Positive unit testing for SSL context version functions

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2025-01-26 03:35:35 +00:00 · 2022-01-13 01:08:48 +01:00 · 2022-01-13 01:08:48 +01:00 · 1255b0de98
commit 1255b0de98
parent e1a0c25f71
1 changed files with 48 additions and 4 deletions
--- a/tests/suites/test_suite_ssl.function
+++ b/tests/suites/test_suite_ssl.function
@ -1793,6 +1793,45 @@ int exchange_data( mbedtls_ssl_context *ssl_1,
                                  ssl_2, 256, 1 );
 }

+int check_ssl_version( int expected_negotiated_version,
+                       const mbedtls_ssl_context *ssl )
+{
+    const char *version_string = mbedtls_ssl_get_version( ssl );
+    mbedtls_ssl_protocol_version version_number =
+        mbedtls_ssl_get_version_number( ssl );
+
+    TEST_EQUAL( ssl->major_ver, MBEDTLS_SSL_MAJOR_VERSION_3 );
+    TEST_EQUAL( ssl->minor_ver, expected_negotiated_version );
+
+    if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
+    {
+        TEST_EQUAL( version_string[0], 'D' );
+        ++version_string;
+    }
+
+    switch( expected_negotiated_version )
+    {
+        case MBEDTLS_SSL_MINOR_VERSION_3:
+            TEST_EQUAL( version_number, MBEDTLS_SSL_VERSION_1_2 );
+            TEST_ASSERT( strcmp( version_string, "TLSv1.2" ) == 0 );
+            break;
+
+        case MBEDTLS_SSL_MINOR_VERSION_4:
+            TEST_EQUAL( version_number, MBEDTLS_SSL_VERSION_1_3 );
+            TEST_ASSERT( strcmp( version_string, "TLSv1.3" ) == 0 );
+            break;
+
+        default:
+            TEST_ASSERT( ! "Version check not implemented for this protocol version" );
+    }
+
+    return( 1 );
+
+exit:
+    return( 0 );
+}
+
+
 #if defined(MBEDTLS_X509_CRT_PARSE_C) && \
    defined(MBEDTLS_ENTROPY_C) && \
    defined(MBEDTLS_CTR_DRBG_C)
@ -1984,11 +2023,16 @@ void perform_handshake( handshake_test_options* options )
    TEST_ASSERT( client.ssl.state == MBEDTLS_SSL_HANDSHAKE_OVER );
    TEST_ASSERT( server.ssl.state == MBEDTLS_SSL_HANDSHAKE_OVER );

-    /* Check that we agree on the version... */
-    TEST_ASSERT( client.ssl.minor_ver == server.ssl.minor_ver );
+    /* Check that both sides have negotiated the expected version. */
+    mbedtls_test_set_step( 0 );
+    if( ! check_ssl_version( options->expected_negotiated_version,
+                             &client.ssl ) )
+        goto exit;

-    /* And check that the version negotiated is the expected one. */
-    TEST_EQUAL( client.ssl.minor_ver, options->expected_negotiated_version );
+    mbedtls_test_set_step( 1 );
+    if( ! check_ssl_version( options->expected_negotiated_version,
+                             &server.ssl ) )
+        goto exit;

 #if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH)
    if( options->resize_buffers != 0 )