Sideport the variable IO buffer size feature to baremetal
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh
index 7ae1425..a8747c2 100755
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@@ -1276,6 +1276,75 @@
if_build_succeeded tests/ssl-opt.sh -f "Max fragment length\|Large buffer"
}
+component_test_variable_ssl_in_out_buffer_len () {
+ msg "build: MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH enabled (ASan build)"
+ scripts/config.pl set MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH
+ CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
+ make
+
+ msg "test: MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH enabled"
+ make test
+
+ msg "test: ssl-opt.sh, MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH enabled"
+ if_build_succeeded tests/ssl-opt.sh
+
+ msg "test: compat.sh, MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH enabled"
+ if_build_succeeded tests/compat.sh
+}
+
+component_test_variable_ssl_in_out_buffer_len_CID () {
+ msg "build: MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH and MBEDTLS_SSL_DTLS_CONNECTION_ID enabled (ASan build)"
+ scripts/config.pl set MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH
+ scripts/config.pl set MBEDTLS_SSL_DTLS_CONNECTION_ID
+
+ CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
+ make
+
+ msg "test: MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH and MBEDTLS_SSL_DTLS_CONNECTION_ID"
+ make test
+
+ msg "test: ssl-opt.sh, MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH and MBEDTLS_SSL_DTLS_CONNECTION_ID enabled"
+ if_build_succeeded tests/ssl-opt.sh
+
+ msg "test: compat.sh, MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH and MBEDTLS_SSL_DTLS_CONNECTION_ID enabled"
+ if_build_succeeded tests/compat.sh
+}
+
+component_test_variable_ssl_in_out_buffer_len_record_splitting () {
+ msg "build: MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH and MBEDTLS_SSL_CBC_RECORD_SPLITTING enabled (ASan build)"
+ scripts/config.pl set MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH
+ scripts/config.pl set MBEDTLS_SSL_CBC_RECORD_SPLITTING
+
+ CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
+ make
+
+ msg "test: MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH and MBEDTLS_SSL_CBC_RECORD_SPLITTING"
+ make test
+
+ msg "test: ssl-opt.sh, MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH and MBEDTLS_SSL_CBC_RECORD_SPLITTING enabled"
+ if_build_succeeded tests/ssl-opt.sh
+
+ msg "test: compat.sh, MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH and MBEDTLS_SSL_CBC_RECORD_SPLITTING enabled"
+ if_build_succeeded tests/compat.sh
+}
+
+component_test_ssl_alloc_buffer_and_mfl () {
+ msg "build: default config with memory buffer allocator and MFL extension"
+ scripts/config.pl set MBEDTLS_MEMORY_BUFFER_ALLOC_C
+ scripts/config.pl set MBEDTLS_PLATFORM_MEMORY
+ scripts/config.pl set MBEDTLS_MEMORY_DEBUG
+ scripts/config.pl set MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
+ scripts/config.pl set MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH
+ CC=gcc cmake .
+ make
+
+ msg "test: MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH, MBEDTLS_MEMORY_BUFFER_ALLOC_C, MBEDTLS_MEMORY_DEBUG and MBEDTLS_SSL_MAX_FRAGMENT_LENGTH"
+ make test
+
+ msg "test: MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH, MBEDTLS_MEMORY_BUFFER_ALLOC_C, MBEDTLS_MEMORY_DEBUG and MBEDTLS_SSL_MAX_FRAGMENT_LENGTH"
+ if_build_succeeded tests/ssl-opt.sh -f "Handshake memory usage"
+}
+
component_test_when_no_ciphersuites_have_mac () {
msg "build: when no ciphersuites have MAC"
scripts/config.pl unset MBEDTLS_CIPHER_NULL_CIPHER
diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index b211310..81ea9e1 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -153,7 +153,7 @@
}
requires_ciphersuite_enabled() {
- if [ -z "$($P_CLI --help | grep "$1")" ]; then
+ if [ -z "$($P_CLI --help 2>/dev/null | grep $1)" ]; then
SKIP_NEXT="YES"
fi
}
@@ -510,6 +510,45 @@
fi
}
+# Get handshake memory usage from server or client output and put it into the variable specified by the first argument
+handshake_memory_get() {
+ OUTPUT_VARIABLE="$1"
+ OUTPUT_FILE="$2"
+
+ # Get memory usage from a pattern like "Heap memory usage after handshake: 23112 bytes. Peak memory usage was 33112"
+ MEM_USAGE=$(sed -n 's/.*Heap memory usage after handshake: //p' < "$OUTPUT_FILE" | grep -o "[0-9]*" | head -1)
+
+ # Check if memory usage was read
+ if [ -z "$MEM_USAGE" ]; then
+ echo "Error: Can not read the value of handshake memory usage"
+ return 1
+ else
+ eval "$OUTPUT_VARIABLE=$MEM_USAGE"
+ return 0
+ fi
+}
+
+# Get handshake memory usage from server or client output and check if this value
+# is not higher than the maximum given by the first argument
+handshake_memory_check() {
+ MAX_MEMORY="$1"
+ OUTPUT_FILE="$2"
+
+ # Get memory usage
+ if ! handshake_memory_get "MEMORY_USAGE" "$OUTPUT_FILE"; then
+ return 1
+ fi
+
+ # Check if memory usage is below max value
+ if [ "$MEMORY_USAGE" -gt "$MAX_MEMORY" ]; then
+ echo "\nFailed: Handshake memory usage was $MEMORY_USAGE bytes," \
+ "but should be below $MAX_MEMORY bytes"
+ return 1
+ else
+ return 0
+ fi
+}
+
# wait for client to terminate and set CLI_EXIT
# must be called right after starting the client
wait_client_done() {
@@ -999,6 +1038,58 @@
rm -f $SRV_OUT $CLI_OUT $PXY_OUT
}
+# Test that the server's memory usage after a handshake is reduced when a client specifies
+# a maximum fragment length.
+# first argument ($1) is MFL for SSL client
+# second argument ($2) is memory usage for SSL client with default MFL (16k)
+run_test_memory_after_hanshake_with_mfl()
+{
+ # The test passes if the difference is around 2*(16k-MFL)
+ local MEMORY_USAGE_LIMIT="$(( $2 - ( 2 * ( 16384 - $1 )) ))"
+
+ # Leave some margin for robustness
+ MEMORY_USAGE_LIMIT="$(( ( MEMORY_USAGE_LIMIT * 110 ) / 100 ))"
+
+ run_test "Handshake memory usage (MFL $1)" \
+ "$P_SRV debug_level=3 auth_mode=required force_version=tls1_2" \
+ "$P_CLI debug_level=3 force_version=tls1_2 \
+ crt_file=data_files/server5.crt key_file=data_files/server5.key \
+ force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CCM max_frag_len=$1" \
+ 0 \
+ -F "handshake_memory_check $MEMORY_USAGE_LIMIT"
+}
+
+
+# Test that the server's memory usage after a handshake is reduced when a client specifies
+# different values of Maximum Fragment Length: default (16k), 4k, 2k, 1k and 512 bytes
+run_tests_memory_after_hanshake()
+{
+ # all tests in this sequence requires the same configuration (see requires_config_enabled())
+ SKIP_THIS_TESTS="$SKIP_NEXT"
+
+ # first test with default MFU is to get reference memory usage
+ MEMORY_USAGE_MFL_16K=0
+ run_test "Handshake memory usage initial (MFL 16384 - default)" \
+ "$P_SRV debug_level=3 auth_mode=required force_version=tls1_2" \
+ "$P_CLI debug_level=3 force_version=tls1_2 \
+ crt_file=data_files/server5.crt key_file=data_files/server5.key \
+ force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CCM" \
+ 0 \
+ -F "handshake_memory_get MEMORY_USAGE_MFL_16K"
+
+ SKIP_NEXT="$SKIP_THIS_TESTS"
+ run_test_memory_after_hanshake_with_mfl 4096 "$MEMORY_USAGE_MFL_16K"
+
+ SKIP_NEXT="$SKIP_THIS_TESTS"
+ run_test_memory_after_hanshake_with_mfl 2048 "$MEMORY_USAGE_MFL_16K"
+
+ SKIP_NEXT="$SKIP_THIS_TESTS"
+ run_test_memory_after_hanshake_with_mfl 1024 "$MEMORY_USAGE_MFL_16K"
+
+ SKIP_NEXT="$SKIP_THIS_TESTS"
+ run_test_memory_after_hanshake_with_mfl 512 "$MEMORY_USAGE_MFL_16K"
+}
+
cleanup() {
rm -f $CLI_OUT $SRV_OUT $PXY_OUT $SESSION
test -n "${SRV_PID:-}" && kill $SRV_PID >/dev/null 2>&1
@@ -2176,6 +2267,32 @@
-c "ignoring unexpected CID" \
-s "ignoring unexpected CID"
+requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID
+requires_config_enabled MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH
+run_test "Connection ID: Cli+Srv enabled, variable buffer lengths, MFL=512" \
+ "$P_SRV dtls=1 cid=1 cid_val=dead debug_level=2" \
+ "$P_CLI force_ciphersuite="TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8" max_frag_len=512 dtls=1 cid=1 cid_val=beef" \
+ 0 \
+ -c "(initial handshake) Peer CID (length 2 Bytes): de ad" \
+ -s "(initial handshake) Peer CID (length 2 Bytes): be ef" \
+ -s "(initial handshake) Use of Connection ID has been negotiated" \
+ -c "(initial handshake) Use of Connection ID has been negotiated" \
+ -s "Reallocating in_buf" \
+ -s "Reallocating out_buf"
+
+requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID
+requires_config_enabled MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH
+run_test "Connection ID: Cli+Srv enabled, variable buffer lengths, MFL=1024" \
+ "$P_SRV dtls=1 cid=1 cid_val=dead debug_level=2" \
+ "$P_CLI force_ciphersuite="TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8" max_frag_len=1024 dtls=1 cid=1 cid_val=beef" \
+ 0 \
+ -c "(initial handshake) Peer CID (length 2 Bytes): de ad" \
+ -s "(initial handshake) Peer CID (length 2 Bytes): be ef" \
+ -s "(initial handshake) Use of Connection ID has been negotiated" \
+ -c "(initial handshake) Use of Connection ID has been negotiated" \
+ -s "Reallocating in_buf" \
+ -s "Reallocating out_buf"
+
# Tests for Encrypt-then-MAC extension
run_test "Encrypt then MAC: default" \
@@ -3047,14 +3164,15 @@
if [ $MAX_CONTENT_LEN -ne 16384 ]; then
printf "Using non-default maximum content length $MAX_CONTENT_LEN\n"
fi
-
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
run_test "Max fragment length: enabled, default" \
"$P_SRV debug_level=3" \
"$P_CLI debug_level=3" \
0 \
- -c "Maximum fragment length is $MAX_CONTENT_LEN" \
- -s "Maximum fragment length is $MAX_CONTENT_LEN" \
+ -c "Maximum input fragment length is $MAX_CONTENT_LEN" \
+ -c "Maximum output fragment length is $MAX_CONTENT_LEN" \
+ -s "Maximum input fragment length is $MAX_CONTENT_LEN" \
+ -s "Maximum output fragment length is $MAX_CONTENT_LEN" \
-C "client hello, adding max_fragment_length extension" \
-S "found max fragment length extension" \
-S "server hello, max_fragment_length extension" \
@@ -3065,8 +3183,10 @@
"$P_SRV debug_level=3" \
"$P_CLI debug_level=3 request_size=$(( $MAX_CONTENT_LEN + 1))" \
0 \
- -c "Maximum fragment length is $MAX_CONTENT_LEN" \
- -s "Maximum fragment length is $MAX_CONTENT_LEN" \
+ -c "Maximum input fragment length is $MAX_CONTENT_LEN" \
+ -c "Maximum output fragment length is $MAX_CONTENT_LEN" \
+ -s "Maximum input fragment length is $MAX_CONTENT_LEN" \
+ -s "Maximum output fragment length is $MAX_CONTENT_LEN" \
-C "client hello, adding max_fragment_length extension" \
-S "found max fragment length extension" \
-S "server hello, max_fragment_length extension" \
@@ -3076,13 +3196,14 @@
-s "1 bytes read"
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
-requires_config_value_at_least "MBEDTLS_SSL_MAX_CONTENT_LEN" 4096
run_test "Max fragment length, DTLS: enabled, default, larger message" \
"$P_SRV debug_level=3 dtls=1" \
"$P_CLI debug_level=3 dtls=1 request_size=$(( $MAX_CONTENT_LEN + 1))" \
1 \
- -c "Maximum fragment length is $MAX_CONTENT_LEN" \
- -s "Maximum fragment length is $MAX_CONTENT_LEN" \
+ -c "Maximum input fragment length is $MAX_CONTENT_LEN" \
+ -c "Maximum output fragment length is $MAX_CONTENT_LEN" \
+ -s "Maximum input fragment length is $MAX_CONTENT_LEN" \
+ -s "Maximum output fragment length is $MAX_CONTENT_LEN" \
-C "client hello, adding max_fragment_length extension" \
-S "found max fragment length extension" \
-S "server hello, max_fragment_length extension" \
@@ -3094,72 +3215,245 @@
# content length configuration.)
requires_config_disabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
-requires_config_value_at_least "MBEDTLS_SSL_MAX_CONTENT_LEN" 16384
run_test "Max fragment length: disabled, larger message" \
"$P_SRV debug_level=3" \
"$P_CLI debug_level=3 request_size=$(( $MAX_CONTENT_LEN + 1))" \
0 \
- -C "Maximum fragment length is 16384" \
- -S "Maximum fragment length is 16384" \
+ -C "Maximum input fragment length is 16384" \
+ -C "Maximum output fragment length is 16384" \
+ -S "Maximum input fragment length is 16384" \
+ -S "Maximum output fragment length is 16384" \
-c "$(( $MAX_CONTENT_LEN + 1)) bytes written in 2 fragments" \
-s "$MAX_CONTENT_LEN bytes read" \
-s "1 bytes read"
requires_config_disabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
-requires_config_value_at_least "MBEDTLS_SSL_MAX_CONTENT_LEN" 16384
run_test "Max fragment length DTLS: disabled, larger message" \
"$P_SRV debug_level=3 dtls=1" \
"$P_CLI debug_level=3 dtls=1 request_size=$(( $MAX_CONTENT_LEN + 1))" \
1 \
- -C "Maximum fragment length is 16384" \
- -S "Maximum fragment length is 16384" \
+ -C "Maximum input fragment length is 16384" \
+ -C "Maximum output fragment length is 16384" \
+ -S "Maximum input fragment length is 16384" \
+ -S "Maximum output fragment length is 16384" \
-c "fragment larger than.*maximum "
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
-requires_config_value_at_least "MBEDTLS_SSL_MAX_CONTENT_LEN" 4096
run_test "Max fragment length: used by client" \
"$P_SRV debug_level=3" \
"$P_CLI debug_level=3 max_frag_len=4096" \
0 \
- -c "Maximum fragment length is 4096" \
- -s "Maximum fragment length is 4096" \
+ -c "Maximum input fragment length is 4096" \
+ -c "Maximum output fragment length is 4096" \
+ -s "Maximum input fragment length is 4096" \
+ -s "Maximum output fragment length is 4096" \
-c "client hello, adding max_fragment_length extension" \
-s "found max fragment length extension" \
-s "server hello, max_fragment_length extension" \
-c "found max_fragment_length extension"
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
-requires_config_value_at_least "MBEDTLS_SSL_MAX_CONTENT_LEN" 4096
+run_test "Max fragment length: client 512, server 1024" \
+ "$P_SRV debug_level=3 max_frag_len=1024" \
+ "$P_CLI debug_level=3 max_frag_len=512" \
+ 0 \
+ -c "Maximum input fragment length is 512" \
+ -c "Maximum output fragment length is 512" \
+ -s "Maximum input fragment length is 512" \
+ -s "Maximum output fragment length is 512" \
+ -c "client hello, adding max_fragment_length extension" \
+ -s "found max fragment length extension" \
+ -s "server hello, max_fragment_length extension" \
+ -c "found max_fragment_length extension"
+
+requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
+run_test "Max fragment length: client 512, server 2048" \
+ "$P_SRV debug_level=3 max_frag_len=2048" \
+ "$P_CLI debug_level=3 max_frag_len=512" \
+ 0 \
+ -c "Maximum input fragment length is 512" \
+ -c "Maximum output fragment length is 512" \
+ -s "Maximum input fragment length is 512" \
+ -s "Maximum output fragment length is 512" \
+ -c "client hello, adding max_fragment_length extension" \
+ -s "found max fragment length extension" \
+ -s "server hello, max_fragment_length extension" \
+ -c "found max_fragment_length extension"
+
+requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
+run_test "Max fragment length: client 512, server 4096" \
+ "$P_SRV debug_level=3 max_frag_len=4096" \
+ "$P_CLI debug_level=3 max_frag_len=512" \
+ 0 \
+ -c "Maximum input fragment length is 512" \
+ -c "Maximum output fragment length is 512" \
+ -s "Maximum input fragment length is 512" \
+ -s "Maximum output fragment length is 512" \
+ -c "client hello, adding max_fragment_length extension" \
+ -s "found max fragment length extension" \
+ -s "server hello, max_fragment_length extension" \
+ -c "found max_fragment_length extension"
+
+requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
+run_test "Max fragment length: client 1024, server 512" \
+ "$P_SRV debug_level=3 max_frag_len=512" \
+ "$P_CLI debug_level=3 max_frag_len=1024" \
+ 0 \
+ -c "Maximum input fragment length is 1024" \
+ -c "Maximum output fragment length is 1024" \
+ -s "Maximum input fragment length is 1024" \
+ -s "Maximum output fragment length is 512" \
+ -c "client hello, adding max_fragment_length extension" \
+ -s "found max fragment length extension" \
+ -s "server hello, max_fragment_length extension" \
+ -c "found max_fragment_length extension"
+
+requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
+run_test "Max fragment length: client 1024, server 2048" \
+ "$P_SRV debug_level=3 max_frag_len=2048" \
+ "$P_CLI debug_level=3 max_frag_len=1024" \
+ 0 \
+ -c "Maximum input fragment length is 1024" \
+ -c "Maximum output fragment length is 1024" \
+ -s "Maximum input fragment length is 1024" \
+ -s "Maximum output fragment length is 1024" \
+ -c "client hello, adding max_fragment_length extension" \
+ -s "found max fragment length extension" \
+ -s "server hello, max_fragment_length extension" \
+ -c "found max_fragment_length extension"
+
+requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
+run_test "Max fragment length: client 1024, server 4096" \
+ "$P_SRV debug_level=3 max_frag_len=4096" \
+ "$P_CLI debug_level=3 max_frag_len=1024" \
+ 0 \
+ -c "Maximum input fragment length is 1024" \
+ -c "Maximum output fragment length is 1024" \
+ -s "Maximum input fragment length is 1024" \
+ -s "Maximum output fragment length is 1024" \
+ -c "client hello, adding max_fragment_length extension" \
+ -s "found max fragment length extension" \
+ -s "server hello, max_fragment_length extension" \
+ -c "found max_fragment_length extension"
+
+requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
+run_test "Max fragment length: client 2048, server 512" \
+ "$P_SRV debug_level=3 max_frag_len=512" \
+ "$P_CLI debug_level=3 max_frag_len=2048" \
+ 0 \
+ -c "Maximum input fragment length is 2048" \
+ -c "Maximum output fragment length is 2048" \
+ -s "Maximum input fragment length is 2048" \
+ -s "Maximum output fragment length is 512" \
+ -c "client hello, adding max_fragment_length extension" \
+ -s "found max fragment length extension" \
+ -s "server hello, max_fragment_length extension" \
+ -c "found max_fragment_length extension"
+
+requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
+run_test "Max fragment length: client 2048, server 1024" \
+ "$P_SRV debug_level=3 max_frag_len=1024" \
+ "$P_CLI debug_level=3 max_frag_len=2048" \
+ 0 \
+ -c "Maximum input fragment length is 2048" \
+ -c "Maximum output fragment length is 2048" \
+ -s "Maximum input fragment length is 2048" \
+ -s "Maximum output fragment length is 1024" \
+ -c "client hello, adding max_fragment_length extension" \
+ -s "found max fragment length extension" \
+ -s "server hello, max_fragment_length extension" \
+ -c "found max_fragment_length extension"
+
+requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
+run_test "Max fragment length: client 2048, server 4096" \
+ "$P_SRV debug_level=3 max_frag_len=4096" \
+ "$P_CLI debug_level=3 max_frag_len=2048" \
+ 0 \
+ -c "Maximum input fragment length is 2048" \
+ -c "Maximum output fragment length is 2048" \
+ -s "Maximum input fragment length is 2048" \
+ -s "Maximum output fragment length is 2048" \
+ -c "client hello, adding max_fragment_length extension" \
+ -s "found max fragment length extension" \
+ -s "server hello, max_fragment_length extension" \
+ -c "found max_fragment_length extension"
+
+requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
+run_test "Max fragment length: client 4096, server 512" \
+ "$P_SRV debug_level=3 max_frag_len=512" \
+ "$P_CLI debug_level=3 max_frag_len=4096" \
+ 0 \
+ -c "Maximum input fragment length is 4096" \
+ -c "Maximum output fragment length is 4096" \
+ -s "Maximum input fragment length is 4096" \
+ -s "Maximum output fragment length is 512" \
+ -c "client hello, adding max_fragment_length extension" \
+ -s "found max fragment length extension" \
+ -s "server hello, max_fragment_length extension" \
+ -c "found max_fragment_length extension"
+
+requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
+run_test "Max fragment length: client 4096, server 1024" \
+ "$P_SRV debug_level=3 max_frag_len=1024" \
+ "$P_CLI debug_level=3 max_frag_len=4096" \
+ 0 \
+ -c "Maximum input fragment length is 4096" \
+ -c "Maximum output fragment length is 4096" \
+ -s "Maximum input fragment length is 4096" \
+ -s "Maximum output fragment length is 1024" \
+ -c "client hello, adding max_fragment_length extension" \
+ -s "found max fragment length extension" \
+ -s "server hello, max_fragment_length extension" \
+ -c "found max_fragment_length extension"
+
+requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
+run_test "Max fragment length: client 4096, server 2048" \
+ "$P_SRV debug_level=3 max_frag_len=2048" \
+ "$P_CLI debug_level=3 max_frag_len=4096" \
+ 0 \
+ -c "Maximum input fragment length is 4096" \
+ -c "Maximum output fragment length is 4096" \
+ -s "Maximum input fragment length is 4096" \
+ -s "Maximum output fragment length is 2048" \
+ -c "client hello, adding max_fragment_length extension" \
+ -s "found max fragment length extension" \
+ -s "server hello, max_fragment_length extension" \
+ -c "found max_fragment_length extension"
+
+requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
run_test "Max fragment length: used by server" \
"$P_SRV debug_level=3 max_frag_len=4096" \
"$P_CLI debug_level=3" \
0 \
- -c "Maximum fragment length is $MAX_CONTENT_LEN" \
- -s "Maximum fragment length is 4096" \
+ -c "Maximum input fragment length is $MAX_CONTENT_LEN" \
+ -c "Maximum output fragment length is $MAX_CONTENT_LEN" \
+ -s "Maximum input fragment length is $MAX_CONTENT_LEN" \
+ -s "Maximum output fragment length is 4096" \
-C "client hello, adding max_fragment_length extension" \
-S "found max fragment length extension" \
-S "server hello, max_fragment_length extension" \
-C "found max_fragment_length extension"
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
-requires_config_value_at_least "MBEDTLS_SSL_MAX_CONTENT_LEN" 4096
requires_gnutls
run_test "Max fragment length: gnutls server" \
"$G_SRV" \
- "$P_CLI debug_level=3 max_frag_len=4096 ca_file=data_files/test-ca2.crt" \
+ "$P_CLI debug_level=3 max_frag_len=4096" \
0 \
- -c "Maximum fragment length is 4096" \
+ -c "Maximum input fragment length is 4096" \
+ -c "Maximum output fragment length is 4096" \
-c "client hello, adding max_fragment_length extension" \
-c "found max_fragment_length extension"
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
-requires_config_value_at_least "MBEDTLS_SSL_MAX_CONTENT_LEN" 2048
run_test "Max fragment length: client, message just fits" \
"$P_SRV debug_level=3" \
"$P_CLI debug_level=3 max_frag_len=2048 request_size=2048" \
0 \
- -c "Maximum fragment length is 2048" \
- -s "Maximum fragment length is 2048" \
+ -c "Maximum input fragment length is 2048" \
+ -c "Maximum output fragment length is 2048" \
+ -s "Maximum input fragment length is 2048" \
+ -s "Maximum output fragment length is 2048" \
-c "client hello, adding max_fragment_length extension" \
-s "found max fragment length extension" \
-s "server hello, max_fragment_length extension" \
@@ -3168,13 +3462,14 @@
-s "2048 bytes read"
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
-requires_config_value_at_least "MBEDTLS_SSL_MAX_CONTENT_LEN" 2048
run_test "Max fragment length: client, larger message" \
"$P_SRV debug_level=3" \
"$P_CLI debug_level=3 max_frag_len=2048 request_size=2345" \
0 \
- -c "Maximum fragment length is 2048" \
- -s "Maximum fragment length is 2048" \
+ -c "Maximum input fragment length is 2048" \
+ -c "Maximum output fragment length is 2048" \
+ -s "Maximum input fragment length is 2048" \
+ -s "Maximum output fragment length is 2048" \
-c "client hello, adding max_fragment_length extension" \
-s "found max fragment length extension" \
-s "server hello, max_fragment_length extension" \
@@ -3184,13 +3479,14 @@
-s "297 bytes read"
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
-requires_config_value_at_least "MBEDTLS_SSL_MAX_CONTENT_LEN" 2048
run_test "Max fragment length: DTLS client, larger message" \
"$P_SRV debug_level=3 dtls=1" \
"$P_CLI debug_level=3 dtls=1 max_frag_len=2048 request_size=2345" \
1 \
- -c "Maximum fragment length is 2048" \
- -s "Maximum fragment length is 2048" \
+ -c "Maximum input fragment length is 2048" \
+ -c "Maximum output fragment length is 2048" \
+ -s "Maximum input fragment length is 2048" \
+ -s "Maximum output fragment length is 2048" \
-c "client hello, adding max_fragment_length extension" \
-s "found max fragment length extension" \
-s "server hello, max_fragment_length extension" \
@@ -3292,6 +3588,29 @@
-s "write hello request"
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
+requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
+run_test "Renegotiation with max fragment length: client 2048, server 512" \
+ "$P_SRV debug_level=3 exchanges=2 renegotiation=1 auth_mode=optional renegotiate=1 max_frag_len=512" \
+ "$P_CLI debug_level=3 exchanges=2 renegotiation=1 renegotiate=1 max_frag_len=2048 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8" \
+ 0 \
+ -c "Maximum input fragment length is 2048" \
+ -c "Maximum output fragment length is 2048" \
+ -s "Maximum input fragment length is 2048" \
+ -s "Maximum output fragment length is 512" \
+ -c "client hello, adding max_fragment_length extension" \
+ -s "found max fragment length extension" \
+ -s "server hello, max_fragment_length extension" \
+ -c "found max_fragment_length extension" \
+ -c "client hello, adding renegotiation extension" \
+ -s "received TLS_EMPTY_RENEGOTIATION_INFO" \
+ -s "found renegotiation extension" \
+ -s "server hello, secure renegotiation extension" \
+ -c "found renegotiation extension" \
+ -c "=> renegotiate" \
+ -s "=> renegotiate" \
+ -s "write hello request"
+
+requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
run_test "Renegotiation: client-initiated, server-rejected" \
"$P_SRV debug_level=3 exchanges=2 renegotiation=0 auth_mode=optional" \
"$P_CLI debug_level=3 exchanges=2 renegotiation=1 renegotiate=1" \
@@ -8774,6 +9093,12 @@
-s "Extra-header:" \
-c "Extra-header:"
+# Test heap memory usage after handshake
+requires_config_enabled MBEDTLS_MEMORY_DEBUG
+requires_config_enabled MBEDTLS_MEMORY_BUFFER_ALLOC_C
+requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
+run_tests_memory_after_hanshake
+
# Final report
echo "------------------------------------------------------------------------"