Commit Graph

80 Commits

Author SHA1 Message Date
Eric Blankenhorn 4b09fb36d9 Add test test_tls13_derive_keys_no_key 2026-03-09 09:49:37 -06:00
Daniel Pouzzner 2655c436da Merge pull request #9861 from JacobBarthelmeh/f360
additional sanity check on number of groups passed to set groups func…
2026-03-06 22:23:40 -06:00
JacobBarthelmeh 013e2c8fdf remove special characters, use simple ASCII characters 2026-03-06 17:22:25 -07:00
Tobias Frauenschläger a2622746cd Error out in case of unknown extensions in response message in TLS 1.3 2026-03-06 17:09:49 +01:00
Tobias Frauenschläger 11fc781d0d Treat alerts as fatal errors regardless of level in TLS1.3 2026-03-05 18:21:02 +01:00
JacobBarthelmeh be245dc4d7 adjust macro guard on test case 2026-03-04 11:20:08 -07:00
JacobBarthelmeh 6b3dec4898 additional sanity check on number of groups passed to set groups function 2026-03-04 10:20:09 -07:00
Marco Oliverio 20eeba3d89 test: tls13: add wolfSSL_set1_sigalgs_list test 2026-02-25 12:10:48 +01:00
JacobBarthelmeh a156ed7bc7 update Copyright year 2026-02-18 09:52:21 -07:00
Anthony Hu c3c9acc5bf Middle box compatibility compliance. 2026-02-13 10:28:12 -05:00
Sean Parkinson bc9e37118e Regression test fixes
Mostly combinations of NO_WOLFSSL_CLIENT, NO_WOLFSSL_SERVER and
WOLFSSL_NO_CLIENT_AUTH were failing.
Added configurations to CI loop.

wc_AesGcmDecryptFinal: use WC_AES_BLOCK_SIZE to satisfy compiler.
2026-01-28 07:37:29 +10:00
Josh Holtrop e7612ff36f Improve log message and error code for invalid HelloRetryRequest - fix #9653 2026-01-15 12:55:17 -05:00
Marco Oliverio 50b39c91da fixup! (d)tls13: check if early data is possible in write_early_data 2026-01-07 14:30:16 +01:00
David Garske 0fae0a7ba6 Merge pull request #9397 from rizlik/earlydata_want_write_fixes
wolfssl: preserve early-data handling across WANT_WRITE retries
2025-12-23 17:19:39 -08:00
Sean Parkinson b766f11e7b TLS 1.3, plaintext alert: ignore when expecting encrypted
In TLS 1.3, ignore valid unencrypted alerts that appear after encryption
has started.
Only ignore WOLFSSL_ALERT_COUNT_MAX-1 alerts.
2025-12-23 09:09:06 +10:00
Marco Oliverio 38d8eb6f0d address reviewer's comments 2025-12-22 09:51:06 +01:00
Marco Oliverio 950c074c25 test: fix typo in structure field 2025-12-22 09:51:06 +01:00
Marco Oliverio 8de68decd2 test: tls13_early_data: test WANT_WRITE in early data 2025-12-22 09:51:06 +01:00
Marco Oliverio 609e30a69c test: tls13_early_data: refactor splitEarlyData test option 2025-12-22 09:51:06 +01:00
Juliusz Sosinowicz f61bfd7805 Check KeyShare after HRR 2025-12-17 10:27:04 +01:00
Sean Parkinson d3863e5fa3 TLS 1.3: duplicate extension alert code fix
The specification states to return illegal_parameter when a message is
syntactically correct but semantically invalid. (RFC 8446 section 6,
Paragraph 5)
2025-12-15 10:00:56 -08:00
Sean Parkinson 44be44a509 TLS 1.3 missing extension: return correct alert code
Change TLS 1.3 handling to return missing_extension alert code when
 - KeyShare is present but SupportedGroups is missing and
 - SupportedGroups is present but KeyShare is missing

Added tests for this.
2025-12-15 09:07:13 +10:00
Chris Conlon fdec53c4c9 skip test_tls13_hrr_different_cs() test when WOLFSSL_TLS13_MIDDLEBOX_COMPAT is defined 2025-11-07 17:09:30 -07:00
Juliusz Sosinowicz c14b1a0504 Validate cipher suite after HelloRetryRequest
- Add validation to ensure the cipher suite in the ServerHello matches the one specified in the HelloRetryRequest.
- test_TLSX_CA_NAMES_bad_extension: use the same ciphersuite in HRR and SH
2025-10-29 13:14:50 +01:00
Daniel Pouzzner 9cf08afbbb fixes for --disable-tls. 2025-10-16 18:50:06 -05:00
Sean Parkinson c111c5bacc Regression testing
x509.c: realloc may fail and therefore need to store result in a
temporary so the old pointer is not lost.

tls.c: free the name if it is not pushed on to the stack of peer CA
names. Failure to push can be from memory allocation failure.

aes.c: Don't compile XTS decrypt functions without HAVE_AES_DECRYPT.

Fix tests to have better pre-processor protection.
2025-10-16 12:13:32 +10:00
Daniel Pouzzner b4ee8869c8 Merge pull request #9246 from julek-wolfssl/gh/9240
Abort connection if we are about to send the same CH
2025-09-30 20:35:32 -05:00
Juliusz Sosinowicz f798a585d9 Abort connection if we are about to send the same CH 2025-09-26 12:08:53 +02:00
Kareem ec92f76dec Fix tests when building with PEM support disabled by using DER certs/keys. 2025-09-12 16:11:07 -07:00
Sean Parkinson 115d4d88c0 api.c: pull out TLS 1.3 specific tests 2025-08-26 09:05:46 +10:00