Flatten out mbedtls_test_ssl_endpoint_certificate structure
No behavior change.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
diff --git a/tests/include/test/ssl_helpers.h b/tests/include/test/ssl_helpers.h
index 95bfdb6..f712660 100644
--- a/tests/include/test/ssl_helpers.h
+++ b/tests/include/test/ssl_helpers.h
@@ -187,15 +187,6 @@
#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
/*
- * Structure with endpoint's certificates for SSL communication tests.
- */
-typedef struct mbedtls_test_ssl_endpoint_certificate {
- mbedtls_x509_crt *ca_cert;
- mbedtls_x509_crt *cert;
- mbedtls_pk_context *pkey;
-} mbedtls_test_ssl_endpoint_certificate;
-
-/*
* Endpoint structure for SSL communication tests.
*/
typedef struct mbedtls_test_ssl_endpoint {
@@ -203,7 +194,11 @@
mbedtls_ssl_context ssl;
mbedtls_ssl_config conf;
mbedtls_test_mock_socket socket;
- mbedtls_test_ssl_endpoint_certificate cert;
+
+ /* Objects owned by the endpoint */
+ mbedtls_x509_crt *ca_chain;
+ mbedtls_x509_crt *cert;
+ mbedtls_pk_context *pkey;
} mbedtls_test_ssl_endpoint;
#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
@@ -432,8 +427,7 @@
#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
/*
- * Initializes \p ep_cert structure and assigns it to endpoint
- * represented by \p ep.
+ * Load default CA certificates and endpoint keys into \p ep.
*
* \retval 0 on success, otherwise error code.
*/
diff --git a/tests/src/test_helpers/ssl_helpers.c b/tests/src/test_helpers/ssl_helpers.c
index 3d4901c..dc34892 100644
--- a/tests/src/test_helpers/ssl_helpers.c
+++ b/tests/src/test_helpers/ssl_helpers.c
@@ -579,28 +579,25 @@
*/
static void test_ssl_endpoint_certificate_free(mbedtls_test_ssl_endpoint *ep)
{
- mbedtls_test_ssl_endpoint_certificate *cert = &(ep->cert);
- if (cert != NULL) {
- if (cert->ca_cert != NULL) {
- mbedtls_x509_crt_free(cert->ca_cert);
- mbedtls_free(cert->ca_cert);
- cert->ca_cert = NULL;
- }
- if (cert->cert != NULL) {
- mbedtls_x509_crt_free(cert->cert);
- mbedtls_free(cert->cert);
- cert->cert = NULL;
- }
- if (cert->pkey != NULL) {
+ if (ep->ca_chain != NULL) {
+ mbedtls_x509_crt_free(ep->ca_chain);
+ mbedtls_free(ep->ca_chain);
+ ep->ca_chain = NULL;
+ }
+ if (ep->cert != NULL) {
+ mbedtls_x509_crt_free(ep->cert);
+ mbedtls_free(ep->cert);
+ ep->cert = NULL;
+ }
+ if (ep->pkey != NULL) {
#if defined(MBEDTLS_USE_PSA_CRYPTO)
- if (mbedtls_pk_get_type(cert->pkey) == MBEDTLS_PK_OPAQUE) {
- psa_destroy_key(cert->pkey->priv_id);
- }
-#endif
- mbedtls_pk_free(cert->pkey);
- mbedtls_free(cert->pkey);
- cert->pkey = NULL;
+ if (mbedtls_pk_get_type(ep->pkey) == MBEDTLS_PK_OPAQUE) {
+ psa_destroy_key(ep->pkey->priv_id);
}
+#endif
+ mbedtls_pk_free(ep->pkey);
+ mbedtls_free(ep->pkey);
+ ep->pkey = NULL;
}
}
@@ -612,7 +609,6 @@
int i = 0;
int ret = -1;
int ok = 0;
- mbedtls_test_ssl_endpoint_certificate *cert = NULL;
#if defined(MBEDTLS_USE_PSA_CRYPTO)
mbedtls_svc_key_id_t key_slot = MBEDTLS_SVC_KEY_ID_INIT;
#endif
@@ -621,20 +617,19 @@
return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
}
- cert = &(ep->cert);
- TEST_CALLOC(cert->ca_cert, 1);
- TEST_CALLOC(cert->cert, 1);
- TEST_CALLOC(cert->pkey, 1);
+ TEST_CALLOC(ep->ca_chain, 1);
+ TEST_CALLOC(ep->cert, 1);
+ TEST_CALLOC(ep->pkey, 1);
- mbedtls_x509_crt_init(cert->ca_cert);
- mbedtls_x509_crt_init(cert->cert);
- mbedtls_pk_init(cert->pkey);
+ mbedtls_x509_crt_init(ep->ca_chain);
+ mbedtls_x509_crt_init(ep->cert);
+ mbedtls_pk_init(ep->pkey);
/* Load the trusted CA */
for (i = 0; mbedtls_test_cas_der[i] != NULL; i++) {
ret = mbedtls_x509_crt_parse_der(
- cert->ca_cert,
+ ep->ca_chain,
(const unsigned char *) mbedtls_test_cas_der[i],
mbedtls_test_cas_der_len[i]);
TEST_EQUAL(ret, 0);
@@ -645,25 +640,25 @@
if (ep->conf.endpoint == MBEDTLS_SSL_IS_SERVER) {
if (pk_alg == MBEDTLS_PK_RSA) {
ret = mbedtls_x509_crt_parse(
- cert->cert,
+ ep->cert,
(const unsigned char *) mbedtls_test_srv_crt_rsa_sha256_der,
mbedtls_test_srv_crt_rsa_sha256_der_len);
TEST_EQUAL(ret, 0);
ret = mbedtls_pk_parse_key(
- cert->pkey,
+ ep->pkey,
(const unsigned char *) mbedtls_test_srv_key_rsa_der,
mbedtls_test_srv_key_rsa_der_len, NULL, 0);
TEST_EQUAL(ret, 0);
} else {
ret = mbedtls_x509_crt_parse(
- cert->cert,
+ ep->cert,
(const unsigned char *) mbedtls_test_srv_crt_ec_der,
mbedtls_test_srv_crt_ec_der_len);
TEST_EQUAL(ret, 0);
ret = mbedtls_pk_parse_key(
- cert->pkey,
+ ep->pkey,
(const unsigned char *) mbedtls_test_srv_key_ec_der,
mbedtls_test_srv_key_ec_der_len, NULL, 0);
TEST_EQUAL(ret, 0);
@@ -671,25 +666,25 @@
} else {
if (pk_alg == MBEDTLS_PK_RSA) {
ret = mbedtls_x509_crt_parse(
- cert->cert,
+ ep->cert,
(const unsigned char *) mbedtls_test_cli_crt_rsa_der,
mbedtls_test_cli_crt_rsa_der_len);
TEST_EQUAL(ret, 0);
ret = mbedtls_pk_parse_key(
- cert->pkey,
+ ep->pkey,
(const unsigned char *) mbedtls_test_cli_key_rsa_der,
mbedtls_test_cli_key_rsa_der_len, NULL, 0);
TEST_EQUAL(ret, 0);
} else {
ret = mbedtls_x509_crt_parse(
- cert->cert,
+ ep->cert,
(const unsigned char *) mbedtls_test_cli_crt_ec_der,
mbedtls_test_cli_crt_ec_len);
TEST_EQUAL(ret, 0);
ret = mbedtls_pk_parse_key(
- cert->pkey,
+ ep->pkey,
(const unsigned char *) mbedtls_test_cli_key_ec_der,
mbedtls_test_cli_key_ec_der_len, NULL, 0);
TEST_EQUAL(ret, 0);
@@ -700,7 +695,7 @@
if (opaque_alg != 0) {
psa_key_attributes_t key_attr = PSA_KEY_ATTRIBUTES_INIT;
/* Use a fake key usage to get a successful initial guess for the PSA attributes. */
- TEST_EQUAL(mbedtls_pk_get_psa_attributes(cert->pkey, PSA_KEY_USAGE_SIGN_HASH,
+ TEST_EQUAL(mbedtls_pk_get_psa_attributes(ep->pkey, PSA_KEY_USAGE_SIGN_HASH,
&key_attr), 0);
/* Then manually usage, alg and alg2 as requested by the test. */
psa_set_key_usage_flags(&key_attr, opaque_usage);
@@ -708,10 +703,10 @@
if (opaque_alg2 != PSA_ALG_NONE) {
psa_set_key_enrollment_algorithm(&key_attr, opaque_alg2);
}
- TEST_EQUAL(mbedtls_pk_import_into_psa(cert->pkey, &key_attr, &key_slot), 0);
- mbedtls_pk_free(cert->pkey);
- mbedtls_pk_init(cert->pkey);
- TEST_EQUAL(mbedtls_pk_setup_opaque(cert->pkey, key_slot), 0);
+ TEST_EQUAL(mbedtls_pk_import_into_psa(ep->pkey, &key_attr, &key_slot), 0);
+ mbedtls_pk_free(ep->pkey);
+ mbedtls_pk_init(ep->pkey);
+ TEST_EQUAL(mbedtls_pk_setup_opaque(ep->pkey, key_slot), 0);
}
#else
(void) opaque_alg;
@@ -719,10 +714,10 @@
(void) opaque_usage;
#endif
- mbedtls_ssl_conf_ca_chain(&(ep->conf), cert->ca_cert, NULL);
+ mbedtls_ssl_conf_ca_chain(&(ep->conf), ep->ca_chain, NULL);
- ret = mbedtls_ssl_conf_own_cert(&(ep->conf), cert->cert,
- cert->pkey);
+ ret = mbedtls_ssl_conf_own_cert(&(ep->conf), ep->cert,
+ ep->pkey);
TEST_EQUAL(ret, 0);
TEST_ASSERT(ep->conf.key_cert != NULL);
@@ -730,8 +725,8 @@
TEST_EQUAL(ret, 0);
TEST_ASSERT(ep->conf.key_cert == NULL);
- ret = mbedtls_ssl_conf_own_cert(&(ep->conf), cert->cert,
- cert->pkey);
+ ret = mbedtls_ssl_conf_own_cert(&(ep->conf), ep->cert,
+ ep->pkey);
TEST_EQUAL(ret, 0);
ok = 1;