Split the maximum fragment length into two - an input and output MFL
Since the server might want to have a different maximum fragment length for the outgoing messages than the negotiated one - introduce a new way of computing it. This commit also adds additional ssl-opt.sh tests ensuring that the maximum fragment lengths are set as expected. mbedtls_ssl_get_max_frag_len() is now a deprecated function, being an alias to mbedtls_ssl_get_output_max_frag_len(). The behaviour of this function is the same as before. Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
This commit is contained in:
Andrzej Kurek
parent
d4a720f541
commit
90c6e84a9c
8 changed files with 328 additions and 40 deletions
tests
231
tests/ssl-opt.sh
231
tests/ssl-opt.sh
|
|
@ -2925,8 +2925,10 @@ run_test "Max fragment length: enabled, default" \
|
|||
"$P_SRV debug_level=3" \
|
||||
"$P_CLI debug_level=3" \
|
||||
0 \
|
||||
-c "Maximum fragment length is $MAX_CONTENT_LEN" \
|
||||
-s "Maximum fragment length is $MAX_CONTENT_LEN" \
|
||||
-c "Maximum input fragment length is $MAX_CONTENT_LEN" \
|
||||
-c "Maximum output fragment length is $MAX_CONTENT_LEN" \
|
||||
-s "Maximum input fragment length is $MAX_CONTENT_LEN" \
|
||||
-s "Maximum output fragment length is $MAX_CONTENT_LEN" \
|
||||
-C "client hello, adding max_fragment_length extension" \
|
||||
-S "found max fragment length extension" \
|
||||
-S "server hello, max_fragment_length extension" \
|
||||
|
|
@ -2937,8 +2939,10 @@ run_test "Max fragment length: enabled, default, larger message" \
|
|||
"$P_SRV debug_level=3" \
|
||||
"$P_CLI debug_level=3 request_size=$(( $MAX_CONTENT_LEN + 1))" \
|
||||
0 \
|
||||
-c "Maximum fragment length is $MAX_CONTENT_LEN" \
|
||||
-s "Maximum fragment length is $MAX_CONTENT_LEN" \
|
||||
-c "Maximum input fragment length is $MAX_CONTENT_LEN" \
|
||||
-c "Maximum output fragment length is $MAX_CONTENT_LEN" \
|
||||
-s "Maximum input fragment length is $MAX_CONTENT_LEN" \
|
||||
-s "Maximum output fragment length is $MAX_CONTENT_LEN" \
|
||||
-C "client hello, adding max_fragment_length extension" \
|
||||
-S "found max fragment length extension" \
|
||||
-S "server hello, max_fragment_length extension" \
|
||||
|
|
@ -2952,8 +2956,10 @@ run_test "Max fragment length, DTLS: enabled, default, larger message" \
|
|||
"$P_SRV debug_level=3 dtls=1" \
|
||||
"$P_CLI debug_level=3 dtls=1 request_size=$(( $MAX_CONTENT_LEN + 1))" \
|
||||
1 \
|
||||
-c "Maximum fragment length is $MAX_CONTENT_LEN" \
|
||||
-s "Maximum fragment length is $MAX_CONTENT_LEN" \
|
||||
-c "Maximum input fragment length is $MAX_CONTENT_LEN" \
|
||||
-c "Maximum output fragment length is $MAX_CONTENT_LEN" \
|
||||
-s "Maximum input fragment length is $MAX_CONTENT_LEN" \
|
||||
-s "Maximum output fragment length is $MAX_CONTENT_LEN" \
|
||||
-C "client hello, adding max_fragment_length extension" \
|
||||
-S "found max fragment length extension" \
|
||||
-S "server hello, max_fragment_length extension" \
|
||||
|
|
@ -2969,8 +2975,10 @@ run_test "Max fragment length: disabled, larger message" \
|
|||
"$P_SRV debug_level=3" \
|
||||
"$P_CLI debug_level=3 request_size=$(( $MAX_CONTENT_LEN + 1))" \
|
||||
0 \
|
||||
-C "Maximum fragment length is 16384" \
|
||||
-S "Maximum fragment length is 16384" \
|
||||
-C "Maximum input fragment length is 16384" \
|
||||
-C "Maximum output fragment length is 16384" \
|
||||
-S "Maximum input fragment length is 16384" \
|
||||
-S "Maximum output fragment length is 16384" \
|
||||
-c "$(( $MAX_CONTENT_LEN + 1)) bytes written in 2 fragments" \
|
||||
-s "$MAX_CONTENT_LEN bytes read" \
|
||||
-s "1 bytes read"
|
||||
|
|
@ -2980,8 +2988,10 @@ run_test "Max fragment length DTLS: disabled, larger message" \
|
|||
"$P_SRV debug_level=3 dtls=1" \
|
||||
"$P_CLI debug_level=3 dtls=1 request_size=$(( $MAX_CONTENT_LEN + 1))" \
|
||||
1 \
|
||||
-C "Maximum fragment length is 16384" \
|
||||
-S "Maximum fragment length is 16384" \
|
||||
-C "Maximum input fragment length is 16384" \
|
||||
-C "Maximum output fragment length is 16384" \
|
||||
-S "Maximum input fragment length is 16384" \
|
||||
-S "Maximum output fragment length is 16384" \
|
||||
-c "fragment larger than.*maximum "
|
||||
|
||||
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
|
||||
|
|
@ -2989,8 +2999,178 @@ run_test "Max fragment length: used by client" \
|
|||
"$P_SRV debug_level=3" \
|
||||
"$P_CLI debug_level=3 max_frag_len=4096" \
|
||||
0 \
|
||||
-c "Maximum fragment length is 4096" \
|
||||
-s "Maximum fragment length is 4096" \
|
||||
-c "Maximum input fragment length is 4096" \
|
||||
-c "Maximum output fragment length is 4096" \
|
||||
-s "Maximum input fragment length is 4096" \
|
||||
-s "Maximum output fragment length is 4096" \
|
||||
-c "client hello, adding max_fragment_length extension" \
|
||||
-s "found max fragment length extension" \
|
||||
-s "server hello, max_fragment_length extension" \
|
||||
-c "found max_fragment_length extension"
|
||||
|
||||
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
|
||||
run_test "Max fragment length: client 512, server 1024" \
|
||||
"$P_SRV debug_level=3 max_frag_len=1024" \
|
||||
"$P_CLI debug_level=3 max_frag_len=512" \
|
||||
0 \
|
||||
-c "Maximum input fragment length is 512" \
|
||||
-c "Maximum output fragment length is 512" \
|
||||
-s "Maximum input fragment length is 512" \
|
||||
-s "Maximum output fragment length is 512" \
|
||||
-c "client hello, adding max_fragment_length extension" \
|
||||
-s "found max fragment length extension" \
|
||||
-s "server hello, max_fragment_length extension" \
|
||||
-c "found max_fragment_length extension"
|
||||
|
||||
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
|
||||
run_test "Max fragment length: client 512, server 2048" \
|
||||
"$P_SRV debug_level=3 max_frag_len=2048" \
|
||||
"$P_CLI debug_level=3 max_frag_len=512" \
|
||||
0 \
|
||||
-c "Maximum input fragment length is 512" \
|
||||
-c "Maximum output fragment length is 512" \
|
||||
-s "Maximum input fragment length is 512" \
|
||||
-s "Maximum output fragment length is 512" \
|
||||
-c "client hello, adding max_fragment_length extension" \
|
||||
-s "found max fragment length extension" \
|
||||
-s "server hello, max_fragment_length extension" \
|
||||
-c "found max_fragment_length extension"
|
||||
|
||||
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
|
||||
run_test "Max fragment length: client 512, server 4096" \
|
||||
"$P_SRV debug_level=3 max_frag_len=4096" \
|
||||
"$P_CLI debug_level=3 max_frag_len=512" \
|
||||
0 \
|
||||
-c "Maximum input fragment length is 512" \
|
||||
-c "Maximum output fragment length is 512" \
|
||||
-s "Maximum input fragment length is 512" \
|
||||
-s "Maximum output fragment length is 512" \
|
||||
-c "client hello, adding max_fragment_length extension" \
|
||||
-s "found max fragment length extension" \
|
||||
-s "server hello, max_fragment_length extension" \
|
||||
-c "found max_fragment_length extension"
|
||||
|
||||
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
|
||||
run_test "Max fragment length: client 1024, server 512" \
|
||||
"$P_SRV debug_level=3 max_frag_len=512" \
|
||||
"$P_CLI debug_level=3 max_frag_len=1024" \
|
||||
0 \
|
||||
-c "Maximum input fragment length is 1024" \
|
||||
-c "Maximum output fragment length is 1024" \
|
||||
-s "Maximum input fragment length is 1024" \
|
||||
-s "Maximum output fragment length is 512" \
|
||||
-c "client hello, adding max_fragment_length extension" \
|
||||
-s "found max fragment length extension" \
|
||||
-s "server hello, max_fragment_length extension" \
|
||||
-c "found max_fragment_length extension"
|
||||
|
||||
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
|
||||
run_test "Max fragment length: client 1024, server 2048" \
|
||||
"$P_SRV debug_level=3 max_frag_len=2048" \
|
||||
"$P_CLI debug_level=3 max_frag_len=1024" \
|
||||
0 \
|
||||
-c "Maximum input fragment length is 1024" \
|
||||
-c "Maximum output fragment length is 1024" \
|
||||
-s "Maximum input fragment length is 1024" \
|
||||
-s "Maximum output fragment length is 1024" \
|
||||
-c "client hello, adding max_fragment_length extension" \
|
||||
-s "found max fragment length extension" \
|
||||
-s "server hello, max_fragment_length extension" \
|
||||
-c "found max_fragment_length extension"
|
||||
|
||||
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
|
||||
run_test "Max fragment length: client 1024, server 4096" \
|
||||
"$P_SRV debug_level=3 max_frag_len=4096" \
|
||||
"$P_CLI debug_level=3 max_frag_len=1024" \
|
||||
0 \
|
||||
-c "Maximum input fragment length is 1024" \
|
||||
-c "Maximum output fragment length is 1024" \
|
||||
-s "Maximum input fragment length is 1024" \
|
||||
-s "Maximum output fragment length is 1024" \
|
||||
-c "client hello, adding max_fragment_length extension" \
|
||||
-s "found max fragment length extension" \
|
||||
-s "server hello, max_fragment_length extension" \
|
||||
-c "found max_fragment_length extension"
|
||||
|
||||
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
|
||||
run_test "Max fragment length: client 2048, server 512" \
|
||||
"$P_SRV debug_level=3 max_frag_len=512" \
|
||||
"$P_CLI debug_level=3 max_frag_len=2048" \
|
||||
0 \
|
||||
-c "Maximum input fragment length is 2048" \
|
||||
-c "Maximum output fragment length is 2048" \
|
||||
-s "Maximum input fragment length is 2048" \
|
||||
-s "Maximum output fragment length is 512" \
|
||||
-c "client hello, adding max_fragment_length extension" \
|
||||
-s "found max fragment length extension" \
|
||||
-s "server hello, max_fragment_length extension" \
|
||||
-c "found max_fragment_length extension"
|
||||
|
||||
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
|
||||
run_test "Max fragment length: client 2048, server 1024" \
|
||||
"$P_SRV debug_level=3 max_frag_len=1024" \
|
||||
"$P_CLI debug_level=3 max_frag_len=2048" \
|
||||
0 \
|
||||
-c "Maximum input fragment length is 2048" \
|
||||
-c "Maximum output fragment length is 2048" \
|
||||
-s "Maximum input fragment length is 2048" \
|
||||
-s "Maximum output fragment length is 1024" \
|
||||
-c "client hello, adding max_fragment_length extension" \
|
||||
-s "found max fragment length extension" \
|
||||
-s "server hello, max_fragment_length extension" \
|
||||
-c "found max_fragment_length extension"
|
||||
|
||||
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
|
||||
run_test "Max fragment length: client 2048, server 4096" \
|
||||
"$P_SRV debug_level=3 max_frag_len=4096" \
|
||||
"$P_CLI debug_level=3 max_frag_len=2048" \
|
||||
0 \
|
||||
-c "Maximum input fragment length is 2048" \
|
||||
-c "Maximum output fragment length is 2048" \
|
||||
-s "Maximum input fragment length is 2048" \
|
||||
-s "Maximum output fragment length is 2048" \
|
||||
-c "client hello, adding max_fragment_length extension" \
|
||||
-s "found max fragment length extension" \
|
||||
-s "server hello, max_fragment_length extension" \
|
||||
-c "found max_fragment_length extension"
|
||||
|
||||
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
|
||||
run_test "Max fragment length: client 4096, server 512" \
|
||||
"$P_SRV debug_level=3 max_frag_len=512" \
|
||||
"$P_CLI debug_level=3 max_frag_len=4096" \
|
||||
0 \
|
||||
-c "Maximum input fragment length is 4096" \
|
||||
-c "Maximum output fragment length is 4096" \
|
||||
-s "Maximum input fragment length is 4096" \
|
||||
-s "Maximum output fragment length is 512" \
|
||||
-c "client hello, adding max_fragment_length extension" \
|
||||
-s "found max fragment length extension" \
|
||||
-s "server hello, max_fragment_length extension" \
|
||||
-c "found max_fragment_length extension"
|
||||
|
||||
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
|
||||
run_test "Max fragment length: client 4096, server 1024" \
|
||||
"$P_SRV debug_level=3 max_frag_len=1024" \
|
||||
"$P_CLI debug_level=3 max_frag_len=4096" \
|
||||
0 \
|
||||
-c "Maximum input fragment length is 4096" \
|
||||
-c "Maximum output fragment length is 4096" \
|
||||
-s "Maximum input fragment length is 4096" \
|
||||
-s "Maximum output fragment length is 1024" \
|
||||
-c "client hello, adding max_fragment_length extension" \
|
||||
-s "found max fragment length extension" \
|
||||
-s "server hello, max_fragment_length extension" \
|
||||
-c "found max_fragment_length extension"
|
||||
|
||||
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
|
||||
run_test "Max fragment length: client 4096, server 2048" \
|
||||
"$P_SRV debug_level=3 max_frag_len=2048" \
|
||||
"$P_CLI debug_level=3 max_frag_len=4096" \
|
||||
0 \
|
||||
-c "Maximum input fragment length is 4096" \
|
||||
-c "Maximum output fragment length is 4096" \
|
||||
-s "Maximum input fragment length is 4096" \
|
||||
-s "Maximum output fragment length is 2048" \
|
||||
-c "client hello, adding max_fragment_length extension" \
|
||||
-s "found max fragment length extension" \
|
||||
-s "server hello, max_fragment_length extension" \
|
||||
|
|
@ -3001,8 +3181,10 @@ run_test "Max fragment length: used by server" \
|
|||
"$P_SRV debug_level=3 max_frag_len=4096" \
|
||||
"$P_CLI debug_level=3" \
|
||||
0 \
|
||||
-c "Maximum fragment length is $MAX_CONTENT_LEN" \
|
||||
-s "Maximum fragment length is 4096" \
|
||||
-c "Maximum input fragment length is $MAX_CONTENT_LEN" \
|
||||
-c "Maximum output fragment length is $MAX_CONTENT_LEN" \
|
||||
-s "Maximum input fragment length is $MAX_CONTENT_LEN" \
|
||||
-s "Maximum output fragment length is 4096" \
|
||||
-C "client hello, adding max_fragment_length extension" \
|
||||
-S "found max fragment length extension" \
|
||||
-S "server hello, max_fragment_length extension" \
|
||||
|
|
@ -3014,7 +3196,8 @@ run_test "Max fragment length: gnutls server" \
|
|||
"$G_SRV" \
|
||||
"$P_CLI debug_level=3 max_frag_len=4096" \
|
||||
0 \
|
||||
-c "Maximum fragment length is 4096" \
|
||||
-c "Maximum input fragment length is 4096" \
|
||||
-c "Maximum output fragment length is 4096" \
|
||||
-c "client hello, adding max_fragment_length extension" \
|
||||
-c "found max_fragment_length extension"
|
||||
|
||||
|
|
@ -3023,8 +3206,10 @@ run_test "Max fragment length: client, message just fits" \
|
|||
"$P_SRV debug_level=3" \
|
||||
"$P_CLI debug_level=3 max_frag_len=2048 request_size=2048" \
|
||||
0 \
|
||||
-c "Maximum fragment length is 2048" \
|
||||
-s "Maximum fragment length is 2048" \
|
||||
-c "Maximum input fragment length is 2048" \
|
||||
-c "Maximum output fragment length is 2048" \
|
||||
-s "Maximum input fragment length is 2048" \
|
||||
-s "Maximum output fragment length is 2048" \
|
||||
-c "client hello, adding max_fragment_length extension" \
|
||||
-s "found max fragment length extension" \
|
||||
-s "server hello, max_fragment_length extension" \
|
||||
|
|
@ -3037,8 +3222,10 @@ run_test "Max fragment length: client, larger message" \
|
|||
"$P_SRV debug_level=3" \
|
||||
"$P_CLI debug_level=3 max_frag_len=2048 request_size=2345" \
|
||||
0 \
|
||||
-c "Maximum fragment length is 2048" \
|
||||
-s "Maximum fragment length is 2048" \
|
||||
-c "Maximum input fragment length is 2048" \
|
||||
-c "Maximum output fragment length is 2048" \
|
||||
-s "Maximum input fragment length is 2048" \
|
||||
-s "Maximum output fragment length is 2048" \
|
||||
-c "client hello, adding max_fragment_length extension" \
|
||||
-s "found max fragment length extension" \
|
||||
-s "server hello, max_fragment_length extension" \
|
||||
|
|
@ -3052,8 +3239,10 @@ run_test "Max fragment length: DTLS client, larger message" \
|
|||
"$P_SRV debug_level=3 dtls=1" \
|
||||
"$P_CLI debug_level=3 dtls=1 max_frag_len=2048 request_size=2345" \
|
||||
1 \
|
||||
-c "Maximum fragment length is 2048" \
|
||||
-s "Maximum fragment length is 2048" \
|
||||
-c "Maximum input fragment length is 2048" \
|
||||
-c "Maximum output fragment length is 2048" \
|
||||
-s "Maximum input fragment length is 2048" \
|
||||
-s "Maximum output fragment length is 2048" \
|
||||
-c "client hello, adding max_fragment_length extension" \
|
||||
-s "found max fragment length extension" \
|
||||
-s "server hello, max_fragment_length extension" \
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue