
             EXPECT_NOT_NULL(server_config);
             EXPECT_SUCCESS(s2n_config_add_cert_chain_and_key_to_store(server_config, ocsp_chain_and_key));
             EXPECT_SUCCESS(s2n_config_set_cipher_preferences(server_config, "default_tls13"));