Reda Chouk
1653ecd07e
Fix DTLS 1.3 extSz out-of-bounds and word16 truncation on oversized certificate chains
2026-04-03 12:10:42 +02:00
Juliusz Sosinowicz
3b0b50e392
DTLS1.3: Implement RFC 9147 legacy_session_id_echo requirements
2026-03-31 12:42:16 +02:00
Marco Oliverio
ccfc95809b
test: dtls13: add ack test
2026-03-26 15:11:31 +01:00
JacobBarthelmeh
a156ed7bc7
update Copyright year
2026-02-18 09:52:21 -07:00
Juliusz Sosinowicz
48067f1fa7
dtls 1.3: allow rtx interval to be less than a second
2026-01-19 09:32:09 +01:00
Marco Oliverio
540fae80ab
test_dtls: test payload split when WOLFSSL_NO_DTLS_SIZE_CHECK
2025-12-22 13:41:33 +01:00
Marco Oliverio
e9f3bd5ddd
dtls: test precise header headroom computation
2025-12-16 10:00:30 +01:00
Juliusz Sosinowicz
6e826583a3
DTLS: Add tests for custom I/O callbacks and stateless handling with wolfio
2025-11-06 17:13:45 +01:00
Marco Oliverio
412a78261d
test_dtls: increase coverage for non-blocking I/O
2025-11-03 13:43:33 +01:00
Marco Oliverio
17a08b9e36
test_dtls: return WANT_WRITE in DTLSv1.3 CH parsing
2025-11-03 13:43:33 +01:00
Juliusz Sosinowicz
6fbbdf9324
Add message order sanity checks
...
Reorganize test_dtls tests to use TEST_DECL_GROUP
Reorganize test_tls tests to use TEST_DECL_GROUP
2025-10-08 11:11:03 +02:00
Juliusz Sosinowicz
cd0d986016
Reset DTLS 1.3 timeout
2025-10-06 18:23:16 +02:00
Daniel Pouzzner
b3a5c96c56
Merge pull request #9205 from gasbytes/issue-9188
...
Prevent replaying ClientHello messages when Finished message are epoch 0
2025-09-30 20:44:09 -05:00
Juliusz Sosinowicz
d8fd19feb8
DTLS SRTP should also do a cookie exchange since it uses UDP
2025-09-29 18:27:36 +02:00
Reda Chouk
8f47b4bb08
Prevent DTLS clients from replaying ClientHello
...
messages when receiving bogus Finished messages in epoch 0 by
ensuring Finished messages are only ignored in encrypted epochs (1).
2025-09-18 14:41:12 +02:00
Juliusz Sosinowicz
0d532cc3f2
Test DTLS replay protection
2025-08-07 19:52:05 +02:00
JacobBarthelmeh
629c5b4cf6
updating license from GPLv2 to GPLv3
2025-07-10 16:11:36 -06:00
Marco Oliverio
b1b49c9ffb
dtls13: always send ACKs on detected retransmission
...
Otherwise the connection can stall due the indefinite delay of an explicit ACK,
for exapmle:
-> client sends the last Finished message
<- server sends the ACK, but the ACK is lost
-> client rentrasmit the Finished message
- server delay sending of the ACK until a fast timeout
-> client rentrasmit the Finished message quicker than the server timeout
- server resets the timeout, delaying sending the ACK
-> client rentrasmit the Finished...
2025-06-16 14:19:32 +02:00
Marco Oliverio
c1c1929e55
dtls13: move Dtls13NewEpoch into DeriveTls13Keys
...
Dlts13NewEpoch saves the keys currently derived in the ssl object.
Moving Dtls13NewEpoch inside DeriveTls13Keys avoid the risk of using the wrong
keys when creating a new Epoch.
This fixes at least he following scenario:
- Client has encryption epoch != 2 in the handshake (eg. due to rtx)
- Client derives traffic0 keys after receiving server Finished message
- Client set encryption epoch to 2 again to send the Finished message, this
override the traffic key computed
- Client creates the new epoch with the wrong key
2025-06-09 02:35:29 +02:00
Juliusz Sosinowicz
736a5e1f89
dtlsProcessPendingPeer: correctly set the current peer
2025-06-06 00:12:38 +02:00
Marco Oliverio
cbe1fb2c62
dtls: drop DTLS messages that span across datagrams
...
A new macro "WOLFSSL_DTLS_RECORDS_CAN_SPAN_DATAGRAMS" restores the old
behaviour.
2025-05-19 10:28:13 +02:00
Marco Oliverio
22f41a8dbb
Drop DTLS packets with bogus minor version number
2025-05-15 19:50:36 +02:00
Juliusz Sosinowicz
43c564d48b
dtls13: send acks with correct record number order
2025-04-18 14:56:59 -05:00
Juliusz Sosinowicz
3f560036d6
dtls13: additional epoch checks
2025-04-17 18:18:01 +02:00
David Garske
3075e57207
Whitespace and filename comment.
2025-02-14 09:51:29 -06:00
Juliusz Sosinowicz
68c27c4e5d
Move dtls cid tests to tests/api/dtls.c
2025-02-14 09:51:29 -06:00