wip

julek-wolfssl · julek-wolfssl · commit 76ddb65c46c3 · 2026-03-12T13:28:22.000+01:00
diff --git a/src/dtls13.c b/src/dtls13.c
@@ -2706,9 +2706,28 @@ int Dtls13DoScheduledWork(WOLFSSL* ssl)
     ret = wc_UnLockMutex(&ssl->dtls13Rtx.mutex);
 #endif
     if (sendAcks) {
-        ret = SendDtls13Ack(ssl);
-        if (ret != 0)
-            return ret;
+#ifdef HAVE_WRITE_DUP
+        /* The read side cannot encrypt.  Transfer the seenRecords list to the
+         * shared WriteDup struct so the write side sends the ACK instead. */
+        if (ssl->dupWrite != NULL && ssl->dupSide == READ_DUP_SIDE) {
+            if (wc_LockMutex(&ssl->dupWrite->dupMutex) == 0) {
+                struct Dtls13RecordNumber** tail =
+                    (struct Dtls13RecordNumber**)&ssl->dupWrite->sendAckList;
+                while (*tail != NULL)
+                    tail = &(*tail)->next;
+                *tail = ssl->dtls13Rtx.seenRecords;
+                ssl->dtls13Rtx.seenRecords = NULL;
+                ssl->dupWrite->sendAcks = 1;
+                wc_UnLockMutex(&ssl->dupWrite->dupMutex);
+            }
+        }
+        else
+#endif /* HAVE_WRITE_DUP */
+        {
+            ret = SendDtls13Ack(ssl);
+            if (ret != 0)
+                return ret;
+        }
     }
 
     if (ssl->dtls13Rtx.retransmit) {
diff --git a/src/internal.c b/src/internal.c
@@ -25985,6 +25985,10 @@ static int CheckTLS13AEADSendLimit(WOLFSSL* ssl)
     }
 #ifdef WOLFSSL_DTLS13
     if (ssl->options.dtls) {
+        if (ssl->dtls13EncryptEpoch == NULL) {
+            WOLFSSL_MSG("DTLS 1.3 encrypt epoch not set");
+            return BAD_STATE_E;
+        }
         seq = ssl->dtls13EncryptEpoch->nextSeqNumber;
     }
     else
diff --git a/src/ssl.c b/src/ssl.c
@@ -748,6 +748,17 @@ void FreeWriteDup(WOLFSSL* ssl)
 
     if (doFree) {
         WOLFSSL_MSG("Doing WriteDup full free, count to zero");
+#ifdef WOLFSSL_DTLS13
+        /* Free any pending ACK list that was never consumed by the write side */
+        {
+            struct Dtls13RecordNumber* rn = ssl->dupWrite->sendAckList;
+            while (rn != NULL) {
+                struct Dtls13RecordNumber* next = rn->next;
+                XFREE(rn, ssl->heap, DYNAMIC_TYPE_DTLS_MSG);
+                rn = next;
+            }
+        }
+#endif
         wc_FreeMutex(&ssl->dupWrite->dupMutex);
         XFREE(ssl->dupWrite, ssl->heap, DYNAMIC_TYPE_WRITEDUP);
     }
@@ -807,6 +818,31 @@ static int DupSSL(WOLFSSL* dup, WOLFSSL* ssl)
     /* dup side now owns encrypt/write ciphers */
     XMEMSET(&ssl->encrypt, 0, sizeof(Ciphers));
 
+#ifdef WOLFSSL_DTLS13
+    if (ssl->options.dtls && IsAtLeastTLSv1_3(ssl->version)) {
+        /* Copy epoch array (contains only value types — safe to memcpy). */
+        XMEMCPY(dup->dtls13Epochs, ssl->dtls13Epochs, sizeof(ssl->dtls13Epochs));
+
+        /* Re-point dtls13EncryptEpoch into dup's own epoch array. */
+        if (ssl->dtls13EncryptEpoch != NULL) {
+            dup->dtls13EncryptEpoch =
+                &dup->dtls13Epochs[ssl->dtls13EncryptEpoch - ssl->dtls13Epochs];
+        }
+        /* dtls13DecryptEpoch is not needed by the write-only side; leave NULL. */
+
+        /* Copy current write epoch number (checked in Dtls13SendMessage). */
+        dup->dtls13Epoch = ssl->dtls13Epoch;
+
+        /* Transfer record-number encryption cipher ownership to dup.
+         * FreeCiphers() frees the aes/chacha pointer, so sharing it would
+         * cause a double-free; use the same ownership-transfer pattern as
+         * for ssl->encrypt above. */
+        XMEMCPY(&dup->dtlsRecordNumberEncrypt, &ssl->dtlsRecordNumberEncrypt,
+                sizeof(RecordNumberCiphers));
+        XMEMSET(&ssl->dtlsRecordNumberEncrypt, 0, sizeof(RecordNumberCiphers));
+    }
+#endif /* WOLFSSL_DTLS13 */
+
     dup->IOCB_WriteCtx = ssl->IOCB_WriteCtx;
     dup->CBIOSend = ssl->CBIOSend;
 #ifdef OPENSSL_EXTRA
@@ -2455,6 +2491,54 @@ static int wolfSSL_write_internal(WOLFSSL* ssl, const void* data, size_t sz)
             ssl->error = dupErr;
             return WOLFSSL_FATAL_ERROR;
         }
+
+#ifdef WOLFSSL_DTLS13
+        /* DTLS 1.3: the read side cannot encrypt, so it delegates ACK sending
+         * to the write side.  Check if an ACK was requested and send it. */
+        if (ssl->dupWrite && ssl->dupSide == WRITE_DUP_SIDE &&
+                ssl->options.dtls && IsAtLeastTLSv1_3(ssl->version)) {
+            byte ackNeeded = 0;
+
+            if (wc_LockMutex(&ssl->dupWrite->dupMutex) == 0) {
+                ackNeeded = ssl->dupWrite->sendAcks;
+                if (ackNeeded) {
+                    /* Insert each record number so the
+                     * ACK message is properly ordered. */
+                    struct Dtls13RecordNumber* rn;
+                    for (rn = ssl->dupWrite->sendAckList; rn != NULL;
+                         rn = rn->next) {
+                        ret = Dtls13RtxAddAck(ssl, rn->epoch, rn->seq);
+                        if (ret != 0)
+                            break;
+                    }
+                    /* Clear only on success so no ACKs get dropped */
+                    if (ret == 0) {
+                        rn = ssl->dupWrite->sendAckList;
+                        ssl->dupWrite->sendAckList = NULL;
+                        ssl->dupWrite->sendAcks = 0;
+                        while (rn != NULL) {
+                            struct Dtls13RecordNumber* next = rn->next;
+                            XFREE(rn, ssl->heap, DYNAMIC_TYPE_DTLS_MSG);
+                            rn = next;
+                        }
+                    }
+                }
+                wc_UnLockMutex(&ssl->dupWrite->dupMutex);
+                if (ret != 0) {
+                    ssl->error = ret;
+                    return WOLFSSL_FATAL_ERROR;
+                }
+            }
+
+            if (ackNeeded) {
+                ret = SendDtls13Ack(ssl);
+                if (ret != 0) {
+                    ssl->error = ret;
+                    return WOLFSSL_FATAL_ERROR;
+                }
+            }
+        }
+#endif /* WOLFSSL_DTLS13 */
     }
 #endif
 
diff --git a/tests/api.c b/tests/api.c
@@ -32012,7 +32012,7 @@ static int test_write_dup(void)
 {
     EXPECT_DECLS;
 #if defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) && defined(HAVE_WRITE_DUP)
-    size_t i, j;
+    size_t i, j, k;
     char hiWorld[] = "dup message";
     char readData[sizeof(hiWorld) + 5];
     struct {
@@ -32023,9 +32023,11 @@ static int test_write_dup(void)
     } methods[] = {
 #ifndef WOLFSSL_NO_TLS12
         {wolfTLSv1_2_client_method, wolfTLSv1_2_server_method, "TLS 1.2", WOLFSSL_TLSV1_2},
+        {wolfDTLSv1_2_client_method, wolfDTLSv1_2_server_method, "DTLS 1.2", WOLFSSL_TLSV1_2},
 #endif
 #ifdef WOLFSSL_TLS13
         {wolfTLSv1_3_client_method, wolfTLSv1_3_server_method, "TLS 1.3", WOLFSSL_TLSV1_3},
+        {wolfDTLSv1_3_client_method, wolfDTLSv1_3_server_method, "TLS 1.3", WOLFSSL_TLSV1_3},
 #endif
     };
     struct {
@@ -32130,6 +32132,38 @@ static int test_write_dup(void)
                     WC_NO_ERR_TRACE(WRITE_DUP_READ_E));
             ExpectIntEQ(wolfSSL_read(ssl_c, readData, sizeof(readData)),
                     sizeof(hiWorld));
+#ifdef WOLFSSL_DTLS13
+            /* After ssl_c (read side) processes the post-handshake
+             * NewSessionTicket it must have delegated the ACK to the
+             * write side via the shared WriteDup struct. */
+            if (methods[i].client_meth == wolfDTLSv1_3_client_method) {
+                ExpectNotNull(ssl_c->dupWrite);
+                ExpectIntEQ(ssl_c->dupWrite->sendAcks, 1);
+                ExpectNotNull(ssl_s->dtls13Rtx.rtxRecords);
+
+                /* Send some data to trigger the ACK. */
+                ExpectIntEQ(wolfSSL_write(ssl_c2, hiWorld, sizeof(hiWorld)),
+                        sizeof(hiWorld));
+                ExpectIntEQ(wolfSSL_read(ssl_s, readData, sizeof(readData)),
+                        sizeof(hiWorld));
+
+                /* Make sure the ACK has been sent and the retransmit list is
+                 * empty. */
+                ExpectIntEQ(ssl_c->dupWrite->sendAcks, 0);
+                ExpectNull(ssl_s->dtls13Rtx.rtxRecords);
+            }
+#endif
+
+            for (k = 0; k < 10; k++) {
+                ExpectIntEQ(wolfSSL_write(ssl_c2, hiWorld, sizeof(hiWorld)),
+                        sizeof(hiWorld));
+                ExpectIntEQ(wolfSSL_read(ssl_s, readData, sizeof(readData)),
+                        sizeof(hiWorld));
+                ExpectIntEQ(wolfSSL_write(ssl_s, hiWorld, sizeof(hiWorld)),
+                        sizeof(hiWorld));
+                ExpectIntEQ(wolfSSL_read(ssl_c, readData, sizeof(readData)),
+                        sizeof(hiWorld));
+            }
 
             if (EXPECT_SUCCESS())
                 printf("ok\n");
diff --git a/wolfssl/internal.h b/wolfssl/internal.h
@@ -5759,6 +5759,12 @@ typedef struct BuildMsgArgs {
         wolfSSL_Mutex   dupMutex;       /* reference count mutex */
         int             dupCount;       /* reference count */
         int             dupErr;         /* under dupMutex, pass to other side */
+#ifdef WOLFSSL_DTLS13
+        /* DTLS 1.3: read side cannot encrypt, so it passes ACK work to the
+         * write side.  Protected by dupMutex. */
+        byte            sendAcks;
+        struct Dtls13RecordNumber* sendAckList; /* ownership transferred */
+#endif
     } WriteDup;
 
     WOLFSSL_LOCAL void FreeWriteDup(WOLFSSL* ssl);

Original file line number	Diff line number	Diff line change
`@@ -25985,6 +25985,10 @@ static int CheckTLS13AEADSendLimit(WOLFSSL* ssl)`
`25985`	`25985`	`}`
`25986`	`25986`	`#ifdef WOLFSSL_DTLS13`
`25987`	`25987`	`if (ssl->options.dtls) {`
	`25988`	`+ if (ssl->dtls13EncryptEpoch == NULL) {`
	`25989`	`+ WOLFSSL_MSG("DTLS 1.3 encrypt epoch not set");`
	`25990`	`+ return BAD_STATE_E;`
	`25991`	`+ }`
`25988`	`25992`	`seq = ssl->dtls13EncryptEpoch->nextSeqNumber;`
`25989`	`25993`	`}`
`25990`	`25994`	`else`