Commit Graph

588 Commits

Author SHA1 Message Date
David Garske 58ca6a1fa7 Merge pull request #10302 from JacobBarthelmeh/ecc
additional sanity checks on invalid input
2026-05-07 14:39:21 -07:00
David Garske b306f2d846 Merge pull request #10422 from Frauschi/socat
Make socat tests less flaky
2026-05-07 14:36:24 -07:00
David Garske e78418db95 Merge pull request #10306 from sebastian-carpenter/tls-ech-client-oe
Add OuterExtensions encoding for TLS ECH client
2026-05-07 14:14:50 -07:00
sebastian-carpenter 9d938c12ea supported_versions added to non-encode list 2026-05-07 10:10:00 -06:00
Tobias Frauenschläger bca5610508 Make socat tests less flaky 2026-05-07 15:25:19 +02:00
Tobias Frauenschläger da427efd89 Add LMS, XMSS and ML-DSA to Wconversion 2026-05-07 11:16:06 +02:00
David Garske 27413e0a3f Merge pull request #10403 from Frauschi/hostap_interal_retry
hostap CI tests: incorporate internal retries
2026-05-06 11:59:49 -07:00
night1rider dc3ba1e299 stabilize CI for renamed forks and slashed branch names 2026-05-06 10:04:33 -06:00
Tobias Frauenschläger 57f4b231c4 hostap CI tests: incorporate internal retries 2026-05-06 10:36:19 +02:00
David Garske 5f1e0d0f0d Merge pull request #10314 from night1rider/zephyr-4.x-workflows
workflow tests for zephyr 4.3 and 4.1
2026-05-05 12:46:00 -07:00
JacobBarthelmeh 976e4b2d15 add test case for build with WC_ALLOW_ECC_ZERO_HASH 2026-05-05 13:39:10 -06:00
David Garske 3147a10f23 Merge pull request #10141 from sebastian-carpenter/tls-ech-downgrade
TLS ECH Compliance Fixes
2026-05-05 12:14:20 -07:00
David Garske ba5132831f Merge pull request #10389 from Frauschi/hostap
Increase hostap retry count
2026-05-05 12:08:16 -07:00
David Garske 3a1f51d2e6 Merge pull request #10388 from Frauschi/slh-dsa_Wconversion
SLH-DSA Wconversion fixes
2026-05-05 12:04:22 -07:00
David Garske 87536214bf Merge pull request #10375 from LinuxJedi/STSAFEA120Sim
Add STSAFE A120 CI support
2026-05-05 11:53:29 -07:00
David Garske 644f6171ab Merge pull request #10290 from LinuxJedi/emnet
Fix emNET support and add tests
2026-05-05 11:46:15 -07:00
David Garske 9b1167772d Merge pull request #10350 from LinuxJedi/ATECC608Sim
Add ATECC608 CI tests
2026-05-05 11:45:45 -07:00
David Garske d793452264 Merge pull request #10353 from julek-wolfssl/dtls-13-client-only
DTLS 1.3 client-only minimum: WOLFSSL_DTLS_ONLY + autoconf cascade
2026-05-05 11:24:44 -07:00
David Garske 401e9e23a6 Merge pull request #10298 from LinuxJedi/bot-block-update
Update blocking PR check
2026-05-05 10:55:19 -07:00
Daniele Lacamera 59a0ec4a94 Correctly detect expected failures 2026-05-05 15:10:56 +02:00
Daniele Lacamera d633a76de3 Properly copy wolfssl as wolfBoot lib/ submodule 2026-05-05 14:18:39 +02:00
Daniele Lacamera 8b9bb6b3c6 Migrate wolfboot integration tests to new wolfboot-ci container 2026-05-05 14:01:49 +02:00
Daniele Lacamera e8ccb5c8a2 Address more comments, pin renode to v 1.15.3 2026-05-05 13:03:42 +02:00
Daniele Lacamera cc85d5a656 Addressed copilot's comment 2026-05-05 13:03:42 +02:00
Daniele Lacamera c7684acb6c Renode docker: fixed permission 2026-05-05 13:03:42 +02:00
Daniele Lacamera 2c7bc0d1b3 Removed toLower 2026-05-05 13:03:42 +02:00
Daniele Lacamera b695dd37b4 Remove artifact upload, address copilot's, fix docker boundary 2026-05-05 13:03:42 +02:00
Daniele Lacamera b69ea6659b Add github workflow to check for wolfboot regressions 2026-05-05 13:03:41 +02:00
sebastian-carpenter 61ba5378fe TLS ECH compliance fixes 2026-05-04 15:46:18 -06:00
Tobias Frauenschläger 1411046a98 Retry hostap tests up to 2 times to reduce flakyness 2026-05-04 18:41:36 +02:00
night1rider 25c8a9aad5 workflow tests for zephyr 4.3 and 4.1 2026-05-04 09:39:04 -06:00
Tobias Frauenschläger bbcfa97144 SLH-DSA Wconversion fixes 2026-05-04 13:58:00 +02:00
Andrew Hutchings a4b754ab5d Add STSAFE A120 CI support
Adds our STSAFE A120 simulator to the CI, adds STSAFE to configure.ac
and fix missing required header.
2026-05-01 07:12:55 +01:00
Andrew Hutchings 9e7c2d19c7 Add ATECC608 CI tests
Also fix issues found with ATECC608
2026-04-30 18:01:42 +01:00
Andrew Hutchings 3720a9496c Restore IP_SOCK_getsockopt emNET error lookup
Merging TranslateReturnCode into wolfSSL_LastError dropped the
IP_SOCK_getsockopt(SO_ERROR) lookup emNET integrations need to retrieve
the canonical IP_ERR_* for a failed recv/send, leaving a broken branch
that returned the raw value and mishandled the POSIX-facade convention.

Restore the historic lookup (fixing the optlen pointer-vs-int typo
along the way) and add a CI test that builds wolfSSL with
-DWOLFSSL_EMNET against a clean-room shim providing an emNET-faithful
IP_SOCK_getsockopt (SO_ERROR-then-errno fallback, since Linux does not
stash EAGAIN in SO_ERROR); recv/send fall through to glibc.
2026-04-30 18:01:16 +01:00
Andrew Hutchings bf19d548bb Fix emNET support and add tests
The emNET `wolfSSL_LastError` branches were incorrect. The second one
was never hit and would never compile. The first one inverts error codes
that should not be inverted.

This fixes that code and adds a test with a shim layer to test emNET
calls without using emNET.
2026-04-30 18:01:16 +01:00
Juliusz Sosinowicz a012a8f3ec DTLS 1.3 client-only minimum: WOLFSSL_DTLS_ONLY + autoconf cascade
* configure.ac: --enable-dtls13 auto-enables --enable-dtls and TLS 1.3,
  with a targeted error if either is explicitly --disabled, plus a
  post-finalization sanity check that errors out if a later
  prerequisite test forces ENABLED_TLS13 back to "no" while
  ENABLED_DTLS13 is yes.
* src/internal.c, src/wolfio.c, wolfssl/wolfio.h: new WOLFSSL_DTLS_ONLY
  compile-time flag elides the EmbedReceive / EmbedSend default
  callbacks. The DTLS_MAJOR runtime check stays in SetSSL_CTX so a
  TLS-method ctx in a DTLS-only build doesn't get datagram callbacks
  by default, and WriteSEQ keeps its ssl->options.dtls branch. A
  #error in settings.h refuses WOLFSSL_DTLS_ONLY without WOLFSSL_DTLS.
* wolfcrypt/src/aes.c: add HAVE_AES_DECRYPT to the inv_col_mul
  definition gate to match its only caller; without it the function is
  emitted dead under WOLFSSL_AES_DIRECT && NO_AES_DECRYPT and
  -Werror=unused-function fails the build.
* .github/workflows/os-check.yml: matrix entry for a minimal DTLS 1.3
  client-only build.
2026-04-30 11:40:22 +00:00
Daniel Pouzzner 468ee9e1be Merge pull request #10348 from Frauschi/hostap_fix
Fix race condition in hostap CI tests
2026-04-29 09:05:21 -05:00
Daniel Pouzzner 9c618177c9 Merge pull request #10347 from Frauschi/pq-all_timeout
Increase pq-all test timeout
2026-04-29 09:04:37 -05:00
Tobias Frauenschläger 46b47cb8ec Fix race conditions in hostap CI tests 2026-04-29 14:31:15 +02:00
Tobias Frauenschläger 4f3f40e1fb Increase pq-all test timeout to 10 minutes
Increase the timeout for PQC CI tests from 6 to 10 minutes. The new
SLH-DSA tests take more time than the previous tests due to the slow
signing. With the old timeout, some tests sometimes hit the timeout
before finishing successfully.
2026-04-29 09:21:14 +02:00
Andrew Hutchings c75f8bebab Update blocking PR check
Matches patterns for Devin, Codex and Copilot.
2026-04-29 07:41:57 +01:00
Tobias Frauenschläger b59ff436f3 Remove the amount of macos based tests in os-check
Reduce the number of tests running on macos in os-check.yml to the
minimum required number to cover all mac os specific features. All other
platform-agnostic configs and setups are only tested on Linux, which is
much faster in GitHub CI.
2026-04-28 19:34:05 +02:00
David Garske 3181e2bcf8 Merge pull request #10309 from JacobBarthelmeh/openvpn
remove openvpn master from CI test
2026-04-27 08:49:30 -07:00
Daniel Pouzzner caffc458af .github/workflows/: add -Wnull-dereferences to a few -pedantic scenarios missed in the first pass. 2026-04-25 11:47:25 -05:00
Daniel Pouzzner df486d8cd5 src/ssl_load.c: fix -Wnull-dereference in wolfssl_ctx_set_tmp_dh() (detected by armel build);
.github/workflows/pq-all.yml: for the --enable-sp-math scenario, --disable-quic (QUIC unit tests fail on that combo);

wolfcrypt/test/test.c: add WC_MAYBE_UNUSED to ecdsa_test_deterministic_k_rs(), to fix armel sp-math build.
2026-04-25 11:47:25 -05:00
Daniel Pouzzner d14b8f8e79 .github/workflows/:
* add "-Wnull-dereference" to all existing "-pedantic -Wdeclaration-after-statement" configs;
* add an --enable-sp-math config to .github/workflows/pq-all.yml and .github/workflows/multi-arch.yml.
2026-04-25 11:47:24 -05:00
JacobBarthelmeh 186ab8b0c3 remove openvpn master from CI test 2026-04-24 16:55:51 -06:00
JacobBarthelmeh b9514e70be Merge pull request #10148 from julek-wolfssl/openvpn-master-bn2binpad
Add BN_bn2binpad API and enable OpenVPN master CI testing
2026-04-24 13:54:06 -06:00
Juliusz Sosinowicz 5dad65c04c Remove ap_wpa2_eap_sim_sql 2026-04-24 17:07:37 +02:00