Eric Blankenhorn
4b09fb36d9
Add test test_tls13_derive_keys_no_key
2026-03-09 09:49:37 -06:00
Daniel Pouzzner
2655c436da
Merge pull request #9861 from JacobBarthelmeh/f360
...
additional sanity check on number of groups passed to set groups func…
2026-03-06 22:23:40 -06:00
JacobBarthelmeh
013e2c8fdf
remove special characters, use simple ASCII characters
2026-03-06 17:22:25 -07:00
Tobias Frauenschläger
a2622746cd
Error out in case of unknown extensions in response message in TLS 1.3
2026-03-06 17:09:49 +01:00
Tobias Frauenschläger
11fc781d0d
Treat alerts as fatal errors regardless of level in TLS1.3
2026-03-05 18:21:02 +01:00
JacobBarthelmeh
be245dc4d7
adjust macro guard on test case
2026-03-04 11:20:08 -07:00
JacobBarthelmeh
6b3dec4898
additional sanity check on number of groups passed to set groups function
2026-03-04 10:20:09 -07:00
Marco Oliverio
20eeba3d89
test: tls13: add wolfSSL_set1_sigalgs_list test
2026-02-25 12:10:48 +01:00
JacobBarthelmeh
a156ed7bc7
update Copyright year
2026-02-18 09:52:21 -07:00
Anthony Hu
c3c9acc5bf
Middle box compatibility compliance.
2026-02-13 10:28:12 -05:00
Sean Parkinson
bc9e37118e
Regression test fixes
...
Mostly combinations of NO_WOLFSSL_CLIENT, NO_WOLFSSL_SERVER and
WOLFSSL_NO_CLIENT_AUTH were failing.
Added configurations to CI loop.
wc_AesGcmDecryptFinal: use WC_AES_BLOCK_SIZE to satisfy compiler.
2026-01-28 07:37:29 +10:00
Josh Holtrop
e7612ff36f
Improve log message and error code for invalid HelloRetryRequest - fix #9653
2026-01-15 12:55:17 -05:00
Marco Oliverio
50b39c91da
fixup! (d)tls13: check if early data is possible in write_early_data
2026-01-07 14:30:16 +01:00
David Garske
0fae0a7ba6
Merge pull request #9397 from rizlik/earlydata_want_write_fixes
...
wolfssl: preserve early-data handling across WANT_WRITE retries
2025-12-23 17:19:39 -08:00
Sean Parkinson
b766f11e7b
TLS 1.3, plaintext alert: ignore when expecting encrypted
...
In TLS 1.3, ignore valid unencrypted alerts that appear after encryption
has started.
Only ignore WOLFSSL_ALERT_COUNT_MAX-1 alerts.
2025-12-23 09:09:06 +10:00
Marco Oliverio
38d8eb6f0d
address reviewer's comments
2025-12-22 09:51:06 +01:00
Marco Oliverio
950c074c25
test: fix typo in structure field
2025-12-22 09:51:06 +01:00
Marco Oliverio
8de68decd2
test: tls13_early_data: test WANT_WRITE in early data
2025-12-22 09:51:06 +01:00
Marco Oliverio
609e30a69c
test: tls13_early_data: refactor splitEarlyData test option
2025-12-22 09:51:06 +01:00
Juliusz Sosinowicz
f61bfd7805
Check KeyShare after HRR
2025-12-17 10:27:04 +01:00
Sean Parkinson
d3863e5fa3
TLS 1.3: duplicate extension alert code fix
...
The specification states to return illegal_parameter when a message is
syntactically correct but semantically invalid. (RFC 8446 section 6,
Paragraph 5)
2025-12-15 10:00:56 -08:00
Sean Parkinson
44be44a509
TLS 1.3 missing extension: return correct alert code
...
Change TLS 1.3 handling to return missing_extension alert code when
- KeyShare is present but SupportedGroups is missing and
- SupportedGroups is present but KeyShare is missing
Added tests for this.
2025-12-15 09:07:13 +10:00
Chris Conlon
fdec53c4c9
skip test_tls13_hrr_different_cs() test when WOLFSSL_TLS13_MIDDLEBOX_COMPAT is defined
2025-11-07 17:09:30 -07:00
Juliusz Sosinowicz
c14b1a0504
Validate cipher suite after HelloRetryRequest
...
- Add validation to ensure the cipher suite in the ServerHello matches the one specified in the HelloRetryRequest.
- test_TLSX_CA_NAMES_bad_extension: use the same ciphersuite in HRR and SH
2025-10-29 13:14:50 +01:00
Daniel Pouzzner
9cf08afbbb
fixes for --disable-tls.
2025-10-16 18:50:06 -05:00
Sean Parkinson
c111c5bacc
Regression testing
...
x509.c: realloc may fail and therefore need to store result in a
temporary so the old pointer is not lost.
tls.c: free the name if it is not pushed on to the stack of peer CA
names. Failure to push can be from memory allocation failure.
aes.c: Don't compile XTS decrypt functions without HAVE_AES_DECRYPT.
Fix tests to have better pre-processor protection.
2025-10-16 12:13:32 +10:00
Daniel Pouzzner
b4ee8869c8
Merge pull request #9246 from julek-wolfssl/gh/9240
...
Abort connection if we are about to send the same CH
2025-09-30 20:35:32 -05:00
Juliusz Sosinowicz
f798a585d9
Abort connection if we are about to send the same CH
2025-09-26 12:08:53 +02:00
Kareem
ec92f76dec
Fix tests when building with PEM support disabled by using DER certs/keys.
2025-09-12 16:11:07 -07:00
Sean Parkinson
115d4d88c0
api.c: pull out TLS 1.3 specific tests
2025-08-26 09:05:46 +10:00