From 1a13e2f43ee62c626ef794bb9896cc543fc29777 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Fri, 8 Mar 2024 14:44:35 +0100 Subject: [PATCH] tests: ssl: Improve test code for very small max_early_data_size Signed-off-by: Ronald Cron --- tests/suites/test_suite_ssl.function | 23 +++++++++++++++++++---- 1 file changed, 19 insertions(+), 4 deletions(-) diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index c381860f95..7ba5670a98 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -4675,12 +4675,27 @@ void tls13_srv_max_early_data_size(int scenario, int max_early_data_size_arg, in case TEST_EARLY_DATA_HRR: ret = mbedtls_ssl_handshake(&(server_ep.ssl)); /* - * Can be the case if max_early_data_size is smaller then the - * smallest inner content or protected record. + * In this write loop we try to always stay below the + * max_early_data_size limit but if max_early_data_size is very + * small we may exceed the max_early_data_size limit on the + * first write. In TEST_EARLY_DATA_SERVER_REJECTS/ + * TEST_EARLY_DATA_HRR scenario, this is for sure the case if + * max_early_data_size is smaller than the smallest possible + * inner content/protected record. Take into account this + * possibility here but only for max_early_data_size values + * that are close to write_size. Below, chosen 1 for one byte + * of inner type and 16 bytes for AEAD expansion (IV, ...). */ if (ret == MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE) { - /* Beyond 64 for max_early_data_size it is suspicious */ - TEST_ASSERT(max_early_data_size < 64); + if (scenario == TEST_EARLY_DATA_SERVER_REJECTS) { + TEST_LE_U(max_early_data_size, + write_size + 1 + + MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY); + } else { + TEST_LE_U(max_early_data_size, + write_size + 1 + 16 + + MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY); + } goto exit; }