Merge pull request #10539 from julek-wolfssl/misc/20260527

Guard test_wrong_cs_downgrade on SHA-384 cipher suite; enable SHA disables in minimal DTLS os-check build
This commit is contained in:
Daniel Pouzzner
2026-06-03 22:50:57 -05:00
committed by GitHub
2 changed files with 6 additions and 5 deletions
+4 -4
View File
@@ -117,14 +117,14 @@ jobs:
# variants of mod_exp_<words>_nb / RSA / DH wrappers.
'--enable-curve25519=nonblock --enable-ecc=nonblock --enable-rsa=nonblock --enable-dh=nonblock --enable-sp=yes,nonblock CPPFLAGS="-DWOLFSSL_PUBLIC_MP -DWOLFSSL_DEBUG_NONBLOCK -DRSA_LOW_MEM -DSP_WORD_SIZE=32"',
'--enable-certreq --enable-certext --enable-certgen --disable-secure-renegotiation-info CPPFLAGS="-DNO_TLS"',
# Minimal DTLS 1.3 client-only build. The SHA-224/384/512/3
# disables are deliberately omitted: --disable-sha384 alone
# trips a pre-existing wolfSSL bug in
# test_tls13_duplicate_extension (reproducible on clean master).
# Minimal DTLS 1.3 client-only build with the SHA-224/384/512/3
# hash families disabled. SHA-256 (used by TLS_AES_128_GCM_SHA256)
# and SHA-1 remain enabled.
'--enable-dtls13 --disable-tlsv12 --disable-oldtls --disable-rsa --disable-dh
--disable-aescbc --disable-aesecb --disable-md5 --disable-chacha
--disable-poly1305 --disable-errorstrings --disable-asn-print
--disable-eccshamir --disable-base64encode --disable-coding --disable-sni
--disable-sha224 --disable-sha384 --disable-sha512 --disable-sha3
--enable-aesgcm=small --enable-sp-math --enable-sp=smallec256 --disable-sp-asm
CPPFLAGS=''-DNO_WOLFSSL_SERVER -DWOLFSSL_NO_TLS12 -DNO_SESSION_CACHE
-DWOLFSSL_AES_NO_UNROLL -DUSE_SLOW_SHA256 -DWOLFSSL_NO_ASYNC_IO
+2 -1
View File
@@ -30120,7 +30120,8 @@ static int test_extra_alerts_wrong_cs(void)
#endif
#if defined(WOLFSSL_TLS13) && !defined(WOLFSSL_NO_TLS12) && \
defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) && defined(WOLFSSL_AES_256)
defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) && defined(WOLFSSL_AES_256) && \
defined(BUILD_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384)
#define TEST_CS_DOWNGRADE_CLIENT "ECDHE-RSA-AES256-GCM-SHA384"