wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2026-01-27 05:42:19 +01:00
Code Issues Packages Projects Releases Wiki Activity
27,565 Commits 12 Branches 184 Tags
master
Commit Graph

19 Commits

Author SHA1 Message Date
Josh Holtrop
e7612ff36f Improve log message and error code for invalid HelloRetryRequest - fix #9653 2026-01-15 12:55:17 -05:00
Marco Oliverio
50b39c91da fixup! (d)tls13: check if early data is possible in write_early_data 2026-01-07 14:30:16 +01:00
David Garske
0fae0a7ba6 Merge pull request #9397 from rizlik/earlydata_want_write_fixes 
wolfssl: preserve early-data handling across WANT_WRITE retries
 2025-12-23 17:19:39 -08:00
Sean Parkinson
b766f11e7b TLS 1.3, plaintext alert: ignore when expecting encrypted 
In TLS 1.3, ignore valid unencrypted alerts that appear after encryption
has started.
Only ignore WOLFSSL_ALERT_COUNT_MAX-1 alerts.
 2025-12-23 09:09:06 +10:00
Marco Oliverio
38d8eb6f0d address reviewer's comments 2025-12-22 09:51:06 +01:00
Marco Oliverio
950c074c25 test: fix typo in structure field 2025-12-22 09:51:06 +01:00
Marco Oliverio
8de68decd2 test: tls13_early_data: test WANT_WRITE in early data 2025-12-22 09:51:06 +01:00
Marco Oliverio
609e30a69c test: tls13_early_data: refactor splitEarlyData test option 2025-12-22 09:51:06 +01:00
Juliusz Sosinowicz
f61bfd7805 Check KeyShare after HRR 2025-12-17 10:27:04 +01:00
Sean Parkinson
d3863e5fa3 TLS 1.3: duplicate extension alert code fix 
The specification states to return illegal_parameter when a message is
syntactically correct but semantically invalid. (RFC 8446 section 6,
Paragraph 5)
 2025-12-15 10:00:56 -08:00
Sean Parkinson
44be44a509 TLS 1.3 missing extension: return correct alert code 
Change TLS 1.3 handling to return missing_extension alert code when
 - KeyShare is present but SupportedGroups is missing and
 - SupportedGroups is present but KeyShare is missing

Added tests for this.
 2025-12-15 09:07:13 +10:00
Chris Conlon
fdec53c4c9 skip test_tls13_hrr_different_cs() test when WOLFSSL_TLS13_MIDDLEBOX_COMPAT is defined 2025-11-07 17:09:30 -07:00
Juliusz Sosinowicz
c14b1a0504 Validate cipher suite after HelloRetryRequest 
- Add validation to ensure the cipher suite in the ServerHello matches the one specified in the HelloRetryRequest.
- test_TLSX_CA_NAMES_bad_extension: use the same ciphersuite in HRR and SH
 2025-10-29 13:14:50 +01:00
Daniel Pouzzner
9cf08afbbb fixes for --disable-tls. 2025-10-16 18:50:06 -05:00
Sean Parkinson
c111c5bacc Regression testing 
x509.c: realloc may fail and therefore need to store result in a
temporary so the old pointer is not lost.

tls.c: free the name if it is not pushed on to the stack of peer CA
names. Failure to push can be from memory allocation failure.

aes.c: Don't compile XTS decrypt functions without HAVE_AES_DECRYPT.

Fix tests to have better pre-processor protection.
 2025-10-16 12:13:32 +10:00
Daniel Pouzzner
b4ee8869c8 Merge pull request #9246 from julek-wolfssl/gh/9240 
Abort connection if we are about to send the same CH
 2025-09-30 20:35:32 -05:00
Juliusz Sosinowicz
f798a585d9 Abort connection if we are about to send the same CH 2025-09-26 12:08:53 +02:00
Kareem
ec92f76dec Fix tests when building with PEM support disabled by using DER certs/keys. 2025-09-12 16:11:07 -07:00
Sean Parkinson
115d4d88c0 api.c: pull out TLS 1.3 specific tests 2025-08-26 09:05:46 +10:00