mirror of
https://github.com/wolfSSL/wolfssl.git
synced 2026-07-05 18:10:50 +02:00
41fad5f307
Make every --enable-tinytls13 spelling build and pass locally, and grow the CI matrix to cover them. These are fixes found while testing the configs the CI workflow had not actually exercised. - internal.h, internal.c, ssl_load.c: include ML-DSA and Falcon in the pkCurveOID member and producer guards so the PSK plus ML-DSA build compiles. - tls13.c: gate the DoTls13CertificateVerify definition on NO_CERTS to match its call site. - settings.h: let the AES-256 adder survive the floor, default the user_settings path to the SHA-256 floor, make WOLFSSL_NO_MALLOC opt-in so the test suite still runs, and keep ML-DSA ASN.1 for the cert profile. - configure.ac: drive ENABLED_ASM and emit WOLFSSL_NO_ASM for the small C floor, restrict SP math to P-256, strip ML-DSA ASN.1 only on the PSK floor, and print a notice for the reduced security cert verify. - examples: guard the cert loading paths for NO_CERTS and treat NO_CERTS as PSK mode in echoserver and echoclient. - Add examples/configs/tinytls13_smoke.c, an in memory TLS 1.3 handshake test that drives PSK, ECDSA, ML-DSA-65 and RSA-PSS chain verify, plus forced cipher suites, for builds with no example or unit test harness. - certs: add ECDSA leaves signed by the ML-DSA-65 and RSA-PSS CAs so the cert profiles drive a real PQC and PSS chain verify in CI. - .github/workflows/tinytls13.yml: cover every profile and adder, run the smoke handshake on the build verified configs, and least privilege the workflow token.
62 lines
2.5 KiB
Plaintext
62 lines
2.5 KiB
Plaintext
# vim:ft=automake
|
|
# All paths should be given relative to the root
|
|
#
|
|
|
|
EXTRA_DIST += \
|
|
certs/rsapss/ecc-leaf-rsapss.pem \
|
|
certs/rsapss/ca-rsapss.der \
|
|
certs/rsapss/ca-rsapss.pem \
|
|
certs/rsapss/ca-rsapss-key.der \
|
|
certs/rsapss/ca-rsapss-key.pem \
|
|
certs/rsapss/ca-rsapss-priv.der \
|
|
certs/rsapss/ca-rsapss-priv.pem \
|
|
certs/rsapss/client-rsapss.der \
|
|
certs/rsapss/client-rsapss.pem \
|
|
certs/rsapss/client-rsapss-key.der \
|
|
certs/rsapss/client-rsapss-key.pem \
|
|
certs/rsapss/client-rsapss-priv.der \
|
|
certs/rsapss/client-rsapss-priv.pem \
|
|
certs/rsapss/root-rsapss.der \
|
|
certs/rsapss/root-rsapss.pem \
|
|
certs/rsapss/root-rsapss-key.der \
|
|
certs/rsapss/root-rsapss-key.pem \
|
|
certs/rsapss/root-rsapss-priv.der \
|
|
certs/rsapss/root-rsapss-priv.pem \
|
|
certs/rsapss/server-rsapss.der \
|
|
certs/rsapss/server-rsapss.pem \
|
|
certs/rsapss/server-rsapss-cert.pem \
|
|
certs/rsapss/server-rsapss-key.der \
|
|
certs/rsapss/server-rsapss-key.pem \
|
|
certs/rsapss/server-rsapss-priv.der \
|
|
certs/rsapss/server-rsapss-priv.pem \
|
|
certs/rsapss/ca-3072-rsapss.der \
|
|
certs/rsapss/ca-3072-rsapss.pem \
|
|
certs/rsapss/ca-3072-rsapss-key.der \
|
|
certs/rsapss/ca-3072-rsapss-key.pem \
|
|
certs/rsapss/ca-3072-rsapss-priv.der \
|
|
certs/rsapss/ca-3072-rsapss-priv.pem \
|
|
certs/rsapss/client-3072-rsapss.der \
|
|
certs/rsapss/client-3072-rsapss.pem \
|
|
certs/rsapss/client-3072-rsapss-key.der \
|
|
certs/rsapss/client-3072-rsapss-key.pem \
|
|
certs/rsapss/client-3072-rsapss-priv.der \
|
|
certs/rsapss/client-3072-rsapss-priv.pem \
|
|
certs/rsapss/root-3072-rsapss.der \
|
|
certs/rsapss/root-3072-rsapss.pem \
|
|
certs/rsapss/root-3072-rsapss-key.der \
|
|
certs/rsapss/root-3072-rsapss-key.pem \
|
|
certs/rsapss/root-3072-rsapss-priv.der \
|
|
certs/rsapss/root-3072-rsapss-priv.pem \
|
|
certs/rsapss/server-3072-rsapss.der \
|
|
certs/rsapss/server-3072-rsapss.pem \
|
|
certs/rsapss/server-3072-rsapss-cert.pem \
|
|
certs/rsapss/server-3072-rsapss-key.der \
|
|
certs/rsapss/server-3072-rsapss-key.pem \
|
|
certs/rsapss/server-3072-rsapss-priv.der \
|
|
certs/rsapss/server-3072-rsapss-priv.pem \
|
|
certs/rsapss/server-mix-rsapss-cert.pem
|
|
|
|
EXTRA_DIST += \
|
|
certs/rsapss/renew-rsapss-certs.sh \
|
|
certs/rsapss/gen-rsapss-keys.sh
|