From c82ee3555fd73770e8e2be03747662299a876e8c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= <mpg@elzevir.fr>
Date: Wed, 7 Jan 2015 16:35:25 +0100
Subject: [PATCH] Fix tests that were failing with record splitting

---
 programs/ssl/ssl_client2.c | 24 ++++++++++++++++++++++++
 tests/ssl-opt.sh           | 12 +++++++-----
 2 files changed, 31 insertions(+), 5 deletions(-)

diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c
index 5b7a488c92..e08db04ca0 100644
--- a/programs/ssl/ssl_client2.c
+++ b/programs/ssl/ssl_client2.c
@@ -91,6 +91,7 @@ int main( int argc, char *argv[] )
 #define DFL_AUTH_MODE           SSL_VERIFY_REQUIRED
 #define DFL_MFL_CODE            SSL_MAX_FRAG_LEN_NONE
 #define DFL_TRUNC_HMAC          0
+#define DFL_RECSPLIT            -1
 #define DFL_RECONNECT           0
 #define DFL_RECO_DELAY          0
 #define DFL_TICKETS             SSL_SESSION_TICKETS_ENABLED
@@ -128,6 +129,7 @@ struct options
     int auth_mode;              /* verify mode for connection               */
     unsigned char mfl_code;     /* code for maximum fragment length         */
     int trunc_hmac;             /* negotiate truncated hmac or not          */
+    int recsplit;               /* enable record splitting?                 */
     int reconnect;              /* attempt to resume session                */
     int reco_delay;             /* delay in seconds before resuming session */
     int tickets;                /* enable / disable session tickets         */
@@ -269,6 +271,13 @@ static int my_verify( void *data, x509_crt *crt, int depth, int *flags )
 #define USAGE_MAX_FRAG_LEN ""
 #endif /* POLARSSL_SSL_MAX_FRAGMENT_LENGTH */
 
+#if defined(POLARSSL_SSL_CBC_RECORD_SPLITTING)
+#define USAGE_RECSPLIT \
+    "    recplit=%%d          default: (library default)\n"
+#else
+#define USAGE_RECSPLIT
+#endif
+
 #if defined(POLARSSL_TIMING_C)
 #define USAGE_TIME \
     "    reco_delay=%%d       default: 0 seconds\n"
@@ -313,6 +322,7 @@ static int my_verify( void *data, x509_crt *crt, int depth, int *flags )
     USAGE_MAX_FRAG_LEN                                      \
     USAGE_TRUNC_HMAC                                        \
     USAGE_ALPN                                              \
+    USAGE_RECSPLIT                                          \
     "\n"                                                    \
     "    min_version=%%s      default: \"\" (ssl3)\n"       \
     "    max_version=%%s      default: \"\" (tls1_2)\n"     \
@@ -409,6 +419,7 @@ int main( int argc, char *argv[] )
     opt.auth_mode           = DFL_AUTH_MODE;
     opt.mfl_code            = DFL_MFL_CODE;
     opt.trunc_hmac          = DFL_TRUNC_HMAC;
+    opt.recsplit            = DFL_RECSPLIT;
     opt.reconnect           = DFL_RECONNECT;
     opt.reco_delay          = DFL_RECO_DELAY;
     opt.tickets             = DFL_TICKETS;
@@ -600,6 +611,12 @@ int main( int argc, char *argv[] )
             if( opt.trunc_hmac < 0 || opt.trunc_hmac > 1 )
                 goto usage;
         }
+        else if( strcmp( p, "recsplit" ) == 0 )
+        {
+            opt.recsplit = atoi( q );
+            if( opt.recsplit < 0 || opt.recsplit > 1 )
+                goto usage;
+        }
         else
             goto usage;
     }
@@ -882,6 +899,13 @@ int main( int argc, char *argv[] )
         }
 #endif
 
+#if defined(POLARSSL_SSL_CBC_RECORD_SPLITTING)
+    if( opt.recsplit != DFL_RECSPLIT )
+        ssl_set_cbc_record_splitting( &ssl, opt.recsplit
+                                    ? SSL_CBC_RECORD_SPLITTING_ENABLED
+                                    : SSL_CBC_RECORD_SPLITTING_DISABLED );
+#endif
+
 #if defined(POLARSSL_SSL_ALPN)
     if( opt.alpn_string != NULL )
         if( ( ret = ssl_set_alpn_protocols( &ssl, alpn_list ) ) != 0 )
diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index f94808d2cc..e6b63a18a0 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -1684,7 +1684,8 @@ run_test    "Small packet TLS 1.2 BlockCipher" \
 
 run_test    "Small packet TLS 1.2 BlockCipher larger MAC" \
             "$P_SRV" \
-            "$P_CLI request_size=1 force_version=tls1_2 force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384" \
+            "$P_CLI request_size=1 force_version=tls1_2 \
+             force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384" \
             0 \
             -s "Read from client: 1 bytes read"
 
@@ -1729,7 +1730,7 @@ run_test    "Small packet TLS 1.2 AEAD shorter tag" \
 
 run_test    "Large packet SSLv3 BlockCipher" \
             "$P_SRV" \
-            "$P_CLI request_size=16384 force_version=ssl3 \
+            "$P_CLI request_size=16384 force_version=ssl3 recsplit=0 \
              force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
             0 \
             -s "Read from client: 16384 bytes read"
@@ -1743,14 +1744,14 @@ run_test    "Large packet SSLv3 StreamCipher" \
 
 run_test    "Large packet TLS 1.0 BlockCipher" \
             "$P_SRV" \
-            "$P_CLI request_size=16384 force_version=tls1 \
+            "$P_CLI request_size=16384 force_version=tls1 recsplit=0 \
              force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
             0 \
             -s "Read from client: 16384 bytes read"
 
 run_test    "Large packet TLS 1.0 BlockCipher truncated MAC" \
             "$P_SRV" \
-            "$P_CLI request_size=16384 force_version=tls1 \
+            "$P_CLI request_size=16384 force_version=tls1 recsplit=0 \
              force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA \
              trunc_hmac=1" \
             0 \
@@ -1803,7 +1804,8 @@ run_test    "Large packet TLS 1.2 BlockCipher" \
 
 run_test    "Large packet TLS 1.2 BlockCipher larger MAC" \
             "$P_SRV" \
-            "$P_CLI request_size=16384 force_version=tls1_2 force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384" \
+            "$P_CLI request_size=16384 force_version=tls1_2 \
+             force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384" \
             0 \
             -s "Read from client: 16384 bytes read"