From 5934c1eecedc0f4776993e008dc0e2203a59d774 Mon Sep 17 00:00:00 2001 From: Juliusz Sosinowicz Date: Wed, 13 Aug 2025 20:10:48 +0200 Subject: [PATCH 1/2] Fix test_wolfSSL_tls_export - Add TLS_EXPORT_OPT_SZ_4 to specify previous option size - Actually pick up failures in the tests and propagate them to the top level - Tests v4 and v5 sessions Fixes https://github.com/wolfSSL/wolfssl/issues/9081 and https://github.com/wolfSSL/wolfssl/pull/9082 --- src/internal.c | 2 +- tests/api.c | 122 ++++++++++++++++++++++++++++++++------------- wolfssl/internal.h | 3 +- 3 files changed, 89 insertions(+), 38 deletions(-) diff --git a/src/internal.c b/src/internal.c index b817bbfa8..ca749e5f7 100644 --- a/src/internal.c +++ b/src/internal.c @@ -1911,7 +1911,7 @@ int wolfSSL_session_import_internal(WOLFSSL* ssl, const unsigned char* buf, optSz = DTLS_EXPORT_OPT_SZ_4; } else { - optSz = TLS_EXPORT_OPT_SZ; + optSz = TLS_EXPORT_OPT_SZ_4; } break; diff --git a/tests/api.c b/tests/api.c index dac4590cd..0d38f35a2 100644 --- a/tests/api.c +++ b/tests/api.c @@ -10955,7 +10955,7 @@ static int test_wolfSSL_dtls_export(void) #if defined(WOLFSSL_SESSION_EXPORT) && !defined(WOLFSSL_NO_TLS12) #ifdef WOLFSSL_TLS13 -static const byte canned_client_tls13_session[] = { +static const byte canned_client_tls13_session_v4[] = { 0xA7, 0xA4, 0x01, 0x18, 0x00, 0x41, 0x00, 0x00, 0x01, 0x00, 0x00, 0x80, 0x04, 0x00, 0x00, 0x00, 0x00, 0x80, 0x00, 0x1C, 0x01, 0x00, 0x00, 0x01, @@ -10994,6 +10994,33 @@ static const byte canned_client_tls13_session[] = { 0x00, 0x03 }; +static const byte canned_client_tls13_session_v5[] = { + 0xa7, 0xa5, 0x01, 0x19, 0x00, 0x42, 0x00, 0x00, 0x01, 0x00, 0x00, 0x80, + 0x04, 0x00, 0x00, 0x00, 0x00, 0x80, 0x00, 0x1c, 0x01, 0x00, 0x00, 0x01, + 0x00, 0x01, 0x01, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, + 0x00, 0x00, 0x00, 0x01, 0x01, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, + 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x13, 0x01, 0x0a, 0x0f, 0x10, + 0x01, 0x02, 0x09, 0x00, 0x05, 0x00, 0x00, 0x00, 0x00, 0x01, 0x03, 0x04, + 0x00, 0xb7, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x27, 0x00, 0x00, + 0x00, 0x11, 0x01, 0x01, 0x00, 0x20, 0x84, 0x4f, 0x18, 0xd8, 0xc1, 0x24, + 0xd8, 0xbb, 0x17, 0x9e, 0x31, 0xa3, 0xf8, 0xa7, 0x3c, 0xba, 0xec, 0xfa, + 0xb4, 0x7f, 0xc5, 0x78, 0xeb, 0x6d, 0xe3, 0x2b, 0x7b, 0x94, 0xbe, 0x20, + 0x11, 0x7e, 0x17, 0x10, 0xa7, 0x10, 0x19, 0xec, 0x62, 0xcc, 0xbe, 0xf5, + 0x01, 0x35, 0x3c, 0xea, 0xef, 0x44, 0x3c, 0x40, 0xa2, 0xbc, 0x18, 0x43, + 0xa1, 0xa1, 0x65, 0x5c, 0x48, 0xe2, 0xf9, 0x38, 0xeb, 0x11, 0x10, 0x72, + 0x7c, 0x78, 0x22, 0x13, 0x3b, 0x19, 0x40, 0xf0, 0x73, 0xbe, 0x96, 0x14, + 0x78, 0x26, 0xb9, 0x6b, 0x2e, 0x72, 0x22, 0x0d, 0x90, 0x94, 0xdd, 0x78, + 0x77, 0xfc, 0x0c, 0x2e, 0x63, 0x6e, 0xf0, 0x0c, 0x35, 0x41, 0xcd, 0xf3, + 0x49, 0x31, 0x08, 0xd0, 0x6f, 0x02, 0x3d, 0xc1, 0xd3, 0xb7, 0xee, 0x3a, + 0xa0, 0x8e, 0xa1, 0x4d, 0xc3, 0x2e, 0x5e, 0x06, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x0c, 0x35, 0x41, 0xcd, 0xf3, 0x49, 0x31, 0x08, + 0xd0, 0x6f, 0x02, 0x3d, 0xc1, 0xd3, 0xb7, 0xee, 0x3a, 0xa0, 0x8e, 0xa1, + 0x4d, 0xc3, 0x2e, 0x5e, 0x06, 0x00, 0x10, 0x00, 0x10, 0x00, 0x0c, 0x00, + 0x10, 0x00, 0x10, 0x07, 0x02, 0x04, 0x00, 0x00, 0x20, 0x28, 0x00, 0x00, + 0x06, 0x00, 0x00, 0x00, 0x00, 0x00, 0x03 +}; + static const byte canned_server_tls13_session[] = { 0xA7, 0xA4, 0x01, 0x18, 0x00, 0x41, 0x01, 0x00, 0x01, 0x00, 0x00, 0x80, 0x04, 0x00, 0x00, 0x00, @@ -11034,7 +11061,7 @@ static const byte canned_server_tls13_session[] = { }; #endif /* WOLFSSL_TLS13 */ -static const byte canned_client_session[] = { +static const byte canned_client_session_v4[] = { 0xA7, 0xA4, 0x01, 0x40, 0x00, 0x41, 0x00, 0x00, 0x00, 0x00, 0x00, 0x80, 0x02, 0x00, 0x00, 0x00, 0x00, 0x80, 0x00, 0x1C, 0x00, 0x00, 0x00, 0x01, @@ -11078,6 +11105,36 @@ static const byte canned_client_session[] = { 0x00, 0x03 }; +static const byte canned_client_session_v5[] = { + 0xa7, 0xa5, 0x01, 0x41, 0x00, 0x42, 0x00, 0x00, 0x00, 0x00, 0x00, 0x80, + 0x02, 0x00, 0x00, 0x00, 0x00, 0x80, 0x00, 0x1c, 0x00, 0x00, 0x00, 0x01, + 0x00, 0x01, 0x01, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, + 0x00, 0x00, 0x00, 0x01, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xc0, 0x27, 0x0a, 0x0d, 0x10, + 0x01, 0x01, 0x0a, 0x00, 0x05, 0x00, 0x01, 0x01, 0x01, 0x01, 0x03, 0x03, + 0x00, 0xbf, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x50, 0x00, 0x00, + 0x00, 0x0a, 0x01, 0x01, 0x00, 0x20, 0x69, 0x11, 0x6d, 0x97, 0x15, 0x6e, + 0x52, 0x27, 0xd6, 0x1d, 0x1d, 0xf5, 0x0d, 0x59, 0xa5, 0xac, 0x2e, 0x8c, + 0x0e, 0xcb, 0x26, 0x1e, 0xe2, 0xce, 0xbb, 0xce, 0xe1, 0x7d, 0xd7, 0xef, + 0xa5, 0x44, 0x80, 0x2a, 0xde, 0xbb, 0x75, 0xb0, 0x1d, 0x75, 0x17, 0x20, + 0x4c, 0x08, 0x05, 0x1b, 0xba, 0x60, 0x1f, 0x6c, 0x91, 0x8c, 0xaa, 0xbb, + 0xe5, 0xa3, 0x0b, 0x12, 0x3e, 0xc0, 0x35, 0x43, 0x1d, 0xe2, 0x10, 0xe2, + 0x02, 0x92, 0x4b, 0x8f, 0x05, 0xa9, 0x4b, 0xcc, 0x90, 0xc3, 0x0e, 0xc2, + 0x0f, 0xe9, 0x33, 0x85, 0x9b, 0x3c, 0x19, 0x21, 0xd5, 0x62, 0xe5, 0xe1, + 0x17, 0x8f, 0x8c, 0x19, 0x52, 0xd8, 0x59, 0x10, 0x2d, 0x20, 0x6f, 0xba, + 0xc1, 0x1c, 0xd1, 0x82, 0xc7, 0x32, 0x1b, 0xbb, 0xcc, 0x30, 0x03, 0xd7, + 0x3a, 0xc8, 0x18, 0xed, 0x58, 0xc8, 0x11, 0xfe, 0x71, 0x9c, 0x71, 0xd8, + 0x6b, 0xe0, 0x25, 0x64, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x0c, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x10, 0x00, 0x10, 0x00, 0x10, 0x00, 0x10, 0x00, 0x00, 0x06, + 0x01, 0x04, 0x08, 0x01, 0x20, 0x28, 0x00, 0x09, 0xe1, 0x50, 0x70, 0x02, + 0x2f, 0x7e, 0xda, 0xbd, 0x40, 0xc5, 0x58, 0x87, 0xce, 0x43, 0xf3, 0xc5, + 0x8f, 0xa1, 0x59, 0x93, 0xef, 0x7e, 0xd3, 0xd0, 0xb5, 0x87, 0x1d, 0x81, + 0x54, 0x14, 0x63, 0x00, 0x06, 0x00, 0x00, 0x00, 0x00, 0x00, 0x03 +}; + static const byte canned_server_session[] = { 0xA7, 0xA4, 0x01, 0x40, 0x00, 0x41, 0x00, 0x00, @@ -11123,7 +11180,6 @@ static const byte canned_server_session[] = { 0x00, 0x04 }; - static THREAD_RETURN WOLFSSL_THREAD tls_export_server(void* args) { SOCKET_T sockfd = 0; @@ -11263,7 +11319,9 @@ static void load_tls13_canned_server(WOLFSSL* ssl) /* v is for version WOLFSSL_TLSV1_2 or WOLFSSL_TLSV1_3 */ -static int test_wolfSSL_tls_export_run(int v) +static int test_wolfSSL_tls_export_run(method_provider server_method, + method_provider client_method, ssl_callback ssl_ready, + const byte* clientSession, int clientSessionSz, int cmpSess) { EXPECT_DECLS; SOCKET_T sockfd = 0; @@ -11273,8 +11331,6 @@ static int test_wolfSSL_tls_export_run(int v) char reply[1024]; word32 replySz; int msgSz = (int)XSTRLEN(msg); - const byte* clientSession = NULL; - int clientSessionSz = 0; tcp_ready ready; func_args server_args; @@ -11294,29 +11350,9 @@ static int test_wolfSSL_tls_export_run(int v) XMEMSET(&server_args, 0, sizeof(func_args)); XMEMSET(&server_cbf, 0, sizeof(callback_functions)); - switch (v) { - case WOLFSSL_TLSV1_2: - server_cbf.method = wolfTLSv1_2_server_method; - server_cbf.ssl_ready = load_tls12_canned_server; - - /* setup the client side */ - ExpectNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method())); - wolfSSL_CTX_set_cipher_list(ctx, "ECDHE-RSA-AES128-SHA256"); - clientSession = canned_client_session; - clientSessionSz = sizeof(canned_client_session); - break; - #ifdef WOLFSSL_TLS13 - case WOLFSSL_TLSV1_3: - server_cbf.method = wolfTLSv1_3_server_method; - server_cbf.ssl_ready = load_tls13_canned_server; - - /* setup the client side */ - ExpectNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_3_client_method())); - clientSession = canned_client_tls13_session; - clientSessionSz = sizeof(canned_client_tls13_session); - break; - #endif - } + server_cbf.method = server_method; + server_cbf.ssl_ready = ssl_ready; + ExpectNotNull(ctx = wolfSSL_CTX_new(client_method())); server_args.callbacks = &server_cbf; server_args.signal = &ready; @@ -11335,8 +11371,11 @@ static int test_wolfSSL_tls_export_run(int v) replySz = sizeof(reply); ExpectIntGT(wolfSSL_tls_export(ssl, (byte*)reply, &replySz), 0); #if !defined(NO_PSK) && defined(HAVE_ANON) - /* index 20 has is setting if PSK was on and 49 is if anon is allowed */ - ExpectIntEQ(XMEMCMP(reply, clientSession, replySz), 0); + if (cmpSess) { + /* index 20 has is setting if PSK was on and 49 is if anon is allowed */ + ExpectIntEQ(replySz, clientSessionSz); + ExpectBufEQ(reply, clientSession, replySz); + } #endif wolfSSL_set_fd(ssl, sockfd); @@ -11372,16 +11411,27 @@ static int test_wolfSSL_tls_export_run(int v) static int test_wolfSSL_tls_export(void) { - int res = TEST_SKIPPED; + EXPECT_DECLS; #if defined(WOLFSSL_SESSION_EXPORT) && !defined(WOLFSSL_NO_TLS12) - test_wolfSSL_tls_export_run(WOLFSSL_TLSV1_2); + EXPECT_TEST(test_wolfSSL_tls_export_run(wolfTLSv1_2_server_method, + wolfTLSv1_2_client_method, load_tls12_canned_server, + canned_client_session_v4, sizeof(canned_client_session_v4), 0)); + EXPECT_TEST(test_wolfSSL_tls_export_run(wolfTLSv1_2_server_method, + wolfTLSv1_2_client_method, load_tls12_canned_server, + canned_client_session_v5, sizeof(canned_client_session_v5), 1)); #ifdef WOLFSSL_TLS13 - test_wolfSSL_tls_export_run(WOLFSSL_TLSV1_3); + EXPECT_TEST(test_wolfSSL_tls_export_run(wolfTLSv1_3_server_method, + wolfTLSv1_3_client_method, load_tls13_canned_server, + canned_client_tls13_session_v4, sizeof(canned_client_tls13_session_v4), + 0)); + EXPECT_TEST(test_wolfSSL_tls_export_run(wolfTLSv1_3_server_method, + wolfTLSv1_3_client_method, load_tls13_canned_server, + canned_client_tls13_session_v5, sizeof(canned_client_tls13_session_v5), + 1)); #endif - res = TEST_RES_CHECK(1); #endif - return res; + return EXPECT_RESULT(); } /*----------------------------------------------------------------------------* diff --git a/wolfssl/internal.h b/wolfssl/internal.h index f9ed298f3..9a7445431 100644 --- a/wolfssl/internal.h +++ b/wolfssl/internal.h @@ -1713,7 +1713,8 @@ enum Misc { TLS_EXPORT_PRO = 167,/* wolfSSL protocol for serialized TLS */ DTLS_EXPORT_OPT_SZ = 62, /* amount of bytes used from Options */ DTLS_EXPORT_OPT_SZ_4 = 61, /* amount of bytes used from Options */ - TLS_EXPORT_OPT_SZ = 65, /* amount of bytes used from Options */ + TLS_EXPORT_OPT_SZ = 66, /* amount of bytes used from Options */ + TLS_EXPORT_OPT_SZ_4 = 65, /* amount of bytes used from Options */ DTLS_EXPORT_OPT_SZ_3 = 60, /* amount of bytes used from Options */ DTLS_EXPORT_KEY_SZ = 325 + (DTLS_SEQ_SZ * 2), /* max amount of bytes used from Keys */ From d26b2811e02521d39b5bc2eb3c18bf77c0c781c0 Mon Sep 17 00:00:00 2001 From: Juliusz Sosinowicz Date: Tue, 26 Aug 2025 16:40:17 +0200 Subject: [PATCH 2/2] test_wolfSSL_tls_export_run: silence unused cmpSess warning --- tests/api.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tests/api.c b/tests/api.c index 0d38f35a2..5714ed0fa 100644 --- a/tests/api.c +++ b/tests/api.c @@ -11341,6 +11341,8 @@ static int test_wolfSSL_tls_export_run(method_provider server_method, fdOpenSession(Task_self()); #endif + (void)cmpSess; + InitTcpReady(&ready); #if defined(USE_WINDOWS_API)