From 149509362b9fe44001e523492dfb56cac94550ae Mon Sep 17 00:00:00 2001
From: Gabor Mezei <gabor.mezei@arm.com>
Date: Thu, 6 Mar 2025 16:06:42 +0100
Subject: [PATCH] TLS context serialization needs an AEAD ciphersuite

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
---
 tests/include/test/ssl_helpers.h     |  7 +++++++
 tests/suites/test_suite_ssl.function | 29 ++++++++++++++++++++++++----
 2 files changed, 32 insertions(+), 4 deletions(-)

diff --git a/tests/include/test/ssl_helpers.h b/tests/include/test/ssl_helpers.h
index e5b8d74416..910329dd0d 100644
--- a/tests/include/test/ssl_helpers.h
+++ b/tests/include/test/ssl_helpers.h
@@ -70,6 +70,13 @@
     defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED)
 #define MBEDTLS_CAN_HANDLE_RSA_TEST_KEY
 #endif
+
+#if defined(PSA_WANT_ALG_GCM) ||\
+    defined(PSA_WANT_ALG_CCM) ||\
+    defined(PSA_WANT_ALG_CHACHA20_POLY1305)
+#define MBEDTLS_TEST_HAS_AEAD_ALG
+#endif
+
 enum {
 #define MBEDTLS_SSL_TLS1_3_LABEL(name, string)          \
     tls13_label_ ## name,
diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function
index 08ecd672f1..7d8bf90efd 100644
--- a/tests/suites/test_suite_ssl.function
+++ b/tests/suites/test_suite_ssl.function
@@ -2858,13 +2858,34 @@ exit:
 }
 /* END_CASE */
 
-/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH:MBEDTLS_SSL_CONTEXT_SERIALIZATION:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_SSL_PROTO_DTLS:PSA_WANT_ALG_SHA_256:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY */
+/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH:MBEDTLS_SSL_CONTEXT_SERIALIZATION:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_SSL_PROTO_DTLS:PSA_WANT_ALG_SHA_256:MBEDTLS_TEST_HAS_AEAD_ALG:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY */
 void resize_buffers_serialize_mfl(int mfl)
 {
+    /* Choose an AEAD ciphersuite */
+    const int *ciphersuites = mbedtls_ssl_list_ciphersuites();
+    const mbedtls_ssl_ciphersuite_t *ciphersuite = NULL;
+    int i = 0;
+    while (ciphersuites[i] != 0) {
+        ciphersuite = mbedtls_ssl_ciphersuite_from_id(ciphersuites[i]);
+
+        if (ciphersuite->min_tls_version == MBEDTLS_SSL_VERSION_TLS1_2) {
+            const mbedtls_ssl_mode_t mode =
+#if defined(MBEDTLS_SSL_SOME_SUITES_USE_CBC_ETM)
+                mbedtls_ssl_get_mode_from_ciphersuite(0, ciphersuite);
+#else
+                mbedtls_ssl_get_mode_from_ciphersuite(ciphersuite);
+#endif
+            if (mode == MBEDTLS_SSL_MODE_AEAD)
+                break;
+        }
+
+        i++;
+    }
+
+    TEST_ASSERT(ciphersuite != NULL);
+
     test_resize_buffers(mfl, 0, MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION, 1, 1,
-                        (char *) "");
-    /* The goto below is used to avoid an "unused label" warning.*/
-    goto exit;
+                        (char *) ciphersuite->name);
 }
 /* END_CASE */