wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2026-01-27 11:12:20 +01:00
Code Issues Packages Projects Releases Wiki Activity
27,565 Commits 12 Branches 184 Tags
master
Commit Graph

48 Commits

Author SHA1 Message Date
Juliusz Sosinowicz
429b690370 Address code review 2026-01-19 09:38:17 +01:00
Juliusz Sosinowicz
48067f1fa7 dtls 1.3: allow rtx interval to be less than a second 2026-01-19 09:32:09 +01:00
Marco Oliverio
540fae80ab test_dtls: test payload split when WOLFSSL_NO_DTLS_SIZE_CHECK 2025-12-22 13:41:33 +01:00
Marco Oliverio
988ba340ba address reviewer's comments 2025-12-18 10:28:54 +01:00
Marco Oliverio
0fa0fd2317 (d)tls: refactor wolfSSL_GetMaxFragSize(), simplify length computations 2025-12-16 10:46:29 +01:00
Marco Oliverio
e9f3bd5ddd dtls: test precise header headroom computation 2025-12-16 10:00:30 +01:00
Juliusz Sosinowicz
6e826583a3 DTLS: Add tests for custom I/O callbacks and stateless handling with wolfio 2025-11-06 17:13:45 +01:00
Marco Oliverio
33be31aeea test: dtls: add description for WANT_WRITE tests 2025-11-03 13:43:33 +01:00
Marco Oliverio
bb284247b3 test_dtls: change approach in want_write hs testing 2025-11-03 13:43:33 +01:00
Marco Oliverio
412a78261d test_dtls: increase coverage for non-blocking I/O 2025-11-03 13:43:33 +01:00
Marco Oliverio
6855325bf8 test: memio: simulate_want_write: block client on is_client == true 2025-11-03 13:43:33 +01:00
Marco Oliverio
17a08b9e36 test_dtls: return WANT_WRITE in DTLSv1.3 CH parsing 2025-11-03 13:43:33 +01:00
David Garske
8a6297d42b Merge pull request #9267 from julek-wolfssl/dtls-stricter-ordering 
Add message order sanity checks
 2025-10-10 10:26:34 -07:00
Juliusz Sosinowicz
6fbbdf9324 Add message order sanity checks 
Reorganize test_dtls tests to use TEST_DECL_GROUP
Reorganize test_tls tests to use TEST_DECL_GROUP
 2025-10-08 11:11:03 +02:00
JacobBarthelmeh
33030c2862 fix for macro guard in dtls test case 2025-10-07 16:27:18 -06:00
David Garske
b3031d25ca Merge pull request #9255 from SparkiDev/tls13_cookie_hash 
TLS 1.3 Cookie Hash: use stronger hash if no SHA-256
 2025-10-07 08:51:26 -07:00
Juliusz Sosinowicz
f6be6c8b6d Add timeout assertions to DTLS test 2025-10-06 18:23:16 +02:00
Juliusz Sosinowicz
cd0d986016 Reset DTLS 1.3 timeout 2025-10-06 18:23:16 +02:00
Sean Parkinson
e14cc3a34e TLS 1.3 Cookie Hash: use stronger hash if no SHA-256 
Order of preference, based on algorithms compiled in, to use with HMAC
for TLS 1.3 cookie:
  1. SHA-256
  2. SHA-384
  3. SHA-512
  4. SM3

Make code compile and unittest pass when SHA-256 not compiled in.
Certificates used for testing require SHA-256 so handshake testing
fails.
 2025-10-03 08:28:02 +10:00
Daniel Pouzzner
408e6f79f9 tests/api/test_dtls.c: add missing ExpectIntEQ() around wolfSSL_connect() in test_dtls_bogus_finished_epoch_zero(); 
wolfcrypt/test/test.c: fix gate for wc_DhGeneratePublic() test in dh_ffdhe_test() to properly exclude 5.3.0.
 2025-10-02 14:38:05 -05:00
Daniel Pouzzner
b3a5c96c56 Merge pull request #9205 from gasbytes/issue-9188 
Prevent replaying ClientHello messages when Finished message are epoch 0
 2025-09-30 20:44:09 -05:00
Juliusz Sosinowicz
d8fd19feb8 DTLS SRTP should also do a cookie exchange since it uses UDP 2025-09-29 18:27:36 +02:00
Reda Chouk
e3fbb24713 Fix malformed DTLS comment syntax 2025-09-22 12:59:30 +02:00
Reda Chouk
8f47b4bb08 Prevent DTLS clients from replaying ClientHello 
messages when receiving bogus Finished messages in epoch 0 by
ensuring Finished messages are only ignored in encrypted epochs (1).
 2025-09-18 14:41:12 +02:00
Juliusz Sosinowicz
0d532cc3f2 Test DTLS replay protection 2025-08-07 19:52:05 +02:00
JacobBarthelmeh
629c5b4cf6 updating license from GPLv2 to GPLv3 2025-07-10 16:11:36 -06:00
JacobBarthelmeh
77792ace65 Merge pull request #8945 from SparkiDev/mem_fail_fixes_2 
Memory allocation failure testing fixes
 2025-07-01 09:35:11 -06:00
Sean Parkinson
574de4b234 Memory allocation failure testing fixes 
Fixes for test code to cleanup on failure properly.
pkcs7.c: when streaming, free the decrypting content when adding data to
the stream fails.
 2025-07-01 11:50:42 +10:00
Marco Oliverio
ae9ba6627c fix(tests): enlarge readBuf in DTLS record tests 
Increase readBuf to 256 bytes. Guard memcpy with EXPECT_SUCCESS().
 2025-06-30 09:47:38 +02:00
Marco Oliverio
b1b49c9ffb dtls13: always send ACKs on detected retransmission 
Otherwise the connection can stall due the indefinite delay of an explicit ACK,
for exapmle:

 -> client sends the last Finished message
<- server sends the ACK, but the ACK is lost
 -> client rentrasmit the Finished message
 - server delay sending of the ACK until a fast timeout
 -> client rentrasmit the Finished message quicker than the server timeout
 - server resets the timeout, delaying sending the ACK
 -> client rentrasmit the Finished...
 2025-06-16 14:19:32 +02:00
Marco Oliverio
59ff71f936 fixup! dtls13: move Dtls13NewEpoch into DeriveTls13Keys 2025-06-09 16:11:17 +02:00
Marco Oliverio
c1c1929e55 dtls13: move Dtls13NewEpoch into DeriveTls13Keys 
Dlts13NewEpoch saves the keys currently derived in the ssl object.
Moving Dtls13NewEpoch inside DeriveTls13Keys avoid the risk of using the wrong
keys when creating a new Epoch.

This fixes at least he following scenario:

- Client has encryption epoch != 2 in the handshake (eg. due to rtx)

- Client derives traffic0 keys after receiving server Finished message

- Client set encryption epoch to 2 again to send the Finished message, this
   override the traffic key computed

- Client creates the new epoch with the wrong key
 2025-06-09 02:35:29 +02:00
Juliusz Sosinowicz
736a5e1f89 dtlsProcessPendingPeer: correctly set the current peer 2025-06-06 00:12:38 +02:00
Marco Oliverio
cbe1fb2c62 dtls: drop DTLS messages that span across datagrams 
A new macro "WOLFSSL_DTLS_RECORDS_CAN_SPAN_DATAGRAMS" restores the old
behaviour.
 2025-05-19 10:28:13 +02:00
Marco Oliverio
23b73bb298 test_memio: preserve write boundaries in reads 2025-05-19 10:25:24 +02:00
Marco Oliverio
22f41a8dbb Drop DTLS packets with bogus minor version number 2025-05-15 19:50:36 +02:00
David Garske
25db14f50c Fix macro typo. 2025-05-06 10:42:09 -07:00
David Garske
0f4ce03c28 Fixes for NO_AES_192 and NO_AES_256. Added CI test. Fixed bad BUILD_ logic for ADH-AES256-GCM-SHA384. 2025-05-05 14:36:36 -07:00
Daniel Pouzzner
bbbed009b2 tests/api/test_dtls.c: fix read of uninited data in test_dtls13_ack_order(). 2025-04-19 01:57:51 -05:00
Juliusz Sosinowicz
43c564d48b dtls13: send acks with correct record number order 2025-04-18 14:56:59 -05:00
Juliusz Sosinowicz
3cba5c6dc1 fixup! dtls13: additional epoch checks 2025-04-17 18:18:01 +02:00
Juliusz Sosinowicz
3f560036d6 dtls13: additional epoch checks 2025-04-17 18:18:01 +02:00
jordan
6f1c31a816 coverity: fix macro warning. 2025-02-19 11:29:45 -05:00
jordan
9a1d60100f coverity: fix test_dtls warnings. 2025-02-19 09:38:15 -05:00
Daniel Pouzzner
690bb14203 tests/utils.c and tests/api/test_dtls.c: fixes for include order, re tests/unit.h. 2025-02-14 10:57:29 -06:00
David Garske
3075e57207 Whitespace and filename comment. 2025-02-14 09:51:29 -06:00
Juliusz Sosinowicz
21dce84448 Add negative tests for DTLS CID 2025-02-14 09:51:29 -06:00
Juliusz Sosinowicz
68c27c4e5d Move dtls cid tests to tests/api/dtls.c 2025-02-14 09:51:29 -06:00