tests: ssl: Improve test code for very small max_early_data_size
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function
index c381860..7ba5670 100644
--- a/tests/suites/test_suite_ssl.function
+++ b/tests/suites/test_suite_ssl.function
@@ -4675,12 +4675,27 @@
case TEST_EARLY_DATA_HRR:
ret = mbedtls_ssl_handshake(&(server_ep.ssl));
/*
- * Can be the case if max_early_data_size is smaller then the
- * smallest inner content or protected record.
+ * In this write loop we try to always stay below the
+ * max_early_data_size limit but if max_early_data_size is very
+ * small we may exceed the max_early_data_size limit on the
+ * first write. In TEST_EARLY_DATA_SERVER_REJECTS/
+ * TEST_EARLY_DATA_HRR scenario, this is for sure the case if
+ * max_early_data_size is smaller than the smallest possible
+ * inner content/protected record. Take into account this
+ * possibility here but only for max_early_data_size values
+ * that are close to write_size. Below, chosen 1 for one byte
+ * of inner type and 16 bytes for AEAD expansion (IV, ...).
*/
if (ret == MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE) {
- /* Beyond 64 for max_early_data_size it is suspicious */
- TEST_ASSERT(max_early_data_size < 64);
+ if (scenario == TEST_EARLY_DATA_SERVER_REJECTS) {
+ TEST_LE_U(max_early_data_size,
+ write_size + 1 +
+ MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY);
+ } else {
+ TEST_LE_U(max_early_data_size,
+ write_size + 1 + 16 +
+ MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY);
+ }
goto exit;
}