Skip to content

Support importing/exporting DTLS sessions with encrypt-then-mac options#10544

Open
holtrop-wolfssl wants to merge 1 commit into
wolfSSL:masterfrom
holtrop-wolfssl:zd21880
Open

Support importing/exporting DTLS sessions with encrypt-then-mac options#10544
holtrop-wolfssl wants to merge 1 commit into
wolfSSL:masterfrom
holtrop-wolfssl:zd21880

Conversation

@holtrop-wolfssl
Copy link
Copy Markdown
Contributor

@holtrop-wolfssl holtrop-wolfssl commented May 27, 2026

Description

Support importing/exporting DTLS sessions with encrypt-then-mac options

Fixes ZD#21880

Testing

Added CI unit tests.

Checklist

  • added tests
  • updated/added doxygen
  • updated appropriate READMEs
  • Updated manual and documentation

@holtrop-wolfssl holtrop-wolfssl self-assigned this May 27, 2026
Copilot AI review requested due to automatic review settings May 27, 2026 18:07
Copilot AI reviewed May 27, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR updates wolfSSL’s DTLS session serialization format to preserve Encrypt-Then-MAC (ETM) negotiation state across DTLS session export/import, addressing ZD#21880 by bumping the serialized-session version and extending DTLS option serialization to match TLS.

Changes:

  • Bump serialized session export version to 6 and add explicit version-5 sizing constants for backward-compatible imports.
  • Serialize/deserialize ETM-related Options fields for DTLS starting with export version 6.
  • Add a DTLS 1.2 regression test that exports/imports a CBC-based session and asserts ETM state survives the round trip.

Reviewed changes

Copilot reviewed 4 out of 4 changed files in this pull request and generated 3 comments.

File Description
wolfssl/internal.h Bumps export version to 6 and introduces version-specific option-size constants (incl. v5) for DTLS/TLS imports.
src/internal.c Extends ExportOptions/ImportOptions to include ETM state for DTLS in v6+ and updates v5 import handling.
tests/api/test_dtls.h Registers the new DTLS export/import ETM regression test.
tests/api/test_dtls.c Adds regression test and DTLS peer callbacks needed for session export/import.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread tests/api/test_dtls.c
Comment thread tests/api/test_dtls.c
Comment thread src/internal.c
@holtrop-wolfssl
Copy link
Copy Markdown
Contributor Author

holtrop-wolfssl commented May 27, 2026

retest this please (org.jenkinsci.plugins.workflow.support.steps.AgentOfflineException: Unable to create live FilePath for boz-amd; boz-amd was marked offline: This agent is offline because Jenkins failed to launch the agent process on it.)

@holtrop-wolfssl
Copy link
Copy Markdown
Contributor Author

holtrop-wolfssl commented May 28, 2026

retest this please (build results removed)

@holtrop-wolfssl
Copy link
Copy Markdown
Contributor Author

holtrop-wolfssl commented May 28, 2026

retest this please (wolfSSL/PRB-fips-repo-and-harness-test-v3-part2' failed with result: FAILURE)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@JacobBarthelmeh JacobBarthelmeh JacobBarthelmeh approved these changes

Assignees

@wolfSSL-Bot wolfSSL-Bot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@holtrop-wolfssl @JacobBarthelmeh @wolfSSL-Bot