tls13: cli: write Record Size Limit ext in ClientHello

- add the support in library - update corresponding test case Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-11-08 11:15:23 +08:00 · 2023-11-08 11:15:23 +08:00 · 42017cd4c9
commit 42017cd4c9
parent faf70bdf9d
2 changed files with 16 additions and 4 deletions
--- a/library/ssl_tls13_client.c
+++ b/library/ssl_tls13_client.c
@ -1160,6 +1160,15 @@ int mbedtls_ssl_tls13_write_client_hello_exts(mbedtls_ssl_context *ssl,
    }
    p += ext_len;

+#if defined(MBEDTLS_SSL_RECORD_SIZE_LIMIT)
+    ret = mbedtls_ssl_tls13_write_record_size_limit_ext(
+        ssl, MBEDTLS_SSL_IN_CONTENT_LEN, p, end, &ext_len);
+    if (ret != 0) {
+        return ret;
+    }
+    p += ext_len;
+#endif
+
 #if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED)
    if (mbedtls_ssl_conf_tls13_some_ephemeral_enabled(ssl)) {
        ret = ssl_tls13_write_key_share_ext(ssl, p, end, &ext_len);
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@ -4856,10 +4856,13 @@ run_test    "Record Size Limit: TLS 1.3: Client-side parsing and debug output" \
            "$G_NEXT_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%DISABLE_TLS13_COMPAT_MODE --disable-client-cert -d 4" \
            "$P_CLI debug_level=4 force_version=tls13" \
            0 \
-            -s "Preparing extension (Record Size Limit/28) for 'encrypted extensions'"
-# The P_CLI can not yet send the Record Size Limit extension. Thus, the G_NEXT_SRV does not send
-# a response in its EncryptedExtensions record.
-#            -c "RecordSizeLimit: 16385 Bytes"
+            -c "Sent RecordSizeLimit: 16384 Bytes"                                      \
+            -c "ClientHello: record_size_limit(28) extension exists."                   \
+            -c "found record_size_limit extension"                                      \
+            -c "RecordSizeLimit: 16385 Bytes"                                           \
+            -c "EncryptedExtensions: record_size_limit(28) extension received."         \
+            -s "Parsing extension 'Record Size Limit/28' (2 bytes)"                     \
+            -s "record_size_limit 16384 negotiated"

 # In the following (9) tests, --recordsize is the value used by the G_NEXT_CLI (3.7.2) to configure the
 # maximum record size using "https://gnutls.org/reference/gnutls-gnutls.html#gnutls-record-set-max-size".