From b57cf802eb1fa7df4beb4961cd2fdd5f0ea0c101 Mon Sep 17 00:00:00 2001
From: Juliusz Sosinowicz <juliusz@wolfssl.com>
Date: Tue, 30 Jun 2020 20:17:21 +0200
Subject: [PATCH 1/4] Expose session serialization outside of `OPENSSL_EXTRA`

Use `./configure CFLAGS='-DHAVE_EXT_CACHE'` to enable session serialization without `OPENSSL_EXTRA`.
---
 configure.ac |  1 +
 src/ssl.c    | 34 +++++++++++++++-------------------
 tests/api.c  |  8 ++++++--
 3 files changed, 22 insertions(+), 21 deletions(-)

diff --git a/configure.ac b/configure.ac
index 6e1dce91c..f1fdac7a7 100644
--- a/configure.ac
+++ b/configure.ac
@@ -587,6 +587,7 @@ if test "$ENABLED_OPENSSLEXTRA" = "yes" && test "x$ENABLED_OPENSSLCOEXIST" = "xn
 then
   AM_CFLAGS="-DOPENSSL_EXTRA -DWOLFSSL_ALWAYS_VERIFY_CB $AM_CFLAGS"
   AM_CFLAGS="-DWOLFSSL_VERIFY_CB_ALL_CERTS -DWOLFSSL_EXTRA_ALERTS $AM_CFLAGS"
+  AM_CFLAGS="-DHAVE_EXT_CACHE $AM_CFLAGS"
 fi
 
 if test "$ENABLED_OPENSSLEXTRA" = "yes" && test "$ENABLED_SMALL" = "yes"
diff --git a/src/ssl.c b/src/ssl.c
index f95ec4f1b..3ba07f14c 100644
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -16696,19 +16696,6 @@ size_t wolfSSL_get_client_random(const WOLFSSL* ssl, unsigned char* out,
         return WOLFSSL_SUCCESS;
     }
 
-    long wolfSSL_SSL_SESSION_set_timeout(WOLFSSL_SESSION* ses, long t)
-    {
-        word32 tmptime;
-        if (!ses || t < 0)
-            return BAD_FUNC_ARG;
-
-        tmptime = t & 0xFFFFFFFF;
-
-        ses->timeout = tmptime;
-
-        return WOLFSSL_SUCCESS;
-    }
-
 #endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */
 
 #if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER)
@@ -27019,9 +27006,6 @@ void wolfSSL_CTX_sess_set_new_cb(WOLFSSL_CTX* ctx,
 #endif
 }
 
-#endif /* OPENSSL_EXTRA || HAVE_EXT_CACHE */
-
-#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)
 void wolfSSL_CTX_sess_set_remove_cb(WOLFSSL_CTX* ctx, void (*f)(WOLFSSL_CTX*,
                                                         WOLFSSL_SESSION*))
 {
@@ -27034,9 +27018,7 @@ void wolfSSL_CTX_sess_set_remove_cb(WOLFSSL_CTX* ctx, void (*f)(WOLFSSL_CTX*,
     (void)f;
 #endif
 }
-#endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */
 
-#ifdef OPENSSL_EXTRA
 
 /*
  *
@@ -27409,7 +27391,9 @@ end:
     return s;
 }
 
+#endif /* OPENSSL_EXTRA || HAVE_EXT_CACHE */
 
+#if defined(OPENSSL_EXTRA) || defined(HAVE_EXT_CACHE)
 long wolfSSL_SESSION_get_timeout(const WOLFSSL_SESSION* sess)
 {
     long timeout = 0;
@@ -27429,8 +27413,20 @@ long wolfSSL_SESSION_get_time(const WOLFSSL_SESSION* sess)
     return bornOn;
 }
 
+long wolfSSL_SSL_SESSION_set_timeout(WOLFSSL_SESSION* ses, long t)
+{
+    word32 tmptime;
+    if (!ses || t < 0)
+        return BAD_FUNC_ARG;
 
-#endif /* OPENSSL_EXTRA */
+    tmptime = t & 0xFFFFFFFF;
+
+    ses->timeout = tmptime;
+
+    return WOLFSSL_SUCCESS;
+}
+
+#endif /* OPENSSL_EXTRA || HAVE_EXT_CACHE */
 
 
 #ifdef KEEP_PEER_CERT
diff --git a/tests/api.c b/tests/api.c
index 048bea8d1..353805885 100644
--- a/tests/api.c
+++ b/tests/api.c
@@ -25900,7 +25900,7 @@ static void test_wolfSSL_BIO_f_md(void)
 
 static void test_wolfSSL_SESSION(void)
 {
-#if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && \
+#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && \
     !defined(NO_RSA) && defined(HAVE_EXT_CACHE) && \
     defined(HAVE_IO_TESTS_DEPENDENCIES)
 
@@ -25908,10 +25908,12 @@ static void test_wolfSSL_SESSION(void)
     WOLFSSL_CTX* ctx;
     WOLFSSL_SESSION* sess;
     WOLFSSL_SESSION* sess_copy;
-    const unsigned char context[] = "user app context";
     unsigned char* sessDer = NULL;
     unsigned char* ptr     = NULL;
+#ifdef OPENSSL_EXTRA
+    const unsigned char context[] = "user app context";
     unsigned int contextSz = (unsigned int)sizeof(context);
+#endif
     int ret, err, sockfd, sz;
     tcp_ready ready;
     func_args server_args;
@@ -26040,6 +26042,7 @@ static void test_wolfSSL_SESSION(void)
     }
 #endif
 
+#ifdef OPENSSL_EXTRA
     /* fail case with miss match session context IDs (use compatibility API) */
     AssertIntEQ(SSL_set_session_id_context(ssl, context, contextSz),
             SSL_SUCCESS);
@@ -26051,6 +26054,7 @@ static void test_wolfSSL_SESSION(void)
             SSL_SUCCESS);
     AssertNotNull(ssl = wolfSSL_new(ctx));
     AssertIntEQ(wolfSSL_set_session(ssl, sess), SSL_FAILURE);
+#endif
     wolfSSL_free(ssl);
 
     SSL_SESSION_free(sess);

From e63a80f1af3494dbd92613c214220a1c3df8feeb Mon Sep 17 00:00:00 2001
From: Juliusz Sosinowicz <juliusz@wolfssl.com>
Date: Tue, 30 Jun 2020 21:21:43 +0200
Subject: [PATCH 2/4] Use `NO_SESSION_CACHE` as well in preproc checks

---
 examples/client/client.c | 2 +-
 src/ssl.c                | 8 +++-----
 tests/api.c              | 2 +-
 3 files changed, 5 insertions(+), 7 deletions(-)

diff --git a/examples/client/client.c b/examples/client/client.c
index badd47ccb..430e5d2a7 100644
--- a/examples/client/client.c
+++ b/examples/client/client.c
@@ -2410,7 +2410,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
     wolfSSL_CTX_SetCACb(ctx, CaCb);
 #endif
 
-#ifdef HAVE_EXT_CACHE
+#if defined(HAVE_EXT_CACHE) && !defined(NO_SESSION_CACHE)
     wolfSSL_CTX_sess_set_get_cb(ctx, mySessGetCb);
     wolfSSL_CTX_sess_set_new_cb(ctx, mySessNewCb);
     wolfSSL_CTX_sess_set_remove_cb(ctx, mySessRemCb);
diff --git a/src/ssl.c b/src/ssl.c
index 3ba07f14c..dfb6faf05 100644
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -26974,7 +26974,8 @@ int wolfSSL_sk_SSL_COMP_num(WOLF_STACK_OF(WOLFSSL_COMP)* sk)
 
 #endif /* OPENSSL_EXTRA */
 
-#if defined(OPENSSL_EXTRA) || defined(HAVE_EXT_CACHE)
+#if !defined(NO_SESSION_CACHE) && (defined(OPENSSL_EXTRA) || \
+        defined(HAVE_EXT_CACHE))
 /* stunnel 4.28 needs
  *
  * Callback that is called if a session tries to resume but could not find
@@ -27391,9 +27392,6 @@ end:
     return s;
 }
 
-#endif /* OPENSSL_EXTRA || HAVE_EXT_CACHE */
-
-#if defined(OPENSSL_EXTRA) || defined(HAVE_EXT_CACHE)
 long wolfSSL_SESSION_get_timeout(const WOLFSSL_SESSION* sess)
 {
     long timeout = 0;
@@ -27426,7 +27424,7 @@ long wolfSSL_SSL_SESSION_set_timeout(WOLFSSL_SESSION* ses, long t)
     return WOLFSSL_SUCCESS;
 }
 
-#endif /* OPENSSL_EXTRA || HAVE_EXT_CACHE */
+#endif /* !NO_SESSION_CACHE && OPENSSL_EXTRA || HAVE_EXT_CACHE */
 
 
 #ifdef KEEP_PEER_CERT
diff --git a/tests/api.c b/tests/api.c
index 353805885..c22a7a353 100644
--- a/tests/api.c
+++ b/tests/api.c
@@ -25902,7 +25902,7 @@ static void test_wolfSSL_SESSION(void)
 {
 #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && \
     !defined(NO_RSA) && defined(HAVE_EXT_CACHE) && \
-    defined(HAVE_IO_TESTS_DEPENDENCIES)
+    defined(HAVE_IO_TESTS_DEPENDENCIES) && !defined(NO_SESSION_CACHE)
 
     WOLFSSL*     ssl;
     WOLFSSL_CTX* ctx;

From fd79ebfe8d925fea13b8ef40eab11d2ec073b7b4 Mon Sep 17 00:00:00 2001
From: Juliusz Sosinowicz <juliusz@wolfssl.com>
Date: Wed, 1 Jul 2020 20:24:50 +0200
Subject: [PATCH 3/4] TLS 1.3 requires chacha and poly1305 for myTicketEncCb

---
 tests/api.c | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/tests/api.c b/tests/api.c
index c22a7a353..0cceb02a7 100644
--- a/tests/api.c
+++ b/tests/api.c
@@ -25922,7 +25922,10 @@ static void test_wolfSSL_SESSION(void)
 
     printf(testingFmt, "wolfSSL_SESSION()");
     /* TLS v1.3 requires session tickets */
-#if defined(WOLFSSL_TLS13) && !defined(HAVE_SESSION_TICKET) && !defined(WOLFSSL_NO_TLS12)
+    /* CHACHA and POLY1305 required for myTicketEncCb */
+#if defined(WOLFSSL_TLS13) && (!defined(HAVE_SESSION_TICKET) && \
+    !defined(WOLFSSL_NO_TLS12) || !(defined(HAVE_CHACHA) && \
+            defined(HAVE_POLY1305)))
     AssertNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method()));
 #else
     AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
@@ -25988,7 +25991,7 @@ static void test_wolfSSL_SESSION(void)
     fdOpenSession(Task_self());
 #endif
 
-#if defined(SESSION_CERTS)
+#if defined(SESSION_CERTS) && defined(OPENSSL_EXTRA)
     {
         X509 *x509;
         char buf[30];

From 3efd8a8576ca9887cb7af9f35a0b84425a5d7f47 Mon Sep 17 00:00:00 2001
From: Juliusz Sosinowicz <juliusz@wolfssl.com>
Date: Thu, 2 Jul 2020 14:59:07 +0200
Subject: [PATCH 4/4] Jenkins fixes

---
 examples/client/client.c | 3 ++-
 src/ssl.c                | 3 +++
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/examples/client/client.c b/examples/client/client.c
index 430e5d2a7..e3e65bdc4 100644
--- a/examples/client/client.c
+++ b/examples/client/client.c
@@ -3172,7 +3172,8 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
     }
 #endif
 
-#if defined(OPENSSL_EXTRA) && defined(HAVE_EXT_CACHE)
+#if !defined(NO_SESSION_CACHE) && (defined(OPENSSL_EXTRA) || \
+        defined(HAVE_EXT_CACHE))
     if (session != NULL && resumeSession) {
         flatSessionSz = wolfSSL_i2d_SSL_SESSION(session, NULL);
         if (flatSessionSz != 0) {
diff --git a/src/ssl.c b/src/ssl.c
index dfb6faf05..aa72e0199 100644
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -42190,6 +42190,8 @@ int wolfSSL_SESSION_print(WOLFSSL_BIO *bp, const WOLFSSL_SESSION *x)
         return WOLFSSL_FAILURE;
 #endif
 
+#if !defined(NO_SESSION_CACHE) && (defined(OPENSSL_EXTRA) || \
+        defined(HAVE_EXT_CACHE))
     if (wolfSSL_BIO_printf(bp, "    Start Time: %ld\n",
                 wolfSSL_SESSION_get_time(x)) <= 0)
         return WOLFSSL_FAILURE;
@@ -42197,6 +42199,7 @@ int wolfSSL_SESSION_print(WOLFSSL_BIO *bp, const WOLFSSL_SESSION *x)
     if (wolfSSL_BIO_printf(bp, "    Timeout   : %ld (sec)\n",
             wolfSSL_SESSION_get_timeout(x)) <= 0)
         return WOLFSSL_FAILURE;
+#endif /* !NO_SESSION_CACHE && OPENSSL_EXTRA || HAVE_EXT_CACHE */
 
     /* @TODO verify return code print */