Merge pull request #5582 from gilles-peskine-arm/ssl-opt-auto-psk

Run ssl-opt.sh in more reduced configurations
2022-04-21 12:03:53 +02:00 · 2022-04-21 12:03:53 +02:00 · afbfed9397
commit afbfed9397
parent 771e42a270 5bd0b51048
9 changed files with 452 additions and 157 deletions
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c
@ -169,9 +169,6 @@ int main( void )

 /*
 * Size of the basic I/O buffer. Able to hold our default response.
- *
- * You will need to adapt the mbedtls_ssl_get_bytes_avail() test in ssl-opt.sh
- * if you change this value to something outside the range <= 100 or > 500
 */
 #define DFL_IO_BUF_LEN      200

@ -2113,10 +2110,26 @@ int main( int argc, char *argv[] )
 #if defined(MBEDTLS_DEBUG_C)
    mbedtls_debug_set_threshold( opt.debug_level );
 #endif
-    buf = mbedtls_calloc( 1, opt.buffer_size + 1 );
+
+    /* buf will alternatively contain the input read from the client and the
+     * response that's about to be sent, plus a null byte in each case. */
+    size_t buf_content_size = opt.buffer_size;
+    /* The default response contains the ciphersuite name. Leave enough
+     * room for that plus some margin. */
+    if( buf_content_size < strlen( HTTP_RESPONSE ) + 80 )
+    {
+        buf_content_size = strlen( HTTP_RESPONSE ) + 80;
+    }
+    if( opt.response_size != DFL_RESPONSE_SIZE &&
+        buf_content_size < (size_t) opt.response_size )
+    {
+        buf_content_size = opt.response_size;
+    }
+    buf = mbedtls_calloc( 1, buf_content_size + 1 );
    if( buf == NULL )
    {
-        mbedtls_printf( "Could not allocate %u bytes\n", opt.buffer_size );
+        mbedtls_printf( "Could not allocate %lu bytes\n",
+                        (unsigned long) buf_content_size + 1 );
        ret = 3;
        goto exit;
    }
@ -3550,7 +3563,7 @@ data_exchange:
        do
        {
            int terminated = 0;
-            len = opt.buffer_size - 1;
+            len = opt.buffer_size;
            memset( buf, 0, opt.buffer_size );
            ret = mbedtls_ssl_read( &ssl, buf, len );

@ -3651,7 +3664,7 @@ data_exchange:
    }
    else /* Not stream, so datagram */
    {
-        len = opt.buffer_size - 1;
+        len = opt.buffer_size;
        memset( buf, 0, opt.buffer_size );

        do
@ -3753,6 +3766,8 @@ data_exchange:
    mbedtls_printf( "  > Write to client:" );
    fflush( stdout );

+    /* If the format of the response changes, make sure there is enough
+     * room in buf (buf_content_size calculation above). */
    len = sprintf( (char *) buf, HTTP_RESPONSE,
                   mbedtls_ssl_get_ciphersuite( &ssl ) );