aws-crt 0.1.5 → 0.1.6

data/aws-crt-ffi/crt/s2n/tests/integrationv2/test_cross_compatibility.py

@@ -19,13 +19,17 @@ RESUMPTION_PROTOCOLS = [Protocols.TLS12, Protocols.TLS13]
 An old S2N server can resume a session with a new S2N server's session ticket. 
 Tests that S2N tickets are backwards-compatible.
 """
+
+
 @pytest.mark.uncollect_if(func=invalid_test_parameters)
 @pytest.mark.parametrize("cipher", ALL_TEST_CIPHERS, ids=get_parameter_name)
 @pytest.mark.parametrize("curve", ALL_TEST_CURVES, ids=get_parameter_name)
 @pytest.mark.parametrize("certificate", ALL_TEST_CERTS, ids=get_parameter_name)
 @pytest.mark.parametrize("protocol", RESUMPTION_PROTOCOLS, ids=get_parameter_name)
-@pytest.mark.parametrize("provider", [ OpenSSL ], ids=get_parameter_name)
-def test_s2n_old_server_new_ticket(managed_process, tmp_path, cipher, curve, protocol, provider, certificate):
+@pytest.mark.parametrize("provider", [OpenSSL], ids=get_parameter_name)
+@pytest.mark.parametrize("other_provider", [S2N], ids=get_parameter_name)
+def test_s2n_old_server_new_ticket(managed_process, tmp_path, cipher, curve, certificate, protocol, provider,
+                                   other_provider):
     ticket_file = str(tmp_path / TICKET_FILE)
     assert not os.path.exists(ticket_file)
 
@@ -48,8 +52,10 @@ def test_s2n_old_server_new_ticket(managed_process, tmp_path, cipher, curve, pro
     server_options.cert = certificate.cert
     server_options.data_to_send = CLOSE_MARKER_BYTES
 
-    s2n_server = managed_process(S2N, server_options, send_marker=S2N.get_send_marker())
-    client = managed_process(provider, client_options, close_marker=str(CLOSE_MARKER_BYTES))
+    s2n_server = managed_process(
+        S2N, server_options, send_marker=S2N.get_send_marker())
+    client = managed_process(provider, client_options,
+                             close_marker=str(CLOSE_MARKER_BYTES))
 
     for results in client.get_results():
         results.assert_success()
@@ -61,8 +67,10 @@ def test_s2n_old_server_new_ticket(managed_process, tmp_path, cipher, curve, pro
     client_options.extra_flags = ['-sess_in', ticket_file]
     server_options.use_mainline_version = True
 
-    s2n_server = managed_process(S2N, server_options, send_marker=S2N.get_send_marker())
-    client = managed_process(provider, client_options, close_marker=str(CLOSE_MARKER_BYTES))
+    s2n_server = managed_process(
+        S2N, server_options, send_marker=S2N.get_send_marker())
+    client = managed_process(provider, client_options,
+                             close_marker=str(CLOSE_MARKER_BYTES))
 
     for results in client.get_results():
         results.assert_success()
@@ -76,13 +84,17 @@ def test_s2n_old_server_new_ticket(managed_process, tmp_path, cipher, curve, pro
 A new S2N server can resume a session with an old S2N server's session ticket. 
 Tests that S2N tickets are forwards-compatible.
 """
+
+
 @pytest.mark.uncollect_if(func=invalid_test_parameters)
 @pytest.mark.parametrize("cipher", ALL_TEST_CIPHERS, ids=get_parameter_name)
 @pytest.mark.parametrize("curve", ALL_TEST_CURVES, ids=get_parameter_name)
 @pytest.mark.parametrize("certificate", ALL_TEST_CERTS, ids=get_parameter_name)
 @pytest.mark.parametrize("protocol", RESUMPTION_PROTOCOLS, ids=get_parameter_name)
-@pytest.mark.parametrize("provider", [ OpenSSL ], ids=get_parameter_name)
-def test_s2n_new_server_old_ticket(managed_process, tmp_path, cipher, curve, protocol, provider, certificate):
+@pytest.mark.parametrize("provider", [OpenSSL], ids=get_parameter_name)
+@pytest.mark.parametrize("other_provider", [S2N], ids=get_parameter_name)
+def test_s2n_new_server_old_ticket(managed_process, tmp_path, cipher, curve, certificate, protocol, provider,
+                                   other_provider):
     ticket_file = str(tmp_path / TICKET_FILE)
     assert not os.path.exists(ticket_file)
 
@@ -106,8 +118,10 @@ def test_s2n_new_server_old_ticket(managed_process, tmp_path, cipher, curve, pro
     server_options.cert = certificate.cert
     server_options.data_to_send = CLOSE_MARKER_BYTES
 
-    s2n_server = managed_process(S2N, server_options, send_marker=S2N.get_send_marker())
-    client = managed_process(provider, client_options, close_marker=str(CLOSE_MARKER_BYTES))
+    s2n_server = managed_process(
+        S2N, server_options, send_marker=S2N.get_send_marker())
+    client = managed_process(provider, client_options,
+                             close_marker=str(CLOSE_MARKER_BYTES))
 
     for results in client.get_results():
         results.assert_success()
@@ -119,8 +133,10 @@ def test_s2n_new_server_old_ticket(managed_process, tmp_path, cipher, curve, pro
     client_options.extra_flags = ['-sess_in', ticket_file]
     server_options.use_mainline_version = False
 
-    s2n_server = managed_process(S2N, server_options, send_marker=S2N.get_send_marker())
-    client = managed_process(provider, client_options, close_marker=str(CLOSE_MARKER_BYTES))
+    s2n_server = managed_process(
+        S2N, server_options, send_marker=S2N.get_send_marker())
+    client = managed_process(provider, client_options,
+                             close_marker=str(CLOSE_MARKER_BYTES))
 
     for results in client.get_results():
         results.assert_success()
@@ -135,13 +151,17 @@ An old S2N client can resume a session with an new S2N client's session ticket.
 Tests that S2N tickets are backwards-compatible. In our client tests we use an S2N
 server because the Openssl server uses a different ticket key for each session.
 """
+
+
 @pytest.mark.uncollect_if(func=invalid_test_parameters)
 @pytest.mark.parametrize("cipher", ALL_TEST_CIPHERS, ids=get_parameter_name)
 @pytest.mark.parametrize("curve", ALL_TEST_CURVES, ids=get_parameter_name)
 @pytest.mark.parametrize("certificate", ALL_TEST_CERTS, ids=get_parameter_name)
 @pytest.mark.parametrize("protocol", RESUMPTION_PROTOCOLS, ids=get_parameter_name)
-@pytest.mark.parametrize("provider", [ S2N ], ids=get_parameter_name)
-def test_s2n_old_client_new_ticket(managed_process, tmp_path, cipher, curve, protocol, provider, certificate):
+@pytest.mark.parametrize("provider", [S2N], ids=get_parameter_name)
+@pytest.mark.parametrize("other_provider", [S2N], ids=get_parameter_name)
+def test_s2n_old_client_new_ticket(managed_process, tmp_path, cipher, curve, certificate, protocol, provider,
+                                   other_provider):
     ticket_file = str(tmp_path / TICKET_FILE)
     assert not os.path.exists(ticket_file)
 
@@ -177,7 +197,7 @@ def test_s2n_old_client_new_ticket(managed_process, tmp_path, cipher, curve, pro
     client_options.use_mainline_version = True
 
     server = managed_process(provider, server_options)
-    s2n_client = managed_process(S2N, client_options)
+    s2n_client = managed_process(other_provider, client_options)
 
     for results in s2n_client.get_results():
         results.assert_success()
@@ -192,13 +212,17 @@ def test_s2n_old_client_new_ticket(managed_process, tmp_path, cipher, curve, pro
 A new S2N client can resume a session with an old S2N client's session ticket. 
 Tests that S2N tickets are forwards-compatible.
 """
+
+
 @pytest.mark.uncollect_if(func=invalid_test_parameters)
 @pytest.mark.parametrize("cipher", ALL_TEST_CIPHERS, ids=get_parameter_name)
 @pytest.mark.parametrize("curve", ALL_TEST_CURVES, ids=get_parameter_name)
 @pytest.mark.parametrize("certificate", ALL_TEST_CERTS, ids=get_parameter_name)
 @pytest.mark.parametrize("protocol", RESUMPTION_PROTOCOLS, ids=get_parameter_name)
-@pytest.mark.parametrize("provider", [ S2N ], ids=get_parameter_name)
-def test_s2n_new_client_old_ticket(managed_process, tmp_path, cipher, curve, protocol, provider, certificate):
+@pytest.mark.parametrize("provider", [S2N], ids=get_parameter_name)
+@pytest.mark.parametrize("other_provider", [S2N], ids=get_parameter_name)
+def test_s2n_new_client_old_ticket(managed_process, tmp_path, cipher, curve, certificate, protocol, provider,
+                                   other_provider):
     ticket_file = str(tmp_path / TICKET_FILE)
     assert not os.path.exists(ticket_file)
 

data/aws-crt-ffi/crt/s2n/tests/integrationv2/test_dynamic_record_sizes.py

@@ -41,10 +41,12 @@ def find_fragmented_packet(results):
 @pytest.mark.uncollect_if(func=invalid_test_parameters)
 @pytest.mark.parametrize("cipher", ALL_TEST_CIPHERS, ids=get_parameter_name)
 @pytest.mark.parametrize("curve", ALL_TEST_CURVES)
-@pytest.mark.parametrize("provider", [OpenSSL])
+@pytest.mark.parametrize("provider", [OpenSSL], ids=get_parameter_name)
+@pytest.mark.parametrize("other_provider", [S2N], ids=get_parameter_name)
 @pytest.mark.parametrize("protocol", PROTOCOLS, ids=get_parameter_name)
 @pytest.mark.parametrize("certificate", ALL_TEST_CERTS, ids=get_parameter_name)
-def test_s2n_client_dynamic_record(custom_mtu, managed_process, cipher, curve, provider, protocol, certificate):
+def test_s2n_client_dynamic_record(custom_mtu, managed_process, cipher, curve, provider, other_provider, protocol,
+                                   certificate):
     port = next(available_ports)
 
     # 16384 bytes is enough to reliably get a packet that will exceed the MTU
@@ -73,7 +75,8 @@ def test_s2n_client_dynamic_record(custom_mtu, managed_process, cipher, curve, p
 
     for results in client.get_results():
         results.assert_success()
-        assert to_bytes("Actual protocol version: {}".format(expected_version)) in results.stdout
+        assert to_bytes("Actual protocol version: {}".format(
+            expected_version)) in results.stdout
 
     for results in server.get_results():
         results.assert_success()

data/aws-crt-ffi/crt/s2n/tests/integrationv2/test_early_data.py

@@ -16,22 +16,27 @@ from test_hello_retry_requests import S2N_HRR_MARKER
 TICKET_FILE = 'ticket'
 EARLY_DATA_FILE = 'early_data'
 
-MAX_EARLY_DATA = 500 # Arbitrary largish number
-DATA_TO_SEND = data_bytes(500) # Arbitrary large number
+MAX_EARLY_DATA = 500  # Arbitrary largish number
+DATA_TO_SEND = data_bytes(500)  # Arbitrary large number
 
-NUM_RESUMES = 5 # Hardcoded for s2nc --reconnect
-NUM_CONNECTIONS = NUM_RESUMES + 1 # resumes + initial
+NUM_RESUMES = 5  # Hardcoded for s2nc --reconnect
+NUM_CONNECTIONS = NUM_RESUMES + 1  # resumes + initial
 
 S2N_DEFAULT_CURVE = Curves.X25519
-S2N_UNSUPPORTED_CURVE = 'X448' # We have no plans to support this curve any time soon
-S2N_HRR_CURVES = list(curve for curve in ALL_TEST_CURVES if curve != S2N_DEFAULT_CURVE)
+# We have no plans to support this curve any time soon
+S2N_UNSUPPORTED_CURVE = 'X448'
+S2N_HRR_CURVES = list(
+    curve for curve in ALL_TEST_CURVES if curve != S2N_DEFAULT_CURVE)
 
 S2N_EARLY_DATA_MARKER = to_bytes("WITH_EARLY_DATA")
 S2N_EARLY_DATA_RECV_MARKER = "Early Data received: "
 S2N_EARLY_DATA_STATUS_MARKER = "Early Data status: {status}"
-S2N_EARLY_DATA_ACCEPTED_MARKER = S2N_EARLY_DATA_STATUS_MARKER.format(status="ACCEPTED")
-S2N_EARLY_DATA_REJECTED_MARKER = S2N_EARLY_DATA_STATUS_MARKER.format(status="REJECTED")
-S2N_EARLY_DATA_NOT_REQUESTED_MARKER = S2N_EARLY_DATA_STATUS_MARKER.format(status="NOT REQUESTED")
+S2N_EARLY_DATA_ACCEPTED_MARKER = S2N_EARLY_DATA_STATUS_MARKER.format(
+    status="ACCEPTED")
+S2N_EARLY_DATA_REJECTED_MARKER = S2N_EARLY_DATA_STATUS_MARKER.format(
+    status="REJECTED")
+S2N_EARLY_DATA_NOT_REQUESTED_MARKER = S2N_EARLY_DATA_STATUS_MARKER.format(
+    status="NOT REQUESTED")
 
 
 class S2N(S2NBase):
@@ -79,8 +84,8 @@ class OpenSSL(OpenSSLBase):
 # The `-sess_in`/`-sess_out` options can be used instead, but don't have an s2nc equivalent.
 # As we add more providers, we may need both a `-reconnect`-like and a `-sess_in/out`-like S2N server test,
 # but for now we can just use `-sess_in/out` and cover the S2N->S2N case in the S2N client tests.
-CLIENT_PROVIDERS = [ OpenSSL ]
-SERVER_PROVIDERS = [ OpenSSL, S2N ]
+CLIENT_PROVIDERS = [OpenSSL]
+SERVER_PROVIDERS = [OpenSSL, S2N]
 
 
 def get_early_data_bytes(file_path, early_data_size):
@@ -113,8 +118,18 @@ def get_ticket_from_s2n_server(options, managed_process, provider, certificate):
 
     assert not os.path.exists(options.ticket_file)
 
-    s2n_server = managed_process(S2N, server_options, send_marker=S2N.get_send_marker())
-    client = managed_process(provider, client_options, close_marker=str(close_marker_bytes))
+    s2n_server = managed_process(
+        S2N, 
+        server_options, 
+        send_marker=S2N.get_send_marker(), 
+        timeout=10
+    )
+    client = managed_process(
+        provider, 
+        client_options, 
+        close_marker=str(close_marker_bytes), 
+        timeout=10
+    )
 
     for results in s2n_server.get_results():
         results.assert_success()
@@ -125,20 +140,33 @@ def get_ticket_from_s2n_server(options, managed_process, provider, certificate):
     assert os.path.exists(options.ticket_file)
 
 
+def test_nothing():
+    """
+    Sometimes the early data test parameters in combination with the s2n libcrypto
+    results in no test cases existing. In this case, pass a nothing test to avoid
+    marking the entire codebuild run as failed.
+    """
+    assert True
+
+
 """
 Basic S2N server happy case.
 
 We make one full connection to get a session ticket with early data enabled,
 then another resumption connection with early data.
 """
+
+
 @pytest.mark.uncollect_if(func=invalid_test_parameters)
 @pytest.mark.parametrize("cipher", TLS13_CIPHERS, ids=get_parameter_name)
 @pytest.mark.parametrize("curve", ALL_TEST_CURVES, ids=get_parameter_name)
 @pytest.mark.parametrize("certificate", ALL_TEST_CERTS, ids=get_parameter_name)
 @pytest.mark.parametrize("protocol", [Protocols.TLS13], ids=get_parameter_name)
 @pytest.mark.parametrize("provider", CLIENT_PROVIDERS, ids=get_parameter_name)
+@pytest.mark.parametrize("other_provider", [S2N], ids=get_parameter_name)
 @pytest.mark.parametrize("early_data_size", [int(MAX_EARLY_DATA/2), int(MAX_EARLY_DATA-1), MAX_EARLY_DATA, 1])
-def test_s2n_server_with_early_data(managed_process, tmp_path, cipher, curve, protocol, provider, certificate, early_data_size):
+def test_s2n_server_with_early_data(managed_process, tmp_path, cipher, curve, certificate, protocol, provider,
+                                    other_provider, early_data_size):
     ticket_file = str(tmp_path / TICKET_FILE)
     early_data_file = str(tmp_path / EARLY_DATA_FILE)
     early_data = get_early_data_bytes(early_data_file, early_data_size)
@@ -164,8 +192,8 @@ def test_s2n_server_with_early_data(managed_process, tmp_path, cipher, curve, pr
     server_options = copy.copy(options)
     server_options.mode = Provider.ServerMode
 
-    s2n_server = managed_process(S2N, server_options)
-    client = managed_process(provider, client_options)
+    s2n_server = managed_process(S2N, server_options, timeout=10)
+    client = managed_process(provider, client_options, timeout=10)
 
     for results in client.get_results():
         results.assert_success()
@@ -173,7 +201,8 @@ def test_s2n_server_with_early_data(managed_process, tmp_path, cipher, curve, pr
     for results in s2n_server.get_results():
         results.assert_success()
         assert S2N_EARLY_DATA_MARKER in results.stdout
-        assert (to_bytes(S2N_EARLY_DATA_RECV_MARKER) + early_data) in results.stdout
+        assert (to_bytes(S2N_EARLY_DATA_RECV_MARKER) +
+                early_data) in results.stdout
         assert to_bytes(S2N_EARLY_DATA_ACCEPTED_MARKER) in results.stdout
         assert DATA_TO_SEND in results.stdout
 
@@ -184,13 +213,17 @@ Basic S2N client happy case.
 The S2N client tests session resumption by repeatedly reconnecting.
 That means we don't need to manually perform the initial full connection, and there is no external ticket file.
 """
+
+
 @pytest.mark.uncollect_if(func=invalid_test_parameters)
 @pytest.mark.parametrize("cipher", TLS13_CIPHERS, ids=get_parameter_name)
 @pytest.mark.parametrize("certificate", ALL_TEST_CERTS, ids=get_parameter_name)
 @pytest.mark.parametrize("protocol", [Protocols.TLS13], ids=get_parameter_name)
 @pytest.mark.parametrize("provider", SERVER_PROVIDERS, ids=get_parameter_name)
+@pytest.mark.parametrize("other_provider", [S2N], ids=get_parameter_name)
 @pytest.mark.parametrize("early_data_size", [int(MAX_EARLY_DATA/2), int(MAX_EARLY_DATA-1), MAX_EARLY_DATA, 1])
-def test_s2n_client_with_early_data(managed_process, tmp_path, cipher, protocol, provider, certificate, early_data_size):
+def test_s2n_client_with_early_data(managed_process, tmp_path, cipher, certificate, protocol, provider, other_provider,
+                                    early_data_size):
     early_data_file = str(tmp_path / EARLY_DATA_FILE)
     early_data = get_early_data_bytes(early_data_file, early_data_size)
 
@@ -211,17 +244,18 @@ def test_s2n_client_with_early_data(managed_process, tmp_path, cipher, protocol,
 
     server_options = copy.copy(options)
     server_options.mode = Provider.ServerMode
-    server_options.key = certificate.key # Required for the initial connection
-    server_options.cert = certificate.cert # Required for the initial connection
+    server_options.key = certificate.key  # Required for the initial connection
+    server_options.cert = certificate.cert  # Required for the initial connection
     server_options.reconnects_before_exit = NUM_CONNECTIONS
 
-    server = managed_process(provider, server_options)
-    s2n_client = managed_process(S2N, client_options)
+    server = managed_process(provider, server_options, timeout=10)
+    s2n_client = managed_process(S2N, client_options, timeout=10)
 
     for results in s2n_client.get_results():
         results.assert_success()
         assert S2N_EARLY_DATA_MARKER in results.stdout
-        assert results.stdout.count(to_bytes(S2N_EARLY_DATA_ACCEPTED_MARKER)) == NUM_RESUMES
+        assert results.stdout.count(
+            to_bytes(S2N_EARLY_DATA_ACCEPTED_MARKER)) == NUM_RESUMES
 
     for results in server.get_results():
         results.assert_success()
@@ -234,12 +268,16 @@ Verify that the S2N client doesn't request early data when a server doesn't supp
 We repeatedly reconnect with max_early_data set to 0. This is basically a test from
 test_session_resumption but with validation that no early data is sent.
 """
+
+
 @pytest.mark.uncollect_if(func=invalid_test_parameters)
 @pytest.mark.parametrize("cipher", TLS13_CIPHERS, ids=get_parameter_name)
 @pytest.mark.parametrize("certificate", ALL_TEST_CERTS, ids=get_parameter_name)
 @pytest.mark.parametrize("protocol", [Protocols.TLS13], ids=get_parameter_name)
 @pytest.mark.parametrize("provider", SERVER_PROVIDERS, ids=get_parameter_name)
-def test_s2n_client_without_early_data(managed_process, tmp_path, cipher, protocol, provider, certificate):
+@pytest.mark.parametrize("other_provider", [S2N], ids=get_parameter_name)
+def test_s2n_client_without_early_data(managed_process, tmp_path, cipher, certificate, protocol, provider,
+                                       other_provider):
     early_data_file = str(tmp_path / EARLY_DATA_FILE)
     early_data = get_early_data_bytes(early_data_file, MAX_EARLY_DATA)
 
@@ -260,12 +298,12 @@ def test_s2n_client_without_early_data(managed_process, tmp_path, cipher, protoc
 
     server_options = copy.copy(options)
     server_options.mode = Provider.ServerMode
-    server_options.key = certificate.key # Required for the initial connection
-    server_options.cert = certificate.cert # Required for the initial connection
+    server_options.key = certificate.key  # Required for the initial connection
+    server_options.cert = certificate.cert  # Required for the initial connection
     server_options.reconnects_before_exit = NUM_CONNECTIONS
 
-    server = managed_process(provider, server_options)
-    s2n_client = managed_process(S2N, client_options)
+    server = managed_process(provider, server_options, timeout=10)
+    s2n_client = managed_process(S2N, client_options, timeout=10)
 
     for results in server.get_results():
         results.assert_success()
@@ -274,7 +312,8 @@ def test_s2n_client_without_early_data(managed_process, tmp_path, cipher, protoc
     for results in s2n_client.get_results():
         results.assert_success()
         assert S2N_EARLY_DATA_MARKER not in results.stdout
-        assert results.stdout.count(to_bytes(S2N_EARLY_DATA_NOT_REQUESTED_MARKER)) == NUM_CONNECTIONS
+        assert results.stdout.count(
+            to_bytes(S2N_EARLY_DATA_NOT_REQUESTED_MARKER)) == NUM_CONNECTIONS
 
 
 """
@@ -286,14 +325,17 @@ When the client attempts to use the ticket to send early data, the server reject
 We can't perform an S2N client version of this test because the S2N client performs its hardcoded
 reconnects automatically, without any mechanism to modify the connection in between.
 """
+@pytest.mark.flaky(reruns=5)
 @pytest.mark.uncollect_if(func=invalid_test_parameters)
 @pytest.mark.parametrize("cipher", TLS13_CIPHERS, ids=get_parameter_name)
 @pytest.mark.parametrize("curve", ALL_TEST_CURVES, ids=get_parameter_name)
 @pytest.mark.parametrize("certificate", ALL_TEST_CERTS, ids=get_parameter_name)
 @pytest.mark.parametrize("protocol", [Protocols.TLS13], ids=get_parameter_name)
 @pytest.mark.parametrize("provider", CLIENT_PROVIDERS, ids=get_parameter_name)
+@pytest.mark.parametrize("other_provider", [S2N], ids=get_parameter_name)
 @pytest.mark.parametrize("early_data_size", [int(MAX_EARLY_DATA/2), int(MAX_EARLY_DATA-1), MAX_EARLY_DATA, 1])
-def test_s2n_server_with_early_data_rejected(managed_process, tmp_path, cipher, curve, protocol, provider, certificate, early_data_size):
+def test_s2n_server_with_early_data_rejected(managed_process, tmp_path, cipher, curve, certificate, protocol, provider,
+                                             other_provider, early_data_size):
     ticket_file = str(tmp_path / TICKET_FILE)
     early_data_file = str(tmp_path / EARLY_DATA_FILE)
     early_data = get_early_data_bytes(early_data_file, early_data_size)
@@ -320,8 +362,8 @@ def test_s2n_server_with_early_data_rejected(managed_process, tmp_path, cipher,
     server_options = copy.copy(options)
     server_options.mode = Provider.ServerMode
 
-    s2n_server = managed_process(S2N, server_options)
-    client = managed_process(provider, client_options)
+    s2n_server = managed_process(S2N, server_options, timeout=10)
+    client = managed_process(provider, client_options, timeout=10)
 
     for results in client.get_results():
         results.assert_success()
@@ -341,16 +383,21 @@ Test the S2N client attempting to send early data, but the server triggering a h
 We trigger the HRR by configuring the server to only accept curves that the S2N client
 does not send key shares for.
 """
+
+
 @pytest.mark.uncollect_if(func=invalid_test_parameters)
 @pytest.mark.parametrize("cipher", TLS13_CIPHERS, ids=get_parameter_name)
 @pytest.mark.parametrize("curve", S2N_HRR_CURVES, ids=get_parameter_name)
 @pytest.mark.parametrize("certificate", ALL_TEST_CERTS, ids=get_parameter_name)
 @pytest.mark.parametrize("protocol", [Protocols.TLS13], ids=get_parameter_name)
 @pytest.mark.parametrize("provider", SERVER_PROVIDERS, ids=get_parameter_name)
+@pytest.mark.parametrize("other_provider", [S2N], ids=get_parameter_name)
 @pytest.mark.parametrize("early_data_size", [int(MAX_EARLY_DATA/2), int(MAX_EARLY_DATA-1), MAX_EARLY_DATA, 1])
-def test_s2n_client_with_early_data_rejected_via_hrr(managed_process, tmp_path, cipher, curve, protocol, provider, certificate, early_data_size):
+def test_s2n_client_with_early_data_rejected_via_hrr(managed_process, tmp_path, cipher, curve, certificate, protocol,
+                                                     provider, other_provider, early_data_size):
     if provider == S2N:
-        pytest.skip("S2N does not respect ProviderOptions.curve, so does not trigger a retry")
+        pytest.skip(
+            "S2N does not respect ProviderOptions.curve, so does not trigger a retry")
 
     early_data_file = str(tmp_path / EARLY_DATA_FILE)
     early_data = get_early_data_bytes(early_data_file, early_data_size)
@@ -373,18 +420,19 @@ def test_s2n_client_with_early_data_rejected_via_hrr(managed_process, tmp_path,
 
     server_options = copy.copy(options)
     server_options.mode = Provider.ServerMode
-    server_options.key = certificate.key # Required for the initial connection
-    server_options.cert = certificate.cert # Required for the initial connection
+    server_options.key = certificate.key  # Required for the initial connection
+    server_options.cert = certificate.cert  # Required for the initial connection
     server_options.reconnects_before_exit = NUM_CONNECTIONS
 
-    server = managed_process(provider, server_options)
-    s2n_client = managed_process(S2N, client_options)
+    server = managed_process(provider, server_options, timeout=10)
+    s2n_client = managed_process(S2N, client_options, timeout=10)
 
     for results in s2n_client.get_results():
         results.assert_success()
         assert S2N_EARLY_DATA_MARKER not in results.stdout
         assert S2N_HRR_MARKER in results.stdout
-        assert results.stdout.count(to_bytes(S2N_EARLY_DATA_REJECTED_MARKER)) == NUM_RESUMES
+        assert results.stdout.count(
+            to_bytes(S2N_EARLY_DATA_REJECTED_MARKER)) == NUM_RESUMES
 
     for results in server.get_results():
         results.assert_success()
@@ -397,14 +445,18 @@ Test the S2N server rejecting early data because of a hello retry request.
 In order to trigger a successful retry, we need to force the peer to offer us a key share that
 S2N doesn't support while still supporting at least one curve S2N does support.
 """
+
+
 @pytest.mark.uncollect_if(func=invalid_test_parameters)
 @pytest.mark.parametrize("cipher", TLS13_CIPHERS, ids=get_parameter_name)
 @pytest.mark.parametrize("curve", ALL_TEST_CURVES, ids=get_parameter_name)
 @pytest.mark.parametrize("certificate", ALL_TEST_CERTS, ids=get_parameter_name)
 @pytest.mark.parametrize("protocol", [Protocols.TLS13], ids=get_parameter_name)
 @pytest.mark.parametrize("provider", CLIENT_PROVIDERS, ids=get_parameter_name)
+@pytest.mark.parametrize("other_provider", [S2N], ids=get_parameter_name)
 @pytest.mark.parametrize("early_data_size", [int(MAX_EARLY_DATA/2), int(MAX_EARLY_DATA-1), MAX_EARLY_DATA, 1])
-def test_s2n_server_with_early_data_rejected_via_hrr(managed_process, tmp_path, cipher, curve, protocol, provider, certificate, early_data_size):
+def test_s2n_server_with_early_data_rejected_via_hrr(managed_process, tmp_path, cipher, curve, certificate, protocol,
+                                                     provider, other_provider, early_data_size):
     ticket_file = str(tmp_path / TICKET_FILE)
     early_data_file = str(tmp_path / EARLY_DATA_FILE)
     early_data = get_early_data_bytes(early_data_file, early_data_size)
@@ -430,8 +482,8 @@ def test_s2n_server_with_early_data_rejected_via_hrr(managed_process, tmp_path,
     server_options = copy.copy(options)
     server_options.mode = Provider.ServerMode
 
-    s2n_server = managed_process(S2N, server_options)
-    client = managed_process(provider, client_options)
+    s2n_server = managed_process(S2N, server_options, timeout=10)
+    client = managed_process(provider, client_options, timeout=10)
 
     for results in client.get_results():
         results.assert_success()
@@ -449,17 +501,22 @@ def test_s2n_server_with_early_data_rejected_via_hrr(managed_process, tmp_path,
 """
 Test the S2N server fails if it receives too much early data.
 """
+
+
 @pytest.mark.uncollect_if(func=invalid_test_parameters)
 @pytest.mark.parametrize("cipher", TLS13_CIPHERS, ids=get_parameter_name)
 @pytest.mark.parametrize("curve", ALL_TEST_CURVES, ids=get_parameter_name)
 @pytest.mark.parametrize("certificate", ALL_TEST_CERTS, ids=get_parameter_name)
 @pytest.mark.parametrize("protocol", [Protocols.TLS13], ids=get_parameter_name)
 @pytest.mark.parametrize("provider", CLIENT_PROVIDERS, ids=get_parameter_name)
+@pytest.mark.parametrize("other_provider", [S2N], ids=get_parameter_name)
 @pytest.mark.parametrize("excess_early_data", [1, 10, MAX_EARLY_DATA])
-def test_s2n_server_with_early_data_max_exceeded(managed_process, tmp_path, cipher, curve, protocol, provider, certificate, excess_early_data):
+def test_s2n_server_with_early_data_max_exceeded(managed_process, tmp_path, cipher, curve, certificate, protocol,
+                                                 provider, other_provider, excess_early_data):
     ticket_file = str(tmp_path / TICKET_FILE)
     early_data_file = str(tmp_path / EARLY_DATA_FILE)
-    early_data = get_early_data_bytes(early_data_file, MAX_EARLY_DATA + excess_early_data)
+    early_data = get_early_data_bytes(
+        early_data_file, MAX_EARLY_DATA + excess_early_data)
 
     options = ProviderOptions(
         port=next(available_ports),
@@ -483,8 +540,8 @@ def test_s2n_server_with_early_data_max_exceeded(managed_process, tmp_path, ciph
     server_options = copy.copy(options)
     server_options.mode = Provider.ServerMode
 
-    s2n_server = managed_process(S2N, server_options)
-    client = managed_process(provider, client_options)
+    s2n_server = managed_process(S2N, server_options, timeout=10)
+    client = managed_process(provider, client_options, timeout=10)
 
     for results in client.get_results():
         """
@@ -502,6 +559,6 @@ def test_s2n_server_with_early_data_max_exceeded(managed_process, tmp_path, ciph
         # Full early data should not be reported
         assert early_data not in results.stdout
         # Partial early data should be reported
-        assert (to_bytes(S2N_EARLY_DATA_RECV_MARKER) + early_data[:MAX_EARLY_DATA]) in results.stdout
+        assert (to_bytes(S2N_EARLY_DATA_RECV_MARKER) +
+                early_data[:MAX_EARLY_DATA]) in results.stdout
         assert to_bytes("Bad message encountered") in results.stderr
-