mbedtls_test_ssl_endpoint_init: split configuration and setup

Split `mbedtls_test_ssl_endpoint_init()` into two separate stages: constructing the SSL configuration, and setting up an SSL session context with that configuration. No behavior change. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2025-09-23 04:26:46 -04:00 · 2025-06-01 21:53:52 +02:00 · 2025-06-01 21:53:52 +02:00 · 6edb76cba4
commit 6edb76cba4
parent 00eb072846
2 changed files with 80 additions and 12 deletions
--- a/tests/include/test/ssl_helpers.h
+++ b/tests/include/test/ssl_helpers.h
@ -447,18 +447,59 @@ int mbedtls_test_ssl_endpoint_certificate_init(mbedtls_test_ssl_endpoint *ep,
                                               int opaque_alg, int opaque_alg2,
                                               int opaque_usage);

-/*
- * Initializes \p ep structure. It is important to call
- * `mbedtls_test_ssl_endpoint_free()` after calling this function
- * even if it fails.
+/** Initialize the configuration in an SSL endpoint structure.
 *
- * \note For DTLS, after calling this function on both endpoints,
- *       call mbedtls_test_ssl_dtls_join_endpoints().
+ * \note You must call `mbedtls_test_ssl_endpoint_free()` after
+ * calling this function, even if it fails. This is necessary to
+ * free data that may have been stored in the endpoint structure.
 *
- * \p endpoint_type must be set as MBEDTLS_SSL_IS_SERVER or
- * MBEDTLS_SSL_IS_CLIENT.
- * \p pk_alg the algorithm to use, currently only MBEDTLS_PK_RSA and
- * MBEDTLS_PK_ECDSA are supported.
+ * \param[out] ep       The endpoint structure to configure.
+ * \param endpoint_type #MBEDTLS_SSL_IS_SERVER or #MBEDTLS_SSL_IS_CLIENT.
+ * \param[in] options   The options to use for configuring the endpoint
+ *                      structure.
+ *
+ * \retval  0 on success, otherwise error code.
+ */
+int mbedtls_test_ssl_endpoint_init_conf(
+    mbedtls_test_ssl_endpoint *ep, int endpoint_type,
+    const mbedtls_test_handshake_test_options *options);
+
+/** Initialize the session context in an endpoint structure.
+ *
+ * \note The endpoint structure must have been set up with
+ *       mbedtls_test_ssl_endpoint_init_conf() with the same \p options.
+ *       Between calling mbedtls_test_ssl_endpoint_init_conf() and
+ *       mbedtls_test_ssl_endpoint_init_ssl(), you may configure `ep->ssl`
+ *       further if you know what you're doing.
+ *
+ * \note You must call `mbedtls_test_ssl_endpoint_free()` after
+ * calling this function, even if it fails. This is necessary to
+ * free data that may have been stored in the endpoint structure.
+ *
+ * \param[out] ep       The endpoint structure to set up.
+ * \param[in] options   The options used for configuring the endpoint
+ *                      structure.
+ *
+ * \retval  0 on success, otherwise error code.
+ */
+int mbedtls_test_ssl_endpoint_init_ssl(
+    mbedtls_test_ssl_endpoint *ep,
+    const mbedtls_test_handshake_test_options *options);
+
+/** Initialize the configuration and a context in an SSL endpoint structure.
+ *
+ * This function is equivalent to calling
+ * mbedtls_test_ssl_endpoint_init_conf() followed by
+ * mbedtls_test_ssl_endpoint_init_ssl().
+ *
+ * \note You must call `mbedtls_test_ssl_endpoint_free()` after
+ * calling this function, even if it fails. This is necessary to
+ * free data that may have been stored in the endpoint structure.
+ *
+ * \param[out] ep       The endpoint structure to configure.
+ * \param endpoint_type #MBEDTLS_SSL_IS_SERVER or #MBEDTLS_SSL_IS_CLIENT.
+ * \param[in] options   The options to use for configuring the endpoint
+ *                      structure.
 *
 * \retval  0 on success, otherwise error code.
 */
--- a/tests/src/test_helpers/ssl_helpers.c
+++ b/tests/src/test_helpers/ssl_helpers.c
@ -800,7 +800,7 @@ exit:
    return ret;
 }

-int mbedtls_test_ssl_endpoint_init(
+int mbedtls_test_ssl_endpoint_init_conf(
    mbedtls_test_ssl_endpoint *ep, int endpoint_type,
    const mbedtls_test_handshake_test_options *options)
 {
@ -968,7 +968,22 @@ int mbedtls_test_ssl_endpoint_init(
               ep->user_data_cookie);
    mbedtls_ssl_conf_set_user_data_p(&ep->conf, ep);

-    /* We've finished the configuration. Now set up a context. */
+    return 0;
+
+exit:
+    if (ret == 0) {
+        /* Exiting due to a test assertion that isn't ret == 0 */
+        ret = -1;
+    }
+    return ret;
+}
+
+int mbedtls_test_ssl_endpoint_init_ssl(
+    mbedtls_test_ssl_endpoint *ep,
+    const mbedtls_test_handshake_test_options *options)
+{
+    int endpoint_type = mbedtls_ssl_conf_get_endpoint(&ep->conf);
+    int ret = -1;

    ret = mbedtls_ssl_setup(&(ep->ssl), &(ep->conf));
    TEST_EQUAL(ret, 0);
@ -1009,6 +1024,18 @@ exit:
    return ret;
 }

+int mbedtls_test_ssl_endpoint_init(
+    mbedtls_test_ssl_endpoint *ep, int endpoint_type,
+    const mbedtls_test_handshake_test_options *options)
+{
+    int ret = mbedtls_test_ssl_endpoint_init_conf(ep, endpoint_type, options);
+    if (ret != 0) {
+        return ret;
+    }
+    ret = mbedtls_test_ssl_endpoint_init_ssl(ep, options);
+    return ret;
+}
+
 void mbedtls_test_ssl_endpoint_free(
    mbedtls_test_ssl_endpoint *ep)
 {