From f2670205656eb4526015e536d6420b68a6a888e7 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 10 Mar 2025 14:53:16 +0100 Subject: [PATCH] Improve documentation Signed-off-by: Gilles Peskine --- tests/suites/test_suite_ssl.function | 19 ++++++++++++++++--- tests/suites/test_suite_ssl.records.data | 2 +- 2 files changed, 17 insertions(+), 4 deletions(-) diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 58cf166b4f..44f1e3bb6e 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -69,9 +69,9 @@ typedef enum { RECOMBINE_TRUNCATE_FIRST, /* param: offset of truncation (<=0 means from end) */ RECOMBINE_INSERT_EMPTY, /* param: offset (<0 means from end) */ RECOMBINE_INSERT_RECORD, /* param: record type */ - RECOMBINE_COALESCE, /* param: min number of records */ + RECOMBINE_COALESCE, /* param: number of records (INT_MAX=all) */ RECOMBINE_COALESCE_SPLIT_ONCE, /* param: offset of split (<=0 means from end) */ - RECOMBINE_COALESCE_SPLIT_ENDS, /* the hairiest one? param: offset, must be >0 */ + RECOMBINE_COALESCE_SPLIT_BOTH_ENDS, /* param: offset, must be >0 */ } recombine_records_instruction_t; #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) @@ -229,6 +229,10 @@ exit: * DTLS is not supported. * Encrypted or authenticated handshake records are not supported. * Assume the buffer content is a valid sequence of records. + * + * Coalesce only the first max records, or all the records if there are + * fewer than max. + * Return the number of coalesced records, or -1 on error. */ static int recombine_coalesce_handshake_records(mbedtls_test_ssl_buffer *buf, int max) @@ -318,6 +322,9 @@ static int recombine_records(mbedtls_test_ssl_endpoint *server, case RECOMBINE_COALESCE: ret = recombine_coalesce_handshake_records(buf, param); + /* If param != INT_MAX, enforce that there were that many + * records to coalesce. In particular, 1 < param < INT_MAX + * ensures that library will see some coalesced records. */ if (param == INT_MAX) { TEST_LE_S(1, ret); } else { @@ -335,7 +342,7 @@ static int recombine_records(mbedtls_test_ssl_endpoint *server, TEST_LE_S(0, ret); break; - case RECOMBINE_COALESCE_SPLIT_ENDS: + case RECOMBINE_COALESCE_SPLIT_BOTH_ENDS: ret = recombine_coalesce_handshake_records(buf, INT_MAX); /* Accept a single record, which will be split at both ends */ TEST_LE_S(1, ret); @@ -3105,6 +3112,12 @@ void recombine_server_first_flight(int version, char *client_log, char *server_log, int goal_state, int expected_ret) { + /* Make sure we have a buffer that's large enough for the longest + * data that the library might ever send, plus a bit extra so that + * we can inject more content. The library won't ever send more than + * 2^14 bytes of handshake messages, so we round that up. In practice + * we could surely get away with a much smaller buffer. The main + * variable part is the server certificate. */ enum { BUFFSIZE = 17000 }; mbedtls_test_ssl_endpoint client; memset(&client, 0, sizeof(client)); diff --git a/tests/suites/test_suite_ssl.records.data b/tests/suites/test_suite_ssl.records.data index e94f554c69..edc2754356 100644 --- a/tests/suites/test_suite_ssl.records.data +++ b/tests/suites/test_suite_ssl.records.data @@ -159,4 +159,4 @@ recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_2:RECOMBINE_COALESCE_SPLI Recombine server flight 1: TLS 1.2, coalesce and split at both ends depends_on:MBEDTLS_SSL_PROTO_TLS1_2 -recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_2:RECOMBINE_COALESCE_SPLIT_ENDS:5:"subsequent handshake fragment\: 5,":"<= handshake wrapup":MBEDTLS_SSL_HANDSHAKE_OVER:0 +recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_2:RECOMBINE_COALESCE_SPLIT_BOTH_ENDS:5:"subsequent handshake fragment\: 5,":"<= handshake wrapup":MBEDTLS_SSL_HANDSHAKE_OVER:0