Add max_frag_len option in ssl_server2

Also reformat code and output more information in ssl_client2
2025-11-03 20:22:59 -05:00 · 2013-07-18 14:07:36 +02:00 · 2013-07-18 14:07:36 +02:00 · 0c017a55e0
commit 0c017a55e0
parent ed4af8b57c
2 changed files with 42 additions and 12 deletions
--- a/programs/ssl/ssl_client2.c
+++ b/programs/ssl/ssl_client2.c
@ -59,8 +59,15 @@
 #define DFL_AUTH_MODE           SSL_VERIFY_OPTIONAL
 #define DFL_MFL_CODE            SSL_MAX_FRAG_LEN_NONE

-/* Uncomment to test sending long paquets */
-#define LONG_HEADER // "User-agent: blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-END\r\n"
+/* Uncomment to test sending longer paquets (for fragmentation purposes) */
+#define LONG_HEADER // "User-agent: blah-blah-blah-blah-blah-blah-blah-"     \
+    "-01--blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-" \
+    "-02--blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-" \
+    "-03--blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-" \
+    "-04--blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-" \
+    "-05--blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-" \
+    "-06--blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-" \
+    "-07--blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-END\r\n"

 #define GET_REQUEST "GET %s HTTP/1.0\r\n" LONG_HEADER "\r\n"

@ -204,7 +211,7 @@ int main( int argc, char *argv[] )
 #else
 int main( int argc, char *argv[] )
 {
-    int ret = 0, len, server_fd, i, written;
+    int ret = 0, len, server_fd, i, written, frags;
    unsigned char buf[1024];
 #if defined(POLARSSL_KEY_EXCHANGE_PSK_ENABLED)
    unsigned char psk[256];
@ -705,7 +712,7 @@ int main( int argc, char *argv[] )

    len = sprintf( (char *) buf, GET_REQUEST, opt.request_page );

-    for( written = 0; written < len; written += ret )
+    for( written = 0, frags = 0; written < len; written += ret, frags++ )
    {
        while( ( ret = ssl_write( &ssl, buf + written, len - written ) ) <= 0 )
        {
@ -718,7 +725,7 @@ int main( int argc, char *argv[] )
    }

    buf[written] = '\0';
-    printf( " %d bytes written\n\n%s\n", written, (char *) buf );
+    printf( " %d bytes written in %d fragments\n\n%s\n", written, frags, (char *) buf );

    /*
     * 7. Read the HTTP response
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c
@ -68,11 +68,15 @@
 #define DFL_MIN_VERSION         -1
 #define DFL_MAX_VERSION         -1
 #define DFL_AUTH_MODE           SSL_VERIFY_OPTIONAL
+#define DFL_MFL_CODE            SSL_MAX_FRAG_LEN_NONE

-#define LONG_RESPONSE "<p>01-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah\r\n" \
-    "02-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah\r\n"  \
-    "03-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah\r\n"  \
-    "04-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah</p>\r\n"
+#define LONG_RESPONSE "<p>01-blah-blah-blah-blah-blah-blah-blah-blah-blah\r\n" \
+    "02-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah\r\n"  \
+    "03-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah\r\n"  \
+    "04-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah\r\n"  \
+    "05-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah\r\n"  \
+    "06-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah\r\n"  \
+    "07-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah</p>\r\n"

 /* Uncomment LONG_RESPONSE at the end of HTTP_RESPONSE to test sending longer
 * packets (for fragmentation purposes) */
@ -100,6 +104,7 @@ struct options
    int min_version;            /* minimum protocol version accepted        */
    int max_version;            /* maximum protocol version accepted        */
    int auth_mode;              /* verify mode for connection               */
+    unsigned char mfl_code;     /* code for maximum fragment length         */
 } opt;

 static void my_debug( void *ctx, int level, const char *str )
@ -154,6 +159,8 @@ static void my_debug( void *ctx, int level, const char *str )
    "                        options: ssl3, tls1, tls1_1, tls1_2\n" \
    "    auth_mode=%%s        default: \"optional\"\n"      \
    "                        options: none, optional, required\n" \
+    "    max_frag_len=%%d     default: 16384 (tls default)" \
+    "                        options: 512, 1024, 2048, 4096" \
    USAGE_PSK                                               \
    "\n"                                                    \
    "    force_ciphersuite=<name>    default: all enabled\n"\
@ -175,7 +182,7 @@ int main( int argc, char *argv[] )
 #else
 int main( int argc, char *argv[] )
 {
-    int ret = 0, len, written;
+    int ret = 0, len, written, frags;
    int listen_fd;
    int client_fd = -1;
    unsigned char buf[1024];
@ -257,6 +264,7 @@ int main( int argc, char *argv[] )
    opt.min_version         = DFL_MIN_VERSION;
    opt.max_version         = DFL_MAX_VERSION;
    opt.auth_mode           = DFL_AUTH_MODE;
+    opt.mfl_code            = DFL_MFL_CODE;

    for( i = 1; i < argc; i++ )
    {
@ -375,6 +383,19 @@ int main( int argc, char *argv[] )
            else
                goto usage;
        }
+        else if( strcmp( p, "max_frag_len" ) == 0 )
+        {
+            if( strcmp( q, "512" ) == 0 )
+                opt.mfl_code = SSL_MAX_FRAG_LEN_512;
+            else if( strcmp( q, "1024" ) == 0 )
+                opt.mfl_code = SSL_MAX_FRAG_LEN_1024;
+            else if( strcmp( q, "2048" ) == 0 )
+                opt.mfl_code = SSL_MAX_FRAG_LEN_2048;
+            else if( strcmp( q, "4096" ) == 0 )
+                opt.mfl_code = SSL_MAX_FRAG_LEN_4096;
+            else
+                goto usage;
+        }
        else
            goto usage;
    }
@ -569,6 +590,8 @@ int main( int argc, char *argv[] )
    ssl_set_endpoint( &ssl, SSL_IS_SERVER );
    ssl_set_authmode( &ssl, opt.auth_mode );

+    ssl_set_max_frag_len( &ssl, opt.mfl_code );
+
    ssl_set_rng( &ssl, ctr_drbg_random, &ctr_drbg );
    ssl_set_dbg( &ssl, my_debug, stdout );

@ -774,7 +797,7 @@ reset:
    len = sprintf( (char *) buf, HTTP_RESPONSE,
                   ssl_get_ciphersuite( &ssl ) );

-    for( written = 0; written < len; written += ret )
+    for( written = 0, frags = 0; written < len; written += ret, frags++ )
    {
        while( ( ret = ssl_write( &ssl, buf + written, len - written ) ) <= 0 )
        {
@ -793,7 +816,7 @@ reset:
    }

    buf[written] = '\0';
-    printf( " %d bytes written\n\n%s\n", written, (char *) buf );
+    printf( " %d bytes written in %d fragments\n\n%s\n", written, frags, (char *) buf );

    ret = 0;
    goto reset;