Documentation fixes according to review

Improve grammar and replace the word 'fresh' with an explanation what is going to be verified.
2024-10-19 02:21:27 +00:00 · 2019-08-14 10:39:32 +03:00 · 2019-08-14 10:39:32 +03:00 · 31c3b14e37
parent 1f3fe87da3
commit 31c3b14e37
2 changed files with 14 additions and 11 deletions
--- a/include/mbedtls/config.h
+++ b/include/mbedtls/config.h
@ -1353,9 +1353,10 @@
 /**
 * \def MBEDTLS_SSL_RECORD_CHECKING
 *
- * Enable the API mbedtls_ssl_check_record() which allows to check the
- * validity, freshness and authenticity of an incoming record without
- * modifying the externally visible state of the SSL context.
+ * Enable the function mbedtls_ssl_check_record() which can be used to check
+ * the validity and authenticity of an incoming record, to verify that it has
+ * not been seen before. These checks are performed without modifying the
+ * externally visible state of the SSL context.
 *
 * See mbedtls_ssl_check_record() for more information.
 *
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@ -1758,8 +1758,8 @@ void mbedtls_ssl_conf_read_timeout( mbedtls_ssl_config *conf, uint32_t timeout )

 #if defined(MBEDTLS_SSL_RECORD_CHECKING)
 /**
- * \brief          Check whether a buffer contains a valid, fresh
- *                 and authentic record (DTLS only).
+ * \brief          Check whether a buffer contains a valid and authentic record
+ *                 that has not been seen before. (DTLS only).
 *
 *                 This function does not change the user-visible state
 *                 of the SSL context. Its sole purpose is to provide
@ -1774,19 +1774,21 @@ void mbedtls_ssl_conf_read_timeout( mbedtls_ssl_config *conf, uint32_t timeout )
 *
 * \param ssl      The SSL context to use.
 * \param buf      The address of the buffer holding the record to be checked.
- *                 This must be an R/W buffer of length \p buflen Bytes.
+ *                 This must be a read/write buffer of length \p buflen Bytes.
 * \param buflen   The length of \p buf in Bytes.
 *
 * \note           This routine only checks whether the provided buffer begins
- *                 with a valid, fresh and authentic record, but does not check
- *                 potential data following the initial record. In particular,
- *                 it is possible to pass DTLS datagrams containing multiple
- *                 records, in which case only the first record is checked.
+ *                 with a valid and authentic record that has not been seen
+ *                 before, but does not check potential data following the
+ *                 initial record. In particular, it is possible to pass DTLS
+ *                 datagrams containing multiple records, in which case only
+ *                 the first record is checked.
 *
 * \note           This function modifies the input buffer \p buf. If you need
 *                 to preserve the original record, you have to maintain a copy.
 *
- * \return         \c 0 if the record is valid, fresh and authentic.
+ * \return         \c 0 if the record is valid and authentic and has not been
+ *                 seen before.
 * \return         MBEDTLS_ERR_SSL_INVALID_MAC if the check completed
 *                 successfully but the record was found to be not authentic.
 * \return         MBEDTLS_ERR_SSL_INVALID_RECORD if the check completed