TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 42017cd4c9dacef74a82618a1d1b8afbfbfe35a9^! / .
commit42017cd4c9dacef74a82618a1d1b8afbfbfe35a9[log] [tgz]
authorYanray Wang <yanray.wang@arm.com>Wed Nov 08 11:15:23 2023 +0800
committerWaleed Elmelegy <waleed.elmelegy@arm.com>Wed Jan 10 16:17:27 2024 +0000
treeac45162ec600c8b2b06353dca6e90461623c0961
parentfaf70bdf9d314e52fd8b3e7d92a922316cac05c5 [diff]
tls13: cli: write Record Size Limit ext in ClientHello

- add the support in library
- update corresponding test case

Signed-off-by: Yanray Wang <yanray.wang@arm.com>

diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c
index 342ec52..0d13222 100644
--- a/library/ssl_tls13_client.c
+++ b/library/ssl_tls13_client.c

@@ -1160,6 +1160,15 @@
     }
     p += ext_len;
 
+#if defined(MBEDTLS_SSL_RECORD_SIZE_LIMIT)
+    ret = mbedtls_ssl_tls13_write_record_size_limit_ext(
+        ssl, MBEDTLS_SSL_IN_CONTENT_LEN, p, end, &ext_len);
+    if (ret != 0) {
+        return ret;
+    }
+    p += ext_len;
+#endif
+
 #if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED)
     if (mbedtls_ssl_conf_tls13_some_ephemeral_enabled(ssl)) {
         ret = ssl_tls13_write_key_share_ext(ssl, p, end, &ext_len);

diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index 92b3e17..1cd01dc 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh

@@ -4856,10 +4856,13 @@
             "$G_NEXT_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%DISABLE_TLS13_COMPAT_MODE --disable-client-cert -d 4" \
             "$P_CLI debug_level=4 force_version=tls13" \
             0 \
-            -s "Preparing extension (Record Size Limit/28) for 'encrypted extensions'"
-# The P_CLI can not yet send the Record Size Limit extension. Thus, the G_NEXT_SRV does not send
-# a response in its EncryptedExtensions record.
-#            -c "RecordSizeLimit: 16385 Bytes"
+            -c "Sent RecordSizeLimit: 16384 Bytes"                                      \
+            -c "ClientHello: record_size_limit(28) extension exists."                   \
+            -c "found record_size_limit extension"                                      \
+            -c "RecordSizeLimit: 16385 Bytes"                                           \
+            -c "EncryptedExtensions: record_size_limit(28) extension received."         \
+            -s "Parsing extension 'Record Size Limit/28' (2 bytes)"                     \
+            -s "record_size_limit 16384 negotiated"
 
 # In the following (9) tests, --recordsize is the value used by the G_NEXT_CLI (3.7.2) to configure the
 # maximum record size using "https://gnutls.org/reference/gnutls-gnutls.html#gnutls-record-set-max-size".