Skip to content

Support importing/exporting DTLS sessions with encrypt-then-mac options#10544

Merged
JacobBarthelmeh merged 1 commit into
wolfSSL:masterfrom
holtrop-wolfssl:zd21880
Jun 2, 2026
Merged

Support importing/exporting DTLS sessions with encrypt-then-mac options#10544
JacobBarthelmeh merged 1 commit into
wolfSSL:masterfrom
holtrop-wolfssl:zd21880

Conversation

@holtrop-wolfssl

@holtrop-wolfssl holtrop-wolfssl commented May 27, 2026

Copy link
Copy Markdown
Contributor

Description

Support importing/exporting DTLS sessions with encrypt-then-mac options

Fixes ZD#21880

Testing

Added CI unit tests.

Checklist

  • added tests
  • updated/added doxygen
  • updated appropriate READMEs
  • Updated manual and documentation

@holtrop-wolfssl holtrop-wolfssl self-assigned this May 27, 2026
Copilot AI review requested due to automatic review settings May 27, 2026 18:07
Copilot AI reviewed May 27, 2026
View reviewed changes

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR updates wolfSSL’s DTLS session serialization format to preserve Encrypt-Then-MAC (ETM) negotiation state across DTLS session export/import, addressing ZD#21880 by bumping the serialized-session version and extending DTLS option serialization to match TLS.

Changes:

  • Bump serialized session export version to 6 and add explicit version-5 sizing constants for backward-compatible imports.
  • Serialize/deserialize ETM-related Options fields for DTLS starting with export version 6.
  • Add a DTLS 1.2 regression test that exports/imports a CBC-based session and asserts ETM state survives the round trip.

Reviewed changes

Copilot reviewed 4 out of 4 changed files in this pull request and generated 3 comments.

File Description
wolfssl/internal.h Bumps export version to 6 and introduces version-specific option-size constants (incl. v5) for DTLS/TLS imports.
src/internal.c Extends ExportOptions/ImportOptions to include ETM state for DTLS in v6+ and updates v5 import handling.
tests/api/test_dtls.h Registers the new DTLS export/import ETM regression test.
tests/api/test_dtls.c Adds regression test and DTLS peer callbacks needed for session export/import.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread tests/api/test_dtls.c
Comment thread tests/api/test_dtls.c
Comment thread src/internal.c
@holtrop-wolfssl

holtrop-wolfssl commented May 27, 2026

Copy link
Copy Markdown
Contributor Author

retest this please (org.jenkinsci.plugins.workflow.support.steps.AgentOfflineException: Unable to create live FilePath for boz-amd; boz-amd was marked offline: This agent is offline because Jenkins failed to launch the agent process on it.)

@holtrop-wolfssl

holtrop-wolfssl commented May 28, 2026

Copy link
Copy Markdown
Contributor Author

retest this please (build results removed)

@holtrop-wolfssl

holtrop-wolfssl commented May 28, 2026

Copy link
Copy Markdown
Contributor Author

retest this please (wolfSSL/PRB-fips-repo-and-harness-test-v3-part2' failed with result: FAILURE)

@holtrop-wolfssl holtrop-wolfssl force-pushed the zd21880 branch 2 times, most recently from 5f29177 to 40d526b Compare May 28, 2026 12:33
@github-actions

github-actions Bot commented Jun 2, 2026

Copy link
Copy Markdown

MemBrowse Memory Report

No memory changes detected for:

@JacobBarthelmeh JacobBarthelmeh merged commit 4c0c093 into wolfSSL:master Jun 2, 2026
471 of 472 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@JacobBarthelmeh JacobBarthelmeh JacobBarthelmeh approved these changes

Assignees

@wolfSSL-Bot wolfSSL-Bot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@holtrop-wolfssl @JacobBarthelmeh @wolfSSL-Bot