search

wolfSSL / wolfssl

The wolfSSL library is a small, fast, portable implementation of TLS/SSL for embedded devices to the cloud. wolfSSL supports up to TLS 1.3 and DTLS 1.3!
https://www.wolfssl.com
GNU General Public License v2.0
2.22k stars 798 forks source link

[5.7.0] Unit.test failed on DTLS v1.3 during make test proccess #7686

Open armdn opened 1 week ago

armdn commented 1 week ago

Version

5.7.0

Description

In 'make test' process, section unit.test ended up with FAIL status.

Here is the log of test-suite:

SSL version is DTLSv1.3 SSL cipher suite is TLS_AES_256_GCM_SHA384 SSL signature algorithm is SHA256 Session timeout set to 500 seconds Client Random : 5E0576979C06815FDC4367088C070727D6D1DB1EE50BwolfSSL_connect error -308, error state on socket SSL_accept error -308, error state on socket wolfSSL error: SSL_accept failed wolfSSL error: wolfSSL_connect failed F5C56E2F50DDE8BF6F0C Client message: hello wolfssl! I hear you fa shizzle! trying server command line[1831]: SuiteTest -u -v 4 -l TLS13-AES256-GCM-SHA384 --pqc KYBER_LEVEL3 -2 -p 0 Using Post-Quantum KEM: KYBER_LEVEL3 trying client command line[1832]: SuiteTest -u -v 4 -l TLS13-AES256-GCM-SHA384 --pqc KYBER_LEVEL3 -2 -p 55848 -H defCipherList Using default cipher list for testing Using Post-Quantum KEM: KYBER_LEVEL3 FAIL scripts/unit.test (exit status: 1)

Weird error 'SSL_accept error -308, error state on socket' occurs during DTLS v1.3 test...

Compilation goes smoothly without warnings... Am i missed something in config? Thanks for the help!

anhu commented 1 week ago

Hi @armdn ,

Can you please let us know what configure flags you were using?

Warm regards, Anthony

armdn commented 1 week ago

Hi @armdn ,

Can you please let us know what configure flags you were using?

Warm regards, Anthony

Sure

--enable-experimental --enable-kyber --enable-libssh2 --enable-openssh --enable-aescfb --enable-aesni --enable-intelasm --enable-dsa --enable-dtls --enable-dtls13 --enable-dtls-frag-ch --enable-aesxts

anhu commented 1 week ago

Hi @armdn

I've been able to simplify the steps to reproduce this: 

./configure --enable-experimental --enable-kyber --enable-dtls --enable-dtls13 --enable-dtls-frag-ch
make all 
./examples/server/server  -u -v 4 -l TLS13-AES256-GCM-SHA384 --pqc KYBER_LEVEL3

Then in another terminal: 

./examples/client/client -u -v 4 -l TLS13-AES256-GCM-SHA384 --pqc KYBER_LEVEL3 -H defCipherList

At this point both the server and and client just wait forever. I will need to talk to my colleagues about this to determine the best course of action.

Thank you so much for letting us know about this issue. Please stay tuned. There should be updates to our progress.

Warm regards, Anthony