Commit Graph

16 Commits

Author SHA1 Message Date
Jeremiah Mackey 3d489d1c10 tests 2026-05-07 02:33:58 +00:00
Juliusz Sosinowicz ff60134ff0 tests: add TLS 1.3 ticket age out-of-window test (F-1824)
DoClientTicketCheck's ticket-age bounds (-1000 ms low bound and
MAX_TICKET_AGE_DIFF*1000+1000 ms high bound) were never exercised by
any integration test, so mutations of the constants went undetected.
Establish a TLS 1.3 session, read the NewSessionTicket, then shift the
client's cached ageAdd by well over 1 second so the server's
unobfuscated diff falls outside the valid window on resumption. The
server must reject the PSK — session_reused stays 0.
2026-04-27 14:03:14 +02:00
Juliusz Sosinowicz 2df4936092 tests: add HRR cipher-suite mismatch negative test (F-2126)
DoTls13ClientHello enforces RFC 8446 Section 4.1.4 by comparing the
cipher suite in the second ClientHello to the hrrCipherSuite cached on
the server from the HelloRetryRequest. No existing test covers the
mismatch branch, so a deletion of the check would silently allow a
client to switch cipher suite between CH1 and CH2. Drive a partial
handshake until the server has emitted the HRR, then flip the cached
hrrCipherSuite on the server; processing CH2 must surface
INVALID_PARAMETER.
2026-04-27 14:03:13 +02:00
Juliusz Sosinowicz 920e175dd6 tests: add SCR verify_data mismatch test (F-2913, F-2914)
Cover both branches of TLSX_SecureRenegotiation_Parse's ConstantCompare
against the cached Finished verify_data: a single memio test loops
over client-side and server-side corruption, renegotiates, and
asserts the offending peer surfaces SECURE_RENEGOTIATION_E.
2026-04-27 14:03:13 +02:00
Juliusz Sosinowicz d97d0370d1 tests: add TLS 1.3 null cipher HMAC negative test (F-2916)
Tls13IntegrityOnly_Decrypt was completely untouched by existing tests,
so any mutation of its ConstantCompare would pass CI. Add a memio
TLS 1.3 handshake over TLS13-SHA256-SHA256 (integrity-only NULL cipher),
then corrupt the final byte of the next record body via an IORecv
wrapper and assert the server surfaces DECRYPT_ERROR.
2026-04-27 14:03:13 +02:00
Juliusz Sosinowicz 01cc5b1655 tests: add ChaCha20-Poly1305 AEAD tag negative test (F-2921)
Cover the Poly1305 ConstantCompare tag check in ChachaAEADDecrypt that
no existing test was hitting (VERIFY_MAC_ERROR never expected in the
suite). A memio-based TLS 1.2 handshake over
ECDHE-RSA-CHACHA20-POLY1305 completes, the server's IORecv is then
replaced with a wrapper that flips the final byte of the next record
body so the forged Poly1305 tag no longer matches. The server's
wolfSSL_read must surface VERIFY_MAC_ERROR.
2026-04-27 14:03:13 +02:00
Juliusz Sosinowicz ef73b3b233 tests: add EMS resumption downgrade negative test (F-2915)
Covers the HandleResumeHistory check that RFC 7627 Section 5.3 requires:
if the original session used Extended Master Secret, the server MUST
abort when a resumption ClientHello is received without EMS. The new
memio test performs a TLS 1.2 handshake with EMS, saves the session,
disables EMS on a fresh client, resumes with the saved session, and
asserts the server returns EXT_MASTER_SECRET_NEEDED_E.
2026-04-27 14:03:13 +02:00
Eric Blankenhorn be7f934157 Add test case 2026-02-26 10:18:31 -06:00
JacobBarthelmeh a156ed7bc7 update Copyright year 2026-02-18 09:52:21 -07:00
Andrew Hutchings f31ed0d0cd Fix logic bug in TLSX_TCA_Find causing incorrect Trusted CA matching
The while loop conditions in TLSX_TCA_Find were inverted, causing two
bugs: the loop short-circuited on type match alone without checking the
id content, and the XMEMCMP sense was reversed (continuing on match,
stopping on mismatch). This meant any TCA entry with a matching type
would be returned as a match regardless of whether the identifier
actually matched.

Restructure the loop to correctly require both type and id (size +
content) to match before returning an entry, and to match any entry
immediately for PRE_AGREED type.

Add test_TLSX_TCA_Find unit test exercising exact match, mismatched id,
and PRE_AGREED cases via memio handshake.
2026-02-17 10:35:54 +00:00
Mattia Moffa 3bdb43eb6a Add support for certificate_authorities extension in ClientHello 2025-09-17 15:33:05 +02:00
JacobBarthelmeh 629c5b4cf6 updating license from GPLv2 to GPLv3 2025-07-10 16:11:36 -06:00
Juliusz Sosinowicz 5e7ef142e8 Refactor GetHandshakeHeader/GetHandShakeHeader into one 2025-05-20 13:23:14 +02:00
Juliusz Sosinowicz ab64597b62 fixup! Move extended master secret testing to test_tls_ext 2025-04-09 14:36:34 +02:00
Juliusz Sosinowicz f15ff6861c TLS EMS: Set haveEMS when we negotiate TLS 1.3 2025-04-09 14:36:34 +02:00
Juliusz Sosinowicz 2c585d73c8 Move extended master secret testing to test_tls_ext 2025-04-09 14:36:34 +02:00