commit b092e78ab3017df9addd531230141e1764b00036
author Gilles Peskine <Gilles.Peskine@arm.com> Tue May 27 20:15:03 2025 +0200
committer Gilles Peskine <Gilles.Peskine@arm.com> Wed May 28 20:23:22 2025 +0200
tree fa7196fe8be6a269c88be3dccd01a795a27e2962
parent 29969593e4edae8fa6d8ea713f294bb5c3acc434

New auxiliary function mbedtls_test_ssl_dtls_join_endpoints

Create an auxiliary function to perform some endpoint setup that involves
both the client and the server. This is only needed for DTLS.

The code that will eventually be in this function is currently mostly in
mbedtls_test_ssl_endpoint_init(). This commit adds the new function to the
control flow; a subsequent commit will move the relevant code.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>

tests/include/test/ssl_helpers.h

diff --git a/tests/include/test/ssl_helpers.h b/tests/include/test/ssl_helpers.h
index ec08d09..ca43663 100644
--- a/tests/include/test/ssl_helpers.h
+++ b/tests/include/test/ssl_helpers.h
@@ -450,6 +450,9 @@
  * `mbedtls_test_ssl_endpoint_free()` after calling this function
  * even if it fails.
  *
+ * \note For DTLS, after calling this function on both endpoints,
+ *       call mbedtls_test_ssl_dtls_join_endpoints().
+ *
  * \p endpoint_type must be set as MBEDTLS_SSL_IS_SERVER or
  * MBEDTLS_SSL_IS_CLIENT.
  * \p pk_alg the algorithm to use, currently only MBEDTLS_PK_RSA and
@@ -474,6 +477,21 @@
     mbedtls_test_ssl_endpoint *ep,
     mbedtls_test_message_socket_context *context);
 
+/* Join a DTLS client with a DTLS server.
+ *
+ * You must call this function after setting up the endpoint objects
+ * and before starting a DTLS handshake.
+ *
+ * \param client    The client. It must have been set up with
+ *                  mbedtls_test_ssl_endpoint_init().
+ * \param server    The server. It must have been set up with
+ *                  mbedtls_test_ssl_endpoint_init().
+ *
+ * \retval  0 on success, otherwise error code.
+ */
+int mbedtls_test_ssl_dtls_join_endpoints(mbedtls_test_ssl_endpoint *client,
+                                         mbedtls_test_ssl_endpoint *server);
+
 /*
  * This function moves ssl handshake from \p ssl to prescribed \p state.
  * /p second_ssl is used as second endpoint and their sockets have to be

tests/src/test_helpers/ssl_helpers.c

diff --git a/tests/src/test_helpers/ssl_helpers.c b/tests/src/test_helpers/ssl_helpers.c
index 580cc9b..f917acc 100644
--- a/tests/src/test_helpers/ssl_helpers.c
+++ b/tests/src/test_helpers/ssl_helpers.c
@@ -933,6 +933,19 @@
     }
 }
 
+int mbedtls_test_ssl_dtls_join_endpoints(mbedtls_test_ssl_endpoint *client,
+                                         mbedtls_test_ssl_endpoint *server)
+{
+    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+
+    /* Nothing to do yet. */
+    (void) client;
+    (void) server;
+    ret = 0;
+
+    return ret;
+}
+
 int mbedtls_test_move_handshake_to_state(mbedtls_ssl_context *ssl,
                                          mbedtls_ssl_context *second_ssl,
                                          int state)
@@ -2169,6 +2182,10 @@
 
     mbedtls_ssl_conf_authmode(&server.conf, options->srv_auth_mode);
 
+    if (options->dtls) {
+        TEST_EQUAL(mbedtls_test_ssl_dtls_join_endpoints(&client, &server), 0);
+    }
+
 #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
     TEST_EQUAL(mbedtls_ssl_conf_max_frag_len(&(server.conf),
                                              (unsigned char) options->mfl),