Skip to content

Commit fe4da11

Browse files
committed
examples: use a non-empty importer context in the example callbacks
Change the example RFC 9258 importer callbacks (wolfssl/test.h) to carry a non-empty optional context ("wolfSSL importer example context") instead of an empty one, to better illustrate the feature. The server callback now verifies the received context matches. Verified wolfSSL <-> GnuTLS 3.8.4 interop (both directions, TLS 1.3, TLS_AES_128_GCM_SHA256) still succeeds with the context present, and that a mismatched context is correctly rejected with a binder-verification failure. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01XRMrPoMWjro4shL6W2JHXw
1 parent 20b768c commit fe4da11

1 file changed

Lines changed: 17 additions & 9 deletions

File tree

wolfssl/test.h

Lines changed: 17 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -2102,9 +2102,11 @@ static WC_INLINE unsigned int my_psk_server_tls13_cb(WOLFSSL* ssl,
21022102

21032103
#ifdef WOLFSSL_EXTERNAL_PSK_IMPORTER
21042104
/* Example RFC 9258 external PSK importer callbacks. Both sides use the same
2105-
* external identity (kIdentityStr), no context, the default SHA-256 importer
2106-
* hash, and the fixed 32-byte external PSK below. Configure an interop peer
2107-
* (e.g. GnuTLS >= 3.8.1) with matching values. */
2105+
* external identity (kIdentityStr), an example context string, the default
2106+
* SHA-256 importer hash, and the fixed 32-byte external PSK below. Configure an
2107+
* interop peer (e.g. GnuTLS >= 3.8.1) with matching values. */
2108+
static const char* kImporterContextStr = "wolfSSL importer example context";
2109+
21082110
static WC_INLINE void my_psk_importer_fill_key(unsigned char* key)
21092111
{
21102112
int i;
@@ -2121,6 +2123,7 @@ static WC_INLINE int my_psk_client_importer_cb(WOLFSSL* ssl,
21212123
word32* contextSz, unsigned char* key, word32* keySz, int* hashAlgo)
21222124
{
21232125
word32 idLen = (word32)XSTRLEN(kIdentityStr);
2126+
word32 ctxLen = (word32)XSTRLEN(kImporterContextStr);
21242127

21252128
(void)ssl;
21262129
(void)hashAlgo; /* leave the default WC_SHA256 importer hash */
@@ -2130,9 +2133,13 @@ static WC_INLINE int my_psk_client_importer_cb(WOLFSSL* ssl,
21302133
XMEMCPY(identity, kIdentityStr, idLen);
21312134
*identitySz = idLen;
21322135

2133-
/* No optional context in this example. */
2134-
if (context != NULL && contextSz != NULL)
2135-
*contextSz = 0;
2136+
/* Provide an example (non-empty) optional context. */
2137+
if (context != NULL && contextSz != NULL) {
2138+
if (ctxLen > *contextSz)
2139+
return -1;
2140+
XMEMCPY(context, kImporterContextStr, ctxLen);
2141+
*contextSz = ctxLen;
2142+
}
21362143

21372144
if (32 > *keySz)
21382145
return -1;
@@ -2148,16 +2155,17 @@ static WC_INLINE int my_psk_server_importer_cb(WOLFSSL* ssl,
21482155
word32* keySz, int* hashAlgo)
21492156
{
21502157
word32 idLen = (word32)XSTRLEN(kIdentityStr);
2158+
word32 ctxLen = (word32)XSTRLEN(kImporterContextStr);
21512159

21522160
(void)ssl;
2153-
(void)context;
21542161
(void)hashAlgo; /* leave the default WC_SHA256 importer hash */
21552162

21562163
if (identity == NULL || identitySz != idLen ||
21572164
XMEMCMP(identity, kIdentityStr, idLen) != 0)
21582165
return -1;
2159-
/* This example advertises no context. */
2160-
if (contextSz != 0)
2166+
/* Verify the example context advertised by the client. */
2167+
if (contextSz != ctxLen || context == NULL ||
2168+
XMEMCMP(context, kImporterContextStr, ctxLen) != 0)
21612169
return -1;
21622170

21632171
if (32 > *keySz)

0 commit comments

Comments
 (0)