yuzu-emu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2024-11-22 22:05:42 +01:00
Code Issues Packages Projects Releases Wiki Activity

Added buffer_size and response_size options for ssl-server2.

Browse Source 
Added appropriate tests.
This commit is contained in:
Andrzej Kurek 2018-06-28 04:03:10 -04:00 committed by Simon Butcher
parent 651902d062
commit 557335e56d
2 changed files with 219 additions and 36 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

62
programs/ssl/ssl_server2.c
View File

@ -99,6 +99,7 @@ int main( void )
#define DFL_SERVER_ADDR NULL
#define DFL_SERVER_PORT "4433"
#define DFL_RESPONSE_SIZE -1
#define DFL_DEBUG_LEVEL 0
#define DFL_NBIO 0
#define DFL_READ_TIMEOUT 0
@ -166,7 +167,7 @@ int main( void )
* You will need to adapt the mbedtls_ssl_get_bytes_avail() test in ssl-opt.sh
* if you change this value to something outside the range <= 100 or > 500
*/
#define IO_BUF_LEN 200
#define DFL_IO_BUF_LEN 200
#if defined(MBEDTLS_X509_CRT_PARSE_C)
#if defined(MBEDTLS_FS_IO)
@ -329,6 +330,11 @@ int main( void )
" server_addr=%%s default: (all interfaces)\n" \
" server_port=%%d default: 4433\n" \
" debug_level=%%d default: 0 (disabled)\n" \
" buffer_size=%%d default: 200 \n" \
" (minimum: 1, max: 16385)\n" \
" response_size=%%d default: about 152 (basic response)\n" \
" (minimum: 0, max: 16384)\n" \
" increases buffer_size if bigger\n"\
" nbio=%%d default: 0 (blocking I/O)\n" \
" options: 1 (non-blocking), 2 (added delays)\n" \
" read_timeout=%%d default: 0 ms (no timeout)\n" \
@ -400,6 +406,8 @@ struct options
int debug_level; /* level of debugging */
int nbio; /* should I/O be blocking? */
uint32_t read_timeout; /* timeout on mbedtls_ssl_read() in milliseconds */
int response_size; /* pad response with header to requested size */
uint16_t buffer_size; /* IO buffer size */
const char *ca_file; /* the file with the CA certificate(s) */
const char *ca_path; /* the path with the CA certificate(s) reside */
const char *crt_file; /* the file with the server certificate */
@ -841,7 +849,7 @@ int main( int argc, char *argv[] )
{
int ret = 0, len, written, frags, exchanges_left;
int version_suites[4][2];
unsigned char buf[IO_BUF_LEN];
unsigned char* buf = 0;
#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
unsigned char psk[MBEDTLS_PSK_MAX_LEN];
size_t psk_len = 0;
@ -966,9 +974,11 @@ int main( int argc, char *argv[] )
goto exit;
}
opt.buffer_size = DFL_IO_BUF_LEN;
opt.server_addr = DFL_SERVER_ADDR;
opt.server_port = DFL_SERVER_PORT;
opt.debug_level = DFL_DEBUG_LEVEL;
opt.response_size = DFL_RESPONSE_SIZE;
opt.nbio = DFL_NBIO;
opt.read_timeout = DFL_READ_TIMEOUT;
opt.ca_file = DFL_CA_FILE;
@ -1049,6 +1059,20 @@ int main( int argc, char *argv[] )
}
else if( strcmp( p, "read_timeout" ) == 0 )
opt.read_timeout = atoi( q );
else if( strcmp( p, "buffer_size" ) == 0 )
{
opt.buffer_size = atoi( q );
if( opt.buffer_size < 1 || opt.buffer_size > MBEDTLS_SSL_MAX_CONTENT_LEN + 1 )
goto usage;
}
else if( strcmp( p, "response_size" ) == 0 )
{
opt.response_size = atoi( q );
if( opt.response_size < 0 || opt.response_size > MBEDTLS_SSL_MAX_CONTENT_LEN )
goto usage;
if( opt.buffer_size < opt.response_size )
opt.buffer_size = opt.response_size;
}
else if( strcmp( p, "ca_file" ) == 0 )
opt.ca_file = q;
else if( strcmp( p, "ca_path" ) == 0 )
@ -1331,6 +1355,13 @@ int main( int argc, char *argv[] )
#if defined(MBEDTLS_DEBUG_C)
mbedtls_debug_set_threshold( opt.debug_level );
#endif
buf = malloc( opt.buffer_size );
if( buf == NULL )
{
mbedtls_printf("Could not allocate %u bytes\n", opt.buffer_size);
ret = 3;
goto exit;
}
if( opt.force_ciphersuite[0] > 0 )
{
@ -2219,8 +2250,8 @@ data_exchange:
do
{
int terminated = 0;
len = sizeof( buf ) - 1;
memset( buf, 0, sizeof( buf ) );
len = opt.buffer_size - 1;
memset( buf, 0, opt.buffer_size );
ret = mbedtls_ssl_read( &ssl, buf, len );
if( ret == MBEDTLS_ERR_SSL_WANT_READ ||
@ -2310,8 +2341,8 @@ data_exchange:
}
else /* Not stream, so datagram */
{
len = sizeof( buf ) - 1;
memset( buf, 0, sizeof( buf ) );
len = opt.buffer_size - 1;
memset( buf, 0, opt.buffer_size );
do ret = mbedtls_ssl_read( &ssl, buf, len );
while( ret == MBEDTLS_ERR_SSL_WANT_READ ||
@ -2371,6 +2402,25 @@ data_exchange:
len = sprintf( (char *) buf, HTTP_RESPONSE,
mbedtls_ssl_get_ciphersuite( &ssl ) );
/* Add padding to the response to reach opt.response_size in length */
if( opt.response_size != DFL_RESPONSE_SIZE &&
len < opt.response_size )
{
memset( buf + len, 'B', opt.response_size - len );
len += opt.response_size - len;
}
/* Truncate if response size is smaller than the "natural" size */
if( opt.response_size != DFL_RESPONSE_SIZE &&
len > opt.response_size )
{
len = opt.response_size;
/* Still end with \r\n unless that's really not possible */
if( len >= 2 ) buf[len - 2] = '\r';
if( len >= 1 ) buf[len - 1] = '\n';
}
if( opt.transport == MBEDTLS_SSL_TRANSPORT_STREAM )
{
for( written = 0, frags = 0; written < len; written += ret, frags++ )

193
tests/ssl-opt.sh
View File

@ -4061,10 +4061,10 @@ run_test "SSLv3 with extensions, server side" \
-S "dumping 'client hello extensions'" \
-S "server hello, total extension length:"
# Test for large packets
# Test for large client packets
requires_config_enabled MBEDTLS_SSL_PROTO_SSL3
run_test "Large packet SSLv3 BlockCipher" \
run_test "Large client packet SSLv3 BlockCipher" \
"$P_SRV min_version=ssl3" \
"$P_CLI request_size=16384 force_version=ssl3 recsplit=0 \
force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
@ -4073,7 +4073,7 @@ run_test "Large packet SSLv3 BlockCipher" \
-s "Read from client: 16384 bytes read"
requires_config_enabled MBEDTLS_SSL_PROTO_SSL3
run_test "Large packet SSLv3 StreamCipher" \
run_test "Large client packet SSLv3 StreamCipher" \
"$P_SRV min_version=ssl3 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
"$P_CLI request_size=16384 force_version=ssl3 \
force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
@ -4081,7 +4081,7 @@ run_test "Large packet SSLv3 StreamCipher" \
-c "16384 bytes written in 1 fragments" \
-s "Read from client: 16384 bytes read"
run_test "Large packet TLS 1.0 BlockCipher" \
run_test "Large client packet TLS 1.0 BlockCipher" \
"$P_SRV" \
"$P_CLI request_size=16384 force_version=tls1 recsplit=0 \
force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
@ -4089,7 +4089,7 @@ run_test "Large packet TLS 1.0 BlockCipher" \
-c "16384 bytes written in 1 fragments" \
-s "Read from client: 16384 bytes read"
run_test "Large packet TLS 1.0 BlockCipher, without EtM" \
run_test "Large client packet TLS 1.0 BlockCipher, without EtM" \
"$P_SRV" \
"$P_CLI request_size=16384 force_version=tls1 etm=0 recsplit=0 \
force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
@ -4097,7 +4097,7 @@ run_test "Large packet TLS 1.0 BlockCipher, without EtM" \
-s "Read from client: 16384 bytes read"
requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
run_test "Large packet TLS 1.0 BlockCipher, truncated MAC" \
run_test "Large client packet TLS 1.0 BlockCipher, truncated MAC" \
"$P_SRV trunc_hmac=1" \
"$P_CLI request_size=16384 force_version=tls1 recsplit=0 \
force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1" \
@ -4106,21 +4106,21 @@ run_test "Large packet TLS 1.0 BlockCipher, truncated MAC" \
-s "Read from client: 16384 bytes read"
requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
run_test "Large packet TLS 1.0 BlockCipher, without EtM, truncated MAC" \
run_test "Large client packet TLS 1.0 BlockCipher, without EtM, truncated MAC" \
"$P_SRV trunc_hmac=1" \
"$P_CLI request_size=16384 force_version=tls1 etm=0 recsplit=0 \
force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1" \
0 \
-s "Read from client: 16384 bytes read"
run_test "Large packet TLS 1.0 StreamCipher" \
run_test "Large client packet TLS 1.0 StreamCipher" \
"$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
"$P_CLI request_size=16384 force_version=tls1 \
force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
0 \
-s "Read from client: 16384 bytes read"
run_test "Large packet TLS 1.0 StreamCipher, without EtM" \
run_test "Large client packet TLS 1.0 StreamCipher, without EtM" \
"$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
"$P_CLI request_size=16384 force_version=tls1 \
force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA etm=0" \
@ -4128,7 +4128,7 @@ run_test "Large packet TLS 1.0 StreamCipher, without EtM" \
-s "Read from client: 16384 bytes read"
requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
run_test "Large packet TLS 1.0 StreamCipher, truncated MAC" \
run_test "Large client packet TLS 1.0 StreamCipher, truncated MAC" \
"$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \
"$P_CLI request_size=16384 force_version=tls1 \
force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \
@ -4136,7 +4136,7 @@ run_test "Large packet TLS 1.0 StreamCipher, truncated MAC" \
-s "Read from client: 16384 bytes read"
requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
run_test "Large packet TLS 1.0 StreamCipher, without EtM, truncated MAC" \
run_test "Large client packet TLS 1.0 StreamCipher, without EtM, truncated MAC" \
"$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \
"$P_CLI request_size=16384 force_version=tls1 \
force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1 etm=0" \
@ -4144,7 +4144,7 @@ run_test "Large packet TLS 1.0 StreamCipher, without EtM, truncated MAC" \
-c "16384 bytes written in 1 fragments" \
-s "Read from client: 16384 bytes read"
run_test "Large packet TLS 1.1 BlockCipher" \
run_test "Large client packet TLS 1.1 BlockCipher" \
"$P_SRV" \
"$P_CLI request_size=16384 force_version=tls1_1 \
force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
@ -4152,7 +4152,7 @@ run_test "Large packet TLS 1.1 BlockCipher" \
-c "16384 bytes written in 1 fragments" \
-s "Read from client: 16384 bytes read"
run_test "Large packet TLS 1.1 BlockCipher, without EtM" \
run_test "Large client packet TLS 1.1 BlockCipher, without EtM" \
"$P_SRV" \
"$P_CLI request_size=16384 force_version=tls1_1 etm=0 \
force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
@ -4160,7 +4160,7 @@ run_test "Large packet TLS 1.1 BlockCipher, without EtM" \
-s "Read from client: 16384 bytes read"
requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
run_test "Large packet TLS 1.1 BlockCipher, truncated MAC" \
run_test "Large client packet TLS 1.1 BlockCipher, truncated MAC" \
"$P_SRV trunc_hmac=1" \
"$P_CLI request_size=16384 force_version=tls1_1 \
force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1" \
@ -4168,14 +4168,14 @@ run_test "Large packet TLS 1.1 BlockCipher, truncated MAC" \
-s "Read from client: 16384 bytes read"
requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
run_test "Large packet TLS 1.1 BlockCipher, without EtM, truncated MAC" \
run_test "Large client packet TLS 1.1 BlockCipher, without EtM, truncated MAC" \
"$P_SRV trunc_hmac=1" \
"$P_CLI request_size=16384 force_version=tls1_1 \
force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1 etm=0" \
0 \
-s "Read from client: 16384 bytes read"
run_test "Large packet TLS 1.1 StreamCipher" \
run_test "Large client packet TLS 1.1 StreamCipher" \
"$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
"$P_CLI request_size=16384 force_version=tls1_1 \
force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
@ -4183,7 +4183,7 @@ run_test "Large packet TLS 1.1 StreamCipher" \
-c "16384 bytes written in 1 fragments" \
-s "Read from client: 16384 bytes read"
run_test "Large packet TLS 1.1 StreamCipher, without EtM" \
run_test "Large client packet TLS 1.1 StreamCipher, without EtM" \
"$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
"$P_CLI request_size=16384 force_version=tls1_1 \
force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA etm=0" \
@ -4192,7 +4192,7 @@ run_test "Large packet TLS 1.1 StreamCipher, without EtM" \
-s "Read from client: 16384 bytes read"
requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
run_test "Large packet TLS 1.1 StreamCipher, truncated MAC" \
run_test "Large client packet TLS 1.1 StreamCipher, truncated MAC" \
"$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \
"$P_CLI request_size=16384 force_version=tls1_1 \
force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \
@ -4200,7 +4200,7 @@ run_test "Large packet TLS 1.1 StreamCipher, truncated MAC" \
-s "Read from client: 16384 bytes read"
requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
run_test "Large packet TLS 1.1 StreamCipher, without EtM, truncated MAC" \
run_test "Large client packet TLS 1.1 StreamCipher, without EtM, truncated MAC" \
"$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \
"$P_CLI request_size=16384 force_version=tls1_1 \
force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1 etm=0" \
@ -4208,7 +4208,7 @@ run_test "Large packet TLS 1.1 StreamCipher, without EtM, truncated MAC" \
-c "16384 bytes written in 1 fragments" \
-s "Read from client: 16384 bytes read"
run_test "Large packet TLS 1.2 BlockCipher" \
run_test "Large client packet TLS 1.2 BlockCipher" \
"$P_SRV" \
"$P_CLI request_size=16384 force_version=tls1_2 \
force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
@ -4216,14 +4216,14 @@ run_test "Large packet TLS 1.2 BlockCipher" \
-c "16384 bytes written in 1 fragments" \
-s "Read from client: 16384 bytes read"
run_test "Large packet TLS 1.2 BlockCipher, without EtM" \
run_test "Large client packet TLS 1.2 BlockCipher, without EtM" \
"$P_SRV" \
"$P_CLI request_size=16384 force_version=tls1_2 etm=0 \
force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
0 \
-s "Read from client: 16384 bytes read"
run_test "Large packet TLS 1.2 BlockCipher larger MAC" \
run_test "Large client packet TLS 1.2 BlockCipher larger MAC" \
"$P_SRV" \
"$P_CLI request_size=16384 force_version=tls1_2 \
force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384" \
@ -4232,7 +4232,7 @@ run_test "Large packet TLS 1.2 BlockCipher larger MAC" \
-s "Read from client: 16384 bytes read"
requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
run_test "Large packet TLS 1.2 BlockCipher, truncated MAC" \
run_test "Large client packet TLS 1.2 BlockCipher, truncated MAC" \
"$P_SRV trunc_hmac=1" \
"$P_CLI request_size=16384 force_version=tls1_2 \
force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1" \
@ -4240,7 +4240,7 @@ run_test "Large packet TLS 1.2 BlockCipher, truncated MAC" \
-s "Read from client: 16384 bytes read"
requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
run_test "Large packet TLS 1.2 BlockCipher, without EtM, truncated MAC" \
run_test "Large client packet TLS 1.2 BlockCipher, without EtM, truncated MAC" \
"$P_SRV trunc_hmac=1" \
"$P_CLI request_size=16384 force_version=tls1_2 \
force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1 etm=0" \
@ -4248,7 +4248,7 @@ run_test "Large packet TLS 1.2 BlockCipher, without EtM, truncated MAC" \
-c "16384 bytes written in 1 fragments" \
-s "Read from client: 16384 bytes read"
run_test "Large packet TLS 1.2 StreamCipher" \
run_test "Large client packet TLS 1.2 StreamCipher" \
"$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
"$P_CLI request_size=16384 force_version=tls1_2 \
force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
@ -4256,7 +4256,7 @@ run_test "Large packet TLS 1.2 StreamCipher" \
-c "16384 bytes written in 1 fragments" \
-s "Read from client: 16384 bytes read"
run_test "Large packet TLS 1.2 StreamCipher, without EtM" \
run_test "Large client packet TLS 1.2 StreamCipher, without EtM" \
"$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
"$P_CLI request_size=16384 force_version=tls1_2 \
force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA etm=0" \
@ -4264,7 +4264,7 @@ run_test "Large packet TLS 1.2 StreamCipher, without EtM" \
-s "Read from client: 16384 bytes read"
requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
run_test "Large packet TLS 1.2 StreamCipher, truncated MAC" \
run_test "Large client packet TLS 1.2 StreamCipher, truncated MAC" \
"$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \
"$P_CLI request_size=16384 force_version=tls1_2 \
force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \
@ -4272,7 +4272,7 @@ run_test "Large packet TLS 1.2 StreamCipher, truncated MAC" \
-s "Read from client: 16384 bytes read"
requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
run_test "Large packet TLS 1.2 StreamCipher, without EtM, truncated MAC" \
run_test "Large client packet TLS 1.2 StreamCipher, without EtM, truncated MAC" \
"$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \
"$P_CLI request_size=16384 force_version=tls1_2 \
force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1 etm=0" \
@ -4280,7 +4280,7 @@ run_test "Large packet TLS 1.2 StreamCipher, without EtM, truncated MAC" \
-c "16384 bytes written in 1 fragments" \
-s "Read from client: 16384 bytes read"
run_test "Large packet TLS 1.2 AEAD" \
run_test "Large client packet TLS 1.2 AEAD" \
"$P_SRV" \
"$P_CLI request_size=16384 force_version=tls1_2 \
force_ciphersuite=TLS-RSA-WITH-AES-256-CCM" \
@ -4288,7 +4288,7 @@ run_test "Large packet TLS 1.2 AEAD" \
-c "16384 bytes written in 1 fragments" \
-s "Read from client: 16384 bytes read"
run_test "Large packet TLS 1.2 AEAD shorter tag" \
run_test "Large client packet TLS 1.2 AEAD shorter tag" \
"$P_SRV" \
"$P_CLI request_size=16384 force_version=tls1_2 \
force_ciphersuite=TLS-RSA-WITH-AES-256-CCM-8" \
@ -4346,6 +4346,139 @@ run_test "Force an ECC ciphersuite in the server side" \
-c "found supported_point_formats extension" \
-s "server hello, supported_point_formats extension"
# Test for large server packets
requires_config_enabled MBEDTLS_SSL_PROTO_SSL3
run_test "Large server packet SSLv3 BlockCipher" \
"$P_SRV response_size=16384 min_version=ssl3" \
"$P_CLI force_version=ssl3 recsplit=0 \
force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
0 \
-c "Read from server: 16384 bytes read"
requires_config_enabled MBEDTLS_SSL_PROTO_SSL3
run_test "Large server packet SSLv3 StreamCipher" \
"$P_SRV response_size=16384 min_version=ssl3 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
"$P_CLI force_version=ssl3 \
force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
0 \
-c "Read from server: 16384 bytes read"
# Checking next 2 tests logs for 1n-1 split against BEAST too
run_test "Large server packet TLS 1.0 BlockCipher" \
"$P_SRV response_size=16384" \
"$P_CLI force_version=tls1 recsplit=0 \
force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
0 \
-c "Read from server: 1 bytes read"\
-c "16383 bytes read"\
-C "Read from server: 16384 bytes read"
requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
run_test "Large server packet TLS 1.0 BlockCipher truncated MAC" \
"$P_SRV response_size=16384" \
"$P_CLI force_version=tls1 recsplit=0 \
force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA \
trunc_hmac=1" \
0 \
-c "Read from server: 1 bytes read"\
-c "16383 bytes read"\
-C "Read from server: 16384 bytes read"
requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
run_test "Large server packet TLS 1.0 StreamCipher truncated MAC" \
"$P_SRV response_size=16384 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
"$P_CLI force_version=tls1 \
force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \
trunc_hmac=1" \
0 \
-c "Read from server: 16384 bytes read"
run_test "Large server packet TLS 1.1 BlockCipher" \
"$P_SRV response_size=16384" \
"$P_CLI force_version=tls1_1 \
force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
0 \
-c "Read from server: 16384 bytes read"
run_test "Large server packet TLS 1.1 StreamCipher" \
"$P_SRV response_size=16384 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
"$P_CLI force_version=tls1_1 \
force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
0 \
-c "Read from server: 16384 bytes read"
requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
run_test "Large server packet TLS 1.1 BlockCipher truncated MAC" \
"$P_SRV response_size=16384" \
"$P_CLI force_version=tls1_1 \
force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA \
trunc_hmac=1" \
0 \
-c "Read from server: 16384 bytes read"
requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
run_test "Large server packet TLS 1.1 StreamCipher truncated MAC" \
"$P_SRV response_size=16384 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
"$P_CLI force_version=tls1_1 \
force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \
trunc_hmac=1" \
0 \
-c "Read from server: 16384 bytes read"
run_test "Large server packet TLS 1.2 BlockCipher" \
"$P_SRV response_size=16384" \
"$P_CLI force_version=tls1_2 \
force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
0 \
-c "Read from server: 16384 bytes read"
run_test "Large server packet TLS 1.2 BlockCipher larger MAC" \
"$P_SRV response_size=16384" \
"$P_CLI force_version=tls1_2 \
force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384" \
0 \
-c "Read from server: 16384 bytes read"
requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
run_test "Large server packet TLS 1.2 BlockCipher truncated MAC" \
"$P_SRV response_size=16384" \
"$P_CLI force_version=tls1_2 \
force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA \
trunc_hmac=1" \
0 \
-c "Read from server: 16384 bytes read"
run_test "Large server packet TLS 1.2 StreamCipher" \
"$P_SRV response_size=16384 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
"$P_CLI force_version=tls1_2 \
force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
0 \
-c "Read from server: 16384 bytes read"
requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
run_test "Large server packet TLS 1.2 StreamCipher truncated MAC" \
"$P_SRV response_size=16384 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
"$P_CLI force_version=tls1_2 \
force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \
trunc_hmac=1" \
0 \
-c "Read from server: 16384 bytes read"
run_test "Large server packet TLS 1.2 AEAD" \
"$P_SRV response_size=16384" \
"$P_CLI force_version=tls1_2 \
force_ciphersuite=TLS-RSA-WITH-AES-256-CCM" \
0 \
-c "Read from server: 16384 bytes read"
run_test "Large server packet TLS 1.2 AEAD shorter tag" \
"$P_SRV response_size=16384" \
"$P_CLI force_version=tls1_2 \
force_ciphersuite=TLS-RSA-WITH-AES-256-CCM-8" \
0 \
-c "Read from server: 16384 bytes read"
# Tests for DTLS HelloVerifyRequest
run_test "DTLS cookie: enabled" \