From 0c017a55e0fb50e9ed4c77ff512ce8bc0bcebb29 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= <mpg@elzevir.fr>
Date: Thu, 18 Jul 2013 14:07:36 +0200
Subject: [PATCH] Add max_frag_len option in ssl_server2

Also reformat code and output more information in ssl_client2
---
 programs/ssl/ssl_client2.c | 17 ++++++++++++-----
 programs/ssl/ssl_server2.c | 37 ++++++++++++++++++++++++++++++-------
 2 files changed, 42 insertions(+), 12 deletions(-)

diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c
index 0a7048120..0c770f6d9 100644
--- a/programs/ssl/ssl_client2.c
+++ b/programs/ssl/ssl_client2.c
@@ -59,8 +59,15 @@
 #define DFL_AUTH_MODE           SSL_VERIFY_OPTIONAL
 #define DFL_MFL_CODE            SSL_MAX_FRAG_LEN_NONE
 
-/* Uncomment to test sending long paquets */
-#define LONG_HEADER // "User-agent: blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-END\r\n"
+/* Uncomment to test sending longer paquets (for fragmentation purposes) */
+#define LONG_HEADER // "User-agent: blah-blah-blah-blah-blah-blah-blah-"     \
+    "-01--blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-" \
+    "-02--blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-" \
+    "-03--blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-" \
+    "-04--blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-" \
+    "-05--blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-" \
+    "-06--blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-" \
+    "-07--blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-END\r\n"
 
 #define GET_REQUEST "GET %s HTTP/1.0\r\n" LONG_HEADER "\r\n"
 
@@ -204,7 +211,7 @@ int main( int argc, char *argv[] )
 #else
 int main( int argc, char *argv[] )
 {
-    int ret = 0, len, server_fd, i, written;
+    int ret = 0, len, server_fd, i, written, frags;
     unsigned char buf[1024];
 #if defined(POLARSSL_KEY_EXCHANGE_PSK_ENABLED)
     unsigned char psk[256];
@@ -705,7 +712,7 @@ int main( int argc, char *argv[] )
 
     len = sprintf( (char *) buf, GET_REQUEST, opt.request_page );
 
-    for( written = 0; written < len; written += ret )
+    for( written = 0, frags = 0; written < len; written += ret, frags++ )
     {
         while( ( ret = ssl_write( &ssl, buf + written, len - written ) ) <= 0 )
         {
@@ -718,7 +725,7 @@ int main( int argc, char *argv[] )
     }
 
     buf[written] = '\0';
-    printf( " %d bytes written\n\n%s\n", written, (char *) buf );
+    printf( " %d bytes written in %d fragments\n\n%s\n", written, frags, (char *) buf );
 
     /*
      * 7. Read the HTTP response
diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c
index ab2a87f7a..d5ebb812b 100644
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c
@@ -68,11 +68,15 @@
 #define DFL_MIN_VERSION         -1
 #define DFL_MAX_VERSION         -1
 #define DFL_AUTH_MODE           SSL_VERIFY_OPTIONAL
+#define DFL_MFL_CODE            SSL_MAX_FRAG_LEN_NONE
 
-#define LONG_RESPONSE "<p>01-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah\r\n" \
-    "02-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah\r\n"  \
-    "03-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah\r\n"  \
-    "04-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah</p>\r\n"
+#define LONG_RESPONSE "<p>01-blah-blah-blah-blah-blah-blah-blah-blah-blah\r\n" \
+    "02-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah\r\n"  \
+    "03-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah\r\n"  \
+    "04-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah\r\n"  \
+    "05-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah\r\n"  \
+    "06-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah\r\n"  \
+    "07-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah</p>\r\n"
 
 /* Uncomment LONG_RESPONSE at the end of HTTP_RESPONSE to test sending longer
  * packets (for fragmentation purposes) */
@@ -100,6 +104,7 @@ struct options
     int min_version;            /* minimum protocol version accepted        */
     int max_version;            /* maximum protocol version accepted        */
     int auth_mode;              /* verify mode for connection               */
+    unsigned char mfl_code;     /* code for maximum fragment length         */
 } opt;
 
 static void my_debug( void *ctx, int level, const char *str )
@@ -154,6 +159,8 @@ static void my_debug( void *ctx, int level, const char *str )
     "                        options: ssl3, tls1, tls1_1, tls1_2\n" \
     "    auth_mode=%%s        default: \"optional\"\n"      \
     "                        options: none, optional, required\n" \
+    "    max_frag_len=%%d     default: 16384 (tls default)" \
+    "                        options: 512, 1024, 2048, 4096" \
     USAGE_PSK                                               \
     "\n"                                                    \
     "    force_ciphersuite=<name>    default: all enabled\n"\
@@ -175,7 +182,7 @@ int main( int argc, char *argv[] )
 #else
 int main( int argc, char *argv[] )
 {
-    int ret = 0, len, written;
+    int ret = 0, len, written, frags;
     int listen_fd;
     int client_fd = -1;
     unsigned char buf[1024];
@@ -257,6 +264,7 @@ int main( int argc, char *argv[] )
     opt.min_version         = DFL_MIN_VERSION;
     opt.max_version         = DFL_MAX_VERSION;
     opt.auth_mode           = DFL_AUTH_MODE;
+    opt.mfl_code            = DFL_MFL_CODE;
 
     for( i = 1; i < argc; i++ )
     {
@@ -375,6 +383,19 @@ int main( int argc, char *argv[] )
             else
                 goto usage;
         }
+        else if( strcmp( p, "max_frag_len" ) == 0 )
+        {
+            if( strcmp( q, "512" ) == 0 )
+                opt.mfl_code = SSL_MAX_FRAG_LEN_512;
+            else if( strcmp( q, "1024" ) == 0 )
+                opt.mfl_code = SSL_MAX_FRAG_LEN_1024;
+            else if( strcmp( q, "2048" ) == 0 )
+                opt.mfl_code = SSL_MAX_FRAG_LEN_2048;
+            else if( strcmp( q, "4096" ) == 0 )
+                opt.mfl_code = SSL_MAX_FRAG_LEN_4096;
+            else
+                goto usage;
+        }
         else
             goto usage;
     }
@@ -569,6 +590,8 @@ int main( int argc, char *argv[] )
     ssl_set_endpoint( &ssl, SSL_IS_SERVER );
     ssl_set_authmode( &ssl, opt.auth_mode );
 
+    ssl_set_max_frag_len( &ssl, opt.mfl_code );
+
     ssl_set_rng( &ssl, ctr_drbg_random, &ctr_drbg );
     ssl_set_dbg( &ssl, my_debug, stdout );
 
@@ -774,7 +797,7 @@ reset:
     len = sprintf( (char *) buf, HTTP_RESPONSE,
                    ssl_get_ciphersuite( &ssl ) );
 
-    for( written = 0; written < len; written += ret )
+    for( written = 0, frags = 0; written < len; written += ret, frags++ )
     {
         while( ( ret = ssl_write( &ssl, buf + written, len - written ) ) <= 0 )
         {
@@ -793,7 +816,7 @@ reset:
     }
 
     buf[written] = '\0';
-    printf( " %d bytes written\n\n%s\n", written, (char *) buf );
+    printf( " %d bytes written in %d fragments\n\n%s\n", written, frags, (char *) buf );
 
     ret = 0;
     goto reset;