From 6e4d245b0060de4b46c1683f7400e22fc4b471fc Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Tue, 27 May 2025 17:13:52 +0200
Subject: [PATCH] Move certificate and key parsing to auxiliary functions

No behavior change.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 tests/src/test_helpers/ssl_helpers.c | 116 +++++++++++++++------------
 1 file changed, 65 insertions(+), 51 deletions(-)

diff --git a/tests/src/test_helpers/ssl_helpers.c b/tests/src/test_helpers/ssl_helpers.c
index c38d24aa8..68ac122f8 100644
--- a/tests/src/test_helpers/ssl_helpers.c
+++ b/tests/src/test_helpers/ssl_helpers.c
@@ -653,6 +653,68 @@ static void test_ssl_endpoint_certificate_free(mbedtls_test_ssl_endpoint *ep)
     }
 }
 
+static int load_endpoint_rsa(mbedtls_test_ssl_endpoint *ep)
+{
+    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+    if (ep->conf.endpoint == MBEDTLS_SSL_IS_SERVER) {
+        ret = mbedtls_x509_crt_parse(
+            ep->cert,
+            (const unsigned char *) mbedtls_test_srv_crt_rsa_sha256_der,
+            mbedtls_test_srv_crt_rsa_sha256_der_len);
+        TEST_EQUAL(ret, 0);
+        ret = mbedtls_pk_parse_key(
+            ep->pkey,
+            (const unsigned char *) mbedtls_test_srv_key_rsa_der,
+            mbedtls_test_srv_key_rsa_der_len, NULL, 0);
+        TEST_EQUAL(ret, 0);
+    } else {
+        ret = mbedtls_x509_crt_parse(
+            ep->cert,
+            (const unsigned char *) mbedtls_test_cli_crt_rsa_der,
+            mbedtls_test_cli_crt_rsa_der_len);
+        TEST_EQUAL(ret, 0);
+        ret = mbedtls_pk_parse_key(
+            ep->pkey,
+            (const unsigned char *) mbedtls_test_cli_key_rsa_der,
+            mbedtls_test_cli_key_rsa_der_len, NULL, 0);
+        TEST_EQUAL(ret, 0);
+    }
+
+exit:
+    return ret;
+}
+
+static int load_endpoint_ecc(mbedtls_test_ssl_endpoint *ep)
+{
+    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+    if (ep->conf.endpoint == MBEDTLS_SSL_IS_SERVER) {
+        ret = mbedtls_x509_crt_parse(
+            ep->cert,
+            (const unsigned char *) mbedtls_test_srv_crt_ec_der,
+            mbedtls_test_srv_crt_ec_der_len);
+        TEST_EQUAL(ret, 0);
+        ret = mbedtls_pk_parse_key(
+            ep->pkey,
+            (const unsigned char *) mbedtls_test_srv_key_ec_der,
+            mbedtls_test_srv_key_ec_der_len, NULL, 0);
+        TEST_EQUAL(ret, 0);
+    } else {
+        ret = mbedtls_x509_crt_parse(
+            ep->cert,
+            (const unsigned char *) mbedtls_test_cli_crt_ec_der,
+            mbedtls_test_cli_crt_ec_len);
+        TEST_EQUAL(ret, 0);
+        ret = mbedtls_pk_parse_key(
+            ep->pkey,
+            (const unsigned char *) mbedtls_test_cli_key_ec_der,
+            mbedtls_test_cli_key_ec_der_len, NULL, 0);
+        TEST_EQUAL(ret, 0);
+    }
+
+exit:
+    return ret;
+}
+
 int mbedtls_test_ssl_endpoint_certificate_init(mbedtls_test_ssl_endpoint *ep,
                                                int pk_alg,
                                                int opaque_alg, int opaque_alg2,
@@ -689,58 +751,10 @@ int mbedtls_test_ssl_endpoint_certificate_init(mbedtls_test_ssl_endpoint *ep,
 
     /* Load own certificate and private key */
 
-    if (ep->conf.endpoint == MBEDTLS_SSL_IS_SERVER) {
-        if (pk_alg == MBEDTLS_PK_RSA) {
-            ret = mbedtls_x509_crt_parse(
-                ep->cert,
-                (const unsigned char *) mbedtls_test_srv_crt_rsa_sha256_der,
-                mbedtls_test_srv_crt_rsa_sha256_der_len);
-            TEST_EQUAL(ret, 0);
-
-            ret = mbedtls_pk_parse_key(
-                ep->pkey,
-                (const unsigned char *) mbedtls_test_srv_key_rsa_der,
-                mbedtls_test_srv_key_rsa_der_len, NULL, 0);
-            TEST_EQUAL(ret, 0);
-        } else {
-            ret = mbedtls_x509_crt_parse(
-                ep->cert,
-                (const unsigned char *) mbedtls_test_srv_crt_ec_der,
-                mbedtls_test_srv_crt_ec_der_len);
-            TEST_EQUAL(ret, 0);
-
-            ret = mbedtls_pk_parse_key(
-                ep->pkey,
-                (const unsigned char *) mbedtls_test_srv_key_ec_der,
-                mbedtls_test_srv_key_ec_der_len, NULL, 0);
-            TEST_EQUAL(ret, 0);
-        }
+    if (pk_alg == MBEDTLS_PK_RSA) {
+        TEST_EQUAL(load_endpoint_rsa(ep), 0);
     } else {
-        if (pk_alg == MBEDTLS_PK_RSA) {
-            ret = mbedtls_x509_crt_parse(
-                ep->cert,
-                (const unsigned char *) mbedtls_test_cli_crt_rsa_der,
-                mbedtls_test_cli_crt_rsa_der_len);
-            TEST_EQUAL(ret, 0);
-
-            ret = mbedtls_pk_parse_key(
-                ep->pkey,
-                (const unsigned char *) mbedtls_test_cli_key_rsa_der,
-                mbedtls_test_cli_key_rsa_der_len, NULL, 0);
-            TEST_EQUAL(ret, 0);
-        } else {
-            ret = mbedtls_x509_crt_parse(
-                ep->cert,
-                (const unsigned char *) mbedtls_test_cli_crt_ec_der,
-                mbedtls_test_cli_crt_ec_len);
-            TEST_EQUAL(ret, 0);
-
-            ret = mbedtls_pk_parse_key(
-                ep->pkey,
-                (const unsigned char *) mbedtls_test_cli_key_ec_der,
-                mbedtls_test_cli_key_ec_der_len, NULL, 0);
-            TEST_EQUAL(ret, 0);
-        }
+        TEST_EQUAL(load_endpoint_ecc(ep), 0);
     }
 
 #if defined(MBEDTLS_USE_PSA_CRYPTO)