Reda Chouk
8f47b4bb08
Prevent DTLS clients from replaying ClientHello
...
messages when receiving bogus Finished messages in epoch 0 by
ensuring Finished messages are only ignored in encrypted epochs (1).
2025-09-18 14:41:12 +02:00
Juliusz Sosinowicz
0d532cc3f2
Test DTLS replay protection
2025-08-07 19:52:05 +02:00
JacobBarthelmeh
629c5b4cf6
updating license from GPLv2 to GPLv3
2025-07-10 16:11:36 -06:00
JacobBarthelmeh
77792ace65
Merge pull request #8945 from SparkiDev/mem_fail_fixes_2
...
Memory allocation failure testing fixes
2025-07-01 09:35:11 -06:00
Sean Parkinson
574de4b234
Memory allocation failure testing fixes
...
Fixes for test code to cleanup on failure properly.
pkcs7.c: when streaming, free the decrypting content when adding data to
the stream fails.
2025-07-01 11:50:42 +10:00
Marco Oliverio
ae9ba6627c
fix(tests): enlarge readBuf in DTLS record tests
...
Increase readBuf to 256 bytes. Guard memcpy with EXPECT_SUCCESS().
2025-06-30 09:47:38 +02:00
Marco Oliverio
b1b49c9ffb
dtls13: always send ACKs on detected retransmission
...
Otherwise the connection can stall due the indefinite delay of an explicit ACK,
for exapmle:
-> client sends the last Finished message
<- server sends the ACK, but the ACK is lost
-> client rentrasmit the Finished message
- server delay sending of the ACK until a fast timeout
-> client rentrasmit the Finished message quicker than the server timeout
- server resets the timeout, delaying sending the ACK
-> client rentrasmit the Finished...
2025-06-16 14:19:32 +02:00
Marco Oliverio
59ff71f936
fixup! dtls13: move Dtls13NewEpoch into DeriveTls13Keys
2025-06-09 16:11:17 +02:00
Marco Oliverio
c1c1929e55
dtls13: move Dtls13NewEpoch into DeriveTls13Keys
...
Dlts13NewEpoch saves the keys currently derived in the ssl object.
Moving Dtls13NewEpoch inside DeriveTls13Keys avoid the risk of using the wrong
keys when creating a new Epoch.
This fixes at least he following scenario:
- Client has encryption epoch != 2 in the handshake (eg. due to rtx)
- Client derives traffic0 keys after receiving server Finished message
- Client set encryption epoch to 2 again to send the Finished message, this
override the traffic key computed
- Client creates the new epoch with the wrong key
2025-06-09 02:35:29 +02:00
Juliusz Sosinowicz
736a5e1f89
dtlsProcessPendingPeer: correctly set the current peer
2025-06-06 00:12:38 +02:00
Marco Oliverio
cbe1fb2c62
dtls: drop DTLS messages that span across datagrams
...
A new macro "WOLFSSL_DTLS_RECORDS_CAN_SPAN_DATAGRAMS" restores the old
behaviour.
2025-05-19 10:28:13 +02:00
Marco Oliverio
23b73bb298
test_memio: preserve write boundaries in reads
2025-05-19 10:25:24 +02:00
Marco Oliverio
22f41a8dbb
Drop DTLS packets with bogus minor version number
2025-05-15 19:50:36 +02:00
David Garske
25db14f50c
Fix macro typo.
2025-05-06 10:42:09 -07:00
David Garske
0f4ce03c28
Fixes for NO_AES_192 and NO_AES_256. Added CI test. Fixed bad BUILD_ logic for ADH-AES256-GCM-SHA384.
2025-05-05 14:36:36 -07:00
Daniel Pouzzner
bbbed009b2
tests/api/test_dtls.c: fix read of uninited data in test_dtls13_ack_order().
2025-04-19 01:57:51 -05:00
Juliusz Sosinowicz
43c564d48b
dtls13: send acks with correct record number order
2025-04-18 14:56:59 -05:00
Juliusz Sosinowicz
3cba5c6dc1
fixup! dtls13: additional epoch checks
2025-04-17 18:18:01 +02:00
Juliusz Sosinowicz
3f560036d6
dtls13: additional epoch checks
2025-04-17 18:18:01 +02:00
jordan
6f1c31a816
coverity: fix macro warning.
2025-02-19 11:29:45 -05:00
jordan
9a1d60100f
coverity: fix test_dtls warnings.
2025-02-19 09:38:15 -05:00
Daniel Pouzzner
690bb14203
tests/utils.c and tests/api/test_dtls.c: fixes for include order, re tests/unit.h.
2025-02-14 10:57:29 -06:00
David Garske
3075e57207
Whitespace and filename comment.
2025-02-14 09:51:29 -06:00
Juliusz Sosinowicz
21dce84448
Add negative tests for DTLS CID
2025-02-14 09:51:29 -06:00
Juliusz Sosinowicz
68c27c4e5d
Move dtls cid tests to tests/api/dtls.c
2025-02-14 09:51:29 -06:00