From bc574f793067990a7bbcc085c70a54dfcd0dab3d Mon Sep 17 00:00:00 2001 From: Marco Oliverio Date: Tue, 26 May 2026 08:42:15 +0200 Subject: [PATCH] dtls13: WOLFSSL_DTLS13_5_9_0_COMPAT -> WOLFSSL_DTLS13_ECHO_LEGACY_SESSION_ID --- .wolfssl_known_macro_extras | 2 +- src/dtls.c | 2 +- src/tls13.c | 8 ++++---- tests/api/test_dtls.c | 6 +++--- 4 files changed, 9 insertions(+), 9 deletions(-) diff --git a/.wolfssl_known_macro_extras b/.wolfssl_known_macro_extras index 760b7ca262..841e220f92 100644 --- a/.wolfssl_known_macro_extras +++ b/.wolfssl_known_macro_extras @@ -744,7 +744,7 @@ WOLFSSL_DRBG_SHA256 WOLFSSL_DTLS_DISALLOW_FUTURE WOLFSSL_DTLS_RECORDS_CAN_SPAN_DATAGRAMS WOLFSSL_DTLS_RESEND_ONLY_TIMEOUT -WOLFSSL_DTLS13_5_9_0_COMPAT +WOLFSSL_DTLS13_ECHO_LEGACY_SESSION_ID WOLFSSL_DUMP_MEMIO_STREAM WOLFSSL_DUP_CERTPOL WOLFSSL_EARLY_DATA_NO_ANTI_REPLAY diff --git a/src/dtls.c b/src/dtls.c index a22b5768bb..ef8a5f9ef7 100644 --- a/src/dtls.c +++ b/src/dtls.c @@ -860,7 +860,7 @@ static int SendStatelessReplyDtls13(const WOLFSSL* ssl, WolfSSL_CH* ch) nonConstSSL->options.tls1_1 = 1; nonConstSSL->options.tls1_3 = 1; -#ifdef WOLFSSL_DTLS13_5_9_0_COMPAT +#ifdef WOLFSSL_DTLS13_ECHO_LEGACY_SESSION_ID nonConstSSL->session->sessionIDSz = (byte)ch->sessionId.size; if (ch->sessionId.size > 0) XMEMCPY(nonConstSSL->session->sessionID, ch->sessionId.elements, diff --git a/src/tls13.c b/src/tls13.c index 174b0d4684..8138eb426b 100644 --- a/src/tls13.c +++ b/src/tls13.c @@ -5776,7 +5776,7 @@ int DoTls13ServerHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx, /* RFC 9147 Section 5.3 / RFC 9001 Section 8.4: DTLS 1.3 and QUIC * ServerHello must have empty legacy_session_id_echo. */ int requireEmptyEcho = 1; -#ifdef WOLFSSL_DTLS13_5_9_0_COMPAT +#ifdef WOLFSSL_DTLS13_ECHO_LEGACY_SESSION_ID /* Compat: a wolfSSL <= 5.9.0 DTLS 1.3 server echoes the client's * legacy_session_id; accept any echo. */ if (ssl->options.dtls) @@ -6980,7 +6980,7 @@ static int RestartHandshakeHashWithCookie(WOLFSSL* ssl, Cookie* cookie) /* Reconstruct the HelloRetryMessage for handshake hash. */ sessIdSz = ssl->session->sessionIDSz; -#if defined(WOLFSSL_DTLS13) && !defined(WOLFSSL_DTLS13_5_9_0_COMPAT) +#if defined(WOLFSSL_DTLS13) && !defined(WOLFSSL_DTLS13_ECHO_LEGACY_SESSION_ID) /* RFC 9147 Section 5.3: DTLS 1.3 must use empty legacy_session_id. */ if (ssl->options.dtls) sessIdSz = 0; @@ -7460,7 +7460,7 @@ int DoTls13ClientHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx, if (sessIdSz + args->idx > helloSz) ERROR_OUT(BUFFER_ERROR, exit_dch); -#if defined(WOLFSSL_DTLS13) && !defined(WOLFSSL_DTLS13_5_9_0_COMPAT) +#if defined(WOLFSSL_DTLS13) && !defined(WOLFSSL_DTLS13_ECHO_LEGACY_SESSION_ID) /* RFC 9147 Section 5.3: DTLS 1.3 ServerHello must have empty * legacy_session_id_echo. Don't store the client's value so it * won't be echoed in SendTls13ServerHello. */ @@ -8065,7 +8065,7 @@ int SendTls13ServerHello(WOLFSSL* ssl, byte extMsgType) WOLFSSL_BUFFER(ssl->arrays->serverRandom, RAN_LEN); #endif -#if defined(WOLFSSL_DTLS13) && !defined(WOLFSSL_DTLS13_5_9_0_COMPAT) +#if defined(WOLFSSL_DTLS13) && !defined(WOLFSSL_DTLS13_ECHO_LEGACY_SESSION_ID) if (ssl->options.dtls) { /* RFC 9147 Section 5.3: DTLS 1.3 ServerHello must have empty * legacy_session_id_echo. */ diff --git a/tests/api/test_dtls.c b/tests/api/test_dtls.c index febee9dfaa..336f89257f 100644 --- a/tests/api/test_dtls.c +++ b/tests/api/test_dtls.c @@ -2956,7 +2956,7 @@ int test_dtls13_no_session_id_echo(void) EXPECT_DECLS; #if defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) && defined(WOLFSSL_DTLS13) && \ defined(HAVE_SESSION_TICKET) && defined(HAVE_ECC) && \ - !defined(WOLFSSL_DTLS13_5_9_0_COMPAT) + !defined(WOLFSSL_DTLS13_ECHO_LEGACY_SESSION_ID) struct test_memio_ctx test_ctx; WOLFSSL_CTX *ctx_c = NULL, *ctx_s = NULL; WOLFSSL *ssl_c = NULL, *ssl_s = NULL; @@ -3032,14 +3032,14 @@ int test_dtls13_no_session_id_echo(void) return EXPECT_RESULT(); } -/* Test that a server built with WOLFSSL_DTLS13_5_9_0_COMPAT echoes the +/* Test that a server built with WOLFSSL_DTLS13_ECHO_LEGACY_SESSION_ID echoes the * client's legacy_session_id in both the direct ServerHello path and the * stateless HRR path (which also exercises RestartHandshakeHashWithCookie). */ int test_dtls13_5_9_0_compat(void) { EXPECT_DECLS; #if defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) && defined(WOLFSSL_DTLS13) && \ - defined(HAVE_SESSION_TICKET) && defined(WOLFSSL_DTLS13_5_9_0_COMPAT) && \ + defined(HAVE_SESSION_TICKET) && defined(WOLFSSL_DTLS13_ECHO_LEGACY_SESSION_ID) && \ defined(HAVE_ECC) struct test_memio_ctx test_ctx; WOLFSSL_CTX *ctx_c = NULL, *ctx_s = NULL;