From 598ea09dd5b142a0743c4a9b8ab7a3a9b6a9a813 Mon Sep 17 00:00:00 2001
From: Waleed Elmelegy <waleed.elmelegy@arm.com>
Date: Wed, 3 Jan 2024 17:34:03 +0000
Subject: [PATCH] TLS1.3: SRV/CLI: add support for sending Record Size Limit
 extension

Signed-off-by: Yanray Wang <yanray.wang@arm.com>
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
---
 tests/ssl-opt.sh | 26 ++++++++++++++++++++++++--
 1 file changed, 24 insertions(+), 2 deletions(-)

diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index 89243e4a2..e45a165df 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -5003,11 +5003,33 @@ run_test    "Record Size Limit: TLS 1.3: Server complies with record size limit
             "$P_SRV debug_level=3 force_version=tls13 response_size=10240" \
             "$G_NEXT_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 -V -d 4 --recordsize 4095" \
             0 \
-            -s "RecordSizeLimit: 4096 Bytes" \
-            -s "ClientHello: record_size_limit(28) extension exists." \
+            -s "Sent RecordSizeLimit: 16384 Bytes" \
+            -s "EncryptedExtensions: record_size_limit(28) extension exists." \
             -s "Maximum outgoing record payload length is 4095" \
             -s "10240 bytes written in 3 fragments"
 
+# TODO: For time being, we send fixed value of RecordSizeLimit defined by
+# MBEDTLS_SSL_IN_CONTENT_LEN. Once we support variable buffer length of
+# RecordSizeLimit, we need to modify value of RecordSizeLimit in below test.
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_RECORD_SIZE_LIMIT
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_SRV_C
+run_test    "Record Size Limit: TLS 1.3 m->m: both peer comply with record size limit (16384)" \
+            "$P_SRV debug_level=4 force_version=tls13" \
+            "$P_CLI debug_level=4 force_version=tls13" \
+            0 \
+            -c "Sent RecordSizeLimit: 16384 Bytes"                            \
+            -c "RecordSizeLimit: 16384 Bytes"                                 \
+            -c "EncryptedExtensions: record_size_limit(28) extension exists." \
+            -c "Maximum outgoing record payload length is 16383"              \
+            -s "RecordSizeLimit: 16384 Bytes"                                 \
+            -s "Sent RecordSizeLimit: 16384 Bytes"                            \
+            -s "EncryptedExtensions: record_size_limit(28) extension exists." \
+            -s "Maximum outgoing record payload length is 16383"              \
+            -s "Maximum incoming record payload length is 16384"
+
 # Tests for renegotiation
 
 # Renegotiation SCSV always added, regardless of SSL_RENEGOTIATION