Add unit test for setting server cipher preferences in the CH callback

[phymod0]

Description of changes:

This adds a new unit test for changing server cipher preferences in the ClientHello callback

From the documentation of s2n_client_hello_fn:

The callback function takes a s2n-tls connection as input, which receives the ClientHello and the context previously provided in s2n_config_set_client_hello_cb. The callback can access any ClientHello information from the connection and use the s2n_connection_set_config call to change the config of the connection.

Within this callback, are calls to s2n_connection_set_cipher_preferences also valid? I found no documentation or unit test that confirms this, so I'm contributing one under the premise that this is the case.

Testing

I confirmed that removing the s2n_connection_set_cipher_preferences() call from the test callback fails the new unit test.

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

[dougch]

Thanks for the PR ! We'll have a look.

[goatgoose]

Thanks for the PR!

Within this callback, are calls to s2n_connection_set_cipher_preferences also valid?

Yes, I believe this should be valid, since the client hello callback is invoked before a cipher suite is negotiated.

[goatgoose]

Nice, it looks like this is working with the FIPS test now. The only failing test is for clang-format:

Suggested change

	bool security_policy_contains_cipher(const char* security_policy_name, uint8_t* cipher_iana) {
	bool security_policy_contains_cipher(const char *security_policy_name, uint8_t *cipher_iana)
	{

[goatgoose]

clang-format:

Suggested change

	#include "tls/s2n_security_policies.h"
	#include "tls/s2n_internal.h"
	#include "tls/s2n_internal.h"
	#include "tls/s2n_security_policies.h"

[github-actions]

This PR has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.