Merge pull request #10442 from davidhorstmann-arm/verify-result-default-failure

Hardening: Make `mbedtls_ssl_get_verify_result()` default to failure

tests/suites/test_suite_ssl.data

@@ -3527,3 +3527,6 @@ ssl_tls_exporter_too_early:MBEDTLS_SSL_VERSION_TLS1_3:1:MBEDTLS_SSL_SERVER_CERTI
 
 TLS fatal alert getter
 ssl_get_alert_after_fatal
+
+Default verify_result before doing a handshake
+verify_result_without_handshake

tests/suites/test_suite_ssl.function

@@ -6040,3 +6040,46 @@ exit:
     USE_PSA_DONE();
 }
 /* END_CASE */
+
+/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
+void verify_result_without_handshake(void)
+{
+    /* Test the result of verification before we perform a handshake. */
+    mbedtls_ssl_context ssl;
+    mbedtls_ssl_config conf;
+
+    PSA_INIT();
+
+    mbedtls_ssl_init(&ssl);
+    mbedtls_ssl_config_init(&conf);
+
+    TEST_EQUAL(mbedtls_ssl_config_defaults(&conf,
+                                           MBEDTLS_SSL_IS_CLIENT,
+                                           MBEDTLS_SSL_TRANSPORT_STREAM,
+                                           MBEDTLS_SSL_PRESET_DEFAULT), 0);
+
+    mbedtls_ssl_conf_authmode(&conf, MBEDTLS_SSL_VERIFY_OPTIONAL);
+    mbedtls_ssl_conf_ca_chain(&conf, NULL, NULL);
+
+    TEST_EQUAL(mbedtls_ssl_setup(&ssl, &conf), 0);
+
+    uint32_t verify_result = mbedtls_ssl_get_verify_result(&ssl);
+
+    TEST_EQUAL(verify_result, 0xFFFFFFFF);
+
+    /* Set the verify result manually and check that session_free resets it. */
+
+    /* Set the verify result to 0. */
+    ssl.session_negotiate->verify_result = 0;
+
+    mbedtls_ssl_session_free(ssl.session_negotiate);
+
+    verify_result = mbedtls_ssl_get_verify_result(&ssl);
+    TEST_EQUAL(verify_result, 0xFFFFFFFF);
+
+exit:
+    mbedtls_ssl_config_free(&conf);
+    mbedtls_ssl_free(&ssl);
+    PSA_DONE();
+}
+/* END_CASE */