Mirrors/openssl
0
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2026-01-18 17:11:31 +01:00
Code Issues Packages Projects Releases Wiki Activity
38,724 Commits 37 Branches 420 Tags
feature/dtls-1.3
Commit Graph

38724 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Ryan Hooper
6e1904ce63 Addressing last commented out SSLAPITests for DTLS1.3 
The Authentication and Integrity only ciphers and when DTLS1.3
payload padding have been enabled with this change.

The tls13_add_record_padding function was updated to make sure
there is always 16 bytes of encrypted data.

If authentication and integrity only cipher is used the code
was updated to not call Sequence Number encrypt.

Fixes: openssl/project#1700
Fixes: openssl/project#1702

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Frederik Wedel-Heinen <fwh.openssl@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
MergeDate: Thu Jan  8 10:01:39 2026
(Merged from https://github.com/openssl/openssl/pull/29448)
 2026-01-08 11:01:37 +01:00
Frederik Wedel-Heinen
6b2bddd94d Run test cases that were previously skipped for DTLS 1.3. 
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
MergeDate: Wed Jan  7 09:11:11 2026
(Merged from https://github.com/openssl/openssl/pull/29501)
 2025-12-25 09:11:03 +01:00
Ryan Hooper
0a2f79a6dd Updating the DTLS Proxy ACK test to wait for the New Session ACK 
Updated the DTLS 1.3 ACK tests that use the proxy to wait until
the ACK for the New Session Ticket is recieved.

Also updated some proxy tests now that the sessionfile can be
used and the DTLS1.3 client will shut down properly. This happens
because the Proxy sends a Close Notify Alert.

Also resolving a DTLS Proxy issue where the Proxy was not
taking into account the second fragment for a record and the
Handshake/Record Header.

Fixes: openssl/project#1669

Reviewed-by: Frederik Wedel-Heinen <fwh.openssl@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29221)
 2025-12-18 15:54:57 +01:00
Ryan Hooper
e847e74b76 Fixing comment out tests for DTLS1.3 in sslapitest 
Several tests where commented out for the behavior of DTLS1.3 is
different then TLS1.3. The main difference is around the ACK
message. This means some tests needed to be massaged to for
the peer to ACK to a certain message.

This PR does not remove all TODO's for DTLS1.3. Currently there
are two TODOs. One around padding for messages less than 16
bytes and one for authentication and integrity only messages.

Also this PR still has a lot of memory leaks. Looking into it
it has to deal with how new record layers are allocated for
new epochs. Because record layers are also stored in a list of
messages sent in case they need to be resent it wasn't a simple
fix. I feel like the memory leaks should be tackled in a
separate PR.

Fixes: https://github.com/openssl/project/issues/1667

Reviewed-by: Frederik Wedel-Heinen <fwh.openssl@gmail.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29067)
 2025-12-18 15:54:57 +01:00
Ryan Hooper
a70ff7ca8c Fixes the DTLS MTU test 
When calling DTLS_get_data_mtu the function was not taking
into account the extra byte after the data which contains
the content type.

Fixes: https://github.com/openssl/project/issues/1668

Reviewed-by: Frederik Wedel-Heinen <fwh.openssl@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29081)
 2025-12-18 15:54:57 +01:00
Frederik Wedel-Heinen
7c1a812a3e Adds AES-128-ECB to ossltest provider to be able to reenable DTLS 1.3 ACK tests. 
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28926)
 2025-12-18 15:54:57 +01:00
Tomas Mraz
548a91a940 DTLS1.3: Disable tests that currently fail 
With added TODO(DTLSv1.3) comments

Reviewed-by: Frederik Wedel-Heinen <fwh.openssl@gmail.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28455)
 2025-12-18 15:54:57 +01:00
Frederik Wedel-Heinen
2c76b09150 Fixes of tests for DTLS-1.3 
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28455)
 2025-12-18 15:54:57 +01:00
Frederik Wedel-Heinen
914bd289e8 TLS-1.3 specific sigalgs should be supported in DTLS-1.3 
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28455)
 2025-12-18 15:54:57 +01:00
Tomas Mraz
36e6d460da sigalg_constants_list: Add DTLS1_3_VERSION to applicable sigalgs 
Reviewed-by: Frederik Wedel-Heinen <fwh.openssl@gmail.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28455)
 2025-12-18 15:54:57 +01:00
Frederik Wedel-Heinen
b29c176415 Support OSCP responses for DTLS 1.3 
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28455)
 2025-12-18 15:54:57 +01:00
Tomas Mraz
c48fa552a5 Use non-PQC key share for DTLS-1.3 TLSProxy tests 
Reviewed-by: Frederik Wedel-Heinen <fwh.openssl@gmail.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28455)
 2025-12-18 15:54:57 +01:00
Tomas Mraz
da81907c2b 70-test_sslrecords.t: Fix indentation 
Reviewed-by: Frederik Wedel-Heinen <fwh.openssl@gmail.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28455)
 2025-12-18 15:54:57 +01:00
Frederik Wedel-Heinen
d86d69975d Minor style changes and check sequence for wraparound 
We check the TLS sequence number for wraparound elsewhere,
this adds the check to TLS multiblock writes as well.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25119)
 2025-12-18 15:54:57 +01:00
Frederik Wedel-Heinen
89dbcfcc2d Fixes an issue were dropped records sent from server was not retransmitted. 
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25119)
 2025-12-18 15:54:57 +01:00
Frederik Wedel-Heinen
f02a123988 Adds DTLS 1.3 ACK message functionality 
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25119)
 2025-12-18 15:54:57 +01:00
Frederik Wedel-Heinen
c783335de6 Revert changes to ssl_version_cmp() to avoid calling assert on non-sane inputs 
The function can be called with arbitrary inputs.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28000)
 2025-12-18 15:54:57 +01:00
Frederik Wedel-Heinen
795d3b0677 Duplicate TLS 1.3 sslapitests for DTLS 1.3 
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26912)
 2025-12-18 15:54:57 +01:00
Frederik Wedel-Heinen
8b2845b655 test_server_mtu_larger_than_max_fragment_length() should be run for DTLS 1.3 
Previously it was forced to run on DTLS 1.2>. But the underlying issue was fixed on master and it works now that the feature branch has been rebased on top of a more recent master.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26574)
 2025-12-18 15:54:57 +01:00
Frederik Wedel-Heinen
a9789b13a5 Support DTLS 1.3 Unified Headers 
Also set correct AAD for DTLS 1.3 message de-/encryption.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25668)
 2025-12-18 15:54:57 +01:00
Frederik Wedel-Heinen
41b511e335 Adds a workaround for false negative test results with TLSProxy 
The server is not able to shut down correctly
when the client sends an alert in epoch 0 and the
server has sent its Finished message.
As a workaround we accept a bad exit code for a failing
DTLS test run.

Fixes #26915

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26922)
 2025-12-18 15:54:57 +01:00
Frederik Wedel-Heinen
340762d5d3 TLSProxy: Handle partial messages with DTLS 
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26532)
 2025-12-18 15:54:57 +01:00
Frederik Wedel-Heinen
e44454e269 Reduce the number of mallocs in dtls1_new() by allocating message queues together with the d1 struct. 
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26150)
 2025-12-18 15:54:57 +01:00
Frederik Wedel-Heinen
a55cc9aafc This change fixes an issue where a DTLS 1.3 would calculate a wrong transcript hash. 
A wrong transcript hash was calculated when the client received a HRR which caused interop failures with WolfSSL. This change also refactors the internal calls to ssl3_finish_mac() that no longer requires the "incl_hdr" argument.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26465)
 2025-12-18 15:54:57 +01:00
Frederik Wedel-Heinen
4a08d18737 Sequence number cipher context is NULL for TLS connections 
Fix memory sanitizer report of use of uninitialized variable: be explicit
that sequence number cipher context is NULL for TLS connections when
calling ssl_set_new_record_layer().

Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Hugo Landau <hlandau@devever.net>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26401)
 2025-12-18 15:54:57 +01:00
Frederik Wedel-Heinen
fdd02b72e3 Check result of set_protocol_version() and use the version passed as argument 
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26226)
 2025-12-18 15:54:56 +01:00
Frederik Wedel-Heinen
7238620824 Avoid mallocing unprocessed_rcds and processed_rcds in dtls record layer 
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26211)
 2025-12-18 15:54:56 +01:00
Frederik Wedel-Heinen
6e80e7e994 Fix DTLS 1.3 handshake transcript hash 
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26035)
 2025-12-18 15:54:56 +01:00
Frederik Wedel-Heinen
f9cdccb4e0 DTLS 1.3 record number encryption 
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23511)
 2025-12-18 15:54:56 +01:00
Frederik Wedel-Heinen
62fb518914 Support dtls 1.3 downgrade mechanism 
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23320)
 2025-12-18 15:54:56 +01:00
Frederik Wedel-Heinen
24ea63ce59 Update epochs when changing key and cipher state for dtls 1.3 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23229)
 2025-12-18 15:54:56 +01:00
Frederik Wedel-Heinen
75a6daa3e5 Refactor handshake msg header parsing etc. 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24607)
 2025-12-18 15:54:56 +01:00
Frederik Wedel-Heinen
eb3dd826e8 Fix SCTP todo 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24605)
 2025-12-18 15:54:56 +01:00
Frederik Wedel-Heinen
a351d67c4c Run 70-test_tls13certcomp.t with dtls 
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24525)
 2025-12-18 15:54:56 +01:00
Frederik Wedel-Heinen
0be56c45a9 Run 70-test_tls13kexmodes.t with dtls 
It is currently unsupported because of missing support in TLSProxy.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24525)
 2025-12-18 15:54:56 +01:00
Frederik Wedel-Heinen
2e13d7339e Run 70-test_tls13messages.t with dtls 
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24525)
 2025-12-18 15:54:56 +01:00
Frederik Wedel-Heinen
ab479d7169 Add support for running 70-test_tls13psk.t with dtls 
Has to be currently disabled because it fails.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24525)
 2025-12-18 15:54:56 +01:00
Frederik Wedel-Heinen
6607b4345e Run 70-test_tls13hrr.t with dtls 
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24525)
 2025-12-18 15:54:56 +01:00
Frederik Wedel-Heinen
d9c913731c Run 70-test_tls13cookie.t with dtls 
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24525)
 2025-12-18 15:54:56 +01:00
Frederik Wedel-Heinen
b1cd19d99f Run 70-test_tls13alerts.t with dtls 
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24525)
 2025-12-18 15:54:56 +01:00
Frederik Wedel-Heinen
db560ade8c Fix an assertion failure which happens when a DTLS 1.3 client receives a HelloVerifyRequest. 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24509)
 2025-12-18 15:54:56 +01:00
Frederik Wedel-Heinen
b10580efb6 Use WPACKET in dtls1_do_write() 
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24426)
 2025-12-18 15:54:56 +01:00
Frederik Wedel-Heinen
e4771cce5f Place start of ClientHello correctly when calculating binder for DTLS 1.3 
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24426)
 2025-12-18 15:54:56 +01:00
Frederik Wedel-Heinen
089b3ef763 Re-enable mtu assertion which previously failed for DTLS 1.3 
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24524)
 2025-12-18 15:54:56 +01:00
Frederik Wedel-Heinen
7f9d73e1b4 Refactor code and fix a couple of missing DTLSv1.3 checks. 
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24345)
 2025-12-18 15:54:56 +01:00
Frederik Wedel-Heinen
e6f126bd28 Add design document for DTLS 1.3 implementation 
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23041)
 2025-12-18 15:54:56 +01:00
Frederik Wedel-Heinen
1275fd9ff5 Run test_cookie() test with DTLS 1.3 
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24425)
 2025-12-18 15:54:56 +01:00
Frederik Wedel-Heinen
0529b0046b Adds DTLSv1.3 to protocol_version.pm for additional protocol version tests. 
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23242)
 2025-12-18 15:54:56 +01:00
Frederik Wedel-Heinen
54aec63b9f Continue processing cookieless client hellos for dtls1.3 
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22400)
 2025-12-18 15:54:56 +01:00
Frederik Wedel-Heinen
c8d4f8fca5 Fix description of version field of ssl connection struct 
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22937)
 2025-12-18 15:54:56 +01:00