Allow 0 as a valid ret value for mbedtls_ssl_write

[andresag01]

This patch modifies the documentation for mbedtls_ssl_write() to allow
0 as a valid return value as this is the correct number of bytes that
should be returned when an empty TLS Application record is sent.

NOTES:

• This fix is related to incorrect return value in ssl_write_real() #839
• The change needs to be backported to mbed TLS 2.7 and 2.1.

[gilles-peskine-arm]

Ok, but I think we should add some comments inside ssl_tls.c as well. This patch was triggered by a proposed change to ssl_tls.c which we analyzed and rejected; we should document the relevant place in ssl_write_real to explain what's happening.

[gilles-peskine-arm]

Without modifying ssl_tls.c, this doesn't resolve the issue. We've concluded that the code shouldn't be modified, but we should add a comment to explain the current behavior.

[andresag01]

@gilles-peskine-arm: I have added more documentation to ssl_write_real() as requested.

[gilles-peskine-arm]

Documentation-only change, so ok to merge despite the CI failed (and anyway all the CI steps suceeded??)

[andresag01]

@gilles-peskine-arm: Indeed, I am not sure why the overall test reports a failure, but it seems that none of the individual pipeline stages failed.

[hanno-becker]

It should be greater than or here.

[andresag01]

You mean that the sentence should be ... until it returns a value greater then or 0?

[hanno-becker]

until it returns a value greater than or equal to 0

[hanno-becker]

Thanks for this additional documentation 👍

Nitpicking: There are full stops missing at the end of this and the previous documentation snippet.

[andresag01]

I think I will leave it as it is. I think the reason for this is that the doxygen documentation should be well punctuated, etc because it will ultimately end up as a formal documentation website. However, these are only in code comments, if you look at the other comments like this, you will see that (1) the style is fairly inconsistent across the library and (2) a lot of them don't have a full stop at the end either.

[hanno-becker]

Please correct it in case you add an additional commit for the other documentation fix - it's not a big thing and where we see such things we should correct them on the fly.

[hanno-becker]

I noticed we currently don't support request_size=0 in ssl_client2. I think it should be added at this occasion, together with a corresponding test in tests/ssl-opt.sh.

[hanno-becker]

@andresag01 While I would prefer the test changes to be done in this PR, I might open a separate PR for them to not block progress here. @gilles-peskine-arm What's your opinion on that?

[hanno-becker]

Left some comments on grammar in the documentation, but otherwise I'm fine with the changes. I've also read the code and ran a test to confirm that it is possible to send empty AD records.

Leaving it to @gilles-peskine-arm whether or not to correct the documentation, they are not blockers.

I think we should add tests for empty AD records, which would involve a small adaption to ssl_client2.c. I could do that here if desired, or defer it to a separate PR.

[hanno-becker]

I ran some more tests and noticed unexpected behavior in some cases that I need to investigate. Please don't merge, yet.

[gilles-peskine-arm]

Sending and receiving 0-sized application records is not well-tested, but documenting it well gives the impression that it's well-supported. Therefore, I'm holding off merging this for the time being.

Tracked internally in IOTSSL-1255

[simonbutcher]

LGTM.

[simonbutcher]

@andresag01 - Could you please rebase this PR and create backports?

[andresag01]

@sbutcher-arm: I have rebased the PR and created the backports:

• 2.7: Backport 2.7: Allow 0 as a valid ret value for mbedtls_ssl_write #1768
• 2.1: Backport 2.1: Allow 0 as a valid ret value for mbedtls_ssl_write #1769