mbedtls_test_ssl_endpoint_init: split configuration and setup
Split `mbedtls_test_ssl_endpoint_init()` into two separate stages:
constructing the SSL configuration, and setting up an SSL session context
with that configuration.
No behavior change.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
diff --git a/tests/include/test/ssl_helpers.h b/tests/include/test/ssl_helpers.h
index 276b165..5bfdeda 100644
--- a/tests/include/test/ssl_helpers.h
+++ b/tests/include/test/ssl_helpers.h
@@ -447,18 +447,59 @@
int opaque_alg, int opaque_alg2,
int opaque_usage);
-/*
- * Initializes \p ep structure. It is important to call
- * `mbedtls_test_ssl_endpoint_free()` after calling this function
- * even if it fails.
+/** Initialize the configuration in an SSL endpoint structure.
*
- * \note For DTLS, after calling this function on both endpoints,
- * call mbedtls_test_ssl_dtls_join_endpoints().
+ * \note You must call `mbedtls_test_ssl_endpoint_free()` after
+ * calling this function, even if it fails. This is necessary to
+ * free data that may have been stored in the endpoint structure.
*
- * \p endpoint_type must be set as MBEDTLS_SSL_IS_SERVER or
- * MBEDTLS_SSL_IS_CLIENT.
- * \p pk_alg the algorithm to use, currently only MBEDTLS_PK_RSA and
- * MBEDTLS_PK_ECDSA are supported.
+ * \param[out] ep The endpoint structure to configure.
+ * \param endpoint_type #MBEDTLS_SSL_IS_SERVER or #MBEDTLS_SSL_IS_CLIENT.
+ * \param[in] options The options to use for configuring the endpoint
+ * structure.
+ *
+ * \retval 0 on success, otherwise error code.
+ */
+int mbedtls_test_ssl_endpoint_init_conf(
+ mbedtls_test_ssl_endpoint *ep, int endpoint_type,
+ const mbedtls_test_handshake_test_options *options);
+
+/** Initialize the session context in an endpoint structure.
+ *
+ * \note The endpoint structure must have been set up with
+ * mbedtls_test_ssl_endpoint_init_conf() with the same \p options.
+ * Between calling mbedtls_test_ssl_endpoint_init_conf() and
+ * mbedtls_test_ssl_endpoint_init_ssl(), you may configure `ep->ssl`
+ * further if you know what you're doing.
+ *
+ * \note You must call `mbedtls_test_ssl_endpoint_free()` after
+ * calling this function, even if it fails. This is necessary to
+ * free data that may have been stored in the endpoint structure.
+ *
+ * \param[out] ep The endpoint structure to set up.
+ * \param[in] options The options used for configuring the endpoint
+ * structure.
+ *
+ * \retval 0 on success, otherwise error code.
+ */
+int mbedtls_test_ssl_endpoint_init_ssl(
+ mbedtls_test_ssl_endpoint *ep,
+ const mbedtls_test_handshake_test_options *options);
+
+/** Initialize the configuration and a context in an SSL endpoint structure.
+ *
+ * This function is equivalent to calling
+ * mbedtls_test_ssl_endpoint_init_conf() followed by
+ * mbedtls_test_ssl_endpoint_init_ssl().
+ *
+ * \note You must call `mbedtls_test_ssl_endpoint_free()` after
+ * calling this function, even if it fails. This is necessary to
+ * free data that may have been stored in the endpoint structure.
+ *
+ * \param[out] ep The endpoint structure to configure.
+ * \param endpoint_type #MBEDTLS_SSL_IS_SERVER or #MBEDTLS_SSL_IS_CLIENT.
+ * \param[in] options The options to use for configuring the endpoint
+ * structure.
*
* \retval 0 on success, otherwise error code.
*/
diff --git a/tests/src/test_helpers/ssl_helpers.c b/tests/src/test_helpers/ssl_helpers.c
index f92b93b..e6c082e 100644
--- a/tests/src/test_helpers/ssl_helpers.c
+++ b/tests/src/test_helpers/ssl_helpers.c
@@ -800,7 +800,7 @@
return ret;
}
-int mbedtls_test_ssl_endpoint_init(
+int mbedtls_test_ssl_endpoint_init_conf(
mbedtls_test_ssl_endpoint *ep, int endpoint_type,
const mbedtls_test_handshake_test_options *options)
{
@@ -968,7 +968,22 @@
ep->user_data_cookie);
mbedtls_ssl_conf_set_user_data_p(&ep->conf, ep);
- /* We've finished the configuration. Now set up a context. */
+ return 0;
+
+exit:
+ if (ret == 0) {
+ /* Exiting due to a test assertion that isn't ret == 0 */
+ ret = -1;
+ }
+ return ret;
+}
+
+int mbedtls_test_ssl_endpoint_init_ssl(
+ mbedtls_test_ssl_endpoint *ep,
+ const mbedtls_test_handshake_test_options *options)
+{
+ int endpoint_type = mbedtls_ssl_conf_get_endpoint(&ep->conf);
+ int ret = -1;
ret = mbedtls_ssl_setup(&(ep->ssl), &(ep->conf));
TEST_EQUAL(ret, 0);
@@ -1009,6 +1024,18 @@
return ret;
}
+int mbedtls_test_ssl_endpoint_init(
+ mbedtls_test_ssl_endpoint *ep, int endpoint_type,
+ const mbedtls_test_handshake_test_options *options)
+{
+ int ret = mbedtls_test_ssl_endpoint_init_conf(ep, endpoint_type, options);
+ if (ret != 0) {
+ return ret;
+ }
+ ret = mbedtls_test_ssl_endpoint_init_ssl(ep, options);
+ return ret;
+}
+
void mbedtls_test_ssl_endpoint_free(
mbedtls_test_ssl_endpoint *ep)
{