mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-12-23 13:25:28 +00:00
Merge pull request #3163 from AndrzejKurek/variable-buffers-renegotiation
Variable buffers & renegotiation - fixes
This commit is contained in:
commit
66e21efe47
|
@ -5,6 +5,10 @@ mbed TLS ChangeLog (Sorted per branch, date)
|
||||||
New deprecations
|
New deprecations
|
||||||
* Deprecate MBEDTLS_SSL_HW_RECORD_ACCEL that enables function hooks in the
|
* Deprecate MBEDTLS_SSL_HW_RECORD_ACCEL that enables function hooks in the
|
||||||
SSL module for hardware acceleration of individual records.
|
SSL module for hardware acceleration of individual records.
|
||||||
|
* Deprecate mbedtls_ssl_get_max_frag_len() in favour of
|
||||||
|
mbedtls_ssl_get_output_max_frag_len() and
|
||||||
|
mbedtls_ssl_get_input_max_frag_len() to be more precise about which max
|
||||||
|
fragment length is desired.
|
||||||
|
|
||||||
Security
|
Security
|
||||||
* Fix issue in DTLS handling of new associations with the same parameters
|
* Fix issue in DTLS handling of new associations with the same parameters
|
||||||
|
@ -23,6 +27,11 @@ Bugfix
|
||||||
Changes
|
Changes
|
||||||
* Mbed Crypto is no longer a Git submodule. The crypto part of the library
|
* Mbed Crypto is no longer a Git submodule. The crypto part of the library
|
||||||
is back directly in the present repository.
|
is back directly in the present repository.
|
||||||
|
* Split mbedtls_ssl_get_max_frag_len() into
|
||||||
|
mbedtls_ssl_get_output_max_frag_len() and
|
||||||
|
mbedtls_ssl_get_input_max_frag_len() to ensure that a sufficient input
|
||||||
|
buffer is allocated by the server (if MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH
|
||||||
|
is defined), regardless of what MFL was configured for it.
|
||||||
|
|
||||||
= mbed TLS 2.21.0 branch released 2020-02-20
|
= mbed TLS 2.21.0 branch released 2020-02-20
|
||||||
|
|
||||||
|
|
|
@ -3523,18 +3523,61 @@ int mbedtls_ssl_get_record_expansion( const mbedtls_ssl_context *ssl );
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
|
#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
|
||||||
/**
|
/**
|
||||||
* \brief Return the maximum fragment length (payload, in bytes).
|
* \brief Return the maximum fragment length (payload, in bytes) for
|
||||||
* This is the value negotiated with peer if any,
|
* the output buffer. For the client, this is the configured
|
||||||
* or the locally configured value.
|
* value. For the server, it is the minimum of two - the
|
||||||
|
* configured value and the negotiated one.
|
||||||
*
|
*
|
||||||
* \sa mbedtls_ssl_conf_max_frag_len()
|
* \sa mbedtls_ssl_conf_max_frag_len()
|
||||||
* \sa mbedtls_ssl_get_max_record_payload()
|
* \sa mbedtls_ssl_get_max_record_payload()
|
||||||
*
|
*
|
||||||
* \param ssl SSL context
|
* \param ssl SSL context
|
||||||
*
|
*
|
||||||
* \return Current maximum fragment length.
|
* \return Current maximum fragment length for the output buffer.
|
||||||
*/
|
*/
|
||||||
size_t mbedtls_ssl_get_max_frag_len( const mbedtls_ssl_context *ssl );
|
size_t mbedtls_ssl_get_output_max_frag_len( const mbedtls_ssl_context *ssl );
|
||||||
|
|
||||||
|
/**
|
||||||
|
* \brief Return the maximum fragment length (payload, in bytes) for
|
||||||
|
* the input buffer. This is the negotiated maximum fragment
|
||||||
|
* length, or, if there is none, MBEDTLS_SSL_MAX_CONTENT_LEN.
|
||||||
|
* If it is not defined either, the value is 2^14. This function
|
||||||
|
* works as its predecessor, \c mbedtls_ssl_get_max_frag_len().
|
||||||
|
*
|
||||||
|
* \sa mbedtls_ssl_conf_max_frag_len()
|
||||||
|
* \sa mbedtls_ssl_get_max_record_payload()
|
||||||
|
*
|
||||||
|
* \param ssl SSL context
|
||||||
|
*
|
||||||
|
* \return Current maximum fragment length for the output buffer.
|
||||||
|
*/
|
||||||
|
size_t mbedtls_ssl_get_input_max_frag_len( const mbedtls_ssl_context *ssl );
|
||||||
|
|
||||||
|
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
|
||||||
|
|
||||||
|
#if defined(MBEDTLS_DEPRECATED_WARNING)
|
||||||
|
#define MBEDTLS_DEPRECATED __attribute__((deprecated))
|
||||||
|
#else
|
||||||
|
#define MBEDTLS_DEPRECATED
|
||||||
|
#endif
|
||||||
|
|
||||||
|
/**
|
||||||
|
* \brief This function is a deprecated approach to getting the max
|
||||||
|
* fragment length. Its an alias for
|
||||||
|
* \c mbedtls_ssl_get_output_max_frag_len(), as the behaviour
|
||||||
|
* is the same. See \c mbedtls_ssl_get_output_max_frag_len() for
|
||||||
|
* more detail.
|
||||||
|
*
|
||||||
|
* \sa mbedtls_ssl_get_input_max_frag_len()
|
||||||
|
* \sa mbedtls_ssl_get_output_max_frag_len()
|
||||||
|
*
|
||||||
|
* \param ssl SSL context
|
||||||
|
*
|
||||||
|
* \return Current maximum fragment length for the output buffer.
|
||||||
|
*/
|
||||||
|
MBEDTLS_DEPRECATED size_t mbedtls_ssl_get_max_frag_len(
|
||||||
|
const mbedtls_ssl_context *ssl );
|
||||||
|
#endif /* MBEDTLS_DEPRECATED_REMOVED */
|
||||||
#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
|
#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -3555,7 +3598,8 @@ size_t mbedtls_ssl_get_max_frag_len( const mbedtls_ssl_context *ssl );
|
||||||
* when record compression is enabled.
|
* when record compression is enabled.
|
||||||
*
|
*
|
||||||
* \sa mbedtls_ssl_set_mtu()
|
* \sa mbedtls_ssl_set_mtu()
|
||||||
* \sa mbedtls_ssl_get_max_frag_len()
|
* \sa mbedtls_ssl_get_output_max_frag_len()
|
||||||
|
* \sa mbedtls_ssl_get_input_max_frag_len()
|
||||||
* \sa mbedtls_ssl_get_record_expansion()
|
* \sa mbedtls_ssl_get_record_expansion()
|
||||||
*
|
*
|
||||||
* \param ssl SSL context
|
* \param ssl SSL context
|
||||||
|
@ -3863,8 +3907,8 @@ int mbedtls_ssl_read( mbedtls_ssl_context *ssl, unsigned char *buf, size_t len )
|
||||||
* or negotiated with the peer), then:
|
* or negotiated with the peer), then:
|
||||||
* - with TLS, less bytes than requested are written.
|
* - with TLS, less bytes than requested are written.
|
||||||
* - with DTLS, MBEDTLS_ERR_SSL_BAD_INPUT_DATA is returned.
|
* - with DTLS, MBEDTLS_ERR_SSL_BAD_INPUT_DATA is returned.
|
||||||
* \c mbedtls_ssl_get_max_frag_len() may be used to query the
|
* \c mbedtls_ssl_get_output_max_frag_len() may be used to
|
||||||
* active maximum fragment length.
|
* query the active maximum fragment length.
|
||||||
*
|
*
|
||||||
* \note Attempting to write 0 bytes will result in an empty TLS
|
* \note Attempting to write 0 bytes will result in an empty TLS
|
||||||
* application record being sent.
|
* application record being sent.
|
||||||
|
|
|
@ -260,11 +260,11 @@
|
||||||
static inline uint32_t mbedtls_ssl_get_output_buflen( const mbedtls_ssl_context *ctx )
|
static inline uint32_t mbedtls_ssl_get_output_buflen( const mbedtls_ssl_context *ctx )
|
||||||
{
|
{
|
||||||
#if defined (MBEDTLS_SSL_DTLS_CONNECTION_ID)
|
#if defined (MBEDTLS_SSL_DTLS_CONNECTION_ID)
|
||||||
return (uint32_t) mbedtls_ssl_get_max_frag_len( ctx )
|
return (uint32_t) mbedtls_ssl_get_output_max_frag_len( ctx )
|
||||||
+ MBEDTLS_SSL_HEADER_LEN + MBEDTLS_SSL_PAYLOAD_OVERHEAD
|
+ MBEDTLS_SSL_HEADER_LEN + MBEDTLS_SSL_PAYLOAD_OVERHEAD
|
||||||
+ MBEDTLS_SSL_CID_OUT_LEN_MAX;
|
+ MBEDTLS_SSL_CID_OUT_LEN_MAX;
|
||||||
#else
|
#else
|
||||||
return (uint32_t) mbedtls_ssl_get_max_frag_len( ctx )
|
return (uint32_t) mbedtls_ssl_get_output_max_frag_len( ctx )
|
||||||
+ MBEDTLS_SSL_HEADER_LEN + MBEDTLS_SSL_PAYLOAD_OVERHEAD;
|
+ MBEDTLS_SSL_HEADER_LEN + MBEDTLS_SSL_PAYLOAD_OVERHEAD;
|
||||||
#endif
|
#endif
|
||||||
}
|
}
|
||||||
|
@ -272,11 +272,11 @@ static inline uint32_t mbedtls_ssl_get_output_buflen( const mbedtls_ssl_context
|
||||||
static inline uint32_t mbedtls_ssl_get_input_buflen( const mbedtls_ssl_context *ctx )
|
static inline uint32_t mbedtls_ssl_get_input_buflen( const mbedtls_ssl_context *ctx )
|
||||||
{
|
{
|
||||||
#if defined (MBEDTLS_SSL_DTLS_CONNECTION_ID)
|
#if defined (MBEDTLS_SSL_DTLS_CONNECTION_ID)
|
||||||
return (uint32_t) mbedtls_ssl_get_max_frag_len( ctx )
|
return (uint32_t) mbedtls_ssl_get_input_max_frag_len( ctx )
|
||||||
+ MBEDTLS_SSL_HEADER_LEN + MBEDTLS_SSL_PAYLOAD_OVERHEAD
|
+ MBEDTLS_SSL_HEADER_LEN + MBEDTLS_SSL_PAYLOAD_OVERHEAD
|
||||||
+ MBEDTLS_SSL_CID_IN_LEN_MAX;
|
+ MBEDTLS_SSL_CID_IN_LEN_MAX;
|
||||||
#else
|
#else
|
||||||
return (uint32_t) mbedtls_ssl_get_max_frag_len( ctx )
|
return (uint32_t) mbedtls_ssl_get_input_max_frag_len( ctx )
|
||||||
+ MBEDTLS_SSL_HEADER_LEN + MBEDTLS_SSL_PAYLOAD_OVERHEAD;
|
+ MBEDTLS_SSL_HEADER_LEN + MBEDTLS_SSL_PAYLOAD_OVERHEAD;
|
||||||
#endif
|
#endif
|
||||||
}
|
}
|
||||||
|
|
|
@ -214,7 +214,7 @@ static int ssl_get_remaining_payload_in_datagram( mbedtls_ssl_context const *ssl
|
||||||
size_t max_len = MBEDTLS_SSL_OUT_CONTENT_LEN;
|
size_t max_len = MBEDTLS_SSL_OUT_CONTENT_LEN;
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
|
#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
|
||||||
const size_t mfl = mbedtls_ssl_get_max_frag_len( ssl );
|
const size_t mfl = mbedtls_ssl_get_output_max_frag_len( ssl );
|
||||||
|
|
||||||
if( max_len > mfl )
|
if( max_len > mfl )
|
||||||
max_len = mfl;
|
max_len = mfl;
|
||||||
|
|
|
@ -3673,36 +3673,51 @@ static int ssl_handshake_init( mbedtls_ssl_context *ssl )
|
||||||
/* If the buffers are too small - reallocate */
|
/* If the buffers are too small - reallocate */
|
||||||
{
|
{
|
||||||
int modified = 0;
|
int modified = 0;
|
||||||
if( ssl->in_buf_len < MBEDTLS_SSL_IN_BUFFER_LEN )
|
size_t written_in = 0;
|
||||||
|
size_t written_out = 0;
|
||||||
|
if( ssl->in_buf != NULL )
|
||||||
{
|
{
|
||||||
if( resize_buffer( &ssl->in_buf, MBEDTLS_SSL_IN_BUFFER_LEN,
|
written_in = ssl->in_msg - ssl->in_buf;
|
||||||
&ssl->in_buf_len ) != 0 )
|
if( ssl->in_buf_len < MBEDTLS_SSL_IN_BUFFER_LEN )
|
||||||
{
|
{
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "input buffer resizing failed - out of memory" ) );
|
if( resize_buffer( &ssl->in_buf, MBEDTLS_SSL_IN_BUFFER_LEN,
|
||||||
}
|
&ssl->in_buf_len ) != 0 )
|
||||||
else
|
{
|
||||||
{
|
MBEDTLS_SSL_DEBUG_MSG( 1, ( "input buffer resizing failed - out of memory" ) );
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 2, ( "Reallocating in_buf to %d", MBEDTLS_SSL_IN_BUFFER_LEN ) );
|
}
|
||||||
modified = 1;
|
else
|
||||||
|
{
|
||||||
|
MBEDTLS_SSL_DEBUG_MSG( 2, ( "Reallocating in_buf to %d", MBEDTLS_SSL_IN_BUFFER_LEN ) );
|
||||||
|
modified = 1;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
if( ssl->out_buf_len < MBEDTLS_SSL_OUT_BUFFER_LEN )
|
|
||||||
|
if( ssl->out_buf != NULL )
|
||||||
{
|
{
|
||||||
if( resize_buffer( &ssl->out_buf, MBEDTLS_SSL_OUT_BUFFER_LEN,
|
written_out = ssl->out_msg - ssl->out_buf;
|
||||||
&ssl->out_buf_len ) != 0 )
|
if( ssl->out_buf_len < MBEDTLS_SSL_OUT_BUFFER_LEN )
|
||||||
{
|
{
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "output buffer resizing failed - out of memory" ) );
|
if( resize_buffer( &ssl->out_buf, MBEDTLS_SSL_OUT_BUFFER_LEN,
|
||||||
}
|
&ssl->out_buf_len ) != 0 )
|
||||||
else
|
{
|
||||||
{
|
MBEDTLS_SSL_DEBUG_MSG( 1, ( "output buffer resizing failed - out of memory" ) );
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 2, ( "Reallocating out_buf to %d", MBEDTLS_SSL_OUT_BUFFER_LEN ) );
|
}
|
||||||
modified = 1;
|
else
|
||||||
|
{
|
||||||
|
MBEDTLS_SSL_DEBUG_MSG( 2, ( "Reallocating out_buf to %d", MBEDTLS_SSL_OUT_BUFFER_LEN ) );
|
||||||
|
modified = 1;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
if( modified )
|
if( modified )
|
||||||
{
|
{
|
||||||
/* Update pointers here to avoid doing it twice. */
|
/* Update pointers here to avoid doing it twice. */
|
||||||
mbedtls_ssl_reset_in_out_pointers( ssl );
|
mbedtls_ssl_reset_in_out_pointers( ssl );
|
||||||
|
/* Fields below might not be properly updated with record
|
||||||
|
* splitting, so they are manually updated here. */
|
||||||
|
ssl->out_msg = ssl->out_buf + written_out;
|
||||||
|
ssl->in_msg = ssl->in_buf + written_in;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
@ -4889,7 +4904,42 @@ const char *mbedtls_ssl_get_version( const mbedtls_ssl_context *ssl )
|
||||||
}
|
}
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
|
#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
|
||||||
size_t mbedtls_ssl_get_max_frag_len( const mbedtls_ssl_context *ssl )
|
size_t mbedtls_ssl_get_input_max_frag_len( const mbedtls_ssl_context *ssl )
|
||||||
|
{
|
||||||
|
size_t max_len = MBEDTLS_SSL_MAX_CONTENT_LEN;
|
||||||
|
size_t read_mfl;
|
||||||
|
|
||||||
|
/* Use the configured MFL for the client if we're past SERVER_HELLO_DONE */
|
||||||
|
if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT &&
|
||||||
|
ssl->state >= MBEDTLS_SSL_SERVER_HELLO_DONE )
|
||||||
|
{
|
||||||
|
return ssl_mfl_code_to_length( ssl->conf->mfl_code );
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Check if a smaller max length was negotiated */
|
||||||
|
if( ssl->session_out != NULL )
|
||||||
|
{
|
||||||
|
read_mfl = ssl_mfl_code_to_length( ssl->session_out->mfl_code );
|
||||||
|
if( read_mfl < max_len )
|
||||||
|
{
|
||||||
|
max_len = read_mfl;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// During a handshake, use the value being negotiated
|
||||||
|
if( ssl->session_negotiate != NULL )
|
||||||
|
{
|
||||||
|
read_mfl = ssl_mfl_code_to_length( ssl->session_negotiate->mfl_code );
|
||||||
|
if( read_mfl < max_len )
|
||||||
|
{
|
||||||
|
max_len = read_mfl;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
return( max_len );
|
||||||
|
}
|
||||||
|
|
||||||
|
size_t mbedtls_ssl_get_output_max_frag_len( const mbedtls_ssl_context *ssl )
|
||||||
{
|
{
|
||||||
size_t max_len;
|
size_t max_len;
|
||||||
|
|
||||||
|
@ -4914,6 +4964,13 @@ size_t mbedtls_ssl_get_max_frag_len( const mbedtls_ssl_context *ssl )
|
||||||
|
|
||||||
return( max_len );
|
return( max_len );
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
|
||||||
|
size_t mbedtls_ssl_get_max_frag_len( const mbedtls_ssl_context *ssl )
|
||||||
|
{
|
||||||
|
return mbedtls_ssl_get_output_max_frag_len( ssl );
|
||||||
|
}
|
||||||
|
#endif /* !MBEDTLS_DEPRECATED_REMOVED */
|
||||||
#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
|
#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
||||||
|
@ -4946,7 +5003,7 @@ int mbedtls_ssl_get_max_out_record_payload( const mbedtls_ssl_context *ssl )
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
|
#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
|
||||||
const size_t mfl = mbedtls_ssl_get_max_frag_len( ssl );
|
const size_t mfl = mbedtls_ssl_get_output_max_frag_len( ssl );
|
||||||
|
|
||||||
if( max_len > mfl )
|
if( max_len > mfl )
|
||||||
max_len = mfl;
|
max_len = mfl;
|
||||||
|
@ -5892,36 +5949,41 @@ void mbedtls_ssl_handshake_free( mbedtls_ssl_context *ssl )
|
||||||
uint32_t buf_len = mbedtls_ssl_get_input_buflen( ssl );
|
uint32_t buf_len = mbedtls_ssl_get_input_buflen( ssl );
|
||||||
size_t written_in = 0;
|
size_t written_in = 0;
|
||||||
size_t written_out = 0;
|
size_t written_out = 0;
|
||||||
if( ssl->in_buf != NULL &&
|
if( ssl->in_buf != NULL )
|
||||||
ssl->in_buf_len > buf_len &&
|
|
||||||
ssl->in_left < buf_len )
|
|
||||||
{
|
{
|
||||||
written_in = ssl->in_msg - ssl->in_buf;
|
written_in = ssl->in_msg - ssl->in_buf;
|
||||||
if( resize_buffer( &ssl->in_buf, buf_len, &ssl->in_buf_len ) != 0 )
|
if( ssl->in_buf_len > buf_len && ssl->in_left < buf_len )
|
||||||
{
|
{
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "input buffer resizing failed - out of memory" ) );
|
written_in = ssl->in_msg - ssl->in_buf;
|
||||||
}
|
if( resize_buffer( &ssl->in_buf, buf_len, &ssl->in_buf_len ) != 0 )
|
||||||
else
|
{
|
||||||
{
|
MBEDTLS_SSL_DEBUG_MSG( 1, ( "input buffer resizing failed - out of memory" ) );
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 2, ( "Reallocating in_buf to %d", buf_len ) );
|
}
|
||||||
modified = 1;
|
else
|
||||||
|
{
|
||||||
|
MBEDTLS_SSL_DEBUG_MSG( 2, ( "Reallocating in_buf to %d", buf_len ) );
|
||||||
|
modified = 1;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
buf_len = mbedtls_ssl_get_output_buflen( ssl );
|
buf_len = mbedtls_ssl_get_output_buflen( ssl );
|
||||||
if( ssl->out_buf != NULL &&
|
if(ssl->out_buf != NULL )
|
||||||
ssl->out_buf_len > mbedtls_ssl_get_output_buflen( ssl ) &&
|
|
||||||
ssl->out_left < buf_len )
|
|
||||||
{
|
{
|
||||||
written_out = ssl->out_msg - ssl->out_buf;
|
written_out = ssl->out_msg - ssl->out_buf;
|
||||||
if( resize_buffer( &ssl->out_buf, buf_len, &ssl->out_buf_len ) != 0 )
|
if( ssl->out_buf_len > mbedtls_ssl_get_output_buflen( ssl ) &&
|
||||||
|
ssl->out_left < buf_len )
|
||||||
{
|
{
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "output buffer resizing failed - out of memory" ) );
|
if( resize_buffer( &ssl->out_buf, buf_len, &ssl->out_buf_len ) != 0 )
|
||||||
}
|
{
|
||||||
else
|
MBEDTLS_SSL_DEBUG_MSG( 1, ( "output buffer resizing failed - out of memory" ) );
|
||||||
{
|
}
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 2, ( "Reallocating out_buf to %d", buf_len ) );
|
else
|
||||||
modified = 1;
|
{
|
||||||
|
MBEDTLS_SSL_DEBUG_MSG( 2, ( "Reallocating out_buf to %d", buf_len ) );
|
||||||
|
modified = 1;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
if( modified )
|
if( modified )
|
||||||
|
|
|
@ -2553,8 +2553,10 @@ int main( int argc, char *argv[] )
|
||||||
mbedtls_printf( " [ Record expansion is unknown (compression) ]\n" );
|
mbedtls_printf( " [ Record expansion is unknown (compression) ]\n" );
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
|
#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
|
||||||
mbedtls_printf( " [ Maximum fragment length is %u ]\n",
|
mbedtls_printf( " [ Maximum input fragment length is %u ]\n",
|
||||||
(unsigned int) mbedtls_ssl_get_max_frag_len( &ssl ) );
|
(unsigned int) mbedtls_ssl_get_input_max_frag_len( &ssl ) );
|
||||||
|
mbedtls_printf( " [ Maximum output fragment length is %u ]\n",
|
||||||
|
(unsigned int) mbedtls_ssl_get_output_max_frag_len( &ssl ) );
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_ALPN)
|
#if defined(MBEDTLS_SSL_ALPN)
|
||||||
|
|
|
@ -3633,8 +3633,10 @@ handshake:
|
||||||
mbedtls_printf( " [ Record expansion is unknown (compression) ]\n" );
|
mbedtls_printf( " [ Record expansion is unknown (compression) ]\n" );
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
|
#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
|
||||||
mbedtls_printf( " [ Maximum fragment length is %u ]\n",
|
mbedtls_printf( " [ Maximum input fragment length is %u ]\n",
|
||||||
(unsigned int) mbedtls_ssl_get_max_frag_len( &ssl ) );
|
(unsigned int) mbedtls_ssl_get_input_max_frag_len( &ssl ) );
|
||||||
|
mbedtls_printf( " [ Maximum output fragment length is %u ]\n",
|
||||||
|
(unsigned int) mbedtls_ssl_get_output_max_frag_len( &ssl ) );
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_ALPN)
|
#if defined(MBEDTLS_SSL_ALPN)
|
||||||
|
|
254
tests/ssl-opt.sh
254
tests/ssl-opt.sh
|
@ -2925,8 +2925,10 @@ run_test "Max fragment length: enabled, default" \
|
||||||
"$P_SRV debug_level=3" \
|
"$P_SRV debug_level=3" \
|
||||||
"$P_CLI debug_level=3" \
|
"$P_CLI debug_level=3" \
|
||||||
0 \
|
0 \
|
||||||
-c "Maximum fragment length is $MAX_CONTENT_LEN" \
|
-c "Maximum input fragment length is $MAX_CONTENT_LEN" \
|
||||||
-s "Maximum fragment length is $MAX_CONTENT_LEN" \
|
-c "Maximum output fragment length is $MAX_CONTENT_LEN" \
|
||||||
|
-s "Maximum input fragment length is $MAX_CONTENT_LEN" \
|
||||||
|
-s "Maximum output fragment length is $MAX_CONTENT_LEN" \
|
||||||
-C "client hello, adding max_fragment_length extension" \
|
-C "client hello, adding max_fragment_length extension" \
|
||||||
-S "found max fragment length extension" \
|
-S "found max fragment length extension" \
|
||||||
-S "server hello, max_fragment_length extension" \
|
-S "server hello, max_fragment_length extension" \
|
||||||
|
@ -2937,8 +2939,10 @@ run_test "Max fragment length: enabled, default, larger message" \
|
||||||
"$P_SRV debug_level=3" \
|
"$P_SRV debug_level=3" \
|
||||||
"$P_CLI debug_level=3 request_size=$(( $MAX_CONTENT_LEN + 1))" \
|
"$P_CLI debug_level=3 request_size=$(( $MAX_CONTENT_LEN + 1))" \
|
||||||
0 \
|
0 \
|
||||||
-c "Maximum fragment length is $MAX_CONTENT_LEN" \
|
-c "Maximum input fragment length is $MAX_CONTENT_LEN" \
|
||||||
-s "Maximum fragment length is $MAX_CONTENT_LEN" \
|
-c "Maximum output fragment length is $MAX_CONTENT_LEN" \
|
||||||
|
-s "Maximum input fragment length is $MAX_CONTENT_LEN" \
|
||||||
|
-s "Maximum output fragment length is $MAX_CONTENT_LEN" \
|
||||||
-C "client hello, adding max_fragment_length extension" \
|
-C "client hello, adding max_fragment_length extension" \
|
||||||
-S "found max fragment length extension" \
|
-S "found max fragment length extension" \
|
||||||
-S "server hello, max_fragment_length extension" \
|
-S "server hello, max_fragment_length extension" \
|
||||||
|
@ -2952,8 +2956,10 @@ run_test "Max fragment length, DTLS: enabled, default, larger message" \
|
||||||
"$P_SRV debug_level=3 dtls=1" \
|
"$P_SRV debug_level=3 dtls=1" \
|
||||||
"$P_CLI debug_level=3 dtls=1 request_size=$(( $MAX_CONTENT_LEN + 1))" \
|
"$P_CLI debug_level=3 dtls=1 request_size=$(( $MAX_CONTENT_LEN + 1))" \
|
||||||
1 \
|
1 \
|
||||||
-c "Maximum fragment length is $MAX_CONTENT_LEN" \
|
-c "Maximum input fragment length is $MAX_CONTENT_LEN" \
|
||||||
-s "Maximum fragment length is $MAX_CONTENT_LEN" \
|
-c "Maximum output fragment length is $MAX_CONTENT_LEN" \
|
||||||
|
-s "Maximum input fragment length is $MAX_CONTENT_LEN" \
|
||||||
|
-s "Maximum output fragment length is $MAX_CONTENT_LEN" \
|
||||||
-C "client hello, adding max_fragment_length extension" \
|
-C "client hello, adding max_fragment_length extension" \
|
||||||
-S "found max fragment length extension" \
|
-S "found max fragment length extension" \
|
||||||
-S "server hello, max_fragment_length extension" \
|
-S "server hello, max_fragment_length extension" \
|
||||||
|
@ -2969,8 +2975,10 @@ run_test "Max fragment length: disabled, larger message" \
|
||||||
"$P_SRV debug_level=3" \
|
"$P_SRV debug_level=3" \
|
||||||
"$P_CLI debug_level=3 request_size=$(( $MAX_CONTENT_LEN + 1))" \
|
"$P_CLI debug_level=3 request_size=$(( $MAX_CONTENT_LEN + 1))" \
|
||||||
0 \
|
0 \
|
||||||
-C "Maximum fragment length is 16384" \
|
-C "Maximum input fragment length is 16384" \
|
||||||
-S "Maximum fragment length is 16384" \
|
-C "Maximum output fragment length is 16384" \
|
||||||
|
-S "Maximum input fragment length is 16384" \
|
||||||
|
-S "Maximum output fragment length is 16384" \
|
||||||
-c "$(( $MAX_CONTENT_LEN + 1)) bytes written in 2 fragments" \
|
-c "$(( $MAX_CONTENT_LEN + 1)) bytes written in 2 fragments" \
|
||||||
-s "$MAX_CONTENT_LEN bytes read" \
|
-s "$MAX_CONTENT_LEN bytes read" \
|
||||||
-s "1 bytes read"
|
-s "1 bytes read"
|
||||||
|
@ -2980,8 +2988,10 @@ run_test "Max fragment length DTLS: disabled, larger message" \
|
||||||
"$P_SRV debug_level=3 dtls=1" \
|
"$P_SRV debug_level=3 dtls=1" \
|
||||||
"$P_CLI debug_level=3 dtls=1 request_size=$(( $MAX_CONTENT_LEN + 1))" \
|
"$P_CLI debug_level=3 dtls=1 request_size=$(( $MAX_CONTENT_LEN + 1))" \
|
||||||
1 \
|
1 \
|
||||||
-C "Maximum fragment length is 16384" \
|
-C "Maximum input fragment length is 16384" \
|
||||||
-S "Maximum fragment length is 16384" \
|
-C "Maximum output fragment length is 16384" \
|
||||||
|
-S "Maximum input fragment length is 16384" \
|
||||||
|
-S "Maximum output fragment length is 16384" \
|
||||||
-c "fragment larger than.*maximum "
|
-c "fragment larger than.*maximum "
|
||||||
|
|
||||||
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
|
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
|
||||||
|
@ -2989,8 +2999,178 @@ run_test "Max fragment length: used by client" \
|
||||||
"$P_SRV debug_level=3" \
|
"$P_SRV debug_level=3" \
|
||||||
"$P_CLI debug_level=3 max_frag_len=4096" \
|
"$P_CLI debug_level=3 max_frag_len=4096" \
|
||||||
0 \
|
0 \
|
||||||
-c "Maximum fragment length is 4096" \
|
-c "Maximum input fragment length is 4096" \
|
||||||
-s "Maximum fragment length is 4096" \
|
-c "Maximum output fragment length is 4096" \
|
||||||
|
-s "Maximum input fragment length is 4096" \
|
||||||
|
-s "Maximum output fragment length is 4096" \
|
||||||
|
-c "client hello, adding max_fragment_length extension" \
|
||||||
|
-s "found max fragment length extension" \
|
||||||
|
-s "server hello, max_fragment_length extension" \
|
||||||
|
-c "found max_fragment_length extension"
|
||||||
|
|
||||||
|
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
|
||||||
|
run_test "Max fragment length: client 512, server 1024" \
|
||||||
|
"$P_SRV debug_level=3 max_frag_len=1024" \
|
||||||
|
"$P_CLI debug_level=3 max_frag_len=512" \
|
||||||
|
0 \
|
||||||
|
-c "Maximum input fragment length is 512" \
|
||||||
|
-c "Maximum output fragment length is 512" \
|
||||||
|
-s "Maximum input fragment length is 512" \
|
||||||
|
-s "Maximum output fragment length is 512" \
|
||||||
|
-c "client hello, adding max_fragment_length extension" \
|
||||||
|
-s "found max fragment length extension" \
|
||||||
|
-s "server hello, max_fragment_length extension" \
|
||||||
|
-c "found max_fragment_length extension"
|
||||||
|
|
||||||
|
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
|
||||||
|
run_test "Max fragment length: client 512, server 2048" \
|
||||||
|
"$P_SRV debug_level=3 max_frag_len=2048" \
|
||||||
|
"$P_CLI debug_level=3 max_frag_len=512" \
|
||||||
|
0 \
|
||||||
|
-c "Maximum input fragment length is 512" \
|
||||||
|
-c "Maximum output fragment length is 512" \
|
||||||
|
-s "Maximum input fragment length is 512" \
|
||||||
|
-s "Maximum output fragment length is 512" \
|
||||||
|
-c "client hello, adding max_fragment_length extension" \
|
||||||
|
-s "found max fragment length extension" \
|
||||||
|
-s "server hello, max_fragment_length extension" \
|
||||||
|
-c "found max_fragment_length extension"
|
||||||
|
|
||||||
|
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
|
||||||
|
run_test "Max fragment length: client 512, server 4096" \
|
||||||
|
"$P_SRV debug_level=3 max_frag_len=4096" \
|
||||||
|
"$P_CLI debug_level=3 max_frag_len=512" \
|
||||||
|
0 \
|
||||||
|
-c "Maximum input fragment length is 512" \
|
||||||
|
-c "Maximum output fragment length is 512" \
|
||||||
|
-s "Maximum input fragment length is 512" \
|
||||||
|
-s "Maximum output fragment length is 512" \
|
||||||
|
-c "client hello, adding max_fragment_length extension" \
|
||||||
|
-s "found max fragment length extension" \
|
||||||
|
-s "server hello, max_fragment_length extension" \
|
||||||
|
-c "found max_fragment_length extension"
|
||||||
|
|
||||||
|
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
|
||||||
|
run_test "Max fragment length: client 1024, server 512" \
|
||||||
|
"$P_SRV debug_level=3 max_frag_len=512" \
|
||||||
|
"$P_CLI debug_level=3 max_frag_len=1024" \
|
||||||
|
0 \
|
||||||
|
-c "Maximum input fragment length is 1024" \
|
||||||
|
-c "Maximum output fragment length is 1024" \
|
||||||
|
-s "Maximum input fragment length is 1024" \
|
||||||
|
-s "Maximum output fragment length is 512" \
|
||||||
|
-c "client hello, adding max_fragment_length extension" \
|
||||||
|
-s "found max fragment length extension" \
|
||||||
|
-s "server hello, max_fragment_length extension" \
|
||||||
|
-c "found max_fragment_length extension"
|
||||||
|
|
||||||
|
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
|
||||||
|
run_test "Max fragment length: client 1024, server 2048" \
|
||||||
|
"$P_SRV debug_level=3 max_frag_len=2048" \
|
||||||
|
"$P_CLI debug_level=3 max_frag_len=1024" \
|
||||||
|
0 \
|
||||||
|
-c "Maximum input fragment length is 1024" \
|
||||||
|
-c "Maximum output fragment length is 1024" \
|
||||||
|
-s "Maximum input fragment length is 1024" \
|
||||||
|
-s "Maximum output fragment length is 1024" \
|
||||||
|
-c "client hello, adding max_fragment_length extension" \
|
||||||
|
-s "found max fragment length extension" \
|
||||||
|
-s "server hello, max_fragment_length extension" \
|
||||||
|
-c "found max_fragment_length extension"
|
||||||
|
|
||||||
|
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
|
||||||
|
run_test "Max fragment length: client 1024, server 4096" \
|
||||||
|
"$P_SRV debug_level=3 max_frag_len=4096" \
|
||||||
|
"$P_CLI debug_level=3 max_frag_len=1024" \
|
||||||
|
0 \
|
||||||
|
-c "Maximum input fragment length is 1024" \
|
||||||
|
-c "Maximum output fragment length is 1024" \
|
||||||
|
-s "Maximum input fragment length is 1024" \
|
||||||
|
-s "Maximum output fragment length is 1024" \
|
||||||
|
-c "client hello, adding max_fragment_length extension" \
|
||||||
|
-s "found max fragment length extension" \
|
||||||
|
-s "server hello, max_fragment_length extension" \
|
||||||
|
-c "found max_fragment_length extension"
|
||||||
|
|
||||||
|
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
|
||||||
|
run_test "Max fragment length: client 2048, server 512" \
|
||||||
|
"$P_SRV debug_level=3 max_frag_len=512" \
|
||||||
|
"$P_CLI debug_level=3 max_frag_len=2048" \
|
||||||
|
0 \
|
||||||
|
-c "Maximum input fragment length is 2048" \
|
||||||
|
-c "Maximum output fragment length is 2048" \
|
||||||
|
-s "Maximum input fragment length is 2048" \
|
||||||
|
-s "Maximum output fragment length is 512" \
|
||||||
|
-c "client hello, adding max_fragment_length extension" \
|
||||||
|
-s "found max fragment length extension" \
|
||||||
|
-s "server hello, max_fragment_length extension" \
|
||||||
|
-c "found max_fragment_length extension"
|
||||||
|
|
||||||
|
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
|
||||||
|
run_test "Max fragment length: client 2048, server 1024" \
|
||||||
|
"$P_SRV debug_level=3 max_frag_len=1024" \
|
||||||
|
"$P_CLI debug_level=3 max_frag_len=2048" \
|
||||||
|
0 \
|
||||||
|
-c "Maximum input fragment length is 2048" \
|
||||||
|
-c "Maximum output fragment length is 2048" \
|
||||||
|
-s "Maximum input fragment length is 2048" \
|
||||||
|
-s "Maximum output fragment length is 1024" \
|
||||||
|
-c "client hello, adding max_fragment_length extension" \
|
||||||
|
-s "found max fragment length extension" \
|
||||||
|
-s "server hello, max_fragment_length extension" \
|
||||||
|
-c "found max_fragment_length extension"
|
||||||
|
|
||||||
|
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
|
||||||
|
run_test "Max fragment length: client 2048, server 4096" \
|
||||||
|
"$P_SRV debug_level=3 max_frag_len=4096" \
|
||||||
|
"$P_CLI debug_level=3 max_frag_len=2048" \
|
||||||
|
0 \
|
||||||
|
-c "Maximum input fragment length is 2048" \
|
||||||
|
-c "Maximum output fragment length is 2048" \
|
||||||
|
-s "Maximum input fragment length is 2048" \
|
||||||
|
-s "Maximum output fragment length is 2048" \
|
||||||
|
-c "client hello, adding max_fragment_length extension" \
|
||||||
|
-s "found max fragment length extension" \
|
||||||
|
-s "server hello, max_fragment_length extension" \
|
||||||
|
-c "found max_fragment_length extension"
|
||||||
|
|
||||||
|
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
|
||||||
|
run_test "Max fragment length: client 4096, server 512" \
|
||||||
|
"$P_SRV debug_level=3 max_frag_len=512" \
|
||||||
|
"$P_CLI debug_level=3 max_frag_len=4096" \
|
||||||
|
0 \
|
||||||
|
-c "Maximum input fragment length is 4096" \
|
||||||
|
-c "Maximum output fragment length is 4096" \
|
||||||
|
-s "Maximum input fragment length is 4096" \
|
||||||
|
-s "Maximum output fragment length is 512" \
|
||||||
|
-c "client hello, adding max_fragment_length extension" \
|
||||||
|
-s "found max fragment length extension" \
|
||||||
|
-s "server hello, max_fragment_length extension" \
|
||||||
|
-c "found max_fragment_length extension"
|
||||||
|
|
||||||
|
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
|
||||||
|
run_test "Max fragment length: client 4096, server 1024" \
|
||||||
|
"$P_SRV debug_level=3 max_frag_len=1024" \
|
||||||
|
"$P_CLI debug_level=3 max_frag_len=4096" \
|
||||||
|
0 \
|
||||||
|
-c "Maximum input fragment length is 4096" \
|
||||||
|
-c "Maximum output fragment length is 4096" \
|
||||||
|
-s "Maximum input fragment length is 4096" \
|
||||||
|
-s "Maximum output fragment length is 1024" \
|
||||||
|
-c "client hello, adding max_fragment_length extension" \
|
||||||
|
-s "found max fragment length extension" \
|
||||||
|
-s "server hello, max_fragment_length extension" \
|
||||||
|
-c "found max_fragment_length extension"
|
||||||
|
|
||||||
|
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
|
||||||
|
run_test "Max fragment length: client 4096, server 2048" \
|
||||||
|
"$P_SRV debug_level=3 max_frag_len=2048" \
|
||||||
|
"$P_CLI debug_level=3 max_frag_len=4096" \
|
||||||
|
0 \
|
||||||
|
-c "Maximum input fragment length is 4096" \
|
||||||
|
-c "Maximum output fragment length is 4096" \
|
||||||
|
-s "Maximum input fragment length is 4096" \
|
||||||
|
-s "Maximum output fragment length is 2048" \
|
||||||
-c "client hello, adding max_fragment_length extension" \
|
-c "client hello, adding max_fragment_length extension" \
|
||||||
-s "found max fragment length extension" \
|
-s "found max fragment length extension" \
|
||||||
-s "server hello, max_fragment_length extension" \
|
-s "server hello, max_fragment_length extension" \
|
||||||
|
@ -3001,8 +3181,10 @@ run_test "Max fragment length: used by server" \
|
||||||
"$P_SRV debug_level=3 max_frag_len=4096" \
|
"$P_SRV debug_level=3 max_frag_len=4096" \
|
||||||
"$P_CLI debug_level=3" \
|
"$P_CLI debug_level=3" \
|
||||||
0 \
|
0 \
|
||||||
-c "Maximum fragment length is $MAX_CONTENT_LEN" \
|
-c "Maximum input fragment length is $MAX_CONTENT_LEN" \
|
||||||
-s "Maximum fragment length is 4096" \
|
-c "Maximum output fragment length is $MAX_CONTENT_LEN" \
|
||||||
|
-s "Maximum input fragment length is $MAX_CONTENT_LEN" \
|
||||||
|
-s "Maximum output fragment length is 4096" \
|
||||||
-C "client hello, adding max_fragment_length extension" \
|
-C "client hello, adding max_fragment_length extension" \
|
||||||
-S "found max fragment length extension" \
|
-S "found max fragment length extension" \
|
||||||
-S "server hello, max_fragment_length extension" \
|
-S "server hello, max_fragment_length extension" \
|
||||||
|
@ -3014,7 +3196,8 @@ run_test "Max fragment length: gnutls server" \
|
||||||
"$G_SRV" \
|
"$G_SRV" \
|
||||||
"$P_CLI debug_level=3 max_frag_len=4096" \
|
"$P_CLI debug_level=3 max_frag_len=4096" \
|
||||||
0 \
|
0 \
|
||||||
-c "Maximum fragment length is 4096" \
|
-c "Maximum input fragment length is 4096" \
|
||||||
|
-c "Maximum output fragment length is 4096" \
|
||||||
-c "client hello, adding max_fragment_length extension" \
|
-c "client hello, adding max_fragment_length extension" \
|
||||||
-c "found max_fragment_length extension"
|
-c "found max_fragment_length extension"
|
||||||
|
|
||||||
|
@ -3023,8 +3206,10 @@ run_test "Max fragment length: client, message just fits" \
|
||||||
"$P_SRV debug_level=3" \
|
"$P_SRV debug_level=3" \
|
||||||
"$P_CLI debug_level=3 max_frag_len=2048 request_size=2048" \
|
"$P_CLI debug_level=3 max_frag_len=2048 request_size=2048" \
|
||||||
0 \
|
0 \
|
||||||
-c "Maximum fragment length is 2048" \
|
-c "Maximum input fragment length is 2048" \
|
||||||
-s "Maximum fragment length is 2048" \
|
-c "Maximum output fragment length is 2048" \
|
||||||
|
-s "Maximum input fragment length is 2048" \
|
||||||
|
-s "Maximum output fragment length is 2048" \
|
||||||
-c "client hello, adding max_fragment_length extension" \
|
-c "client hello, adding max_fragment_length extension" \
|
||||||
-s "found max fragment length extension" \
|
-s "found max fragment length extension" \
|
||||||
-s "server hello, max_fragment_length extension" \
|
-s "server hello, max_fragment_length extension" \
|
||||||
|
@ -3037,8 +3222,10 @@ run_test "Max fragment length: client, larger message" \
|
||||||
"$P_SRV debug_level=3" \
|
"$P_SRV debug_level=3" \
|
||||||
"$P_CLI debug_level=3 max_frag_len=2048 request_size=2345" \
|
"$P_CLI debug_level=3 max_frag_len=2048 request_size=2345" \
|
||||||
0 \
|
0 \
|
||||||
-c "Maximum fragment length is 2048" \
|
-c "Maximum input fragment length is 2048" \
|
||||||
-s "Maximum fragment length is 2048" \
|
-c "Maximum output fragment length is 2048" \
|
||||||
|
-s "Maximum input fragment length is 2048" \
|
||||||
|
-s "Maximum output fragment length is 2048" \
|
||||||
-c "client hello, adding max_fragment_length extension" \
|
-c "client hello, adding max_fragment_length extension" \
|
||||||
-s "found max fragment length extension" \
|
-s "found max fragment length extension" \
|
||||||
-s "server hello, max_fragment_length extension" \
|
-s "server hello, max_fragment_length extension" \
|
||||||
|
@ -3052,8 +3239,10 @@ run_test "Max fragment length: DTLS client, larger message" \
|
||||||
"$P_SRV debug_level=3 dtls=1" \
|
"$P_SRV debug_level=3 dtls=1" \
|
||||||
"$P_CLI debug_level=3 dtls=1 max_frag_len=2048 request_size=2345" \
|
"$P_CLI debug_level=3 dtls=1 max_frag_len=2048 request_size=2345" \
|
||||||
1 \
|
1 \
|
||||||
-c "Maximum fragment length is 2048" \
|
-c "Maximum input fragment length is 2048" \
|
||||||
-s "Maximum fragment length is 2048" \
|
-c "Maximum output fragment length is 2048" \
|
||||||
|
-s "Maximum input fragment length is 2048" \
|
||||||
|
-s "Maximum output fragment length is 2048" \
|
||||||
-c "client hello, adding max_fragment_length extension" \
|
-c "client hello, adding max_fragment_length extension" \
|
||||||
-s "found max fragment length extension" \
|
-s "found max fragment length extension" \
|
||||||
-s "server hello, max_fragment_length extension" \
|
-s "server hello, max_fragment_length extension" \
|
||||||
|
@ -3154,6 +3343,29 @@ run_test "Renegotiation: double" \
|
||||||
-s "=> renegotiate" \
|
-s "=> renegotiate" \
|
||||||
-s "write hello request"
|
-s "write hello request"
|
||||||
|
|
||||||
|
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
|
||||||
|
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
|
||||||
|
run_test "Renegotiation with max fragment length: client 2048, server 512" \
|
||||||
|
"$P_SRV debug_level=3 exchanges=2 renegotiation=1 auth_mode=optional renegotiate=1 max_frag_len=512" \
|
||||||
|
"$P_CLI debug_level=3 exchanges=2 renegotiation=1 renegotiate=1 max_frag_len=2048 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8" \
|
||||||
|
0 \
|
||||||
|
-c "Maximum input fragment length is 2048" \
|
||||||
|
-c "Maximum output fragment length is 2048" \
|
||||||
|
-s "Maximum input fragment length is 2048" \
|
||||||
|
-s "Maximum output fragment length is 512" \
|
||||||
|
-c "client hello, adding max_fragment_length extension" \
|
||||||
|
-s "found max fragment length extension" \
|
||||||
|
-s "server hello, max_fragment_length extension" \
|
||||||
|
-c "found max_fragment_length extension" \
|
||||||
|
-c "client hello, adding renegotiation extension" \
|
||||||
|
-s "received TLS_EMPTY_RENEGOTIATION_INFO" \
|
||||||
|
-s "found renegotiation extension" \
|
||||||
|
-s "server hello, secure renegotiation extension" \
|
||||||
|
-c "found renegotiation extension" \
|
||||||
|
-c "=> renegotiate" \
|
||||||
|
-s "=> renegotiate" \
|
||||||
|
-s "write hello request"
|
||||||
|
|
||||||
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
|
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
|
||||||
run_test "Renegotiation: client-initiated, server-rejected" \
|
run_test "Renegotiation: client-initiated, server-rejected" \
|
||||||
"$P_SRV debug_level=3 exchanges=2 renegotiation=0 auth_mode=optional" \
|
"$P_SRV debug_level=3 exchanges=2 renegotiation=0 auth_mode=optional" \
|
||||||
|
|
|
@ -379,40 +379,184 @@ DTLS serialization with MFL=4096
|
||||||
resize_buffers_serialize_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_4096
|
resize_buffers_serialize_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_4096
|
||||||
|
|
||||||
DTLS no legacy renegotiation with MFL=512
|
DTLS no legacy renegotiation with MFL=512
|
||||||
resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_512:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION
|
resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_512:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:""
|
||||||
|
|
||||||
DTLS no legacy renegotiation with MFL=1024
|
DTLS no legacy renegotiation with MFL=1024
|
||||||
resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_1024:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION
|
resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_1024:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:""
|
||||||
|
|
||||||
DTLS no legacy renegotiation with MFL=2048
|
DTLS no legacy renegotiation with MFL=2048
|
||||||
resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_2048:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION
|
resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_2048:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:""
|
||||||
|
|
||||||
DTLS no legacy renegotiation with MFL=4096
|
DTLS no legacy renegotiation with MFL=4096
|
||||||
resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_4096:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION
|
resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_4096:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:""
|
||||||
|
|
||||||
DTLS legacy allow renegotiation with MFL=512
|
DTLS legacy allow renegotiation with MFL=512
|
||||||
resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_512:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION
|
resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_512:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION:""
|
||||||
|
|
||||||
DTLS legacy allow renegotiation with MFL=1024
|
DTLS legacy allow renegotiation with MFL=1024
|
||||||
resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_1024:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION
|
resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_1024:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION:""
|
||||||
|
|
||||||
DTLS legacy allow renegotiation with MFL=2048
|
DTLS legacy allow renegotiation with MFL=2048
|
||||||
resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_2048:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION
|
resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_2048:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION:""
|
||||||
|
|
||||||
DTLS legacy allow renegotiation with MFL=4096
|
DTLS legacy allow renegotiation with MFL=4096
|
||||||
resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_4096:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION
|
resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_4096:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION:""
|
||||||
|
|
||||||
DTLS legacy break handshake renegotiation with MFL=512
|
DTLS legacy break handshake renegotiation with MFL=512
|
||||||
resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_512:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE
|
resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_512:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:""
|
||||||
|
|
||||||
DTLS legacy break handshake renegotiation with MFL=1024
|
DTLS legacy break handshake renegotiation with MFL=1024
|
||||||
resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_1024:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE
|
resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_1024:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:""
|
||||||
|
|
||||||
DTLS legacy break handshake renegotiation with MFL=2048
|
DTLS legacy break handshake renegotiation with MFL=2048
|
||||||
resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_2048:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE
|
resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_2048:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:""
|
||||||
|
|
||||||
DTLS legacy break handshake renegotiation with MFL=4096
|
DTLS legacy break handshake renegotiation with MFL=4096
|
||||||
resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_4096:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE
|
resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_4096:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:""
|
||||||
|
|
||||||
|
DTLS no legacy renegotiation with MFL=512, ECDHE-RSA-WITH-AES-256-GCM-SHA384
|
||||||
|
depends_on:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384:MBEDTLS_AES_C:MBEDTLS_GCM_C:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
|
||||||
|
resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_512:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384"
|
||||||
|
|
||||||
|
DTLS no legacy renegotiation with MFL=1024, ECDHE-RSA-WITH-AES-256-GCM-SHA384
|
||||||
|
depends_on:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384:MBEDTLS_AES_C:MBEDTLS_GCM_C:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
|
||||||
|
resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_1024:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384"
|
||||||
|
|
||||||
|
DTLS no legacy renegotiation with MFL=2048, ECDHE-RSA-WITH-AES-256-GCM-SHA384
|
||||||
|
depends_on:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384:MBEDTLS_AES_C:MBEDTLS_GCM_C:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
|
||||||
|
resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_2048:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384"
|
||||||
|
|
||||||
|
DTLS no legacy renegotiation with MFL=4096, ECDHE-RSA-WITH-AES-256-GCM-SHA384
|
||||||
|
depends_on:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384:MBEDTLS_AES_C:MBEDTLS_GCM_C:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
|
||||||
|
resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_4096:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384"
|
||||||
|
|
||||||
|
DTLS legacy allow renegotiation with MFL=512, ECDHE-RSA-WITH-AES-256-GCM-SHA384
|
||||||
|
depends_on:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384:MBEDTLS_AES_C:MBEDTLS_GCM_C:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
|
||||||
|
resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_512:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384"
|
||||||
|
|
||||||
|
DTLS legacy allow renegotiation with MFL=1024, ECDHE-RSA-WITH-AES-256-GCM-SHA384
|
||||||
|
depends_on:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384:MBEDTLS_AES_C:MBEDTLS_GCM_C:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
|
||||||
|
resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_1024:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384"
|
||||||
|
|
||||||
|
DTLS legacy allow renegotiation with MFL=2048, ECDHE-RSA-WITH-AES-256-GCM-SHA384
|
||||||
|
depends_on:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384:MBEDTLS_AES_C:MBEDTLS_GCM_C:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
|
||||||
|
resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_2048:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384"
|
||||||
|
|
||||||
|
DTLS legacy allow renegotiation with MFL=4096, ECDHE-RSA-WITH-AES-256-GCM-SHA384
|
||||||
|
depends_on:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384:MBEDTLS_AES_C:MBEDTLS_GCM_C:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
|
||||||
|
resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_4096:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384"
|
||||||
|
|
||||||
|
DTLS legacy break handshake renegotiation with MFL=512, ECDHE-RSA-WITH-AES-256-GCM-SHA384
|
||||||
|
depends_on:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384:MBEDTLS_AES_C:MBEDTLS_GCM_C:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
|
||||||
|
resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_512:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384"
|
||||||
|
|
||||||
|
DTLS legacy break handshake renegotiation with MFL=1024, ECDHE-RSA-WITH-AES-256-GCM-SHA384
|
||||||
|
depends_on:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384:MBEDTLS_AES_C:MBEDTLS_GCM_C:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
|
||||||
|
resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_1024:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384"
|
||||||
|
|
||||||
|
DTLS legacy break handshake renegotiation with MFL=2048, ECDHE-RSA-WITH-AES-256-GCM-SHA384
|
||||||
|
depends_on:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384:MBEDTLS_AES_C:MBEDTLS_GCM_C:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
|
||||||
|
resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_2048:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384"
|
||||||
|
|
||||||
|
DTLS legacy break handshake renegotiation with MFL=4096, ECDHE-RSA-WITH-AES-256-GCM-SHA384
|
||||||
|
depends_on:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384:MBEDTLS_AES_C:MBEDTLS_GCM_C:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
|
||||||
|
resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_4096:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384"
|
||||||
|
|
||||||
|
DTLS no legacy renegotiation with MFL=512, RSA-WITH-AES-128-CCM
|
||||||
|
depends_on:MBEDTLS_CCM_C:MBEDTLS_AES_C
|
||||||
|
resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_512:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:"TLS-RSA-WITH-AES-128-CCM"
|
||||||
|
|
||||||
|
DTLS no legacy renegotiation with MFL=1024, RSA-WITH-AES-128-CCM
|
||||||
|
depends_on:MBEDTLS_CCM_C:MBEDTLS_AES_C
|
||||||
|
resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_1024:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:"TLS-RSA-WITH-AES-128-CCM"
|
||||||
|
|
||||||
|
DTLS no legacy renegotiation with MFL=2048, RSA-WITH-AES-128-CCM
|
||||||
|
depends_on:MBEDTLS_CCM_C:MBEDTLS_AES_C
|
||||||
|
resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_2048:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:"TLS-RSA-WITH-AES-128-CCM"
|
||||||
|
|
||||||
|
DTLS no legacy renegotiation with MFL=4096, RSA-WITH-AES-128-CCM
|
||||||
|
depends_on:MBEDTLS_CCM_C:MBEDTLS_AES_C
|
||||||
|
resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_4096:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:"TLS-RSA-WITH-AES-128-CCM"
|
||||||
|
|
||||||
|
DTLS legacy allow renegotiation with MFL=512, RSA-WITH-AES-128-CCM
|
||||||
|
depends_on:MBEDTLS_CCM_C:MBEDTLS_AES_C
|
||||||
|
resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_512:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION:"TLS-RSA-WITH-AES-128-CCM"
|
||||||
|
|
||||||
|
DTLS legacy allow renegotiation with MFL=1024, RSA-WITH-AES-128-CCM
|
||||||
|
depends_on:MBEDTLS_CCM_C:MBEDTLS_AES_C
|
||||||
|
resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_1024:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION:"TLS-RSA-WITH-AES-128-CCM"
|
||||||
|
|
||||||
|
DTLS legacy allow renegotiation with MFL=2048, RSA-WITH-AES-128-CCM
|
||||||
|
depends_on:MBEDTLS_CCM_C:MBEDTLS_AES_C
|
||||||
|
resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_2048:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION:"TLS-RSA-WITH-AES-128-CCM"
|
||||||
|
|
||||||
|
DTLS legacy allow renegotiation with MFL=4096, RSA-WITH-AES-128-CCM
|
||||||
|
depends_on:MBEDTLS_CCM_C:MBEDTLS_AES_C
|
||||||
|
resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_4096:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION:"TLS-RSA-WITH-AES-128-CCM"
|
||||||
|
|
||||||
|
DTLS legacy break handshake renegotiation with MFL=512, RSA-WITH-AES-128-CCM
|
||||||
|
depends_on:MBEDTLS_CCM_C:MBEDTLS_AES_C
|
||||||
|
resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_512:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"TLS-RSA-WITH-AES-128-CCM"
|
||||||
|
|
||||||
|
DTLS legacy break handshake renegotiation with MFL=1024, RSA-WITH-AES-128-CCM
|
||||||
|
depends_on:MBEDTLS_CCM_C:MBEDTLS_AES_C
|
||||||
|
resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_1024:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"TLS-RSA-WITH-AES-128-CCM"
|
||||||
|
|
||||||
|
DTLS legacy break handshake renegotiation with MFL=2048, RSA-WITH-AES-128-CCM
|
||||||
|
depends_on:MBEDTLS_CCM_C:MBEDTLS_AES_C
|
||||||
|
resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_2048:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"TLS-RSA-WITH-AES-128-CCM"
|
||||||
|
|
||||||
|
DTLS legacy break handshake renegotiation with MFL=4096, RSA-WITH-AES-128-CCM
|
||||||
|
depends_on:MBEDTLS_CCM_C:MBEDTLS_AES_C
|
||||||
|
resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_4096:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"TLS-RSA-WITH-AES-128-CCM"
|
||||||
|
|
||||||
|
DTLS no legacy renegotiation with MFL=512, DHE-RSA-WITH-AES-256-CBC-SHA256
|
||||||
|
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SHA256_C
|
||||||
|
resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_512:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:"TLS-DHE-RSA-WITH-AES-256-CBC-SHA256"
|
||||||
|
|
||||||
|
DTLS no legacy renegotiation with MFL=1024, DHE-RSA-WITH-AES-256-CBC-SHA256
|
||||||
|
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SHA256_C
|
||||||
|
resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_1024:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:"TLS-DHE-RSA-WITH-AES-256-CBC-SHA256"
|
||||||
|
|
||||||
|
DTLS no legacy renegotiation with MFL=2048, DHE-RSA-WITH-AES-256-CBC-SHA256
|
||||||
|
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SHA256_C
|
||||||
|
resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_2048:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:"TLS-DHE-RSA-WITH-AES-256-CBC-SHA256"
|
||||||
|
|
||||||
|
DTLS no legacy renegotiation with MFL=4096, DHE-RSA-WITH-AES-256-CBC-SHA256
|
||||||
|
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SHA256_C
|
||||||
|
resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_4096:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:"TLS-DHE-RSA-WITH-AES-256-CBC-SHA256"
|
||||||
|
|
||||||
|
DTLS legacy allow renegotiation with MFL=512, DHE-RSA-WITH-AES-256-CBC-SHA256
|
||||||
|
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SHA256_C
|
||||||
|
resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_512:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION:"TLS-DHE-RSA-WITH-AES-256-CBC-SHA256"
|
||||||
|
|
||||||
|
DTLS legacy allow renegotiation with MFL=1024, DHE-RSA-WITH-AES-256-CBC-SHA256
|
||||||
|
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SHA256_C
|
||||||
|
resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_1024:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION:"TLS-DHE-RSA-WITH-AES-256-CBC-SHA256"
|
||||||
|
|
||||||
|
DTLS legacy allow renegotiation with MFL=2048, DHE-RSA-WITH-AES-256-CBC-SHA256
|
||||||
|
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SHA256_C
|
||||||
|
resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_2048:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION:"TLS-DHE-RSA-WITH-AES-256-CBC-SHA256"
|
||||||
|
|
||||||
|
DTLS legacy allow renegotiation with MFL=4096, DHE-RSA-WITH-AES-256-CBC-SHA256
|
||||||
|
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SHA256_C
|
||||||
|
resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_4096:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION:"TLS-DHE-RSA-WITH-AES-256-CBC-SHA256"
|
||||||
|
|
||||||
|
DTLS legacy break handshake renegotiation with MFL=512, DHE-RSA-WITH-AES-256-CBC-SHA256
|
||||||
|
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SHA256_C
|
||||||
|
resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_512:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"TLS-DHE-RSA-WITH-AES-256-CBC-SHA256"
|
||||||
|
|
||||||
|
DTLS legacy break handshake renegotiation with MFL=1024, DHE-RSA-WITH-AES-256-CBC-SHA256
|
||||||
|
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SHA256_C
|
||||||
|
resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_1024:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"TLS-DHE-RSA-WITH-AES-256-CBC-SHA256"
|
||||||
|
|
||||||
|
DTLS legacy break handshake renegotiation with MFL=2048, DHE-RSA-WITH-AES-256-CBC-SHA256
|
||||||
|
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SHA256_C
|
||||||
|
resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_2048:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"TLS-DHE-RSA-WITH-AES-256-CBC-SHA256"
|
||||||
|
|
||||||
|
DTLS legacy break handshake renegotiation with MFL=4096, DHE-RSA-WITH-AES-256-CBC-SHA256
|
||||||
|
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SHA256_C
|
||||||
|
resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_4096:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"TLS-DHE-RSA-WITH-AES-256-CBC-SHA256"
|
||||||
|
|
||||||
SSL DTLS replay: initial state, seqnum 0
|
SSL DTLS replay: initial state, seqnum 0
|
||||||
ssl_dtls_replay:"":"000000000000":0
|
ssl_dtls_replay:"":"000000000000":0
|
||||||
|
|
|
@ -3900,12 +3900,13 @@ void renegotiation( int legacy_renegotiation )
|
||||||
|
|
||||||
/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED */
|
/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED */
|
||||||
void resize_buffers( int mfl, int renegotiation, int legacy_renegotiation,
|
void resize_buffers( int mfl, int renegotiation, int legacy_renegotiation,
|
||||||
int serialize, int dtls )
|
int serialize, int dtls, char *cipher )
|
||||||
{
|
{
|
||||||
handshake_test_options options;
|
handshake_test_options options;
|
||||||
init_handshake_options( &options );
|
init_handshake_options( &options );
|
||||||
|
|
||||||
options.mfl = mfl;
|
options.mfl = mfl;
|
||||||
|
options.cipher = cipher;
|
||||||
options.renegotiate = renegotiation;
|
options.renegotiate = renegotiation;
|
||||||
options.legacy_renegotiation = legacy_renegotiation;
|
options.legacy_renegotiation = legacy_renegotiation;
|
||||||
options.serialize = serialize;
|
options.serialize = serialize;
|
||||||
|
@ -3921,7 +3922,8 @@ void resize_buffers( int mfl, int renegotiation, int legacy_renegotiation,
|
||||||
/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH:MBEDTLS_SSL_CONTEXT_SERIALIZATION:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS */
|
/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH:MBEDTLS_SSL_CONTEXT_SERIALIZATION:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS */
|
||||||
void resize_buffers_serialize_mfl( int mfl )
|
void resize_buffers_serialize_mfl( int mfl )
|
||||||
{
|
{
|
||||||
test_resize_buffers( mfl, 0, MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION, 1, 1 );
|
test_resize_buffers( mfl, 0, MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION, 1, 1,
|
||||||
|
(char *) "" );
|
||||||
|
|
||||||
/* The goto below is used to avoid an "unused label" warning.*/
|
/* The goto below is used to avoid an "unused label" warning.*/
|
||||||
goto exit;
|
goto exit;
|
||||||
|
@ -3929,9 +3931,10 @@ void resize_buffers_serialize_mfl( int mfl )
|
||||||
/* END_CASE */
|
/* END_CASE */
|
||||||
|
|
||||||
/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH:MBEDTLS_SSL_RENEGOTIATION:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED */
|
/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH:MBEDTLS_SSL_RENEGOTIATION:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED */
|
||||||
void resize_buffers_renegotiate_mfl( int mfl, int legacy_renegotiation )
|
void resize_buffers_renegotiate_mfl( int mfl, int legacy_renegotiation,
|
||||||
|
char *cipher )
|
||||||
{
|
{
|
||||||
test_resize_buffers( mfl, 1, legacy_renegotiation, 0, 1 );
|
test_resize_buffers( mfl, 1, legacy_renegotiation, 0, 1, cipher );
|
||||||
|
|
||||||
/* The goto below is used to avoid an "unused label" warning.*/
|
/* The goto below is used to avoid an "unused label" warning.*/
|
||||||
goto exit;
|
goto exit;
|
||||||
|
|
Loading…
Reference in a new issue