Merge pull request #7409 from yanesca/lts-lifetime-clarification-2.28
[Backport 2.28] Clarify LTS lifetime
diff --git a/tests/include/test/ssl_helpers.h b/tests/include/test/ssl_helpers.h
index 1957043..6b51950 100644
--- a/tests/include/test/ssl_helpers.h
+++ b/tests/include/test/ssl_helpers.h
@@ -277,13 +277,13 @@
/*
* Setup and teardown functions for mock sockets.
*/
-void mbedtls_mock_socket_init(mbedtls_test_mock_socket *socket);
+void mbedtls_test_mock_socket_init(mbedtls_test_mock_socket *socket);
/*
* Closes the socket \p socket.
*
* \p socket must have been previously initialized by calling
- * mbedtls_mock_socket_init().
+ * mbedtls_test_mock_socket_init().
*
* This function frees all allocated resources and both sockets are aware of the
* new connection state.
@@ -298,7 +298,7 @@
* Establishes a connection between \p peer1 and \p peer2.
*
* \p peer1 and \p peer2 must have been previously initialized by calling
- * mbedtls_mock_socket_init().
+ * mbedtls_test_mock_socket_init().
*
* The capacities of the internal buffers are set to \p bufsize. Setting this to
* the correct value allows for simulation of MTU, sanity testing the mock
@@ -377,8 +377,7 @@
* mbedtls_test_mock_tcp_recv_b failed.
*
* This function will also return any error other than
- * MBEDTLS_TEST_ERROR_MESSAGE_TRUNCATED from
- * mbedtls_test_message_queue_peek_info.
+ * MBEDTLS_TEST_ERROR_MESSAGE_TRUNCATED from test_ssl_message_queue_peek_info.
*/
int mbedtls_test_mock_tcp_recv_msg(void *ctx,
unsigned char *buf, size_t buf_len);
@@ -456,6 +455,12 @@
} \
} while (0)
+#if MBEDTLS_SSL_CID_OUT_LEN_MAX > MBEDTLS_SSL_CID_IN_LEN_MAX
+#define SSL_CID_LEN_MIN MBEDTLS_SSL_CID_IN_LEN_MAX
+#else
+#define SSL_CID_LEN_MIN MBEDTLS_SSL_CID_OUT_LEN_MAX
+#endif
+
int mbedtls_test_ssl_build_transforms(mbedtls_ssl_transform *t_in,
mbedtls_ssl_transform *t_out,
int cipher_type, int hash_id,
@@ -493,10 +498,11 @@
*
* \retval 0 on success, otherwise error code.
*/
-int mbedtls_exchange_data(mbedtls_ssl_context *ssl_1,
- int msg_len_1, const int expected_fragments_1,
- mbedtls_ssl_context *ssl_2,
- int msg_len_2, const int expected_fragments_2);
+int mbedtls_test_ssl_exchange_data(
+ mbedtls_ssl_context *ssl_1,
+ int msg_len_1, const int expected_fragments_1,
+ mbedtls_ssl_context *ssl_2,
+ int msg_len_2, const int expected_fragments_2);
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) && \
defined(MBEDTLS_CERTS_C) && \
diff --git a/tests/src/test_helpers/ssl_helpers.c b/tests/src/test_helpers/ssl_helpers.c
index b7a7e86..bc9a204 100644
--- a/tests/src/test_helpers/ssl_helpers.c
+++ b/tests/src/test_helpers/ssl_helpers.c
@@ -257,8 +257,9 @@
* set to the full message length so that the
* caller knows what portion of the message can be dropped.
*/
-int mbedtls_test_message_queue_peek_info(mbedtls_test_ssl_message_queue *queue,
- size_t buf_len, size_t *msg_len)
+static int test_ssl_message_queue_peek_info(
+ mbedtls_test_ssl_message_queue *queue,
+ size_t buf_len, size_t *msg_len)
{
if (queue == NULL || msg_len == NULL) {
return MBEDTLS_TEST_ERROR_ARG_NULL;
@@ -271,7 +272,7 @@
return (*msg_len > buf_len) ? MBEDTLS_TEST_ERROR_MESSAGE_TRUNCATED : 0;
}
-void mbedtls_mock_socket_init(mbedtls_test_mock_socket *socket)
+void mbedtls_test_mock_socket_init(mbedtls_test_mock_socket *socket)
{
memset(socket, 0, sizeof(*socket));
}
@@ -423,7 +424,7 @@
ctx->queue_input = queue_input;
ctx->queue_output = queue_output;
ctx->socket = socket;
- mbedtls_mock_socket_init(socket);
+ mbedtls_test_mock_socket_init(socket);
return 0;
}
@@ -488,7 +489,7 @@
/* Peek first, so that in case of a socket error the data remains in
* the queue. */
- ret = mbedtls_test_message_queue_peek_info(queue, buf_len, &msg_len);
+ ret = test_ssl_message_queue_peek_info(queue, buf_len, &msg_len);
if (ret == MBEDTLS_TEST_ERROR_MESSAGE_TRUNCATED) {
/* Calculate how much to drop */
drop_len = msg_len - buf_len;
@@ -525,7 +526,7 @@
/*
* Deinitializes certificates from endpoint represented by \p ep.
*/
-void mbedtls_endpoint_certificate_free(mbedtls_test_ssl_endpoint *ep)
+static void test_ssl_endpoint_certificate_free(mbedtls_test_ssl_endpoint *ep)
{
mbedtls_test_ssl_endpoint_certificate *cert = &(ep->cert);
if (cert != NULL) {
@@ -647,7 +648,7 @@
exit:
if (ret != 0) {
- mbedtls_endpoint_certificate_free(ep);
+ test_ssl_endpoint_certificate_free(ep);
}
return ret;
@@ -687,7 +688,7 @@
100, &(ep->socket),
dtls_context) == 0);
} else {
- mbedtls_mock_socket_init(&(ep->socket));
+ mbedtls_test_mock_socket_init(&(ep->socket));
}
ret = mbedtls_ctr_drbg_seed(&(ep->ctr_drbg), mbedtls_entropy_func,
@@ -744,7 +745,7 @@
mbedtls_test_ssl_endpoint *ep,
mbedtls_test_message_socket_context *context)
{
- mbedtls_endpoint_certificate_free(ep);
+ test_ssl_endpoint_certificate_free(ep);
mbedtls_ssl_free(&(ep->ssl));
mbedtls_ssl_config_free(&(ep->conf));
@@ -820,7 +821,7 @@
/* Used for DTLS and the message size larger than MFL. In that case
* the message can not be fragmented and the library should return
* MBEDTLS_ERR_SSL_BAD_INPUT_DATA error. This error must be returned
- * to prevent a dead loop inside mbedtls_exchange_data(). */
+ * to prevent a dead loop inside mbedtls_test_ssl_exchange_data(). */
return ret;
} else if (expected_fragments == 1) {
/* Used for TLS/DTLS and the message size lower than MFL */
@@ -883,8 +884,12 @@
return -1;
}
-void set_ciphersuite(mbedtls_ssl_config *conf, const char *cipher,
- int *forced_ciphersuite)
+#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) && \
+ defined(MBEDTLS_CERTS_C) && \
+ defined(MBEDTLS_ENTROPY_C) && \
+ defined(MBEDTLS_CTR_DRBG_C)
+static void set_ciphersuite(mbedtls_ssl_config *conf, const char *cipher,
+ int *forced_ciphersuite)
{
const mbedtls_ssl_ciphersuite_t *ciphersuite_info;
forced_ciphersuite[0] = mbedtls_ssl_get_ciphersuite_id(cipher);
@@ -909,9 +914,16 @@
exit:
return;
}
+#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED && MBEDTLS_CERTS_C &&
+ MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C */
-int psk_dummy_callback(void *p_info, mbedtls_ssl_context *ssl,
- const unsigned char *name, size_t name_len)
+#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) && \
+ defined(MBEDTLS_CERTS_C) && \
+ defined(MBEDTLS_ENTROPY_C) && \
+ defined(MBEDTLS_CTR_DRBG_C) && \
+ defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
+static int psk_dummy_callback(void *p_info, mbedtls_ssl_context *ssl,
+ const unsigned char *name, size_t name_len)
{
(void) p_info;
(void) ssl;
@@ -920,12 +932,9 @@
return 0;
}
-
-#if MBEDTLS_SSL_CID_OUT_LEN_MAX > MBEDTLS_SSL_CID_IN_LEN_MAX
-#define SSL_CID_LEN_MIN MBEDTLS_SSL_CID_IN_LEN_MAX
-#else
-#define SSL_CID_LEN_MIN MBEDTLS_SSL_CID_OUT_LEN_MAX
-#endif
+#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED && MBEDTLS_CERTS_C &&
+ MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C &&
+ MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
int mbedtls_test_ssl_build_transforms(mbedtls_ssl_transform *t_in,
mbedtls_ssl_transform *t_out,
@@ -1270,10 +1279,11 @@
return 0;
}
-int mbedtls_exchange_data(mbedtls_ssl_context *ssl_1,
- int msg_len_1, const int expected_fragments_1,
- mbedtls_ssl_context *ssl_2,
- int msg_len_2, const int expected_fragments_2)
+int mbedtls_test_ssl_exchange_data(
+ mbedtls_ssl_context *ssl_1,
+ int msg_len_1, const int expected_fragments_1,
+ mbedtls_ssl_context *ssl_2,
+ int msg_len_2, const int expected_fragments_2)
{
unsigned char *msg_buf_1 = malloc(msg_len_1);
unsigned char *msg_buf_2 = malloc(msg_len_2);
@@ -1379,16 +1389,26 @@
*
* \retval 0 on success, otherwise error code.
*/
-int exchange_data(mbedtls_ssl_context *ssl_1,
- mbedtls_ssl_context *ssl_2)
+#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) && \
+ defined(MBEDTLS_CERTS_C) && \
+ defined(MBEDTLS_ENTROPY_C) && \
+ defined(MBEDTLS_CTR_DRBG_C) && \
+ (defined(MBEDTLS_SSL_RENEGOTIATION) || \
+ defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH))
+static int exchange_data(mbedtls_ssl_context *ssl_1,
+ mbedtls_ssl_context *ssl_2)
{
- return mbedtls_exchange_data(ssl_1, 256, 1,
- ssl_2, 256, 1);
+ return mbedtls_test_ssl_exchange_data(ssl_1, 256, 1,
+ ssl_2, 256, 1);
}
+#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED && MBEDTLS_CERTS_C &&
+ MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C &&
+ (MBEDTLS_SSL_RENEGOTIATION ||
+ MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH) */
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) && \
- defined(MBEDTLS_CERTS_C) && \
- defined(MBEDTLS_ENTROPY_C) && \
+ defined(MBEDTLS_CERTS_C) && \
+ defined(MBEDTLS_ENTROPY_C) && \
defined(MBEDTLS_CTR_DRBG_C)
void mbedtls_test_ssl_perform_handshake(
mbedtls_test_handshake_test_options *options)
@@ -1603,10 +1623,11 @@
if (options->cli_msg_len != 0 || options->srv_msg_len != 0) {
/* Start data exchanging test */
- TEST_ASSERT(mbedtls_exchange_data(&(client.ssl), options->cli_msg_len,
- options->expected_cli_fragments,
- &(server.ssl), options->srv_msg_len,
- options->expected_srv_fragments)
+ TEST_ASSERT(mbedtls_test_ssl_exchange_data(
+ &(client.ssl), options->cli_msg_len,
+ options->expected_cli_fragments,
+ &(server.ssl), options->srv_msg_len,
+ options->expected_srv_fragments)
== 0);
}
#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION)
@@ -1661,12 +1682,10 @@
#endif
/* Retest writing/reading */
if (options->cli_msg_len != 0 || options->srv_msg_len != 0) {
- TEST_ASSERT(mbedtls_exchange_data(
- &(client.ssl),
- options->cli_msg_len,
+ TEST_ASSERT(mbedtls_test_ssl_exchange_data(
+ &(client.ssl), options->cli_msg_len,
options->expected_cli_fragments,
- &(server.ssl),
- options->srv_msg_len,
+ &(server.ssl), options->srv_msg_len,
options->expected_srv_fragments)
== 0);
}
diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function
index 996ba98..0b03beb 100644
--- a/tests/suites/test_suite_ssl.function
+++ b/tests/suites/test_suite_ssl.function
@@ -202,17 +202,17 @@
unsigned char received[MSGLEN] = { 0 };
mbedtls_test_mock_socket socket;
- mbedtls_mock_socket_init(&socket);
+ mbedtls_test_mock_socket_init(&socket);
TEST_ASSERT(mbedtls_test_mock_tcp_send_b(&socket, message, MSGLEN) < 0);
mbedtls_test_mock_socket_close(&socket);
- mbedtls_mock_socket_init(&socket);
+ mbedtls_test_mock_socket_init(&socket);
TEST_ASSERT(mbedtls_test_mock_tcp_recv_b(&socket, received, MSGLEN) < 0);
mbedtls_test_mock_socket_close(&socket);
- mbedtls_mock_socket_init(&socket);
+ mbedtls_test_mock_socket_init(&socket);
TEST_ASSERT(mbedtls_test_mock_tcp_send_nb(&socket, message, MSGLEN) < 0);
mbedtls_test_mock_socket_close(&socket);
- mbedtls_mock_socket_init(&socket);
+ mbedtls_test_mock_socket_init(&socket);
TEST_ASSERT(mbedtls_test_mock_tcp_recv_nb(&socket, received, MSGLEN) < 0);
mbedtls_test_mock_socket_close(&socket);
@@ -250,8 +250,8 @@
recv = mbedtls_test_mock_tcp_recv_b;
}
- mbedtls_mock_socket_init(&client);
- mbedtls_mock_socket_init(&server);
+ mbedtls_test_mock_socket_init(&client);
+ mbedtls_test_mock_socket_init(&server);
/* Fill up the buffer with structured data so that unwanted changes
* can be detected */
@@ -347,8 +347,8 @@
recv = mbedtls_test_mock_tcp_recv_b;
}
- mbedtls_mock_socket_init(&client);
- mbedtls_mock_socket_init(&server);
+ mbedtls_test_mock_socket_init(&client);
+ mbedtls_test_mock_socket_init(&server);
/* Fill up the buffers with structured data so that unwanted changes
* can be detected */