New auxiliary function mbedtls_test_ssl_dtls_join_endpoints

Create an auxiliary function to perform some endpoint setup that involves both the client and the server. This is only needed for DTLS. The code that will eventually be in this function is currently mostly in mbedtls_test_ssl_endpoint_init(). This commit adds the new function to the control flow; a subsequent commit will move the relevant code. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2025-09-21 19:37:38 -04:00 · 2025-05-27 20:15:03 +02:00 · 2025-05-27 20:15:03 +02:00 · b092e78ab3
commit b092e78ab3
parent 29969593e4
2 changed files with 35 additions and 0 deletions
--- a/tests/include/test/ssl_helpers.h
+++ b/tests/include/test/ssl_helpers.h
@ -450,6 +450,9 @@ int mbedtls_test_ssl_endpoint_certificate_init(mbedtls_test_ssl_endpoint *ep,
 * `mbedtls_test_ssl_endpoint_free()` after calling this function
 * even if it fails.
 *
+ * \note For DTLS, after calling this function on both endpoints,
+ *       call mbedtls_test_ssl_dtls_join_endpoints().
+ *
 * \p endpoint_type must be set as MBEDTLS_SSL_IS_SERVER or
 * MBEDTLS_SSL_IS_CLIENT.
 * \p pk_alg the algorithm to use, currently only MBEDTLS_PK_RSA and
@ -474,6 +477,21 @@ void mbedtls_test_ssl_endpoint_free(
    mbedtls_test_ssl_endpoint *ep,
    mbedtls_test_message_socket_context *context);

+/* Join a DTLS client with a DTLS server.
+ *
+ * You must call this function after setting up the endpoint objects
+ * and before starting a DTLS handshake.
+ *
+ * \param client    The client. It must have been set up with
+ *                  mbedtls_test_ssl_endpoint_init().
+ * \param server    The server. It must have been set up with
+ *                  mbedtls_test_ssl_endpoint_init().
+ *
+ * \retval  0 on success, otherwise error code.
+ */
+int mbedtls_test_ssl_dtls_join_endpoints(mbedtls_test_ssl_endpoint *client,
+                                         mbedtls_test_ssl_endpoint *server);
+
 /*
 * This function moves ssl handshake from \p ssl to prescribed \p state.
 * /p second_ssl is used as second endpoint and their sockets have to be
--- a/tests/src/test_helpers/ssl_helpers.c
+++ b/tests/src/test_helpers/ssl_helpers.c
@ -933,6 +933,19 @@ void mbedtls_test_ssl_endpoint_free(
    }
 }

+int mbedtls_test_ssl_dtls_join_endpoints(mbedtls_test_ssl_endpoint *client,
+                                         mbedtls_test_ssl_endpoint *server)
+{
+    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+
+    /* Nothing to do yet. */
+    (void) client;
+    (void) server;
+    ret = 0;
+
+    return ret;
+}
+
 int mbedtls_test_move_handshake_to_state(mbedtls_ssl_context *ssl,
                                         mbedtls_ssl_context *second_ssl,
                                         int state)
@ -2169,6 +2182,10 @@ void mbedtls_test_ssl_perform_handshake(

    mbedtls_ssl_conf_authmode(&server.conf, options->srv_auth_mode);

+    if (options->dtls) {
+        TEST_EQUAL(mbedtls_test_ssl_dtls_join_endpoints(&client, &server), 0);
+    }
+
 #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
    TEST_EQUAL(mbedtls_ssl_conf_max_frag_len(&(server.conf),
                                             (unsigned char) options->mfl),