From ec6ca6e3640b21f05c3c7d5db2122e2805d37b1d Mon Sep 17 00:00:00 2001
From: James Mayclin <maycj@amazon.com>
Date: Thu, 8 Feb 2024 18:35:06 -0800
Subject: [PATCH] build: make CMake test flags more consistent with make
 (#4392)

---
 CMakeLists.txt                             | 12 +++++++++--
 tests/unit/s2n_build_test.c                | 25 ++++++++++++++++++----
 tests/unit/s2n_ktls_test.c                 |  4 ++--
 tests/unit/s2n_signature_algorithms_test.c |  4 ++--
 tests/unit/s2n_x509_validator_test.c       |  3 +--
 5 files changed, 36 insertions(+), 12 deletions(-)

diff --git a/CMakeLists.txt b/CMakeLists.txt
index 3aab8832efb..0fe35d025a4 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -24,6 +24,8 @@ otherwise a crypto target needs to be defined." ON)
 option(UNSAFE_TREAT_WARNINGS_AS_ERRORS "Compiler warnings are treated as errors. Warnings may
 indicate danger points where you should verify with the S2N-TLS developers that the security of
 the library is not compromised. Turn this OFF to ignore warnings." ON)
+option(S2N_WERROR_ALL "This option will cause all artifacts linked to libs2n to use the 
+-Werror setting." OFF)
 option(S2N_INTERN_LIBCRYPTO "This ensures that s2n-tls is compiled and deployed with a specific
 version of libcrypto by interning the code and hiding symbols. This also enables s2n-tls to be
 loaded in an application with an otherwise conflicting libcrypto version." OFF)
@@ -136,7 +138,9 @@ target_compile_options(${PROJECT_NAME} PRIVATE -pedantic -std=gnu99 -Wall -Wimpl
         -Wno-missing-braces -Wsign-compare -Wno-strict-prototypes -Wa,--noexecstack
 )
 
-if (UNSAFE_TREAT_WARNINGS_AS_ERRORS)
+if (S2N_WERROR_ALL)
+    target_compile_options(${PROJECT_NAME} PUBLIC -Werror)
+elseif (UNSAFE_TREAT_WARNINGS_AS_ERRORS)
     target_compile_options(${PROJECT_NAME} PRIVATE -Werror )
 endif ()
 
@@ -500,7 +504,11 @@ if (BUILD_TESTING)
                   find . -name '${test_case_name}.c.o' -exec objcopy --redefine-syms libcrypto.symbols {} \\\;
             )
         endif()
-        target_compile_options(${test_case_name} PRIVATE -Wno-implicit-function-declaration -Wno-deprecated -Wunused-result -D_POSIX_C_SOURCE=200809L -std=gnu99)
+        target_compile_options(${test_case_name} PRIVATE 
+                -Wall -Wimplicit -Wunused -Wcomment -Wchar-subscripts -Wuninitialized 
+                -Wshadow  -Wcast-align -Wwrite-strings -Wformat-security
+                -Wno-deprecated-declarations -Wno-unknown-pragmas -Wno-deprecated 
+                -fPIC -D_POSIX_C_SOURCE=200809L -std=gnu99)
         if (S2N_LTO)
             target_compile_options(${test_case_name} PRIVATE -flto)
         endif()
diff --git a/tests/unit/s2n_build_test.c b/tests/unit/s2n_build_test.c
index 7e707954df4..75195fe0d2a 100644
--- a/tests/unit/s2n_build_test.c
+++ b/tests/unit/s2n_build_test.c
@@ -23,6 +23,8 @@
 #include "crypto/s2n_openssl.h"
 #include "s2n_test.h"
 
+#define MAX_LIBCRYPTO_NAME_LEN 100
+
 int tokenize_s2n_libcrypto(char *s2n_libcrypto, char **name, char **version)
 {
     if (name == NULL || version == NULL || s2n_libcrypto == NULL) {
@@ -44,6 +46,19 @@ int tokenize_s2n_libcrypto(char *s2n_libcrypto, char **name, char **version)
     return S2N_SUCCESS;
 }
 
+S2N_RESULT s2n_test_lowercase_copy(const char *input, char *destination, size_t max_len)
+{
+    RESULT_ENSURE_REF(input);
+    RESULT_ENSURE_REF(destination);
+
+    for (size_t i = 0; i < strlen(input); i++) {
+        RESULT_ENSURE_LT(i, max_len);
+        destination[i] = tolower(input[i]);
+    }
+
+    return S2N_RESULT_OK;
+}
+
 int main()
 {
     BEGIN_TEST();
@@ -69,8 +84,9 @@ int main()
         END_TEST();
     }
 
-    char s2n_libcrypto_copy[100] = { 0 };
-    strncpy(s2n_libcrypto_copy, s2n_libcrypto, 99);
+    char s2n_libcrypto_copy[MAX_LIBCRYPTO_NAME_LEN] = { 0 };
+    EXPECT_TRUE(strlen(s2n_libcrypto) < MAX_LIBCRYPTO_NAME_LEN);
+    EXPECT_OK(s2n_test_lowercase_copy(s2n_libcrypto, &s2n_libcrypto_copy[0], s2n_array_len(s2n_libcrypto_copy)));
     char *name = NULL;
     char *version = NULL;
     EXPECT_SUCCESS(tokenize_s2n_libcrypto(s2n_libcrypto_copy, &name, &version));
@@ -83,8 +99,9 @@ int main()
             EXPECT_TRUE(s2n_libcrypto_is_awslc());
         } else {
             /* Any other library should have the name of the library (modulo case) in its version string.  */
-            const char *ssleay_version_text = SSLeay_version(SSLEAY_VERSION);
-            EXPECT_NOT_NULL(strcasestr(ssleay_version_text, name));
+            char ssleay_version_text[MAX_LIBCRYPTO_NAME_LEN] = { 0 };
+            EXPECT_OK(s2n_test_lowercase_copy(SSLeay_version(SSLEAY_VERSION), &ssleay_version_text[0], MAX_LIBCRYPTO_NAME_LEN));
+            EXPECT_NOT_NULL(strstr(ssleay_version_text, name));
         }
     };
 
diff --git a/tests/unit/s2n_ktls_test.c b/tests/unit/s2n_ktls_test.c
index 5309911fbcb..58effec553f 100644
--- a/tests/unit/s2n_ktls_test.c
+++ b/tests/unit/s2n_ktls_test.c
@@ -184,7 +184,7 @@ int main(int argc, char **argv)
             EXPECT_EQUAL(crypto_info.value.size, sizeof(crypto_info.ciphers.aes_gcm_128));
             EXPECT_EQUAL(crypto_info.value.data, (uint8_t *) &crypto_info.ciphers.aes_gcm_128);
             s2n_ktls_crypto_info_tls12_aes_gcm_128 *value =
-                    (s2n_ktls_crypto_info_tls12_aes_gcm_128 *) crypto_info.value.data;
+                    (s2n_ktls_crypto_info_tls12_aes_gcm_128 *) (void *) crypto_info.value.data;
 
             EXPECT_EQUAL(test_key.size, sizeof(value->key));
             EXPECT_BYTEARRAY_EQUAL(test_key.data, value->key, sizeof(value->key));
@@ -216,7 +216,7 @@ int main(int argc, char **argv)
             EXPECT_EQUAL(crypto_info.value.size, sizeof(crypto_info.ciphers.aes_gcm_256));
             EXPECT_EQUAL(crypto_info.value.data, (uint8_t *) &crypto_info.ciphers.aes_gcm_256);
             s2n_ktls_crypto_info_tls12_aes_gcm_256 *value =
-                    (s2n_ktls_crypto_info_tls12_aes_gcm_256 *) crypto_info.value.data;
+                    (s2n_ktls_crypto_info_tls12_aes_gcm_256 *) (void *) crypto_info.value.data;
 
             EXPECT_EQUAL(test_key.size, sizeof(value->key));
             EXPECT_BYTEARRAY_EQUAL(test_key.data, value->key, sizeof(value->key));
diff --git a/tests/unit/s2n_signature_algorithms_test.c b/tests/unit/s2n_signature_algorithms_test.c
index 6d4145e850b..63bea8097bf 100644
--- a/tests/unit/s2n_signature_algorithms_test.c
+++ b/tests/unit/s2n_signature_algorithms_test.c
@@ -239,7 +239,7 @@ int main(int argc, char **argv)
                 /* Test: ECDSA */
                 {
                     const struct s2n_signature_scheme *expected = &s2n_ecdsa_sha1;
-                    conn->handshake_params.client_cert_pkey_type = S2N_AUTHENTICATION_ECDSA;
+                    conn->handshake_params.client_cert_pkey_type = S2N_PKEY_TYPE_ECDSA;
                     EXPECT_SUCCESS(s2n_connection_set_config(conn, client_ecdsa_config));
 
                     /* TLS1.1 selects the default */
@@ -256,7 +256,7 @@ int main(int argc, char **argv)
                 /* Test: RSA */
                 {
                     const struct s2n_signature_scheme *expected = &s2n_rsa_pkcs1_md5_sha1;
-                    conn->handshake_params.client_cert_pkey_type = S2N_AUTHENTICATION_RSA;
+                    conn->handshake_params.client_cert_pkey_type = S2N_PKEY_TYPE_RSA;
                     EXPECT_SUCCESS(s2n_connection_set_config(conn, client_rsa_config));
 
                     /* TLS1.1 selects the default */
diff --git a/tests/unit/s2n_x509_validator_test.c b/tests/unit/s2n_x509_validator_test.c
index 51300c5cf89..45b1f9b88fd 100644
--- a/tests/unit/s2n_x509_validator_test.c
+++ b/tests/unit/s2n_x509_validator_test.c
@@ -13,11 +13,10 @@
  * permissions and limitations under the License.
  */
 
+#include "crypto/s2n_openssl_x509.h"
 #include "s2n_test.h"
 #include "testlib/s2n_testlib.h"
 
-DEFINE_POINTER_CLEANUP_FUNC(X509 *, X509_free);
-
 static int mock_time(void *data, uint64_t *timestamp)
 {
     *timestamp = *(uint64_t *) data;