lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-07-29 11:41:15 +03:00
Code Activity

Merge pull request #3075 from AndrzejKurek/variable-buffer-size

Browse Source 
Variable buffer size
This commit is contained in:
Jaeden Amero
2020-03-10 21:46:35 +04:00
committed by GitHub
parent 0bf6236be5 0937ed29b9
commit c31f970a46
12 changed files with 591 additions and 28 deletions
Download Patch File Download Diff File Expand all files Collapse all files

69
tests/scripts/all.sh
View File

@ -1142,6 +1142,75 @@ component_test_no_max_fragment_length_small_ssl_out_content_len () {
if_build_succeeded tests/ssl-opt.sh -f "Max fragment length\|Large buffer"
}
component_test_variable_ssl_in_out_buffer_len () {
msg "build: MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH enabled (ASan build)"
scripts/config.py set MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH
CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
make
msg "test: MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH enabled"
make test
msg "test: ssl-opt.sh, MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH enabled"
if_build_succeeded tests/ssl-opt.sh
msg "test: compat.sh, MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH enabled"
if_build_succeeded tests/compat.sh
}
component_test_variable_ssl_in_out_buffer_len_CID () {
msg "build: MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH and MBEDTLS_SSL_DTLS_CONNECTION_ID enabled (ASan build)"
scripts/config.py set MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH
scripts/config.py set MBEDTLS_SSL_DTLS_CONNECTION_ID
CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
make
msg "test: MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH and MBEDTLS_SSL_DTLS_CONNECTION_ID"
make test
msg "test: ssl-opt.sh, MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH and MBEDTLS_SSL_DTLS_CONNECTION_ID enabled"
if_build_succeeded tests/ssl-opt.sh
msg "test: compat.sh, MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH and MBEDTLS_SSL_DTLS_CONNECTION_ID enabled"
if_build_succeeded tests/compat.sh
}
component_test_variable_ssl_in_out_buffer_len_record_splitting () {
msg "build: MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH and MBEDTLS_SSL_CBC_RECORD_SPLITTING enabled (ASan build)"
scripts/config.py set MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH
scripts/config.py set MBEDTLS_SSL_CBC_RECORD_SPLITTING
CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
make
msg "test: MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH and MBEDTLS_SSL_CBC_RECORD_SPLITTING"
make test
msg "test: ssl-opt.sh, MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH and MBEDTLS_SSL_CBC_RECORD_SPLITTING enabled"
if_build_succeeded tests/ssl-opt.sh
msg "test: compat.sh, MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH and MBEDTLS_SSL_CBC_RECORD_SPLITTING enabled"
if_build_succeeded tests/compat.sh
}
component_test_ssl_alloc_buffer_and_mfl () {
msg "build: default config with memory buffer allocator and MFL extension"
scripts/config.py set MBEDTLS_MEMORY_BUFFER_ALLOC_C
scripts/config.py set MBEDTLS_PLATFORM_MEMORY
scripts/config.py set MBEDTLS_MEMORY_DEBUG
scripts/config.py set MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
scripts/config.py set MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH
CC=gcc cmake .
make
msg "test: MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH, MBEDTLS_MEMORY_BUFFER_ALLOC_C, MBEDTLS_MEMORY_DEBUG and MBEDTLS_SSL_MAX_FRAGMENT_LENGTH"
make test
msg "test: MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH, MBEDTLS_MEMORY_BUFFER_ALLOC_C, MBEDTLS_MEMORY_DEBUG and MBEDTLS_SSL_MAX_FRAGMENT_LENGTH"
if_build_succeeded tests/ssl-opt.sh -f "Handshake memory usage"
}
component_test_when_no_ciphersuites_have_mac () {
msg "build: when no ciphersuites have MAC"
scripts/config.py unset MBEDTLS_CIPHER_NULL_CIPHER

99
tests/ssl-opt.sh
View File

@ -223,7 +223,7 @@ requires_config_value_at_most() {
}
requires_ciphersuite_enabled() {
if [ -z "$($P_CLI --help | grep $1)" ]; then
if [ -z "$($P_CLI --help 2>/dev/null | grep $1)" ]; then
SKIP_NEXT="YES"
fi
}
@ -525,6 +525,45 @@ check_server_hello_time() {
fi
}
# Get handshake memory usage from server or client output and put it into the variable specified by the first argument
handshake_memory_get() {
OUTPUT_VARIABLE="$1"
OUTPUT_FILE="$2"
# Get memory usage from a pattern like "Heap memory usage after handshake: 23112 bytes. Peak memory usage was 33112"
MEM_USAGE=$(sed -n 's/.*Heap memory usage after handshake: //p' < "$OUTPUT_FILE" | grep -o "[0-9]*" | head -1)
# Check if memory usage was read
if [ -z "$MEM_USAGE" ]; then
echo "Error: Can not read the value of handshake memory usage"
return 1
else
eval "$OUTPUT_VARIABLE=$MEM_USAGE"
return 0
fi
}
# Get handshake memory usage from server or client output and check if this value
# is not higher than the maximum given by the first argument
handshake_memory_check() {
MAX_MEMORY="$1"
OUTPUT_FILE="$2"
# Get memory usage
if ! handshake_memory_get "MEMORY_USAGE" "$OUTPUT_FILE"; then
return 1
fi
# Check if memory usage is below max value
if [ "$MEMORY_USAGE" -gt "$MAX_MEMORY" ]; then
echo "\nFailed: Handshake memory usage was $MEMORY_USAGE bytes," \
"but should be below $MAX_MEMORY bytes"
return 1
else
return 0
fi
}
# wait for client to terminate and set CLI_EXIT
# must be called right after starting the client
wait_client_done() {
@ -865,6 +904,58 @@ run_test_psa_force_curve() {
-C "error"
}
# Test that the server's memory usage after a handshake is reduced when a client specifies
# a maximum fragment length.
# first argument ($1) is MFL for SSL client
# second argument ($2) is memory usage for SSL client with default MFL (16k)
run_test_memory_after_hanshake_with_mfl()
{
# The test passes if the difference is around 2*(16k-MFL)
local MEMORY_USAGE_LIMIT="$(( $2 - ( 2 * ( 16384 - $1 )) ))"
# Leave some margin for robustness
MEMORY_USAGE_LIMIT="$(( ( MEMORY_USAGE_LIMIT * 110 ) / 100 ))"
run_test "Handshake memory usage (MFL $1)" \
"$P_SRV debug_level=3 auth_mode=required force_version=tls1_2" \
"$P_CLI debug_level=3 force_version=tls1_2 \
crt_file=data_files/server5.crt key_file=data_files/server5.key \
force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CCM max_frag_len=$1" \
0 \
-F "handshake_memory_check $MEMORY_USAGE_LIMIT"
}
# Test that the server's memory usage after a handshake is reduced when a client specifies
# different values of Maximum Fragment Length: default (16k), 4k, 2k, 1k and 512 bytes
run_tests_memory_after_hanshake()
{
# all tests in this sequence requires the same configuration (see requires_config_enabled())
SKIP_THIS_TESTS="$SKIP_NEXT"
# first test with default MFU is to get reference memory usage
MEMORY_USAGE_MFL_16K=0
run_test "Handshake memory usage initial (MFL 16384 - default)" \
"$P_SRV debug_level=3 auth_mode=required force_version=tls1_2" \
"$P_CLI debug_level=3 force_version=tls1_2 \
crt_file=data_files/server5.crt key_file=data_files/server5.key \
force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CCM" \
0 \
-F "handshake_memory_get MEMORY_USAGE_MFL_16K"
SKIP_NEXT="$SKIP_THIS_TESTS"
run_test_memory_after_hanshake_with_mfl 4096 "$MEMORY_USAGE_MFL_16K"
SKIP_NEXT="$SKIP_THIS_TESTS"
run_test_memory_after_hanshake_with_mfl 2048 "$MEMORY_USAGE_MFL_16K"
SKIP_NEXT="$SKIP_THIS_TESTS"
run_test_memory_after_hanshake_with_mfl 1024 "$MEMORY_USAGE_MFL_16K"
SKIP_NEXT="$SKIP_THIS_TESTS"
run_test_memory_after_hanshake_with_mfl 512 "$MEMORY_USAGE_MFL_16K"
}
cleanup() {
rm -f $CLI_OUT $SRV_OUT $PXY_OUT $SESSION
test -n "${SRV_PID:-}" && kill $SRV_PID >/dev/null 2>&1
@ -8820,6 +8911,12 @@ run_test "export keys functionality" \
-c "exported keylen is " \
-c "exported ivlen is "
# Test heap memory usage after handshake
requires_config_enabled MBEDTLS_MEMORY_DEBUG
requires_config_enabled MBEDTLS_MEMORY_BUFFER_ALLOC_C
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
run_tests_memory_after_hanshake
# Final report
echo "------------------------------------------------------------------------"

48
tests/suites/test_suite_ssl.data
View File

@ -368,6 +368,54 @@ renegotiation:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION
DTLS renegotiation: legacy break handshake
renegotiation:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE
DTLS serialization with MFL=512
resize_buffers_serialize_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_512
DTLS serialization with MFL=1024
resize_buffers_serialize_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_1024
DTLS serialization with MFL=2048
resize_buffers_serialize_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_2048
DTLS serialization with MFL=4096
resize_buffers_serialize_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_4096
DTLS no legacy renegotiation with MFL=512
resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_512:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION
DTLS no legacy renegotiation with MFL=1024
resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_1024:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION
DTLS no legacy renegotiation with MFL=2048
resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_2048:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION
DTLS no legacy renegotiation with MFL=4096
resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_4096:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION
DTLS legacy allow renegotiation with MFL=512
resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_512:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION
DTLS legacy allow renegotiation with MFL=1024
resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_1024:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION
DTLS legacy allow renegotiation with MFL=2048
resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_2048:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION
DTLS legacy allow renegotiation with MFL=4096
resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_4096:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION
DTLS legacy break handshake renegotiation with MFL=512
resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_512:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE
DTLS legacy break handshake renegotiation with MFL=1024
resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_1024:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE
DTLS legacy break handshake renegotiation with MFL=2048
resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_2048:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE
DTLS legacy break handshake renegotiation with MFL=4096
resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_4096:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE
SSL DTLS replay: initial state, seqnum 0
ssl_dtls_replay:"":"000000000000":0

123
tests/suites/test_suite_ssl.function
View File

@ -55,6 +55,7 @@ typedef struct handshake_test_options
void *cli_log_obj;
void (*srv_log_fun)(void *, int, const char *, int, const char *);
void (*cli_log_fun)(void *, int, const char *, int, const char *);
int resize_buffers;
} handshake_test_options;
void init_handshake_options( handshake_test_options *opts )
@ -77,6 +78,7 @@ void init_handshake_options( handshake_test_options *opts )
opts->srv_log_obj = NULL;
opts->srv_log_fun = NULL;
opts->cli_log_fun = NULL;
opts->resize_buffers = 1;
}
/*
* Buffer structure for custom I/O callbacks.
@ -1776,6 +1778,17 @@ void perform_handshake( handshake_test_options* options )
&(server.socket),
BUFFSIZE ) == 0 );
#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH)
if( options->resize_buffers != 0 )
{
/* Ensure that the buffer sizes are appropriate before resizes */
TEST_ASSERT( client.ssl.out_buf_len == MBEDTLS_SSL_OUT_BUFFER_LEN );
TEST_ASSERT( client.ssl.in_buf_len == MBEDTLS_SSL_IN_BUFFER_LEN );
TEST_ASSERT( server.ssl.out_buf_len == MBEDTLS_SSL_OUT_BUFFER_LEN );
TEST_ASSERT( server.ssl.in_buf_len == MBEDTLS_SSL_IN_BUFFER_LEN );
}
#endif
TEST_ASSERT( mbedtls_move_handshake_to_state( &(client.ssl),
&(server.ssl),
MBEDTLS_SSL_HANDSHAKE_OVER )
@ -1783,6 +1796,31 @@ void perform_handshake( handshake_test_options* options )
TEST_ASSERT( client.ssl.state == MBEDTLS_SSL_HANDSHAKE_OVER );
TEST_ASSERT( server.ssl.state == MBEDTLS_SSL_HANDSHAKE_OVER );
#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH)
if( options->resize_buffers != 0 )
{
/* Note - the case below will have to updated, since due to a 1n-1
* split against BEAST the fragment count is different
* than expected when preparing the fragment counting code. */
if( options->version != MBEDTLS_SSL_MINOR_VERSION_0 &&
options->version != MBEDTLS_SSL_MINOR_VERSION_1 )
{
/* A server, when using DTLS, might delay a buffer resize to happen
* after it receives a message, so we force it. */
TEST_ASSERT( exchange_data( &(client.ssl), &(server.ssl) ) == 0 );
TEST_ASSERT( client.ssl.out_buf_len ==
mbedtls_ssl_get_output_buflen( &client.ssl ) );
TEST_ASSERT( client.ssl.in_buf_len ==
mbedtls_ssl_get_input_buflen( &client.ssl ) );
TEST_ASSERT( server.ssl.out_buf_len ==
mbedtls_ssl_get_output_buflen( &server.ssl ) );
TEST_ASSERT( server.ssl.in_buf_len ==
mbedtls_ssl_get_input_buflen( &server.ssl ) );
}
}
#endif
if( options->cli_msg_len != 0 || options->srv_msg_len != 0 )
{
/* Start data exchanging test */
@ -1822,10 +1860,28 @@ void perform_handshake( handshake_test_options* options )
mbedtls_ssl_set_timer_cb( &server.ssl, &timer_server,
mbedtls_timing_set_delay,
mbedtls_timing_get_delay );
#endif
#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH)
if( options->resize_buffers != 0 )
{
/* Ensure that the buffer sizes are appropriate before resizes */
TEST_ASSERT( server.ssl.out_buf_len == MBEDTLS_SSL_OUT_BUFFER_LEN );
TEST_ASSERT( server.ssl.in_buf_len == MBEDTLS_SSL_IN_BUFFER_LEN );
}
#endif
TEST_ASSERT( mbedtls_ssl_context_load( &( server.ssl ), context_buf,
context_buf_len ) == 0 );
#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH)
/* Validate buffer sizes after context deserialization */
if( options->resize_buffers != 0 )
{
TEST_ASSERT( server.ssl.out_buf_len ==
mbedtls_ssl_get_output_buflen( &server.ssl ) );
TEST_ASSERT( server.ssl.in_buf_len ==
mbedtls_ssl_get_input_buflen( &server.ssl ) );
}
#endif
/* Retest writing/reading */
if( options->cli_msg_len != 0 || options->srv_msg_len != 0 )
{
@ -1839,6 +1895,7 @@ void perform_handshake( handshake_test_options* options )
}
}
#endif /* MBEDTLS_SSL_CONTEXT_SERIALIZATION */
#if defined(MBEDTLS_SSL_RENEGOTIATION)
if( options->renegotiate )
{
@ -1868,6 +1925,14 @@ void perform_handshake( handshake_test_options* options )
* function will return waiting error on the socket. All rest of
* renegotiation should happen during data exchanging */
ret = mbedtls_ssl_renegotiate( &(client.ssl) );
#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH)
if( options->resize_buffers != 0 )
{
/* Ensure that the buffer sizes are appropriate before resizes */
TEST_ASSERT( client.ssl.out_buf_len == MBEDTLS_SSL_OUT_BUFFER_LEN );
TEST_ASSERT( client.ssl.in_buf_len == MBEDTLS_SSL_IN_BUFFER_LEN );
}
#endif
TEST_ASSERT( ret == 0 ||
ret == MBEDTLS_ERR_SSL_WANT_READ ||
ret == MBEDTLS_ERR_SSL_WANT_WRITE );
@ -1881,6 +1946,20 @@ void perform_handshake( handshake_test_options* options )
MBEDTLS_SSL_RENEGOTIATION_DONE );
TEST_ASSERT( client.ssl.renego_status ==
MBEDTLS_SSL_RENEGOTIATION_DONE );
#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH)
/* Validate buffer sizes after renegotiation */
if( options->resize_buffers != 0 )
{
TEST_ASSERT( client.ssl.out_buf_len ==
mbedtls_ssl_get_output_buflen( &client.ssl ) );
TEST_ASSERT( client.ssl.in_buf_len ==
mbedtls_ssl_get_input_buflen( &client.ssl ) );
TEST_ASSERT( server.ssl.out_buf_len ==
mbedtls_ssl_get_output_buflen( &server.ssl ) );
TEST_ASSERT( server.ssl.in_buf_len ==
mbedtls_ssl_get_input_buflen( &server.ssl ) );
}
#endif /* MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH */
}
#endif /* MBEDTLS_SSL_RENEGOTIATION */
@ -3771,7 +3850,7 @@ void handshake_serialization( )
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_DEBUG_C:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_DEBUG_C:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH:MBEDTLS_CIPHER_MODE_CBC */
void handshake_fragmentation( int mfl, int expected_srv_hs_fragmentation, int expected_cli_hs_fragmentation)
{
handshake_test_options options;
@ -3784,6 +3863,8 @@ void handshake_fragmentation( int mfl, int expected_srv_hs_fragmentation, int ex
init_handshake_options( &options );
options.dtls = 1;
options.mfl = mfl;
/* Set cipher to one using CBC so that record splitting can be tested */
options.cipher = "TLS-DHE-RSA-WITH-AES-256-CBC-SHA256";
options.srv_auth_mode = MBEDTLS_SSL_VERIFY_REQUIRED;
options.srv_log_obj = &srv_pattern;
options.cli_log_obj = &cli_pattern;
@ -3820,3 +3901,43 @@ void renegotiation( int legacy_renegotiation )
goto exit;
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED */
void resize_buffers( int mfl, int renegotiation, int legacy_renegotiation,
int serialize, int dtls )
{
handshake_test_options options;
init_handshake_options( &options );
options.mfl = mfl;
options.renegotiate = renegotiation;
options.legacy_renegotiation = legacy_renegotiation;
options.serialize = serialize;
options.dtls = dtls;
options.resize_buffers = 1;
perform_handshake( &options );
/* The goto below is used to avoid an "unused label" warning.*/
goto exit;
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH:MBEDTLS_SSL_CONTEXT_SERIALIZATION:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS */
void resize_buffers_serialize_mfl( int mfl )
{
test_resize_buffers( mfl, 0, MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION, 1, 1 );
/* The goto below is used to avoid an "unused label" warning.*/
goto exit;
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH:MBEDTLS_SSL_RENEGOTIATION:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED */
void resize_buffers_renegotiate_mfl( int mfl, int legacy_renegotiation )
{
test_resize_buffers( mfl, 1, legacy_renegotiation, 0, 1 );
/* The goto below is used to avoid an "unused label" warning.*/
goto exit;
}
/* END_CASE */