SSL tests: make client authentication more uniform, defaulting on

There was a discrepancy between how `mbedtls_test_ssl_endpoint_init()` and
`mbedtls_test_ssl_perform_handshake()` handled client authentication:
`mbedtls_test_ssl_endpoint_init()` defaulted to
`MBEDTLS_SSL_VERIFY_REQUIRED` on both sides, whereas
`mbedtls_test_ssl_perform_handshake()` obeyed `options->srv_auth_mode` which
defaulted to no verification of the client certificate.

Make this more uniform. Now `mbedtls_test_ssl_endpoint_init()` obeys
`options->srv_auth_mode` on servers (still forcing verification on clients,
which is the library default anyway). Also, `options->srv_auth_mode` is now
enabled by default. Thus:

* Tests that call `mbedtls_test_ssl_perform_handshake()` now perform client
  certificate verification, unless they disable it explicitly.
* Tests that call `mbedtls_test_ssl_endpoint_init()` on a server are
  unchanged. (They would change if they were setting
  `options->srv_auth_mode` explicitly, which previously was ignored, but
  no test function did this.)

This means that a few test functions now perform client certificate
verification whereas they previously don't. This is harmless except in
`handshake_ciphersuite_select`, where one test case
`Handshake, select ECDH-RSA-WITH-AES-256-CBC-SHA384, opaque` fails with
client authentication because the test code doesn't deal with the weirdness
of static ECDH correctly with respect to client authentication. So keep
the previous behavior in `handshake_ciphersuite_select`, by explicitly
turning off client authentication.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>

tests/src/test_helpers/ssl_helpers.c

@@ -71,7 +71,7 @@ void mbedtls_test_init_handshake_options(
     opts->server_max_version = MBEDTLS_SSL_VERSION_UNKNOWN;
     opts->expected_negotiated_version = MBEDTLS_SSL_VERSION_TLS1_3;
     opts->pk_alg = MBEDTLS_PK_RSA;
-    opts->srv_auth_mode = MBEDTLS_SSL_VERIFY_NONE;
+    opts->srv_auth_mode = MBEDTLS_SSL_VERIFY_REQUIRED;
     opts->mfl = MBEDTLS_SSL_MAX_FRAG_LEN_NONE;
     opts->cli_msg_len = 100;
     opts->srv_msg_len = 100;
@@ -876,7 +876,11 @@ int mbedtls_test_ssl_endpoint_init(
         mbedtls_ssl_conf_groups(&(ep->conf), options->group_list);
     }
 
-    mbedtls_ssl_conf_authmode(&(ep->conf), MBEDTLS_SSL_VERIFY_REQUIRED);
+    if (MBEDTLS_SSL_IS_SERVER == endpoint_type) {
+        mbedtls_ssl_conf_authmode(&(ep->conf), options->srv_auth_mode);
+    } else {
+        mbedtls_ssl_conf_authmode(&(ep->conf), MBEDTLS_SSL_VERIFY_REQUIRED);
+    }
 
 #if defined(MBEDTLS_SSL_EARLY_DATA)
     mbedtls_ssl_conf_early_data(&(ep->conf), options->early_data);
@@ -2440,7 +2444,6 @@ void mbedtls_test_ssl_perform_handshake(
     TEST_EQUAL(mbedtls_test_ssl_endpoint_init(server,
                                               MBEDTLS_SSL_IS_SERVER,
                                               options), 0);
-    mbedtls_ssl_conf_authmode(&server->conf, options->srv_auth_mode);
 
     if (options->dtls) {
         TEST_EQUAL(mbedtls_test_ssl_dtls_join_endpoints(client, server), 0);

tests/suites/test_suite_ssl.function

@@ -3043,6 +3043,7 @@ void handshake_ciphersuite_select(char *cipher, int pk_alg, data_t *psk_str,
     options.opaque_alg = psa_alg;
     options.opaque_alg2 = psa_alg2;
     options.opaque_usage = psa_usage;
+    options.srv_auth_mode = MBEDTLS_SSL_VERIFY_NONE;
     options.expected_handshake_result = expected_handshake_result;
     options.expected_ciphersuite = expected_ciphersuite;