Commit Graph

59 Commits

Author SHA1 Message Date
Daniel Pouzzner e1c7385ccf wolfcrypt/test/test.c:
* in pbkdf2_test(), pwdbased_test(), and pkcs12_test(), add missing FIPS v7+
    gates around stanzas that use wc_PBKDF_max_iterations_set() and
    wc_PBKDF_max_iterations_get() or depend on erroring for excessive PBKDF
    iterations (fixes #10050);

  * in ecc_test_buffers(), omit new corrupt HMAC tag test on FIPS <v6 (fixes
    8f2a3f9563).

tests/api/test_dtls.c: add FIPS v7+ gate to test_dtls13_frag_ch2_with_ch1_rtx().

wolfssl/wolfcrypt/memory.h: #include "../../linuxkm/linuxkm_memory.h" rather than "linuxkm/linuxkm_memory.h", following pattern in wc_port.h.
2026-05-12 20:46:46 -05:00
rizlik 610fe743f3 dtls13: CH can't reset message seq after stateful 2026-04-29 17:37:12 +02:00
rizlik b580c05a1a dtls13: test that client do not rtx CH1 after HRR 2026-04-29 09:11:55 +02:00
Reda Chouk 1653ecd07e Fix DTLS 1.3 extSz out-of-bounds and word16 truncation on oversized certificate chains 2026-04-03 12:10:42 +02:00
Juliusz Sosinowicz 8b378bcfd1 fixup! DTLS1.3: Implement RFC 9147 legacy_session_id_echo requirements 2026-03-31 12:42:16 +02:00
Juliusz Sosinowicz 3b0b50e392 DTLS1.3: Implement RFC 9147 legacy_session_id_echo requirements 2026-03-31 12:42:16 +02:00
Marco Oliverio d1d6e587c0 test_dtls: remove bad char 2026-03-30 16:53:07 +02:00
Marco Oliverio ccfc95809b test: dtls13: add ack test 2026-03-26 15:11:31 +01:00
Marco Oliverio 1c83e24a7a dtls13: keep a counter for seenRecords list 2026-03-26 15:11:31 +01:00
Tobias Frauenschläger c3289f8aa9 Enable and use ML-KEM by default
* Enable ML-KEM by default in build systems (autoconf and CMake)
* Only allow three to-be-standardized hybrid PQ/T combinations by
  default
* Use X25519MLKEM768 as the default KeyShare in the ClientHello (if user
  does not override that). When Curve25519 is disabled, then either
  WOLFSSL_SECP384R1MLKEM1024 or WOLFSSL_SECP256R1MLKEM768 is used as
  default depending on the ECC configuration
* Disable standalone ML-KEM in supported groups by default (enable with
  --enable-tls-mlkem-standalone)
* Disable extra OQS-based hybrid PQ/T curves by default and gate
  behind --enable-experimental (enable with --enable-extra-pqc-hybrids)
* Reorder the SupportedGroups extension to reflect the preferences
* Reorder the preferredGroup array to also reflect the same preferences
* Add async support for ML-KEM hybrids
2026-03-18 10:48:16 +01:00
JacobBarthelmeh a156ed7bc7 update Copyright year 2026-02-18 09:52:21 -07:00
Juliusz Sosinowicz 429b690370 Address code review 2026-01-19 09:38:17 +01:00
Juliusz Sosinowicz 48067f1fa7 dtls 1.3: allow rtx interval to be less than a second 2026-01-19 09:32:09 +01:00
Marco Oliverio 540fae80ab test_dtls: test payload split when WOLFSSL_NO_DTLS_SIZE_CHECK 2025-12-22 13:41:33 +01:00
Marco Oliverio 988ba340ba address reviewer's comments 2025-12-18 10:28:54 +01:00
Marco Oliverio 0fa0fd2317 (d)tls: refactor wolfSSL_GetMaxFragSize(), simplify length computations 2025-12-16 10:46:29 +01:00
Marco Oliverio e9f3bd5ddd dtls: test precise header headroom computation 2025-12-16 10:00:30 +01:00
Juliusz Sosinowicz 6e826583a3 DTLS: Add tests for custom I/O callbacks and stateless handling with wolfio 2025-11-06 17:13:45 +01:00
Marco Oliverio 33be31aeea test: dtls: add description for WANT_WRITE tests 2025-11-03 13:43:33 +01:00
Marco Oliverio bb284247b3 test_dtls: change approach in want_write hs testing 2025-11-03 13:43:33 +01:00
Marco Oliverio 412a78261d test_dtls: increase coverage for non-blocking I/O 2025-11-03 13:43:33 +01:00
Marco Oliverio 6855325bf8 test: memio: simulate_want_write: block client on is_client == true 2025-11-03 13:43:33 +01:00
Marco Oliverio 17a08b9e36 test_dtls: return WANT_WRITE in DTLSv1.3 CH parsing 2025-11-03 13:43:33 +01:00
David Garske 8a6297d42b Merge pull request #9267 from julek-wolfssl/dtls-stricter-ordering
Add message order sanity checks
2025-10-10 10:26:34 -07:00
Juliusz Sosinowicz 6fbbdf9324 Add message order sanity checks
Reorganize test_dtls tests to use TEST_DECL_GROUP
Reorganize test_tls tests to use TEST_DECL_GROUP
2025-10-08 11:11:03 +02:00
JacobBarthelmeh 33030c2862 fix for macro guard in dtls test case 2025-10-07 16:27:18 -06:00
David Garske b3031d25ca Merge pull request #9255 from SparkiDev/tls13_cookie_hash
TLS 1.3 Cookie Hash: use stronger hash if no SHA-256
2025-10-07 08:51:26 -07:00
Juliusz Sosinowicz f6be6c8b6d Add timeout assertions to DTLS test 2025-10-06 18:23:16 +02:00
Juliusz Sosinowicz cd0d986016 Reset DTLS 1.3 timeout 2025-10-06 18:23:16 +02:00
Sean Parkinson e14cc3a34e TLS 1.3 Cookie Hash: use stronger hash if no SHA-256
Order of preference, based on algorithms compiled in, to use with HMAC
for TLS 1.3 cookie:
  1. SHA-256
  2. SHA-384
  3. SHA-512
  4. SM3

Make code compile and unittest pass when SHA-256 not compiled in.
Certificates used for testing require SHA-256 so handshake testing
fails.
2025-10-03 08:28:02 +10:00
Daniel Pouzzner 408e6f79f9 tests/api/test_dtls.c: add missing ExpectIntEQ() around wolfSSL_connect() in test_dtls_bogus_finished_epoch_zero();
wolfcrypt/test/test.c: fix gate for wc_DhGeneratePublic() test in dh_ffdhe_test() to properly exclude 5.3.0.
2025-10-02 14:38:05 -05:00
Daniel Pouzzner b3a5c96c56 Merge pull request #9205 from gasbytes/issue-9188
Prevent replaying ClientHello messages when Finished message are epoch 0
2025-09-30 20:44:09 -05:00
Juliusz Sosinowicz d8fd19feb8 DTLS SRTP should also do a cookie exchange since it uses UDP 2025-09-29 18:27:36 +02:00
Reda Chouk e3fbb24713 Fix malformed DTLS comment syntax 2025-09-22 12:59:30 +02:00
Reda Chouk 8f47b4bb08 Prevent DTLS clients from replaying ClientHello
messages when receiving bogus Finished messages in epoch 0 by
ensuring Finished messages are only ignored in encrypted epochs (1).
2025-09-18 14:41:12 +02:00
Juliusz Sosinowicz 0d532cc3f2 Test DTLS replay protection 2025-08-07 19:52:05 +02:00
JacobBarthelmeh 629c5b4cf6 updating license from GPLv2 to GPLv3 2025-07-10 16:11:36 -06:00
JacobBarthelmeh 77792ace65 Merge pull request #8945 from SparkiDev/mem_fail_fixes_2
Memory allocation failure testing fixes
2025-07-01 09:35:11 -06:00
Sean Parkinson 574de4b234 Memory allocation failure testing fixes
Fixes for test code to cleanup on failure properly.
pkcs7.c: when streaming, free the decrypting content when adding data to
the stream fails.
2025-07-01 11:50:42 +10:00
Marco Oliverio ae9ba6627c fix(tests): enlarge readBuf in DTLS record tests
Increase readBuf to 256 bytes. Guard memcpy with EXPECT_SUCCESS().
2025-06-30 09:47:38 +02:00
Marco Oliverio b1b49c9ffb dtls13: always send ACKs on detected retransmission
Otherwise the connection can stall due the indefinite delay of an explicit ACK,
for exapmle:

 -> client sends the last Finished message
<- server sends the ACK, but the ACK is lost
 -> client rentrasmit the Finished message
 - server delay sending of the ACK until a fast timeout
 -> client rentrasmit the Finished message quicker than the server timeout
 - server resets the timeout, delaying sending the ACK
 -> client rentrasmit the Finished...
2025-06-16 14:19:32 +02:00
Marco Oliverio 59ff71f936 fixup! dtls13: move Dtls13NewEpoch into DeriveTls13Keys 2025-06-09 16:11:17 +02:00
Marco Oliverio c1c1929e55 dtls13: move Dtls13NewEpoch into DeriveTls13Keys
Dlts13NewEpoch saves the keys currently derived in the ssl object.
Moving Dtls13NewEpoch inside DeriveTls13Keys avoid the risk of using the wrong
keys when creating a new Epoch.

This fixes at least he following scenario:

- Client has encryption epoch != 2 in the handshake (eg. due to rtx)

- Client derives traffic0 keys after receiving server Finished message

- Client set encryption epoch to 2 again to send the Finished message, this
   override the traffic key computed

- Client creates the new epoch with the wrong key
2025-06-09 02:35:29 +02:00
Juliusz Sosinowicz 736a5e1f89 dtlsProcessPendingPeer: correctly set the current peer 2025-06-06 00:12:38 +02:00
Marco Oliverio cbe1fb2c62 dtls: drop DTLS messages that span across datagrams
A new macro "WOLFSSL_DTLS_RECORDS_CAN_SPAN_DATAGRAMS" restores the old
behaviour.
2025-05-19 10:28:13 +02:00
Marco Oliverio 23b73bb298 test_memio: preserve write boundaries in reads 2025-05-19 10:25:24 +02:00
Marco Oliverio 22f41a8dbb Drop DTLS packets with bogus minor version number 2025-05-15 19:50:36 +02:00
David Garske 25db14f50c Fix macro typo. 2025-05-06 10:42:09 -07:00
David Garske 0f4ce03c28 Fixes for NO_AES_192 and NO_AES_256. Added CI test. Fixed bad BUILD_ logic for ADH-AES256-GCM-SHA384. 2025-05-05 14:36:36 -07:00
Daniel Pouzzner bbbed009b2 tests/api/test_dtls.c: fix read of uninited data in test_dtls13_ack_order(). 2025-04-19 01:57:51 -05:00