diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 043988f25..3192e2a82 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -1188,6 +1188,11 @@ struct mbedtls_ssl_session { unsigned char MBEDTLS_PRIVATE(mfl_code); /*!< MaxFragmentLength negotiated by peer */ #endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */ +/*!< RecordSizeLimit received from the peer */ +#if defined(MBEDTLS_SSL_RECORD_SIZE_LIMIT) + uint16_t MBEDTLS_PRIVATE(record_size_limit); +#endif /* MBEDTLS_SSL_RECORD_SIZE_LIMIT */ + unsigned char MBEDTLS_PRIVATE(exported); /** TLS version negotiated in the session. Used if and when renegotiating diff --git a/library/ssl_misc.h b/library/ssl_misc.h index b9801a06c..a8afd429c 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -439,6 +439,19 @@ size_t mbedtls_ssl_get_output_max_frag_len(const mbedtls_ssl_context *ssl); size_t mbedtls_ssl_get_input_max_frag_len(const mbedtls_ssl_context *ssl); #endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */ +#if defined(MBEDTLS_SSL_RECORD_SIZE_LIMIT) +/** + * \brief Get the size limit in bytes for the protected outgoing records + * as defined in RFC 8449 + * + * \param ssl SSL context + * + * \return The size limit in bytes for the protected outgoing + * records as defined in RFC 8449. + */ +size_t mbedtls_ssl_get_output_record_size_limit(const mbedtls_ssl_context *ssl); +#endif /* MBEDTLS_SSL_RECORD_SIZE_LIMIT */ + #if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH) static inline size_t mbedtls_ssl_get_output_buflen(const mbedtls_ssl_context *ctx) { diff --git a/library/ssl_tls.c b/library/ssl_tls.c index e1fb1283e..f92e40ac7 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -2455,6 +2455,7 @@ mbedtls_ssl_mode_t mbedtls_ssl_get_mode_from_ciphersuite( * uint8 ticket_flags; * opaque resumption_key<0..255>; * uint32 max_early_data_size; + * uint16 record_size_limit; * select ( endpoint ) { * case client: ClientOnlyData; * case server: uint64 ticket_creation_time; @@ -2490,6 +2491,9 @@ static int ssl_tls13_session_save(const mbedtls_ssl_session *session, #if defined(MBEDTLS_SSL_EARLY_DATA) needed += 4; /* max_early_data_size */ #endif +#if defined(MBEDTLS_SSL_RECORD_SIZE_LIMIT) + needed += 2; /* record_size_limit */ +#endif /* MBEDTLS_SSL_RECORD_SIZE_LIMIT */ #if defined(MBEDTLS_HAVE_TIME) needed += 8; /* ticket_creation_time or ticket_reception_time */ @@ -2534,6 +2538,10 @@ static int ssl_tls13_session_save(const mbedtls_ssl_session *session, MBEDTLS_PUT_UINT32_BE(session->max_early_data_size, p, 0); p += 4; #endif +#if defined(MBEDTLS_SSL_RECORD_SIZE_LIMIT) + MBEDTLS_PUT_UINT16_BE(session->record_size_limit, p, 0); + p += 2; +#endif /* MBEDTLS_SSL_RECORD_SIZE_LIMIT */ #if defined(MBEDTLS_HAVE_TIME) && defined(MBEDTLS_SSL_SRV_C) if (session->endpoint == MBEDTLS_SSL_IS_SERVER) { @@ -2610,6 +2618,13 @@ static int ssl_tls13_session_load(mbedtls_ssl_session *session, session->max_early_data_size = MBEDTLS_GET_UINT32_BE(p, 0); p += 4; #endif +#if defined(MBEDTLS_SSL_RECORD_SIZE_LIMIT) + if (end - p < 2) { + return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; + } + session->record_size_limit = MBEDTLS_GET_UINT16_BE(p, 0); + p += 2; +#endif /* MBEDTLS_SSL_RECORD_SIZE_LIMIT */ #if defined(MBEDTLS_HAVE_TIME) && defined(MBEDTLS_SSL_SRV_C) if (session->endpoint == MBEDTLS_SSL_IS_SERVER) { @@ -3372,6 +3387,31 @@ const char *mbedtls_ssl_get_version(const mbedtls_ssl_context *ssl) } } +#if defined(MBEDTLS_SSL_RECORD_SIZE_LIMIT) + +size_t mbedtls_ssl_get_output_record_size_limit(const mbedtls_ssl_context *ssl) +{ + const size_t max_len = MBEDTLS_SSL_OUT_CONTENT_LEN; + size_t record_size_limit = max_len; + + if (ssl->session != NULL && + ssl->session->record_size_limit >= MBEDTLS_SSL_RECORD_SIZE_LIMIT_MIN && + ssl->session->record_size_limit < max_len) { + record_size_limit = ssl->session->record_size_limit; + } + + // TODO: this is currently untested + /* During a handshake, use the value being negotiated */ + if (ssl->session_negotiate != NULL && + ssl->session_negotiate->record_size_limit >= MBEDTLS_SSL_RECORD_SIZE_LIMIT_MIN && + ssl->session_negotiate->record_size_limit < max_len) { + record_size_limit = ssl->session_negotiate->record_size_limit; + } + + return record_size_limit; +} +#endif /* MBEDTLS_SSL_RECORD_SIZE_LIMIT */ + #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) size_t mbedtls_ssl_get_input_max_frag_len(const mbedtls_ssl_context *ssl) { @@ -3458,6 +3498,7 @@ int mbedtls_ssl_get_max_out_record_payload(const mbedtls_ssl_context *ssl) size_t max_len = MBEDTLS_SSL_OUT_CONTENT_LEN; #if !defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) && \ + !defined(MBEDTLS_SSL_RECORD_SIZE_LIMIT) && \ !defined(MBEDTLS_SSL_PROTO_DTLS) (void) ssl; #endif @@ -3470,6 +3511,30 @@ int mbedtls_ssl_get_max_out_record_payload(const mbedtls_ssl_context *ssl) } #endif +#if defined(MBEDTLS_SSL_RECORD_SIZE_LIMIT) + const size_t record_size_limit = mbedtls_ssl_get_output_record_size_limit(ssl); + + if (max_len > record_size_limit) { + max_len = record_size_limit; + } +#endif + + if (ssl->transform_out != NULL && + ssl->transform_out->tls_version == MBEDTLS_SSL_VERSION_TLS1_3) { + /* RFC 8449, section 4: + * + * This value [record_size_limit] is the length of the plaintext + * of a protected record. + * The value includes the content type and padding added in TLS 1.3 + * (that is, the complete length of TLSInnerPlaintext). + * + * Thus, round down to a multiple of MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY + * and subtract 1 (for the content type that will be added later) + */ + max_len = ((max_len / MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY) * + MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY) - 1; + } + #if defined(MBEDTLS_SSL_PROTO_DTLS) if (mbedtls_ssl_get_current_mtu(ssl) != 0) { const size_t mtu = mbedtls_ssl_get_current_mtu(ssl); @@ -3492,7 +3557,8 @@ int mbedtls_ssl_get_max_out_record_payload(const mbedtls_ssl_context *ssl) #endif /* MBEDTLS_SSL_PROTO_DTLS */ #if !defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) && \ - !defined(MBEDTLS_SSL_PROTO_DTLS) + !defined(MBEDTLS_SSL_PROTO_DTLS) && \ + !defined(MBEDTLS_SSL_RECORD_SIZE_LIMIT) ((void) ssl); #endif diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index ae1136431..342ec5242 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -2113,12 +2113,11 @@ static int ssl_tls13_parse_encrypted_extensions(mbedtls_ssl_context *ssl, ret = mbedtls_ssl_tls13_parse_record_size_limit_ext( ssl, p, p + extension_data_len); - - /* TODO: Return unconditionally here until we handle the record - * size limit correctly. Once handled correctly, only return in - * case of errors. */ - return ret; - + if (ret != 0) { + MBEDTLS_SSL_DEBUG_RET( + 1, ("mbedtls_ssl_tls13_parse_record_size_limit_ext"), ret); + return ret; + } break; #endif /* MBEDTLS_SSL_RECORD_SIZE_LIMIT */ @@ -2132,6 +2131,17 @@ static int ssl_tls13_parse_encrypted_extensions(mbedtls_ssl_context *ssl, p += extension_data_len; } + if ((handshake->received_extensions & MBEDTLS_SSL_EXT_MASK(RECORD_SIZE_LIMIT)) && + (handshake->received_extensions & MBEDTLS_SSL_EXT_MASK(MAX_FRAGMENT_LENGTH))) { + MBEDTLS_SSL_DEBUG_MSG(3, + ( + "Record size limit extension cannot be used with max fragment length extension")); + MBEDTLS_SSL_PEND_FATAL_ALERT( + MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER, + MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER); + return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER; + } + MBEDTLS_SSL_PRINT_EXTS(3, MBEDTLS_SSL_HS_ENCRYPTED_EXTENSIONS, handshake->received_extensions); diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c index fe2a2eba7..ecfaf8a1a 100644 --- a/library/ssl_tls13_generic.c +++ b/library/ssl_tls13_generic.c @@ -1731,7 +1731,7 @@ int mbedtls_ssl_tls13_parse_record_size_limit_ext(mbedtls_ssl_context *ssl, MBEDTLS_SSL_DEBUG_MSG(2, ("RecordSizeLimit: %u Bytes", record_size_limit)); - /* RFC 8449, section 4 + /* RFC 8449, section 4: * * Endpoints MUST NOT send a "record_size_limit" extension with a value * smaller than 64. An endpoint MUST treat receipt of a smaller value @@ -1744,14 +1744,11 @@ int mbedtls_ssl_tls13_parse_record_size_limit_ext(mbedtls_ssl_context *ssl, return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER; } - MBEDTLS_SSL_DEBUG_MSG( - 2, ("record_size_limit extension is still in development. Aborting handshake.")); + ssl->session_negotiate->record_size_limit = record_size_limit; - MBEDTLS_SSL_PEND_FATAL_ALERT( - MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_EXT, - MBEDTLS_ERR_SSL_UNSUPPORTED_EXTENSION); - return MBEDTLS_ERR_SSL_UNSUPPORTED_EXTENSION; + return 0; } + #endif /* MBEDTLS_SSL_RECORD_SIZE_LIMIT */ #endif /* MBEDTLS_SSL_TLS_C && MBEDTLS_SSL_PROTO_TLS1_3 */ diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index fe7a674d6..a7c266b52 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -1699,14 +1699,11 @@ static int ssl_tls13_parse_client_hello(mbedtls_ssl_context *ssl, ret = mbedtls_ssl_tls13_parse_record_size_limit_ext( ssl, p, extension_data_end); - - /* - * TODO: Return unconditionally here until we handle the record - * size limit correctly. - * Once handled correctly, only return in case of errors. - */ - return ret; - + if (ret != 0) { + MBEDTLS_SSL_DEBUG_RET( + 1, ("mbedtls_ssl_tls13_parse_record_size_limit_ext"), ret); + return ret; + } break; #endif /* MBEDTLS_SSL_RECORD_SIZE_LIMIT */ diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index e6ebd8e1d..598d38cac 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -3521,7 +3521,7 @@ handshake: mbedtls_printf(" [ Record expansion is unknown ]\n"); } -#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) +#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) || defined(MBEDTLS_SSL_RECORD_SIZE_LIMIT) mbedtls_printf(" [ Maximum incoming record payload length is %u ]\n", (unsigned int) mbedtls_ssl_get_max_in_record_payload(&ssl)); mbedtls_printf(" [ Maximum outgoing record payload length is %u ]\n", diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 8f899c060..2e1258db5 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -5815,11 +5815,8 @@ component_test_tls13_only_record_size_limit () { msg "test_suite_ssl: TLS 1.3 only, record size limit extension enabled" cd tests; ./test_suite_ssl; cd .. - msg "ssl-opt.sh: (TLS 1.3 only, record size limit extension tests only)" - # Both the server and the client will currently abort the handshake when they encounter the - # record size limit extension. There is no way to prevent gnutls-cli from sending the extension - # which makes all G_NEXT_CLI + P_SRV tests fail. Thus, run only the tests for the this extension. - tests/ssl-opt.sh -f "Record Size Limit" + msg "ssl-opt.sh: (TLS 1.3 only, record size limit extension enabled)" + tests/ssl-opt.sh } component_build_mingw () { diff --git a/tests/src/test_helpers/ssl_helpers.c b/tests/src/test_helpers/ssl_helpers.c index d02d30539..3d8937da6 100644 --- a/tests/src/test_helpers/ssl_helpers.c +++ b/tests/src/test_helpers/ssl_helpers.c @@ -1776,6 +1776,10 @@ int mbedtls_test_ssl_tls13_populate_session(mbedtls_ssl_session *session, } #endif /* MBEDTLS_SSL_CLI_C */ +#if defined(MBEDTLS_SSL_RECORD_SIZE_LIMIT) + session->record_size_limit = 2048; +#endif + return 0; } #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 4762285b0..92b3e171c 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -4481,7 +4481,7 @@ run_test "Session resume using cache, DTLS: openssl server" \ requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Max fragment length: enabled, default" \ - "$P_SRV debug_level=3" \ + "$P_SRV debug_level=3 force_version=tls12" \ "$P_CLI debug_level=3" \ 0 \ -c "Maximum incoming record payload length is $MAX_CONTENT_LEN" \ @@ -4496,7 +4496,7 @@ run_test "Max fragment length: enabled, default" \ requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Max fragment length: enabled, default, larger message" \ - "$P_SRV debug_level=3" \ + "$P_SRV debug_level=3 force_version=tls12" \ "$P_CLI debug_level=3 request_size=$(( $MAX_CONTENT_LEN + 1))" \ 0 \ -c "Maximum incoming record payload length is $MAX_CONTENT_LEN" \ @@ -4534,7 +4534,7 @@ run_test "Max fragment length, DTLS: enabled, default, larger message" \ requires_config_disabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Max fragment length: disabled, larger message" \ - "$P_SRV debug_level=3" \ + "$P_SRV debug_level=3 force_version=tls12" \ "$P_CLI debug_level=3 request_size=$(( $MAX_CONTENT_LEN + 1))" \ 0 \ -C "Maximum incoming record payload length is 16384" \ @@ -4548,7 +4548,7 @@ run_test "Max fragment length: disabled, larger message" \ requires_config_disabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Max fragment length, DTLS: disabled, larger message" \ - "$P_SRV debug_level=3 dtls=1" \ + "$P_SRV debug_level=3 dtls=1 force_version=tls12" \ "$P_CLI debug_level=3 dtls=1 request_size=$(( $MAX_CONTENT_LEN + 1))" \ 1 \ -C "Maximum incoming record payload length is 16384" \ @@ -4837,34 +4837,177 @@ run_test "Max fragment length: DTLS client, larger message" \ requires_gnutls_tls1_3 requires_gnutls_record_size_limit requires_config_enabled MBEDTLS_SSL_RECORD_SIZE_LIMIT -run_test "Record Size Limit: TLS 1.3: Server-side parsing, debug output and fatal alert" \ +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +run_test "Record Size Limit: TLS 1.3: Server-side parsing and debug output" \ "$P_SRV debug_level=3 force_version=tls13" \ "$G_NEXT_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 -V -d 4" \ - 1 \ - -c "Preparing extension (Record Size Limit/28) for 'client hello'" \ - -c "Sending extension Record Size Limit/28 (2 bytes)" \ - -s "ClientHello: record_size_limit(28) extension received."\ - -s "found record_size_limit extension" \ + 0 \ -s "RecordSizeLimit: 16385 Bytes" \ - -c "Received alert \[110]: An unsupported extension was sent" + -s "ClientHello: record_size_limit(28) extension exists." \ + -s "Maximum outgoing record payload length is 16383" \ + -s "bytes written in 1 fragments" requires_gnutls_tls1_3 requires_gnutls_record_size_limit requires_gnutls_next_disable_tls13_compat requires_config_enabled MBEDTLS_SSL_RECORD_SIZE_LIMIT -run_test "Record Size Limit: TLS 1.3: Client-side parsing, debug output and fatal alert" \ +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +run_test "Record Size Limit: TLS 1.3: Client-side parsing and debug output" \ "$G_NEXT_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%DISABLE_TLS13_COMPAT_MODE --disable-client-cert -d 4" \ "$P_CLI debug_level=4 force_version=tls13" \ 0 \ -s "Preparing extension (Record Size Limit/28) for 'encrypted extensions'" # The P_CLI can not yet send the Record Size Limit extension. Thus, the G_NEXT_SRV does not send # a response in its EncryptedExtensions record. -# -s "Parsing extension 'Record Size Limit/28 (2 bytes)" \ -# -s "Sending extension Record Size Limit/28 (2 bytes)" \ -# -c "EncryptedExtensions: record_size_limit(28) extension received."\ -# -c "found record_size_limit extension" \ -# -c "RecordSizeLimit: 16385 Bytes" \ -# -s "Received alert \[110]: An unsupported extension was sent" +# -c "RecordSizeLimit: 16385 Bytes" + +# In the following (9) tests, --recordsize is the value used by the G_NEXT_CLI (3.7.2) to configure the +# maximum record size using "https://gnutls.org/reference/gnutls-gnutls.html#gnutls-record-set-max-size". +# There is currently a lower limit of 512, caused by this function not respecting the +# "%ALLOW_SMALL_RECORDS" priority string and not using the more recent function +# https://gnutls.org/reference/gnutls-gnutls.html#gnutls-record-set-max-recv-size. +# There is currently an upper limit of 4096, caused by the cli arg parser: +# https://gitlab.com/gnutls/gnutls/-/blob/3.7.2/src/cli-args.def#L395. +# Thus, these tests are currently limit to that value range. +# Moreover, the value sent in the extension is expected to be larger by one compared +# to the value passed on the cli: +# https://gitlab.com/gnutls/gnutls/-/blob/3.7.2/lib/ext/record_size_limit.c#L142 + +# Currently test certificates being used do not fit in 513 record size limit +# so for 513 record size limit tests we use preshared key to avoid sending +# the certificate. + +requires_gnutls_tls1_3 +requires_gnutls_record_size_limit +requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_RECORD_SIZE_LIMIT +requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED +run_test "Record Size Limit: TLS 1.3: Server complies with record size limit (513), 1 fragment" \ + "$P_SRV debug_level=3 force_version=tls13 tls13_kex_modes=psk \ + psk_list=Client_identity,6162636465666768696a6b6c6d6e6f70 \ + response_size=256" \ + "$G_NEXT_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+PSK --recordsize 512 \ + --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70" \ + 0 \ + -s "RecordSizeLimit: 513 Bytes" \ + -s "Maximum outgoing record payload length is 511" \ + -s "256 bytes written in 1 fragments" + +requires_gnutls_tls1_3 +requires_gnutls_record_size_limit +requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_RECORD_SIZE_LIMIT +requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED +run_test "Record Size Limit: TLS 1.3: Server complies with record size limit (513), 2 fragments" \ + "$P_SRV debug_level=3 force_version=tls13 tls13_kex_modes=psk \ + psk_list=Client_identity,6162636465666768696a6b6c6d6e6f70 \ + response_size=768" \ + "$G_NEXT_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+PSK --recordsize 512 \ + --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70" \ + 0 \ + -s "RecordSizeLimit: 513 Bytes" \ + -s "Maximum outgoing record payload length is 511" \ + -s "768 bytes written in 2 fragments" + +requires_gnutls_tls1_3 +requires_gnutls_record_size_limit +requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_RECORD_SIZE_LIMIT +requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED +run_test "Record Size Limit: TLS 1.3: Server complies with record size limit (513), 3 fragments" \ + "$P_SRV debug_level=3 force_version=tls13 tls13_kex_modes=psk \ + psk_list=Client_identity,6162636465666768696a6b6c6d6e6f70 \ + response_size=1280" \ + "$G_NEXT_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+PSK --recordsize 512 \ + --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70" \ + 0 \ + -s "RecordSizeLimit: 513 Bytes" \ + -s "Maximum outgoing record payload length is 511" \ + -s "1280 bytes written in 3 fragments" + +requires_gnutls_tls1_3 +requires_gnutls_record_size_limit +requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_RECORD_SIZE_LIMIT +requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +run_test "Record Size Limit: TLS 1.3: Server complies with record size limit (1024), 1 fragment" \ + "$P_SRV debug_level=3 force_version=tls13 response_size=512" \ + "$G_NEXT_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 -V -d 4 --recordsize 1023" \ + 0 \ + -s "RecordSizeLimit: 1024 Bytes" \ + -s "ClientHello: record_size_limit(28) extension exists." \ + -s "Maximum outgoing record payload length is 1023" \ + -s "512 bytes written in 1 fragments" + +requires_gnutls_tls1_3 +requires_gnutls_record_size_limit +requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_RECORD_SIZE_LIMIT +requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +run_test "Record Size Limit: TLS 1.3: Server complies with record size limit (1024), 2 fragments" \ + "$P_SRV debug_level=3 force_version=tls13 response_size=1536" \ + "$G_NEXT_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 -V -d 4 --recordsize 1023" \ + 0 \ + -s "RecordSizeLimit: 1024 Bytes" \ + -s "ClientHello: record_size_limit(28) extension exists." \ + -s "Maximum outgoing record payload length is 1023" \ + -s "1536 bytes written in 2 fragments" + +requires_gnutls_tls1_3 +requires_gnutls_record_size_limit +requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_RECORD_SIZE_LIMIT +requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +run_test "Record Size Limit: TLS 1.3: Server complies with record size limit (1024), 3 fragments" \ + "$P_SRV debug_level=3 force_version=tls13 response_size=2560" \ + "$G_NEXT_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 -V -d 4 --recordsize 1023" \ + 0 \ + -s "RecordSizeLimit: 1024 Bytes" \ + -s "ClientHello: record_size_limit(28) extension exists." \ + -s "Maximum outgoing record payload length is 1023" \ + -s "2560 bytes written in 3 fragments" + +requires_gnutls_tls1_3 +requires_gnutls_record_size_limit +requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_RECORD_SIZE_LIMIT +requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +run_test "Record Size Limit: TLS 1.3: Server complies with record size limit (4096), 1 fragment" \ + "$P_SRV debug_level=3 force_version=tls13 response_size=2048" \ + "$G_NEXT_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 -V -d 4 --recordsize 4095" \ + 0 \ + -s "RecordSizeLimit: 4096 Bytes" \ + -s "ClientHello: record_size_limit(28) extension exists." \ + -s "Maximum outgoing record payload length is 4095" \ + -s "2048 bytes written in 1 fragments" + +requires_gnutls_tls1_3 +requires_gnutls_record_size_limit +requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_RECORD_SIZE_LIMIT +requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +run_test "Record Size Limit: TLS 1.3: Server complies with record size limit (4096), 2 fragments" \ + "$P_SRV debug_level=3 force_version=tls13 response_size=6144" \ + "$G_NEXT_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 -V -d 4 --recordsize 4095" \ + 0 \ + -s "RecordSizeLimit: 4096 Bytes" \ + -s "ClientHello: record_size_limit(28) extension exists." \ + -s "Maximum outgoing record payload length is 4095" \ + -s "6144 bytes written in 2 fragments" + +requires_gnutls_tls1_3 +requires_gnutls_record_size_limit +requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_RECORD_SIZE_LIMIT +requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +run_test "Record Size Limit: TLS 1.3: Server complies with record size limit (4096), 3 fragments" \ + "$P_SRV debug_level=3 force_version=tls13 response_size=10240" \ + "$G_NEXT_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 -V -d 4 --recordsize 4095" \ + 0 \ + -s "RecordSizeLimit: 4096 Bytes" \ + -s "ClientHello: record_size_limit(28) extension exists." \ + -s "Maximum outgoing record payload length is 4095" \ + -s "10240 bytes written in 3 fragments" # Tests for renegotiation @@ -8263,7 +8406,7 @@ run_test "mbedtls_ssl_get_bytes_avail: extra data (*2)" \ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "mbedtls_ssl_get_bytes_avail: extra data (max)" \ - "$P_SRV buffer_size=100" \ + "$P_SRV buffer_size=100 force_version=tls12" \ "$P_CLI request_size=$MAX_CONTENT_LEN" \ 0 \ -s "Read from client: $MAX_CONTENT_LEN bytes read (100 + $((MAX_CONTENT_LEN - 100)))" @@ -8452,20 +8595,20 @@ run_test "Large client packet TLS 1.2 AEAD shorter tag" \ requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "Large client packet TLS 1.3 AEAD" \ "$P_SRV" \ - "$P_CLI request_size=16384 \ + "$P_CLI request_size=16383 \ force_ciphersuite=TLS1-3-AES-128-CCM-SHA256" \ 0 \ - -c "16384 bytes written in $(fragments_for_write 16384) fragments" \ - -s "Read from client: $MAX_CONTENT_LEN bytes read" + -c "16383 bytes written in $(fragments_for_write 16383) fragments" \ + -s "Read from client: 16383 bytes read" requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "Large client packet TLS 1.3 AEAD shorter tag" \ "$P_SRV" \ - "$P_CLI request_size=16384 \ + "$P_CLI request_size=16383 \ force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256" \ 0 \ - -c "16384 bytes written in $(fragments_for_write 16384) fragments" \ - -s "Read from client: $MAX_CONTENT_LEN bytes read" + -c "16383 bytes written in $(fragments_for_write 16383) fragments" \ + -s "Read from client: 16383 bytes read" # The tests below fail when the server's OUT_CONTENT_LEN is less than 16384. run_test "Large server packet TLS 1.2 BlockCipher" \ @@ -8508,17 +8651,17 @@ run_test "Large server packet TLS 1.2 AEAD shorter tag" \ requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "Large server packet TLS 1.3 AEAD" \ - "$P_SRV response_size=16384" \ + "$P_SRV response_size=16383" \ "$P_CLI force_ciphersuite=TLS1-3-AES-128-CCM-SHA256" \ 0 \ - -c "Read from server: 16384 bytes read" + -c "Read from server: 16383 bytes read" requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "Large server packet TLS 1.3 AEAD shorter tag" \ - "$P_SRV response_size=16384" \ + "$P_SRV response_size=16383" \ "$P_CLI force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256" \ 0 \ - -c "Read from server: 16384 bytes read" + -c "Read from server: 16383 bytes read" # Tests for restartable ECC diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 05571a1dc..8a03d1b97 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -2096,6 +2096,10 @@ void ssl_serialize_session_save_load(int ticket_len, char *crt_file, } #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ +#if defined(MBEDTLS_SSL_RECORD_SIZE_LIMIT) + TEST_ASSERT(original.record_size_limit == restored.record_size_limit); +#endif + exit: mbedtls_ssl_session_free(&original); mbedtls_ssl_session_free(&restored);