13 Commits

Author SHA1 Message Date
Yosuke Shimizu b87edc2040 certs: re-sign orphaned rsapss/mldsa leaves and add chain guard 2026-07-02 10:34:06 +09:00
Daniel Pouzzner fd3b489ea5 Merge pull request #10787 from stenslae/update-wolfssl-email
Updated email to facts@wolfssl.com
2026-07-01 17:52:20 -05:00
aidan garske fef29abf0e certs: regenerate ecc-leaf-mldsa44 and ecc-leaf-rsapss from renew scripts 2026-06-29 13:46:14 -07:00
Emma Stensland 92e76d4667 updated email to facts@wolfssl.com 2026-06-26 14:44:16 -06:00
aidan garske 93d16f431c Address tinytls13 review: ML-DSA-44, canonical ML-DSA/ML-KEM macros, optimizer-measured static-mem bucket guidance, footprint hygiene 2026-06-24 15:43:01 -07:00
Aidan Garske 41fad5f307 Fix and expand tinytls13 footprint profile across CI configs
Make every --enable-tinytls13 spelling build and pass locally, and grow the
CI matrix to cover them. These are fixes found while testing the configs the
CI workflow had not actually exercised.

- internal.h, internal.c, ssl_load.c: include ML-DSA and Falcon in the
  pkCurveOID member and producer guards so the PSK plus ML-DSA build compiles.
- tls13.c: gate the DoTls13CertificateVerify definition on NO_CERTS to match
  its call site.
- settings.h: let the AES-256 adder survive the floor, default the
  user_settings path to the SHA-256 floor, make WOLFSSL_NO_MALLOC opt-in so
  the test suite still runs, and keep ML-DSA ASN.1 for the cert profile.
- configure.ac: drive ENABLED_ASM and emit WOLFSSL_NO_ASM for the small C
  floor, restrict SP math to P-256, strip ML-DSA ASN.1 only on the PSK floor,
  and print a notice for the reduced security cert verify.
- examples: guard the cert loading paths for NO_CERTS and treat NO_CERTS as
  PSK mode in echoserver and echoclient.
- Add examples/configs/tinytls13_smoke.c, an in memory TLS 1.3 handshake test
  that drives PSK, ECDSA, ML-DSA-65 and RSA-PSS chain verify, plus forced
  cipher suites, for builds with no example or unit test harness.
- certs: add ECDSA leaves signed by the ML-DSA-65 and RSA-PSS CAs so the cert
  profiles drive a real PQC and PSS chain verify in CI.
- .github/workflows/tinytls13.yml: cover every profile and adder, run the
  smoke handshake on the build verified configs, and least privilege the
  workflow token.
2026-06-22 12:08:58 -07:00
Tobias Frauenschläger 637c07798a Finalize ML-DSA renaming 2026-05-26 14:54:30 +02:00
David Garske 00abce3474 Merge pull request #10310 from cconlon/d2iMLDSA
Add ML-DSA SPKI/PKCS#8 DER support to d2i_PUBKEY and d2i_PrivateKey
2026-05-05 12:11:49 -07:00
Chris Conlon fe4473fbea Add ML-DSA SPKI/PKCS#8 DER support to d2i_PUBKEY and d2i_PrivateKey. 2026-05-04 09:24:02 -06:00
Takashi Kojo 1a6dee2bb3 Add ML-DSA to X509_get_pubkey and EVP_PKEY_base_id 2026-05-02 08:13:08 +09:00
Koji Takeda 09deacbe8f Revert "Merge pull request #9045 from douzzer/20250730-revert-PR9000"
This reverts commit 70af2be5ab, reversing
changes made to 46347173b2.
2025-07-31 14:14:51 +09:00
Daniel Pouzzner f6437d3072 Revert "Add test data"
This reverts commit 778dcbaafb.
2025-07-30 15:39:55 -05:00
Koji Takeda 778dcbaafb Add test data 2025-07-28 21:46:28 +09:00