Skip to content

DTLS 1.3 write dup support#10006

Merged
dgarske merged 2 commits intowolfSSL:masterfrom
julek-wolfssl:zd/21329
Mar 23, 2026
Merged

DTLS 1.3 write dup support#10006
dgarske merged 2 commits intowolfSSL:masterfrom
julek-wolfssl:zd/21329

Conversation

@julek-wolfssl
Copy link
Member

@julek-wolfssl julek-wolfssl commented Mar 18, 2026

  • Copy TLS 1.3 traffic secrets and DTLS 1.3 epoch/cipher state to the
    write-dup side in DupSSL so key updates can be performed.
  • Delegate KeyUpdate responses from the read side to the write side via
    the shared WriteDup struct, for both peer-initiated and local key
    updates.
  • Delegate DTLS 1.3 ACK sending from the read side to the write side.
  • Track DTLS 1.3 KeyUpdate ACKs: write side records the in-flight
    KeyUpdate epoch/seq, read side sets keyUpdateAcked when the matching
    ACK arrives.
  • Delegate post-handshake certificate authentication (CertificateRequest
    processing) from the read side to the write side, transferring
    transcript hashes, cert context, and signature parameters.
  • Reset prevSent/plainSz to prevent stale values from SendData to think
    that data was already sent.
  • Refactor FreeHandshakeHashes into Free_HS_Hashes for reuse.
  • Move DTLS 1.3 epoch initialization earlier in InitSSL so the
    write-dup early-return path has valid epoch state.
  • Add tests for write dup with all protocol versions, key update,
    post-handshake auth, and WANT_WRITE recovery.
  • Add --enable-all --enable-writedup to CI os-check matrix.

Copilot AI review requested due to automatic review settings March 18, 2026 17:57
@julek-wolfssl julek-wolfssl self-assigned this Mar 18, 2026
Copilot AI reviewed Mar 18, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Adds DTLS 1.3/TLS 1.3 write-dup (DupSSL) support so the read-side can delegate post-handshake work (KeyUpdate responses, DTLS13 ACK sending, post-handshake auth) to the write-side, along with new tests and CI coverage.

Changes:

  • Extend WriteDup shared state to transfer DTLS13 ACKs, track KeyUpdate ACKs, and delegate post-handshake auth state.
  • Update TLS13/DTLS13 processing to delegate write-required actions from read-dup to write-dup.
  • Add/expand API tests for write-dup across protocol versions, WANT_WRITE recovery paths, key updates, and post-handshake auth; enable writedup config in CI.

Reviewed changes

Copilot reviewed 7 out of 7 changed files in this pull request and generated 5 comments.

Show a summary per file
File Description
wolfssl/internal.h Adds new write-dup shared fields/flags and new internal function declarations used by delegation paths.
src/internal.c Refactors handshake-hash freeing for reuse and moves DTLS13 epoch init earlier for write-dup early returns.
src/tls13.c Delegates TLS 1.3 KeyUpdate response and post-handshake CertificateRequest handling to write-dup side.
src/dtls13.c Delegates DTLS 1.3 ACK work to write-dup and tracks KeyUpdate ACK arrival; exposes RTX removal helper.
src/ssl.c Copies TLS13 secrets/DTLS13 epoch state into dup; implements write-side execution of delegated work.
tests/api.c Adds/expands tests for write-dup across TLS/DTLS versions, key updates, post-handshake auth, WANT_WRITE.
.github/workflows/os-check.yml Adds --enable-all --enable-writedup to CI matrix to exercise the new feature.
Comments suppressed due to low confidence (3)

src/internal.c:1

  • Free_HS_Hashes is declared as WOLFSSL_LOCAL in wolfssl/internal.h, but the definition here omits WOLFSSL_LOCAL, which can cause a linkage/visibility mismatch depending on how WOLFSSL_LOCAL is defined. Update the definition to match the header's storage/visibility macro. Also, setting hsHashes = NULL at the end has no effect on the caller (pass-by-value), so either remove that line or change the API to take HS_Hashes** if caller-nullification is required.
    src/internal.c:1
  • Free_HS_Hashes is declared as WOLFSSL_LOCAL in wolfssl/internal.h, but the definition here omits WOLFSSL_LOCAL, which can cause a linkage/visibility mismatch depending on how WOLFSSL_LOCAL is defined. Update the definition to match the header's storage/visibility macro. Also, setting hsHashes = NULL at the end has no effect on the caller (pass-by-value), so either remove that line or change the API to take HS_Hashes** if caller-nullification is required.
    tests/api.c:1
  • EXCHANGE_DATA is defined multiple times in this file with very similar bodies (including WANT_WRITE variants). This increases the chance of tests diverging unintentionally when the exchange logic needs updating. Consider using a small helper function (or a single parameterized macro) that takes the relevant ssl handles/test context flags to centralize the exchange behavior.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

You can also share your feedback on Copilot code review. Take the survey.

@julek-wolfssl julek-wolfssl requested a review from rizlik March 18, 2026 18:41
@julek-wolfssl
Copy link
Member Author

julek-wolfssl commented Mar 20, 2026
edited
Loading

Retest this please flaky test.

@julek-wolfssl
DTLS 1.3 write dup support
9dbd35d 
- Copy TLS 1.3 traffic secrets and DTLS 1.3 epoch/cipher state to the
  write-dup side in DupSSL so key updates can be performed.
- Delegate KeyUpdate responses from the read side to the write side via
  the shared WriteDup struct, for both peer-initiated and local key
  updates.
- Delegate DTLS 1.3 ACK sending from the read side to the write side.
- Track DTLS 1.3 KeyUpdate ACKs: write side records the in-flight
  KeyUpdate epoch/seq, read side sets keyUpdateAcked when the matching
  ACK arrives.
- Delegate post-handshake certificate authentication (CertificateRequest
  processing) from the read side to the write side, transferring
  transcript hashes, cert context, and signature parameters.
- Reset prevSent/plainSz to prevent stale values from SendData to think
  that data was already sent.
- Refactor FreeHandshakeHashes into Free_HS_Hashes for reuse.
- Move DTLS 1.3 epoch initialization earlier in InitSSL so the
  write-dup early-return path has valid epoch state.
- Add tests for write dup with all protocol versions, key update,
  post-handshake auth, and WANT_WRITE recovery.
- Add --enable-all --enable-writedup to CI os-check matrix.
@julek-wolfssl
Consistently fail on mutex error
1f9b999
Copilot AI review requested due to automatic review settings March 23, 2026 11:21
Copilot AI reviewed Mar 23, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR extends write-dup (DupSSL) support to cover DTLS 1.3/TLS 1.3 post-handshake flows by sharing additional state between read/write sides, enabling key updates, ACK delegation, and post-handshake authentication to be handled by the write side when the read side cannot write.

Changes:

  • Share DTLS 1.3 ACK work and KeyUpdate ACK tracking between read/write dup sides; expose RTX record removal to support cleanup.
  • Delegate TLS 1.3 KeyUpdate responses and post-handshake CertificateRequest handling from read side to write side (state transfer via WriteDup).
  • Add/expand API tests for write-dup across protocol versions, including WANT_WRITE recovery; enable write-dup build in CI matrix.

Reviewed changes

Copilot reviewed 7 out of 7 changed files in this pull request and generated 5 comments.

Show a summary per file
File Description
wolfssl/internal.h Adds WriteDup fields/flags for DTLS 1.3 ACK + KeyUpdate ACK tracking and TLS 1.3 post-handshake auth delegation; adds new internal prototypes/flags.
src/internal.c Refactors handshake-hash freeing into reusable helper; moves DTLS 1.3 epoch init earlier; resets buffered-send tracking fields.
src/tls13.c Delegates KeyUpdate response + post-handshake CertificateRequest handling to write-dup side.
src/dtls13.c Delegates ACK sending to write side; tracks KeyUpdate ACKs; makes RTX removal callable externally.
src/ssl.c Copies TLS 1.3 secrets / DTLS 1.3 epoch+cipher state into write-dup; handles delegated KeyUpdate/ACK/auth work in wolfSSL_write_internal; frees new shared-state allocations.
tests/api.c Extends write-dup tests to DTLS{1.2,1.3}, KeyUpdate, post-handshake auth, and WANT_WRITE scenarios.
.github/workflows/os-check.yml Adds CI job configuration that enables write-dup.
Comments suppressed due to low confidence (1)

src/internal.c:1

  • InitHandshakeHashesAndCopy() frees *destination but does not null it before attempting XMALLOC. If allocation fails, *destination remains a dangling pointer to freed memory, which can lead to a later double-free/use-after-free. Fix by setting *destination = NULL immediately after freeing, or by changing Free_HS_Hashes to take HS_Hashes** and null the caller’s pointer.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@dgarske dgarske merged commit 02bd075 into wolfSSL:master Mar 23, 2026
495 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@dgarske dgarske dgarske approved these changes

@rizlik rizlik Awaiting requested review from rizlik

Assignees

@wolfSSL-Bot wolfSSL-Bot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@julek-wolfssl @dgarske @wolfSSL-Bot