diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 6c08b51b1..338678e99 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -296,6 +296,12 @@ requires_openssl_with_fallback_scsv() { fi } +# skip next test if either IN_CONTENT_LEN or MAX_CONTENT_LEN are below a value +requires_max_content_len() { + requires_config_value_at_least "MBEDTLS_SSL_IN_CONTENT_LEN" $1 + requires_config_value_at_least "MBEDTLS_SSL_OUT_CONTENT_LEN" $1 +} + # skip next test if GnuTLS isn't available requires_gnutls() { if [ -z "${GNUTLS_AVAILABLE:-}" ]; then @@ -3152,10 +3158,6 @@ run_test "Session resume using cache, DTLS: openssl server" \ # Tests for Max Fragment Length extension -if [ $MAX_CONTENT_LEN -ne 16384 ]; then - echo "Using non-default maximum content length $MAX_CONTENT_LEN instead of 16384 " -fi - requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH run_test "Max fragment length: enabled, default" \ "$P_SRV debug_level=3" \ @@ -3230,9 +3232,7 @@ run_test "Max fragment length, DTLS: disabled, larger message" \ -S "Maximum output fragment length is 16384" \ -c "fragment larger than.*maximum " -# Make sure it was compiled with lengths over 4096 -requires_config_value_at_least "MBEDTLS_SSL_IN_CONTENT_LEN" 4096 -requires_config_value_at_least "MBEDTLS_SSL_OUT_CONTENT_LEN" 4096 +requires_max_content_len 4096 requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH run_test "Max fragment length: used by client" \ "$P_SRV debug_level=3" \ @@ -3247,8 +3247,7 @@ run_test "Max fragment length: used by client" \ -s "server hello, max_fragment_length extension" \ -c "found max_fragment_length extension" -requires_config_value_at_least "MBEDTLS_SSL_IN_CONTENT_LEN" 1024 -requires_config_value_at_least "MBEDTLS_SSL_OUT_CONTENT_LEN" 1024 +requires_max_content_len 1024 requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH run_test "Max fragment length: client 512, server 1024" \ "$P_SRV debug_level=3 max_frag_len=1024" \ @@ -3263,8 +3262,7 @@ run_test "Max fragment length: client 512, server 1024" \ -s "server hello, max_fragment_length extension" \ -c "found max_fragment_length extension" -requires_config_value_at_least "MBEDTLS_SSL_IN_CONTENT_LEN" 2048 -requires_config_value_at_least "MBEDTLS_SSL_OUT_CONTENT_LEN" 2048 +requires_max_content_len 2048 requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH run_test "Max fragment length: client 512, server 2048" \ "$P_SRV debug_level=3 max_frag_len=2048" \ @@ -3279,8 +3277,7 @@ run_test "Max fragment length: client 512, server 2048" \ -s "server hello, max_fragment_length extension" \ -c "found max_fragment_length extension" -requires_config_value_at_least "MBEDTLS_SSL_IN_CONTENT_LEN" 4096 -requires_config_value_at_least "MBEDTLS_SSL_OUT_CONTENT_LEN" 4096 +requires_max_content_len 4096 requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH run_test "Max fragment length: client 512, server 4096" \ "$P_SRV debug_level=3 max_frag_len=4096" \ @@ -3295,8 +3292,7 @@ run_test "Max fragment length: client 512, server 4096" \ -s "server hello, max_fragment_length extension" \ -c "found max_fragment_length extension" -requires_config_value_at_least "MBEDTLS_SSL_IN_CONTENT_LEN" 1024 -requires_config_value_at_least "MBEDTLS_SSL_OUT_CONTENT_LEN" 1024 +requires_max_content_len 1024 requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH run_test "Max fragment length: client 1024, server 512" \ "$P_SRV debug_level=3 max_frag_len=512" \ @@ -3311,8 +3307,7 @@ run_test "Max fragment length: client 1024, server 512" \ -s "server hello, max_fragment_length extension" \ -c "found max_fragment_length extension" -requires_config_value_at_least "MBEDTLS_SSL_IN_CONTENT_LEN" 2048 -requires_config_value_at_least "MBEDTLS_SSL_OUT_CONTENT_LEN" 2048 +requires_max_content_len 2048 requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH run_test "Max fragment length: client 1024, server 2048" \ "$P_SRV debug_level=3 max_frag_len=2048" \ @@ -3327,8 +3322,7 @@ run_test "Max fragment length: client 1024, server 2048" \ -s "server hello, max_fragment_length extension" \ -c "found max_fragment_length extension" -requires_config_value_at_least "MBEDTLS_SSL_IN_CONTENT_LEN" 4096 -requires_config_value_at_least "MBEDTLS_SSL_OUT_CONTENT_LEN" 4096 +requires_max_content_len 4096 requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH run_test "Max fragment length: client 1024, server 4096" \ "$P_SRV debug_level=3 max_frag_len=4096" \ @@ -3343,8 +3337,7 @@ run_test "Max fragment length: client 1024, server 4096" \ -s "server hello, max_fragment_length extension" \ -c "found max_fragment_length extension" -requires_config_value_at_least "MBEDTLS_SSL_IN_CONTENT_LEN" 2048 -requires_config_value_at_least "MBEDTLS_SSL_OUT_CONTENT_LEN" 2048 +requires_max_content_len 2048 requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH run_test "Max fragment length: client 2048, server 512" \ "$P_SRV debug_level=3 max_frag_len=512" \ @@ -3359,8 +3352,7 @@ run_test "Max fragment length: client 2048, server 512" \ -s "server hello, max_fragment_length extension" \ -c "found max_fragment_length extension" -requires_config_value_at_least "MBEDTLS_SSL_IN_CONTENT_LEN" 2048 -requires_config_value_at_least "MBEDTLS_SSL_OUT_CONTENT_LEN" 2048 +requires_max_content_len 2048 requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH run_test "Max fragment length: client 2048, server 1024" \ "$P_SRV debug_level=3 max_frag_len=1024" \ @@ -3375,8 +3367,7 @@ run_test "Max fragment length: client 2048, server 1024" \ -s "server hello, max_fragment_length extension" \ -c "found max_fragment_length extension" -requires_config_value_at_least "MBEDTLS_SSL_IN_CONTENT_LEN" 4096 -requires_config_value_at_least "MBEDTLS_SSL_OUT_CONTENT_LEN" 4096 +requires_max_content_len 4096 requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH run_test "Max fragment length: client 2048, server 4096" \ "$P_SRV debug_level=3 max_frag_len=4096" \ @@ -3391,8 +3382,7 @@ run_test "Max fragment length: client 2048, server 4096" \ -s "server hello, max_fragment_length extension" \ -c "found max_fragment_length extension" -requires_config_value_at_least "MBEDTLS_SSL_IN_CONTENT_LEN" 4096 -requires_config_value_at_least "MBEDTLS_SSL_OUT_CONTENT_LEN" 4096 +requires_max_content_len 4096 requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH run_test "Max fragment length: client 4096, server 512" \ "$P_SRV debug_level=3 max_frag_len=512" \ @@ -3407,8 +3397,7 @@ run_test "Max fragment length: client 4096, server 512" \ -s "server hello, max_fragment_length extension" \ -c "found max_fragment_length extension" -requires_config_value_at_least "MBEDTLS_SSL_IN_CONTENT_LEN" 4096 -requires_config_value_at_least "MBEDTLS_SSL_OUT_CONTENT_LEN" 4096 +requires_max_content_len 4096 requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH run_test "Max fragment length: client 4096, server 1024" \ "$P_SRV debug_level=3 max_frag_len=1024" \ @@ -3423,8 +3412,7 @@ run_test "Max fragment length: client 4096, server 1024" \ -s "server hello, max_fragment_length extension" \ -c "found max_fragment_length extension" -requires_config_value_at_least "MBEDTLS_SSL_IN_CONTENT_LEN" 4096 -requires_config_value_at_least "MBEDTLS_SSL_OUT_CONTENT_LEN" 4096 +requires_max_content_len 4096 requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH run_test "Max fragment length: client 4096, server 2048" \ "$P_SRV debug_level=3 max_frag_len=2048" \ @@ -3439,8 +3427,7 @@ run_test "Max fragment length: client 4096, server 2048" \ -s "server hello, max_fragment_length extension" \ -c "found max_fragment_length extension" -requires_config_value_at_least "MBEDTLS_SSL_IN_CONTENT_LEN" 4096 -requires_config_value_at_least "MBEDTLS_SSL_OUT_CONTENT_LEN" 4096 +requires_max_content_len 4096 requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH run_test "Max fragment length: used by server" \ "$P_SRV debug_level=3 max_frag_len=4096" \ @@ -3455,8 +3442,7 @@ run_test "Max fragment length: used by server" \ -S "server hello, max_fragment_length extension" \ -C "found max_fragment_length extension" -requires_config_value_at_least "MBEDTLS_SSL_IN_CONTENT_LEN" 4096 -requires_config_value_at_least "MBEDTLS_SSL_OUT_CONTENT_LEN" 4096 +requires_max_content_len 4096 requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH requires_gnutls run_test "Max fragment length: gnutls server" \ @@ -3468,8 +3454,7 @@ run_test "Max fragment length: gnutls server" \ -c "client hello, adding max_fragment_length extension" \ -c "found max_fragment_length extension" -requires_config_value_at_least "MBEDTLS_SSL_IN_CONTENT_LEN" 2048 -requires_config_value_at_least "MBEDTLS_SSL_OUT_CONTENT_LEN" 2048 +requires_max_content_len 2048 requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH run_test "Max fragment length: client, message just fits" \ "$P_SRV debug_level=3" \ @@ -3486,8 +3471,7 @@ run_test "Max fragment length: client, message just fits" \ -c "2048 bytes written in 1 fragments" \ -s "2048 bytes read" -requires_config_value_at_least "MBEDTLS_SSL_IN_CONTENT_LEN" 2048 -requires_config_value_at_least "MBEDTLS_SSL_OUT_CONTENT_LEN" 2048 +requires_max_content_len 2048 requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH run_test "Max fragment length: client, larger message" \ "$P_SRV debug_level=3" \ @@ -3505,8 +3489,7 @@ run_test "Max fragment length: client, larger message" \ -s "2048 bytes read" \ -s "297 bytes read" -requires_config_value_at_least "MBEDTLS_SSL_IN_CONTENT_LEN" 2048 -requires_config_value_at_least "MBEDTLS_SSL_OUT_CONTENT_LEN" 2048 +requires_max_content_len 2048 requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH run_test "Max fragment length: DTLS client, larger message" \ "$P_SRV debug_level=3 dtls=1" \ @@ -3618,6 +3601,7 @@ run_test "Renegotiation: double" \ requires_config_enabled MBEDTLS_SSL_RENEGOTIATION requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH +requires_max_content_len 2048 run_test "Renegotiation with max fragment length: client 2048, server 512" \ "$P_SRV debug_level=3 exchanges=2 renegotiation=1 auth_mode=optional renegotiate=1 max_frag_len=512" \ "$P_CLI debug_level=3 exchanges=2 renegotiation=1 renegotiate=1 max_frag_len=2048 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8" \