Added buffer_size and response_size options for ssl-server2.
Added appropriate tests.
This commit is contained in:
Andrzej Kurek
Andrzej Kurek
parent
8266acacc8
commit
30e731decd
2 changed files with 220 additions and 37 deletions
programs/ssl
|
|
@ -99,6 +99,7 @@ int main( void )
|
|||
|
||||
#define DFL_SERVER_ADDR NULL
|
||||
#define DFL_SERVER_PORT "4433"
|
||||
#define DFL_RESPONSE_SIZE -1
|
||||
#define DFL_DEBUG_LEVEL 0
|
||||
#define DFL_NBIO 0
|
||||
#define DFL_EVENT 0
|
||||
|
|
@ -171,7 +172,7 @@ int main( void )
|
|||
* You will need to adapt the mbedtls_ssl_get_bytes_avail() test in ssl-opt.sh
|
||||
* if you change this value to something outside the range <= 100 or > 500
|
||||
*/
|
||||
#define IO_BUF_LEN 200
|
||||
#define DFL_IO_BUF_LEN 200
|
||||
|
||||
#if defined(MBEDTLS_X509_CRT_PARSE_C)
|
||||
#if defined(MBEDTLS_FS_IO)
|
||||
|
|
@ -346,6 +347,11 @@ int main( void )
|
|||
" server_addr=%%s default: (all interfaces)\n" \
|
||||
" server_port=%%d default: 4433\n" \
|
||||
" debug_level=%%d default: 0 (disabled)\n" \
|
||||
" buffer_size=%%d default: 200 \n" \
|
||||
" (minimum: 1, max: 16385)\n" \
|
||||
" response_size=%%d default: about 152 (basic response)\n" \
|
||||
" (minimum: 0, max: 16384)\n" \
|
||||
" increases buffer_size if bigger\n"\
|
||||
" nbio=%%d default: 0 (blocking I/O)\n" \
|
||||
" options: 1 (non-blocking), 2 (added delays)\n" \
|
||||
" event=%%d default: 0 (loop)\n" \
|
||||
|
|
@ -421,6 +427,8 @@ struct options
|
|||
int nbio; /* should I/O be blocking? */
|
||||
int event; /* loop or event-driven IO? level or edge triggered? */
|
||||
uint32_t read_timeout; /* timeout on mbedtls_ssl_read() in milliseconds */
|
||||
int response_size; /* pad response with header to requested size */
|
||||
uint16_t buffer_size; /* IO buffer size */
|
||||
const char *ca_file; /* the file with the CA certificate(s) */
|
||||
const char *ca_path; /* the path with the CA certificate(s) reside */
|
||||
const char *crt_file; /* the file with the server certificate */
|
||||
|
|
@ -1154,7 +1162,7 @@ int main( int argc, char *argv[] )
|
|||
{
|
||||
int ret = 0, len, written, frags, exchanges_left;
|
||||
int version_suites[4][2];
|
||||
unsigned char buf[IO_BUF_LEN];
|
||||
unsigned char* buf = 0;
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
|
||||
unsigned char psk[MBEDTLS_PSK_MAX_LEN];
|
||||
size_t psk_len = 0;
|
||||
|
|
@ -1285,10 +1293,12 @@ int main( int argc, char *argv[] )
|
|||
goto exit;
|
||||
}
|
||||
|
||||
opt.buffer_size = DFL_IO_BUF_LEN;
|
||||
opt.server_addr = DFL_SERVER_ADDR;
|
||||
opt.server_port = DFL_SERVER_PORT;
|
||||
opt.debug_level = DFL_DEBUG_LEVEL;
|
||||
opt.event = DFL_EVENT;
|
||||
opt.response_size = DFL_RESPONSE_SIZE;
|
||||
opt.nbio = DFL_NBIO;
|
||||
opt.read_timeout = DFL_READ_TIMEOUT;
|
||||
opt.ca_file = DFL_CA_FILE;
|
||||
|
|
@ -1379,6 +1389,20 @@ int main( int argc, char *argv[] )
|
|||
}
|
||||
else if( strcmp( p, "read_timeout" ) == 0 )
|
||||
opt.read_timeout = atoi( q );
|
||||
else if( strcmp( p, "buffer_size" ) == 0 )
|
||||
{
|
||||
opt.buffer_size = atoi( q );
|
||||
if( opt.buffer_size < 1 || opt.buffer_size > MBEDTLS_SSL_MAX_CONTENT_LEN + 1 )
|
||||
goto usage;
|
||||
}
|
||||
else if( strcmp( p, "response_size" ) == 0 )
|
||||
{
|
||||
opt.response_size = atoi( q );
|
||||
if( opt.response_size < 0 || opt.response_size > MBEDTLS_SSL_MAX_CONTENT_LEN )
|
||||
goto usage;
|
||||
if( opt.buffer_size < opt.response_size )
|
||||
opt.buffer_size = opt.response_size;
|
||||
}
|
||||
else if( strcmp( p, "ca_file" ) == 0 )
|
||||
opt.ca_file = q;
|
||||
else if( strcmp( p, "ca_path" ) == 0 )
|
||||
|
|
@ -1700,7 +1724,14 @@ int main( int argc, char *argv[] )
|
|||
#if defined(MBEDTLS_DEBUG_C)
|
||||
mbedtls_debug_set_threshold( opt.debug_level );
|
||||
#endif
|
||||
|
||||
buf = malloc( opt.buffer_size );
|
||||
if( buf == NULL )
|
||||
{
|
||||
mbedtls_printf("Could not allocate %u bytes\n", opt.buffer_size);
|
||||
ret = 3;
|
||||
goto exit;
|
||||
}
|
||||
|
||||
if( opt.force_ciphersuite[0] > 0 )
|
||||
{
|
||||
const mbedtls_ssl_ciphersuite_t *ciphersuite_info;
|
||||
|
|
@ -2708,8 +2739,8 @@ data_exchange:
|
|||
do
|
||||
{
|
||||
int terminated = 0;
|
||||
len = sizeof( buf ) - 1;
|
||||
memset( buf, 0, sizeof( buf ) );
|
||||
len = opt.buffer_size - 1;
|
||||
memset( buf, 0, opt.buffer_size );
|
||||
ret = mbedtls_ssl_read( &ssl, buf, len );
|
||||
|
||||
if( mbedtls_status_is_ssl_in_progress( ret ) )
|
||||
|
|
@ -2809,8 +2840,8 @@ data_exchange:
|
|||
}
|
||||
else /* Not stream, so datagram */
|
||||
{
|
||||
len = sizeof( buf ) - 1;
|
||||
memset( buf, 0, sizeof( buf ) );
|
||||
len = opt.buffer_size - 1;
|
||||
memset( buf, 0, opt.buffer_size );
|
||||
|
||||
do
|
||||
{
|
||||
|
|
@ -2908,6 +2939,25 @@ data_exchange:
|
|||
len = sprintf( (char *) buf, HTTP_RESPONSE,
|
||||
mbedtls_ssl_get_ciphersuite( &ssl ) );
|
||||
|
||||
/* Add padding to the response to reach opt.response_size in length */
|
||||
if( opt.response_size != DFL_RESPONSE_SIZE &&
|
||||
len < opt.response_size )
|
||||
{
|
||||
memset( buf + len, 'B', opt.response_size - len );
|
||||
len += opt.response_size - len;
|
||||
}
|
||||
|
||||
/* Truncate if response size is smaller than the "natural" size */
|
||||
if( opt.response_size != DFL_RESPONSE_SIZE &&
|
||||
len > opt.response_size )
|
||||
{
|
||||
len = opt.response_size;
|
||||
|
||||
/* Still end with \r\n unless that's really not possible */
|
||||
if( len >= 2 ) buf[len - 2] = '\r';
|
||||
if( len >= 1 ) buf[len - 1] = '\n';
|
||||
}
|
||||
|
||||
if( opt.transport == MBEDTLS_SSL_TRANSPORT_STREAM )
|
||||
{
|
||||
for( written = 0, frags = 0; written < len; written += ret, frags++ )
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue