diff --git a/src/internal.c b/src/internal.c index b817bbfa8..ca749e5f7 100644 --- a/src/internal.c +++ b/src/internal.c @@ -1911,7 +1911,7 @@ int wolfSSL_session_import_internal(WOLFSSL* ssl, const unsigned char* buf, optSz = DTLS_EXPORT_OPT_SZ_4; } else { - optSz = TLS_EXPORT_OPT_SZ; + optSz = TLS_EXPORT_OPT_SZ_4; } break; diff --git a/tests/api.c b/tests/api.c index a0b059fc8..fb2df5692 100644 --- a/tests/api.c +++ b/tests/api.c @@ -10956,7 +10956,7 @@ static int test_wolfSSL_dtls_export(void) #if defined(WOLFSSL_SESSION_EXPORT) && !defined(WOLFSSL_NO_TLS12) #ifdef WOLFSSL_TLS13 -static const byte canned_client_tls13_session[] = { +static const byte canned_client_tls13_session_v4[] = { 0xA7, 0xA4, 0x01, 0x18, 0x00, 0x41, 0x00, 0x00, 0x01, 0x00, 0x00, 0x80, 0x04, 0x00, 0x00, 0x00, 0x00, 0x80, 0x00, 0x1C, 0x01, 0x00, 0x00, 0x01, @@ -10995,6 +10995,33 @@ static const byte canned_client_tls13_session[] = { 0x00, 0x03 }; +static const byte canned_client_tls13_session_v5[] = { + 0xa7, 0xa5, 0x01, 0x19, 0x00, 0x42, 0x00, 0x00, 0x01, 0x00, 0x00, 0x80, + 0x04, 0x00, 0x00, 0x00, 0x00, 0x80, 0x00, 0x1c, 0x01, 0x00, 0x00, 0x01, + 0x00, 0x01, 0x01, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, + 0x00, 0x00, 0x00, 0x01, 0x01, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, + 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x13, 0x01, 0x0a, 0x0f, 0x10, + 0x01, 0x02, 0x09, 0x00, 0x05, 0x00, 0x00, 0x00, 0x00, 0x01, 0x03, 0x04, + 0x00, 0xb7, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x27, 0x00, 0x00, + 0x00, 0x11, 0x01, 0x01, 0x00, 0x20, 0x84, 0x4f, 0x18, 0xd8, 0xc1, 0x24, + 0xd8, 0xbb, 0x17, 0x9e, 0x31, 0xa3, 0xf8, 0xa7, 0x3c, 0xba, 0xec, 0xfa, + 0xb4, 0x7f, 0xc5, 0x78, 0xeb, 0x6d, 0xe3, 0x2b, 0x7b, 0x94, 0xbe, 0x20, + 0x11, 0x7e, 0x17, 0x10, 0xa7, 0x10, 0x19, 0xec, 0x62, 0xcc, 0xbe, 0xf5, + 0x01, 0x35, 0x3c, 0xea, 0xef, 0x44, 0x3c, 0x40, 0xa2, 0xbc, 0x18, 0x43, + 0xa1, 0xa1, 0x65, 0x5c, 0x48, 0xe2, 0xf9, 0x38, 0xeb, 0x11, 0x10, 0x72, + 0x7c, 0x78, 0x22, 0x13, 0x3b, 0x19, 0x40, 0xf0, 0x73, 0xbe, 0x96, 0x14, + 0x78, 0x26, 0xb9, 0x6b, 0x2e, 0x72, 0x22, 0x0d, 0x90, 0x94, 0xdd, 0x78, + 0x77, 0xfc, 0x0c, 0x2e, 0x63, 0x6e, 0xf0, 0x0c, 0x35, 0x41, 0xcd, 0xf3, + 0x49, 0x31, 0x08, 0xd0, 0x6f, 0x02, 0x3d, 0xc1, 0xd3, 0xb7, 0xee, 0x3a, + 0xa0, 0x8e, 0xa1, 0x4d, 0xc3, 0x2e, 0x5e, 0x06, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x0c, 0x35, 0x41, 0xcd, 0xf3, 0x49, 0x31, 0x08, + 0xd0, 0x6f, 0x02, 0x3d, 0xc1, 0xd3, 0xb7, 0xee, 0x3a, 0xa0, 0x8e, 0xa1, + 0x4d, 0xc3, 0x2e, 0x5e, 0x06, 0x00, 0x10, 0x00, 0x10, 0x00, 0x0c, 0x00, + 0x10, 0x00, 0x10, 0x07, 0x02, 0x04, 0x00, 0x00, 0x20, 0x28, 0x00, 0x00, + 0x06, 0x00, 0x00, 0x00, 0x00, 0x00, 0x03 +}; + static const byte canned_server_tls13_session[] = { 0xA7, 0xA4, 0x01, 0x18, 0x00, 0x41, 0x01, 0x00, 0x01, 0x00, 0x00, 0x80, 0x04, 0x00, 0x00, 0x00, @@ -11035,7 +11062,7 @@ static const byte canned_server_tls13_session[] = { }; #endif /* WOLFSSL_TLS13 */ -static const byte canned_client_session[] = { +static const byte canned_client_session_v4[] = { 0xA7, 0xA4, 0x01, 0x40, 0x00, 0x41, 0x00, 0x00, 0x00, 0x00, 0x00, 0x80, 0x02, 0x00, 0x00, 0x00, 0x00, 0x80, 0x00, 0x1C, 0x00, 0x00, 0x00, 0x01, @@ -11079,6 +11106,36 @@ static const byte canned_client_session[] = { 0x00, 0x03 }; +static const byte canned_client_session_v5[] = { + 0xa7, 0xa5, 0x01, 0x41, 0x00, 0x42, 0x00, 0x00, 0x00, 0x00, 0x00, 0x80, + 0x02, 0x00, 0x00, 0x00, 0x00, 0x80, 0x00, 0x1c, 0x00, 0x00, 0x00, 0x01, + 0x00, 0x01, 0x01, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, + 0x00, 0x00, 0x00, 0x01, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xc0, 0x27, 0x0a, 0x0d, 0x10, + 0x01, 0x01, 0x0a, 0x00, 0x05, 0x00, 0x01, 0x01, 0x01, 0x01, 0x03, 0x03, + 0x00, 0xbf, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x50, 0x00, 0x00, + 0x00, 0x0a, 0x01, 0x01, 0x00, 0x20, 0x69, 0x11, 0x6d, 0x97, 0x15, 0x6e, + 0x52, 0x27, 0xd6, 0x1d, 0x1d, 0xf5, 0x0d, 0x59, 0xa5, 0xac, 0x2e, 0x8c, + 0x0e, 0xcb, 0x26, 0x1e, 0xe2, 0xce, 0xbb, 0xce, 0xe1, 0x7d, 0xd7, 0xef, + 0xa5, 0x44, 0x80, 0x2a, 0xde, 0xbb, 0x75, 0xb0, 0x1d, 0x75, 0x17, 0x20, + 0x4c, 0x08, 0x05, 0x1b, 0xba, 0x60, 0x1f, 0x6c, 0x91, 0x8c, 0xaa, 0xbb, + 0xe5, 0xa3, 0x0b, 0x12, 0x3e, 0xc0, 0x35, 0x43, 0x1d, 0xe2, 0x10, 0xe2, + 0x02, 0x92, 0x4b, 0x8f, 0x05, 0xa9, 0x4b, 0xcc, 0x90, 0xc3, 0x0e, 0xc2, + 0x0f, 0xe9, 0x33, 0x85, 0x9b, 0x3c, 0x19, 0x21, 0xd5, 0x62, 0xe5, 0xe1, + 0x17, 0x8f, 0x8c, 0x19, 0x52, 0xd8, 0x59, 0x10, 0x2d, 0x20, 0x6f, 0xba, + 0xc1, 0x1c, 0xd1, 0x82, 0xc7, 0x32, 0x1b, 0xbb, 0xcc, 0x30, 0x03, 0xd7, + 0x3a, 0xc8, 0x18, 0xed, 0x58, 0xc8, 0x11, 0xfe, 0x71, 0x9c, 0x71, 0xd8, + 0x6b, 0xe0, 0x25, 0x64, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x0c, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x10, 0x00, 0x10, 0x00, 0x10, 0x00, 0x10, 0x00, 0x00, 0x06, + 0x01, 0x04, 0x08, 0x01, 0x20, 0x28, 0x00, 0x09, 0xe1, 0x50, 0x70, 0x02, + 0x2f, 0x7e, 0xda, 0xbd, 0x40, 0xc5, 0x58, 0x87, 0xce, 0x43, 0xf3, 0xc5, + 0x8f, 0xa1, 0x59, 0x93, 0xef, 0x7e, 0xd3, 0xd0, 0xb5, 0x87, 0x1d, 0x81, + 0x54, 0x14, 0x63, 0x00, 0x06, 0x00, 0x00, 0x00, 0x00, 0x00, 0x03 +}; + static const byte canned_server_session[] = { 0xA7, 0xA4, 0x01, 0x40, 0x00, 0x41, 0x00, 0x00, @@ -11124,7 +11181,6 @@ static const byte canned_server_session[] = { 0x00, 0x04 }; - static THREAD_RETURN WOLFSSL_THREAD tls_export_server(void* args) { SOCKET_T sockfd = 0; @@ -11264,7 +11320,9 @@ static void load_tls13_canned_server(WOLFSSL* ssl) /* v is for version WOLFSSL_TLSV1_2 or WOLFSSL_TLSV1_3 */ -static int test_wolfSSL_tls_export_run(int v) +static int test_wolfSSL_tls_export_run(method_provider server_method, + method_provider client_method, ssl_callback ssl_ready, + const byte* clientSession, int clientSessionSz, int cmpSess) { EXPECT_DECLS; SOCKET_T sockfd = 0; @@ -11274,8 +11332,6 @@ static int test_wolfSSL_tls_export_run(int v) char reply[1024]; word32 replySz; int msgSz = (int)XSTRLEN(msg); - const byte* clientSession = NULL; - int clientSessionSz = 0; tcp_ready ready; func_args server_args; @@ -11286,6 +11342,8 @@ static int test_wolfSSL_tls_export_run(int v) fdOpenSession(Task_self()); #endif + (void)cmpSess; + InitTcpReady(&ready); #if defined(USE_WINDOWS_API) @@ -11295,29 +11353,9 @@ static int test_wolfSSL_tls_export_run(int v) XMEMSET(&server_args, 0, sizeof(func_args)); XMEMSET(&server_cbf, 0, sizeof(callback_functions)); - switch (v) { - case WOLFSSL_TLSV1_2: - server_cbf.method = wolfTLSv1_2_server_method; - server_cbf.ssl_ready = load_tls12_canned_server; - - /* setup the client side */ - ExpectNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method())); - wolfSSL_CTX_set_cipher_list(ctx, "ECDHE-RSA-AES128-SHA256"); - clientSession = canned_client_session; - clientSessionSz = sizeof(canned_client_session); - break; - #ifdef WOLFSSL_TLS13 - case WOLFSSL_TLSV1_3: - server_cbf.method = wolfTLSv1_3_server_method; - server_cbf.ssl_ready = load_tls13_canned_server; - - /* setup the client side */ - ExpectNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_3_client_method())); - clientSession = canned_client_tls13_session; - clientSessionSz = sizeof(canned_client_tls13_session); - break; - #endif - } + server_cbf.method = server_method; + server_cbf.ssl_ready = ssl_ready; + ExpectNotNull(ctx = wolfSSL_CTX_new(client_method())); server_args.callbacks = &server_cbf; server_args.signal = &ready; @@ -11336,8 +11374,11 @@ static int test_wolfSSL_tls_export_run(int v) replySz = sizeof(reply); ExpectIntGT(wolfSSL_tls_export(ssl, (byte*)reply, &replySz), 0); #if !defined(NO_PSK) && defined(HAVE_ANON) - /* index 20 has is setting if PSK was on and 49 is if anon is allowed */ - ExpectIntEQ(XMEMCMP(reply, clientSession, replySz), 0); + if (cmpSess) { + /* index 20 has is setting if PSK was on and 49 is if anon is allowed */ + ExpectIntEQ(replySz, clientSessionSz); + ExpectBufEQ(reply, clientSession, replySz); + } #endif wolfSSL_set_fd(ssl, sockfd); @@ -11373,16 +11414,27 @@ static int test_wolfSSL_tls_export_run(int v) static int test_wolfSSL_tls_export(void) { - int res = TEST_SKIPPED; + EXPECT_DECLS; #if defined(WOLFSSL_SESSION_EXPORT) && !defined(WOLFSSL_NO_TLS12) - test_wolfSSL_tls_export_run(WOLFSSL_TLSV1_2); + EXPECT_TEST(test_wolfSSL_tls_export_run(wolfTLSv1_2_server_method, + wolfTLSv1_2_client_method, load_tls12_canned_server, + canned_client_session_v4, sizeof(canned_client_session_v4), 0)); + EXPECT_TEST(test_wolfSSL_tls_export_run(wolfTLSv1_2_server_method, + wolfTLSv1_2_client_method, load_tls12_canned_server, + canned_client_session_v5, sizeof(canned_client_session_v5), 1)); #ifdef WOLFSSL_TLS13 - test_wolfSSL_tls_export_run(WOLFSSL_TLSV1_3); + EXPECT_TEST(test_wolfSSL_tls_export_run(wolfTLSv1_3_server_method, + wolfTLSv1_3_client_method, load_tls13_canned_server, + canned_client_tls13_session_v4, sizeof(canned_client_tls13_session_v4), + 0)); + EXPECT_TEST(test_wolfSSL_tls_export_run(wolfTLSv1_3_server_method, + wolfTLSv1_3_client_method, load_tls13_canned_server, + canned_client_tls13_session_v5, sizeof(canned_client_tls13_session_v5), + 1)); #endif - res = TEST_RES_CHECK(1); #endif - return res; + return EXPECT_RESULT(); } /*----------------------------------------------------------------------------* diff --git a/wolfssl/internal.h b/wolfssl/internal.h index f9ed298f3..9a7445431 100644 --- a/wolfssl/internal.h +++ b/wolfssl/internal.h @@ -1713,7 +1713,8 @@ enum Misc { TLS_EXPORT_PRO = 167,/* wolfSSL protocol for serialized TLS */ DTLS_EXPORT_OPT_SZ = 62, /* amount of bytes used from Options */ DTLS_EXPORT_OPT_SZ_4 = 61, /* amount of bytes used from Options */ - TLS_EXPORT_OPT_SZ = 65, /* amount of bytes used from Options */ + TLS_EXPORT_OPT_SZ = 66, /* amount of bytes used from Options */ + TLS_EXPORT_OPT_SZ_4 = 65, /* amount of bytes used from Options */ DTLS_EXPORT_OPT_SZ_3 = 60, /* amount of bytes used from Options */ DTLS_EXPORT_KEY_SZ = 325 + (DTLS_SEQ_SZ * 2), /* max amount of bytes used from Keys */