commit bd953400709fa70f780750f0e12e268367cfaec3
author Gilles Peskine <Gilles.Peskine@arm.com> Wed May 28 15:20:28 2025 +0200
committer Gilles Peskine <Gilles.Peskine@arm.com> Wed May 28 20:23:22 2025 +0200
tree 5d680672d6351427186ab3cd2a16203167e8d14a
parent e23a6d12fcae9f68da3dbb04974b11ac4b071ac3

Unify SSL version checks between client and server

Stop calling mbedtls_test_set_step() in
mbedtls_test_ssl_perform_handshake(). This leaves the caller free to use the
test step as they wish.

No behavior change.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>

tests/src/test_helpers/ssl_helpers.c

diff --git a/tests/src/test_helpers/ssl_helpers.c b/tests/src/test_helpers/ssl_helpers.c
index a638fb8..b11ca88 100644
--- a/tests/src/test_helpers/ssl_helpers.c
+++ b/tests/src/test_helpers/ssl_helpers.c
@@ -2016,15 +2016,23 @@
 #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
 static int check_ssl_version(
     mbedtls_ssl_protocol_version expected_negotiated_version,
-    const mbedtls_ssl_context *ssl)
+    const mbedtls_ssl_context *client,
+    const mbedtls_ssl_context *server)
 {
-    const char *version_string = mbedtls_ssl_get_version(ssl);
+    /* First check that both sides have chosen the same version.
+     * If so, we can make more sanity checks just on one side.
+     * If not, something is deeply wrong. */
+    TEST_EQUAL(client->tls_version, server->tls_version);
+
+    /* Make further checks on the client to validate that the
+     * reported data about the version is correct. */
+    const char *version_string = mbedtls_ssl_get_version(client);
     mbedtls_ssl_protocol_version version_number =
-        mbedtls_ssl_get_version_number(ssl);
+        mbedtls_ssl_get_version_number(client);
 
-    TEST_EQUAL(ssl->tls_version, expected_negotiated_version);
+    TEST_EQUAL(client->tls_version, expected_negotiated_version);
 
-    if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) {
+    if (client->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) {
         TEST_EQUAL(version_string[0], 'D');
         ++version_string;
     }
@@ -2383,18 +2391,11 @@
                0);
 
     TEST_EQUAL(mbedtls_ssl_is_handshake_over(&server->ssl), 1);
-    /* Check that both sides have negotiated the expected version. */
-    mbedtls_test_set_step(0);
-    if (!check_ssl_version(options->expected_negotiated_version,
-                           &client->ssl)) {
-        goto exit;
-    }
 
-    mbedtls_test_set_step(1);
-    if (!check_ssl_version(options->expected_negotiated_version,
-                           &server->ssl)) {
-        goto exit;
-    }
+    /* Check that both sides have negotiated the expected version. */
+    TEST_ASSERT(check_ssl_version(options->expected_negotiated_version,
+                                  &client->ssl,
+                                  &server->ssl));
 
     if (options->expected_ciphersuite != 0) {
         TEST_EQUAL(server->ssl.session->ciphersuite,