Merge pull request #10197 from gilles-peskine-arm/ssl_helpers-split_perform_handshake-dev
Break down mbedtls_test_ssl_perform_handshake
diff --git a/ChangeLog.d/mbedtls_ssl_conf_alpn_protocols.txt b/ChangeLog.d/mbedtls_ssl_conf_alpn_protocols.txt
new file mode 100644
index 0000000..0e396bb
--- /dev/null
+++ b/ChangeLog.d/mbedtls_ssl_conf_alpn_protocols.txt
@@ -0,0 +1,4 @@
+API changes
+ * The list passed to mbedtls_ssl_conf_alpn_protocols() is now declared
+ as having const elements, reflecting the fact that the library will
+ not modify it
diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index 59bd2f7..7ea0174 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -1559,7 +1559,7 @@
#endif /* MBEDTLS_SSL_EARLY_DATA */
#if defined(MBEDTLS_SSL_ALPN)
- const char **MBEDTLS_PRIVATE(alpn_list); /*!< ordered list of protocols */
+ const char *const *MBEDTLS_PRIVATE(alpn_list); /*!< ordered list of protocols */
#endif
#if defined(MBEDTLS_SSL_DTLS_SRTP)
@@ -4001,7 +4001,8 @@
*
* \return 0 on success, or MBEDTLS_ERR_SSL_BAD_INPUT_DATA.
*/
-int mbedtls_ssl_conf_alpn_protocols(mbedtls_ssl_config *conf, const char **protos);
+int mbedtls_ssl_conf_alpn_protocols(mbedtls_ssl_config *conf,
+ const char *const *protos);
/**
* \brief Get the name of the negotiated Application Layer Protocol.
diff --git a/library/ssl_client.c b/library/ssl_client.c
index cb57a97..307da0f 100644
--- a/library/ssl_client.c
+++ b/library/ssl_client.c
@@ -141,7 +141,7 @@
* ProtocolName protocol_name_list<2..2^16-1>
* } ProtocolNameList;
*/
- for (const char **cur = ssl->conf->alpn_list; *cur != NULL; cur++) {
+ for (const char *const *cur = ssl->conf->alpn_list; *cur != NULL; cur++) {
/*
* mbedtls_ssl_conf_set_alpn_protocols() checked that the length of
* protocol names is less than 255.
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 519b5b4..051fce3 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -2534,10 +2534,11 @@
#endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */
#if defined(MBEDTLS_SSL_ALPN)
-int mbedtls_ssl_conf_alpn_protocols(mbedtls_ssl_config *conf, const char **protos)
+int mbedtls_ssl_conf_alpn_protocols(mbedtls_ssl_config *conf,
+ const char *const *protos)
{
size_t cur_len, tot_len;
- const char **p;
+ const char *const *p;
/*
* RFC 7301 3.1: "Empty strings MUST NOT be included and byte strings
@@ -5111,7 +5112,7 @@
#if defined(MBEDTLS_SSL_ALPN)
{
uint8_t alpn_len;
- const char **cur;
+ const char *const *cur;
if ((size_t) (end - p) < 1) {
return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
@@ -8547,7 +8548,7 @@
}
/* Use our order of preference */
- for (const char **alpn = ssl->conf->alpn_list; *alpn != NULL; alpn++) {
+ for (const char *const *alpn = ssl->conf->alpn_list; *alpn != NULL; alpn++) {
size_t const alpn_len = strlen(*alpn);
p = protocol_name_list;
while (p < protocol_name_list_end) {
diff --git a/library/ssl_tls12_client.c b/library/ssl_tls12_client.c
index 9af175b..b244921 100644
--- a/library/ssl_tls12_client.c
+++ b/library/ssl_tls12_client.c
@@ -869,7 +869,7 @@
const unsigned char *buf, size_t len)
{
size_t list_len, name_len;
- const char **p;
+ const char *const *p;
/* If we didn't send it, the server shouldn't send it */
if (ssl->conf->alpn_list == NULL) {
diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c
index 9386801..b7b075c 100644
--- a/library/ssl_tls13_client.c
+++ b/library/ssl_tls13_client.c
@@ -158,7 +158,7 @@
/* Check that the server chosen protocol was in our list and save it */
MBEDTLS_SSL_CHK_BUF_READ_PTR(p, protocol_name_list_end, protocol_name_len);
- for (const char **alpn = ssl->conf->alpn_list; *alpn != NULL; alpn++) {
+ for (const char *const *alpn = ssl->conf->alpn_list; *alpn != NULL; alpn++) {
if (protocol_name_len == strlen(*alpn) &&
memcmp(p, *alpn, protocol_name_len) == 0) {
ssl->alpn_chosen = *alpn;
diff --git a/tests/include/test/ssl_helpers.h b/tests/include/test/ssl_helpers.h
index 95bfdb6..5bfdeda 100644
--- a/tests/include/test/ssl_helpers.h
+++ b/tests/include/test/ssl_helpers.h
@@ -187,15 +187,6 @@
#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
/*
- * Structure with endpoint's certificates for SSL communication tests.
- */
-typedef struct mbedtls_test_ssl_endpoint_certificate {
- mbedtls_x509_crt *ca_cert;
- mbedtls_x509_crt *cert;
- mbedtls_pk_context *pkey;
-} mbedtls_test_ssl_endpoint_certificate;
-
-/*
* Endpoint structure for SSL communication tests.
*/
typedef struct mbedtls_test_ssl_endpoint {
@@ -203,7 +194,22 @@
mbedtls_ssl_context ssl;
mbedtls_ssl_config conf;
mbedtls_test_mock_socket socket;
- mbedtls_test_ssl_endpoint_certificate cert;
+ uintptr_t user_data_cookie; /* A unique value associated with this endpoint */
+
+ /* Objects only used by DTLS.
+ * They should be guarded by MBEDTLS_SSL_PROTO_DTLS, but
+ * currently aren't because some code accesses them without guards. */
+ mbedtls_test_message_socket_context dtls_context;
+#if defined(MBEDTLS_TIMING_C)
+ mbedtls_timing_delay_context timer;
+#endif
+
+ /* Objects owned by the endpoint */
+ int *ciphersuites;
+ mbedtls_test_ssl_message_queue queue_input;
+ mbedtls_x509_crt *ca_chain;
+ mbedtls_x509_crt *cert;
+ mbedtls_pk_context *pkey;
} mbedtls_test_ssl_endpoint;
#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
@@ -432,8 +438,7 @@
#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
/*
- * Initializes \p ep_cert structure and assigns it to endpoint
- * represented by \p ep.
+ * Load default CA certificates and endpoint keys into \p ep.
*
* \retval 0 on success, otherwise error code.
*/
@@ -442,34 +447,85 @@
int opaque_alg, int opaque_alg2,
int opaque_usage);
-/*
- * Initializes \p ep structure. It is important to call
- * `mbedtls_test_ssl_endpoint_free()` after calling this function
- * even if it fails.
+/** Initialize the configuration in an SSL endpoint structure.
*
- * \p endpoint_type must be set as MBEDTLS_SSL_IS_SERVER or
- * MBEDTLS_SSL_IS_CLIENT.
- * \p pk_alg the algorithm to use, currently only MBEDTLS_PK_RSA and
- * MBEDTLS_PK_ECDSA are supported.
- * \p dtls_context - in case of DTLS - this is the context handling metadata.
- * \p input_queue - used only in case of DTLS.
- * \p output_queue - used only in case of DTLS.
+ * \note You must call `mbedtls_test_ssl_endpoint_free()` after
+ * calling this function, even if it fails. This is necessary to
+ * free data that may have been stored in the endpoint structure.
+ *
+ * \param[out] ep The endpoint structure to configure.
+ * \param endpoint_type #MBEDTLS_SSL_IS_SERVER or #MBEDTLS_SSL_IS_CLIENT.
+ * \param[in] options The options to use for configuring the endpoint
+ * structure.
+ *
+ * \retval 0 on success, otherwise error code.
+ */
+int mbedtls_test_ssl_endpoint_init_conf(
+ mbedtls_test_ssl_endpoint *ep, int endpoint_type,
+ const mbedtls_test_handshake_test_options *options);
+
+/** Initialize the session context in an endpoint structure.
+ *
+ * \note The endpoint structure must have been set up with
+ * mbedtls_test_ssl_endpoint_init_conf() with the same \p options.
+ * Between calling mbedtls_test_ssl_endpoint_init_conf() and
+ * mbedtls_test_ssl_endpoint_init_ssl(), you may configure `ep->ssl`
+ * further if you know what you're doing.
+ *
+ * \note You must call `mbedtls_test_ssl_endpoint_free()` after
+ * calling this function, even if it fails. This is necessary to
+ * free data that may have been stored in the endpoint structure.
+ *
+ * \param[out] ep The endpoint structure to set up.
+ * \param[in] options The options used for configuring the endpoint
+ * structure.
+ *
+ * \retval 0 on success, otherwise error code.
+ */
+int mbedtls_test_ssl_endpoint_init_ssl(
+ mbedtls_test_ssl_endpoint *ep,
+ const mbedtls_test_handshake_test_options *options);
+
+/** Initialize the configuration and a context in an SSL endpoint structure.
+ *
+ * This function is equivalent to calling
+ * mbedtls_test_ssl_endpoint_init_conf() followed by
+ * mbedtls_test_ssl_endpoint_init_ssl().
+ *
+ * \note You must call `mbedtls_test_ssl_endpoint_free()` after
+ * calling this function, even if it fails. This is necessary to
+ * free data that may have been stored in the endpoint structure.
+ *
+ * \param[out] ep The endpoint structure to configure.
+ * \param endpoint_type #MBEDTLS_SSL_IS_SERVER or #MBEDTLS_SSL_IS_CLIENT.
+ * \param[in] options The options to use for configuring the endpoint
+ * structure.
*
* \retval 0 on success, otherwise error code.
*/
int mbedtls_test_ssl_endpoint_init(
mbedtls_test_ssl_endpoint *ep, int endpoint_type,
- mbedtls_test_handshake_test_options *options,
- mbedtls_test_message_socket_context *dtls_context,
- mbedtls_test_ssl_message_queue *input_queue,
- mbedtls_test_ssl_message_queue *output_queue);
+ const mbedtls_test_handshake_test_options *options);
/*
* Deinitializes endpoint represented by \p ep.
*/
-void mbedtls_test_ssl_endpoint_free(
- mbedtls_test_ssl_endpoint *ep,
- mbedtls_test_message_socket_context *context);
+void mbedtls_test_ssl_endpoint_free(mbedtls_test_ssl_endpoint *ep);
+
+/* Join a DTLS client with a DTLS server.
+ *
+ * You must call this function after setting up the endpoint objects
+ * and before starting a DTLS handshake.
+ *
+ * \param client The client. It must have been set up with
+ * mbedtls_test_ssl_endpoint_init().
+ * \param server The server. It must have been set up with
+ * mbedtls_test_ssl_endpoint_init().
+ *
+ * \retval 0 on success, otherwise error code.
+ */
+int mbedtls_test_ssl_dtls_join_endpoints(mbedtls_test_ssl_endpoint *client,
+ mbedtls_test_ssl_endpoint *server);
/*
* This function moves ssl handshake from \p ssl to prescribed \p state.
@@ -610,8 +666,51 @@
#endif /* defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) */
#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
+/** Perform an SSL handshake and exchange data over the connection.
+ *
+ * This function also handles cases where the handshake is expected to fail.
+ *
+ * If the handshake succeeds as expected, this function validates that
+ * connection parameters are as expected, exchanges data over the
+ * connection, and exercises some optional protocol features if they
+ * are enabled. See the code to see what features are validated and exercised.
+ *
+ * The handshake is expected to fail in the following cases:
+ * - If `options->expected_handshake_result != 0`.
+ * - If `options->expected_negotiated_version == MBEDTLS_SSL_VERSION_UNKNOWN`.
+ *
+ * \param[in] options Options for the connection.
+ * \param client The client endpoint. It must have been set up with
+ * mbedtls_test_ssl_endpoint_init() with \p options
+ * and #MBEDTLS_SSL_IS_CLIENT.
+ * \param server The server endpoint. It must have been set up with
+ * mbedtls_test_ssl_endpoint_init() with \p options
+ * and #MBEDTLS_SSL_IS_CLIENT.
+ *
+ * \return 1 on success, 0 on failure. On failure, this function
+ * calls mbedtls_test_fail(), indicating the failure
+ * reason and location. The causes of failure are:
+ * - Inconsistent options or bad endpoint state.
+ * - Operational problem during the handshake.
+ * - The handshake was expected to pass, but failed.
+ * - The handshake was expected to fail, but passed or
+ * failed with a different result.
+ * - The handshake passed as expected, but some connection
+ * parameter (e.g. protocol version, cipher suite, ...)
+ * is not as expected.
+ * - The handshake passed as expected, but something
+ * went wrong when attempting to exchange data.
+ * - The handshake passed as expected, but something
+ * went wrong when exercising other features
+ * (e.g. renegotiation, serialization, ...).
+ */
+int mbedtls_test_ssl_perform_connection(
+ const mbedtls_test_handshake_test_options *options,
+ mbedtls_test_ssl_endpoint *client,
+ mbedtls_test_ssl_endpoint *server);
+
void mbedtls_test_ssl_perform_handshake(
- mbedtls_test_handshake_test_options *options);
+ const mbedtls_test_handshake_test_options *options);
#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
#if defined(MBEDTLS_TEST_HOOKS)
diff --git a/tests/src/test_helpers/ssl_helpers.c b/tests/src/test_helpers/ssl_helpers.c
index 1eed8ab..e6c082e 100644
--- a/tests/src/test_helpers/ssl_helpers.c
+++ b/tests/src/test_helpers/ssl_helpers.c
@@ -71,7 +71,7 @@
opts->server_max_version = MBEDTLS_SSL_VERSION_UNKNOWN;
opts->expected_negotiated_version = MBEDTLS_SSL_VERSION_TLS1_3;
opts->pk_alg = MBEDTLS_PK_RSA;
- opts->srv_auth_mode = MBEDTLS_SSL_VERIFY_NONE;
+ opts->srv_auth_mode = MBEDTLS_SSL_VERIFY_REQUIRED;
opts->mfl = MBEDTLS_SSL_MAX_FRAG_LEN_NONE;
opts->cli_msg_len = 100;
opts->srv_msg_len = 100;
@@ -572,36 +572,147 @@
return (msg_len > INT_MAX) ? INT_MAX : (int) msg_len;
}
+
+#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) && \
+ defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) && \
+ defined(MBEDTLS_SSL_SRV_C)
+static int psk_dummy_callback(void *p_info, mbedtls_ssl_context *ssl,
+ const unsigned char *name, size_t name_len)
+{
+ (void) p_info;
+ (void) ssl;
+ (void) name;
+ (void) name_len;
+
+ return 0;
+}
+#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED &&
+ MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED &&
+ MBEDTLS_SSL_SRV_C */
+
#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
+static int set_ciphersuite(mbedtls_test_ssl_endpoint *ep,
+ const char *cipher)
+{
+ if (cipher == NULL || cipher[0] == 0) {
+ return 1;
+ }
+
+ int ok = 0;
+
+ TEST_CALLOC(ep->ciphersuites, 2);
+ ep->ciphersuites[0] = mbedtls_ssl_get_ciphersuite_id(cipher);
+ ep->ciphersuites[1] = 0;
+
+ const mbedtls_ssl_ciphersuite_t *ciphersuite_info =
+ mbedtls_ssl_ciphersuite_from_id(ep->ciphersuites[0]);
+
+ TEST_ASSERT(ciphersuite_info != NULL);
+ TEST_ASSERT(ciphersuite_info->min_tls_version <= ep->conf.max_tls_version);
+ TEST_ASSERT(ciphersuite_info->max_tls_version >= ep->conf.min_tls_version);
+
+ if (ep->conf.max_tls_version > ciphersuite_info->max_tls_version) {
+ ep->conf.max_tls_version = (mbedtls_ssl_protocol_version) ciphersuite_info->max_tls_version;
+ }
+ if (ep->conf.min_tls_version < ciphersuite_info->min_tls_version) {
+ ep->conf.min_tls_version = (mbedtls_ssl_protocol_version) ciphersuite_info->min_tls_version;
+ }
+
+ mbedtls_ssl_conf_ciphersuites(&ep->conf, ep->ciphersuites);
+ ok = 1;
+
+exit:
+ return ok;
+}
+
/*
* Deinitializes certificates from endpoint represented by \p ep.
*/
static void test_ssl_endpoint_certificate_free(mbedtls_test_ssl_endpoint *ep)
{
- mbedtls_test_ssl_endpoint_certificate *cert = &(ep->cert);
- if (cert != NULL) {
- if (cert->ca_cert != NULL) {
- mbedtls_x509_crt_free(cert->ca_cert);
- mbedtls_free(cert->ca_cert);
- cert->ca_cert = NULL;
- }
- if (cert->cert != NULL) {
- mbedtls_x509_crt_free(cert->cert);
- mbedtls_free(cert->cert);
- cert->cert = NULL;
- }
- if (cert->pkey != NULL) {
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
- if (mbedtls_pk_get_type(cert->pkey) == MBEDTLS_PK_OPAQUE) {
- psa_destroy_key(cert->pkey->priv_id);
- }
-#endif
- mbedtls_pk_free(cert->pkey);
- mbedtls_free(cert->pkey);
- cert->pkey = NULL;
- }
+ if (ep->ca_chain != NULL) {
+ mbedtls_x509_crt_free(ep->ca_chain);
+ mbedtls_free(ep->ca_chain);
+ ep->ca_chain = NULL;
}
+ if (ep->cert != NULL) {
+ mbedtls_x509_crt_free(ep->cert);
+ mbedtls_free(ep->cert);
+ ep->cert = NULL;
+ }
+ if (ep->pkey != NULL) {
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ if (mbedtls_pk_get_type(ep->pkey) == MBEDTLS_PK_OPAQUE) {
+ psa_destroy_key(ep->pkey->priv_id);
+ }
+#endif
+ mbedtls_pk_free(ep->pkey);
+ mbedtls_free(ep->pkey);
+ ep->pkey = NULL;
+ }
+}
+
+static int load_endpoint_rsa(mbedtls_test_ssl_endpoint *ep)
+{
+ int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+ if (ep->conf.endpoint == MBEDTLS_SSL_IS_SERVER) {
+ ret = mbedtls_x509_crt_parse(
+ ep->cert,
+ (const unsigned char *) mbedtls_test_srv_crt_rsa_sha256_der,
+ mbedtls_test_srv_crt_rsa_sha256_der_len);
+ TEST_EQUAL(ret, 0);
+ ret = mbedtls_pk_parse_key(
+ ep->pkey,
+ (const unsigned char *) mbedtls_test_srv_key_rsa_der,
+ mbedtls_test_srv_key_rsa_der_len, NULL, 0);
+ TEST_EQUAL(ret, 0);
+ } else {
+ ret = mbedtls_x509_crt_parse(
+ ep->cert,
+ (const unsigned char *) mbedtls_test_cli_crt_rsa_der,
+ mbedtls_test_cli_crt_rsa_der_len);
+ TEST_EQUAL(ret, 0);
+ ret = mbedtls_pk_parse_key(
+ ep->pkey,
+ (const unsigned char *) mbedtls_test_cli_key_rsa_der,
+ mbedtls_test_cli_key_rsa_der_len, NULL, 0);
+ TEST_EQUAL(ret, 0);
+ }
+
+exit:
+ return ret;
+}
+
+static int load_endpoint_ecc(mbedtls_test_ssl_endpoint *ep)
+{
+ int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+ if (ep->conf.endpoint == MBEDTLS_SSL_IS_SERVER) {
+ ret = mbedtls_x509_crt_parse(
+ ep->cert,
+ (const unsigned char *) mbedtls_test_srv_crt_ec_der,
+ mbedtls_test_srv_crt_ec_der_len);
+ TEST_EQUAL(ret, 0);
+ ret = mbedtls_pk_parse_key(
+ ep->pkey,
+ (const unsigned char *) mbedtls_test_srv_key_ec_der,
+ mbedtls_test_srv_key_ec_der_len, NULL, 0);
+ TEST_EQUAL(ret, 0);
+ } else {
+ ret = mbedtls_x509_crt_parse(
+ ep->cert,
+ (const unsigned char *) mbedtls_test_cli_crt_ec_der,
+ mbedtls_test_cli_crt_ec_len);
+ TEST_EQUAL(ret, 0);
+ ret = mbedtls_pk_parse_key(
+ ep->pkey,
+ (const unsigned char *) mbedtls_test_cli_key_ec_der,
+ mbedtls_test_cli_key_ec_der_len, NULL, 0);
+ TEST_EQUAL(ret, 0);
+ }
+
+exit:
+ return ret;
}
int mbedtls_test_ssl_endpoint_certificate_init(mbedtls_test_ssl_endpoint *ep,
@@ -612,7 +723,6 @@
int i = 0;
int ret = -1;
int ok = 0;
- mbedtls_test_ssl_endpoint_certificate *cert = NULL;
#if defined(MBEDTLS_USE_PSA_CRYPTO)
mbedtls_svc_key_id_t key_slot = MBEDTLS_SVC_KEY_ID_INIT;
#endif
@@ -621,86 +731,37 @@
return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
}
- cert = &(ep->cert);
- TEST_CALLOC(cert->ca_cert, 1);
- TEST_CALLOC(cert->cert, 1);
- TEST_CALLOC(cert->pkey, 1);
+ TEST_CALLOC(ep->ca_chain, 1);
+ TEST_CALLOC(ep->cert, 1);
+ TEST_CALLOC(ep->pkey, 1);
- mbedtls_x509_crt_init(cert->ca_cert);
- mbedtls_x509_crt_init(cert->cert);
- mbedtls_pk_init(cert->pkey);
+ mbedtls_x509_crt_init(ep->ca_chain);
+ mbedtls_x509_crt_init(ep->cert);
+ mbedtls_pk_init(ep->pkey);
/* Load the trusted CA */
for (i = 0; mbedtls_test_cas_der[i] != NULL; i++) {
ret = mbedtls_x509_crt_parse_der(
- cert->ca_cert,
+ ep->ca_chain,
(const unsigned char *) mbedtls_test_cas_der[i],
mbedtls_test_cas_der_len[i]);
- TEST_ASSERT(ret == 0);
+ TEST_EQUAL(ret, 0);
}
/* Load own certificate and private key */
- if (ep->conf.endpoint == MBEDTLS_SSL_IS_SERVER) {
- if (pk_alg == MBEDTLS_PK_RSA) {
- ret = mbedtls_x509_crt_parse(
- cert->cert,
- (const unsigned char *) mbedtls_test_srv_crt_rsa_sha256_der,
- mbedtls_test_srv_crt_rsa_sha256_der_len);
- TEST_ASSERT(ret == 0);
-
- ret = mbedtls_pk_parse_key(
- cert->pkey,
- (const unsigned char *) mbedtls_test_srv_key_rsa_der,
- mbedtls_test_srv_key_rsa_der_len, NULL, 0);
- TEST_ASSERT(ret == 0);
- } else {
- ret = mbedtls_x509_crt_parse(
- cert->cert,
- (const unsigned char *) mbedtls_test_srv_crt_ec_der,
- mbedtls_test_srv_crt_ec_der_len);
- TEST_ASSERT(ret == 0);
-
- ret = mbedtls_pk_parse_key(
- cert->pkey,
- (const unsigned char *) mbedtls_test_srv_key_ec_der,
- mbedtls_test_srv_key_ec_der_len, NULL, 0);
- TEST_ASSERT(ret == 0);
- }
+ if (pk_alg == MBEDTLS_PK_RSA) {
+ TEST_EQUAL(load_endpoint_rsa(ep), 0);
} else {
- if (pk_alg == MBEDTLS_PK_RSA) {
- ret = mbedtls_x509_crt_parse(
- cert->cert,
- (const unsigned char *) mbedtls_test_cli_crt_rsa_der,
- mbedtls_test_cli_crt_rsa_der_len);
- TEST_ASSERT(ret == 0);
-
- ret = mbedtls_pk_parse_key(
- cert->pkey,
- (const unsigned char *) mbedtls_test_cli_key_rsa_der,
- mbedtls_test_cli_key_rsa_der_len, NULL, 0);
- TEST_ASSERT(ret == 0);
- } else {
- ret = mbedtls_x509_crt_parse(
- cert->cert,
- (const unsigned char *) mbedtls_test_cli_crt_ec_der,
- mbedtls_test_cli_crt_ec_len);
- TEST_ASSERT(ret == 0);
-
- ret = mbedtls_pk_parse_key(
- cert->pkey,
- (const unsigned char *) mbedtls_test_cli_key_ec_der,
- mbedtls_test_cli_key_ec_der_len, NULL, 0);
- TEST_ASSERT(ret == 0);
- }
+ TEST_EQUAL(load_endpoint_ecc(ep), 0);
}
#if defined(MBEDTLS_USE_PSA_CRYPTO)
if (opaque_alg != 0) {
psa_key_attributes_t key_attr = PSA_KEY_ATTRIBUTES_INIT;
/* Use a fake key usage to get a successful initial guess for the PSA attributes. */
- TEST_EQUAL(mbedtls_pk_get_psa_attributes(cert->pkey, PSA_KEY_USAGE_SIGN_HASH,
+ TEST_EQUAL(mbedtls_pk_get_psa_attributes(ep->pkey, PSA_KEY_USAGE_SIGN_HASH,
&key_attr), 0);
/* Then manually usage, alg and alg2 as requested by the test. */
psa_set_key_usage_flags(&key_attr, opaque_usage);
@@ -708,10 +769,10 @@
if (opaque_alg2 != PSA_ALG_NONE) {
psa_set_key_enrollment_algorithm(&key_attr, opaque_alg2);
}
- TEST_EQUAL(mbedtls_pk_import_into_psa(cert->pkey, &key_attr, &key_slot), 0);
- mbedtls_pk_free(cert->pkey);
- mbedtls_pk_init(cert->pkey);
- TEST_EQUAL(mbedtls_pk_setup_opaque(cert->pkey, key_slot), 0);
+ TEST_EQUAL(mbedtls_pk_import_into_psa(ep->pkey, &key_attr, &key_slot), 0);
+ mbedtls_pk_free(ep->pkey);
+ mbedtls_pk_init(ep->pkey);
+ TEST_EQUAL(mbedtls_pk_setup_opaque(ep->pkey, key_slot), 0);
}
#else
(void) opaque_alg;
@@ -719,20 +780,11 @@
(void) opaque_usage;
#endif
- mbedtls_ssl_conf_ca_chain(&(ep->conf), cert->ca_cert, NULL);
+ mbedtls_ssl_conf_ca_chain(&(ep->conf), ep->ca_chain, NULL);
- ret = mbedtls_ssl_conf_own_cert(&(ep->conf), cert->cert,
- cert->pkey);
- TEST_ASSERT(ret == 0);
- TEST_ASSERT(ep->conf.key_cert != NULL);
-
- ret = mbedtls_ssl_conf_own_cert(&(ep->conf), NULL, NULL);
- TEST_ASSERT(ret == 0);
- TEST_ASSERT(ep->conf.key_cert == NULL);
-
- ret = mbedtls_ssl_conf_own_cert(&(ep->conf), cert->cert,
- cert->pkey);
- TEST_ASSERT(ret == 0);
+ ret = mbedtls_ssl_conf_own_cert(&(ep->conf), ep->cert,
+ ep->pkey);
+ TEST_EQUAL(ret, 0);
ok = 1;
@@ -748,21 +800,14 @@
return ret;
}
-int mbedtls_test_ssl_endpoint_init(
+int mbedtls_test_ssl_endpoint_init_conf(
mbedtls_test_ssl_endpoint *ep, int endpoint_type,
- mbedtls_test_handshake_test_options *options,
- mbedtls_test_message_socket_context *dtls_context,
- mbedtls_test_ssl_message_queue *input_queue,
- mbedtls_test_ssl_message_queue *output_queue)
+ const mbedtls_test_handshake_test_options *options)
{
int ret = -1;
- uintptr_t user_data_n;
-
- if (dtls_context != NULL &&
- (input_queue == NULL || output_queue == NULL)) {
- return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
-
- }
+#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED)
+ const char *psk_identity = "foo";
+#endif
if (ep == NULL) {
return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
@@ -774,6 +819,7 @@
mbedtls_ssl_init(&(ep->ssl));
mbedtls_ssl_config_init(&(ep->conf));
+ mbedtls_test_message_socket_init(&ep->dtls_context);
TEST_ASSERT(mbedtls_ssl_conf_get_user_data_p(&ep->conf) == NULL);
TEST_EQUAL(mbedtls_ssl_conf_get_user_data_n(&ep->conf), 0);
@@ -781,38 +827,19 @@
TEST_EQUAL(mbedtls_ssl_get_user_data_n(&ep->ssl), 0);
(void) mbedtls_test_rnd_std_rand(NULL,
- (void *) &user_data_n,
- sizeof(user_data_n));
- mbedtls_ssl_conf_set_user_data_n(&ep->conf, user_data_n);
- mbedtls_ssl_set_user_data_n(&ep->ssl, user_data_n);
+ (void *) &ep->user_data_cookie,
+ sizeof(ep->user_data_cookie));
+ mbedtls_ssl_conf_set_user_data_n(&ep->conf, ep->user_data_cookie);
+ mbedtls_ssl_set_user_data_n(&ep->ssl, ep->user_data_cookie);
- if (dtls_context != NULL) {
- TEST_ASSERT(mbedtls_test_message_socket_setup(input_queue, output_queue,
- 100, &(ep->socket),
- dtls_context) == 0);
- } else {
- mbedtls_test_mock_socket_init(&(ep->socket));
- }
-
- /* Non-blocking callbacks without timeout */
- if (dtls_context != NULL) {
- mbedtls_ssl_set_bio(&(ep->ssl), dtls_context,
- mbedtls_test_mock_tcp_send_msg,
- mbedtls_test_mock_tcp_recv_msg,
- NULL);
- } else {
- mbedtls_ssl_set_bio(&(ep->ssl), &(ep->socket),
- mbedtls_test_mock_tcp_send_nb,
- mbedtls_test_mock_tcp_recv_nb,
- NULL);
- }
+ mbedtls_test_mock_socket_init(&(ep->socket));
ret = mbedtls_ssl_config_defaults(&(ep->conf), endpoint_type,
- (dtls_context != NULL) ?
+ options->dtls ?
MBEDTLS_SSL_TRANSPORT_DATAGRAM :
MBEDTLS_SSL_TRANSPORT_STREAM,
MBEDTLS_SSL_PRESET_DEFAULT);
- TEST_ASSERT(ret == 0);
+ TEST_EQUAL(ret, 0);
if (MBEDTLS_SSL_IS_CLIENT == endpoint_type) {
if (options->client_min_version != MBEDTLS_SSL_VERSION_UNKNOWN) {
@@ -836,11 +863,19 @@
}
}
+ if (MBEDTLS_SSL_IS_CLIENT == endpoint_type) {
+ TEST_ASSERT(set_ciphersuite(ep, options->cipher));
+ }
+
if (options->group_list != NULL) {
mbedtls_ssl_conf_groups(&(ep->conf), options->group_list);
}
- mbedtls_ssl_conf_authmode(&(ep->conf), MBEDTLS_SSL_VERIFY_REQUIRED);
+ if (MBEDTLS_SSL_IS_SERVER == endpoint_type) {
+ mbedtls_ssl_conf_authmode(&(ep->conf), options->srv_auth_mode);
+ } else {
+ mbedtls_ssl_conf_authmode(&(ep->conf), MBEDTLS_SSL_VERIFY_REQUIRED);
+ }
#if defined(MBEDTLS_SSL_EARLY_DATA)
mbedtls_ssl_conf_early_data(&(ep->conf), options->early_data);
@@ -851,6 +886,7 @@
options->max_early_data_size);
}
#endif
+
#if defined(MBEDTLS_SSL_ALPN)
/* check that alpn_list contains at least one valid entry */
if (options->alpn_list[0] != NULL) {
@@ -859,6 +895,15 @@
#endif
#endif
+#if defined(MBEDTLS_SSL_RENEGOTIATION)
+ if (options->renegotiate) {
+ mbedtls_ssl_conf_renegotiation(&ep->conf,
+ MBEDTLS_SSL_RENEGOTIATION_ENABLED);
+ mbedtls_ssl_conf_legacy_renegotiation(&ep->conf,
+ options->legacy_renegotiation);
+ }
+#endif /* MBEDTLS_SSL_RENEGOTIATION */
+
#if defined(MBEDTLS_SSL_CACHE_C) && defined(MBEDTLS_SSL_SRV_C)
if (endpoint_type == MBEDTLS_SSL_IS_SERVER && options->cache != NULL) {
mbedtls_ssl_conf_session_cache(&(ep->conf), options->cache,
@@ -867,16 +912,16 @@
}
#endif
- ret = mbedtls_ssl_setup(&(ep->ssl), &(ep->conf));
- TEST_ASSERT(ret == 0);
-
- if (MBEDTLS_SSL_IS_CLIENT == endpoint_type) {
- ret = mbedtls_ssl_set_hostname(&(ep->ssl), "localhost");
- TEST_EQUAL(ret, 0);
- }
+#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
+ TEST_EQUAL(mbedtls_ssl_conf_max_frag_len(&ep->conf,
+ (unsigned char) options->mfl),
+ 0);
+#else
+ TEST_EQUAL(MBEDTLS_SSL_MAX_FRAG_LEN_NONE, options->mfl);
+#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
#if defined(MBEDTLS_SSL_PROTO_DTLS) && defined(MBEDTLS_SSL_SRV_C)
- if (endpoint_type == MBEDTLS_SSL_IS_SERVER && dtls_context != NULL) {
+ if (endpoint_type == MBEDTLS_SSL_IS_SERVER && options->dtls) {
mbedtls_ssl_conf_dtls_cookies(&(ep->conf), NULL, NULL, NULL);
}
#endif
@@ -902,11 +947,71 @@
options->opaque_alg,
options->opaque_alg2,
options->opaque_usage);
- TEST_ASSERT(ret == 0);
+ TEST_EQUAL(ret, 0);
- TEST_EQUAL(mbedtls_ssl_conf_get_user_data_n(&ep->conf), user_data_n);
+#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED)
+ if (options->psk_str != NULL && options->psk_str->len > 0) {
+ TEST_EQUAL(mbedtls_ssl_conf_psk(
+ &ep->conf, options->psk_str->x,
+ options->psk_str->len,
+ (const unsigned char *) psk_identity,
+ strlen(psk_identity)), 0);
+#if defined(MBEDTLS_SSL_SRV_C)
+ if (MBEDTLS_SSL_IS_SERVER == endpoint_type) {
+ mbedtls_ssl_conf_psk_cb(&ep->conf, psk_dummy_callback, NULL);
+ }
+#endif
+ }
+#endif
+
+ TEST_EQUAL(mbedtls_ssl_conf_get_user_data_n(&ep->conf),
+ ep->user_data_cookie);
mbedtls_ssl_conf_set_user_data_p(&ep->conf, ep);
- TEST_EQUAL(mbedtls_ssl_get_user_data_n(&ep->ssl), user_data_n);
+
+ return 0;
+
+exit:
+ if (ret == 0) {
+ /* Exiting due to a test assertion that isn't ret == 0 */
+ ret = -1;
+ }
+ return ret;
+}
+
+int mbedtls_test_ssl_endpoint_init_ssl(
+ mbedtls_test_ssl_endpoint *ep,
+ const mbedtls_test_handshake_test_options *options)
+{
+ int endpoint_type = mbedtls_ssl_conf_get_endpoint(&ep->conf);
+ int ret = -1;
+
+ ret = mbedtls_ssl_setup(&(ep->ssl), &(ep->conf));
+ TEST_EQUAL(ret, 0);
+
+ if (MBEDTLS_SSL_IS_CLIENT == endpoint_type) {
+ ret = mbedtls_ssl_set_hostname(&(ep->ssl), "localhost");
+ TEST_EQUAL(ret, 0);
+ }
+
+ /* Non-blocking callbacks without timeout */
+ if (options->dtls) {
+ mbedtls_ssl_set_bio(&(ep->ssl), &ep->dtls_context,
+ mbedtls_test_mock_tcp_send_msg,
+ mbedtls_test_mock_tcp_recv_msg,
+ NULL);
+#if defined(MBEDTLS_TIMING_C)
+ mbedtls_ssl_set_timer_cb(&ep->ssl, &ep->timer,
+ mbedtls_timing_set_delay,
+ mbedtls_timing_get_delay);
+#endif
+ } else {
+ mbedtls_ssl_set_bio(&(ep->ssl), &(ep->socket),
+ mbedtls_test_mock_tcp_send_nb,
+ mbedtls_test_mock_tcp_recv_nb,
+ NULL);
+ }
+
+ TEST_EQUAL(mbedtls_ssl_get_user_data_n(&ep->ssl), ep->user_data_cookie);
mbedtls_ssl_set_user_data_p(&ep->ssl, ep);
return 0;
@@ -919,22 +1024,56 @@
return ret;
}
-void mbedtls_test_ssl_endpoint_free(
- mbedtls_test_ssl_endpoint *ep,
- mbedtls_test_message_socket_context *context)
+int mbedtls_test_ssl_endpoint_init(
+ mbedtls_test_ssl_endpoint *ep, int endpoint_type,
+ const mbedtls_test_handshake_test_options *options)
{
- test_ssl_endpoint_certificate_free(ep);
+ int ret = mbedtls_test_ssl_endpoint_init_conf(ep, endpoint_type, options);
+ if (ret != 0) {
+ return ret;
+ }
+ ret = mbedtls_test_ssl_endpoint_init_ssl(ep, options);
+ return ret;
+}
+void mbedtls_test_ssl_endpoint_free(
+ mbedtls_test_ssl_endpoint *ep)
+{
mbedtls_ssl_free(&(ep->ssl));
mbedtls_ssl_config_free(&(ep->conf));
- if (context != NULL) {
- mbedtls_test_message_socket_close(context);
+ mbedtls_free(ep->ciphersuites);
+ ep->ciphersuites = NULL;
+ test_ssl_endpoint_certificate_free(ep);
+
+ if (ep->dtls_context.socket != NULL) {
+ mbedtls_test_message_socket_close(&ep->dtls_context);
} else {
mbedtls_test_mock_socket_close(&(ep->socket));
}
}
+int mbedtls_test_ssl_dtls_join_endpoints(mbedtls_test_ssl_endpoint *client,
+ mbedtls_test_ssl_endpoint *server)
+{
+ int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+
+ ret = mbedtls_test_message_socket_setup(&client->queue_input,
+ &server->queue_input,
+ 100, &(client->socket),
+ &client->dtls_context);
+ TEST_EQUAL(ret, 0);
+
+ ret = mbedtls_test_message_socket_setup(&server->queue_input,
+ &client->queue_input,
+ 100, &(server->socket),
+ &server->dtls_context);
+ TEST_EQUAL(ret, 0);
+
+exit:
+ return ret;
+}
+
int mbedtls_test_move_handshake_to_state(mbedtls_ssl_context *ssl,
mbedtls_ssl_context *second_ssl,
int state)
@@ -985,7 +1124,7 @@
/* Verify that calling mbedtls_ssl_write with a NULL buffer and zero length is
* a valid no-op for TLS connections. */
if (ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM) {
- TEST_ASSERT(mbedtls_ssl_write(ssl, NULL, 0) == 0);
+ TEST_EQUAL(mbedtls_ssl_write(ssl, NULL, 0), 0);
}
ret = mbedtls_ssl_write(ssl, buf + *written, buf_len - *written);
@@ -1032,7 +1171,7 @@
/* Verify that calling mbedtls_ssl_write with a NULL buffer and zero length is
* a valid no-op for TLS connections. */
if (ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM) {
- TEST_ASSERT(mbedtls_ssl_read(ssl, NULL, 0) == 0);
+ TEST_EQUAL(mbedtls_ssl_read(ssl, NULL, 0), 0);
}
ret = mbedtls_ssl_read(ssl, buf + *read, buf_len - *read);
@@ -1042,7 +1181,7 @@
}
if (expected_fragments == 0) {
- TEST_ASSERT(ret == 0);
+ TEST_EQUAL(ret, 0);
} else if (expected_fragments == 1) {
TEST_ASSERT(ret == buf_len ||
ret == MBEDTLS_ERR_SSL_WANT_READ ||
@@ -1061,52 +1200,6 @@
return -1;
}
-#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
-static void set_ciphersuite(mbedtls_ssl_config *conf, const char *cipher,
- int *forced_ciphersuite)
-{
- const mbedtls_ssl_ciphersuite_t *ciphersuite_info;
- forced_ciphersuite[0] = mbedtls_ssl_get_ciphersuite_id(cipher);
- forced_ciphersuite[1] = 0;
-
- ciphersuite_info =
- mbedtls_ssl_ciphersuite_from_id(forced_ciphersuite[0]);
-
- TEST_ASSERT(ciphersuite_info != NULL);
- TEST_ASSERT(ciphersuite_info->min_tls_version <= conf->max_tls_version);
- TEST_ASSERT(ciphersuite_info->max_tls_version >= conf->min_tls_version);
-
- if (conf->max_tls_version > ciphersuite_info->max_tls_version) {
- conf->max_tls_version = (mbedtls_ssl_protocol_version) ciphersuite_info->max_tls_version;
- }
- if (conf->min_tls_version < ciphersuite_info->min_tls_version) {
- conf->min_tls_version = (mbedtls_ssl_protocol_version) ciphersuite_info->min_tls_version;
- }
-
- mbedtls_ssl_conf_ciphersuites(conf, forced_ciphersuite);
-
-exit:
- return;
-}
-#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
-
-#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) && \
- defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) && \
- defined(MBEDTLS_SSL_SRV_C)
-static int psk_dummy_callback(void *p_info, mbedtls_ssl_context *ssl,
- const unsigned char *name, size_t name_len)
-{
- (void) p_info;
- (void) ssl;
- (void) name;
- (void) name_len;
-
- return 0;
-}
-#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED &&
- MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED &&
- MBEDTLS_SSL_SRV_C */
-
#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \
defined(PSA_WANT_ALG_CBC_NO_PADDING) && defined(PSA_WANT_KEY_TYPE_AES)
int mbedtls_test_psa_cipher_encrypt_helper(mbedtls_ssl_transform *transform,
@@ -1929,10 +2022,10 @@
if (expected_fragments_1 == 0) {
/* This error is expected when the message is too large and
* cannot be fragmented */
- TEST_ASSERT(ret == MBEDTLS_ERR_SSL_BAD_INPUT_DATA);
+ TEST_EQUAL(ret, MBEDTLS_ERR_SSL_BAD_INPUT_DATA);
msg_len_1 = 0;
} else {
- TEST_ASSERT(ret == 0);
+ TEST_EQUAL(ret, 0);
}
}
@@ -1944,10 +2037,10 @@
if (expected_fragments_2 == 0) {
/* This error is expected when the message is too large and
* cannot be fragmented */
- TEST_ASSERT(ret == MBEDTLS_ERR_SSL_BAD_INPUT_DATA);
+ TEST_EQUAL(ret, MBEDTLS_ERR_SSL_BAD_INPUT_DATA);
msg_len_2 = 0;
} else {
- TEST_ASSERT(ret == 0);
+ TEST_EQUAL(ret, 0);
}
}
@@ -1957,7 +2050,7 @@
msg_len_2, &read_1,
&fragments_2,
expected_fragments_2);
- TEST_ASSERT(ret == 0);
+ TEST_EQUAL(ret, 0);
}
/* ssl_2 reading */
@@ -1966,15 +2059,15 @@
msg_len_1, &read_2,
&fragments_1,
expected_fragments_1);
- TEST_ASSERT(ret == 0);
+ TEST_EQUAL(ret, 0);
}
}
ret = -1;
- TEST_ASSERT(0 == memcmp(msg_buf_1, in_buf_2, msg_len_1));
- TEST_ASSERT(0 == memcmp(msg_buf_2, in_buf_1, msg_len_2));
- TEST_ASSERT(fragments_1 == expected_fragments_1);
- TEST_ASSERT(fragments_2 == expected_fragments_2);
+ TEST_EQUAL(0, memcmp(msg_buf_1, in_buf_2, msg_len_1));
+ TEST_EQUAL(0, memcmp(msg_buf_2, in_buf_1, msg_len_2));
+ TEST_EQUAL(fragments_1, expected_fragments_1);
+ TEST_EQUAL(fragments_2, expected_fragments_2);
}
ret = 0;
@@ -2010,15 +2103,23 @@
#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
static int check_ssl_version(
mbedtls_ssl_protocol_version expected_negotiated_version,
- const mbedtls_ssl_context *ssl)
+ const mbedtls_ssl_context *client,
+ const mbedtls_ssl_context *server)
{
- const char *version_string = mbedtls_ssl_get_version(ssl);
+ /* First check that both sides have chosen the same version.
+ * If so, we can make more sanity checks just on one side.
+ * If not, something is deeply wrong. */
+ TEST_EQUAL(client->tls_version, server->tls_version);
+
+ /* Make further checks on the client to validate that the
+ * reported data about the version is correct. */
+ const char *version_string = mbedtls_ssl_get_version(client);
mbedtls_ssl_protocol_version version_number =
- mbedtls_ssl_get_version_number(ssl);
+ mbedtls_ssl_get_version_number(client);
- TEST_EQUAL(ssl->tls_version, expected_negotiated_version);
+ TEST_EQUAL(client->tls_version, expected_negotiated_version);
- if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) {
+ if (client->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) {
TEST_EQUAL(version_string[0], 'D');
++version_string;
}
@@ -2026,12 +2127,12 @@
switch (expected_negotiated_version) {
case MBEDTLS_SSL_VERSION_TLS1_2:
TEST_EQUAL(version_number, MBEDTLS_SSL_VERSION_TLS1_2);
- TEST_ASSERT(strcmp(version_string, "TLSv1.2") == 0);
+ TEST_EQUAL(strcmp(version_string, "TLSv1.2"), 0);
break;
case MBEDTLS_SSL_VERSION_TLS1_3:
TEST_EQUAL(version_number, MBEDTLS_SSL_VERSION_TLS1_3);
- TEST_ASSERT(strcmp(version_string, "TLSv1.3") == 0);
+ TEST_EQUAL(strcmp(version_string, "TLSv1.3"), 0);
break;
default:
@@ -2066,13 +2167,11 @@
options->server_max_version = proto;
options->client_max_version = proto;
- ret = mbedtls_test_ssl_endpoint_init(client_ep, MBEDTLS_SSL_IS_CLIENT, options,
- NULL, NULL, NULL);
+ ret = mbedtls_test_ssl_endpoint_init(client_ep, MBEDTLS_SSL_IS_CLIENT, options);
if (ret != 0) {
return ret;
}
- ret = mbedtls_test_ssl_endpoint_init(server_ep, MBEDTLS_SSL_IS_SERVER, options,
- NULL, NULL, NULL);
+ ret = mbedtls_test_ssl_endpoint_init(server_ep, MBEDTLS_SSL_IS_SERVER, options);
if (ret != 0) {
return ret;
}
@@ -2104,35 +2203,275 @@
#endif /* defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) */
#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
-void mbedtls_test_ssl_perform_handshake(
- mbedtls_test_handshake_test_options *options)
+
+#if defined(MBEDTLS_SSL_RENEGOTIATION)
+static int test_renegotiation(const mbedtls_test_handshake_test_options *options,
+ mbedtls_test_ssl_endpoint *client,
+ mbedtls_test_ssl_endpoint *server)
{
- /* forced_ciphersuite needs to last until the end of the handshake */
- int forced_ciphersuite[2];
- enum { BUFFSIZE = 17000 };
- mbedtls_test_ssl_endpoint client, server;
-#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED)
- const char *psk_identity = "foo";
+ int ok = 0;
+ int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+
+ (void) options; // only used in some configurations
+
+ /* Start test with renegotiation */
+ TEST_EQUAL(server->ssl.renego_status,
+ MBEDTLS_SSL_INITIAL_HANDSHAKE);
+ TEST_EQUAL(client->ssl.renego_status,
+ MBEDTLS_SSL_INITIAL_HANDSHAKE);
+
+ /* After calling this function for the server, it only sends a handshake
+ * request. All renegotiation should happen during data exchanging */
+ TEST_EQUAL(mbedtls_ssl_renegotiate(&(server->ssl)), 0);
+ TEST_EQUAL(server->ssl.renego_status,
+ MBEDTLS_SSL_RENEGOTIATION_PENDING);
+ TEST_EQUAL(client->ssl.renego_status,
+ MBEDTLS_SSL_INITIAL_HANDSHAKE);
+
+ TEST_EQUAL(exchange_data(&(client->ssl), &(server->ssl)), 0);
+ TEST_EQUAL(server->ssl.renego_status,
+ MBEDTLS_SSL_RENEGOTIATION_DONE);
+ TEST_EQUAL(client->ssl.renego_status,
+ MBEDTLS_SSL_RENEGOTIATION_DONE);
+
+ /* After calling mbedtls_ssl_renegotiate for the client,
+ * all renegotiation should happen inside this function.
+ * However in this test, we cannot perform simultaneous communication
+ * between client and server so this function will return waiting error
+ * on the socket. All rest of renegotiation should happen
+ * during data exchanging */
+ ret = mbedtls_ssl_renegotiate(&(client->ssl));
+#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH)
+ if (options->resize_buffers != 0) {
+ /* Ensure that the buffer sizes are appropriate before resizes */
+ TEST_EQUAL(client->ssl.out_buf_len, MBEDTLS_SSL_OUT_BUFFER_LEN);
+ TEST_EQUAL(client->ssl.in_buf_len, MBEDTLS_SSL_IN_BUFFER_LEN);
+ }
#endif
-#if defined(MBEDTLS_TIMING_C)
- mbedtls_timing_delay_context timer_client, timer_server;
-#endif
+ TEST_ASSERT(ret == 0 ||
+ ret == MBEDTLS_ERR_SSL_WANT_READ ||
+ ret == MBEDTLS_ERR_SSL_WANT_WRITE);
+ TEST_EQUAL(server->ssl.renego_status,
+ MBEDTLS_SSL_RENEGOTIATION_DONE);
+ TEST_EQUAL(client->ssl.renego_status,
+ MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS);
+
+ TEST_EQUAL(exchange_data(&(client->ssl), &(server->ssl)), 0);
+ TEST_EQUAL(server->ssl.renego_status,
+ MBEDTLS_SSL_RENEGOTIATION_DONE);
+ TEST_EQUAL(client->ssl.renego_status,
+ MBEDTLS_SSL_RENEGOTIATION_DONE);
+#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH)
+ /* Validate buffer sizes after renegotiation */
+ if (options->resize_buffers != 0) {
+ TEST_EQUAL(client->ssl.out_buf_len,
+ mbedtls_ssl_get_output_buflen(&client->ssl));
+ TEST_EQUAL(client->ssl.in_buf_len,
+ mbedtls_ssl_get_input_buflen(&client->ssl));
+ TEST_EQUAL(server->ssl.out_buf_len,
+ mbedtls_ssl_get_output_buflen(&server->ssl));
+ TEST_EQUAL(server->ssl.in_buf_len,
+ mbedtls_ssl_get_input_buflen(&server->ssl));
+ }
+#endif /* MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH */
+
+ ok = 1;
+
+exit:
+ return ok;
+}
+#endif /* MBEDTLS_SSL_RENEGOTIATION */
+
#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION)
+static int test_serialization(const mbedtls_test_handshake_test_options *options,
+ mbedtls_test_ssl_endpoint *client,
+ mbedtls_test_ssl_endpoint *server)
+{
+ int ok = 0;
unsigned char *context_buf = NULL;
size_t context_buf_len;
+
+ TEST_EQUAL(options->dtls, 1);
+
+ TEST_EQUAL(mbedtls_ssl_context_save(&(server->ssl), NULL,
+ 0, &context_buf_len),
+ MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL);
+
+ context_buf = mbedtls_calloc(1, context_buf_len);
+ TEST_ASSERT(context_buf != NULL);
+
+ TEST_EQUAL(mbedtls_ssl_context_save(&(server->ssl), context_buf,
+ context_buf_len,
+ &context_buf_len),
+ 0);
+
+ mbedtls_ssl_free(&(server->ssl));
+ mbedtls_ssl_init(&(server->ssl));
+
+ TEST_EQUAL(mbedtls_ssl_setup(&(server->ssl), &(server->conf)), 0);
+
+ mbedtls_ssl_set_bio(&(server->ssl), &server->dtls_context,
+ mbedtls_test_mock_tcp_send_msg,
+ mbedtls_test_mock_tcp_recv_msg,
+ NULL);
+
+ mbedtls_ssl_set_user_data_p(&server->ssl, server);
+
+#if defined(MBEDTLS_TIMING_C)
+ mbedtls_ssl_set_timer_cb(&server->ssl, &server->timer,
+ mbedtls_timing_set_delay,
+ mbedtls_timing_get_delay);
#endif
-#if defined(MBEDTLS_SSL_RENEGOTIATION)
- int ret = -1;
+#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH)
+ if (options->resize_buffers != 0) {
+ /* Ensure that the buffer sizes are appropriate before resizes */
+ TEST_EQUAL(server->ssl.out_buf_len, MBEDTLS_SSL_OUT_BUFFER_LEN);
+ TEST_EQUAL(server->ssl.in_buf_len, MBEDTLS_SSL_IN_BUFFER_LEN);
+ }
#endif
+ TEST_EQUAL(mbedtls_ssl_context_load(&(server->ssl), context_buf,
+ context_buf_len), 0);
+
+#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH)
+ /* Validate buffer sizes after context deserialization */
+ if (options->resize_buffers != 0) {
+ TEST_EQUAL(server->ssl.out_buf_len,
+ mbedtls_ssl_get_output_buflen(&server->ssl));
+ TEST_EQUAL(server->ssl.in_buf_len,
+ mbedtls_ssl_get_input_buflen(&server->ssl));
+ }
+#endif
+ /* Retest writing/reading */
+ if (options->cli_msg_len != 0 || options->srv_msg_len != 0) {
+ TEST_EQUAL(mbedtls_test_ssl_exchange_data(
+ &(client->ssl), options->cli_msg_len,
+ options->expected_cli_fragments,
+ &(server->ssl), options->srv_msg_len,
+ options->expected_srv_fragments),
+ 0);
+ }
+
+ ok = 1;
+
+exit:
+ mbedtls_free(context_buf);
+ return ok;
+}
+#endif /* MBEDTLS_SSL_CONTEXT_SERIALIZATION */
+
+int mbedtls_test_ssl_perform_connection(
+ const mbedtls_test_handshake_test_options *options,
+ mbedtls_test_ssl_endpoint *client,
+ mbedtls_test_ssl_endpoint *server)
+{
+ enum { BUFFSIZE = 17000 };
int expected_handshake_result = options->expected_handshake_result;
+ int ok = 0;
+
+ TEST_EQUAL(mbedtls_test_mock_socket_connect(&(client->socket),
+ &(server->socket),
+ BUFFSIZE), 0);
+
+#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH)
+ if (options->resize_buffers != 0) {
+ /* Ensure that the buffer sizes are appropriate before resizes */
+ TEST_EQUAL(client->ssl.out_buf_len, MBEDTLS_SSL_OUT_BUFFER_LEN);
+ TEST_EQUAL(client->ssl.in_buf_len, MBEDTLS_SSL_IN_BUFFER_LEN);
+ TEST_EQUAL(server->ssl.out_buf_len, MBEDTLS_SSL_OUT_BUFFER_LEN);
+ TEST_EQUAL(server->ssl.in_buf_len, MBEDTLS_SSL_IN_BUFFER_LEN);
+ }
+#endif
+
+ if (options->expected_negotiated_version == MBEDTLS_SSL_VERSION_UNKNOWN) {
+ expected_handshake_result = MBEDTLS_ERR_SSL_BAD_PROTOCOL_VERSION;
+ }
+
+ TEST_EQUAL(mbedtls_test_move_handshake_to_state(&(client->ssl),
+ &(server->ssl),
+ MBEDTLS_SSL_HANDSHAKE_OVER),
+ expected_handshake_result);
+
+ if (expected_handshake_result != 0) {
+ /* Connection will have failed by this point, skip to cleanup */
+ ok = 1;
+ goto exit;
+ }
+
+ TEST_EQUAL(mbedtls_ssl_is_handshake_over(&client->ssl), 1);
+
+ /* Make sure server state is moved to HANDSHAKE_OVER also. */
+ TEST_EQUAL(mbedtls_test_move_handshake_to_state(&(server->ssl),
+ &(client->ssl),
+ MBEDTLS_SSL_HANDSHAKE_OVER),
+ 0);
+
+ TEST_EQUAL(mbedtls_ssl_is_handshake_over(&server->ssl), 1);
+
+ /* Check that both sides have negotiated the expected version. */
+ TEST_ASSERT(check_ssl_version(options->expected_negotiated_version,
+ &client->ssl,
+ &server->ssl));
+
+ if (options->expected_ciphersuite != 0) {
+ TEST_EQUAL(server->ssl.session->ciphersuite,
+ options->expected_ciphersuite);
+ }
+
+#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH)
+ if (options->resize_buffers != 0) {
+ /* A server, when using DTLS, might delay a buffer resize to happen
+ * after it receives a message, so we force it. */
+ TEST_EQUAL(exchange_data(&(client->ssl), &(server->ssl)), 0);
+
+ TEST_EQUAL(client->ssl.out_buf_len,
+ mbedtls_ssl_get_output_buflen(&client->ssl));
+ TEST_EQUAL(client->ssl.in_buf_len,
+ mbedtls_ssl_get_input_buflen(&client->ssl));
+ TEST_EQUAL(server->ssl.out_buf_len,
+ mbedtls_ssl_get_output_buflen(&server->ssl));
+ TEST_EQUAL(server->ssl.in_buf_len,
+ mbedtls_ssl_get_input_buflen(&server->ssl));
+ }
+#endif
+
+ if (options->cli_msg_len != 0 || options->srv_msg_len != 0) {
+ /* Start data exchanging test */
+ TEST_EQUAL(mbedtls_test_ssl_exchange_data(
+ &(client->ssl), options->cli_msg_len,
+ options->expected_cli_fragments,
+ &(server->ssl), options->srv_msg_len,
+ options->expected_srv_fragments),
+ 0);
+ }
+#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION)
+ if (options->serialize == 1) {
+ TEST_ASSERT(test_serialization(options, client, server));
+ }
+#endif /* MBEDTLS_SSL_CONTEXT_SERIALIZATION */
+
+#if defined(MBEDTLS_SSL_RENEGOTIATION)
+ if (options->renegotiate) {
+ TEST_ASSERT(test_renegotiation(options, client, server));
+ }
+#endif /* MBEDTLS_SSL_RENEGOTIATION */
+
+ ok = 1;
+
+exit:
+ return ok;
+}
+
+void mbedtls_test_ssl_perform_handshake(
+ const mbedtls_test_handshake_test_options *options)
+{
+ mbedtls_test_ssl_endpoint client_struct;
+ memset(&client_struct, 0, sizeof(client_struct));
+ mbedtls_test_ssl_endpoint *const client = &client_struct;
+ mbedtls_test_ssl_endpoint server_struct;
+ memset(&server_struct, 0, sizeof(server_struct));
+ mbedtls_test_ssl_endpoint *const server = &server_struct;
MD_OR_USE_PSA_INIT();
- mbedtls_platform_zeroize(&client, sizeof(client));
- mbedtls_platform_zeroize(&server, sizeof(server));
- mbedtls_test_ssl_message_queue server_queue, client_queue;
- mbedtls_test_message_socket_context server_context, client_context;
- mbedtls_test_message_socket_init(&server_context);
- mbedtls_test_message_socket_init(&client_context);
#if defined(MBEDTLS_DEBUG_C)
if (options->cli_log_fun || options->srv_log_fun) {
@@ -2141,322 +2480,34 @@
#endif
/* Client side */
- if (options->dtls != 0) {
- TEST_ASSERT(mbedtls_test_ssl_endpoint_init(&client,
- MBEDTLS_SSL_IS_CLIENT,
- options, &client_context,
- &client_queue,
- &server_queue) == 0);
-#if defined(MBEDTLS_TIMING_C)
- mbedtls_ssl_set_timer_cb(&client.ssl, &timer_client,
- mbedtls_timing_set_delay,
- mbedtls_timing_get_delay);
-#endif
- } else {
- TEST_ASSERT(mbedtls_test_ssl_endpoint_init(&client,
- MBEDTLS_SSL_IS_CLIENT,
- options, NULL, NULL,
- NULL) == 0);
- }
-
- if (strlen(options->cipher) > 0) {
- set_ciphersuite(&client.conf, options->cipher, forced_ciphersuite);
- }
+ TEST_EQUAL(mbedtls_test_ssl_endpoint_init(client,
+ MBEDTLS_SSL_IS_CLIENT,
+ options), 0);
/* Server side */
- if (options->dtls != 0) {
- TEST_ASSERT(mbedtls_test_ssl_endpoint_init(&server,
- MBEDTLS_SSL_IS_SERVER,
- options, &server_context,
- &server_queue,
- &client_queue) == 0);
-#if defined(MBEDTLS_TIMING_C)
- mbedtls_ssl_set_timer_cb(&server.ssl, &timer_server,
- mbedtls_timing_set_delay,
- mbedtls_timing_get_delay);
-#endif
- } else {
- TEST_ASSERT(mbedtls_test_ssl_endpoint_init(&server,
- MBEDTLS_SSL_IS_SERVER,
- options, NULL, NULL,
- NULL) == 0);
+ TEST_EQUAL(mbedtls_test_ssl_endpoint_init(server,
+ MBEDTLS_SSL_IS_SERVER,
+ options), 0);
+
+ if (options->dtls) {
+ TEST_EQUAL(mbedtls_test_ssl_dtls_join_endpoints(client, server), 0);
}
- mbedtls_ssl_conf_authmode(&server.conf, options->srv_auth_mode);
+ TEST_ASSERT(mbedtls_test_ssl_perform_connection(options, client, server));
-#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
- TEST_ASSERT(mbedtls_ssl_conf_max_frag_len(&(server.conf),
- (unsigned char) options->mfl)
- == 0);
- TEST_ASSERT(mbedtls_ssl_conf_max_frag_len(&(client.conf),
- (unsigned char) options->mfl)
- == 0);
-#else
- TEST_ASSERT(MBEDTLS_SSL_MAX_FRAG_LEN_NONE == options->mfl);
-#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
-
-#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED)
- if (options->psk_str != NULL && options->psk_str->len > 0) {
- TEST_ASSERT(mbedtls_ssl_conf_psk(
- &client.conf, options->psk_str->x,
- options->psk_str->len,
- (const unsigned char *) psk_identity,
- strlen(psk_identity)) == 0);
-
- TEST_ASSERT(mbedtls_ssl_conf_psk(
- &server.conf, options->psk_str->x,
- options->psk_str->len,
- (const unsigned char *) psk_identity,
- strlen(psk_identity)) == 0);
-#if defined(MBEDTLS_SSL_SRV_C)
- mbedtls_ssl_conf_psk_cb(&server.conf, psk_dummy_callback, NULL);
-#endif
- }
-#endif
-#if defined(MBEDTLS_SSL_RENEGOTIATION)
- if (options->renegotiate) {
- mbedtls_ssl_conf_renegotiation(&(server.conf),
- MBEDTLS_SSL_RENEGOTIATION_ENABLED);
- mbedtls_ssl_conf_renegotiation(&(client.conf),
- MBEDTLS_SSL_RENEGOTIATION_ENABLED);
-
- mbedtls_ssl_conf_legacy_renegotiation(&(server.conf),
- options->legacy_renegotiation);
- mbedtls_ssl_conf_legacy_renegotiation(&(client.conf),
- options->legacy_renegotiation);
- }
-#endif /* MBEDTLS_SSL_RENEGOTIATION */
-
- TEST_ASSERT(mbedtls_test_mock_socket_connect(&(client.socket),
- &(server.socket),
- BUFFSIZE) == 0);
-
-#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH)
- if (options->resize_buffers != 0) {
- /* Ensure that the buffer sizes are appropriate before resizes */
- TEST_ASSERT(client.ssl.out_buf_len == MBEDTLS_SSL_OUT_BUFFER_LEN);
- TEST_ASSERT(client.ssl.in_buf_len == MBEDTLS_SSL_IN_BUFFER_LEN);
- TEST_ASSERT(server.ssl.out_buf_len == MBEDTLS_SSL_OUT_BUFFER_LEN);
- TEST_ASSERT(server.ssl.in_buf_len == MBEDTLS_SSL_IN_BUFFER_LEN);
- }
-#endif
-
- if (options->expected_negotiated_version == MBEDTLS_SSL_VERSION_UNKNOWN) {
- expected_handshake_result = MBEDTLS_ERR_SSL_BAD_PROTOCOL_VERSION;
- }
-
- TEST_ASSERT(mbedtls_test_move_handshake_to_state(&(client.ssl),
- &(server.ssl),
- MBEDTLS_SSL_HANDSHAKE_OVER)
- == expected_handshake_result);
-
- if (expected_handshake_result != 0) {
- /* Connection will have failed by this point, skip to cleanup */
- goto exit;
- }
-
- TEST_ASSERT(mbedtls_ssl_is_handshake_over(&client.ssl) == 1);
-
- /* Make sure server state is moved to HANDSHAKE_OVER also. */
- TEST_EQUAL(mbedtls_test_move_handshake_to_state(&(server.ssl),
- &(client.ssl),
- MBEDTLS_SSL_HANDSHAKE_OVER),
- 0);
-
- TEST_ASSERT(mbedtls_ssl_is_handshake_over(&server.ssl) == 1);
- /* Check that both sides have negotiated the expected version. */
- mbedtls_test_set_step(0);
- if (!check_ssl_version(options->expected_negotiated_version,
- &client.ssl)) {
- goto exit;
- }
-
- mbedtls_test_set_step(1);
- if (!check_ssl_version(options->expected_negotiated_version,
- &server.ssl)) {
- goto exit;
- }
-
- if (options->expected_ciphersuite != 0) {
- TEST_EQUAL(server.ssl.session->ciphersuite,
- options->expected_ciphersuite);
- }
-
-#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH)
- if (options->resize_buffers != 0) {
- /* A server, when using DTLS, might delay a buffer resize to happen
- * after it receives a message, so we force it. */
- TEST_ASSERT(exchange_data(&(client.ssl), &(server.ssl)) == 0);
-
- TEST_ASSERT(client.ssl.out_buf_len ==
- mbedtls_ssl_get_output_buflen(&client.ssl));
- TEST_ASSERT(client.ssl.in_buf_len ==
- mbedtls_ssl_get_input_buflen(&client.ssl));
- TEST_ASSERT(server.ssl.out_buf_len ==
- mbedtls_ssl_get_output_buflen(&server.ssl));
- TEST_ASSERT(server.ssl.in_buf_len ==
- mbedtls_ssl_get_input_buflen(&server.ssl));
- }
-#endif
-
- if (options->cli_msg_len != 0 || options->srv_msg_len != 0) {
- /* Start data exchanging test */
- TEST_ASSERT(mbedtls_test_ssl_exchange_data(
- &(client.ssl), options->cli_msg_len,
- options->expected_cli_fragments,
- &(server.ssl), options->srv_msg_len,
- options->expected_srv_fragments)
- == 0);
- }
-#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION)
- if (options->serialize == 1) {
- TEST_ASSERT(options->dtls == 1);
-
- TEST_ASSERT(mbedtls_ssl_context_save(&(server.ssl), NULL,
- 0, &context_buf_len)
- == MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL);
-
- context_buf = mbedtls_calloc(1, context_buf_len);
- TEST_ASSERT(context_buf != NULL);
-
- TEST_ASSERT(mbedtls_ssl_context_save(&(server.ssl), context_buf,
- context_buf_len,
- &context_buf_len)
- == 0);
-
- mbedtls_ssl_free(&(server.ssl));
- mbedtls_ssl_init(&(server.ssl));
-
- TEST_ASSERT(mbedtls_ssl_setup(&(server.ssl), &(server.conf)) == 0);
-
- mbedtls_ssl_set_bio(&(server.ssl), &server_context,
- mbedtls_test_mock_tcp_send_msg,
- mbedtls_test_mock_tcp_recv_msg,
- NULL);
-
- mbedtls_ssl_set_user_data_p(&server.ssl, &server);
-
-#if defined(MBEDTLS_TIMING_C)
- mbedtls_ssl_set_timer_cb(&server.ssl, &timer_server,
- mbedtls_timing_set_delay,
- mbedtls_timing_get_delay);
-#endif
-#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH)
- if (options->resize_buffers != 0) {
- /* Ensure that the buffer sizes are appropriate before resizes */
- TEST_ASSERT(server.ssl.out_buf_len == MBEDTLS_SSL_OUT_BUFFER_LEN);
- TEST_ASSERT(server.ssl.in_buf_len == MBEDTLS_SSL_IN_BUFFER_LEN);
- }
-#endif
- TEST_ASSERT(mbedtls_ssl_context_load(&(server.ssl), context_buf,
- context_buf_len) == 0);
-
-#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH)
- /* Validate buffer sizes after context deserialization */
- if (options->resize_buffers != 0) {
- TEST_ASSERT(server.ssl.out_buf_len ==
- mbedtls_ssl_get_output_buflen(&server.ssl));
- TEST_ASSERT(server.ssl.in_buf_len ==
- mbedtls_ssl_get_input_buflen(&server.ssl));
- }
-#endif
- /* Retest writing/reading */
- if (options->cli_msg_len != 0 || options->srv_msg_len != 0) {
- TEST_ASSERT(mbedtls_test_ssl_exchange_data(
- &(client.ssl), options->cli_msg_len,
- options->expected_cli_fragments,
- &(server.ssl), options->srv_msg_len,
- options->expected_srv_fragments)
- == 0);
- }
- }
-#endif /* MBEDTLS_SSL_CONTEXT_SERIALIZATION */
-
-#if defined(MBEDTLS_SSL_RENEGOTIATION)
- if (options->renegotiate) {
- /* Start test with renegotiation */
- TEST_ASSERT(server.ssl.renego_status ==
- MBEDTLS_SSL_INITIAL_HANDSHAKE);
- TEST_ASSERT(client.ssl.renego_status ==
- MBEDTLS_SSL_INITIAL_HANDSHAKE);
-
- /* After calling this function for the server, it only sends a handshake
- * request. All renegotiation should happen during data exchanging */
- TEST_ASSERT(mbedtls_ssl_renegotiate(&(server.ssl)) == 0);
- TEST_ASSERT(server.ssl.renego_status ==
- MBEDTLS_SSL_RENEGOTIATION_PENDING);
- TEST_ASSERT(client.ssl.renego_status ==
- MBEDTLS_SSL_INITIAL_HANDSHAKE);
-
- TEST_ASSERT(exchange_data(&(client.ssl), &(server.ssl)) == 0);
- TEST_ASSERT(server.ssl.renego_status ==
- MBEDTLS_SSL_RENEGOTIATION_DONE);
- TEST_ASSERT(client.ssl.renego_status ==
- MBEDTLS_SSL_RENEGOTIATION_DONE);
-
- /* After calling mbedtls_ssl_renegotiate for the client,
- * all renegotiation should happen inside this function.
- * However in this test, we cannot perform simultaneous communication
- * between client and server so this function will return waiting error
- * on the socket. All rest of renegotiation should happen
- * during data exchanging */
- ret = mbedtls_ssl_renegotiate(&(client.ssl));
-#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH)
- if (options->resize_buffers != 0) {
- /* Ensure that the buffer sizes are appropriate before resizes */
- TEST_ASSERT(client.ssl.out_buf_len == MBEDTLS_SSL_OUT_BUFFER_LEN);
- TEST_ASSERT(client.ssl.in_buf_len == MBEDTLS_SSL_IN_BUFFER_LEN);
- }
-#endif
- TEST_ASSERT(ret == 0 ||
- ret == MBEDTLS_ERR_SSL_WANT_READ ||
- ret == MBEDTLS_ERR_SSL_WANT_WRITE);
- TEST_ASSERT(server.ssl.renego_status ==
- MBEDTLS_SSL_RENEGOTIATION_DONE);
- TEST_ASSERT(client.ssl.renego_status ==
- MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS);
-
- TEST_ASSERT(exchange_data(&(client.ssl), &(server.ssl)) == 0);
- TEST_ASSERT(server.ssl.renego_status ==
- MBEDTLS_SSL_RENEGOTIATION_DONE);
- TEST_ASSERT(client.ssl.renego_status ==
- MBEDTLS_SSL_RENEGOTIATION_DONE);
-#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH)
- /* Validate buffer sizes after renegotiation */
- if (options->resize_buffers != 0) {
- TEST_ASSERT(client.ssl.out_buf_len ==
- mbedtls_ssl_get_output_buflen(&client.ssl));
- TEST_ASSERT(client.ssl.in_buf_len ==
- mbedtls_ssl_get_input_buflen(&client.ssl));
- TEST_ASSERT(server.ssl.out_buf_len ==
- mbedtls_ssl_get_output_buflen(&server.ssl));
- TEST_ASSERT(server.ssl.in_buf_len ==
- mbedtls_ssl_get_input_buflen(&server.ssl));
- }
-#endif /* MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH */
- }
-#endif /* MBEDTLS_SSL_RENEGOTIATION */
-
- TEST_ASSERT(mbedtls_ssl_conf_get_user_data_p(&client.conf) == &client);
- TEST_ASSERT(mbedtls_ssl_get_user_data_p(&client.ssl) == &client);
- TEST_ASSERT(mbedtls_ssl_conf_get_user_data_p(&server.conf) == &server);
- TEST_ASSERT(mbedtls_ssl_get_user_data_p(&server.ssl) == &server);
+ TEST_ASSERT(mbedtls_ssl_conf_get_user_data_p(&client->conf) == client);
+ TEST_ASSERT(mbedtls_ssl_get_user_data_p(&client->ssl) == client);
+ TEST_ASSERT(mbedtls_ssl_conf_get_user_data_p(&server->conf) == server);
+ TEST_ASSERT(mbedtls_ssl_get_user_data_p(&server->ssl) == server);
exit:
- mbedtls_test_ssl_endpoint_free(&client,
- options->dtls != 0 ? &client_context : NULL);
- mbedtls_test_ssl_endpoint_free(&server,
- options->dtls != 0 ? &server_context : NULL);
+ mbedtls_test_ssl_endpoint_free(client);
+ mbedtls_test_ssl_endpoint_free(server);
#if defined(MBEDTLS_DEBUG_C)
if (options->cli_log_fun || options->srv_log_fun) {
mbedtls_debug_set_threshold(0);
}
#endif
-#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION)
- if (context_buf != NULL) {
- mbedtls_free(context_buf);
- }
-#endif
MD_OR_USE_PSA_DONE();
}
#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
@@ -2620,11 +2671,11 @@
mbedtls_platform_zeroize(&server_ep, sizeof(server_ep));
ret = mbedtls_test_ssl_endpoint_init(&client_ep, MBEDTLS_SSL_IS_CLIENT,
- client_options, NULL, NULL, NULL);
+ client_options);
TEST_EQUAL(ret, 0);
ret = mbedtls_test_ssl_endpoint_init(&server_ep, MBEDTLS_SSL_IS_SERVER,
- server_options, NULL, NULL, NULL);
+ server_options);
TEST_EQUAL(ret, 0);
mbedtls_ssl_conf_session_tickets_cb(&server_ep.conf,
@@ -2652,8 +2703,8 @@
ok = 1;
exit:
- mbedtls_test_ssl_endpoint_free(&client_ep, NULL);
- mbedtls_test_ssl_endpoint_free(&server_ep, NULL);
+ mbedtls_test_ssl_endpoint_free(&client_ep);
+ mbedtls_test_ssl_endpoint_free(&server_ep);
if (ret == 0 && !ok) {
/* Exiting due to a test assertion that isn't ret == 0 */
diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function
index 58212ba..c47b216 100644
--- a/tests/suites/test_suite_ssl.function
+++ b/tests/suites/test_suite_ssl.function
@@ -435,50 +435,41 @@
memset(input, 0, sizeof(input));
/* Make sure calling put and get on NULL buffer results in error. */
- TEST_ASSERT(mbedtls_test_ssl_buffer_put(NULL, input, sizeof(input))
- == -1);
- TEST_ASSERT(mbedtls_test_ssl_buffer_get(NULL, output, sizeof(output))
- == -1);
- TEST_ASSERT(mbedtls_test_ssl_buffer_put(NULL, NULL, sizeof(input))
- == -1);
+ TEST_EQUAL(mbedtls_test_ssl_buffer_put(NULL, input, sizeof(input)), -1);
+ TEST_EQUAL(mbedtls_test_ssl_buffer_get(NULL, output, sizeof(output)), -1);
+ TEST_EQUAL(mbedtls_test_ssl_buffer_put(NULL, NULL, sizeof(input)), -1);
- TEST_ASSERT(mbedtls_test_ssl_buffer_put(NULL, NULL, 0) == -1);
- TEST_ASSERT(mbedtls_test_ssl_buffer_get(NULL, NULL, 0) == -1);
+ TEST_EQUAL(mbedtls_test_ssl_buffer_put(NULL, NULL, 0), -1);
+ TEST_EQUAL(mbedtls_test_ssl_buffer_get(NULL, NULL, 0), -1);
/* Make sure calling put and get on a buffer that hasn't been set up results
* in error. */
- TEST_ASSERT(mbedtls_test_ssl_buffer_put(&buf, input, sizeof(input))
- == -1);
- TEST_ASSERT(mbedtls_test_ssl_buffer_get(&buf, output, sizeof(output))
- == -1);
- TEST_ASSERT(mbedtls_test_ssl_buffer_put(&buf, NULL, sizeof(input))
- == -1);
+ TEST_EQUAL(mbedtls_test_ssl_buffer_put(&buf, input, sizeof(input)), -1);
+ TEST_EQUAL(mbedtls_test_ssl_buffer_get(&buf, output, sizeof(output)), -1);
+ TEST_EQUAL(mbedtls_test_ssl_buffer_put(&buf, NULL, sizeof(input)), -1);
- TEST_ASSERT(mbedtls_test_ssl_buffer_put(&buf, NULL, 0) == -1);
- TEST_ASSERT(mbedtls_test_ssl_buffer_get(&buf, NULL, 0) == -1);
+ TEST_EQUAL(mbedtls_test_ssl_buffer_put(&buf, NULL, 0), -1);
+ TEST_EQUAL(mbedtls_test_ssl_buffer_get(&buf, NULL, 0), -1);
/* Make sure calling put and get on NULL input only results in
* error if the length is not zero, and that a NULL output is valid for data
* dropping.
*/
- TEST_ASSERT(mbedtls_test_ssl_buffer_setup(&buf, sizeof(input)) == 0);
+ TEST_EQUAL(mbedtls_test_ssl_buffer_setup(&buf, sizeof(input)), 0);
- TEST_ASSERT(mbedtls_test_ssl_buffer_put(&buf, NULL, sizeof(input))
- == -1);
- TEST_ASSERT(mbedtls_test_ssl_buffer_get(&buf, NULL, sizeof(output))
- == 0);
- TEST_ASSERT(mbedtls_test_ssl_buffer_put(&buf, NULL, 0) == 0);
- TEST_ASSERT(mbedtls_test_ssl_buffer_get(&buf, NULL, 0) == 0);
+ TEST_EQUAL(mbedtls_test_ssl_buffer_put(&buf, NULL, sizeof(input)), -1);
+ TEST_EQUAL(mbedtls_test_ssl_buffer_get(&buf, NULL, sizeof(output)), 0);
+ TEST_EQUAL(mbedtls_test_ssl_buffer_put(&buf, NULL, 0), 0);
+ TEST_EQUAL(mbedtls_test_ssl_buffer_get(&buf, NULL, 0), 0);
/* Make sure calling put several times in the row is safe */
- TEST_ASSERT(mbedtls_test_ssl_buffer_put(&buf, input, sizeof(input))
- == sizeof(input));
- TEST_ASSERT(mbedtls_test_ssl_buffer_get(&buf, output, 2) == 2);
- TEST_ASSERT(mbedtls_test_ssl_buffer_put(&buf, input, 1) == 1);
- TEST_ASSERT(mbedtls_test_ssl_buffer_put(&buf, input, 2) == 1);
- TEST_ASSERT(mbedtls_test_ssl_buffer_put(&buf, input, 2) == 0);
+ TEST_EQUAL(mbedtls_test_ssl_buffer_put(&buf, input, sizeof(input)), sizeof(input));
+ TEST_EQUAL(mbedtls_test_ssl_buffer_get(&buf, output, 2), 2);
+ TEST_EQUAL(mbedtls_test_ssl_buffer_put(&buf, input, 1), 1);
+ TEST_EQUAL(mbedtls_test_ssl_buffer_put(&buf, input, 2), 1);
+ TEST_EQUAL(mbedtls_test_ssl_buffer_put(&buf, input, 2), 0);
exit:
@@ -519,7 +510,7 @@
mbedtls_test_ssl_buffer_init(&buf);
USE_PSA_INIT();
- TEST_ASSERT(mbedtls_test_ssl_buffer_setup(&buf, size) == 0);
+ TEST_EQUAL(mbedtls_test_ssl_buffer_setup(&buf, size), 0);
/* Check the sanity of input parameters and initialise local variables. That
* is, ensure that the amount of data is not negative and that we are not
@@ -578,17 +569,16 @@
written = read = 0;
for (j = 0; j < ROUNDS; j++) {
- TEST_ASSERT(put_ret[j] == mbedtls_test_ssl_buffer_put(&buf,
- input + written, put[j]));
+ TEST_EQUAL(put_ret[j], mbedtls_test_ssl_buffer_put(&buf,
+ input + written, put[j]));
written += put_ret[j];
- TEST_ASSERT(get_ret[j] == mbedtls_test_ssl_buffer_get(&buf,
- output + read, get[j]));
+ TEST_EQUAL(get_ret[j], mbedtls_test_ssl_buffer_get(&buf,
+ output + read, get[j]));
read += get_ret[j];
TEST_ASSERT(read <= written);
if (get_ret[j] > 0) {
- TEST_ASSERT(memcmp(output + read - get_ret[j],
- input + read - get_ret[j], get_ret[j])
- == 0);
+ TEST_EQUAL(memcmp(output + read - get_ret[j],
+ input + read - get_ret[j], get_ret[j]), 0);
}
}
@@ -673,8 +663,8 @@
}
/* Make sure that sending a message takes a few iterations. */
- TEST_ASSERT(0 == mbedtls_test_mock_socket_connect(&client, &server,
- BUFLEN));
+ TEST_EQUAL(0, mbedtls_test_mock_socket_connect(&client, &server,
+ BUFLEN));
/* Send the message to the server */
send_ret = recv_ret = 1;
@@ -690,9 +680,9 @@
if (send_ret == BUFLEN) {
int blocking_ret = send(&client, message, 1);
if (blocking) {
- TEST_ASSERT(blocking_ret == 0);
+ TEST_EQUAL(blocking_ret, 0);
} else {
- TEST_ASSERT(blocking_ret == MBEDTLS_ERR_SSL_WANT_WRITE);
+ TEST_EQUAL(blocking_ret, MBEDTLS_ERR_SSL_WANT_WRITE);
}
}
@@ -704,9 +694,9 @@
TEST_ASSERT(recv_ret <= BUFLEN);
read += recv_ret;
} else if (blocking) {
- TEST_ASSERT(recv_ret == 0);
+ TEST_EQUAL(recv_ret, 0);
} else {
- TEST_ASSERT(recv_ret == MBEDTLS_ERR_SSL_WANT_READ);
+ TEST_EQUAL(recv_ret, MBEDTLS_ERR_SSL_WANT_READ);
recv_ret = 0;
}
@@ -714,13 +704,13 @@
if (recv_ret == BUFLEN) {
int blocking_ret = recv(&server, received, 1);
if (blocking) {
- TEST_ASSERT(blocking_ret == 0);
+ TEST_EQUAL(blocking_ret, 0);
} else {
- TEST_ASSERT(blocking_ret == MBEDTLS_ERR_SSL_WANT_READ);
+ TEST_EQUAL(blocking_ret, MBEDTLS_ERR_SSL_WANT_READ);
}
}
}
- TEST_ASSERT(memcmp(message, received, MSGLEN) == 0);
+ TEST_EQUAL(memcmp(message, received, MSGLEN), 0);
exit:
mbedtls_test_mock_socket_close(&client);
@@ -774,8 +764,8 @@
}
/* Make sure that sending a message takes a few iterations. */
- TEST_ASSERT(0 == mbedtls_test_mock_socket_connect(&client, &server,
- BUFLEN));
+ TEST_EQUAL(0, mbedtls_test_mock_socket_connect(&client, &server,
+ BUFLEN));
/* Send the message from both sides, interleaving. */
progress = 1;
@@ -803,9 +793,9 @@
if (send_ret[i] == BUFLEN) {
int blocking_ret = send(socket, message[i], 1);
if (blocking) {
- TEST_ASSERT(blocking_ret == 0);
+ TEST_EQUAL(blocking_ret, 0);
} else {
- TEST_ASSERT(blocking_ret == MBEDTLS_ERR_SSL_WANT_WRITE);
+ TEST_EQUAL(blocking_ret, MBEDTLS_ERR_SSL_WANT_WRITE);
}
}
}
@@ -823,9 +813,9 @@
TEST_ASSERT(recv_ret[i] <= BUFLEN);
read[i] += recv_ret[i];
} else if (blocking) {
- TEST_ASSERT(recv_ret[i] == 0);
+ TEST_EQUAL(recv_ret[i], 0);
} else {
- TEST_ASSERT(recv_ret[i] == MBEDTLS_ERR_SSL_WANT_READ);
+ TEST_EQUAL(recv_ret[i], MBEDTLS_ERR_SSL_WANT_READ);
recv_ret[i] = 0;
}
@@ -834,9 +824,9 @@
if (recv_ret[i] == BUFLEN) {
int blocking_ret = recv(socket, received[i], 1);
if (blocking) {
- TEST_ASSERT(blocking_ret == 0);
+ TEST_EQUAL(blocking_ret, 0);
} else {
- TEST_ASSERT(blocking_ret == MBEDTLS_ERR_SSL_WANT_READ);
+ TEST_EQUAL(blocking_ret, MBEDTLS_ERR_SSL_WANT_READ);
}
}
}
@@ -848,7 +838,7 @@
}
for (i = 0; i < ROUNDS; i++) {
- TEST_ASSERT(memcmp(message[i], received[i], MSGLEN) == 0);
+ TEST_EQUAL(memcmp(message[i], received[i], MSGLEN), 0);
}
exit:
@@ -865,14 +855,14 @@
USE_PSA_INIT();
/* Trying to push/pull to an empty queue */
- TEST_ASSERT(mbedtls_test_ssl_message_queue_push_info(NULL, 1)
- == MBEDTLS_TEST_ERROR_ARG_NULL);
- TEST_ASSERT(mbedtls_test_ssl_message_queue_pop_info(NULL, 1)
- == MBEDTLS_TEST_ERROR_ARG_NULL);
+ TEST_EQUAL(mbedtls_test_ssl_message_queue_push_info(NULL, 1),
+ MBEDTLS_TEST_ERROR_ARG_NULL);
+ TEST_EQUAL(mbedtls_test_ssl_message_queue_pop_info(NULL, 1),
+ MBEDTLS_TEST_ERROR_ARG_NULL);
- TEST_ASSERT(mbedtls_test_ssl_message_queue_setup(&queue, 3) == 0);
- TEST_ASSERT(queue.capacity == 3);
- TEST_ASSERT(queue.num == 0);
+ TEST_EQUAL(mbedtls_test_ssl_message_queue_setup(&queue, 3), 0);
+ TEST_EQUAL(queue.capacity, 3);
+ TEST_EQUAL(queue.num, 0);
exit:
mbedtls_test_ssl_message_queue_free(&queue);
@@ -886,22 +876,22 @@
mbedtls_test_ssl_message_queue queue = SSL_MESSAGE_QUEUE_INIT;
USE_PSA_INIT();
- TEST_ASSERT(mbedtls_test_ssl_message_queue_setup(&queue, 3) == 0);
+ TEST_EQUAL(mbedtls_test_ssl_message_queue_setup(&queue, 3), 0);
/* Sanity test - 3 pushes and 3 pops with sufficient space */
- TEST_ASSERT(mbedtls_test_ssl_message_queue_push_info(&queue, 1) == 1);
- TEST_ASSERT(queue.capacity == 3);
- TEST_ASSERT(queue.num == 1);
- TEST_ASSERT(mbedtls_test_ssl_message_queue_push_info(&queue, 1) == 1);
- TEST_ASSERT(queue.capacity == 3);
- TEST_ASSERT(queue.num == 2);
- TEST_ASSERT(mbedtls_test_ssl_message_queue_push_info(&queue, 2) == 2);
- TEST_ASSERT(queue.capacity == 3);
- TEST_ASSERT(queue.num == 3);
+ TEST_EQUAL(mbedtls_test_ssl_message_queue_push_info(&queue, 1), 1);
+ TEST_EQUAL(queue.capacity, 3);
+ TEST_EQUAL(queue.num, 1);
+ TEST_EQUAL(mbedtls_test_ssl_message_queue_push_info(&queue, 1), 1);
+ TEST_EQUAL(queue.capacity, 3);
+ TEST_EQUAL(queue.num, 2);
+ TEST_EQUAL(mbedtls_test_ssl_message_queue_push_info(&queue, 2), 2);
+ TEST_EQUAL(queue.capacity, 3);
+ TEST_EQUAL(queue.num, 3);
- TEST_ASSERT(mbedtls_test_ssl_message_queue_pop_info(&queue, 1) == 1);
- TEST_ASSERT(mbedtls_test_ssl_message_queue_pop_info(&queue, 1) == 1);
- TEST_ASSERT(mbedtls_test_ssl_message_queue_pop_info(&queue, 2) == 2);
+ TEST_EQUAL(mbedtls_test_ssl_message_queue_pop_info(&queue, 1), 1);
+ TEST_EQUAL(mbedtls_test_ssl_message_queue_pop_info(&queue, 1), 1);
+ TEST_EQUAL(mbedtls_test_ssl_message_queue_pop_info(&queue, 2), 2);
exit:
mbedtls_test_ssl_message_queue_free(&queue);
@@ -915,21 +905,21 @@
mbedtls_test_ssl_message_queue queue = SSL_MESSAGE_QUEUE_INIT;
USE_PSA_INIT();
- TEST_ASSERT(mbedtls_test_ssl_message_queue_setup(&queue, 3) == 0);
+ TEST_EQUAL(mbedtls_test_ssl_message_queue_setup(&queue, 3), 0);
/* 4 pushes (last one with an error), 4 pops (last one with an error) */
- TEST_ASSERT(mbedtls_test_ssl_message_queue_push_info(&queue, 1) == 1);
- TEST_ASSERT(mbedtls_test_ssl_message_queue_push_info(&queue, 1) == 1);
- TEST_ASSERT(mbedtls_test_ssl_message_queue_push_info(&queue, 2) == 2);
- TEST_ASSERT(mbedtls_test_ssl_message_queue_push_info(&queue, 3)
- == MBEDTLS_ERR_SSL_WANT_WRITE);
+ TEST_EQUAL(mbedtls_test_ssl_message_queue_push_info(&queue, 1), 1);
+ TEST_EQUAL(mbedtls_test_ssl_message_queue_push_info(&queue, 1), 1);
+ TEST_EQUAL(mbedtls_test_ssl_message_queue_push_info(&queue, 2), 2);
+ TEST_EQUAL(mbedtls_test_ssl_message_queue_push_info(&queue, 3),
+ MBEDTLS_ERR_SSL_WANT_WRITE);
- TEST_ASSERT(mbedtls_test_ssl_message_queue_pop_info(&queue, 1) == 1);
- TEST_ASSERT(mbedtls_test_ssl_message_queue_pop_info(&queue, 1) == 1);
- TEST_ASSERT(mbedtls_test_ssl_message_queue_pop_info(&queue, 2) == 2);
+ TEST_EQUAL(mbedtls_test_ssl_message_queue_pop_info(&queue, 1), 1);
+ TEST_EQUAL(mbedtls_test_ssl_message_queue_pop_info(&queue, 1), 1);
+ TEST_EQUAL(mbedtls_test_ssl_message_queue_pop_info(&queue, 2), 2);
- TEST_ASSERT(mbedtls_test_ssl_message_queue_pop_info(&queue, 1)
- == MBEDTLS_ERR_SSL_WANT_READ);
+ TEST_EQUAL(mbedtls_test_ssl_message_queue_pop_info(&queue, 1),
+ MBEDTLS_ERR_SSL_WANT_READ);
exit:
mbedtls_test_ssl_message_queue_free(&queue);
@@ -943,29 +933,29 @@
mbedtls_test_ssl_message_queue queue = SSL_MESSAGE_QUEUE_INIT;
USE_PSA_INIT();
- TEST_ASSERT(mbedtls_test_ssl_message_queue_setup(&queue, 3) == 0);
+ TEST_EQUAL(mbedtls_test_ssl_message_queue_setup(&queue, 3), 0);
/* Interleaved test - [2 pushes, 1 pop] twice, and then two pops
* (to wrap around the buffer) */
- TEST_ASSERT(mbedtls_test_ssl_message_queue_push_info(&queue, 1) == 1);
- TEST_ASSERT(mbedtls_test_ssl_message_queue_push_info(&queue, 1) == 1);
+ TEST_EQUAL(mbedtls_test_ssl_message_queue_push_info(&queue, 1), 1);
+ TEST_EQUAL(mbedtls_test_ssl_message_queue_push_info(&queue, 1), 1);
- TEST_ASSERT(mbedtls_test_ssl_message_queue_pop_info(&queue, 1) == 1);
+ TEST_EQUAL(mbedtls_test_ssl_message_queue_pop_info(&queue, 1), 1);
- TEST_ASSERT(mbedtls_test_ssl_message_queue_push_info(&queue, 2) == 2);
- TEST_ASSERT(mbedtls_test_ssl_message_queue_push_info(&queue, 3) == 3);
+ TEST_EQUAL(mbedtls_test_ssl_message_queue_push_info(&queue, 2), 2);
+ TEST_EQUAL(mbedtls_test_ssl_message_queue_push_info(&queue, 3), 3);
- TEST_ASSERT(mbedtls_test_ssl_message_queue_pop_info(&queue, 1) == 1);
- TEST_ASSERT(mbedtls_test_ssl_message_queue_pop_info(&queue, 2) == 2);
+ TEST_EQUAL(mbedtls_test_ssl_message_queue_pop_info(&queue, 1), 1);
+ TEST_EQUAL(mbedtls_test_ssl_message_queue_pop_info(&queue, 2), 2);
- TEST_ASSERT(mbedtls_test_ssl_message_queue_push_info(&queue, 5) == 5);
- TEST_ASSERT(mbedtls_test_ssl_message_queue_push_info(&queue, 8) == 8);
+ TEST_EQUAL(mbedtls_test_ssl_message_queue_push_info(&queue, 5), 5);
+ TEST_EQUAL(mbedtls_test_ssl_message_queue_push_info(&queue, 8), 8);
- TEST_ASSERT(mbedtls_test_ssl_message_queue_pop_info(&queue, 3) == 3);
+ TEST_EQUAL(mbedtls_test_ssl_message_queue_pop_info(&queue, 3), 3);
- TEST_ASSERT(mbedtls_test_ssl_message_queue_pop_info(&queue, 5) == 5);
+ TEST_EQUAL(mbedtls_test_ssl_message_queue_pop_info(&queue, 5), 5);
- TEST_ASSERT(mbedtls_test_ssl_message_queue_pop_info(&queue, 8) == 8);
+ TEST_EQUAL(mbedtls_test_ssl_message_queue_pop_info(&queue, 8), 8);
exit:
mbedtls_test_ssl_message_queue_free(&queue);
@@ -981,13 +971,13 @@
size_t buffer_len = 5;
USE_PSA_INIT();
- TEST_ASSERT(mbedtls_test_ssl_message_queue_setup(&queue, 1) == 0);
+ TEST_EQUAL(mbedtls_test_ssl_message_queue_setup(&queue, 1), 0);
/* Popping without a sufficient buffer */
- TEST_ASSERT(mbedtls_test_ssl_message_queue_push_info(&queue, message_len)
- == (int) message_len);
- TEST_ASSERT(mbedtls_test_ssl_message_queue_pop_info(&queue, buffer_len)
- == (int) buffer_len);
+ TEST_EQUAL(mbedtls_test_ssl_message_queue_push_info(&queue, message_len),
+ (int) message_len);
+ TEST_EQUAL(mbedtls_test_ssl_message_queue_pop_info(&queue, buffer_len),
+ (int) buffer_len);
exit:
mbedtls_test_ssl_message_queue_free(&queue);
USE_PSA_DONE();
@@ -1007,40 +997,40 @@
USE_PSA_INIT();
/* Send with a NULL context */
- TEST_ASSERT(mbedtls_test_mock_tcp_send_msg(NULL, message, MSGLEN)
- == MBEDTLS_TEST_ERROR_CONTEXT_ERROR);
+ TEST_EQUAL(mbedtls_test_mock_tcp_send_msg(NULL, message, MSGLEN),
+ MBEDTLS_TEST_ERROR_CONTEXT_ERROR);
- TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(NULL, message, MSGLEN)
- == MBEDTLS_TEST_ERROR_CONTEXT_ERROR);
+ TEST_EQUAL(mbedtls_test_mock_tcp_recv_msg(NULL, message, MSGLEN),
+ MBEDTLS_TEST_ERROR_CONTEXT_ERROR);
- TEST_ASSERT(mbedtls_test_message_socket_setup(&server_queue,
- &client_queue, 1,
- &server,
- &server_context) == 0);
+ TEST_EQUAL(mbedtls_test_message_socket_setup(&server_queue,
+ &client_queue, 1,
+ &server,
+ &server_context), 0);
- TEST_ASSERT(mbedtls_test_message_socket_setup(&client_queue,
- &server_queue, 1,
- &client,
- &client_context) == 0);
+ TEST_EQUAL(mbedtls_test_message_socket_setup(&client_queue,
+ &server_queue, 1,
+ &client,
+ &client_context), 0);
- TEST_ASSERT(mbedtls_test_mock_tcp_send_msg(&client_context, message,
- MSGLEN)
- == MBEDTLS_TEST_ERROR_SEND_FAILED);
+ TEST_EQUAL(mbedtls_test_mock_tcp_send_msg(&client_context, message,
+ MSGLEN),
+ MBEDTLS_TEST_ERROR_SEND_FAILED);
- TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received,
- MSGLEN)
- == MBEDTLS_ERR_SSL_WANT_READ);
+ TEST_EQUAL(mbedtls_test_mock_tcp_recv_msg(&server_context, received,
+ MSGLEN),
+ MBEDTLS_ERR_SSL_WANT_READ);
/* Push directly to a queue to later simulate a disconnected behavior */
- TEST_ASSERT(mbedtls_test_ssl_message_queue_push_info(&server_queue,
- MSGLEN)
- == MSGLEN);
+ TEST_EQUAL(mbedtls_test_ssl_message_queue_push_info(&server_queue,
+ MSGLEN),
+ MSGLEN);
/* Test if there's an error when trying to read from a disconnected
* socket */
- TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received,
- MSGLEN)
- == MBEDTLS_TEST_ERROR_RECV_FAILED);
+ TEST_EQUAL(mbedtls_test_mock_tcp_recv_msg(&server_context, received,
+ MSGLEN),
+ MBEDTLS_TEST_ERROR_RECV_FAILED);
exit:
mbedtls_test_message_socket_close(&server_context);
mbedtls_test_message_socket_close(&client_context);
@@ -1062,46 +1052,46 @@
mbedtls_test_message_socket_init(&client_context);
USE_PSA_INIT();
- TEST_ASSERT(mbedtls_test_message_socket_setup(&server_queue,
- &client_queue, 1,
- &server,
- &server_context) == 0);
+ TEST_EQUAL(mbedtls_test_message_socket_setup(&server_queue,
+ &client_queue, 1,
+ &server,
+ &server_context), 0);
- TEST_ASSERT(mbedtls_test_message_socket_setup(&client_queue,
- &server_queue, 1,
- &client,
- &client_context) == 0);
+ TEST_EQUAL(mbedtls_test_message_socket_setup(&client_queue,
+ &server_queue, 1,
+ &client,
+ &client_context), 0);
/* Fill up the buffer with structured data so that unwanted changes
* can be detected */
for (i = 0; i < MSGLEN; i++) {
message[i] = i & 0xFF;
}
- TEST_ASSERT(0 == mbedtls_test_mock_socket_connect(&client, &server,
- MSGLEN));
+ TEST_EQUAL(0, mbedtls_test_mock_socket_connect(&client, &server,
+ MSGLEN));
/* Send the message to the server */
- TEST_ASSERT(mbedtls_test_mock_tcp_send_msg(&client_context, message,
- MSGLEN) == MSGLEN);
+ TEST_EQUAL(mbedtls_test_mock_tcp_send_msg(&client_context, message,
+ MSGLEN), MSGLEN);
/* Read from the server */
- TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received,
- MSGLEN)
- == MSGLEN);
+ TEST_EQUAL(mbedtls_test_mock_tcp_recv_msg(&server_context, received,
+ MSGLEN),
+ MSGLEN);
- TEST_ASSERT(memcmp(message, received, MSGLEN) == 0);
+ TEST_EQUAL(memcmp(message, received, MSGLEN), 0);
memset(received, 0, MSGLEN);
/* Send the message to the client */
- TEST_ASSERT(mbedtls_test_mock_tcp_send_msg(&server_context, message,
- MSGLEN)
- == MSGLEN);
+ TEST_EQUAL(mbedtls_test_mock_tcp_send_msg(&server_context, message,
+ MSGLEN),
+ MSGLEN);
/* Read from the client */
- TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&client_context, received,
- MSGLEN)
- == MSGLEN);
- TEST_ASSERT(memcmp(message, received, MSGLEN) == 0);
+ TEST_EQUAL(mbedtls_test_mock_tcp_recv_msg(&client_context, received,
+ MSGLEN),
+ MSGLEN);
+ TEST_EQUAL(memcmp(message, received, MSGLEN), 0);
exit:
mbedtls_test_message_socket_close(&server_context);
@@ -1124,51 +1114,51 @@
mbedtls_test_message_socket_init(&client_context);
USE_PSA_INIT();
- TEST_ASSERT(mbedtls_test_message_socket_setup(&server_queue,
- &client_queue, 2,
- &server,
- &server_context) == 0);
+ TEST_EQUAL(mbedtls_test_message_socket_setup(&server_queue,
+ &client_queue, 2,
+ &server,
+ &server_context), 0);
- TEST_ASSERT(mbedtls_test_message_socket_setup(&client_queue,
- &server_queue, 2,
- &client,
- &client_context) == 0);
+ TEST_EQUAL(mbedtls_test_message_socket_setup(&client_queue,
+ &server_queue, 2,
+ &client,
+ &client_context), 0);
/* Fill up the buffer with structured data so that unwanted changes
* can be detected */
for (i = 0; i < MSGLEN; i++) {
message[i] = i & 0xFF;
}
- TEST_ASSERT(0 == mbedtls_test_mock_socket_connect(&client, &server,
- MSGLEN*2));
+ TEST_EQUAL(0, mbedtls_test_mock_socket_connect(&client, &server,
+ MSGLEN*2));
/* Send three message to the server, last one with an error */
- TEST_ASSERT(mbedtls_test_mock_tcp_send_msg(&client_context, message,
- MSGLEN - 1)
- == MSGLEN - 1);
+ TEST_EQUAL(mbedtls_test_mock_tcp_send_msg(&client_context, message,
+ MSGLEN - 1),
+ MSGLEN - 1);
- TEST_ASSERT(mbedtls_test_mock_tcp_send_msg(&client_context, message,
- MSGLEN)
- == MSGLEN);
+ TEST_EQUAL(mbedtls_test_mock_tcp_send_msg(&client_context, message,
+ MSGLEN),
+ MSGLEN);
- TEST_ASSERT(mbedtls_test_mock_tcp_send_msg(&client_context, message,
- MSGLEN)
- == MBEDTLS_ERR_SSL_WANT_WRITE);
+ TEST_EQUAL(mbedtls_test_mock_tcp_send_msg(&client_context, message,
+ MSGLEN),
+ MBEDTLS_ERR_SSL_WANT_WRITE);
/* Read three messages from the server, last one with an error */
- TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received,
- MSGLEN - 1)
- == MSGLEN - 1);
+ TEST_EQUAL(mbedtls_test_mock_tcp_recv_msg(&server_context, received,
+ MSGLEN - 1),
+ MSGLEN - 1);
- TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received,
- MSGLEN)
- == MSGLEN);
+ TEST_EQUAL(mbedtls_test_mock_tcp_recv_msg(&server_context, received,
+ MSGLEN),
+ MSGLEN);
- TEST_ASSERT(memcmp(message, received, MSGLEN) == 0);
+ TEST_EQUAL(memcmp(message, received, MSGLEN), 0);
- TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received,
- MSGLEN)
- == MBEDTLS_ERR_SSL_WANT_READ);
+ TEST_EQUAL(mbedtls_test_mock_tcp_recv_msg(&server_context, received,
+ MSGLEN),
+ MBEDTLS_ERR_SSL_WANT_READ);
exit:
mbedtls_test_message_socket_close(&server_context);
@@ -1191,39 +1181,39 @@
mbedtls_test_message_socket_init(&client_context);
USE_PSA_INIT();
- TEST_ASSERT(mbedtls_test_message_socket_setup(&server_queue,
- &client_queue, 2,
- &server,
- &server_context) == 0);
+ TEST_EQUAL(mbedtls_test_message_socket_setup(&server_queue,
+ &client_queue, 2,
+ &server,
+ &server_context), 0);
- TEST_ASSERT(mbedtls_test_message_socket_setup(&client_queue,
- &server_queue, 2,
- &client,
- &client_context) == 0);
+ TEST_EQUAL(mbedtls_test_message_socket_setup(&client_queue,
+ &server_queue, 2,
+ &client,
+ &client_context), 0);
/* Fill up the buffer with structured data so that unwanted changes
* can be detected */
for (i = 0; i < MSGLEN; i++) {
message[i] = i & 0xFF;
}
- TEST_ASSERT(0 == mbedtls_test_mock_socket_connect(&client, &server,
- MSGLEN));
+ TEST_EQUAL(0, mbedtls_test_mock_socket_connect(&client, &server,
+ MSGLEN));
/* Send two message to the server, second one with an error */
- TEST_ASSERT(mbedtls_test_mock_tcp_send_msg(&client_context, message,
- MSGLEN)
- == MSGLEN);
+ TEST_EQUAL(mbedtls_test_mock_tcp_send_msg(&client_context, message,
+ MSGLEN),
+ MSGLEN);
- TEST_ASSERT(mbedtls_test_mock_tcp_send_msg(&client_context, message,
- MSGLEN)
- == MBEDTLS_TEST_ERROR_SEND_FAILED);
+ TEST_EQUAL(mbedtls_test_mock_tcp_send_msg(&client_context, message,
+ MSGLEN),
+ MBEDTLS_TEST_ERROR_SEND_FAILED);
/* Read the only message from the server */
- TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received,
- MSGLEN)
- == MSGLEN);
+ TEST_EQUAL(mbedtls_test_mock_tcp_recv_msg(&server_context, received,
+ MSGLEN),
+ MSGLEN);
- TEST_ASSERT(memcmp(message, received, MSGLEN) == 0);
+ TEST_EQUAL(memcmp(message, received, MSGLEN), 0);
exit:
mbedtls_test_message_socket_close(&server_context);
@@ -1246,15 +1236,15 @@
mbedtls_test_message_socket_init(&client_context);
USE_PSA_INIT();
- TEST_ASSERT(mbedtls_test_message_socket_setup(&server_queue,
- &client_queue, 2,
- &server,
- &server_context) == 0);
+ TEST_EQUAL(mbedtls_test_message_socket_setup(&server_queue,
+ &client_queue, 2,
+ &server,
+ &server_context), 0);
- TEST_ASSERT(mbedtls_test_message_socket_setup(&client_queue,
- &server_queue, 2,
- &client,
- &client_context) == 0);
+ TEST_EQUAL(mbedtls_test_message_socket_setup(&client_queue,
+ &server_queue, 2,
+ &client,
+ &client_context), 0);
memset(received, 0, MSGLEN);
/* Fill up the buffer with structured data so that unwanted changes
@@ -1262,35 +1252,35 @@
for (i = 0; i < MSGLEN; i++) {
message[i] = i & 0xFF;
}
- TEST_ASSERT(0 == mbedtls_test_mock_socket_connect(&client, &server,
- 2 * MSGLEN));
+ TEST_EQUAL(0, mbedtls_test_mock_socket_connect(&client, &server,
+ 2 * MSGLEN));
/* Send two messages to the server, the second one small enough to fit in the
* receiver's buffer. */
- TEST_ASSERT(mbedtls_test_mock_tcp_send_msg(&client_context, message,
- MSGLEN)
- == MSGLEN);
- TEST_ASSERT(mbedtls_test_mock_tcp_send_msg(&client_context, message,
- MSGLEN / 2)
- == MSGLEN / 2);
+ TEST_EQUAL(mbedtls_test_mock_tcp_send_msg(&client_context, message,
+ MSGLEN),
+ MSGLEN);
+ TEST_EQUAL(mbedtls_test_mock_tcp_send_msg(&client_context, message,
+ MSGLEN / 2),
+ MSGLEN / 2);
/* Read a truncated message from the server */
- TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received,
- MSGLEN/2)
- == MSGLEN/2);
+ TEST_EQUAL(mbedtls_test_mock_tcp_recv_msg(&server_context, received,
+ MSGLEN/2),
+ MSGLEN/2);
/* Test that the first half of the message is valid, and second one isn't */
- TEST_ASSERT(memcmp(message, received, MSGLEN/2) == 0);
+ TEST_EQUAL(memcmp(message, received, MSGLEN/2), 0);
TEST_ASSERT(memcmp(message + MSGLEN/2, received + MSGLEN/2, MSGLEN/2)
!= 0);
memset(received, 0, MSGLEN);
/* Read a full message from the server */
- TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received,
- MSGLEN/2)
- == MSGLEN / 2);
+ TEST_EQUAL(mbedtls_test_mock_tcp_recv_msg(&server_context, received,
+ MSGLEN/2),
+ MSGLEN / 2);
/* Test that the first half of the message is valid */
- TEST_ASSERT(memcmp(message, received, MSGLEN/2) == 0);
+ TEST_EQUAL(memcmp(message, received, MSGLEN/2), 0);
exit:
mbedtls_test_message_socket_close(&server_context);
@@ -1313,33 +1303,33 @@
mbedtls_test_message_socket_init(&client_context);
USE_PSA_INIT();
- TEST_ASSERT(mbedtls_test_message_socket_setup(&server_queue,
- &client_queue, 1,
- &server,
- &server_context) == 0);
+ TEST_EQUAL(mbedtls_test_message_socket_setup(&server_queue,
+ &client_queue, 1,
+ &server,
+ &server_context), 0);
- TEST_ASSERT(mbedtls_test_message_socket_setup(&client_queue,
- &server_queue, 1,
- &client,
- &client_context) == 0);
+ TEST_EQUAL(mbedtls_test_message_socket_setup(&client_queue,
+ &server_queue, 1,
+ &client,
+ &client_context), 0);
/* Fill up the buffer with structured data so that unwanted changes
* can be detected */
for (i = 0; i < MSGLEN; i++) {
message[i] = i & 0xFF;
}
- TEST_ASSERT(0 == mbedtls_test_mock_socket_connect(&client, &server,
- MSGLEN));
+ TEST_EQUAL(0, mbedtls_test_mock_socket_connect(&client, &server,
+ MSGLEN));
- TEST_ASSERT(mbedtls_test_mock_tcp_send_msg(&client_context, message,
- MSGLEN)
- == MSGLEN);
+ TEST_EQUAL(mbedtls_test_mock_tcp_send_msg(&client_context, message,
+ MSGLEN),
+ MSGLEN);
/* Force a read error by disconnecting the socket by hand */
server.status = 0;
- TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received,
- MSGLEN)
- == MBEDTLS_TEST_ERROR_RECV_FAILED);
+ TEST_EQUAL(mbedtls_test_mock_tcp_recv_msg(&server_context, received,
+ MSGLEN),
+ MBEDTLS_TEST_ERROR_RECV_FAILED);
/* Return to a valid state */
server.status = MBEDTLS_MOCK_SOCKET_CONNECTED;
@@ -1347,11 +1337,11 @@
/* Test that even though the server tried to read once disconnected, the
* continuity is preserved */
- TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received,
- MSGLEN)
- == MSGLEN);
+ TEST_EQUAL(mbedtls_test_mock_tcp_recv_msg(&server_context, received,
+ MSGLEN),
+ MSGLEN);
- TEST_ASSERT(memcmp(message, received, MSGLEN) == 0);
+ TEST_EQUAL(memcmp(message, received, MSGLEN), 0);
exit:
mbedtls_test_message_socket_close(&server_context);
@@ -1374,48 +1364,48 @@
mbedtls_test_message_socket_init(&client_context);
USE_PSA_INIT();
- TEST_ASSERT(mbedtls_test_message_socket_setup(&server_queue,
- &client_queue, 3,
- &server,
- &server_context) == 0);
+ TEST_EQUAL(mbedtls_test_message_socket_setup(&server_queue,
+ &client_queue, 3,
+ &server,
+ &server_context), 0);
- TEST_ASSERT(mbedtls_test_message_socket_setup(&client_queue,
- &server_queue, 3,
- &client,
- &client_context) == 0);
+ TEST_EQUAL(mbedtls_test_message_socket_setup(&client_queue,
+ &server_queue, 3,
+ &client,
+ &client_context), 0);
/* Fill up the buffer with structured data so that unwanted changes
* can be detected */
for (i = 0; i < MSGLEN; i++) {
message[i] = i & 0xFF;
}
- TEST_ASSERT(0 == mbedtls_test_mock_socket_connect(&client, &server,
- MSGLEN*3));
+ TEST_EQUAL(0, mbedtls_test_mock_socket_connect(&client, &server,
+ MSGLEN*3));
/* Interleaved test - [2 sends, 1 read] twice, and then two reads
* (to wrap around the buffer) */
for (i = 0; i < 2; i++) {
- TEST_ASSERT(mbedtls_test_mock_tcp_send_msg(&client_context, message,
- MSGLEN) == MSGLEN);
+ TEST_EQUAL(mbedtls_test_mock_tcp_send_msg(&client_context, message,
+ MSGLEN), MSGLEN);
- TEST_ASSERT(mbedtls_test_mock_tcp_send_msg(&client_context, message,
- MSGLEN) == MSGLEN);
+ TEST_EQUAL(mbedtls_test_mock_tcp_send_msg(&client_context, message,
+ MSGLEN), MSGLEN);
- TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received,
- MSGLEN) == MSGLEN);
- TEST_ASSERT(memcmp(message, received, MSGLEN) == 0);
+ TEST_EQUAL(mbedtls_test_mock_tcp_recv_msg(&server_context, received,
+ MSGLEN), MSGLEN);
+ TEST_EQUAL(memcmp(message, received, MSGLEN), 0);
memset(received, 0, sizeof(received));
}
for (i = 0; i < 2; i++) {
- TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received,
- MSGLEN) == MSGLEN);
+ TEST_EQUAL(mbedtls_test_mock_tcp_recv_msg(&server_context, received,
+ MSGLEN), MSGLEN);
- TEST_ASSERT(memcmp(message, received, MSGLEN) == 0);
+ TEST_EQUAL(memcmp(message, received, MSGLEN), 0);
}
- TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received,
- MSGLEN)
- == MBEDTLS_ERR_SSL_WANT_READ);
+ TEST_EQUAL(mbedtls_test_mock_tcp_recv_msg(&server_context, received,
+ MSGLEN),
+ MBEDTLS_ERR_SSL_WANT_READ);
exit:
mbedtls_test_message_socket_close(&server_context);
mbedtls_test_message_socket_close(&client_context);
@@ -1437,75 +1427,75 @@
mbedtls_test_message_socket_init(&client_context);
USE_PSA_INIT();
- TEST_ASSERT(mbedtls_test_message_socket_setup(&server_queue,
- &client_queue, 3,
- &server,
- &server_context) == 0);
+ TEST_EQUAL(mbedtls_test_message_socket_setup(&server_queue,
+ &client_queue, 3,
+ &server,
+ &server_context), 0);
- TEST_ASSERT(mbedtls_test_message_socket_setup(&client_queue,
- &server_queue, 3,
- &client,
- &client_context) == 0);
+ TEST_EQUAL(mbedtls_test_message_socket_setup(&client_queue,
+ &server_queue, 3,
+ &client,
+ &client_context), 0);
/* Fill up the buffer with structured data so that unwanted changes
* can be detected */
for (i = 0; i < MSGLEN; i++) {
message[i] = i & 0xFF;
}
- TEST_ASSERT(0 == mbedtls_test_mock_socket_connect(&client, &server,
- MSGLEN*3));
+ TEST_EQUAL(0, mbedtls_test_mock_socket_connect(&client, &server,
+ MSGLEN*3));
/* Interleaved test - [2 sends, 1 read] twice, both ways, and then two reads
* (to wrap around the buffer) both ways. */
for (i = 0; i < 2; i++) {
- TEST_ASSERT(mbedtls_test_mock_tcp_send_msg(&client_context, message,
- MSGLEN) == MSGLEN);
+ TEST_EQUAL(mbedtls_test_mock_tcp_send_msg(&client_context, message,
+ MSGLEN), MSGLEN);
- TEST_ASSERT(mbedtls_test_mock_tcp_send_msg(&client_context, message,
- MSGLEN) == MSGLEN);
+ TEST_EQUAL(mbedtls_test_mock_tcp_send_msg(&client_context, message,
+ MSGLEN), MSGLEN);
- TEST_ASSERT(mbedtls_test_mock_tcp_send_msg(&server_context, message,
- MSGLEN) == MSGLEN);
+ TEST_EQUAL(mbedtls_test_mock_tcp_send_msg(&server_context, message,
+ MSGLEN), MSGLEN);
- TEST_ASSERT(mbedtls_test_mock_tcp_send_msg(&server_context, message,
- MSGLEN) == MSGLEN);
+ TEST_EQUAL(mbedtls_test_mock_tcp_send_msg(&server_context, message,
+ MSGLEN), MSGLEN);
- TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received,
- MSGLEN) == MSGLEN);
+ TEST_EQUAL(mbedtls_test_mock_tcp_recv_msg(&server_context, received,
+ MSGLEN), MSGLEN);
- TEST_ASSERT(memcmp(message, received, MSGLEN) == 0);
+ TEST_EQUAL(memcmp(message, received, MSGLEN), 0);
memset(received, 0, sizeof(received));
- TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&client_context, received,
- MSGLEN) == MSGLEN);
+ TEST_EQUAL(mbedtls_test_mock_tcp_recv_msg(&client_context, received,
+ MSGLEN), MSGLEN);
- TEST_ASSERT(memcmp(message, received, MSGLEN) == 0);
+ TEST_EQUAL(memcmp(message, received, MSGLEN), 0);
memset(received, 0, sizeof(received));
}
for (i = 0; i < 2; i++) {
- TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received,
- MSGLEN) == MSGLEN);
+ TEST_EQUAL(mbedtls_test_mock_tcp_recv_msg(&server_context, received,
+ MSGLEN), MSGLEN);
- TEST_ASSERT(memcmp(message, received, MSGLEN) == 0);
+ TEST_EQUAL(memcmp(message, received, MSGLEN), 0);
memset(received, 0, sizeof(received));
- TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&client_context, received,
- MSGLEN) == MSGLEN);
+ TEST_EQUAL(mbedtls_test_mock_tcp_recv_msg(&client_context, received,
+ MSGLEN), MSGLEN);
- TEST_ASSERT(memcmp(message, received, MSGLEN) == 0);
+ TEST_EQUAL(memcmp(message, received, MSGLEN), 0);
memset(received, 0, sizeof(received));
}
- TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received,
- MSGLEN)
- == MBEDTLS_ERR_SSL_WANT_READ);
+ TEST_EQUAL(mbedtls_test_mock_tcp_recv_msg(&server_context, received,
+ MSGLEN),
+ MBEDTLS_ERR_SSL_WANT_READ);
- TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&client_context, received,
- MSGLEN)
- == MBEDTLS_ERR_SSL_WANT_READ);
+ TEST_EQUAL(mbedtls_test_mock_tcp_recv_msg(&client_context, received,
+ MSGLEN),
+ MBEDTLS_ERR_SSL_WANT_READ);
exit:
mbedtls_test_message_socket_close(&server_context);
mbedtls_test_message_socket_close(&client_context);
@@ -1524,12 +1514,12 @@
mbedtls_ssl_config_init(&conf);
MD_OR_USE_PSA_INIT();
- TEST_ASSERT(mbedtls_ssl_config_defaults(&conf,
- MBEDTLS_SSL_IS_CLIENT,
- MBEDTLS_SSL_TRANSPORT_DATAGRAM,
- MBEDTLS_SSL_PRESET_DEFAULT) == 0);
+ TEST_EQUAL(mbedtls_ssl_config_defaults(&conf,
+ MBEDTLS_SSL_IS_CLIENT,
+ MBEDTLS_SSL_TRANSPORT_DATAGRAM,
+ MBEDTLS_SSL_PRESET_DEFAULT), 0);
- TEST_ASSERT(mbedtls_ssl_setup(&ssl, &conf) == 0);
+ TEST_EQUAL(mbedtls_ssl_setup(&ssl, &conf), 0);
/* Read previous record numbers */
for (len = 0; len < prevs->len; len += 6) {
@@ -1539,7 +1529,7 @@
/* Check new number */
memcpy(ssl.in_ctr + 2, new->x, 6);
- TEST_ASSERT(mbedtls_ssl_dtls_replay_check(&ssl) == ret);
+ TEST_EQUAL(mbedtls_ssl_dtls_replay_check(&ssl), ret);
exit:
mbedtls_ssl_free(&ssl);
@@ -1557,13 +1547,13 @@
mbedtls_ssl_init(&ssl);
USE_PSA_INIT();
- TEST_ASSERT(mbedtls_ssl_set_hostname(&ssl, input_hostname0) == 0);
+ TEST_EQUAL(mbedtls_ssl_set_hostname(&ssl, input_hostname0), 0);
output_hostname = mbedtls_ssl_get_hostname(&ssl);
- TEST_ASSERT(strcmp(input_hostname0, output_hostname) == 0);
+ TEST_EQUAL(strcmp(input_hostname0, output_hostname), 0);
- TEST_ASSERT(mbedtls_ssl_set_hostname(&ssl, input_hostname1) == 0);
+ TEST_EQUAL(mbedtls_ssl_set_hostname(&ssl, input_hostname1), 0);
output_hostname = mbedtls_ssl_get_hostname(&ssl);
- TEST_ASSERT(strcmp(input_hostname1, output_hostname) == 0);
+ TEST_EQUAL(strcmp(input_hostname1, output_hostname), 0);
exit:
mbedtls_ssl_free(&ssl);
@@ -1601,7 +1591,7 @@
(size_t) cid0_len,
(size_t) cid1_len);
- TEST_ASSERT(ret == 0);
+ TEST_EQUAL(ret, 0);
TEST_CALLOC(buf, buflen);
@@ -1660,7 +1650,7 @@
/* DTLS 1.2 + CID hides the real content type and
* uses a special CID content type in the protected
* record. Double-check this. */
- TEST_ASSERT(rec.type == MBEDTLS_SSL_MSG_CID);
+ TEST_EQUAL(rec.type, MBEDTLS_SSL_MSG_CID);
}
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
@@ -1669,24 +1659,24 @@
/* TLS 1.3 hides the real content type and
* always uses Application Data as the content type
* for protected records. Double-check this. */
- TEST_ASSERT(rec.type == MBEDTLS_SSL_MSG_APPLICATION_DATA);
+ TEST_EQUAL(rec.type, MBEDTLS_SSL_MSG_APPLICATION_DATA);
}
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
/* Decrypt record with t_dec */
ret = mbedtls_ssl_decrypt_buf(&ssl, t_dec, &rec);
- TEST_ASSERT(ret == 0);
+ TEST_EQUAL(ret, 0);
/* Compare results */
- TEST_ASSERT(rec.type == rec_backup.type);
- TEST_ASSERT(memcmp(rec.ctr, rec_backup.ctr, 8) == 0);
- TEST_ASSERT(rec.ver[0] == rec_backup.ver[0]);
- TEST_ASSERT(rec.ver[1] == rec_backup.ver[1]);
- TEST_ASSERT(rec.data_len == rec_backup.data_len);
- TEST_ASSERT(rec.data_offset == rec_backup.data_offset);
- TEST_ASSERT(memcmp(rec.buf + rec.data_offset,
- rec_backup.buf + rec_backup.data_offset,
- rec.data_len) == 0);
+ TEST_EQUAL(rec.type, rec_backup.type);
+ TEST_EQUAL(memcmp(rec.ctr, rec_backup.ctr, 8), 0);
+ TEST_EQUAL(rec.ver[0], rec_backup.ver[0]);
+ TEST_EQUAL(rec.ver[1], rec_backup.ver[1]);
+ TEST_EQUAL(rec.data_len, rec_backup.data_len);
+ TEST_EQUAL(rec.data_offset, rec_backup.data_offset);
+ TEST_EQUAL(memcmp(rec.buf + rec.data_offset,
+ rec_backup.buf + rec_backup.data_offset,
+ rec.data_len), 0);
}
exit:
@@ -1754,7 +1744,7 @@
(size_t) cid0_len,
(size_t) cid1_len);
- TEST_ASSERT(ret == 0);
+ TEST_EQUAL(ret, 0);
TEST_CALLOC(buf, buflen);
@@ -1819,7 +1809,7 @@
/* DTLS 1.2 + CID hides the real content type and
* uses a special CID content type in the protected
* record. Double-check this. */
- TEST_ASSERT(rec.type == MBEDTLS_SSL_MSG_CID);
+ TEST_EQUAL(rec.type, MBEDTLS_SSL_MSG_CID);
}
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
@@ -1828,26 +1818,26 @@
/* TLS 1.3 hides the real content type and
* always uses Application Data as the content type
* for protected records. Double-check this. */
- TEST_ASSERT(rec.type == MBEDTLS_SSL_MSG_APPLICATION_DATA);
+ TEST_EQUAL(rec.type, MBEDTLS_SSL_MSG_APPLICATION_DATA);
}
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
/* Decrypt record with t_dec */
- TEST_ASSERT(mbedtls_ssl_decrypt_buf(&ssl, t_dec, &rec) == 0);
+ TEST_EQUAL(mbedtls_ssl_decrypt_buf(&ssl, t_dec, &rec), 0);
/* Compare results */
- TEST_ASSERT(rec.type == rec_backup.type);
- TEST_ASSERT(memcmp(rec.ctr, rec_backup.ctr, 8) == 0);
- TEST_ASSERT(rec.ver[0] == rec_backup.ver[0]);
- TEST_ASSERT(rec.ver[1] == rec_backup.ver[1]);
- TEST_ASSERT(rec.data_len == rec_backup.data_len);
- TEST_ASSERT(rec.data_offset == rec_backup.data_offset);
- TEST_ASSERT(memcmp(rec.buf + rec.data_offset,
- rec_backup.buf + rec_backup.data_offset,
- rec.data_len) == 0);
+ TEST_EQUAL(rec.type, rec_backup.type);
+ TEST_EQUAL(memcmp(rec.ctr, rec_backup.ctr, 8), 0);
+ TEST_EQUAL(rec.ver[0], rec_backup.ver[0]);
+ TEST_EQUAL(rec.ver[1], rec_backup.ver[1]);
+ TEST_EQUAL(rec.data_len, rec_backup.data_len);
+ TEST_EQUAL(rec.data_offset, rec_backup.data_offset);
+ TEST_EQUAL(memcmp(rec.buf + rec.data_offset,
+ rec_backup.buf + rec_backup.data_offset,
+ rec.data_len), 0);
}
- TEST_ASSERT(seen_success == 1);
+ TEST_EQUAL(seen_success, 1);
}
exit:
@@ -1886,16 +1876,16 @@
/* Check sanity of test parameters. */
TEST_ASSERT((size_t) desired_length <= sizeof(dst));
- TEST_ASSERT((size_t) desired_length == expected->len);
+ TEST_EQUAL((size_t) desired_length, expected->len);
PSA_INIT();
- TEST_ASSERT(mbedtls_ssl_tls13_hkdf_expand_label(
- (psa_algorithm_t) hash_alg,
- secret->x, secret->len,
- lbl, lbl_len,
- ctx->x, ctx->len,
- dst, desired_length) == 0);
+ TEST_EQUAL(mbedtls_ssl_tls13_hkdf_expand_label(
+ (psa_algorithm_t) hash_alg,
+ secret->x, secret->len,
+ lbl, lbl_len,
+ ctx->x, ctx->len,
+ dst, desired_length), 0);
TEST_MEMORY_COMPARE(dst, (size_t) desired_length,
expected->x, (size_t) expected->len);
@@ -1919,7 +1909,7 @@
mbedtls_ssl_key_set keys;
/* Check sanity of test parameters. */
- TEST_ASSERT(client_secret->len == server_secret->len);
+ TEST_EQUAL(client_secret->len, server_secret->len);
TEST_ASSERT(
expected_client_write_iv->len == expected_server_write_iv->len &&
expected_client_write_iv->len == (size_t) desired_iv_len);
@@ -1984,17 +1974,17 @@
/* Check sanity of test parameters. */
TEST_ASSERT((size_t) desired_length <= sizeof(dst));
- TEST_ASSERT((size_t) desired_length == expected->len);
+ TEST_EQUAL((size_t) desired_length, expected->len);
PSA_INIT();
- TEST_ASSERT(mbedtls_ssl_tls13_derive_secret(
- (psa_algorithm_t) hash_alg,
- secret->x, secret->len,
- lbl, lbl_len,
- ctx->x, ctx->len,
- already_hashed,
- dst, desired_length) == 0);
+ TEST_EQUAL(mbedtls_ssl_tls13_derive_secret(
+ (psa_algorithm_t) hash_alg,
+ secret->x, secret->len,
+ lbl, lbl_len,
+ ctx->x, ctx->len,
+ already_hashed,
+ dst, desired_length), 0);
TEST_MEMORY_COMPARE(dst, desired_length,
expected->x, desired_length);
@@ -2016,16 +2006,16 @@
/* Check sanity of test parameters. */
TEST_ASSERT((size_t) desired_length <= sizeof(dst));
- TEST_ASSERT((size_t) desired_length == expected->len);
+ TEST_EQUAL((size_t) desired_length, expected->len);
PSA_INIT();
- TEST_ASSERT(mbedtls_ssl_tls13_exporter(
- (psa_algorithm_t) hash_alg,
- secret->x, secret->len,
- (unsigned char *) label, strlen(label),
- (unsigned char *) context_value, strlen(context_value),
- dst, desired_length) == 0);
+ TEST_EQUAL(mbedtls_ssl_tls13_exporter(
+ (psa_algorithm_t) hash_alg,
+ secret->x, secret->len,
+ (unsigned char *) label, strlen(label),
+ (unsigned char *) context_value, strlen(context_value),
+ dst, desired_length), 0);
TEST_MEMORY_COMPARE(dst, desired_length,
expected->x, desired_length);
@@ -2055,9 +2045,9 @@
PSA_INIT();
- TEST_ASSERT(mbedtls_ssl_tls13_derive_early_secrets(
- alg, secret->x, transcript->x, transcript->len,
- &secrets) == 0);
+ TEST_EQUAL(mbedtls_ssl_tls13_derive_early_secrets(
+ alg, secret->x, transcript->x, transcript->len,
+ &secrets), 0);
TEST_MEMORY_COMPARE(secrets.client_early_traffic_secret, hash_len,
traffic_expected->x, traffic_expected->len);
@@ -2089,9 +2079,9 @@
PSA_INIT();
- TEST_ASSERT(mbedtls_ssl_tls13_derive_handshake_secrets(
- alg, secret->x, transcript->x, transcript->len,
- &secrets) == 0);
+ TEST_EQUAL(mbedtls_ssl_tls13_derive_handshake_secrets(
+ alg, secret->x, transcript->x, transcript->len,
+ &secrets), 0);
TEST_MEMORY_COMPARE(secrets.client_handshake_traffic_secret, hash_len,
client_expected->x, client_expected->len);
@@ -2125,9 +2115,9 @@
PSA_INIT();
- TEST_ASSERT(mbedtls_ssl_tls13_derive_application_secrets(
- alg, secret->x, transcript->x, transcript->len,
- &secrets) == 0);
+ TEST_EQUAL(mbedtls_ssl_tls13_derive_application_secrets(
+ alg, secret->x, transcript->x, transcript->len,
+ &secrets), 0);
TEST_MEMORY_COMPARE(secrets.client_application_traffic_secret_N, hash_len,
client_expected->x, client_expected->len);
@@ -2159,9 +2149,9 @@
PSA_INIT();
- TEST_ASSERT(mbedtls_ssl_tls13_derive_resumption_master_secret(
- alg, secret->x, transcript->x, transcript->len,
- &secrets) == 0);
+ TEST_EQUAL(mbedtls_ssl_tls13_derive_resumption_master_secret(
+ alg, secret->x, transcript->x, transcript->len,
+ &secrets), 0);
TEST_MEMORY_COMPARE(secrets.resumption_master_secret, hash_len,
resumption_expected->x, resumption_expected->len);
@@ -2189,13 +2179,13 @@
PSA_INIT();
- TEST_ASSERT(mbedtls_ssl_tls13_create_psk_binder(
- NULL, /* SSL context for debugging only */
- alg,
- psk->x, psk->len,
- psk_type,
- transcript->x,
- binder) == 0);
+ TEST_EQUAL(mbedtls_ssl_tls13_create_psk_binder(
+ NULL, /* SSL context for debugging only */
+ alg,
+ psk->x, psk->len,
+ psk_type,
+ transcript->x,
+ binder), 0);
TEST_MEMORY_COMPARE(binder, hash_len,
binder_expected->x, binder_expected->len);
@@ -2237,8 +2227,8 @@
other_endpoint = MBEDTLS_SSL_IS_SERVER;
}
- TEST_ASSERT(server_write_key->len == client_write_key->len);
- TEST_ASSERT(server_write_iv->len == client_write_iv->len);
+ TEST_EQUAL(server_write_key->len, client_write_key->len);
+ TEST_EQUAL(server_write_iv->len, client_write_iv->len);
memcpy(keys.client_write_key,
client_write_key->x, client_write_key->len);
@@ -2254,12 +2244,12 @@
MD_OR_USE_PSA_INIT();
- TEST_ASSERT(mbedtls_ssl_tls13_populate_transform(
- &transform_send, endpoint,
- ciphersuite, &keys, NULL) == 0);
- TEST_ASSERT(mbedtls_ssl_tls13_populate_transform(
- &transform_recv, other_endpoint,
- ciphersuite, &keys, NULL) == 0);
+ TEST_EQUAL(mbedtls_ssl_tls13_populate_transform(
+ &transform_send, endpoint,
+ ciphersuite, &keys, NULL), 0);
+ TEST_EQUAL(mbedtls_ssl_tls13_populate_transform(
+ &transform_recv, other_endpoint,
+ ciphersuite, &keys, NULL), 0);
/* Make sure we have enough space in the buffer even if
* we use more padding than the KAT. */
@@ -2286,14 +2276,14 @@
memset(&rec.ctr[0], 0, 8);
rec.ctr[7] = ctr;
- TEST_ASSERT(mbedtls_ssl_encrypt_buf(NULL, &transform_send, &rec) == 0);
+ TEST_EQUAL(mbedtls_ssl_encrypt_buf(NULL, &transform_send, &rec), 0);
if (padding_used == MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY) {
TEST_MEMORY_COMPARE(rec.buf + rec.data_offset, rec.data_len,
ciphertext->x, ciphertext->len);
}
- TEST_ASSERT(mbedtls_ssl_decrypt_buf(NULL, &transform_recv, &rec) == 0);
+ TEST_EQUAL(mbedtls_ssl_decrypt_buf(NULL, &transform_recv, &rec), 0);
TEST_MEMORY_COMPARE(rec.buf + rec.data_offset, rec.data_len,
plaintext->x, plaintext->len);
@@ -2315,11 +2305,11 @@
PSA_INIT();
- TEST_ASSERT(mbedtls_ssl_tls13_evolve_secret(
- (psa_algorithm_t) hash_alg,
- secret->len ? secret->x : NULL,
- input->len ? input->x : NULL, input->len,
- secret_new) == 0);
+ TEST_EQUAL(mbedtls_ssl_tls13_evolve_secret(
+ (psa_algorithm_t) hash_alg,
+ secret->len ? secret->x : NULL,
+ input->len ? input->x : NULL, input->len,
+ secret_new), 0);
TEST_MEMORY_COMPARE(secret_new, (size_t) expected->len,
expected->x, (size_t) expected->len);
@@ -2342,13 +2332,13 @@
MD_OR_USE_PSA_INIT();
- TEST_ASSERT(mbedtls_ssl_tls_prf(type, secret->x, secret->len,
- label, random->x, random->len,
- output, result_str->len) == exp_ret);
+ TEST_EQUAL(mbedtls_ssl_tls_prf(type, secret->x, secret->len,
+ label, random->x, random->len,
+ output, result_str->len), exp_ret);
if (exp_ret == 0) {
- TEST_ASSERT(mbedtls_test_hexcmp(output, result_str->x,
- result_str->len, result_str->len) == 0);
+ TEST_EQUAL(mbedtls_test_hexcmp(output, result_str->x,
+ result_str->len, result_str->len), 0);
}
exit:
@@ -2378,94 +2368,94 @@
((void) crt_file);
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
if (tls_version == MBEDTLS_SSL_VERSION_TLS1_3) {
- TEST_ASSERT(mbedtls_test_ssl_tls13_populate_session(
- &original, 0, endpoint_type) == 0);
+ TEST_EQUAL(mbedtls_test_ssl_tls13_populate_session(
+ &original, 0, endpoint_type), 0);
}
#endif
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
if (tls_version == MBEDTLS_SSL_VERSION_TLS1_2) {
- TEST_ASSERT(mbedtls_test_ssl_tls12_populate_session(
- &original, ticket_len, endpoint_type, crt_file) == 0);
+ TEST_EQUAL(mbedtls_test_ssl_tls12_populate_session(
+ &original, ticket_len, endpoint_type, crt_file), 0);
}
#endif
/* Serialize it */
- TEST_ASSERT(mbedtls_ssl_session_save(&original, NULL, 0, &len)
- == MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL);
+ TEST_EQUAL(mbedtls_ssl_session_save(&original, NULL, 0, &len),
+ MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL);
TEST_CALLOC(buf, len);
- TEST_ASSERT(mbedtls_ssl_session_save(&original, buf, len, &len)
- == 0);
+ TEST_EQUAL(mbedtls_ssl_session_save(&original, buf, len, &len),
+ 0);
/* Restore session from serialized data */
- TEST_ASSERT(mbedtls_ssl_session_load(&restored, buf, len) == 0);
+ TEST_EQUAL(mbedtls_ssl_session_load(&restored, buf, len), 0);
/*
* Make sure both session structures are identical
*/
#if defined(MBEDTLS_HAVE_TIME)
if (tls_version == MBEDTLS_SSL_VERSION_TLS1_2) {
- TEST_ASSERT(original.start == restored.start);
+ TEST_EQUAL(original.start, restored.start);
}
#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_SRV_C)
- TEST_ASSERT(original.ticket_creation_time == restored.ticket_creation_time);
+ TEST_EQUAL(original.ticket_creation_time, restored.ticket_creation_time);
#endif
#endif /* MBEDTLS_HAVE_TIME */
- TEST_ASSERT(original.tls_version == restored.tls_version);
- TEST_ASSERT(original.endpoint == restored.endpoint);
- TEST_ASSERT(original.ciphersuite == restored.ciphersuite);
+ TEST_EQUAL(original.tls_version, restored.tls_version);
+ TEST_EQUAL(original.endpoint, restored.endpoint);
+ TEST_EQUAL(original.ciphersuite, restored.ciphersuite);
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
if (tls_version == MBEDTLS_SSL_VERSION_TLS1_2) {
- TEST_ASSERT(original.id_len == restored.id_len);
- TEST_ASSERT(memcmp(original.id,
- restored.id, sizeof(original.id)) == 0);
- TEST_ASSERT(memcmp(original.master,
- restored.master, sizeof(original.master)) == 0);
+ TEST_EQUAL(original.id_len, restored.id_len);
+ TEST_EQUAL(memcmp(original.id,
+ restored.id, sizeof(original.id)), 0);
+ TEST_EQUAL(memcmp(original.master,
+ restored.master, sizeof(original.master)), 0);
#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
#if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
TEST_ASSERT((original.peer_cert == NULL) ==
(restored.peer_cert == NULL));
if (original.peer_cert != NULL) {
- TEST_ASSERT(original.peer_cert->raw.len ==
- restored.peer_cert->raw.len);
- TEST_ASSERT(memcmp(original.peer_cert->raw.p,
- restored.peer_cert->raw.p,
- original.peer_cert->raw.len) == 0);
+ TEST_EQUAL(original.peer_cert->raw.len,
+ restored.peer_cert->raw.len);
+ TEST_EQUAL(memcmp(original.peer_cert->raw.p,
+ restored.peer_cert->raw.p,
+ original.peer_cert->raw.len), 0);
}
#else /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
- TEST_ASSERT(original.peer_cert_digest_type ==
- restored.peer_cert_digest_type);
- TEST_ASSERT(original.peer_cert_digest_len ==
- restored.peer_cert_digest_len);
+ TEST_EQUAL(original.peer_cert_digest_type,
+ restored.peer_cert_digest_type);
+ TEST_EQUAL(original.peer_cert_digest_len,
+ restored.peer_cert_digest_len);
TEST_ASSERT((original.peer_cert_digest == NULL) ==
(restored.peer_cert_digest == NULL));
if (original.peer_cert_digest != NULL) {
- TEST_ASSERT(memcmp(original.peer_cert_digest,
- restored.peer_cert_digest,
- original.peer_cert_digest_len) == 0);
+ TEST_EQUAL(memcmp(original.peer_cert_digest,
+ restored.peer_cert_digest,
+ original.peer_cert_digest_len), 0);
}
#endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
- TEST_ASSERT(original.verify_result == restored.verify_result);
+ TEST_EQUAL(original.verify_result, restored.verify_result);
#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
- TEST_ASSERT(original.mfl_code == restored.mfl_code);
+ TEST_EQUAL(original.mfl_code, restored.mfl_code);
#endif
#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
- TEST_ASSERT(original.encrypt_then_mac == restored.encrypt_then_mac);
+ TEST_EQUAL(original.encrypt_then_mac, restored.encrypt_then_mac);
#endif
#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C)
- TEST_ASSERT(original.ticket_len == restored.ticket_len);
+ TEST_EQUAL(original.ticket_len, restored.ticket_len);
if (original.ticket_len != 0) {
TEST_ASSERT(original.ticket != NULL);
TEST_ASSERT(restored.ticket != NULL);
- TEST_ASSERT(memcmp(original.ticket,
- restored.ticket, original.ticket_len) == 0);
+ TEST_EQUAL(memcmp(original.ticket,
+ restored.ticket, original.ticket_len), 0);
}
- TEST_ASSERT(original.ticket_lifetime == restored.ticket_lifetime);
+ TEST_EQUAL(original.ticket_lifetime, restored.ticket_lifetime);
#endif
}
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
@@ -2473,15 +2463,15 @@
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
if (tls_version == MBEDTLS_SSL_VERSION_TLS1_3) {
#if defined(MBEDTLS_SSL_SESSION_TICKETS)
- TEST_ASSERT(original.ticket_age_add == restored.ticket_age_add);
- TEST_ASSERT(original.ticket_flags == restored.ticket_flags);
- TEST_ASSERT(original.resumption_key_len == restored.resumption_key_len);
+ TEST_EQUAL(original.ticket_age_add, restored.ticket_age_add);
+ TEST_EQUAL(original.ticket_flags, restored.ticket_flags);
+ TEST_EQUAL(original.resumption_key_len, restored.resumption_key_len);
if (original.resumption_key_len != 0) {
TEST_ASSERT(original.resumption_key != NULL);
TEST_ASSERT(restored.resumption_key != NULL);
- TEST_ASSERT(memcmp(original.resumption_key,
- restored.resumption_key,
- original.resumption_key_len) == 0);
+ TEST_EQUAL(memcmp(original.resumption_key,
+ restored.resumption_key,
+ original.resumption_key_len), 0);
}
#endif /* MBEDTLS_SSL_SESSION_TICKETS */
@@ -2502,16 +2492,16 @@
if (endpoint_type == MBEDTLS_SSL_IS_CLIENT) {
#if defined(MBEDTLS_SSL_SESSION_TICKETS)
#if defined(MBEDTLS_HAVE_TIME)
- TEST_ASSERT(original.ticket_reception_time == restored.ticket_reception_time);
+ TEST_EQUAL(original.ticket_reception_time, restored.ticket_reception_time);
#endif
- TEST_ASSERT(original.ticket_lifetime == restored.ticket_lifetime);
- TEST_ASSERT(original.ticket_len == restored.ticket_len);
+ TEST_EQUAL(original.ticket_lifetime, restored.ticket_lifetime);
+ TEST_EQUAL(original.ticket_len, restored.ticket_len);
if (original.ticket_len != 0) {
TEST_ASSERT(original.ticket != NULL);
TEST_ASSERT(restored.ticket != NULL);
- TEST_ASSERT(memcmp(original.ticket,
- restored.ticket,
- original.ticket_len) == 0);
+ TEST_EQUAL(memcmp(original.ticket,
+ restored.ticket,
+ original.ticket_len), 0);
}
#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
TEST_ASSERT(original.hostname != NULL);
@@ -2526,12 +2516,12 @@
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
#if defined(MBEDTLS_SSL_EARLY_DATA)
- TEST_ASSERT(
- original.max_early_data_size == restored.max_early_data_size);
+ TEST_EQUAL(
+ original.max_early_data_size, restored.max_early_data_size);
#endif
#if defined(MBEDTLS_SSL_RECORD_SIZE_LIMIT)
- TEST_ASSERT(original.record_size_limit == restored.record_size_limit);
+ TEST_EQUAL(original.record_size_limit, restored.record_size_limit);
#endif
exit:
@@ -2563,15 +2553,15 @@
switch (tls_version) {
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
case MBEDTLS_SSL_VERSION_TLS1_3:
- TEST_ASSERT(mbedtls_test_ssl_tls13_populate_session(
- &session, 0, endpoint_type) == 0);
+ TEST_EQUAL(mbedtls_test_ssl_tls13_populate_session(
+ &session, 0, endpoint_type), 0);
break;
#endif
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
case MBEDTLS_SSL_VERSION_TLS1_2:
- TEST_ASSERT(mbedtls_test_ssl_tls12_populate_session(
- &session, ticket_len, endpoint_type, crt_file) == 0);
+ TEST_EQUAL(mbedtls_test_ssl_tls12_populate_session(
+ &session, ticket_len, endpoint_type, crt_file), 0);
break;
#endif
default:
@@ -2581,31 +2571,31 @@
}
/* Get desired buffer size for serializing */
- TEST_ASSERT(mbedtls_ssl_session_save(&session, NULL, 0, &len0)
- == MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL);
+ TEST_EQUAL(mbedtls_ssl_session_save(&session, NULL, 0, &len0),
+ MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL);
/* Allocate first buffer */
buf1 = mbedtls_calloc(1, len0);
TEST_ASSERT(buf1 != NULL);
/* Serialize to buffer and free live session */
- TEST_ASSERT(mbedtls_ssl_session_save(&session, buf1, len0, &len1)
- == 0);
- TEST_ASSERT(len0 == len1);
+ TEST_EQUAL(mbedtls_ssl_session_save(&session, buf1, len0, &len1),
+ 0);
+ TEST_EQUAL(len0, len1);
mbedtls_ssl_session_free(&session);
/* Restore session from serialized data */
- TEST_ASSERT(mbedtls_ssl_session_load(&session, buf1, len1) == 0);
+ TEST_EQUAL(mbedtls_ssl_session_load(&session, buf1, len1), 0);
/* Allocate second buffer and serialize to it */
buf2 = mbedtls_calloc(1, len0);
TEST_ASSERT(buf2 != NULL);
- TEST_ASSERT(mbedtls_ssl_session_save(&session, buf2, len0, &len2)
- == 0);
+ TEST_EQUAL(mbedtls_ssl_session_save(&session, buf2, len0, &len2),
+ 0);
/* Make sure both serialized versions are identical */
- TEST_ASSERT(len1 == len2);
- TEST_ASSERT(memcmp(buf1, buf2, len1) == 0);
+ TEST_EQUAL(len1, len2);
+ TEST_EQUAL(memcmp(buf1, buf2, len1), 0);
exit:
mbedtls_ssl_session_free(&session);
@@ -2636,14 +2626,14 @@
switch (tls_version) {
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
case MBEDTLS_SSL_VERSION_TLS1_3:
- TEST_ASSERT(mbedtls_test_ssl_tls13_populate_session(
- &session, 0, endpoint_type) == 0);
+ TEST_EQUAL(mbedtls_test_ssl_tls13_populate_session(
+ &session, 0, endpoint_type), 0);
break;
#endif
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
case MBEDTLS_SSL_VERSION_TLS1_2:
- TEST_ASSERT(mbedtls_test_ssl_tls12_populate_session(
- &session, ticket_len, endpoint_type, crt_file) == 0);
+ TEST_EQUAL(mbedtls_test_ssl_tls12_populate_session(
+ &session, ticket_len, endpoint_type, crt_file), 0);
break;
#endif
default:
@@ -2652,8 +2642,8 @@
break;
}
- TEST_ASSERT(mbedtls_ssl_session_save(&session, NULL, 0, &good_len)
- == MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL);
+ TEST_EQUAL(mbedtls_ssl_session_save(&session, NULL, 0, &good_len),
+ MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL);
/* Try all possible bad lengths */
for (bad_len = 1; bad_len < good_len; bad_len++) {
@@ -2661,10 +2651,10 @@
mbedtls_free(buf);
buf = NULL;
TEST_CALLOC(buf, bad_len);
- TEST_ASSERT(mbedtls_ssl_session_save(&session, buf, bad_len,
- &test_len)
- == MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL);
- TEST_ASSERT(test_len == good_len);
+ TEST_EQUAL(mbedtls_ssl_session_save(&session, buf, bad_len,
+ &test_len),
+ MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL);
+ TEST_EQUAL(test_len, good_len);
}
exit:
@@ -2695,15 +2685,15 @@
switch (tls_version) {
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
case MBEDTLS_SSL_VERSION_TLS1_3:
- TEST_ASSERT(mbedtls_test_ssl_tls13_populate_session(
- &session, 0, endpoint_type) == 0);
+ TEST_EQUAL(mbedtls_test_ssl_tls13_populate_session(
+ &session, 0, endpoint_type), 0);
break;
#endif
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
case MBEDTLS_SSL_VERSION_TLS1_2:
- TEST_ASSERT(mbedtls_test_ssl_tls12_populate_session(
- &session, ticket_len, endpoint_type, crt_file) == 0);
+ TEST_EQUAL(mbedtls_test_ssl_tls12_populate_session(
+ &session, ticket_len, endpoint_type, crt_file), 0);
break;
#endif
@@ -2713,11 +2703,11 @@
break;
}
- TEST_ASSERT(mbedtls_ssl_session_save(&session, NULL, 0, &good_len)
- == MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL);
+ TEST_EQUAL(mbedtls_ssl_session_save(&session, NULL, 0, &good_len),
+ MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL);
TEST_CALLOC(good_buf, good_len);
- TEST_ASSERT(mbedtls_ssl_session_save(&session, good_buf, good_len,
- &good_len) == 0);
+ TEST_EQUAL(mbedtls_ssl_session_save(&session, good_buf, good_len,
+ &good_len), 0);
mbedtls_ssl_session_free(&session);
/* Try all possible bad lengths */
@@ -2728,8 +2718,8 @@
TEST_CALLOC_NONNULL(bad_buf, bad_len);
memcpy(bad_buf, good_buf, bad_len);
- TEST_ASSERT(mbedtls_ssl_session_load(&session, bad_buf, bad_len)
- == MBEDTLS_ERR_SSL_BAD_INPUT_DATA);
+ TEST_EQUAL(mbedtls_ssl_session_load(&session, bad_buf, bad_len),
+ MBEDTLS_ERR_SSL_BAD_INPUT_DATA);
}
exit:
@@ -2764,14 +2754,14 @@
switch (tls_version) {
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
case MBEDTLS_SSL_VERSION_TLS1_3:
- TEST_ASSERT(mbedtls_test_ssl_tls13_populate_session(
- &session, 0, endpoint_type) == 0);
+ TEST_EQUAL(mbedtls_test_ssl_tls13_populate_session(
+ &session, 0, endpoint_type), 0);
break;
#endif
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
case MBEDTLS_SSL_VERSION_TLS1_2:
- TEST_ASSERT(mbedtls_test_ssl_tls12_populate_session(
- &session, 0, endpoint_type, NULL) == 0);
+ TEST_EQUAL(mbedtls_test_ssl_tls12_populate_session(
+ &session, 0, endpoint_type, NULL), 0);
break;
#endif
@@ -2782,18 +2772,18 @@
}
/* Infer length of serialized session. */
- TEST_ASSERT(mbedtls_ssl_session_save(&session,
- serialized_session,
- sizeof(serialized_session),
- &serialized_session_len) == 0);
+ TEST_EQUAL(mbedtls_ssl_session_save(&session,
+ serialized_session,
+ sizeof(serialized_session),
+ &serialized_session_len), 0);
mbedtls_ssl_session_free(&session);
/* Without any modification, we should be able to successfully
* de-serialize the session - double-check that. */
- TEST_ASSERT(mbedtls_ssl_session_load(&session,
- serialized_session,
- serialized_session_len) == 0);
+ TEST_EQUAL(mbedtls_ssl_session_load(&session,
+ serialized_session,
+ serialized_session_len), 0);
mbedtls_ssl_session_free(&session);
/* Go through the bytes in the serialized session header and
@@ -2812,10 +2802,10 @@
*byte ^= corrupted_bit;
/* Attempt to deserialize */
- TEST_ASSERT(mbedtls_ssl_session_load(&session,
- serialized_session,
- serialized_session_len) ==
- MBEDTLS_ERR_SSL_VERSION_MISMATCH);
+ TEST_EQUAL(mbedtls_ssl_session_load(&session,
+ serialized_session,
+ serialized_session_len),
+ MBEDTLS_ERR_SSL_VERSION_MISMATCH);
/* Undo the change */
*byte ^= corrupted_bit;
@@ -2840,15 +2830,15 @@
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
case MBEDTLS_SSL_VERSION_TLS1_3:
ciphersuite_id = MBEDTLS_TLS1_3_AES_128_GCM_SHA256;
- TEST_ASSERT(mbedtls_test_ssl_tls13_populate_session(
- &session, 0, MBEDTLS_SSL_IS_SERVER) == 0);
+ TEST_EQUAL(mbedtls_test_ssl_tls13_populate_session(
+ &session, 0, MBEDTLS_SSL_IS_SERVER), 0);
break;
#endif
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
case MBEDTLS_SSL_VERSION_TLS1_2:
ciphersuite_id = MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256;
- TEST_ASSERT(mbedtls_test_ssl_tls12_populate_session(
- &session, 0, MBEDTLS_SSL_IS_SERVER, NULL) == 0);
+ TEST_EQUAL(mbedtls_test_ssl_tls12_populate_session(
+ &session, 0, MBEDTLS_SSL_IS_SERVER, NULL), 0);
break;
#endif
@@ -2857,15 +2847,18 @@
TEST_ASSERT(0);
break;
}
+
+ /* We expect pointers to the same strings, not just strings with
+ * the same content. */
TEST_ASSERT(*mbedtls_ssl_session_get_id(&session) == session.id);
- TEST_ASSERT(mbedtls_ssl_session_get_id_len(&session) == session.id_len);
+ TEST_EQUAL(mbedtls_ssl_session_get_id_len(&session), session.id_len);
/* mbedtls_test_ssl_tls1x_populate_session sets a mock suite-id of 0xabcd */
- TEST_ASSERT(mbedtls_ssl_session_get_ciphersuite_id(&session) == 0xabcd);
+ TEST_EQUAL(mbedtls_ssl_session_get_ciphersuite_id(&session), 0xabcd);
/* Test setting a reference id for tls1.3 and tls1.2 */
ciphersuite_info = mbedtls_ssl_ciphersuite_from_id(ciphersuite_id);
if (ciphersuite_info != NULL) {
- TEST_ASSERT(mbedtls_ssl_ciphersuite_get_id(ciphersuite_info) == ciphersuite_id);
+ TEST_EQUAL(mbedtls_ssl_ciphersuite_get_id(ciphersuite_info), ciphersuite_id);
}
exit:
@@ -2887,20 +2880,18 @@
MD_OR_USE_PSA_INIT();
- ret = mbedtls_test_ssl_endpoint_init(NULL, endpoint_type, &options,
- NULL, NULL, NULL);
- TEST_ASSERT(MBEDTLS_ERR_SSL_BAD_INPUT_DATA == ret);
+ ret = mbedtls_test_ssl_endpoint_init(NULL, endpoint_type, &options);
+ TEST_EQUAL(MBEDTLS_ERR_SSL_BAD_INPUT_DATA, ret);
ret = mbedtls_test_ssl_endpoint_certificate_init(NULL, options.pk_alg,
0, 0, 0);
- TEST_ASSERT(MBEDTLS_ERR_SSL_BAD_INPUT_DATA == ret);
+ TEST_EQUAL(MBEDTLS_ERR_SSL_BAD_INPUT_DATA, ret);
- ret = mbedtls_test_ssl_endpoint_init(&ep, endpoint_type, &options,
- NULL, NULL, NULL);
- TEST_ASSERT(ret == 0);
+ ret = mbedtls_test_ssl_endpoint_init(&ep, endpoint_type, &options);
+ TEST_EQUAL(ret, 0);
exit:
- mbedtls_test_ssl_endpoint_free(&ep, NULL);
+ mbedtls_test_ssl_endpoint_free(&ep);
mbedtls_test_free_handshake_options(&options);
MD_OR_USE_PSA_DONE();
}
@@ -2939,22 +2930,21 @@
MD_OR_USE_PSA_INIT();
- ret = mbedtls_test_ssl_endpoint_init(&base_ep, endpoint_type, &options,
- NULL, NULL, NULL);
- TEST_ASSERT(ret == 0);
+ ret = mbedtls_test_ssl_endpoint_init(&base_ep, endpoint_type, &options);
+ TEST_EQUAL(ret, 0);
ret = mbedtls_test_ssl_endpoint_init(
&second_ep,
(endpoint_type == MBEDTLS_SSL_IS_SERVER) ?
MBEDTLS_SSL_IS_CLIENT : MBEDTLS_SSL_IS_SERVER,
- &options, NULL, NULL, NULL);
+ &options);
- TEST_ASSERT(ret == 0);
+ TEST_EQUAL(ret, 0);
ret = mbedtls_test_mock_socket_connect(&(base_ep.socket),
&(second_ep.socket),
BUFFSIZE);
- TEST_ASSERT(ret == 0);
+ TEST_EQUAL(ret, 0);
ret = mbedtls_test_move_handshake_to_state(&(base_ep.ssl),
&(second_ep.ssl),
@@ -2963,7 +2953,7 @@
TEST_ASSERT(ret == 0 ||
ret == MBEDTLS_ERR_SSL_WANT_READ ||
ret == MBEDTLS_ERR_SSL_WANT_WRITE);
- TEST_ASSERT(base_ep.ssl.state == state);
+ TEST_EQUAL(base_ep.ssl.state, state);
} else {
TEST_ASSERT(ret != 0 &&
ret != MBEDTLS_ERR_SSL_WANT_READ &&
@@ -2973,8 +2963,8 @@
exit:
mbedtls_test_free_handshake_options(&options);
- mbedtls_test_ssl_endpoint_free(&base_ep, NULL);
- mbedtls_test_ssl_endpoint_free(&second_ep, NULL);
+ mbedtls_test_ssl_endpoint_free(&base_ep);
+ mbedtls_test_ssl_endpoint_free(&second_ep);
MD_OR_USE_PSA_DONE();
}
/* END_CASE */
@@ -3054,6 +3044,7 @@
options.opaque_alg = psa_alg;
options.opaque_alg2 = psa_alg2;
options.opaque_usage = psa_usage;
+ options.srv_auth_mode = MBEDTLS_SSL_VERIFY_NONE;
options.expected_handshake_result = expected_handshake_result;
options.expected_ciphersuite = expected_ciphersuite;
@@ -3233,8 +3224,7 @@
client_options.cli_log_fun = mbedtls_test_ssl_log_analyzer;
#endif
TEST_EQUAL(mbedtls_test_ssl_endpoint_init(&client, MBEDTLS_SSL_IS_CLIENT,
- &client_options, NULL, NULL,
- NULL), 0);
+ &client_options), 0);
server_options.server_min_version = version;
server_options.server_max_version = version;
@@ -3243,8 +3233,7 @@
server_options.srv_log_fun = mbedtls_test_ssl_log_analyzer;
#endif
TEST_EQUAL(mbedtls_test_ssl_endpoint_init(&server, MBEDTLS_SSL_IS_SERVER,
- &server_options, NULL, NULL,
- NULL), 0);
+ &server_options), 0);
TEST_EQUAL(mbedtls_test_mock_socket_connect(&client.socket,
&server.socket,
@@ -3329,8 +3318,8 @@
#endif
exit:
- mbedtls_test_ssl_endpoint_free(&client, NULL);
- mbedtls_test_ssl_endpoint_free(&server, NULL);
+ mbedtls_test_ssl_endpoint_free(&client);
+ mbedtls_test_ssl_endpoint_free(&server);
mbedtls_test_free_handshake_options(&client_options);
mbedtls_test_free_handshake_options(&server_options);
MD_OR_USE_PSA_DONE();
@@ -3416,13 +3405,13 @@
mbedtls_ssl_config_init(&conf);
MD_OR_USE_PSA_INIT();
- TEST_ASSERT(mbedtls_ssl_conf_psk(&conf,
- psk0, sizeof(psk0),
- psk0_identity, sizeof(psk0_identity)) == 0);
- TEST_ASSERT(mbedtls_ssl_conf_psk(&conf,
- psk1, sizeof(psk1),
- psk1_identity, sizeof(psk1_identity)) ==
- MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE);
+ TEST_EQUAL(mbedtls_ssl_conf_psk(&conf,
+ psk0, sizeof(psk0),
+ psk0_identity, sizeof(psk0_identity)), 0);
+ TEST_EQUAL(mbedtls_ssl_conf_psk(&conf,
+ psk1, sizeof(psk1),
+ psk1_identity, sizeof(psk1_identity)),
+ MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE);
exit:
mbedtls_ssl_config_free(&conf);
@@ -3461,43 +3450,43 @@
switch (mode) {
case 0:
- TEST_ASSERT(mbedtls_ssl_conf_psk(&conf,
- psk0_raw, sizeof(psk0_raw),
- psk0_raw_identity, sizeof(psk0_raw_identity))
- == 0);
- TEST_ASSERT(mbedtls_ssl_conf_psk_opaque(&conf,
- psk1_opaque,
- psk1_opaque_identity,
- sizeof(psk1_opaque_identity))
- == MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE);
+ TEST_EQUAL(mbedtls_ssl_conf_psk(&conf,
+ psk0_raw, sizeof(psk0_raw),
+ psk0_raw_identity, sizeof(psk0_raw_identity)),
+ 0);
+ TEST_EQUAL(mbedtls_ssl_conf_psk_opaque(&conf,
+ psk1_opaque,
+ psk1_opaque_identity,
+ sizeof(psk1_opaque_identity)),
+ MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE);
break;
case 1:
- TEST_ASSERT(mbedtls_ssl_conf_psk_opaque(&conf,
- psk0_opaque,
- psk0_opaque_identity,
- sizeof(psk0_opaque_identity))
- == 0);
- TEST_ASSERT(mbedtls_ssl_conf_psk(&conf,
- psk1_raw, sizeof(psk1_raw),
- psk1_raw_identity, sizeof(psk1_raw_identity))
- == MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE);
+ TEST_EQUAL(mbedtls_ssl_conf_psk_opaque(&conf,
+ psk0_opaque,
+ psk0_opaque_identity,
+ sizeof(psk0_opaque_identity)),
+ 0);
+ TEST_EQUAL(mbedtls_ssl_conf_psk(&conf,
+ psk1_raw, sizeof(psk1_raw),
+ psk1_raw_identity, sizeof(psk1_raw_identity)),
+ MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE);
break;
case 2:
- TEST_ASSERT(mbedtls_ssl_conf_psk_opaque(&conf,
- psk0_opaque,
- psk0_opaque_identity,
- sizeof(psk0_opaque_identity))
- == 0);
- TEST_ASSERT(mbedtls_ssl_conf_psk_opaque(&conf,
- psk1_opaque,
- psk1_opaque_identity,
- sizeof(psk1_opaque_identity))
- == MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE);
+ TEST_EQUAL(mbedtls_ssl_conf_psk_opaque(&conf,
+ psk0_opaque,
+ psk0_opaque_identity,
+ sizeof(psk0_opaque_identity)),
+ 0);
+ TEST_EQUAL(mbedtls_ssl_conf_psk_opaque(&conf,
+ psk1_opaque,
+ psk1_opaque_identity,
+ sizeof(psk1_opaque_identity)),
+ MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE);
break;
@@ -3530,7 +3519,7 @@
mbedtls_ssl_conf_min_tls_version(&conf, min_tls_version);
mbedtls_ssl_conf_max_tls_version(&conf, max_tls_version);
- TEST_ASSERT(mbedtls_ssl_setup(&ssl, &conf) == expected_ssl_setup_result);
+ TEST_EQUAL(mbedtls_ssl_setup(&ssl, &conf), expected_ssl_setup_result);
TEST_EQUAL(mbedtls_ssl_conf_get_endpoint(
mbedtls_ssl_context_get_config(&ssl)), endpoint);
@@ -3563,7 +3552,7 @@
mbedtls_ssl_init(&ssl);
MD_OR_USE_PSA_INIT();
- TEST_ASSERT(mbedtls_ssl_setup(&ssl, &conf) == 0);
+ TEST_EQUAL(mbedtls_ssl_setup(&ssl, &conf), 0);
TEST_ASSERT(ssl.conf != NULL && ssl.conf->group_list != NULL);
@@ -3604,42 +3593,41 @@
mbedtls_test_message_socket_init(&client_context);
MD_OR_USE_PSA_INIT();
- TEST_ASSERT(mbedtls_test_ssl_endpoint_init(&client, MBEDTLS_SSL_IS_CLIENT,
- &options, NULL, NULL,
- NULL) == 0);
+ TEST_EQUAL(mbedtls_test_ssl_endpoint_init(&client, MBEDTLS_SSL_IS_CLIENT,
+ &options), 0);
- TEST_ASSERT(mbedtls_test_ssl_endpoint_init(&server, MBEDTLS_SSL_IS_SERVER,
- &options, NULL, NULL, NULL) == 0);
+ TEST_EQUAL(mbedtls_test_ssl_endpoint_init(&server, MBEDTLS_SSL_IS_SERVER,
+ &options), 0);
mbedtls_debug_set_threshold(1);
mbedtls_ssl_conf_dbg(&server.conf, options.srv_log_fun,
options.srv_log_obj);
- TEST_ASSERT(mbedtls_test_mock_socket_connect(&(client.socket),
- &(server.socket),
- BUFFSIZE) == 0);
+ TEST_EQUAL(mbedtls_test_mock_socket_connect(&(client.socket),
+ &(server.socket),
+ BUFFSIZE), 0);
- TEST_ASSERT(mbedtls_test_move_handshake_to_state(
- &(client.ssl), &(server.ssl), MBEDTLS_SSL_HANDSHAKE_WRAPUP)
- == 0);
+ TEST_EQUAL(mbedtls_test_move_handshake_to_state(
+ &(client.ssl), &(server.ssl), MBEDTLS_SSL_HANDSHAKE_WRAPUP),
+ 0);
/* Force a bad session_id_len that will be read by the server in
* mbedtls_ssl_cache_set. */
server.ssl.session_negotiate->id_len = 33;
if (options.cli_msg_len != 0 || options.srv_msg_len != 0) {
/* Start data exchanging test */
- TEST_ASSERT(mbedtls_test_ssl_exchange_data(
- &(client.ssl), options.cli_msg_len,
- options.expected_cli_fragments,
- &(server.ssl), options.srv_msg_len,
- options.expected_srv_fragments)
- == 0);
+ TEST_EQUAL(mbedtls_test_ssl_exchange_data(
+ &(client.ssl), options.cli_msg_len,
+ options.expected_cli_fragments,
+ &(server.ssl), options.srv_msg_len,
+ options.expected_srv_fragments),
+ 0);
}
/* Make sure that the cache did not store the session */
TEST_EQUAL(srv_pattern.counter, 1);
exit:
- mbedtls_test_ssl_endpoint_free(&client, NULL);
- mbedtls_test_ssl_endpoint_free(&server, NULL);
+ mbedtls_test_ssl_endpoint_free(&client);
+ mbedtls_test_ssl_endpoint_free(&server);
mbedtls_test_free_handshake_options(&options);
mbedtls_debug_set_threshold(0);
MD_OR_USE_PSA_DONE();
@@ -3686,7 +3674,7 @@
USE_PSA_INIT();
mbedtls_timing_set_delay(&delay_context, 50, 100);
- TEST_ASSERT(mbedtls_timing_get_final_delay(&delay_context) == 100);
+ TEST_EQUAL(mbedtls_timing_get_final_delay(&delay_context), 100);
exit:
USE_PSA_DONE();
@@ -3710,63 +3698,63 @@
mbedtls_ssl_config_init(&conf);
MD_OR_USE_PSA_INIT();
- TEST_ASSERT(mbedtls_ssl_config_defaults(&conf,
- MBEDTLS_SSL_IS_CLIENT,
- MBEDTLS_SSL_TRANSPORT_STREAM,
- MBEDTLS_SSL_PRESET_DEFAULT)
- == 0);
+ TEST_EQUAL(mbedtls_ssl_config_defaults(&conf,
+ MBEDTLS_SSL_IS_CLIENT,
+ MBEDTLS_SSL_TRANSPORT_STREAM,
+ MBEDTLS_SSL_PRESET_DEFAULT),
+ 0);
- TEST_ASSERT(mbedtls_ssl_setup(&ssl, &conf) == 0);
+ TEST_EQUAL(mbedtls_ssl_setup(&ssl, &conf), 0);
/* Can't use CID functions with stream transport. */
- TEST_ASSERT(mbedtls_ssl_set_cid(&ssl, MBEDTLS_SSL_CID_ENABLED, own_cid,
- sizeof(own_cid))
- == MBEDTLS_ERR_SSL_BAD_INPUT_DATA);
+ TEST_EQUAL(mbedtls_ssl_set_cid(&ssl, MBEDTLS_SSL_CID_ENABLED, own_cid,
+ sizeof(own_cid)),
+ MBEDTLS_ERR_SSL_BAD_INPUT_DATA);
- TEST_ASSERT(mbedtls_ssl_get_own_cid(&ssl, &cid_enabled, test_cid,
- &own_cid_len)
- == MBEDTLS_ERR_SSL_BAD_INPUT_DATA);
+ TEST_EQUAL(mbedtls_ssl_get_own_cid(&ssl, &cid_enabled, test_cid,
+ &own_cid_len),
+ MBEDTLS_ERR_SSL_BAD_INPUT_DATA);
- TEST_ASSERT(mbedtls_ssl_config_defaults(&conf,
- MBEDTLS_SSL_IS_CLIENT,
- MBEDTLS_SSL_TRANSPORT_DATAGRAM,
- MBEDTLS_SSL_PRESET_DEFAULT)
- == 0);
+ TEST_EQUAL(mbedtls_ssl_config_defaults(&conf,
+ MBEDTLS_SSL_IS_CLIENT,
+ MBEDTLS_SSL_TRANSPORT_DATAGRAM,
+ MBEDTLS_SSL_PRESET_DEFAULT),
+ 0);
/* Attempt to set config cid size too big. */
- TEST_ASSERT(mbedtls_ssl_conf_cid(&conf, MBEDTLS_SSL_CID_IN_LEN_MAX + 1,
- MBEDTLS_SSL_UNEXPECTED_CID_IGNORE)
- == MBEDTLS_ERR_SSL_BAD_INPUT_DATA);
+ TEST_EQUAL(mbedtls_ssl_conf_cid(&conf, MBEDTLS_SSL_CID_IN_LEN_MAX + 1,
+ MBEDTLS_SSL_UNEXPECTED_CID_IGNORE),
+ MBEDTLS_ERR_SSL_BAD_INPUT_DATA);
- TEST_ASSERT(mbedtls_ssl_conf_cid(&conf, sizeof(own_cid),
- MBEDTLS_SSL_UNEXPECTED_CID_IGNORE)
- == 0);
+ TEST_EQUAL(mbedtls_ssl_conf_cid(&conf, sizeof(own_cid),
+ MBEDTLS_SSL_UNEXPECTED_CID_IGNORE),
+ 0);
/* Attempt to set CID length not matching config. */
- TEST_ASSERT(mbedtls_ssl_set_cid(&ssl, MBEDTLS_SSL_CID_ENABLED, own_cid,
- MBEDTLS_SSL_CID_IN_LEN_MAX - 1)
- == MBEDTLS_ERR_SSL_BAD_INPUT_DATA);
+ TEST_EQUAL(mbedtls_ssl_set_cid(&ssl, MBEDTLS_SSL_CID_ENABLED, own_cid,
+ MBEDTLS_SSL_CID_IN_LEN_MAX - 1),
+ MBEDTLS_ERR_SSL_BAD_INPUT_DATA);
- TEST_ASSERT(mbedtls_ssl_set_cid(&ssl, MBEDTLS_SSL_CID_ENABLED, own_cid,
- sizeof(own_cid))
- == 0);
+ TEST_EQUAL(mbedtls_ssl_set_cid(&ssl, MBEDTLS_SSL_CID_ENABLED, own_cid,
+ sizeof(own_cid)),
+ 0);
/* Test we get back what we put in. */
- TEST_ASSERT(mbedtls_ssl_get_own_cid(&ssl, &cid_enabled, test_cid,
- &own_cid_len)
- == 0);
+ TEST_EQUAL(mbedtls_ssl_get_own_cid(&ssl, &cid_enabled, test_cid,
+ &own_cid_len),
+ 0);
TEST_EQUAL(cid_enabled, MBEDTLS_SSL_CID_ENABLED);
TEST_MEMORY_COMPARE(own_cid, own_cid_len, test_cid, own_cid_len);
/* Test disabling works. */
- TEST_ASSERT(mbedtls_ssl_set_cid(&ssl, MBEDTLS_SSL_CID_DISABLED, NULL,
- 0)
- == 0);
+ TEST_EQUAL(mbedtls_ssl_set_cid(&ssl, MBEDTLS_SSL_CID_DISABLED, NULL,
+ 0),
+ 0);
- TEST_ASSERT(mbedtls_ssl_get_own_cid(&ssl, &cid_enabled, test_cid,
- &own_cid_len)
- == 0);
+ TEST_EQUAL(mbedtls_ssl_get_own_cid(&ssl, &cid_enabled, test_cid,
+ &own_cid_len),
+ 0);
TEST_EQUAL(cid_enabled, MBEDTLS_SSL_CID_DISABLED);
@@ -3800,16 +3788,14 @@
client_options.pk_alg = MBEDTLS_PK_ECDSA;
client_options.group_list = iana_tls_group_list;
TEST_EQUAL(mbedtls_test_ssl_endpoint_init(&client, MBEDTLS_SSL_IS_CLIENT,
- &client_options, NULL, NULL,
- NULL), 0);
+ &client_options), 0);
/* Server side */
server_options.pk_alg = MBEDTLS_PK_ECDSA;
server_options.server_min_version = MBEDTLS_SSL_VERSION_TLS1_2;
server_options.server_max_version = MBEDTLS_SSL_VERSION_TLS1_2;
TEST_EQUAL(mbedtls_test_ssl_endpoint_init(&server, MBEDTLS_SSL_IS_SERVER,
- &server_options, NULL, NULL,
- NULL), 0);
+ &server_options), 0);
TEST_EQUAL(mbedtls_test_mock_socket_connect(&(client.socket),
&(server.socket),
@@ -3843,8 +3829,8 @@
}
exit:
- mbedtls_test_ssl_endpoint_free(&client, NULL);
- mbedtls_test_ssl_endpoint_free(&server, NULL);
+ mbedtls_test_ssl_endpoint_free(&client);
+ mbedtls_test_ssl_endpoint_free(&server);
mbedtls_test_free_handshake_options(&client_options);
mbedtls_test_free_handshake_options(&server_options);
@@ -3875,13 +3861,13 @@
client_options.pk_alg = MBEDTLS_PK_ECDSA;
ret = mbedtls_test_ssl_endpoint_init(&client_ep, MBEDTLS_SSL_IS_CLIENT,
- &client_options, NULL, NULL, NULL);
+ &client_options);
TEST_EQUAL(ret, 0);
mbedtls_test_init_handshake_options(&server_options);
server_options.pk_alg = MBEDTLS_PK_ECDSA;
ret = mbedtls_test_ssl_endpoint_init(&server_ep, MBEDTLS_SSL_IS_SERVER,
- &server_options, NULL, NULL, NULL);
+ &server_options);
TEST_EQUAL(ret, 0);
ret = mbedtls_test_mock_socket_connect(&(client_ep.socket),
@@ -3925,8 +3911,8 @@
ret = mbedtls_ssl_tls13_parse_certificate(&(client_ep.ssl), buf, end);
TEST_EQUAL(ret, expected_result);
- TEST_ASSERT(mbedtls_ssl_cmp_chk_buf_ptr_fail_args(
- &expected_chk_buf_ptr_args) == 0);
+ TEST_EQUAL(mbedtls_ssl_cmp_chk_buf_ptr_fail_args(
+ &expected_chk_buf_ptr_args), 0);
mbedtls_ssl_reset_chk_buf_ptr_fail_args();
@@ -3939,8 +3925,8 @@
exit:
mbedtls_ssl_reset_chk_buf_ptr_fail_args();
- mbedtls_test_ssl_endpoint_free(&client_ep, NULL);
- mbedtls_test_ssl_endpoint_free(&server_ep, NULL);
+ mbedtls_test_ssl_endpoint_free(&client_ep);
+ mbedtls_test_ssl_endpoint_free(&server_ep);
mbedtls_test_free_handshake_options(&client_options);
mbedtls_test_free_handshake_options(&server_options);
MD_OR_USE_PSA_DONE();
@@ -4131,11 +4117,11 @@
* Prepare for handshake with the ticket.
*/
ret = mbedtls_test_ssl_endpoint_init(&client_ep, MBEDTLS_SSL_IS_CLIENT,
- &client_options, NULL, NULL, NULL);
+ &client_options);
TEST_EQUAL(ret, 0);
ret = mbedtls_test_ssl_endpoint_init(&server_ep, MBEDTLS_SSL_IS_SERVER,
- &server_options, NULL, NULL, NULL);
+ &server_options);
TEST_EQUAL(ret, 0);
mbedtls_ssl_conf_session_tickets_cb(&server_ep.conf,
@@ -4168,8 +4154,8 @@
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL);
exit:
- mbedtls_test_ssl_endpoint_free(&client_ep, NULL);
- mbedtls_test_ssl_endpoint_free(&server_ep, NULL);
+ mbedtls_test_ssl_endpoint_free(&client_ep);
+ mbedtls_test_ssl_endpoint_free(&server_ep);
mbedtls_test_free_handshake_options(&client_options);
mbedtls_test_free_handshake_options(&server_options);
mbedtls_ssl_session_free(&saved_session);
@@ -4293,13 +4279,13 @@
}
ret = mbedtls_test_ssl_endpoint_init(&client_ep, MBEDTLS_SSL_IS_CLIENT,
- &client_options, NULL, NULL, NULL);
+ &client_options);
TEST_EQUAL(ret, 0);
server_options.srv_log_fun = mbedtls_test_ssl_log_analyzer;
server_options.srv_log_obj = &server_pattern;
ret = mbedtls_test_ssl_endpoint_init(&server_ep, MBEDTLS_SSL_IS_SERVER,
- &server_options, NULL, NULL, NULL);
+ &server_options);
TEST_EQUAL(ret, 0);
mbedtls_ssl_conf_session_tickets_cb(&server_ep.conf,
@@ -4374,8 +4360,8 @@
MBEDTLS_SSL_HANDSHAKE_OVER), 0);
exit:
- mbedtls_test_ssl_endpoint_free(&client_ep, NULL);
- mbedtls_test_ssl_endpoint_free(&server_ep, NULL);
+ mbedtls_test_ssl_endpoint_free(&client_ep);
+ mbedtls_test_ssl_endpoint_free(&server_ep);
mbedtls_test_free_handshake_options(&client_options);
mbedtls_test_free_handshake_options(&server_options);
mbedtls_ssl_session_free(&saved_session);
@@ -4447,11 +4433,11 @@
}
ret = mbedtls_test_ssl_endpoint_init(&client_ep, MBEDTLS_SSL_IS_CLIENT,
- &client_options, NULL, NULL, NULL);
+ &client_options);
TEST_EQUAL(ret, 0);
ret = mbedtls_test_ssl_endpoint_init(&server_ep, MBEDTLS_SSL_IS_SERVER,
- &server_options, NULL, NULL, NULL);
+ &server_options);
TEST_EQUAL(ret, 0);
mbedtls_ssl_conf_session_tickets_cb(&server_ep.conf,
@@ -4667,7 +4653,7 @@
break;
case MBEDTLS_SSL_CLIENT_CCS_BEFORE_2ND_CLIENT_HELLO:
- TEST_ASSERT(scenario == TEST_EARLY_DATA_HRR);
+ TEST_EQUAL(scenario, TEST_EARLY_DATA_HRR);
TEST_EQUAL(client_ep.ssl.early_data_state,
MBEDTLS_SSL_EARLY_DATA_STATE_REJECTED);
break;
@@ -4748,8 +4734,8 @@
#endif
exit:
- mbedtls_test_ssl_endpoint_free(&client_ep, NULL);
- mbedtls_test_ssl_endpoint_free(&server_ep, NULL);
+ mbedtls_test_ssl_endpoint_free(&client_ep);
+ mbedtls_test_ssl_endpoint_free(&server_ep);
mbedtls_test_free_handshake_options(&client_options);
mbedtls_test_free_handshake_options(&server_options);
mbedtls_ssl_session_free(&saved_session);
@@ -4824,11 +4810,11 @@
}
ret = mbedtls_test_ssl_endpoint_init(&client_ep, MBEDTLS_SSL_IS_CLIENT,
- &client_options, NULL, NULL, NULL);
+ &client_options);
TEST_EQUAL(ret, 0);
ret = mbedtls_test_ssl_endpoint_init(&server_ep, MBEDTLS_SSL_IS_SERVER,
- &server_options, NULL, NULL, NULL);
+ &server_options);
TEST_EQUAL(ret, 0);
mbedtls_ssl_conf_session_tickets_cb(&server_ep.conf,
@@ -5068,12 +5054,12 @@
* this first part of the handshake with HRR.
*/
if ((scenario == TEST_EARLY_DATA_HRR) && (beyond_first_hello)) {
- TEST_ASSERT(mbedtls_test_move_handshake_to_state(
- &(client_ep.ssl), &(server_ep.ssl),
- MBEDTLS_SSL_SERVER_HELLO) == 0);
- TEST_ASSERT(mbedtls_test_move_handshake_to_state(
- &(client_ep.ssl), &(server_ep.ssl),
- MBEDTLS_SSL_CLIENT_HELLO) == 0);
+ TEST_EQUAL(mbedtls_test_move_handshake_to_state(
+ &(client_ep.ssl), &(server_ep.ssl),
+ MBEDTLS_SSL_SERVER_HELLO), 0);
+ TEST_EQUAL(mbedtls_test_move_handshake_to_state(
+ &(client_ep.ssl), &(server_ep.ssl),
+ MBEDTLS_SSL_CLIENT_HELLO), 0);
}
TEST_EQUAL(mbedtls_test_move_handshake_to_state(
@@ -5097,8 +5083,8 @@
} while (1);
exit:
- mbedtls_test_ssl_endpoint_free(&client_ep, NULL);
- mbedtls_test_ssl_endpoint_free(&server_ep, NULL);
+ mbedtls_test_ssl_endpoint_free(&client_ep);
+ mbedtls_test_ssl_endpoint_free(&server_ep);
mbedtls_test_free_handshake_options(&client_options);
mbedtls_test_free_handshake_options(&server_options);
mbedtls_ssl_session_free(&saved_session);
@@ -5147,11 +5133,11 @@
* Prepare for handshake with the ticket.
*/
ret = mbedtls_test_ssl_endpoint_init(&client_ep, MBEDTLS_SSL_IS_CLIENT,
- &client_options, NULL, NULL, NULL);
+ &client_options);
TEST_EQUAL(ret, 0);
ret = mbedtls_test_ssl_endpoint_init(&server_ep, MBEDTLS_SSL_IS_SERVER,
- &server_options, NULL, NULL, NULL);
+ &server_options);
TEST_EQUAL(ret, 0);
mbedtls_ssl_conf_session_tickets_cb(&server_ep.conf,
@@ -5239,13 +5225,13 @@
ret = mbedtls_ssl_handshake(&(server_ep.ssl));
TEST_EQUAL(ret, MBEDTLS_ERR_SSL_WANT_READ);
- TEST_ASSERT(mbedtls_test_move_handshake_to_state(
- &(client_ep.ssl), &(server_ep.ssl), MBEDTLS_SSL_HANDSHAKE_OVER)
- == 0);
+ TEST_EQUAL(mbedtls_test_move_handshake_to_state(
+ &(client_ep.ssl), &(server_ep.ssl), MBEDTLS_SSL_HANDSHAKE_OVER),
+ 0);
exit:
- mbedtls_test_ssl_endpoint_free(&client_ep, NULL);
- mbedtls_test_ssl_endpoint_free(&server_ep, NULL);
+ mbedtls_test_ssl_endpoint_free(&client_ep);
+ mbedtls_test_ssl_endpoint_free(&server_ep);
mbedtls_test_free_handshake_options(&client_options);
mbedtls_test_free_handshake_options(&server_options);
mbedtls_ssl_session_free(&saved_session);
@@ -5351,11 +5337,11 @@
}
ret = mbedtls_test_ssl_endpoint_init(&client_ep, MBEDTLS_SSL_IS_CLIENT,
- &client_options, NULL, NULL, NULL);
+ &client_options);
TEST_EQUAL(ret, 0);
ret = mbedtls_test_ssl_endpoint_init(&server_ep, MBEDTLS_SSL_IS_SERVER,
- &server_options, NULL, NULL, NULL);
+ &server_options);
TEST_EQUAL(ret, 0);
mbedtls_ssl_conf_session_tickets_cb(&server_ep.conf,
@@ -5473,7 +5459,7 @@
goto exit;
}
- TEST_ASSERT(ret == MBEDTLS_ERR_SSL_WANT_READ);
+ TEST_EQUAL(ret, MBEDTLS_ERR_SSL_WANT_READ);
TEST_EQUAL(server_pattern.counter, 1);
server_pattern.counter = 0;
@@ -5498,8 +5484,8 @@
TEST_EQUAL(server_pattern.counter, 1);
exit:
- mbedtls_test_ssl_endpoint_free(&client_ep, NULL);
- mbedtls_test_ssl_endpoint_free(&server_ep, NULL);
+ mbedtls_test_ssl_endpoint_free(&client_ep);
+ mbedtls_test_ssl_endpoint_free(&server_ep);
mbedtls_test_free_handshake_options(&client_options);
mbedtls_test_free_handshake_options(&server_options);
mbedtls_ssl_session_free(&saved_session);
@@ -5547,16 +5533,16 @@
options.pk_alg = pk_alg;
ret = mbedtls_test_ssl_endpoint_init(&server, MBEDTLS_SSL_IS_SERVER,
- &options, NULL, NULL, NULL);
- TEST_EQUAL(ret, 0);
+ &options);
+ TEST_EQUAL(ret, 0);
ret = mbedtls_test_ssl_endpoint_init(&client, MBEDTLS_SSL_IS_CLIENT,
- &options, NULL, NULL, NULL);
- TEST_EQUAL(ret, 0);
+ &options);
+ TEST_EQUAL(ret, 0);
ret = mbedtls_test_mock_socket_connect(&server.socket, &client.socket,
BUFFSIZE);
- TEST_EQUAL(ret, 0);
+ TEST_EQUAL(ret, 0);
/* Make the server move to the required state */
ret = mbedtls_test_move_handshake_to_state(&client.ssl, &server.ssl, state);
@@ -5573,13 +5559,13 @@
do {
ret = mbedtls_ssl_handshake_step(&server.ssl);
} while (ret == 0 && server.ssl.state == state);
- TEST_EQUAL(ret, expected_ret);
+ TEST_EQUAL(ret, expected_ret);
TEST_ASSERT(srv_pattern.counter >= 1);
exit:
mbedtls_test_free_handshake_options(&options);
- mbedtls_test_ssl_endpoint_free(&server, NULL);
- mbedtls_test_ssl_endpoint_free(&client, NULL);
+ mbedtls_test_ssl_endpoint_free(&server);
+ mbedtls_test_ssl_endpoint_free(&client);
mbedtls_debug_set_threshold(0);
PSA_DONE();
}
@@ -5625,16 +5611,16 @@
options.pk_alg = MBEDTLS_PK_ECDSA;
ret = mbedtls_test_ssl_endpoint_init(&server, MBEDTLS_SSL_IS_SERVER,
- &options, NULL, NULL, NULL);
- TEST_EQUAL(ret, 0);
+ &options);
+ TEST_EQUAL(ret, 0);
ret = mbedtls_test_ssl_endpoint_init(&client, MBEDTLS_SSL_IS_CLIENT,
- &options, NULL, NULL, NULL);
- TEST_EQUAL(ret, 0);
+ &options);
+ TEST_EQUAL(ret, 0);
ret = mbedtls_test_mock_socket_connect(&server.socket, &client.socket,
BUFFSIZE);
- TEST_EQUAL(ret, 0);
+ TEST_EQUAL(ret, 0);
/* Make the server move past the initial dummy state */
ret = mbedtls_test_move_handshake_to_state(&client.ssl, &server.ssl,
@@ -5692,8 +5678,8 @@
exit:
mbedtls_test_free_handshake_options(&options);
- mbedtls_test_ssl_endpoint_free(&server, NULL);
- mbedtls_test_ssl_endpoint_free(&client, NULL);
+ mbedtls_test_ssl_endpoint_free(&server);
+ mbedtls_test_ssl_endpoint_free(&client);
mbedtls_debug_set_threshold(0);
mbedtls_free(first_frag);
PSA_DONE();
@@ -5716,7 +5702,7 @@
MD_OR_USE_PSA_INIT();
ret = mbedtls_test_ssl_do_handshake_with_endpoints(&server_ep, &client_ep, &options, proto);
- TEST_ASSERT(ret == 0);
+ TEST_EQUAL(ret, 0);
TEST_ASSERT(exported_key_length > 0);
TEST_CALLOC(key_buffer_server, exported_key_length);
@@ -5731,17 +5717,17 @@
key_buffer_server, (size_t) exported_key_length,
label, sizeof(label),
context, sizeof(context), use_context);
- TEST_ASSERT(ret == 0);
+ TEST_EQUAL(ret, 0);
ret = mbedtls_ssl_export_keying_material(&client_ep.ssl,
key_buffer_client, (size_t) exported_key_length,
label, sizeof(label),
context, sizeof(context), use_context);
- TEST_ASSERT(ret == 0);
- TEST_ASSERT(memcmp(key_buffer_server, key_buffer_client, (size_t) exported_key_length) == 0);
+ TEST_EQUAL(ret, 0);
+ TEST_EQUAL(memcmp(key_buffer_server, key_buffer_client, (size_t) exported_key_length), 0);
exit:
- mbedtls_test_ssl_endpoint_free(&server_ep, NULL);
- mbedtls_test_ssl_endpoint_free(&client_ep, NULL);
+ mbedtls_test_ssl_endpoint_free(&server_ep);
+ mbedtls_test_ssl_endpoint_free(&client_ep);
mbedtls_test_free_handshake_options(&options);
mbedtls_free(key_buffer_server);
mbedtls_free(key_buffer_client);
@@ -5763,7 +5749,7 @@
MD_OR_USE_PSA_INIT();
ret = mbedtls_test_ssl_do_handshake_with_endpoints(&server_ep, &client_ep, &options, proto);
- TEST_ASSERT(ret == 0);
+ TEST_EQUAL(ret, 0);
char label_server[] = "test-label-server";
char label_client[] = "test-label-client";
@@ -5774,17 +5760,17 @@
key_buffer_server, sizeof(key_buffer_server),
label_server, sizeof(label_server),
context, sizeof(context), 1);
- TEST_ASSERT(ret == 0);
+ TEST_EQUAL(ret, 0);
ret = mbedtls_ssl_export_keying_material(&client_ep.ssl,
key_buffer_client, sizeof(key_buffer_client),
label_client, sizeof(label_client),
context, sizeof(context), 1);
- TEST_ASSERT(ret == 0);
+ TEST_EQUAL(ret, 0);
TEST_ASSERT(memcmp(key_buffer_server, key_buffer_client, sizeof(key_buffer_server)) != 0);
exit:
- mbedtls_test_ssl_endpoint_free(&server_ep, NULL);
- mbedtls_test_ssl_endpoint_free(&client_ep, NULL);
+ mbedtls_test_ssl_endpoint_free(&server_ep);
+ mbedtls_test_ssl_endpoint_free(&client_ep);
mbedtls_test_free_handshake_options(&options);
MD_OR_USE_PSA_DONE();
}
@@ -5804,7 +5790,7 @@
MD_OR_USE_PSA_INIT();
ret = mbedtls_test_ssl_do_handshake_with_endpoints(&server_ep, &client_ep, &options, proto);
- TEST_ASSERT(ret == 0);
+ TEST_EQUAL(ret, 0);
char label[] = "test-label";
uint8_t key_buffer_server[24] = { 0 };
@@ -5815,17 +5801,17 @@
key_buffer_server, sizeof(key_buffer_server),
label, sizeof(label),
context_server, sizeof(context_server), 1);
- TEST_ASSERT(ret == 0);
+ TEST_EQUAL(ret, 0);
ret = mbedtls_ssl_export_keying_material(&client_ep.ssl,
key_buffer_client, sizeof(key_buffer_client),
label, sizeof(label),
context_client, sizeof(context_client), 1);
- TEST_ASSERT(ret == 0);
+ TEST_EQUAL(ret, 0);
TEST_ASSERT(memcmp(key_buffer_server, key_buffer_client, sizeof(key_buffer_server)) != 0);
exit:
- mbedtls_test_ssl_endpoint_free(&server_ep, NULL);
- mbedtls_test_ssl_endpoint_free(&client_ep, NULL);
+ mbedtls_test_ssl_endpoint_free(&server_ep);
+ mbedtls_test_ssl_endpoint_free(&client_ep);
mbedtls_test_free_handshake_options(&options);
MD_OR_USE_PSA_DONE();
}
@@ -5849,7 +5835,7 @@
&client_ep,
&options,
MBEDTLS_SSL_VERSION_TLS1_3);
- TEST_ASSERT(ret == 0);
+ TEST_EQUAL(ret, 0);
char label[] = "test-label";
uint8_t key_buffer_server[16] = { 0 };
@@ -5859,17 +5845,17 @@
key_buffer_server, sizeof(key_buffer_server),
label, sizeof(label),
context, sizeof(context), 1);
- TEST_ASSERT(ret == 0);
+ TEST_EQUAL(ret, 0);
ret = mbedtls_ssl_export_keying_material(&client_ep.ssl,
key_buffer_client, sizeof(key_buffer_client),
label, sizeof(label),
context, sizeof(context), 1);
- TEST_ASSERT(ret == 0);
+ TEST_EQUAL(ret, 0);
TEST_ASSERT(memcmp(key_buffer_server, key_buffer_client, sizeof(key_buffer_server)) != 0);
exit:
- mbedtls_test_ssl_endpoint_free(&server_ep, NULL);
- mbedtls_test_ssl_endpoint_free(&client_ep, NULL);
+ mbedtls_test_ssl_endpoint_free(&server_ep);
+ mbedtls_test_ssl_endpoint_free(&client_ep);
mbedtls_test_free_handshake_options(&options);
MD_OR_USE_PSA_DONE();
}
@@ -5898,17 +5884,17 @@
MD_OR_USE_PSA_INIT();
ret = mbedtls_test_ssl_do_handshake_with_endpoints(&server_ep, &client_ep, &options, proto);
- TEST_ASSERT(ret == 0);
+ TEST_EQUAL(ret, 0);
ret = mbedtls_ssl_export_keying_material(&client_ep.ssl,
key_buffer, exported_key_length,
label, label_length,
context, context_length, 1);
- TEST_ASSERT(ret == MBEDTLS_ERR_SSL_BAD_INPUT_DATA);
+ TEST_EQUAL(ret, MBEDTLS_ERR_SSL_BAD_INPUT_DATA);
exit:
- mbedtls_test_ssl_endpoint_free(&server_ep, NULL);
- mbedtls_test_ssl_endpoint_free(&client_ep, NULL);
+ mbedtls_test_ssl_endpoint_free(&server_ep);
+ mbedtls_test_ssl_endpoint_free(&client_ep);
mbedtls_test_free_handshake_options(&options);
mbedtls_free(key_buffer);
mbedtls_free(label);
@@ -5936,15 +5922,13 @@
MD_OR_USE_PSA_INIT();
- ret = mbedtls_test_ssl_endpoint_init(&server_ep, MBEDTLS_SSL_IS_SERVER, &options,
- NULL, NULL, NULL);
- TEST_ASSERT(ret == 0);
- ret = mbedtls_test_ssl_endpoint_init(&client_ep, MBEDTLS_SSL_IS_CLIENT, &options,
- NULL, NULL, NULL);
- TEST_ASSERT(ret == 0);
+ ret = mbedtls_test_ssl_endpoint_init(&server_ep, MBEDTLS_SSL_IS_SERVER, &options);
+ TEST_EQUAL(ret, 0);
+ ret = mbedtls_test_ssl_endpoint_init(&client_ep, MBEDTLS_SSL_IS_CLIENT, &options);
+ TEST_EQUAL(ret, 0);
ret = mbedtls_test_mock_socket_connect(&client_ep.socket, &server_ep.socket, BUFFSIZE);
- TEST_ASSERT(ret == 0);
+ TEST_EQUAL(ret, 0);
if (check_server) {
ret = mbedtls_test_move_handshake_to_state(&server_ep.ssl, &client_ep.ssl, state);
@@ -5963,11 +5947,11 @@
NULL, 0, 0);
/* FIXME: A more appropriate error code should be created for this case. */
- TEST_ASSERT(ret == MBEDTLS_ERR_SSL_BAD_INPUT_DATA);
+ TEST_EQUAL(ret, MBEDTLS_ERR_SSL_BAD_INPUT_DATA);
exit:
- mbedtls_test_ssl_endpoint_free(&server_ep, NULL);
- mbedtls_test_ssl_endpoint_free(&client_ep, NULL);
+ mbedtls_test_ssl_endpoint_free(&server_ep);
+ mbedtls_test_ssl_endpoint_free(&client_ep);
mbedtls_test_free_handshake_options(&options);
MD_OR_USE_PSA_DONE();
}