From 2c585d73c83078ad21e801bafdcb31936fd94c28 Mon Sep 17 00:00:00 2001 From: Juliusz Sosinowicz Date: Fri, 21 Feb 2025 12:31:30 +0100 Subject: [PATCH 1/5] Move extended master secret testing to test_tls_ext --- CMakeLists.txt | 1 + tests/api.c | 26 +--------------- tests/api/include.am | 2 ++ tests/api/test_tls_ext.c | 64 ++++++++++++++++++++++++++++++++++++++++ tests/api/test_tls_ext.h | 27 +++++++++++++++++ 5 files changed, 95 insertions(+), 25 deletions(-) create mode 100644 tests/api/test_tls_ext.c create mode 100644 tests/api/test_tls_ext.h diff --git a/CMakeLists.txt b/CMakeLists.txt index 51d9ea427..cdfe1d256 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -2591,6 +2591,7 @@ if(WOLFSSL_EXAMPLES) tests/api/test_dtls.c tests/api/test_ocsp.c tests/api/test_evp.c + tests/api/test_tls_ext.c tests/srp.c tests/suites.c tests/w64wrapper.c diff --git a/tests/api.c b/tests/api.c index 0a0913586..ca24cce3f 100644 --- a/tests/api.c +++ b/tests/api.c @@ -323,6 +323,7 @@ #include #include #include +#include #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_TLS) && \ !defined(NO_RSA) && !defined(SINGLE_THREADED) && \ @@ -12864,31 +12865,6 @@ static int test_wolfSSL_set_alpn_protos(void) #endif /* HAVE_ALPN_PROTOS_SUPPORT */ -static int test_wolfSSL_DisableExtendedMasterSecret(void) -{ - EXPECT_DECLS; -#if defined(HAVE_EXTENDED_MASTER) && !defined(NO_WOLFSSL_CLIENT) && \ - !defined(NO_TLS) - WOLFSSL_CTX *ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()); - WOLFSSL *ssl = wolfSSL_new(ctx); - - ExpectNotNull(ctx); - ExpectNotNull(ssl); - - /* error cases */ - ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_DisableExtendedMasterSecret(NULL)); - ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_DisableExtendedMasterSecret(NULL)); - - /* success cases */ - ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_DisableExtendedMasterSecret(ctx)); - ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_DisableExtendedMasterSecret(ssl)); - - wolfSSL_free(ssl); - wolfSSL_CTX_free(ctx); -#endif - return EXPECT_RESULT(); -} - static int test_wolfSSL_wolfSSL_UseSecureRenegotiation(void) { EXPECT_DECLS; diff --git a/tests/api/include.am b/tests/api/include.am index 8b9f863b4..15e28235c 100644 --- a/tests/api/include.am +++ b/tests/api/include.am @@ -52,6 +52,7 @@ tests_unit_test_SOURCES += tests/api/test_dtls.c # TLS Feature tests_unit_test_SOURCES += tests/api/test_ocsp.c tests_unit_test_SOURCES += tests/api/test_evp.c +tests_unit_test_SOURCES += tests/api/test_tls_ext.c endif EXTRA_DIST += tests/api/api.h @@ -101,4 +102,5 @@ EXTRA_DIST += tests/api/test_ocsp.h EXTRA_DIST += tests/api/test_ocsp_test_blobs.h EXTRA_DIST += tests/api/create_ocsp_test_blobs.py EXTRA_DIST += tests/api/test_evp.h +EXTRA_DIST += tests/api/test_tls_ext.h diff --git a/tests/api/test_tls_ext.c b/tests/api/test_tls_ext.c new file mode 100644 index 000000000..ed57f075f --- /dev/null +++ b/tests/api/test_tls_ext.c @@ -0,0 +1,64 @@ +/* test_tls_ems.c + * + * Copyright (C) 2006-2025 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#ifdef HAVE_CONFIG_H + #include +#endif + +#if !defined(WOLFSSL_USER_SETTINGS) && !defined(WOLFSSL_NO_OPTIONS_H) + #include +#endif +#include + +#ifdef NO_INLINE + #include +#else + #define WOLFSSL_MISC_INCLUDED + #include +#endif + +#include +#include + +int test_wolfSSL_DisableExtendedMasterSecret(void) +{ + EXPECT_DECLS; +#if defined(HAVE_EXTENDED_MASTER) && !defined(NO_WOLFSSL_CLIENT) && \ + !defined(NO_TLS) + WOLFSSL_CTX *ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()); + WOLFSSL *ssl = wolfSSL_new(ctx); + + ExpectNotNull(ctx); + ExpectNotNull(ssl); + + /* error cases */ + ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_DisableExtendedMasterSecret(NULL)); + ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_DisableExtendedMasterSecret(NULL)); + + /* success cases */ + ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_DisableExtendedMasterSecret(ctx)); + ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_DisableExtendedMasterSecret(ssl)); + + wolfSSL_free(ssl); + wolfSSL_CTX_free(ctx); +#endif + return EXPECT_RESULT(); +} diff --git a/tests/api/test_tls_ext.h b/tests/api/test_tls_ext.h new file mode 100644 index 000000000..49bd5c038 --- /dev/null +++ b/tests/api/test_tls_ext.h @@ -0,0 +1,27 @@ +/* test_tls_ems.h + * + * Copyright (C) 2006-2025 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#ifndef TESTS_API_TEST_TLS_EMS_H +#define TESTS_API_TEST_TLS_EMS_H + +int test_wolfSSL_DisableExtendedMasterSecret(void); + +#endif /* TESTS_API_TEST_TLS_EMS_H */ From f15ff6861c68ade624a4d1bdbb6d9e95715fb094 Mon Sep 17 00:00:00 2001 From: Juliusz Sosinowicz Date: Fri, 21 Feb 2025 13:44:05 +0100 Subject: [PATCH 2/5] TLS EMS: Set haveEMS when we negotiate TLS 1.3 --- src/ssl_sess.c | 11 +++++- tests/api.c | 1 + tests/api/test_tls_ext.c | 73 ++++++++++++++++++++++++++++++++++++++++ tests/api/test_tls_ext.h | 1 + 4 files changed, 85 insertions(+), 1 deletion(-) diff --git a/src/ssl_sess.c b/src/ssl_sess.c index 2752ddc82..dda518c91 100644 --- a/src/ssl_sess.c +++ b/src/ssl_sess.c @@ -3561,7 +3561,16 @@ void SetupSession(WOLFSSL* ssl) session->side = (byte)ssl->options.side; if (!IsAtLeastTLSv1_3(ssl->version) && ssl->arrays != NULL) XMEMCPY(session->masterSecret, ssl->arrays->masterSecret, SECRET_LEN); - session->haveEMS = ssl->options.haveEMS; + /* RFC8446 Appendix D. + * implementations which support both TLS 1.3 and earlier versions SHOULD + * indicate the use of the Extended Master Secret extension in their APIs + * whenever TLS 1.3 is used. + * Set haveEMS so that we send the extension in subsequent connections that + * offer downgrades. */ + if (IsAtLeastTLSv1_3(ssl->version)) + session->haveEMS = 1; + else + session->haveEMS = ssl->options.haveEMS; #ifdef WOLFSSL_SESSION_ID_CTX /* If using compatibility layer then check for and copy over session context * id. */ diff --git a/tests/api.c b/tests/api.c index ca24cce3f..ae6851dda 100644 --- a/tests/api.c +++ b/tests/api.c @@ -67624,6 +67624,7 @@ TEST_CASE testCases[] = { /* Uses Assert in handshake callback. */ TEST_DECL(test_wolfSSL_set_alpn_protos), #endif + TEST_DECL(test_tls_ems_downgrade), TEST_DECL(test_wolfSSL_DisableExtendedMasterSecret), TEST_DECL(test_wolfSSL_wolfSSL_UseSecureRenegotiation), TEST_DECL(test_wolfSSL_SCR_Reconnect), diff --git a/tests/api/test_tls_ext.c b/tests/api/test_tls_ext.c index ed57f075f..63525c2e1 100644 --- a/tests/api/test_tls_ext.c +++ b/tests/api/test_tls_ext.c @@ -35,9 +35,82 @@ #include #endif +#include #include +#include #include +int test_tls_ems_downgrade(void) +{ + EXPECT_DECLS; +#if defined(WOLFSSL_TLS13) && !defined(WOLFSSL_NO_TLS12) && \ + defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) && \ + defined(HAVE_SESSION_TICKET) + struct test_memio_ctx test_ctx; + WOLFSSL_CTX *ctx_c = NULL; + WOLFSSL_CTX *ctx_s = NULL; + WOLFSSL *ssl_c = NULL; + WOLFSSL *ssl_s = NULL; + WOLFSSL_SESSION* session = NULL; + /* TLS EMS extension in binary form */ + const char ems_ext[] = { 0x00, 0x17, 0x00, 0x00 }; + char data = 0; + + XMEMSET(&test_ctx, 0, sizeof(test_ctx)); + + ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s, + wolfTLS_client_method, wolfTLS_server_method), 0); + + ExpectIntEQ(wolfSSL_connect(ssl_c), -1); + ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ); + + /* Verify that the EMS extension is present in Client's message */ + ExpectNotNull(mymemmem(test_ctx.s_buff, test_ctx.s_len, + ems_ext, sizeof(ems_ext))); + + ExpectIntEQ(test_memio_do_handshake(ssl_c, ssl_s, 10, NULL), 0); + ExpectIntEQ(wolfSSL_version(ssl_c), TLS1_3_VERSION); + + /* Do a round of reads to exchange the ticket message */ + ExpectIntEQ(wolfSSL_read(ssl_s, &data, sizeof(data)), -1); + ExpectIntEQ(wolfSSL_get_error(ssl_s, -1), WOLFSSL_ERROR_WANT_READ); + ExpectIntEQ(wolfSSL_read(ssl_c, &data, sizeof(data)), -1); + ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ); + + ExpectNotNull(session = wolfSSL_get1_session(ssl_c)); + ExpectTrue(session->haveEMS); + + wolfSSL_free(ssl_c); + ssl_c = NULL; + wolfSSL_free(ssl_s); + ssl_s = NULL; + + ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s, + wolfTLS_client_method, wolfTLS_server_method), 0); + + /* Resuming the connection */ + ExpectIntEQ(wolfSSL_set_session(ssl_c, session), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_connect(ssl_c), -1); + ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ); + + /* Verify that the EMS extension is still present in the resumption CH + * even though we used TLS 1.3 */ + ExpectNotNull(mymemmem(test_ctx.s_buff, test_ctx.s_len, + ems_ext, sizeof(ems_ext))); + + ExpectIntEQ(test_memio_do_handshake(ssl_c, ssl_s, 10, NULL), 0); + ExpectIntEQ(wolfSSL_version(ssl_c), TLS1_3_VERSION); + + wolfSSL_SESSION_free(session); + wolfSSL_free(ssl_c); + wolfSSL_free(ssl_s); + wolfSSL_CTX_free(ctx_c); + wolfSSL_CTX_free(ctx_s); +#endif + return EXPECT_RESULT(); +} + + int test_wolfSSL_DisableExtendedMasterSecret(void) { EXPECT_DECLS; diff --git a/tests/api/test_tls_ext.h b/tests/api/test_tls_ext.h index 49bd5c038..b91114b7d 100644 --- a/tests/api/test_tls_ext.h +++ b/tests/api/test_tls_ext.h @@ -22,6 +22,7 @@ #ifndef TESTS_API_TEST_TLS_EMS_H #define TESTS_API_TEST_TLS_EMS_H +int test_tls_ems_downgrade(void); int test_wolfSSL_DisableExtendedMasterSecret(void); #endif /* TESTS_API_TEST_TLS_EMS_H */ From 89e392f1e8ee80c5a95929ceccf7868d6ac3775e Mon Sep 17 00:00:00 2001 From: Juliusz Sosinowicz Date: Tue, 25 Feb 2025 21:03:09 +0100 Subject: [PATCH 3/5] fixup! Move extended master secret testing to test_tls_ext --- tests/api/test_tls_ext.c | 10 +--------- 1 file changed, 1 insertion(+), 9 deletions(-) diff --git a/tests/api/test_tls_ext.c b/tests/api/test_tls_ext.c index 63525c2e1..92957d14f 100644 --- a/tests/api/test_tls_ext.c +++ b/tests/api/test_tls_ext.c @@ -19,14 +19,7 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ -#ifdef HAVE_CONFIG_H - #include -#endif - -#if !defined(WOLFSSL_USER_SETTINGS) && !defined(WOLFSSL_NO_OPTIONS_H) - #include -#endif -#include +#include #ifdef NO_INLINE #include @@ -36,7 +29,6 @@ #endif #include -#include #include #include From a240a5860516dd34ec0c3330e934c59a807c2913 Mon Sep 17 00:00:00 2001 From: Juliusz Sosinowicz Date: Tue, 8 Apr 2025 18:33:47 +0200 Subject: [PATCH 4/5] fixup! TLS EMS: Set haveEMS when we negotiate TLS 1.3 --- tests/api/test_tls_ext.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/api/test_tls_ext.c b/tests/api/test_tls_ext.c index 92957d14f..9e7c0f6d7 100644 --- a/tests/api/test_tls_ext.c +++ b/tests/api/test_tls_ext.c @@ -37,7 +37,7 @@ int test_tls_ems_downgrade(void) EXPECT_DECLS; #if defined(WOLFSSL_TLS13) && !defined(WOLFSSL_NO_TLS12) && \ defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) && \ - defined(HAVE_SESSION_TICKET) + defined(HAVE_SESSION_TICKET) && !defined(WOLFSSL_NO_DEF_TICKET_ENC_CB) struct test_memio_ctx test_ctx; WOLFSSL_CTX *ctx_c = NULL; WOLFSSL_CTX *ctx_s = NULL; From ab64597b62cc88c80067a8b4c621ea805b3baaef Mon Sep 17 00:00:00 2001 From: Juliusz Sosinowicz Date: Wed, 9 Apr 2025 14:36:29 +0200 Subject: [PATCH 5/5] fixup! Move extended master secret testing to test_tls_ext --- tests/api/test_tls_ext.c | 2 +- tests/api/test_tls_ext.h | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/api/test_tls_ext.c b/tests/api/test_tls_ext.c index 9e7c0f6d7..f9338410d 100644 --- a/tests/api/test_tls_ext.c +++ b/tests/api/test_tls_ext.c @@ -1,4 +1,4 @@ -/* test_tls_ems.c +/* test_tls_ext.c * * Copyright (C) 2006-2025 wolfSSL Inc. * diff --git a/tests/api/test_tls_ext.h b/tests/api/test_tls_ext.h index b91114b7d..5fcc10471 100644 --- a/tests/api/test_tls_ext.h +++ b/tests/api/test_tls_ext.h @@ -1,4 +1,4 @@ -/* test_tls_ems.h +/* test_tls_ext.h * * Copyright (C) 2006-2025 wolfSSL Inc. *