Frederik Wedel-Heinen
bf5269e995
Continue processing cookieless client hellos for dtls1.3
...
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22400 )
2024-05-16 18:31:06 +02:00
Frederik Wedel-Heinen
55ef7d4915
Fix description of version field of ssl connection struct
...
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22937 )
2024-05-16 18:28:34 +02:00
Frederik Wedel-Heinen
a30510d35c
Mention brainpoolP256r1tls13, brainpoolP384r1tls13, brainpoolP512r1tls13 in SSL_CONF_cmd.pod
...
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22363 )
2024-05-14 15:50:59 +02:00
Frederik Wedel-Heinen
ff8e63d087
Updates SSL_CONF_cmd.pod to be explicit when features are for both TLS and DTLS
...
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22363 )
2024-05-14 15:49:31 +02:00
Frederik Wedel-Heinen
873ef80f6f
Update documentation for DTLS1.3
...
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22363 )
2024-05-14 15:49:31 +02:00
Frederik Wedel-Heinen
5b536e98c2
Correct traces for certificates in dtls13
...
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22935 )
2024-05-14 15:31:54 +02:00
Frederik Wedel-Heinen
e1bd225a5d
Clear old messages from queues in order to avoid leaks of record layer objects.
...
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22275 )
2024-05-10 09:01:07 +01:00
Frederik Wedel-Heinen
35306a2929
Disable middlebox for dtls
...
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22275 )
2024-05-10 09:01:07 +01:00
Frederik Wedel-Heinen
5044c68c37
Check that both tls1.3 and dtls1.3 is disabled before removing code from compilation path.
...
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22275 )
2024-05-10 09:01:07 +01:00
Frederik Wedel-Heinen
a1a5d43753
Fix test_ssl_new tests
...
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22275 )
2024-05-10 09:01:07 +01:00
Frederik Wedel-Heinen
e569730ba3
Run some failing tests with DTLS1.2
...
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22275 )
2024-05-10 09:01:07 +01:00
Frederik Wedel-Heinen
19e072e543
Fix renegotiation check that was added in https://github.com/openssl/openssl/pull/24161
...
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22275 )
2024-05-10 09:01:07 +01:00
Frederik Wedel-Heinen
78bbf9a864
Fix version check to avoid unsupported protocol error in ssl_choose_server_version()
...
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22275 )
2024-05-10 08:54:30 +01:00
Frederik Wedel-Heinen
28d3158e37
Update DTLS version tests
...
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22275 )
2024-05-10 08:54:30 +01:00
Frederik Wedel-Heinen
be225d0093
Remove obsolete TODO and guards for post handshake authentication in DTLS 1.3
...
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22275 )
2024-05-10 08:54:30 +01:00
Frederik Wedel-Heinen
3a9148e0cd
Update dtls max version
...
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22275 )
2024-05-10 08:54:30 +01:00
Frederik Wedel-Heinen
e554c01533
Fix sanity tests for ssl_version_cmp for dtls 1.3 branch
...
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24293 )
2024-05-01 15:24:45 +02:00
Frederik Wedel-Heinen
49c1e660d7
Sanity tests of inputs to ssl_version_cmp
...
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24293 )
2024-05-01 15:24:45 +02:00
Frederik Wedel-Heinen
d6e88b0a71
Fix ssl_lib functions for dtls 1.3
...
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22378 )
2024-04-30 16:37:10 +02:00
Frederik Wedel-Heinen
789f7c6540
tls_post_encryption_processing_default() and tls_validate_record_header()
...
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22376 )
2024-04-26 17:17:10 +02:00
Frederik Wedel-Heinen
553fcfbff6
Fix session print for dtls1.3
...
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22936 )
2024-04-23 11:57:05 +01:00
Frederik Wedel-Heinen
988952dd3f
Update session id and ticket logic for dtls13
...
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22936 )
2024-04-23 11:57:05 +01:00
Frederik Wedel-Heinen
00ff4b9a7e
Removes an mtu assertion that fails
...
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22401 )
2024-04-23 11:57:05 +01:00
Frederik Wedel-Heinen
d9b01b9a66
Support TLS1.3 sigalg logic in DTLS1.3
...
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22380 )
2024-04-23 11:57:05 +01:00
Frederik Wedel-Heinen
cd8226fbbf
Handle alerts similarly in dtls1_read_bytes() as done in ssl3_read_bytes()
...
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22360 )
2024-04-23 11:57:05 +01:00
Frederik Wedel-Heinen
c88ec0c693
Make similar changes to dtls1_do_write() for dtls1.3 as in ssl3_do_write() for tls1.3
...
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22360 )
2024-04-23 11:57:05 +01:00
Frederik Wedel-Heinen
0aae70fc38
Adds some more changes dtls specific functions to make them more in sync with their tls counterparts.
...
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22360 )
2024-04-23 11:57:05 +01:00
Frederik Wedel-Heinen
8f18467241
Make dtls1.3 changes to dtls1_read_bytes and do_dtls1_write which matches ssl3_read_bytes and ssl3_write_bytes
...
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22360 )
2024-04-23 11:57:05 +01:00
Frederik Wedel-Heinen
a49ffb7c4c
Don't allow renegotiation for DTLS 1.3
...
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22362 )
2024-04-23 11:57:05 +01:00
Frederik Wedel-Heinen
c1440548fd
Adds dtls 1.3 support in TLS::Proxy
...
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23375 )
2024-04-23 11:57:05 +01:00
Frederik Wedel-Heinen
2ccbedf081
Support TLS 1.3 kexs and groups with DTLS 1.3
...
SSL_CONNECTION_IS_VERSION13 macro is used where appropriate.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22364 )
2024-04-23 11:57:05 +01:00
Frederik Wedel-Heinen
e0490029c1
Fix wrong dtls 1 and 1.2 version check
...
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22366 )
2024-04-23 11:57:05 +01:00
Frederik Wedel-Heinen
1bd689ab65
Do DTLS13 and TLS13 connection version check in one macro
...
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22366 )
2024-04-23 11:57:05 +01:00
Frederik Wedel-Heinen
2496f91d4e
Fix sending session ids in DTLS-1.3
...
DTLS 1.3 session id must not be sent by client unless
it has a cached id. And DTLS 1.3 servers must not echo
a session id from a client.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22366 )
2024-04-23 11:57:05 +01:00
Frederik Wedel-Heinen
e758f33cb0
Update tls state machine logic to support dtls1.3 alongside tls1.3
...
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22366 )
Updated the logic in ssl_cipher_list_to_bytes to take account of the changes
from PR#24161
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24226 )
2024-04-23 11:57:05 +01:00
Frederik Wedel-Heinen
d58372517c
Fix protocol list for cmd_Protocol()
...
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22273 )
2024-04-23 11:57:05 +01:00
Frederik Wedel-Heinen
7b941560d7
Add dtls1.3 to ssl_protocol_to_string()
...
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22273 )
2024-04-23 11:57:05 +01:00
Frederik Wedel-Heinen
f03867e41c
Adds DTLS1.3 to ssl protocol to text structs
...
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22273 )
2024-04-23 11:57:05 +01:00
Frederik Wedel-Heinen
65e93084a6
Determine which label prefix to use based on if the connection is dtls
...
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22416 )
2024-04-23 11:57:05 +01:00
Frederik Wedel-Heinen
0445518928
Use dtls1.3 cryptographic label prefix as dictated by RFC 9147 section 5.9
...
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22416 )
2024-04-23 11:57:05 +01:00
Frederik Wedel-Heinen
9fc5ec8e6b
Support TLS1.3 extensions with DTLS1.3
...
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22261 )
2024-04-23 11:57:05 +01:00
Frederik Wedel-Heinen
a37a32b150
Print session ticket for dtls 1.3 as well.
...
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22260 )
2024-04-23 11:57:05 +01:00
Frederik Wedel-Heinen
580612f38d
Adds DTLS 1.3 functionality to s_client and s_server documentation.
...
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22260 )
2024-04-23 11:57:05 +01:00
Frederik Wedel-Heinen
b0aa6081e2
Integrate dtls1.3 in s_client and s_server
...
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22260 )
2024-04-23 11:57:05 +01:00
Frederik Wedel-Heinen
03148562b4
Remove compile guards for dtls1.3 method implementations
...
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22259 )
2024-04-23 11:57:05 +01:00
Frederik Wedel-Heinen
e38112066f
Adds initial dtls 1.3 structs and definitions
...
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22259 )
2024-04-23 11:57:05 +01:00
shridhar kalavagunta
264ff64b94
Invoke tear_down when exiting test_encode_tls_sct() prematurely
...
Fixes #24121
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24222 )
2024-04-23 11:33:42 +02:00
Logan Upchurch
5454ef7cb3
crypto/threads_pthread.c: Fix typos found by codespell
...
CLA: trivial
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24206 )
2024-04-23 11:26:29 +02:00
Hubert Kario
9816127463
Be more explicit about RSAES-PKCS#1v1.5 error handling
...
And add a note how to perform side-channel free error stack handling.
Signed-off-by: Hubert Kario <hkario@redhat.com>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24159 )
2024-04-22 15:56:40 +02:00
Tim Perry
972ee925b1
Use empty renegotiate extension instead of SCSV for TLS > 1.0
...
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24161 )
2024-04-22 13:23:28 +01:00